Lines Matching +full:sha +full:- +full:256
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* rfc8009 AES Encryption with HMAC-SHA2 for Kerberos 5
17 * Calculate the key derivation function KDF-HMAC-SHA2(key, label, [context,] k)
19 * KDF-HMAC-SHA2(key, label, [context,] k) = k-truncate(K1)
22 * K1 = HMAC-SHA-256(key, 0x00000001 | label | 0x00 | k)
23 * K1 = HMAC-SHA-384(key, 0x00000001 | label | 0x00 | k)
24 * K1 = HMAC-SHA-256(key, 0x00000001 | label | 0x00 | context | k)
25 * K1 = HMAC-SHA-384(key, 0x00000001 | label | 0x00 | context | k)
43 int ret = -ENOMEM; in rfc8009_calc_KDF_HMAC_SHA2()
45 if (WARN_ON(result->len != k / 8)) in rfc8009_calc_KDF_HMAC_SHA2()
46 return -EINVAL; in rfc8009_calc_KDF_HMAC_SHA2()
48 shash = crypto_alloc_shash(krb5->cksum_name, 0, 0); in rfc8009_calc_KDF_HMAC_SHA2()
50 return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash); in rfc8009_calc_KDF_HMAC_SHA2()
51 ret = crypto_shash_setkey(shash, key->data, key->len); in rfc8009_calc_KDF_HMAC_SHA2()
55 ret = -EINVAL; in rfc8009_calc_KDF_HMAC_SHA2()
59 ret = -ENOMEM; in rfc8009_calc_KDF_HMAC_SHA2()
60 data.len = 4 + label->len + 1 + context->len + 4; in rfc8009_calc_KDF_HMAC_SHA2()
69 desc->tfm = shash; in rfc8009_calc_KDF_HMAC_SHA2()
79 memcpy(p, label->data, label->len); in rfc8009_calc_KDF_HMAC_SHA2()
80 p += label->len; in rfc8009_calc_KDF_HMAC_SHA2()
82 memcpy(p, context->data, context->len); in rfc8009_calc_KDF_HMAC_SHA2()
83 p += context->len; in rfc8009_calc_KDF_HMAC_SHA2()
88 ret = -EINVAL; in rfc8009_calc_KDF_HMAC_SHA2()
89 if (WARN_ON(p - (u8 *)data.data != data.len)) in rfc8009_calc_KDF_HMAC_SHA2()
100 memcpy(result->data, K1.data, result->len); in rfc8009_calc_KDF_HMAC_SHA2()
110 * Calculate the pseudo-random function, PRF().
112 * PRF = KDF-HMAC-SHA2(input-key, "prf", octet-string, 256)
113 * PRF = KDF-HMAC-SHA2(input-key, "prf", octet-string, 384)
115 * The "prfconstant" used in the PRF operation is the three-octet string
128 octet_string, krb5->prf_len * 8, in rfc8009_calc_PRF()
134 * Ke = KDF-HMAC-SHA2(base-key, usage | 0xAA, 128)
135 * Ke = KDF-HMAC-SHA2(base-key, usage | 0xAA, 256)
145 &rfc8009_no_context, krb5->key_bytes * 8, in rfc8009_calc_Ke()
151 * Kc = KDF-HMAC-SHA2(base-key, usage | 0x99, 128)
152 * Ki = KDF-HMAC-SHA2(base-key, usage | 0x55, 128)
153 * Kc = KDF-HMAC-SHA2(base-key, usage | 0x99, 192)
154 * Ki = KDF-HMAC-SHA2(base-key, usage | 0x55, 192)
164 &rfc8009_no_context, krb5->cksum_len * 8, in rfc8009_calc_Ki()
185 if (WARN_ON(data_offset != krb5->conf_len)) in rfc8009_encrypt()
186 return -EINVAL; /* Data is in wrong place */ in rfc8009_encrypt()
189 base_len = krb5->conf_len + data_len; in rfc8009_encrypt()
193 if (WARN_ON(cksum_offset + krb5->cksum_len > sg_len)) in rfc8009_encrypt()
194 return -EFAULT; in rfc8009_encrypt()
200 return -ENOMEM; in rfc8009_encrypt()
207 ret = -EFAULT; in rfc8009_encrypt()
209 get_random_bytes(buffer, krb5->conf_len); in rfc8009_encrypt()
210 done = sg_pcopy_from_buffer(sg, nr_sg, buffer, krb5->conf_len, in rfc8009_encrypt()
212 if (done != krb5->conf_len) in rfc8009_encrypt()
237 ret = secure_len + krb5->cksum_len; in rfc8009_encrypt()
264 return -EINVAL; /* Can't set offset on aead */ in rfc8009_decrypt()
266 if (*_len < krb5->conf_len + krb5->cksum_len) in rfc8009_decrypt()
267 return -EPROTO; in rfc8009_decrypt()
273 return -ENOMEM; in rfc8009_decrypt()
294 *_offset += krb5->conf_len; in rfc8009_decrypt()
295 *_len -= krb5->conf_len + krb5->cksum_len; in rfc8009_decrypt()
321 .name = "aes128-cts-hmac-sha256-128",
344 .name = "aes256-cts-hmac-sha384-192",