diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-09-20 23:18:34 -0700 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-11-13 23:19:05 +1100 |
commit | 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094 (patch) | |
tree | 82c3416f2211df07d5fe1e58ee6639f09e465a60 /source4/heimdal/lib/hcrypto/evp-aes-cts.c | |
parent | 12205347163b55e79651921c6858c4d04e1faa51 (diff) | |
download | samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.tar.gz samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.tar.bz2 samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.zip |
s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
Diffstat (limited to 'source4/heimdal/lib/hcrypto/evp-aes-cts.c')
-rw-r--r-- | source4/heimdal/lib/hcrypto/evp-aes-cts.c | 273 |
1 files changed, 0 insertions, 273 deletions
diff --git a/source4/heimdal/lib/hcrypto/evp-aes-cts.c b/source4/heimdal/lib/hcrypto/evp-aes-cts.c deleted file mode 100644 index 66f87982c0..0000000000 --- a/source4/heimdal/lib/hcrypto/evp-aes-cts.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <config.h> - -#define HC_DEPRECATED - -#include <sys/types.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> - - -#include <krb5-types.h> - -#if defined(BUILD_KRB5_LIB) && defined(HAVE_OPENSSL) -#include <openssl/evp.h> -#include <openssl/aes.h> - -#define _hc_EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts -#define _hc_EVP_hcrypto_aes_192_cts _krb5_EVP_hcrypto_aes_192_cts -#define _hc_EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts - -const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void); -const EVP_CIPHER * _krb5_EVP_hcrypto_aes_192_cts(void); -const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void); - -#else -#include <evp.h> -#include <aes.h> - -#define _hc_EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts -#define _hc_EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts -#define _hc_EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts - -#endif - -/* - * - */ - -static int -aes_cts_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - AES_KEY *k = ctx->cipher_data; - if (ctx->encrypt) - AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); - else - AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); - return 1; -} - -static void -_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int encryptp) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - /* - * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. - */ - - if (encryptp) { - - while(len > AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ ivec[i]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - for (i = 0; i < len; i++) - tmp[i] = in[i] ^ ivec[i]; - for (; i < AES_BLOCK_SIZE; i++) - tmp[i] = 0 ^ ivec[i]; - - AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); - - memcpy(out, ivec, len); - memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - } else { - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - - while(len > AES_BLOCK_SIZE * 2) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - len -= AES_BLOCK_SIZE; - - memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ - AES_decrypt(in, tmp2, key); - - memcpy(tmp3, in + AES_BLOCK_SIZE, len); - memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ - - for (i = 0; i < len; i++) - out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; - - AES_decrypt(tmp3, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } -} - -static int -aes_cts_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int len) -{ - AES_KEY *k = ctx->cipher_data; - - if (len < AES_BLOCK_SIZE) - abort(); /* krb5_abortx(context, "invalid use of AES_CTS_encrypt"); */ - if (len == AES_BLOCK_SIZE) { - if (ctx->encrypt) - AES_encrypt(in, out, k); - else - AES_decrypt(in, out, k); - } else { - _krb5_aes_cts_encrypt(in, out, len, k, ctx->iv, ctx->encrypt); - } - - return 1; -} - - -static int -aes_cts_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(AES_KEY)); - return 1; -} - -/** - * The AES-128 cts cipher type (hcrypto) - * - * @return the AES-128 EVP_CIPHER pointer. - * - * @ingroup hcrypto_evp - */ - -const EVP_CIPHER * -_hc_EVP_hcrypto_aes_128_cts(void) -{ - static const EVP_CIPHER aes_128_cts = { - 0, - 1, - 16, - 16, - EVP_CIPH_CBC_MODE, - aes_cts_init, - aes_cts_do_cipher, - aes_cts_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - - return &aes_128_cts; -} - -/** - * The AES-192 cts cipher type (hcrypto) - * - * @return the AES-192 EVP_CIPHER pointer. - * - * @ingroup hcrypto_evp - */ - -const EVP_CIPHER * -_hc_EVP_hcrypto_aes_192_cts(void) -{ - static const EVP_CIPHER aes_192_cts = { - 0, - 1, - 24, - 16, - EVP_CIPH_CBC_MODE, - aes_cts_init, - aes_cts_do_cipher, - aes_cts_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - - return &aes_192_cts; -} - -/** - * The AES-256 cts cipher type (hcrypto) - * - * @return the AES-256 EVP_CIPHER pointer. - * - * @ingroup hcrypto_evp - */ - -const EVP_CIPHER * -_hc_EVP_hcrypto_aes_256_cts(void) -{ - static const EVP_CIPHER aes_256_cts = { - 0, - 1, - 32, - 16, - EVP_CIPH_CBC_MODE, - aes_cts_init, - aes_cts_do_cipher, - aes_cts_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - - return &aes_256_cts; -} |