diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
| commit | 5ffa313d9f6b7c509aa0d7579273150d71ea0f95 (patch) | |
| tree | 48f8d5606c919dd09d950c5cbf1609f312f2937d /src/lib/crypto/builtin/enc_provider | |
| parent | ea6f77d42700352fcb2a06444d1dc00acf7c20fc (diff) | |
| download | krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.gz krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.xz krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.zip | |
Consolidate the IOV and non-IOV encryption/decryption code paths, and
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/builtin/enc_provider')
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/aes.c | 181 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/deps | 60 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/des.c | 83 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/des3.c | 76 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/rc4.c | 62 |
5 files changed, 90 insertions, 372 deletions
diff --git a/src/lib/crypto/builtin/enc_provider/aes.c b/src/lib/crypto/builtin/enc_provider/aes.c index 2a23f7ba0..d482724ca 100644 --- a/src/lib/crypto/builtin/enc_provider/aes.c +++ b/src/lib/crypto/builtin/enc_provider/aes.c @@ -73,134 +73,14 @@ xorblock(unsigned char *out, const unsigned char *in) } krb5_error_code -krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output) -{ - aes_ctx ctx; - unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; - int nblocks = 0, blockno; - const unsigned char *idata = (const unsigned char *) input->data; - unsigned char *odata = (unsigned char *) output->data; - -/* CHECK_SIZES; */ - - if (aes_enc_key(key->keyblock.contents, key->keyblock.length, - &ctx) != aes_good) - abort(); - - if (ivec) - memcpy(tmp, ivec->data, BLOCK_SIZE); - else - memset(tmp, 0, BLOCK_SIZE); - - nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - if (nblocks == 1) { - /* XXX Used for DK function. */ - enc(odata, idata, &ctx); - } else { - unsigned int nleft; - - for (blockno = 0; blockno < nblocks - 2; blockno++) { - xorblock(tmp, idata + blockno * BLOCK_SIZE); - enc(tmp2, tmp, &ctx); - memcpy(odata + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE); - - /* Set up for next block. */ - memcpy(tmp, tmp2, BLOCK_SIZE); - } - /* Do final CTS step for last two blocks (the second of which - may or may not be incomplete). */ - xorblock(tmp, idata + (nblocks - 2) * BLOCK_SIZE); - enc(tmp2, tmp, &ctx); - nleft = input->length - (nblocks - 1) * BLOCK_SIZE; - memcpy(odata + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft); - memcpy(tmp, tmp2, BLOCK_SIZE); - - memset(tmp3, 0, sizeof(tmp3)); - memcpy(tmp3, idata + (nblocks - 1) * BLOCK_SIZE, nleft); - xorblock(tmp, tmp3); - enc(tmp2, tmp, &ctx); - memcpy(odata + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE); - if (ivec) - memcpy(ivec->data, tmp2, BLOCK_SIZE); - } - - return 0; -} - -krb5_error_code -krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output) -{ - aes_ctx ctx; - unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; - int nblocks = 0, blockno; - const unsigned char *idata = (const unsigned char *) input->data; - unsigned char *odata = (unsigned char *) output->data; - - CHECK_SIZES; - - if (aes_dec_key(key->keyblock.contents, key->keyblock.length, - &ctx) != aes_good) - abort(); - - if (ivec) - memcpy(tmp, ivec->data, BLOCK_SIZE); - else - memset(tmp, 0, BLOCK_SIZE); - - nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - if (nblocks == 1) { - if (input->length < BLOCK_SIZE) - abort(); - dec(odata, idata, &ctx); - } else { - - for (blockno = 0; blockno < nblocks - 2; blockno++) { - dec(tmp2, idata + blockno * BLOCK_SIZE, &ctx); - xorblock(tmp2, tmp); - memcpy(odata + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE); - memcpy(tmp, idata + blockno * BLOCK_SIZE, BLOCK_SIZE); - } - /* Do last two blocks, the second of which (next-to-last block - of plaintext) may be incomplete. */ - dec(tmp2, idata + (nblocks - 2) * BLOCK_SIZE, &ctx); - /* Set tmp3 to last ciphertext block, padded. */ - memset(tmp3, 0, sizeof(tmp3)); - memcpy(tmp3, idata + (nblocks - 1) * BLOCK_SIZE, - input->length - (nblocks - 1) * BLOCK_SIZE); - /* Set tmp2 to last (possibly partial) plaintext block, and - save it. */ - xorblock(tmp2, tmp3); - memcpy(odata + (nblocks - 1) * BLOCK_SIZE, tmp2, - input->length - (nblocks - 1) * BLOCK_SIZE); - /* Maybe keep the trailing part, and copy in the last - ciphertext block. */ - memcpy(tmp2, tmp3, input->length - (nblocks - 1) * BLOCK_SIZE); - /* Decrypt, to get next to last plaintext block xor previous - ciphertext. */ - dec(tmp3, tmp2, &ctx); - xorblock(tmp3, tmp); - memcpy(odata + (nblocks - 2) * BLOCK_SIZE, tmp3, BLOCK_SIZE); - if (ivec) - memcpy(ivec->data, idata + (nblocks - 2) * BLOCK_SIZE, BLOCK_SIZE); - } - - return 0; -} - -static krb5_error_code -krb5int_aes_encrypt_iov(krb5_key key, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) { aes_ctx ctx; unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE]; int nblocks = 0, blockno; size_t input_length, i; + struct iov_block_state input_pos, output_pos; if (aes_enc_key(key->keyblock.contents, key->keyblock.length, &ctx) != aes_good) @@ -218,17 +98,17 @@ krb5int_aes_encrypt_iov(krb5_key key, input_length += iov->data.length; } - nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - assert(nblocks > 1); + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); - { + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos); + enc(tmp2, tmp, &ctx); + krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos); + } else if (nblocks > 1) { unsigned char blockN2[BLOCK_SIZE]; /* second last */ unsigned char blockN1[BLOCK_SIZE]; /* last block */ - struct iov_block_state input_pos, output_pos; - - IOV_BLOCK_STATE_INIT(&input_pos); - IOV_BLOCK_STATE_INIT(&output_pos); for (blockno = 0; blockno < nblocks - 2; blockno++) { unsigned char blockN[BLOCK_SIZE], *block; @@ -278,17 +158,16 @@ krb5int_aes_encrypt_iov(krb5_key key, return 0; } -static krb5_error_code -krb5int_aes_decrypt_iov(krb5_key key, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +krb5_error_code +krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) { aes_ctx ctx; unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; int nblocks = 0, blockno; unsigned int i; size_t input_length; + struct iov_block_state input_pos, output_pos; CHECK_SIZES; @@ -308,17 +187,17 @@ krb5int_aes_decrypt_iov(krb5_key key, input_length += iov->data.length; } - nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; - - assert(nblocks > 1); + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); - { + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos); + enc(tmp2, tmp, &ctx); + krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos); + } else if (nblocks > 1) { unsigned char blockN2[BLOCK_SIZE]; /* second last */ unsigned char blockN1[BLOCK_SIZE]; /* last block */ - struct iov_block_state input_pos, output_pos; - - IOV_BLOCK_STATE_INIT(&input_pos); - IOV_BLOCK_STATE_INIT(&output_pos); for (blockno = 0; blockno < nblocks - 2; blockno++) { unsigned char blockN[BLOCK_SIZE], *block; @@ -372,8 +251,8 @@ krb5int_aes_decrypt_iov(krb5_key key, } static krb5_error_code -krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage, - krb5_data *state) +aes_init_state(const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) { state->length = 16; state->data = malloc(16); @@ -389,10 +268,8 @@ const struct krb5_enc_provider krb5int_enc_aes128 = { krb5int_aes_encrypt, krb5int_aes_decrypt, krb5int_aes_make_key, - krb5int_aes_init_state, + aes_init_state, krb5int_default_free_state, - krb5int_aes_encrypt_iov, - krb5int_aes_decrypt_iov }; const struct krb5_enc_provider krb5int_enc_aes256 = { @@ -401,8 +278,6 @@ const struct krb5_enc_provider krb5int_enc_aes256 = { krb5int_aes_encrypt, krb5int_aes_decrypt, krb5int_aes_make_key, - krb5int_aes_init_state, - krb5int_default_free_state, - krb5int_aes_encrypt_iov, - krb5int_aes_decrypt_iov + aes_init_state, + krb5int_default_free_state }; diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps index ec82b80db..deeb86454 100644 --- a/src/lib/crypto/builtin/enc_provider/deps +++ b/src/lib/crypto/builtin/enc_provider/deps @@ -4,48 +4,52 @@ des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \ - $(srcdir)/../des/des_int.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des.c enc_provider.h + $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ + $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../des/des_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des.c enc_provider.h des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \ - $(srcdir)/../des/des_int.h $(top_srcdir)/include/k5-buf.h \ + $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ + $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../des/des_int.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des3.c +aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ + $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ + $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../aes/aes.h \ + $(srcdir)/../aes/uitypes.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h des3.c -aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(top_srcdir)/include/socket-utils.h aes.c enc_provider.h +rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \ - $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h $(top_srcdir)/include/k5-buf.h \ + $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \ + $(srcdir)/../../krb/rand2key/rand2key.h $(top_srcdir)/include/k5-buf.h \ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h aes.c enc_provider.h -rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \ - $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - enc_provider.h rc4.c + $(top_srcdir)/include/socket-utils.h enc_provider.h \ + rc4.c diff --git a/src/lib/crypto/builtin/enc_provider/des.c b/src/lib/crypto/builtin/enc_provider/des.c index e268a20f8..d63172778 100644 --- a/src/lib/crypto/builtin/enc_provider/des.c +++ b/src/lib/crypto/builtin/enc_provider/des.c @@ -33,65 +33,13 @@ static krb5_error_code -k5_des_docrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output, int enc) -{ - mit_des_key_schedule schedule; - - /* key->keyblock.enctype was checked by the caller */ - - if (key->keyblock.length != 8) - return(KRB5_BAD_KEYSIZE); - if ((input->length%8) != 0) - return(KRB5_BAD_MSIZE); - if (ivec && (ivec->length != 8)) - return(KRB5_BAD_MSIZE); - if (input->length != output->length) - return(KRB5_BAD_MSIZE); - - switch (mit_des_key_sched(key->keyblock.contents, schedule)) { - case -1: - return(KRB5DES_BAD_KEYPAR); - case -2: - return(KRB5DES_WEAK_KEY); - } - - /* this has a return value, but the code always returns zero */ - - mit_des_cbc_encrypt((krb5_pointer) input->data, - (krb5_pointer) output->data, input->length, - schedule, - (ivec - ? (const unsigned char *) ivec->data - : (const unsigned char *) mit_des_zeroblock), - enc); - - memset(schedule, 0, sizeof(schedule)); - - return(0); -} - -static krb5_error_code -k5_des_encrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output) -{ - return(k5_des_docrypt(key, ivec, input, output, 1)); -} - -static krb5_error_code -k5_des_decrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output) -{ - return(k5_des_docrypt(key, ivec, input, output, 0)); -} - -static krb5_error_code -k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec, - krb5_crypto_iov *data, size_t num_data, int enc) +k5_des_docrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data, int enc) { mit_des_key_schedule schedule; size_t input_length = 0; unsigned int i; + unsigned char *ivecbytes; /* key->keyblock.enctype was checked by the caller */ @@ -118,10 +66,11 @@ k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec, } /* this has a return value, but the code always returns zero */ + ivecbytes = ivec ? (unsigned char *) ivec->data : NULL; if (enc) - krb5int_des_cbc_encrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL); + krb5int_des_cbc_encrypt(data, num_data, schedule, ivecbytes); else - krb5int_des_cbc_decrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL); + krb5int_des_cbc_decrypt(data, num_data, schedule, ivecbytes); memset(schedule, 0, sizeof(schedule)); @@ -129,21 +78,17 @@ k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec, } static krb5_error_code -k5_des_encrypt_iov(krb5_key key, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) { - return k5_des_docrypt_iov(key, ivec, data, num_data, 1); + return k5_des_docrypt(key, ivec, data, num_data, 1); } static krb5_error_code -k5_des_decrypt_iov(krb5_key key, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) { - return k5_des_docrypt_iov(key, ivec, data, num_data, 0); + return k5_des_docrypt(key, ivec, data, num_data, 0); } const struct krb5_enc_provider krb5int_enc_des = { @@ -153,7 +98,5 @@ const struct krb5_enc_provider krb5int_enc_des = { k5_des_decrypt, krb5int_des_make_key, krb5int_des_init_state, - krb5int_default_free_state, - k5_des_encrypt_iov, - k5_des_decrypt_iov + krb5int_default_free_state }; diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c index c4ea3b20f..e41773b82 100644 --- a/src/lib/crypto/builtin/enc_provider/des3.c +++ b/src/lib/crypto/builtin/enc_provider/des3.c @@ -88,54 +88,8 @@ validate_and_schedule_iov(krb5_key key, const krb5_data *ivec, } static krb5_error_code -k5_des3_encrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output) -{ - mit_des3_key_schedule schedule; - krb5_error_code err; - - err = validate_and_schedule(key, ivec, input, output, &schedule); - if (err) - return err; - - /* this has a return value, but the code always returns zero */ - krb5int_des3_cbc_encrypt((krb5_pointer) input->data, - (krb5_pointer) output->data, input->length, - schedule[0], schedule[1], schedule[2], - ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock); - - zap(schedule, sizeof(schedule)); - - return(0); -} - -static krb5_error_code -k5_des3_decrypt(krb5_key key, const krb5_data *ivec, - const krb5_data *input, krb5_data *output) -{ - mit_des3_key_schedule schedule; - krb5_error_code err; - - err = validate_and_schedule(key, ivec, input, output, &schedule); - if (err) - return err; - - /* this has a return value, but the code always returns zero */ - krb5int_des3_cbc_decrypt((krb5_pointer) input->data, - (krb5_pointer) output->data, input->length, - schedule[0], schedule[1], schedule[2], - ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock); - - zap(schedule, sizeof(schedule)); - - return(0); -} - -static krb5_error_code -k5_des3_encrypt_iov(krb5_key key, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) { mit_des3_key_schedule schedule; krb5_error_code err; @@ -145,9 +99,10 @@ k5_des3_encrypt_iov(krb5_key key, return err; /* this has a return value, but the code always returns zero */ - krb5int_des3_cbc_encrypt_iov(data, num_data, - schedule[0], schedule[1], schedule[2], - ivec != NULL ? (unsigned char *) ivec->data : NULL); + krb5int_des3_cbc_encrypt(data, num_data, + schedule[0], schedule[1], schedule[2], + ivec != NULL ? (unsigned char *) ivec->data : + NULL); zap(schedule, sizeof(schedule)); @@ -155,10 +110,8 @@ k5_des3_encrypt_iov(krb5_key key, } static krb5_error_code -k5_des3_decrypt_iov(krb5_key key, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) { mit_des3_key_schedule schedule; krb5_error_code err; @@ -168,13 +121,14 @@ k5_des3_decrypt_iov(krb5_key key, return err; /* this has a return value, but the code always returns zero */ - krb5int_des3_cbc_decrypt_iov(data, num_data, - schedule[0], schedule[1], schedule[2], - ivec != NULL ? (unsigned char *) ivec->data : NULL); + krb5int_des3_cbc_decrypt(data, num_data, + schedule[0], schedule[1], schedule[2], + ivec != NULL ? (unsigned char *) ivec->data : + NULL); zap(schedule, sizeof(schedule)); - return(0); + return 0; } const struct krb5_enc_provider krb5int_enc_des3 = { @@ -184,7 +138,5 @@ const struct krb5_enc_provider krb5int_enc_des3 = { k5_des3_decrypt, krb5int_des3_make_key, krb5int_des_init_state, - krb5int_default_free_state, - k5_des3_encrypt_iov, - k5_des3_decrypt_iov + krb5int_default_free_state }; diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c index ae4a004a1..d024e4a96 100644 --- a/src/lib/crypto/builtin/enc_provider/rc4.c +++ b/src/lib/crypto/builtin/enc_provider/rc4.c @@ -39,11 +39,6 @@ static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, const unsigned char *src, unsigned int len); -/* Interface layer to kerb5 crypto layer */ -static krb5_error_code -k5_arcfour_docrypt(krb5_key, const krb5_data *, - const krb5_data *, krb5_data *); - static const unsigned char arcfour_weakkey1[] = {0x00, 0x00, 0xfd}; static const unsigned char arcfour_weakkey2[] = {0x03, 0xfd, 0xfc}; static const struct { @@ -123,58 +118,9 @@ k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, } -/* The workhorse of the arcfour system, this impliments the cipher */ -static krb5_error_code -k5_arcfour_docrypt(krb5_key key, const krb5_data *state, - const krb5_data *input, krb5_data *output) -{ - ArcfourContext *arcfour_ctx; - ArcFourCipherState *cipher_state; - int ret; - - if (key->keyblock.length != 16) - return(KRB5_BAD_KEYSIZE); - if (state && (state->length != sizeof (ArcFourCipherState))) - return(KRB5_BAD_MSIZE); - if (input->length != output->length) - return(KRB5_BAD_MSIZE); - - if (state) { - cipher_state = (ArcFourCipherState *) state->data; - arcfour_ctx=&cipher_state->ctx; - if (cipher_state->initialized == 0) { - if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents, - key->keyblock.length))) { - return ret; - } - cipher_state->initialized = 1; - } - k5_arcfour_crypt(arcfour_ctx, (unsigned char *) output->data, (const unsigned char *) input->data, input->length); - } - else { - arcfour_ctx=malloc(sizeof (ArcfourContext)); - if (arcfour_ctx == NULL) - return ENOMEM; - if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents, - key->keyblock.length))) { - free(arcfour_ctx); - return (ret); - } - k5_arcfour_crypt(arcfour_ctx, (unsigned char * ) output->data, - (const unsigned char * ) input->data, input->length); - memset(arcfour_ctx, 0, sizeof (ArcfourContext)); - free(arcfour_ctx); - } - - return 0; -} - -/* In-place encryption */ static krb5_error_code -k5_arcfour_docrypt_iov(krb5_key key, - const krb5_data *state, - krb5_crypto_iov *data, - size_t num_data) +k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + size_t num_data) { ArcfourContext *arcfour_ctx = NULL; ArcFourCipherState *cipher_state = NULL; @@ -262,7 +208,5 @@ const struct krb5_enc_provider krb5int_enc_arcfour = { k5_arcfour_docrypt, krb5int_arcfour_make_key, k5_arcfour_init_state, /*xxx not implemented yet*/ - krb5int_default_free_state, - k5_arcfour_docrypt_iov, - k5_arcfour_docrypt_iov + krb5int_default_free_state }; |