17c478bd9Sstevel@tonic-gate /*
2*c54c769dSwillf * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
37c478bd9Sstevel@tonic-gate * Use is subject to license terms.
47c478bd9Sstevel@tonic-gate */
57c478bd9Sstevel@tonic-gate
67c478bd9Sstevel@tonic-gate #include <des_int.h>
77c478bd9Sstevel@tonic-gate #include <sys/crypto/api.h>
87c478bd9Sstevel@tonic-gate
97c478bd9Sstevel@tonic-gate #include <sys/callb.h>
107c478bd9Sstevel@tonic-gate #include <sys/uio.h>
117c478bd9Sstevel@tonic-gate #include <sys/cmn_err.h>
127c478bd9Sstevel@tonic-gate
137c478bd9Sstevel@tonic-gate int
k5_ef_crypto(const char * in,char * out,long length,krb5_keyblock * key,const krb5_data * ivec,int encrypt_flag)147c478bd9Sstevel@tonic-gate k5_ef_crypto(const char *in, char *out,
157c478bd9Sstevel@tonic-gate long length, krb5_keyblock *key,
16*c54c769dSwillf const krb5_data *ivec, int encrypt_flag)
177c478bd9Sstevel@tonic-gate {
187c478bd9Sstevel@tonic-gate int rv = CRYPTO_FAILED;
197c478bd9Sstevel@tonic-gate
207c478bd9Sstevel@tonic-gate crypto_mechanism_t mech;
217c478bd9Sstevel@tonic-gate crypto_data_t d1, d2;
227c478bd9Sstevel@tonic-gate
237c478bd9Sstevel@tonic-gate ASSERT(in != NULL);
247c478bd9Sstevel@tonic-gate ASSERT(out != NULL);
257c478bd9Sstevel@tonic-gate ASSERT(key != NULL);
267c478bd9Sstevel@tonic-gate ASSERT(key->contents != NULL);
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate bzero(&d1, sizeof (d1));
297c478bd9Sstevel@tonic-gate bzero(&d2, sizeof (d2));
307c478bd9Sstevel@tonic-gate
317c478bd9Sstevel@tonic-gate d1.cd_format = CRYPTO_DATA_RAW;
327c478bd9Sstevel@tonic-gate d1.cd_offset = 0;
337c478bd9Sstevel@tonic-gate d1.cd_length = length;
347c478bd9Sstevel@tonic-gate d1.cd_raw.iov_base = (char *)in;
357c478bd9Sstevel@tonic-gate d1.cd_raw.iov_len = length;
367c478bd9Sstevel@tonic-gate
377c478bd9Sstevel@tonic-gate d2.cd_format = CRYPTO_DATA_RAW;
387c478bd9Sstevel@tonic-gate d2.cd_offset = 0;
397c478bd9Sstevel@tonic-gate d2.cd_length = length;
407c478bd9Sstevel@tonic-gate d2.cd_raw.iov_base = (char *)out;
417c478bd9Sstevel@tonic-gate d2.cd_raw.iov_len = length;
427c478bd9Sstevel@tonic-gate
437c478bd9Sstevel@tonic-gate mech.cm_type = key->kef_mt;
447c478bd9Sstevel@tonic-gate if (mech.cm_type == CRYPTO_MECH_INVALID) {
457c478bd9Sstevel@tonic-gate KRB5_LOG(KRB5_ERR,
467c478bd9Sstevel@tonic-gate "k5_ef_crypto - invalid crypto mech type: 0x%llx",
477c478bd9Sstevel@tonic-gate (long long)key->kef_mt);
487c478bd9Sstevel@tonic-gate return (CRYPTO_FAILED);
497c478bd9Sstevel@tonic-gate }
507c478bd9Sstevel@tonic-gate
517c478bd9Sstevel@tonic-gate if (ivec != NULL) {
527c478bd9Sstevel@tonic-gate mech.cm_param_len = ivec->length;
537c478bd9Sstevel@tonic-gate mech.cm_param = (char *)ivec->data;
547c478bd9Sstevel@tonic-gate } else {
557c478bd9Sstevel@tonic-gate mech.cm_param_len = 0;
567c478bd9Sstevel@tonic-gate mech.cm_param = NULL;
577c478bd9Sstevel@tonic-gate }
587c478bd9Sstevel@tonic-gate
597c478bd9Sstevel@tonic-gate if (encrypt_flag)
607c478bd9Sstevel@tonic-gate rv = crypto_encrypt(&mech, &d1,
617c478bd9Sstevel@tonic-gate &key->kef_key,
627c478bd9Sstevel@tonic-gate key->key_tmpl,
637c478bd9Sstevel@tonic-gate (in != out ? &d2 : NULL),
647c478bd9Sstevel@tonic-gate NULL);
657c478bd9Sstevel@tonic-gate else
667c478bd9Sstevel@tonic-gate rv = crypto_decrypt(&mech, &d1,
677c478bd9Sstevel@tonic-gate &key->kef_key,
687c478bd9Sstevel@tonic-gate key->key_tmpl,
697c478bd9Sstevel@tonic-gate (in != out ? &d2 : NULL),
707c478bd9Sstevel@tonic-gate NULL);
717c478bd9Sstevel@tonic-gate
727c478bd9Sstevel@tonic-gate if (rv != CRYPTO_SUCCESS) {
737c478bd9Sstevel@tonic-gate KRB5_LOG1(KRB5_ERR,
747c478bd9Sstevel@tonic-gate "k5_ef_crypto: %s error: rv = 0x%08x",
757c478bd9Sstevel@tonic-gate (encrypt_flag ? "encrypt" : "decrypt"),
767c478bd9Sstevel@tonic-gate rv);
777c478bd9Sstevel@tonic-gate return (CRYPTO_FAILED);
787c478bd9Sstevel@tonic-gate }
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate return (0);
817c478bd9Sstevel@tonic-gate }
82