2003-07-17 Ken Raeburn <raeburn@mit.edu>
+ * f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): New
+ functions broken out from mit_des_cbc_encrypt.
+ (mit_des_cbc_encrypt): Call them.
+ * d3_cbc.c (krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt):
+ New functions broken out from mit_des3_cbc_encrypt.
+ (mit_des3_cbc_encrypt): Call them.
+ * des_int.h (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt,
+ krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): Declare.
+ (mit_des_cbc_encrypt, mit_des3_cbc_encrypt): New macros.
+
* Makefile.in (LIBNAME) [##WIN16##]: Don't define.
2003-03-06 Alexandra Ellwood <lxs@mit.edu>
* Triple-DES CBC encryption mode.
*/
+#undef mit_des3_cbc_encrypt
int
mit_des3_cbc_encrypt(in, out, length, ks1, ks2, ks3, ivec, enc)
const mit_des_cblock *in;
const mit_des_key_schedule ks1, ks2, ks3;
const mit_des_cblock ivec;
int enc;
+{
+ if (enc)
+ krb5int_des3_cbc_encrypt(in, out, length, ks1, ks2, ks3, ivec);
+ else
+ krb5int_des3_cbc_decrypt(in, out, length, ks1, ks2, ks3, ivec);
+ return 0;
+}
+
+void
+krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule ks1,
+ const mit_des_key_schedule ks2,
+ const mit_des_key_schedule ks3,
+ const mit_des_cblock ivec)
{
register unsigned DES_INT32 left, right;
register unsigned DES_INT32 temp;
kp3 = (const unsigned DES_INT32 *)ks3;
/*
- * Deal with encryption and decryption separately.
+ * Initialize left and right with the contents of the initial
+ * vector.
*/
- if (enc) {
- /*
- * Initialize left and right with the contents of the initial
- * vector.
- */
- ip = ivec;
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
+ ip = ivec;
+ GET_HALF_BLOCK(left, ip);
+ GET_HALF_BLOCK(right, ip);
+ /*
+ * Suitably initialized, now work the length down 8 bytes
+ * at a time.
+ */
+ ip = *in;
+ op = *out;
+ while (length > 0) {
/*
- * Suitably initialized, now work the length down 8 bytes
- * at a time.
+ * Get more input, xor it in. If the length is
+ * greater than or equal to 8 this is straight
+ * forward. Otherwise we have to fart around.
*/
- ip = *in;
- op = *out;
- while (length > 0) {
+ if (length >= 8) {
+ left ^= ((*ip++) & FF_UINT32) << 24;
+ left ^= ((*ip++) & FF_UINT32) << 16;
+ left ^= ((*ip++) & FF_UINT32) << 8;
+ left ^= (*ip++) & FF_UINT32;
+ right ^= ((*ip++) & FF_UINT32) << 24;
+ right ^= ((*ip++) & FF_UINT32) << 16;
+ right ^= ((*ip++) & FF_UINT32) << 8;
+ right ^= (*ip++) & FF_UINT32;
+ length -= 8;
+ } else {
/*
- * Get more input, xor it in. If the length is
- * greater than or equal to 8 this is straight
- * forward. Otherwise we have to fart around.
+ * Oh, shoot. We need to pad the
+ * end with zeroes. Work backwards
+ * to do this.
*/
- if (length >= 8) {
- left ^= ((*ip++) & FF_UINT32) << 24;
- left ^= ((*ip++) & FF_UINT32) << 16;
- left ^= ((*ip++) & FF_UINT32) << 8;
- left ^= (*ip++) & FF_UINT32;
- right ^= ((*ip++) & FF_UINT32) << 24;
- right ^= ((*ip++) & FF_UINT32) << 16;
- right ^= ((*ip++) & FF_UINT32) << 8;
- right ^= (*ip++) & FF_UINT32;
- length -= 8;
- } else {
- /*
- * Oh, shoot. We need to pad the
- * end with zeroes. Work backwards
- * to do this.
- */
- ip += (int) length;
- switch(length) {
- case 7: right ^= (*(--ip) & FF_UINT32) << 8;
- case 6: right ^= (*(--ip) & FF_UINT32) << 16;
- case 5: right ^= (*(--ip) & FF_UINT32) << 24;
- case 4: left ^= *(--ip) & FF_UINT32;
- case 3: left ^= (*(--ip) & FF_UINT32) << 8;
- case 2: left ^= (*(--ip) & FF_UINT32) << 16;
- case 1: left ^= (*(--ip) & FF_UINT32) << 24;
-
- }
- length = 0;
+ ip += (int) length;
+ switch(length) {
+ case 7: right ^= (*(--ip) & FF_UINT32) << 8;
+ case 6: right ^= (*(--ip) & FF_UINT32) << 16;
+ case 5: right ^= (*(--ip) & FF_UINT32) << 24;
+ case 4: left ^= *(--ip) & FF_UINT32;
+ case 3: left ^= (*(--ip) & FF_UINT32) << 8;
+ case 2: left ^= (*(--ip) & FF_UINT32) << 16;
+ case 1: left ^= (*(--ip) & FF_UINT32) << 24;
+
}
+ length = 0;
+ }
- /*
- * Encrypt what we have
- */
- DES_DO_ENCRYPT(left, right, temp, kp1);
- DES_DO_DECRYPT(left, right, temp, kp2);
- DES_DO_ENCRYPT(left, right, temp, kp3);
+ /*
+ * Encrypt what we have
+ */
+ DES_DO_ENCRYPT(left, right, temp, kp1);
+ DES_DO_DECRYPT(left, right, temp, kp2);
+ DES_DO_ENCRYPT(left, right, temp, kp3);
- /*
- * Copy the results out
- */
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
- }
- } else {
/*
- * Decrypting is harder than encrypting because of
- * the necessity of remembering a lot more things.
- * Should think about this a little more...
+ * Copy the results out
*/
- unsigned DES_INT32 ocipherl, ocipherr;
- unsigned DES_INT32 cipherl, cipherr;
+ PUT_HALF_BLOCK(left, op);
+ PUT_HALF_BLOCK(right, op);
+ }
+}
+
+void
+krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule ks1,
+ const mit_des_key_schedule ks2,
+ const mit_des_key_schedule ks3,
+ const mit_des_cblock ivec)
+{
+ register unsigned DES_INT32 left, right;
+ register unsigned DES_INT32 temp;
+ const unsigned DES_INT32 *kp1, *kp2, *kp3;
+ const unsigned char *ip;
+ unsigned char *op;
- if (length <= 0)
- return 0;
+ /*
+ * Get key pointer here. This won't need to be reinitialized
+ */
+ kp1 = (const unsigned DES_INT32 *)ks1;
+ kp2 = (const unsigned DES_INT32 *)ks2;
+ kp3 = (const unsigned DES_INT32 *)ks3;
+ /*
+ * Decrypting is harder than encrypting because of
+ * the necessity of remembering a lot more things.
+ * Should think about this a little more...
+ */
+ unsigned DES_INT32 ocipherl, ocipherr;
+ unsigned DES_INT32 cipherl, cipherr;
+
+ if (length <= 0)
+ return;
+
+ /*
+ * Prime the old cipher with ivec.
+ */
+ ip = ivec;
+ GET_HALF_BLOCK(ocipherl, ip);
+ GET_HALF_BLOCK(ocipherr, ip);
+
+ /*
+ * Now do this in earnest until we run out of length.
+ */
+ ip = *in;
+ op = *out;
+ for (;;) { /* check done inside loop */
/*
- * Prime the old cipher with ivec.
+ * Read a block from the input into left and
+ * right. Save this cipher block for later.
*/
- ip = ivec;
- GET_HALF_BLOCK(ocipherl, ip);
- GET_HALF_BLOCK(ocipherr, ip);
+ GET_HALF_BLOCK(left, ip);
+ GET_HALF_BLOCK(right, ip);
+ cipherl = left;
+ cipherr = right;
/*
- * Now do this in earnest until we run out of length.
+ * Decrypt this.
*/
- ip = *in;
- op = *out;
- for (;;) { /* check done inside loop */
- /*
- * Read a block from the input into left and
- * right. Save this cipher block for later.
- */
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
- cipherl = left;
- cipherr = right;
+ DES_DO_DECRYPT(left, right, temp, kp3);
+ DES_DO_ENCRYPT(left, right, temp, kp2);
+ DES_DO_DECRYPT(left, right, temp, kp1);
+ /*
+ * Xor with the old cipher to get plain
+ * text. Output 8 or less bytes of this.
+ */
+ left ^= ocipherl;
+ right ^= ocipherr;
+ if (length > 8) {
+ length -= 8;
+ PUT_HALF_BLOCK(left, op);
+ PUT_HALF_BLOCK(right, op);
/*
- * Decrypt this.
+ * Save current cipher block here
*/
- DES_DO_DECRYPT(left, right, temp, kp3);
- DES_DO_ENCRYPT(left, right, temp, kp2);
- DES_DO_DECRYPT(left, right, temp, kp1);
-
+ ocipherl = cipherl;
+ ocipherr = cipherr;
+ } else {
/*
- * Xor with the old cipher to get plain
- * text. Output 8 or less bytes of this.
+ * Trouble here. Start at end of output,
+ * work backwards.
*/
- left ^= ocipherl;
- right ^= ocipherr;
- if (length > 8) {
- length -= 8;
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
- /*
- * Save current cipher block here
- */
- ocipherl = cipherl;
- ocipherr = cipherr;
- } else {
- /*
- * Trouble here. Start at end of output,
- * work backwards.
- */
- op += (int) length;
- switch(length) {
- case 8: *(--op) = (unsigned char) (right & 0xff);
- case 7: *(--op) = (unsigned char) ((right >> 8) & 0xff);
- case 6: *(--op) = (unsigned char) ((right >> 16) & 0xff);
- case 5: *(--op) = (unsigned char) ((right >> 24) & 0xff);
- case 4: *(--op) = (unsigned char) (left & 0xff);
- case 3: *(--op) = (unsigned char) ((left >> 8) & 0xff);
- case 2: *(--op) = (unsigned char) ((left >> 16) & 0xff);
- case 1: *(--op) = (unsigned char) ((left >> 24) & 0xff);
- }
- break; /* we're done */
+ op += (int) length;
+ switch(length) {
+ case 8: *(--op) = (unsigned char) (right & 0xff);
+ case 7: *(--op) = (unsigned char) ((right >> 8) & 0xff);
+ case 6: *(--op) = (unsigned char) ((right >> 16) & 0xff);
+ case 5: *(--op) = (unsigned char) ((right >> 24) & 0xff);
+ case 4: *(--op) = (unsigned char) (left & 0xff);
+ case 3: *(--op) = (unsigned char) ((left >> 8) & 0xff);
+ case 2: *(--op) = (unsigned char) ((left >> 16) & 0xff);
+ case 1: *(--op) = (unsigned char) ((left >> 24) & 0xff);
}
+ break; /* we're done */
}
}
-
- /*
- * Done, return nothing.
- */
- return 0;
}
const mit_des_cblock ivec,
int enc);
+void
+krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule ks1,
+ const mit_des_key_schedule ks2,
+ const mit_des_key_schedule ks3,
+ const mit_des_cblock ivec);
+void
+krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule ks1,
+ const mit_des_key_schedule ks2,
+ const mit_des_key_schedule ks3,
+ const mit_des_cblock ivec);
+
+
+#define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc) \
+ ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt) \
+ (in, out, length, ks1, ks2, ks3, ivec), 0)
+
+void
+krb5int_des_cbc_encrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule schedule,
+ const mit_des_cblock ivec);
+void
+krb5int_des_cbc_decrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule schedule,
+ const mit_des_cblock ivec);
+
+#define mit_des_cbc_encrypt(in,out,length,schedule,ivec,enc) \
+ ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt) \
+ (in, out, length, schedule, ivec), 0)
+
+
/* d3_procky.c */
extern krb5_error_code mit_des3_process_key
(krb5_encrypt_block * eblock,
* cleartext.
*/
+#undef mit_des_cbc_encrypt
int
mit_des_cbc_encrypt(in, out, length, schedule, ivec, enc)
const mit_des_cblock *in;
const mit_des_key_schedule schedule;
const mit_des_cblock ivec;
int enc;
+{
+ /*
+ * Deal with encryption and decryption separately.
+ */
+ if (enc)
+ krb5int_des_cbc_encrypt(in, out, length, schedule, ivec);
+ else
+ krb5int_des_cbc_decrypt(in, out, length, schedule, ivec);
+ return 0;
+}
+
+void
+krb5int_des_cbc_encrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule schedule,
+ const mit_des_cblock ivec)
{
register unsigned DES_INT32 left, right;
register unsigned DES_INT32 temp;
kp = (const unsigned DES_INT32 *)schedule;
/*
- * Deal with encryption and decryption separately.
+ * Initialize left and right with the contents of the initial
+ * vector.
*/
- if (enc) {
- /*
- * Initialize left and right with the contents of the initial
- * vector.
- */
- ip = ivec;
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
+ ip = ivec;
+ GET_HALF_BLOCK(left, ip);
+ GET_HALF_BLOCK(right, ip);
+ /*
+ * Suitably initialized, now work the length down 8 bytes
+ * at a time.
+ */
+ ip = *in;
+ op = *out;
+ while (length > 0) {
/*
- * Suitably initialized, now work the length down 8 bytes
- * at a time.
+ * Get more input, xor it in. If the length is
+ * greater than or equal to 8 this is straight
+ * forward. Otherwise we have to fart around.
*/
- ip = *in;
- op = *out;
- while (length > 0) {
+ if (length >= 8) {
+ left ^= ((*ip++) & FF_UINT32) << 24;
+ left ^= ((*ip++) & FF_UINT32) << 16;
+ left ^= ((*ip++) & FF_UINT32) << 8;
+ left ^= (*ip++) & FF_UINT32;
+ right ^= ((*ip++) & FF_UINT32) << 24;
+ right ^= ((*ip++) & FF_UINT32) << 16;
+ right ^= ((*ip++) & FF_UINT32) << 8;
+ right ^= (*ip++) & FF_UINT32;
+ length -= 8;
+ } else {
/*
- * Get more input, xor it in. If the length is
- * greater than or equal to 8 this is straight
- * forward. Otherwise we have to fart around.
+ * Oh, shoot. We need to pad the
+ * end with zeroes. Work backwards
+ * to do this.
*/
- if (length >= 8) {
- left ^= ((*ip++) & FF_UINT32) << 24;
- left ^= ((*ip++) & FF_UINT32) << 16;
- left ^= ((*ip++) & FF_UINT32) << 8;
- left ^= (*ip++) & FF_UINT32;
- right ^= ((*ip++) & FF_UINT32) << 24;
- right ^= ((*ip++) & FF_UINT32) << 16;
- right ^= ((*ip++) & FF_UINT32) << 8;
- right ^= (*ip++) & FF_UINT32;
- length -= 8;
- } else {
- /*
- * Oh, shoot. We need to pad the
- * end with zeroes. Work backwards
- * to do this.
- */
- ip += (int) length;
- switch(length) {
- case 7:
- right ^= (*(--ip) & FF_UINT32) << 8;
- case 6:
- right ^= (*(--ip) & FF_UINT32) << 16;
- case 5:
- right ^= (*(--ip) & FF_UINT32) << 24;
- case 4:
- left ^= *(--ip) & FF_UINT32;
- case 3:
- left ^= (*(--ip) & FF_UINT32) << 8;
- case 2:
- left ^= (*(--ip) & FF_UINT32) << 16;
- case 1:
- left ^= (*(--ip) & FF_UINT32) << 24;
- break;
- }
- length = 0;
+ ip += (int) length;
+ switch(length) {
+ case 7:
+ right ^= (*(--ip) & FF_UINT32) << 8;
+ case 6:
+ right ^= (*(--ip) & FF_UINT32) << 16;
+ case 5:
+ right ^= (*(--ip) & FF_UINT32) << 24;
+ case 4:
+ left ^= *(--ip) & FF_UINT32;
+ case 3:
+ left ^= (*(--ip) & FF_UINT32) << 8;
+ case 2:
+ left ^= (*(--ip) & FF_UINT32) << 16;
+ case 1:
+ left ^= (*(--ip) & FF_UINT32) << 24;
+ break;
}
+ length = 0;
+ }
- /*
- * Encrypt what we have
- */
- DES_DO_ENCRYPT(left, right, temp, kp);
+ /*
+ * Encrypt what we have
+ */
+ DES_DO_ENCRYPT(left, right, temp, kp);
- /*
- * Copy the results out
- */
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
- }
- } else {
/*
- * Decrypting is harder than encrypting because of
- * the necessity of remembering a lot more things.
- * Should think about this a little more...
+ * Copy the results out
*/
- unsigned DES_INT32 ocipherl, ocipherr;
- unsigned DES_INT32 cipherl, cipherr;
+ PUT_HALF_BLOCK(left, op);
+ PUT_HALF_BLOCK(right, op);
+ }
+}
- if (length <= 0)
- return 0;
+void
+krb5int_des_cbc_decrypt(const mit_des_cblock *in,
+ mit_des_cblock *out,
+ unsigned long length,
+ const mit_des_key_schedule schedule,
+ const mit_des_cblock ivec)
+{
+ register unsigned DES_INT32 left, right;
+ register unsigned DES_INT32 temp;
+ const unsigned DES_INT32 *kp;
+ const unsigned char *ip;
+ unsigned char *op;
+ /*
+ * Get key pointer here. This won't need to be reinitialized
+ */
+ kp = (const unsigned DES_INT32 *)schedule;
+
+ /*
+ * Decrypting is harder than encrypting because of
+ * the necessity of remembering a lot more things.
+ * Should think about this a little more...
+ */
+ unsigned DES_INT32 ocipherl, ocipherr;
+ unsigned DES_INT32 cipherl, cipherr;
+
+ if (length <= 0)
+ return;
+
+ /*
+ * Prime the old cipher with ivec.
+ */
+ ip = ivec;
+ GET_HALF_BLOCK(ocipherl, ip);
+ GET_HALF_BLOCK(ocipherr, ip);
+
+ /*
+ * Now do this in earnest until we run out of length.
+ */
+ ip = *in;
+ op = *out;
+ for (;;) { /* check done inside loop */
/*
- * Prime the old cipher with ivec.
+ * Read a block from the input into left and
+ * right. Save this cipher block for later.
*/
- ip = ivec;
- GET_HALF_BLOCK(ocipherl, ip);
- GET_HALF_BLOCK(ocipherr, ip);
+ GET_HALF_BLOCK(left, ip);
+ GET_HALF_BLOCK(right, ip);
+ cipherl = left;
+ cipherr = right;
/*
- * Now do this in earnest until we run out of length.
+ * Decrypt this.
*/
- ip = *in;
- op = *out;
- for (;;) { /* check done inside loop */
- /*
- * Read a block from the input into left and
- * right. Save this cipher block for later.
- */
- GET_HALF_BLOCK(left, ip);
- GET_HALF_BLOCK(right, ip);
- cipherl = left;
- cipherr = right;
+ DES_DO_DECRYPT(left, right, temp, kp);
+ /*
+ * Xor with the old cipher to get plain
+ * text. Output 8 or less bytes of this.
+ */
+ left ^= ocipherl;
+ right ^= ocipherr;
+ if (length > 8) {
+ length -= 8;
+ PUT_HALF_BLOCK(left, op);
+ PUT_HALF_BLOCK(right, op);
/*
- * Decrypt this.
+ * Save current cipher block here
*/
- DES_DO_DECRYPT(left, right, temp, kp);
-
+ ocipherl = cipherl;
+ ocipherr = cipherr;
+ } else {
/*
- * Xor with the old cipher to get plain
- * text. Output 8 or less bytes of this.
+ * Trouble here. Start at end of output,
+ * work backwards.
*/
- left ^= ocipherl;
- right ^= ocipherr;
- if (length > 8) {
- length -= 8;
- PUT_HALF_BLOCK(left, op);
- PUT_HALF_BLOCK(right, op);
- /*
- * Save current cipher block here
- */
- ocipherl = cipherl;
- ocipherr = cipherr;
- } else {
- /*
- * Trouble here. Start at end of output,
- * work backwards.
- */
- op += (int) length;
- switch(length) {
- case 8:
- *(--op) = (unsigned char) (right & 0xff);
- case 7:
- *(--op) = (unsigned char) ((right >> 8) & 0xff);
- case 6:
- *(--op) = (unsigned char) ((right >> 16) & 0xff);
- case 5:
- *(--op) = (unsigned char) ((right >> 24) & 0xff);
- case 4:
- *(--op) = (unsigned char) (left & 0xff);
- case 3:
- *(--op) = (unsigned char) ((left >> 8) & 0xff);
- case 2:
- *(--op) = (unsigned char) ((left >> 16) & 0xff);
- case 1:
- *(--op) = (unsigned char) ((left >> 24) & 0xff);
- break;
- }
- break; /* we're done */
+ op += (int) length;
+ switch(length) {
+ case 8:
+ *(--op) = (unsigned char) (right & 0xff);
+ case 7:
+ *(--op) = (unsigned char) ((right >> 8) & 0xff);
+ case 6:
+ *(--op) = (unsigned char) ((right >> 16) & 0xff);
+ case 5:
+ *(--op) = (unsigned char) ((right >> 24) & 0xff);
+ case 4:
+ *(--op) = (unsigned char) (left & 0xff);
+ case 3:
+ *(--op) = (unsigned char) ((left >> 8) & 0xff);
+ case 2:
+ *(--op) = (unsigned char) ((left >> 16) & 0xff);
+ case 1:
+ *(--op) = (unsigned char) ((left >> 24) & 0xff);
+ break;
}
+ break; /* we're done */
}
}
-
- /*
- * Done, return nothing.
- */
- return 0;
}
projects / krb5.git / commitdiff