1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/crypto/openssl/enc_provider/des3.c
4 * Copyright (C) 2009 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
27 * Copyright (C) 1998 by the FundsXpress, INC.
29 * All rights reserved.
31 * Export of this software from the United States of America may require
32 * a specific license from the United States Government. It is the
33 * responsibility of any person or organization contemplating export to
34 * obtain such a license before exporting.
36 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37 * distribute this software and its documentation for any purpose and
38 * without fee is hereby granted, provided that the above copyright
39 * notice appear in all copies and that both that copyright notice and
40 * this permission notice appear in supporting documentation, and that
41 * the name of FundsXpress. not be used in advertising or publicity pertaining
42 * to distribution of the software without specific, written prior
43 * permission. FundsXpress makes no representations about the suitability of
44 * this software for any purpose. It is provided "as is" without express
45 * or implied warranty.
47 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
56 #include <openssl/evp.h>
59 #define DES_BLOCK_SIZE 8
61 static krb5_error_code
62 validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data,
63 size_t num_data, krb5_boolean *empty)
65 size_t i, input_length;
67 for (i = 0, input_length = 0; i < num_data; i++) {
68 const krb5_crypto_iov *iov = &data[i];
70 input_length += iov->data.length;
73 if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE)
74 return(KRB5_BAD_KEYSIZE);
75 if ((input_length%DES_BLOCK_SIZE) != 0)
76 return(KRB5_BAD_MSIZE);
77 if (ivec && (ivec->length != 8))
78 return(KRB5_BAD_MSIZE);
80 *empty = (input_length == 0);
84 static krb5_error_code
85 k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
88 int ret, olen = MIT_DES_BLOCK_LENGTH;
89 unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH];
90 struct iov_block_state input_pos, output_pos;
91 EVP_CIPHER_CTX ciph_ctx;
94 ret = validate(key, ivec, data, num_data, &empty);
95 if (ret != 0 || empty)
98 IOV_BLOCK_STATE_INIT(&input_pos);
99 IOV_BLOCK_STATE_INIT(&output_pos);
101 EVP_CIPHER_CTX_init(&ciph_ctx);
103 ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL,
104 key->keyblock.contents,
105 (ivec) ? (unsigned char*)ivec->data : NULL);
107 return KRB5_CRYPTO_INTERNAL;
109 EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
113 if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH,
114 data, num_data, &input_pos))
117 ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen,
118 (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH);
122 krb5int_c_iov_put_block(data, num_data,
123 oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
127 memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH);
129 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
131 zap(iblock, sizeof(iblock));
132 zap(oblock, sizeof(oblock));
135 return KRB5_CRYPTO_INTERNAL;
139 static krb5_error_code
140 k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
143 int ret, olen = MIT_DES_BLOCK_LENGTH;
144 unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH];
145 struct iov_block_state input_pos, output_pos;
146 EVP_CIPHER_CTX ciph_ctx;
149 ret = validate(key, ivec, data, num_data, &empty);
150 if (ret != 0 || empty)
153 IOV_BLOCK_STATE_INIT(&input_pos);
154 IOV_BLOCK_STATE_INIT(&output_pos);
156 EVP_CIPHER_CTX_init(&ciph_ctx);
158 ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL,
159 key->keyblock.contents,
160 (ivec) ? (unsigned char*)ivec->data : NULL);
162 return KRB5_CRYPTO_INTERNAL;
164 EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
168 if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH,
169 data, num_data, &input_pos))
172 ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen,
173 (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH);
177 krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH,
182 memcpy(ivec->data, iblock, MIT_DES_BLOCK_LENGTH);
184 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
186 zap(iblock, sizeof(iblock));
187 zap(oblock, sizeof(oblock));
190 return KRB5_CRYPTO_INTERNAL;
194 const struct krb5_enc_provider krb5int_enc_des3 = {
196 KRB5_MIT_DES3_KEY_BYTES, KRB5_MIT_DES3_KEYSIZE,
200 krb5int_des3_make_key,
201 krb5int_des_init_state,
202 krb5int_default_free_state