|
Packit Service |
e737ee |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit Service |
e737ee |
/*
|
|
Packit Service |
e737ee |
* Copyright (C) 2008 by the Massachusetts Institute of Technology.
|
|
Packit Service |
e737ee |
* Copyright 1995 by Richard P. Basch. All Rights Reserved.
|
|
Packit Service |
e737ee |
* Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved.
|
|
Packit Service |
e737ee |
*
|
|
Packit Service |
e737ee |
* Export of this software from the United States of America may
|
|
Packit Service |
e737ee |
* require a specific license from the United States Government.
|
|
Packit Service |
e737ee |
* It is the responsibility of any person or organization contemplating
|
|
Packit Service |
e737ee |
* export to obtain such a license before exporting.
|
|
Packit Service |
e737ee |
*
|
|
Packit Service |
e737ee |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit Service |
e737ee |
* distribute this software and its documentation for any purpose and
|
|
Packit Service |
e737ee |
* without fee is hereby granted, provided that the above copyright
|
|
Packit Service |
e737ee |
* notice appear in all copies and that both that copyright notice and
|
|
Packit Service |
e737ee |
* this permission notice appear in supporting documentation, and that
|
|
Packit Service |
e737ee |
* the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
|
|
Packit Service |
e737ee |
* in advertising or publicity pertaining to distribution of the software
|
|
Packit Service |
e737ee |
* without specific, written prior permission. Richard P. Basch,
|
|
Packit Service |
e737ee |
* Lehman Brothers and M.I.T. make no representations about the suitability
|
|
Packit Service |
e737ee |
* of this software for any purpose. It is provided "as is" without
|
|
Packit Service |
e737ee |
* express or implied warranty.
|
|
Packit Service |
e737ee |
*/
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
#include "crypto_int.h"
|
|
Packit Service |
e737ee |
#include "des_int.h"
|
|
Packit Service |
e737ee |
#include "f_tables.h"
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
const mit_des_cblock mit_des_zeroblock /* = all zero */;
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
void
|
|
Packit Service |
e737ee |
krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
|
|
Packit Service |
e737ee |
const mit_des_key_schedule schedule,
|
|
Packit Service |
e737ee |
mit_des_cblock ivec)
|
|
Packit Service |
e737ee |
{
|
|
Packit Service |
e737ee |
unsigned DES_INT32 left, right;
|
|
Packit Service |
e737ee |
const unsigned DES_INT32 *kp;
|
|
Packit Service |
e737ee |
const unsigned char *ip;
|
|
Packit Service |
e737ee |
struct iov_cursor cursor;
|
|
Packit Service |
e737ee |
unsigned char block[MIT_DES_BLOCK_LENGTH];
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Get key pointer here. This won't need to be reinitialized. */
|
|
Packit Service |
e737ee |
kp = (const unsigned DES_INT32 *)schedule;
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Initialize left and right with the contents of the initial vector. */
|
|
Packit Service |
e737ee |
ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
|
|
Packit Service |
e737ee |
left = load_32_be(ip);
|
|
Packit Service |
e737ee |
right = load_32_be(ip + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE);
|
|
Packit Service |
e737ee |
while (k5_iov_cursor_get(&cursor, block)) {
|
|
Packit Service |
e737ee |
/* Decompose this block and xor it with the previous ciphertext. */
|
|
Packit Service |
e737ee |
left ^= load_32_be(block);
|
|
Packit Service |
e737ee |
right ^= load_32_be(block + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Encrypt what we have and put back into block. */
|
|
Packit Service |
e737ee |
DES_DO_ENCRYPT(left, right, kp);
|
|
Packit Service |
e737ee |
store_32_be(left, block);
|
|
Packit Service |
e737ee |
store_32_be(right, block + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
k5_iov_cursor_put(&cursor, block);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
if (ivec != NULL) {
|
|
Packit Service |
e737ee |
store_32_be(left, ivec);
|
|
Packit Service |
e737ee |
store_32_be(right, ivec + 4);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
void
|
|
Packit Service |
e737ee |
krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
|
|
Packit Service |
e737ee |
const mit_des_key_schedule schedule,
|
|
Packit Service |
e737ee |
mit_des_cblock ivec)
|
|
Packit Service |
e737ee |
{
|
|
Packit Service |
e737ee |
unsigned DES_INT32 left, right;
|
|
Packit Service |
e737ee |
const unsigned DES_INT32 *kp;
|
|
Packit Service |
e737ee |
const unsigned char *ip;
|
|
Packit Service |
e737ee |
unsigned DES_INT32 ocipherl, ocipherr;
|
|
Packit Service |
e737ee |
unsigned DES_INT32 cipherl, cipherr;
|
|
Packit Service |
e737ee |
struct iov_cursor cursor;
|
|
Packit Service |
e737ee |
unsigned char block[MIT_DES_BLOCK_LENGTH];
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Get key pointer here. This won't need to be reinitialized. */
|
|
Packit Service |
e737ee |
kp = (const unsigned DES_INT32 *)schedule;
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/*
|
|
Packit Service |
e737ee |
* Decrypting is harder than encrypting because of
|
|
Packit Service |
e737ee |
* the necessity of remembering a lot more things.
|
|
Packit Service |
e737ee |
* Should think about this a little more...
|
|
Packit Service |
e737ee |
*/
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Prime the old cipher with ivec. */
|
|
Packit Service |
e737ee |
ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
|
|
Packit Service |
e737ee |
ocipherl = load_32_be(ip);
|
|
Packit Service |
e737ee |
ocipherr = load_32_be(ip + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE);
|
|
Packit Service |
e737ee |
while (k5_iov_cursor_get(&cursor, block)) {
|
|
Packit Service |
e737ee |
/* Split this block into left and right. */
|
|
Packit Service |
e737ee |
cipherl = left = load_32_be(block);
|
|
Packit Service |
e737ee |
cipherr = right = load_32_be(block + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Decrypt and xor with the old cipher to get plain text. */
|
|
Packit Service |
e737ee |
DES_DO_DECRYPT(left, right, kp);
|
|
Packit Service |
e737ee |
left ^= ocipherl;
|
|
Packit Service |
e737ee |
right ^= ocipherr;
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Store the encrypted halves back into block. */
|
|
Packit Service |
e737ee |
store_32_be(left, block);
|
|
Packit Service |
e737ee |
store_32_be(right, block + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Save current cipher block halves. */
|
|
Packit Service |
e737ee |
ocipherl = cipherl;
|
|
Packit Service |
e737ee |
ocipherr = cipherr;
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
k5_iov_cursor_put(&cursor, block);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
if (ivec != NULL) {
|
|
Packit Service |
e737ee |
store_32_be(ocipherl, ivec);
|
|
Packit Service |
e737ee |
store_32_be(ocipherr, ivec + 4);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
void
|
|
Packit Service |
e737ee |
krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
|
|
Packit Service |
e737ee |
const mit_des_key_schedule schedule, mit_des_cblock ivec,
|
|
Packit Service |
e737ee |
mit_des_cblock out)
|
|
Packit Service |
e737ee |
{
|
|
Packit Service |
e737ee |
unsigned DES_INT32 left, right;
|
|
Packit Service |
e737ee |
const unsigned DES_INT32 *kp;
|
|
Packit Service |
e737ee |
const unsigned char *ip;
|
|
Packit Service |
e737ee |
struct iov_cursor cursor;
|
|
Packit Service |
e737ee |
unsigned char block[MIT_DES_BLOCK_LENGTH];
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Get key pointer here. This won't need to be reinitialized. */
|
|
Packit Service |
e737ee |
kp = (const unsigned DES_INT32 *)schedule;
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Initialize left and right with the contents of the initial vector. */
|
|
Packit Service |
e737ee |
ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
|
|
Packit Service |
e737ee |
left = load_32_be(ip);
|
|
Packit Service |
e737ee |
right = load_32_be(ip + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, TRUE);
|
|
Packit Service |
e737ee |
while (k5_iov_cursor_get(&cursor, block)) {
|
|
Packit Service |
e737ee |
/* Decompose this block and xor it with the previous ciphertext. */
|
|
Packit Service |
e737ee |
left ^= load_32_be(block);
|
|
Packit Service |
e737ee |
right ^= load_32_be(block + 4);
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Encrypt what we have. */
|
|
Packit Service |
e737ee |
DES_DO_ENCRYPT(left, right, kp);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
/* Output the final ciphertext block. */
|
|
Packit Service |
e737ee |
store_32_be(left, out);
|
|
Packit Service |
e737ee |
store_32_be(right, out + 4);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
|
|
Packit Service |
e737ee |
void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left,
|
|
Packit Service |
e737ee |
unsigned DES_INT32 *right,
|
|
Packit Service |
e737ee |
const unsigned DES_INT32 *kp)
|
|
Packit Service |
e737ee |
{
|
|
Packit Service |
e737ee |
DES_DO_ENCRYPT_1 (*left, *right, kp);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
|
|
Packit Service |
e737ee |
void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left,
|
|
Packit Service |
e737ee |
unsigned DES_INT32 *right,
|
|
Packit Service |
e737ee |
const unsigned DES_INT32 *kp)
|
|
Packit Service |
e737ee |
{
|
|
Packit Service |
e737ee |
DES_DO_DECRYPT_1 (*left, *right, kp);
|
|
Packit Service |
e737ee |
}
|
|
Packit Service |
e737ee |
#endif
|