xref: /freebsd/crypto/heimdal/lib/krb5/crypto-evp.c (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1 /*
2  * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 
36 void
37 _krb5_evp_schedule(krb5_context context,
38 		   struct _krb5_key_type *kt,
39 		   struct _krb5_key_data *kd)
40 {
41     struct _krb5_evp_schedule *key = kd->schedule->data;
42     const EVP_CIPHER *c = (*kt->evp)();
43 
44     key->ectx = EVP_CIPHER_CTX_new();
45     key->dctx = EVP_CIPHER_CTX_new();
46     if (key->ectx == NULL || key->dctx == NULL)
47 	krb5_abort(context, ENOMEM, "malloc failed");
48 
49     EVP_CipherInit_ex(key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1);
50     EVP_CipherInit_ex(key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0);
51 }
52 
53 void
54 _krb5_evp_cleanup(krb5_context context, struct _krb5_key_data *kd)
55 {
56     struct _krb5_evp_schedule *key = kd->schedule->data;
57     EVP_CIPHER_CTX_free(key->ectx);
58     EVP_CIPHER_CTX_free(key->dctx);
59 }
60 
61 krb5_error_code
62 _krb5_evp_encrypt(krb5_context context,
63 		struct _krb5_key_data *key,
64 		void *data,
65 		size_t len,
66 		krb5_boolean encryptp,
67 		int usage,
68 		void *ivec)
69 {
70     struct _krb5_evp_schedule *ctx = key->schedule->data;
71     EVP_CIPHER_CTX *c;
72     c = encryptp ? ctx->ectx : ctx->dctx;
73     if (ivec == NULL) {
74 	/* alloca ? */
75 	size_t len2 = EVP_CIPHER_CTX_iv_length(c);
76 	void *loiv = malloc(len2);
77 	if (loiv == NULL) {
78 	    krb5_clear_error_message(context);
79 	    return ENOMEM;
80 	}
81 	memset(loiv, 0, len2);
82 	EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);
83 	free(loiv);
84     } else
85 	EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);
86     EVP_Cipher(c, data, data, len);
87     return 0;
88 }
89 
90 static const unsigned char zero_ivec[EVP_MAX_BLOCK_LENGTH] = { 0 };
91 
92 krb5_error_code
93 _krb5_evp_encrypt_cts(krb5_context context,
94 		      struct _krb5_key_data *key,
95 		      void *data,
96 		      size_t len,
97 		      krb5_boolean encryptp,
98 		      int usage,
99 		      void *ivec)
100 {
101     size_t i, blocksize;
102     struct _krb5_evp_schedule *ctx = key->schedule->data;
103     unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
104     EVP_CIPHER_CTX *c;
105     unsigned char *p;
106 
107     c = encryptp ? ctx->ectx : ctx->dctx;
108 
109     blocksize = EVP_CIPHER_CTX_block_size(c);
110 
111     if (len < blocksize) {
112 	krb5_set_error_message(context, EINVAL,
113 			       "message block too short");
114 	return EINVAL;
115     } else if (len == blocksize) {
116 	EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
117 	EVP_Cipher(c, data, data, len);
118 	return 0;
119     }
120 
121     if (ivec)
122 	EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);
123     else
124 	EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
125 
126     if (encryptp) {
127 
128 	p = data;
129 	i = ((len - 1) / blocksize) * blocksize;
130 	EVP_Cipher(c, p, p, i);
131 	p += i - blocksize;
132 	len -= i;
133 	memcpy(ivec2, p, blocksize);
134 
135 	for (i = 0; i < len; i++)
136 	    tmp[i] = p[i + blocksize] ^ ivec2[i];
137 	for (; i < blocksize; i++)
138 	    tmp[i] = 0 ^ ivec2[i];
139 
140 	EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
141 	EVP_Cipher(c, p, tmp, blocksize);
142 
143 	memcpy(p + blocksize, ivec2, len);
144 	if (ivec)
145 	    memcpy(ivec, p, blocksize);
146     } else {
147 	unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH];
148 
149 	p = data;
150 	if (len > blocksize * 2) {
151 	    /* remove last two blocks and round up, decrypt this with cbc, then do cts dance */
152 	    i = ((((len - blocksize * 2) + blocksize - 1) / blocksize) * blocksize);
153 	    memcpy(ivec2, p + i - blocksize, blocksize);
154 	    EVP_Cipher(c, p, p, i);
155 	    p += i;
156 	    len -= i + blocksize;
157 	} else {
158 	    if (ivec)
159 		memcpy(ivec2, ivec, blocksize);
160 	    else
161 		memcpy(ivec2, zero_ivec, blocksize);
162 	    len -= blocksize;
163 	}
164 
165 	memcpy(tmp, p, blocksize);
166 	EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
167 	EVP_Cipher(c, tmp2, p, blocksize);
168 
169 	memcpy(tmp3, p + blocksize, len);
170 	memcpy(tmp3 + len, tmp2 + len, blocksize - len); /* xor 0 */
171 
172 	for (i = 0; i < len; i++)
173 	    p[i + blocksize] = tmp2[i] ^ tmp3[i];
174 
175 	EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
176 	EVP_Cipher(c, p, tmp3, blocksize);
177 
178 	for (i = 0; i < blocksize; i++)
179 	    p[i] ^= ivec2[i];
180 	if (ivec)
181 	    memcpy(ivec, tmp, blocksize);
182     }
183     return 0;
184 }
185