/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* lib/crypto/openssl/enc_provider/rc4.c */
/*
 * Copyright (C) 2009 by the Massachusetts Institute of Technology.
 * All rights reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */

/*
 * Copyright (c) 2000 by Computer Science Laboratory,
 *                       Rensselaer Polytechnic Institute
 *
 * #include STD_DISCLAIMER
 */


#include "crypto_int.h"
#include <openssl/evp.h>

/*
 * The loopback field is a pointer to the structure.  If the application copies
 * the state (not a valid operation, but one which happens to works with some
 * other enc providers), we can detect it via the loopback field and return a
 * sane error code.
 */
struct arcfour_state {
    struct arcfour_state *loopback;
    EVP_CIPHER_CTX *ctx;
};

#define RC4_KEY_SIZE 16
#define RC4_BLOCK_SIZE 1

/* Interface layer to krb5 crypto layer */

/* The workhorse of the arcfour system,
 * this impliments the cipher
 */

/* In-place IOV crypto */
static krb5_error_code
k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
                   size_t num_data)
{
    size_t i;
    int ret = 1, tmp_len = 0;
    krb5_crypto_iov *iov     = NULL;
    EVP_CIPHER_CTX *ctx = NULL;
    struct arcfour_state *arcstate;

    arcstate = (state != NULL) ? (void *)state->data : NULL;
    if (arcstate != NULL) {
        ctx = arcstate->ctx;
        if (arcstate->loopback != arcstate)
            return KRB5_CRYPTO_INTERNAL;
    }

    if (ctx == NULL) {
        ctx = EVP_CIPHER_CTX_new();
        if (ctx == NULL)
            return ENOMEM;

        ret = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, key->keyblock.contents,
                                 NULL);
        if (!ret) {
            EVP_CIPHER_CTX_free(ctx);
            return KRB5_CRYPTO_INTERNAL;
        }

        if (arcstate != NULL)
            arcstate->ctx = ctx;
    }

    for (i = 0; i < num_data; i++) {
        iov = &data[i];
        if (ENCRYPT_IOV(iov)) {
            ret = EVP_EncryptUpdate(ctx,
                                    (unsigned char *) iov->data.data, &tmp_len,
                                    (unsigned char *) iov->data.data,
                                    iov->data.length);
            if (!ret)
                break;
        }
    }

    if (arcstate == NULL)
        EVP_CIPHER_CTX_free(ctx);

    if (!ret)
        return KRB5_CRYPTO_INTERNAL;

    return 0;
}

static void
k5_arcfour_free_state(krb5_data *state)
{
    struct arcfour_state *arcstate = (void *)state->data;

    EVP_CIPHER_CTX_free(arcstate->ctx);
    free(arcstate);
}

static krb5_error_code
k5_arcfour_init_state(const krb5_keyblock *key,
                      krb5_keyusage keyusage, krb5_data *new_state)
{
    struct arcfour_state *arcstate;

    /*
     * The cipher state here is a saved pointer to a struct arcfour_state
     * object, rather than a flat byte array as in most enc providers.  The
     * object includes a loopback pointer to detect if if the caller made a
     * copy of the krb5_data value or otherwise assumed it was a simple byte
     * array.  When we cast the data pointer back, we need to go through void *
     * to avoid increased alignment warnings.
     */

    /* Create a state structure with an uninitialized context. */
    arcstate = calloc(1, sizeof(*arcstate));
    if (arcstate == NULL)
        return ENOMEM;
    arcstate->loopback = arcstate;
    arcstate->ctx = NULL;
    new_state->data = (char *) arcstate;
    new_state->length = sizeof(*arcstate);
    return 0;
}

/* Since the arcfour cipher is identical going forwards and backwards,
   we just call "docrypt" directly
*/
const struct krb5_enc_provider krb5int_enc_arcfour = {
    /* This seems to work... although I am not sure what the
       implications are in other places in the kerberos library */
    RC4_BLOCK_SIZE,
    /* Keysize is arbitrary in arcfour, but the constraints of the
       system, and to attempt to work with the MSFT system forces us
       to 16byte/128bit.  Since there is no parity in the key, the
       byte and length are the same.  */
    RC4_KEY_SIZE, RC4_KEY_SIZE,
    k5_arcfour_docrypt,
    k5_arcfour_docrypt,
    NULL,
    k5_arcfour_init_state,
    k5_arcfour_free_state
};