upstream/oracle/userland-gate: comparison components/krb5/Solaris/ucrypto/enc

equal deleted inserted replaced

-:e94c44902e51
+:50d75ee82dad
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/enc_provider/des.c */
+/*
+* Copyright (C) 2009 by the Massachusetts Institute of Technology.
+* All rights reserved.
+*
+* Export of this software from the United States of America may
+*   require a specific license from the United States Government.
+*   It is the responsibility of any person or organization contemplating
+*   export to obtain such a license before exporting.
+*
+* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+* distribute this software and its documentation for any purpose and
+* without fee is hereby granted, provided that the above copyright
+* notice appear in all copies and that both that copyright notice and
+* this permission notice appear in supporting documentation, and that
+* the name of M.I.T. not be used in advertising or publicity pertaining
+* to distribution of the software without specific, written prior
+* permission.  Furthermore if you modify this software you must label
+* your software as modified software and not distribute it in such a
+* fashion that it might be confused with the original M.I.T. software.
+* M.I.T. makes no representations about the suitability of
+* this software for any purpose.  It is provided "as is" without express
+* or implied warranty.
+*/
+/*
+* Copyright (C) 1998 by the FundsXpress, INC.
+*
+* All rights reserved.
+*
+* Export of this software from the United States of America may require
+* a specific license from the United States Government.  It is the
+* responsibility of any person or organization contemplating export to
+* obtain such a license before exporting.
+*
+* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+* distribute this software and its documentation for any purpose and
+* without fee is hereby granted, provided that the above copyright
+* notice appear in all copies and that both that copyright notice and
+* this permission notice appear in supporting documentation, and that
+* the name of FundsXpress. not be used in advertising or publicity pertaining
+* to distribution of the software without specific, written prior
+* permission.  FundsXpress makes no representations about the suitability of
+* this software for any purpose.  It is provided "as is" without express
+* or implied warranty.
+*
+* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+*/
+/*
+* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+*/
+#include "crypto_int.h"
+#include <libucrypto.h>
+#define DES_BLOCK_SIZE 8
+#define DES_KEY_SIZE 8
+#define DES_KEY_BYTES 7
+static krb5_error_code
+validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data,
+size_t num_data, size_t *inlen)
+{
+size_t input_length = iov_total_length(data, num_data, FALSE);
+if (key->keyblock.length != DES_KEY_SIZE)
+return KRB5_BAD_KEYSIZE;
+if ((input_length % DES_BLOCK_SIZE) != 0)
+return KRB5_BAD_MSIZE;
+if (ivec && (ivec->length != DES_BLOCK_SIZE))
+return KRB5_BAD_MSIZE;
+if (inlen != NULL)
+*inlen = input_length;
+return 0;
+}
+static krb5_error_code
+k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+size_t num_data)
+{
+int ret;
+size_t  olen, dlen;
+uchar_t *obuf, *dbuf;
+uchar_t tmp_iv[DES_BLOCK_SIZE];
+struct iov_cursor cursor;
+ret = validate(key, ivec, data, num_data, &dlen);
+if (ret != 0 || dlen == 0)
+return ret;
+if (ivec && ivec->data)
+memcpy(tmp_iv, ivec->data, ivec->length);
+else
+memset(tmp_iv, 0, sizeof(tmp_iv));
+olen = dlen;
+obuf = malloc(olen);
+if (!obuf)
+return ENOMEM;
+dbuf = malloc(dlen);
+if (!dbuf){
+free(obuf);
+return ENOMEM;
+}
+/* Init iov cursor to gather data for encypting (FALSE) */
+k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+/* Get all that data into dbuf */
+k5_iov_cursor_get(&cursor, dbuf);
+if (ucrypto_encrypt(CRYPTO_DES_CBC,
+key->keyblock.contents,
+key->keyblock.length,
+tmp_iv, sizeof(tmp_iv),
+dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) {
+ret = KRB5_CRYPTO_INTERNAL;
+} else {
+k5_iov_cursor_put(&cursor, obuf);
+}
+/*
+* Updating the ivec arg, if present because of an old/obscure concept of
+* cipher state that is being used by only BSD rlogin.  See RFCs 1391 and
+* 1392 in regards to the vague description of cipher state.
+*/
+if (!ret && ivec && ivec->data) {
+/* Copy last block of cipher text output */
+memcpy(ivec->data, obuf + (dlen - DES_BLOCK_SIZE), DES_BLOCK_SIZE);
+}
+zapfree(obuf, olen);
+zapfree(dbuf, dlen);
+return ret;
+}
+static krb5_error_code
+k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+size_t num_data)
+{
+int ret;
+size_t  olen, dlen;
+uchar_t *obuf, *dbuf;
+uchar_t tmp_iv[DES_BLOCK_SIZE];
+struct iov_cursor cursor;
+ret = validate(key, ivec, data, num_data, &dlen);
+if (ret != 0 || dlen == 0)
+return ret;
+if (ivec && ivec->data)
+memcpy(tmp_iv, ivec->data, ivec->length);
+else
+memset(tmp_iv, 0, sizeof(tmp_iv));
+olen = dlen;
+obuf = malloc(olen);
+if (!obuf)
+return ENOMEM;
+dbuf = malloc(dlen);
+if (!dbuf){
+free(obuf);
+return ENOMEM;
+}
+/* Init iov cursor to gather cipher text for decrypting (FALSE) */
+k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+/* Gather all that cipher text into dbuf */
+k5_iov_cursor_get(&cursor, dbuf);
+if (ucrypto_decrypt(CRYPTO_DES_CBC,
+key->keyblock.contents,
+key->keyblock.length,
+tmp_iv, sizeof(tmp_iv),
+dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) {
+ret = KRB5_CRYPTO_INTERNAL;
+} else {
+k5_iov_cursor_put(&cursor, obuf);
+}
+/*
+* Updating the ivec arg, if present because of an old/obscure concept of
+* cipher state that is being used by only BSD rlogin.  See RFCs 1391 and
+* 1392 in regards to the vague description of cipher state.
+*/
+if (!ret && ivec && ivec->data) {
+/* Copy last block of cipher text input */
+memcpy(ivec->data, dbuf + (dlen - DES_BLOCK_SIZE), DES_BLOCK_SIZE);
+}
+zapfree(obuf, olen);
+zapfree(dbuf, dlen);
+return ret;
+}
+static krb5_error_code
+k5_des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
+const krb5_data *ivec, krb5_data *output)
+{
+int ret;
+struct iov_cursor cursor;
+uchar_t blockY[DES_BLOCK_SIZE], blockB[DES_BLOCK_SIZE];
+size_t olen;
+ret = validate(key, ivec, data, num_data, NULL);
+if (ret != 0)
+return ret;
+if (output->length != DES_BLOCK_SIZE)
+return KRB5_BAD_MSIZE;
+if (ivec != NULL)
+memcpy(blockY, ivec->data, DES_BLOCK_SIZE);
+else
+memset(blockY, 0, DES_BLOCK_SIZE);
+k5_iov_cursor_init(&cursor, data, num_data, DES_BLOCK_SIZE, FALSE);
+while (k5_iov_cursor_get(&cursor, blockB)) {
+store_64_n(load_64_n(blockB) ^ load_64_n(blockY), blockB);
+olen = sizeof(blockY);
+if (ucrypto_encrypt(CRYPTO_DES_ECB,
+key->keyblock.contents,
+key->keyblock.length,
+NULL, 0,
+blockB, sizeof(blockB),
+blockY, &olen) != CRYPTO_SUCCESS) {
+return KRB5_CRYPTO_INTERNAL;
+}
+}
+memcpy(output->data, blockY, DES_BLOCK_SIZE);
+return 0;
+}
+const struct krb5_enc_provider krb5int_enc_des = {
+DES_BLOCK_SIZE,
+DES_KEY_BYTES, DES_KEY_SIZE,
+k5_des_encrypt,
+k5_des_decrypt,
+k5_des_cbc_mac,
+krb5int_des_init_state,
+krb5int_default_free_state
+};