17c478bd9Sstevel@tonic-gate /*
2159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate
77c478bd9Sstevel@tonic-gate /*
87c478bd9Sstevel@tonic-gate * Copyright (C) 1998 by the FundsXpress, INC.
9*55fea89dSDan Cross *
107c478bd9Sstevel@tonic-gate * All rights reserved.
11*55fea89dSDan Cross *
127c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may require
137c478bd9Sstevel@tonic-gate * a specific license from the United States Government. It is the
147c478bd9Sstevel@tonic-gate * responsibility of any person or organization contemplating export to
157c478bd9Sstevel@tonic-gate * obtain such a license before exporting.
16*55fea89dSDan Cross *
177c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
187c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
197c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
207c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
217c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
227c478bd9Sstevel@tonic-gate * the name of FundsXpress. not be used in advertising or publicity pertaining
237c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior
247c478bd9Sstevel@tonic-gate * permission. FundsXpress makes no representations about the suitability of
257c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
267c478bd9Sstevel@tonic-gate * or implied warranty.
27*55fea89dSDan Cross *
287c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
297c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
307c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
317c478bd9Sstevel@tonic-gate */
327c478bd9Sstevel@tonic-gate
33159d09a2SMark Phalan #include "k5-int.h"
34159d09a2SMark Phalan #include "old.h"
357c478bd9Sstevel@tonic-gate
367c478bd9Sstevel@tonic-gate void
krb5_old_encrypt_length(const struct krb5_enc_provider * enc,const struct krb5_hash_provider * hash,size_t inputlen,size_t * length)37505d05c7Sgtb krb5_old_encrypt_length(const struct krb5_enc_provider *enc,
38505d05c7Sgtb const struct krb5_hash_provider *hash,
39505d05c7Sgtb size_t inputlen,
40505d05c7Sgtb size_t *length)
417c478bd9Sstevel@tonic-gate {
427c478bd9Sstevel@tonic-gate size_t blocksize, hashsize;
437c478bd9Sstevel@tonic-gate
44505d05c7Sgtb blocksize = enc->block_size;
45505d05c7Sgtb hashsize = hash->hashsize;
467c478bd9Sstevel@tonic-gate
477c478bd9Sstevel@tonic-gate *length = krb5_roundup(blocksize+hashsize+inputlen, blocksize);
487c478bd9Sstevel@tonic-gate }
497c478bd9Sstevel@tonic-gate
507c478bd9Sstevel@tonic-gate /*ARGSUSED*/
517c478bd9Sstevel@tonic-gate krb5_error_code
krb5_old_encrypt(krb5_context context,const struct krb5_enc_provider * enc,const struct krb5_hash_provider * hash,const krb5_keyblock * key,krb5_keyusage usage,const krb5_data * ivec,const krb5_data * input,krb5_data * output)52505d05c7Sgtb krb5_old_encrypt(krb5_context context,
53159d09a2SMark Phalan const struct krb5_enc_provider *enc,
54159d09a2SMark Phalan const struct krb5_hash_provider *hash,
55159d09a2SMark Phalan const krb5_keyblock *key,
56159d09a2SMark Phalan krb5_keyusage usage,
57159d09a2SMark Phalan const krb5_data *ivec,
58159d09a2SMark Phalan const krb5_data *input,
59159d09a2SMark Phalan krb5_data *output)
607c478bd9Sstevel@tonic-gate {
617c478bd9Sstevel@tonic-gate krb5_error_code ret;
627c478bd9Sstevel@tonic-gate size_t blocksize, hashsize, enclen;
637c478bd9Sstevel@tonic-gate krb5_data datain, crcivec;
647c478bd9Sstevel@tonic-gate int real_ivec;
657c478bd9Sstevel@tonic-gate
66505d05c7Sgtb blocksize = enc->block_size;
67505d05c7Sgtb hashsize = hash->hashsize;
687c478bd9Sstevel@tonic-gate
697c478bd9Sstevel@tonic-gate krb5_old_encrypt_length(enc, hash, input->length, &enclen);
707c478bd9Sstevel@tonic-gate
717c478bd9Sstevel@tonic-gate if (output->length < enclen)
727c478bd9Sstevel@tonic-gate return(KRB5_BAD_MSIZE);
737c478bd9Sstevel@tonic-gate
747c478bd9Sstevel@tonic-gate output->length = enclen;
757c478bd9Sstevel@tonic-gate
767c478bd9Sstevel@tonic-gate /* fill in confounded, padded, plaintext buffer with zero checksum */
777c478bd9Sstevel@tonic-gate
787c478bd9Sstevel@tonic-gate (void) memset(output->data, 0, output->length);
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate datain.length = blocksize;
817c478bd9Sstevel@tonic-gate datain.data = (char *) output->data;
827c478bd9Sstevel@tonic-gate
837c478bd9Sstevel@tonic-gate if ((ret = krb5_c_random_make_octets(context, &datain)))
847c478bd9Sstevel@tonic-gate return(ret);
857c478bd9Sstevel@tonic-gate (void) memcpy(output->data+blocksize+hashsize, input->data, input->length);
867c478bd9Sstevel@tonic-gate
877c478bd9Sstevel@tonic-gate /* compute the checksum */
887c478bd9Sstevel@tonic-gate
897c478bd9Sstevel@tonic-gate datain.length = hashsize;
907c478bd9Sstevel@tonic-gate datain.data = output->data+blocksize;
917c478bd9Sstevel@tonic-gate
927c478bd9Sstevel@tonic-gate if ((ret = ((*(hash->hash))(context, 1, output, &datain))))
937c478bd9Sstevel@tonic-gate goto cleanup;
94159d09a2SMark Phalan
957c478bd9Sstevel@tonic-gate /* encrypt it */
967c478bd9Sstevel@tonic-gate
977c478bd9Sstevel@tonic-gate /* XXX this is gross, but I don't have much choice */
987c478bd9Sstevel@tonic-gate if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
997c478bd9Sstevel@tonic-gate crcivec.length = key->length;
1007c478bd9Sstevel@tonic-gate crcivec.data = (char *) key->contents;
1017c478bd9Sstevel@tonic-gate ivec = &crcivec;
1027c478bd9Sstevel@tonic-gate real_ivec = 0;
1037c478bd9Sstevel@tonic-gate } else
1047c478bd9Sstevel@tonic-gate real_ivec = 1;
1057c478bd9Sstevel@tonic-gate
106159d09a2SMark Phalan if ((ret = ((*(enc->encrypt))(context, key, ivec, output, output))))
1077c478bd9Sstevel@tonic-gate goto cleanup;
1087c478bd9Sstevel@tonic-gate
1097c478bd9Sstevel@tonic-gate /* update ivec */
1107c478bd9Sstevel@tonic-gate if (real_ivec && ivec != NULL && ivec->length == blocksize)
1117c478bd9Sstevel@tonic-gate (void) memcpy(ivec->data, output->data + output->length - blocksize,
1127c478bd9Sstevel@tonic-gate blocksize);
1137c478bd9Sstevel@tonic-gate cleanup:
1147c478bd9Sstevel@tonic-gate if (ret)
1157c478bd9Sstevel@tonic-gate (void) memset(output->data, 0, output->length);
1167c478bd9Sstevel@tonic-gate
1177c478bd9Sstevel@tonic-gate return(ret);
1187c478bd9Sstevel@tonic-gate }
119