/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* lib/crypto/ucrypto/enc_provider/aes.c */
/*
* Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*/
#include "crypto_int.h"
#include <libucrypto.h>
#define BLOCK_SIZE 16
#define ENCRYPT_OP 1
#define DECRYPT_OP 2
/*
* The cbc_docrypt function is here to handle the case where there is only 1
* block of plain/cipher text to process.
*/
static krb5_error_code
cbc_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t num_data, int op_type)
{
int ret = 0;
unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
size_t olen = sizeof (oblock);
unsigned char tmp_iv[BLOCK_SIZE];
struct iov_cursor cursor;
if (ivec && ivec->data){
if (ivec->length != sizeof (tmp_iv))
return KRB5_CRYPTO_INTERNAL;
memcpy(tmp_iv, ivec->data, ivec->length);
} else {
memset(tmp_iv, 0, sizeof (tmp_iv));
}
/* Init iovec cursor to gather data for encypting (FALSE) */
k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
k5_iov_cursor_get(&cursor, iblock);
if (op_type == ENCRYPT_OP) {
if (ucrypto_encrypt(CRYPTO_AES_CBC,
key->keyblock.contents,
key->keyblock.length,
tmp_iv, sizeof (tmp_iv),
iblock, sizeof (iblock),
oblock, &olen) != CRYPTO_SUCCESS) {
ret = KRB5_CRYPTO_INTERNAL;
}
} else {
if (ucrypto_decrypt(CRYPTO_AES_CBC,
key->keyblock.contents,
key->keyblock.length,
tmp_iv, sizeof (tmp_iv),
iblock, sizeof (iblock),
oblock, &olen) != CRYPTO_SUCCESS) {
ret = KRB5_CRYPTO_INTERNAL;
}
}
if (!ret) {
assert(olen == BLOCK_SIZE);
k5_iov_cursor_put(&cursor, oblock);
if (ivec && ivec->data) {
if (op_type == ENCRYPT_OP)
memcpy(ivec->data, oblock, BLOCK_SIZE);
else
memcpy(ivec->data, iblock, BLOCK_SIZE);
}
}
zap(iblock, sizeof (iblock));
zap(oblock, sizeof (oblock));
return ret;
}
static krb5_error_code
cts_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t num_data, size_t dlen, size_t dblks, int op_type)
{
int ret = 0;
size_t olen = dlen;
unsigned char *obuf, *dbuf;
unsigned char iv_cts[BLOCK_SIZE];
struct iov_cursor cursor;
if (ivec && ivec->data){
if (ivec->length != sizeof (iv_cts))
return KRB5_CRYPTO_INTERNAL;
memcpy(iv_cts, ivec->data, ivec->length);
} else {
memset(iv_cts, 0, sizeof (iv_cts));
}
obuf = malloc(olen);
if (!obuf)
return ENOMEM;
dbuf = malloc(dlen);
if (!dbuf){
free(obuf);
return ENOMEM;
}
/* Init iov cursor to gather data for encypting/decrypting (FALSE) */
k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
/* Get all the data to be encrypted/decrypted into dbuf */
k5_iov_cursor_get(&cursor, dbuf);
if (op_type == ENCRYPT_OP) {
if (ucrypto_encrypt(CRYPTO_AES_CTS,
key->keyblock.contents,
key->keyblock.length,
iv_cts, sizeof (iv_cts),
dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) {
ret = KRB5_CRYPTO_INTERNAL;
}
} else {
if (ucrypto_decrypt(CRYPTO_AES_CTS,
key->keyblock.contents,
key->keyblock.length,
iv_cts, sizeof (iv_cts),
dbuf, dlen, obuf, &olen) != CRYPTO_SUCCESS) {
ret = KRB5_CRYPTO_INTERNAL;
}
}
if (!ret) {
assert(olen == dlen);
k5_iov_cursor_put(&cursor, obuf);
/*
* Updating the ivec arg, if present because of an old/obscure concept
* of cipher state that is being used by only BSD rlogin. See RFCs
* 1391 and 1392 in regards to the vague description of cipher state.
* For encrypt/decrypt use the second to the last block of ciphertext
* if > 1 block.
*/
if (ivec && ivec->data) {
unsigned char *bufptr = (op_type == ENCRYPT_OP) ? obuf : dbuf;
/*
* For encrypt obuf is ciphertext, for decrypt its dbuf which was
* input.
*/
memcpy(ivec->data, bufptr + ((dblks - 2) * BLOCK_SIZE),
BLOCK_SIZE);
}
}
zapfree(obuf, olen);
zapfree(dbuf, dlen);
return ret;
}
krb5_error_code
krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
size_t input_length, nblocks;
input_length = iov_total_length(data, num_data, FALSE);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
if (input_length != BLOCK_SIZE)
return KRB5_BAD_MSIZE;
/*
* Setting the ivec arg to NULL as a result of MIT bug ticket 8551
* Crypto providers not updating cipher state when 1 block plaintext is
* encrypted. For now we leave the bug in since it has existed in MIT
* code a long time and the tests need the buggy behavior to pass at
* this point.
*/
return cbc_docrypt(key, NULL, data, num_data, ENCRYPT_OP);
} else { /* nblocks > 1 */
return cts_docrypt(key, ivec, data, num_data, input_length, nblocks,
ENCRYPT_OP);
}
}
krb5_error_code
krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
size_t input_length, nblocks;
input_length = iov_total_length(data, num_data, FALSE);
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
if (nblocks == 1) {
if (input_length != BLOCK_SIZE)
return KRB5_BAD_MSIZE;
/* See comment about ivec arg above... */
return cbc_docrypt(key, NULL, data, num_data, DECRYPT_OP);
} else { /* nblocks > 1 */
return cts_docrypt(key, ivec, data, num_data, input_length, nblocks,
DECRYPT_OP);
}
}
static krb5_error_code
krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
krb5_data *state)
{
state->data = calloc(1, BLOCK_SIZE);
if (state->data == NULL)
return ENOMEM;
state->length = BLOCK_SIZE;
return 0;
}
const struct krb5_enc_provider krb5int_enc_aes128 = {
BLOCK_SIZE,
16, 16,
krb5int_aes_encrypt,
krb5int_aes_decrypt,
NULL,
krb5int_aes_init_state,
krb5int_default_free_state
};
const struct krb5_enc_provider krb5int_enc_aes256 = {
BLOCK_SIZE,
32, 32,
krb5int_aes_encrypt,
krb5int_aes_decrypt,
NULL,
krb5int_aes_init_state,
krb5int_default_free_state
};