17c478bdstevel@tonic-gate/*
2c54c769willf * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
37c478bdstevel@tonic-gate * Use is subject to license terms.
47c478bdstevel@tonic-gate */
57c478bdstevel@tonic-gate
67c478bdstevel@tonic-gate#pragma ident	"%Z%%M%	%I%	%E% SMI"
77c478bdstevel@tonic-gate
87c478bdstevel@tonic-gate#include <des_int.h>
97c478bdstevel@tonic-gate#include <sys/crypto/api.h>
107c478bdstevel@tonic-gate
117c478bdstevel@tonic-gate#include <sys/callb.h>
127c478bdstevel@tonic-gate#include <sys/uio.h>
137c478bdstevel@tonic-gate#include <sys/cmn_err.h>
147c478bdstevel@tonic-gate
157c478bdstevel@tonic-gateint
167c478bdstevel@tonic-gatek5_ef_crypto(const char *in, char *out,
177c478bdstevel@tonic-gate	long length, krb5_keyblock *key,
18c54c769willf	const krb5_data *ivec, int encrypt_flag)
197c478bdstevel@tonic-gate{
207c478bdstevel@tonic-gate	int rv = CRYPTO_FAILED;
217c478bdstevel@tonic-gate
227c478bdstevel@tonic-gate	crypto_mechanism_t mech;
237c478bdstevel@tonic-gate	crypto_data_t d1, d2;
247c478bdstevel@tonic-gate
257c478bdstevel@tonic-gate	ASSERT(in != NULL);
267c478bdstevel@tonic-gate	ASSERT(out != NULL);
277c478bdstevel@tonic-gate	ASSERT(key != NULL);
287c478bdstevel@tonic-gate	ASSERT(key->contents != NULL);
297c478bdstevel@tonic-gate
307c478bdstevel@tonic-gate	bzero(&d1, sizeof (d1));
317c478bdstevel@tonic-gate	bzero(&d2, sizeof (d2));
327c478bdstevel@tonic-gate
337c478bdstevel@tonic-gate	d1.cd_format = CRYPTO_DATA_RAW;
347c478bdstevel@tonic-gate	d1.cd_offset = 0;
357c478bdstevel@tonic-gate	d1.cd_length = length;
367c478bdstevel@tonic-gate	d1.cd_raw.iov_base = (char *)in;
377c478bdstevel@tonic-gate	d1.cd_raw.iov_len = length;
387c478bdstevel@tonic-gate
397c478bdstevel@tonic-gate	d2.cd_format = CRYPTO_DATA_RAW;
407c478bdstevel@tonic-gate	d2.cd_offset = 0;
417c478bdstevel@tonic-gate	d2.cd_length = length;
427c478bdstevel@tonic-gate	d2.cd_raw.iov_base = (char *)out;
437c478bdstevel@tonic-gate	d2.cd_raw.iov_len = length;
447c478bdstevel@tonic-gate
457c478bdstevel@tonic-gate	mech.cm_type = key->kef_mt;
467c478bdstevel@tonic-gate	if (mech.cm_type == CRYPTO_MECH_INVALID) {
477c478bdstevel@tonic-gate		KRB5_LOG(KRB5_ERR,
487c478bdstevel@tonic-gate		    "k5_ef_crypto - invalid crypto mech type: 0x%llx",
497c478bdstevel@tonic-gate		    (long long)key->kef_mt);
507c478bdstevel@tonic-gate		return (CRYPTO_FAILED);
517c478bdstevel@tonic-gate	}
527c478bdstevel@tonic-gate
537c478bdstevel@tonic-gate	if (ivec != NULL) {
547c478bdstevel@tonic-gate		mech.cm_param_len = ivec->length;
557c478bdstevel@tonic-gate		mech.cm_param = (char *)ivec->data;
567c478bdstevel@tonic-gate	} else {
577c478bdstevel@tonic-gate		mech.cm_param_len = 0;
587c478bdstevel@tonic-gate		mech.cm_param = NULL;
597c478bdstevel@tonic-gate	}
607c478bdstevel@tonic-gate
617c478bdstevel@tonic-gate	if (encrypt_flag)
627c478bdstevel@tonic-gate		rv = crypto_encrypt(&mech, &d1,
637c478bdstevel@tonic-gate				    &key->kef_key,
647c478bdstevel@tonic-gate				    key->key_tmpl,
657c478bdstevel@tonic-gate				    (in != out ? &d2 : NULL),
667c478bdstevel@tonic-gate				    NULL);
677c478bdstevel@tonic-gate	else
687c478bdstevel@tonic-gate		rv = crypto_decrypt(&mech, &d1,
697c478bdstevel@tonic-gate				    &key->kef_key,
707c478bdstevel@tonic-gate				    key->key_tmpl,
717c478bdstevel@tonic-gate				    (in != out ? &d2 : NULL),
727c478bdstevel@tonic-gate				    NULL);
737c478bdstevel@tonic-gate
747c478bdstevel@tonic-gate	if (rv != CRYPTO_SUCCESS) {
757c478bdstevel@tonic-gate		KRB5_LOG1(KRB5_ERR,
767c478bdstevel@tonic-gate			"k5_ef_crypto: %s error: rv = 0x%08x",
777c478bdstevel@tonic-gate			(encrypt_flag ? "encrypt" : "decrypt"),
787c478bdstevel@tonic-gate			rv);
797c478bdstevel@tonic-gate		return (CRYPTO_FAILED);
807c478bdstevel@tonic-gate	}
817c478bdstevel@tonic-gate
827c478bdstevel@tonic-gate	return (0);
837c478bdstevel@tonic-gate}
84