Lines Matching +full:byte +full:- +full:len
73 * krb5_nfold - n-fold function
79 * This is the n-fold function as described in rfc3961, sec 5.1
86 int byte, i, msbit; in krb5_nfold() local
100 byte = 0; in krb5_nfold()
104 for (i = ulcm-1; i >= 0; i--) { in krb5_nfold()
105 /* compute the msbit in k which gets added into this byte */ in krb5_nfold()
108 * unrotated byte */ in krb5_nfold()
109 ((inbits << 3) - 1) in krb5_nfold()
110 /* then, for each byte, shift to the right in krb5_nfold()
113 /* last, pick out the correct byte within in krb5_nfold()
115 + ((inbits - (i % inbits)) << 3) in krb5_nfold()
118 /* pull out the byte value itself */ in krb5_nfold()
119 byte += (((in[((inbits - 1) - (msbit >> 3)) % inbits] << 8)| in krb5_nfold()
120 (in[((inbits) - (msbit >> 3)) % inbits])) in krb5_nfold()
124 byte += out[i % outbits]; in krb5_nfold()
125 out[i % outbits] = byte & 0xff; in krb5_nfold()
128 byte >>= 8; in krb5_nfold()
133 if (byte) { in krb5_nfold()
134 for (i = outbits - 1; i >= 0; i--) { in krb5_nfold()
136 byte += out[i]; in krb5_nfold()
137 out[i] = byte & 0xff; in krb5_nfold()
140 byte >>= 8; in krb5_nfold()
158 int ret = -EINVAL; in krb5_DK()
160 keybytes = gk5e->keybytes; in krb5_DK()
161 keylength = gk5e->keylength; in krb5_DK()
163 if (inkey->len != keylength) in krb5_DK()
166 cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); in krb5_DK()
170 if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len)) in krb5_DK()
173 ret = -ENOMEM; in krb5_DK()
183 inblock.len = blocksize; in krb5_DK()
186 outblock.len = blocksize; in krb5_DK()
190 if (in_constant->len == inblock.len) { in krb5_DK()
191 memcpy(inblock.data, in_constant->data, inblock.len); in krb5_DK()
193 krb5_nfold(in_constant->len * 8, in_constant->data, in krb5_DK()
194 inblock.len * 8, inblock.data); in krb5_DK()
202 inblock.len); in krb5_DK()
204 if ((keybytes - n) <= outblock.len) { in krb5_DK()
205 memcpy(rawkey + n, outblock.data, (keybytes - n)); in krb5_DK()
209 memcpy(rawkey + n, outblock.data, outblock.len); in krb5_DK()
210 memcpy(inblock.data, outblock.data, outblock.len); in krb5_DK()
211 n += outblock.len; in krb5_DK()
232 int ret = -EINVAL; in krb5_random_to_key_v2()
234 if (key->len != 16 && key->len != 32) { in krb5_random_to_key_v2()
235 dprintk("%s: key->len is %d\n", __func__, key->len); in krb5_random_to_key_v2()
238 if (randombits->len != 16 && randombits->len != 32) { in krb5_random_to_key_v2()
239 dprintk("%s: randombits->len is %d\n", in krb5_random_to_key_v2()
240 __func__, randombits->len); in krb5_random_to_key_v2()
243 if (randombits->len != key->len) { in krb5_random_to_key_v2()
244 dprintk("%s: randombits->len is %d, key->len is %d\n", in krb5_random_to_key_v2()
245 __func__, randombits->len, key->len); in krb5_random_to_key_v2()
248 memcpy(key->data, randombits->data, key->len); in krb5_random_to_key_v2()
255 * krb5_derive_key_v2 - Derive a subkey for an RFC 3962 enctype
262 * Caller sets @outkey->len to the desired length of the derived key.
276 inblock.len = gk5e->keybytes; in krb5_derive_key_v2()
277 inblock.data = kmalloc(inblock.len, gfp_mask); in krb5_derive_key_v2()
279 return -ENOMEM; in krb5_derive_key_v2()
290 * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k)
293 * in big-endian order.
298 * k: The length of the output key in bits, represented as a 4-byte
299 * string in big-endian order.
301 * Caller fills in K(i-1) in @step, and receives the result K(i)
314 desc->tfm = tfm; in krb5_cmac_Ki()
319 ret = crypto_shash_update(desc, step->data, step->len); in krb5_cmac_Ki()
325 ret = crypto_shash_update(desc, constant->data, constant->len); in krb5_cmac_Ki()
334 ret = crypto_shash_final(desc, step->data); in krb5_cmac_Ki()
344 * krb5_kdf_feedback_cmac - Derive a subkey for a Camellia/CMAC-based enctype
354 * [SP800-108], Section 5.2, 'KDF in Feedback Mode'."
358 * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k)
359 * DR(key, constant) = k-truncate(K(1) | K(2) | ... | K(n))
360 * KDF-FEEDBACK-CMAC(key, constant) = random-to-key(DR(key, constant))
362 * Caller sets @outkey->len to the desired length of the derived key (k).
386 tfm = crypto_alloc_shash(gk5e->cksum_name, 0, 0); in krb5_kdf_feedback_cmac()
391 ret = crypto_shash_setkey(tfm, inkey->data, inkey->len); in krb5_kdf_feedback_cmac()
396 n = (outkey->len + blocksize - 1) / blocksize; in krb5_kdf_feedback_cmac()
399 ret = -ENOMEM; in krb5_kdf_feedback_cmac()
400 step.len = blocksize; in krb5_kdf_feedback_cmac()
401 step.data = kzalloc(step.len, gfp_mask); in krb5_kdf_feedback_cmac()
405 DR.len = blocksize * n; in krb5_kdf_feedback_cmac()
406 DR.data = kmalloc(DR.len, gfp_mask); in krb5_kdf_feedback_cmac()
410 /* XXX: Does not handle partial-block key sizes */ in krb5_kdf_feedback_cmac()
412 ret = krb5_cmac_Ki(tfm, constant, outkey->len, count, &step); in krb5_kdf_feedback_cmac()
420 /* k-truncate and random-to-key */ in krb5_kdf_feedback_cmac()
421 memcpy(outkey->data, DR.data, outkey->len); in krb5_kdf_feedback_cmac()
433 * K1 = HMAC-SHA(key, 0x00000001 | label | 0x00 | k)
441 * big-endian binary representation in 4 bytes.
453 desc->tfm = tfm; in krb5_hmac_K1()
460 ret = crypto_shash_update(desc, label->data, label->len); in krb5_hmac_K1()
469 ret = crypto_shash_final(desc, K1->data); in krb5_hmac_K1()
479 * krb5_kdf_hmac_sha2 - Derive a subkey for an AES/SHA2-based enctype
488 * "We use a key derivation function from Section 5.1 of [SP800-108],
491 * function KDF-HMAC-SHA2(key, label, [context,] k):
492 * k-truncate(K1)
494 * Caller sets @outkey->len to the desired length of the derived key.
518 tfm = crypto_alloc_shash(gk5e->cksum_name, 0, 0); in krb5_kdf_hmac_sha2()
523 ret = crypto_shash_setkey(tfm, inkey->data, inkey->len); in krb5_kdf_hmac_sha2()
527 K1.len = crypto_shash_digestsize(tfm); in krb5_kdf_hmac_sha2()
528 K1.data = kmalloc(K1.len, gfp_mask); in krb5_kdf_hmac_sha2()
530 ret = -ENOMEM; in krb5_kdf_hmac_sha2()
534 ret = krb5_hmac_K1(tfm, label, outkey->len, &K1); in krb5_kdf_hmac_sha2()
538 /* k-truncate and random-to-key */ in krb5_kdf_hmac_sha2()
539 memcpy(outkey->data, K1.data, outkey->len); in krb5_kdf_hmac_sha2()