1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 7 /* 8 * Copyright (C) 1998 by the FundsXpress, INC. 9 * 10 * All rights reserved. 11 * 12 * Export of this software from the United States of America may require 13 * a specific license from the United States Government. It is the 14 * responsibility of any person or organization contemplating export to 15 * obtain such a license before exporting. 16 * 17 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 18 * distribute this software and its documentation for any purpose and 19 * without fee is hereby granted, provided that the above copyright 20 * notice appear in all copies and that both that copyright notice and 21 * this permission notice appear in supporting documentation, and that 22 * the name of FundsXpress. not be used in advertising or publicity pertaining 23 * to distribution of the software without specific, written prior 24 * permission. FundsXpress makes no representations about the suitability of 25 * this software for any purpose. It is provided "as is" without express 26 * or implied warranty. 27 * 28 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 30 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 31 */ 32 33 #include "k5-int.h" 34 #include "des_int.h" 35 36 static krb5_error_code 37 k5_des3_docrypt(krb5_context context, 38 krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 39 krb5_const krb5_data *input, krb5_data *output, int encrypt) 40 { 41 /* LINTED */ 42 krb5_error_code ret; 43 44 KRB5_LOG0(KRB5_INFO, "k5_des3_docrypt() start"); 45 46 /* key->enctype was checked by the caller */ 47 48 if (key->length != 24) 49 return(KRB5_BAD_KEYSIZE); 50 if ((input->length%8) != 0) 51 return(KRB5_BAD_MSIZE); 52 if (ivec && (ivec->length != 8)) 53 return(KRB5_BAD_MSIZE); 54 if (input->length != output->length) 55 return(KRB5_BAD_MSIZE); 56 57 ret = mit_des3_cbc_encrypt(context, (krb5_pointer) input->data, 58 (krb5_pointer) output->data, input->length, 59 (krb5_keyblock *)key, 60 ivec?(unsigned char *)ivec->data:(unsigned char *)mit_des_zeroblock, 61 encrypt); 62 63 KRB5_LOG0(KRB5_INFO, "k5_des3_docrypt() end\n"); 64 return(ret); 65 } 66 67 static krb5_error_code 68 k5_des3_encrypt(krb5_context context, 69 krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 70 krb5_const krb5_data *input, krb5_data *output) 71 { 72 return(k5_des3_docrypt(context, key, ivec, input, output, 1)); 73 } 74 75 static krb5_error_code 76 k5_des3_decrypt(krb5_context context, 77 krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec, 78 krb5_const krb5_data *input, krb5_data *output) 79 { 80 return(k5_des3_docrypt(context, key, ivec, input, output, 0)); 81 } 82 83 static krb5_error_code 84 k5_des3_make_key(krb5_context context, krb5_const krb5_data *randombits, 85 krb5_keyblock *key) 86 { 87 int i; 88 krb5_error_code ret = 0; 89 90 KRB5_LOG0(KRB5_INFO, "k5_des3_make_key() start\n"); 91 92 if (key->length != 24) 93 return(KRB5_BAD_KEYSIZE); 94 if (randombits->length != 21) 95 return(KRB5_CRYPTO_INTERNAL); 96 97 key->magic = KV5M_KEYBLOCK; 98 key->length = 24; 99 key->dk_list = NULL; 100 101 /* take the seven bytes, move them around into the top 7 bits of the 102 8 key bytes, then compute the parity bits. Do this three times. */ 103 104 for (i=0; i<3; i++) { 105 (void) memcpy(key->contents+i*8, randombits->data+i*7, 7); 106 key->contents[i*8+7] = (((key->contents[i*8]&1)<<1) | 107 ((key->contents[i*8+1]&1)<<2) | 108 ((key->contents[i*8+2]&1)<<3) | 109 ((key->contents[i*8+3]&1)<<4) | 110 ((key->contents[i*8+4]&1)<<5) | 111 ((key->contents[i*8+5]&1)<<6) | 112 ((key->contents[i*8+6]&1)<<7)); 113 114 mit_des_fixup_key_parity(key->contents+i*8); 115 } 116 #ifdef _KERNEL 117 key->kef_key.ck_data = NULL; 118 key->key_tmpl = NULL; 119 ret = init_key_kef(context->kef_cipher_mt, key); 120 #else 121 key->hKey = CK_INVALID_HANDLE; 122 ret = init_key_uef(krb_ctx_hSession(context), key); 123 #endif /* _KERNEL */ 124 KRB5_LOG0(KRB5_INFO, "k5_des3_make_key() end\n"); 125 return(ret); 126 } 127 128 const struct krb5_enc_provider krb5int_enc_des3 = { 129 8, 130 21, 24, 131 k5_des3_encrypt, 132 k5_des3_decrypt, 133 k5_des3_make_key, 134 krb5int_des_init_state, 135 krb5int_default_free_state 136 }; 137