1 /* 2 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * Copyright (c) 1990 Dennis Ferguson. All rights reserved. 10 * 11 * Commercial use is permitted only if products which are derived from 12 * or include this software are made available for purchase and/or use 13 * in Canada. Otherwise, redistribution and use in source and binary 14 * forms are permitted. 15 */ 16 17 /* 18 * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode 19 */ 20 #include <des_int.h> 21 22 /* 23 * des_cbc_encrypt - {en,de}crypt a stream in CBC mode 24 */ 25 26 /* SUNW14resync - sparcv9 cc complained about lack of object init */ 27 /* = all zero */ 28 const mit_des_cblock mit_des_zeroblock = {0, 0, 0, 0, 0, 0, 0, 0}; 29 30 #undef mit_des_cbc_encrypt 31 32 #ifndef _KERNEL 33 int 34 mit_des_cbc_encrypt(context, in, out, length, key, ivec, encrypt) 35 krb5_context context; 36 const mit_des_cblock *in; 37 mit_des_cblock *out; 38 long length; 39 krb5_keyblock *key; 40 mit_des_cblock ivec; 41 int encrypt; 42 { 43 krb5_error_code ret = KRB5_PROG_ETYPE_NOSUPP; 44 /* EXPORT DELETE START */ 45 KRB5_MECH_TO_PKCS algos; 46 CK_MECHANISM mechanism; 47 CK_RV rv; 48 /* For the Key Object */ 49 50 ret = 0; 51 if ((rv = get_algo(key->enctype, &algos)) != CKR_OK) { 52 KRB5_LOG0(KRB5_ERR, "failure to get algo id in function " 53 "mit_des_cbc_encrypt."); 54 ret = PKCS_ERR; 55 goto cleanup; 56 } 57 58 rv = init_key_uef(krb_ctx_hSession(context), key); 59 if (rv != CKR_OK) { 60 KRB5_LOG(KRB5_ERR, "init_key_uef failed in " 61 "mit_des_cbc_encrypt: rv = 0x%x", rv); 62 ret = PKCS_ERR; 63 goto cleanup; 64 } 65 66 mechanism.mechanism = algos.enc_algo; 67 mechanism.pParameter = ivec; 68 if (ivec != NULL) 69 mechanism.ulParameterLen = MIT_DES_BLOCK_LENGTH; 70 else 71 mechanism.ulParameterLen = 0; 72 73 if (encrypt) 74 rv = C_EncryptInit(krb_ctx_hSession(context), &mechanism, key->hKey); 75 else 76 rv = C_DecryptInit(krb_ctx_hSession(context), &mechanism, key->hKey); 77 78 if (rv != CKR_OK) { 79 KRB5_LOG(KRB5_ERR, "C_EncryptInit/C_DecryptInit failed in " 80 "mit_des_cbc_encrypt: rv = 0x%x", rv); 81 ret = PKCS_ERR; 82 goto cleanup; 83 } 84 85 if (encrypt) 86 rv = C_Encrypt(krb_ctx_hSession(context), (CK_BYTE_PTR)in, 87 (CK_ULONG)length, (CK_BYTE_PTR)out, 88 (CK_ULONG_PTR)&length); 89 else 90 rv = C_Decrypt(krb_ctx_hSession(context), (CK_BYTE_PTR)in, 91 (CK_ULONG)length, (CK_BYTE_PTR)out, 92 (CK_ULONG_PTR)&length); 93 94 if (rv != CKR_OK) { 95 KRB5_LOG(KRB5_ERR, 96 "C_Encrypt/C_Decrypt failed in mit_des_cbc_encrypt: " 97 "rv = 0x%x", rv); 98 ret = PKCS_ERR; 99 } 100 cleanup: 101 102 final_cleanup: 103 if (ret) 104 (void) memset(out, 0, length); 105 106 /* EXPORT DELETE END */ 107 KRB5_LOG(KRB5_INFO, "mit_des_cbc_encrypt() end retval=%d", ret); 108 109 return(ret); 110 } 111 #else 112 113 /* 114 * This routine performs DES cipher-block-chaining operation, either 115 * encrypting from cleartext to ciphertext, if encrypt != 0 or 116 * decrypting from ciphertext to cleartext, if encrypt == 0. 117 * 118 * The key schedule is passed as an arg, as well as the cleartext or 119 * ciphertext. The cleartext and ciphertext should be in host order. 120 * 121 * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not 122 * enough space was provided, your program will get trashed. 123 * 124 * For encryption, the cleartext string is null padded, at the end, to 125 * an integral multiple of eight bytes. 126 * 127 * For decryption, the ciphertext will be used in integral multiples 128 * of 8 bytes, but only the first "length" bytes returned into the 129 * cleartext. 130 */ 131 132 /* ARGSUSED */ 133 int 134 mit_des_cbc_encrypt(krb5_context context, 135 const mit_des_cblock *in, 136 mit_des_cblock *out, 137 long length, krb5_keyblock *key, 138 mit_des_cblock ivec, int encrypt) 139 { 140 int ret = KRB5_PROG_ETYPE_NOSUPP; 141 /* EXPORT DELETE START */ 142 krb5_data ivdata; 143 ret = 0; 144 145 KRB5_LOG(KRB5_INFO, "mit_des_cbc_encrypt() start encrypt=%d", encrypt); 146 147 ivdata.data = (char *)ivec; 148 ivdata.length = sizeof(mit_des_cblock); 149 150 ret = k5_ef_crypto((const char *)in, 151 (char *)out, length, key, &ivdata, encrypt); 152 153 /* EXPORT DELETE END */ 154 KRB5_LOG(KRB5_INFO, "mit_des_cbc_encrypt() end retval=%d", ret); 155 return(ret); 156 } 157 #endif /* !_KERNEL */ 158