xref: /illumos-gate/usr/src/uts/common/gssapi/mechs/krb5/crypto/enc_provider/des3.c (revision 55fea89dcaa64928bed4327112404dcb3e07b79f) 
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 
7 /*
8  * Copyright (C) 1998 by the FundsXpress, INC.
9  *
10  * All rights reserved.
11  *
12  * Export of this software from the United States of America may require
13  * a specific license from the United States Government.  It is the
14  * responsibility of any person or organization contemplating export to
15  * obtain such a license before exporting.
16  *
17  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
18  * distribute this software and its documentation for any purpose and
19  * without fee is hereby granted, provided that the above copyright
20  * notice appear in all copies and that both that copyright notice and
21  * this permission notice appear in supporting documentation, and that
22  * the name of FundsXpress. not be used in advertising or publicity pertaining
23  * to distribution of the software without specific, written prior
24  * permission.  FundsXpress makes no representations about the suitability of
25  * this software for any purpose.  It is provided "as is" without express
26  * or implied warranty.
27  *
28  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
29  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
30  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
31  */
32 
33 #include "k5-int.h"
34 #include "des_int.h"
35 
36 static krb5_error_code
k5_des3_docrypt(krb5_context context,krb5_const krb5_keyblock * key,krb5_const krb5_data * ivec,krb5_const krb5_data * input,krb5_data * output,int encrypt)37 k5_des3_docrypt(krb5_context context,
38 	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
39 	krb5_const krb5_data *input, krb5_data *output, int encrypt)
40 {
41     /* LINTED */
42     krb5_error_code ret;
43 
44     KRB5_LOG0(KRB5_INFO, "k5_des3_docrypt() start");
45 
46     /* key->enctype was checked by the caller */
47 
48     if (key->length != 24)
49 	return(KRB5_BAD_KEYSIZE);
50     if ((input->length%8) != 0)
51 	return(KRB5_BAD_MSIZE);
52     if (ivec && (ivec->length != 8))
53 	return(KRB5_BAD_MSIZE);
54     if (input->length != output->length)
55 	return(KRB5_BAD_MSIZE);
56 
57     ret = mit_des3_cbc_encrypt(context, (krb5_pointer) input->data,
58 	(krb5_pointer) output->data, input->length,
59 	(krb5_keyblock *)key,
60 	ivec?(unsigned char *)ivec->data:(unsigned char *)mit_des_zeroblock,
61 	encrypt);
62 
63     KRB5_LOG0(KRB5_INFO, "k5_des3_docrypt() end\n");
64     return(ret);
65 }
66 
67 static krb5_error_code
k5_des3_encrypt(krb5_context context,krb5_const krb5_keyblock * key,krb5_const krb5_data * ivec,krb5_const krb5_data * input,krb5_data * output)68 k5_des3_encrypt(krb5_context context,
69 	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
70 	krb5_const krb5_data *input, krb5_data *output)
71 {
72     return(k5_des3_docrypt(context, key, ivec, input, output, 1));
73 }
74 
75 static krb5_error_code
k5_des3_decrypt(krb5_context context,krb5_const krb5_keyblock * key,krb5_const krb5_data * ivec,krb5_const krb5_data * input,krb5_data * output)76 k5_des3_decrypt(krb5_context context,
77 	krb5_const krb5_keyblock *key, krb5_const krb5_data *ivec,
78 	krb5_const krb5_data *input, krb5_data *output)
79 {
80     return(k5_des3_docrypt(context, key, ivec, input, output, 0));
81 }
82 
83 static krb5_error_code
k5_des3_make_key(krb5_context context,krb5_const krb5_data * randombits,krb5_keyblock * key)84 k5_des3_make_key(krb5_context context, krb5_const krb5_data *randombits,
85 		krb5_keyblock *key)
86 {
87     int i;
88     krb5_error_code ret = 0;
89 
90     KRB5_LOG0(KRB5_INFO, "k5_des3_make_key() start\n");
91 
92     if (key->length != 24)
93 	return(KRB5_BAD_KEYSIZE);
94     if (randombits->length != 21)
95 	return(KRB5_CRYPTO_INTERNAL);
96 
97     key->magic = KV5M_KEYBLOCK;
98     key->length = 24;
99     key->dk_list = NULL;
100 
101     /* take the seven bytes, move them around into the top 7 bits of the
102        8 key bytes, then compute the parity bits.  Do this three times. */
103 
104     for (i=0; i<3; i++) {
105 	(void) memcpy(key->contents+i*8, randombits->data+i*7, 7);
106 	key->contents[i*8+7] = (((key->contents[i*8]&1)<<1) |
107 				((key->contents[i*8+1]&1)<<2) |
108 				((key->contents[i*8+2]&1)<<3) |
109 				((key->contents[i*8+3]&1)<<4) |
110 				((key->contents[i*8+4]&1)<<5) |
111 				((key->contents[i*8+5]&1)<<6) |
112 				((key->contents[i*8+6]&1)<<7));
113 
114 	mit_des_fixup_key_parity(key->contents+i*8);
115     }
116 #ifdef _KERNEL
117     key->kef_key.ck_data = NULL;
118     key->key_tmpl = NULL;
119     ret = init_key_kef(context->kef_cipher_mt, key);
120 #else
121     key->hKey = CK_INVALID_HANDLE;
122     ret = init_key_uef(krb_ctx_hSession(context), key);
123 #endif /* _KERNEL */
124     KRB5_LOG0(KRB5_INFO, "k5_des3_make_key() end\n");
125     return(ret);
126 }
127 
128 const struct krb5_enc_provider krb5int_enc_des3 = {
129     8,
130     21, 24,
131     k5_des3_encrypt,
132     k5_des3_decrypt,
133     k5_des3_make_key,
134     krb5int_des_init_state,
135     krb5int_default_free_state
136 };
137