1*0a6a1f1dSLionel Sambuc /* $NetBSD: crypto-evp.c,v 1.1.1.2 2014/04/24 12:45:49 pettai Exp $ */
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambuc /*
4ebfedea0SLionel Sambuc * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
5ebfedea0SLionel Sambuc * (Royal Institute of Technology, Stockholm, Sweden).
6ebfedea0SLionel Sambuc * All rights reserved.
7ebfedea0SLionel Sambuc *
8ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
9ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
10ebfedea0SLionel Sambuc * are met:
11ebfedea0SLionel Sambuc *
12ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
13ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
14ebfedea0SLionel Sambuc *
15ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
16ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
17ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
18ebfedea0SLionel Sambuc *
19ebfedea0SLionel Sambuc * 3. Neither the name of the Institute nor the names of its contributors
20ebfedea0SLionel Sambuc * may be used to endorse or promote products derived from this software
21ebfedea0SLionel Sambuc * without specific prior written permission.
22ebfedea0SLionel Sambuc *
23ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33ebfedea0SLionel Sambuc * SUCH DAMAGE.
34ebfedea0SLionel Sambuc */
35ebfedea0SLionel Sambuc
36ebfedea0SLionel Sambuc #include "krb5_locl.h"
37ebfedea0SLionel Sambuc
38ebfedea0SLionel Sambuc void
_krb5_evp_schedule(krb5_context context,struct _krb5_key_type * kt,struct _krb5_key_data * kd)39ebfedea0SLionel Sambuc _krb5_evp_schedule(krb5_context context,
40ebfedea0SLionel Sambuc struct _krb5_key_type *kt,
41ebfedea0SLionel Sambuc struct _krb5_key_data *kd)
42ebfedea0SLionel Sambuc {
43ebfedea0SLionel Sambuc struct _krb5_evp_schedule *key = kd->schedule->data;
44ebfedea0SLionel Sambuc const EVP_CIPHER *c = (*kt->evp)();
45ebfedea0SLionel Sambuc
46ebfedea0SLionel Sambuc EVP_CIPHER_CTX_init(&key->ectx);
47ebfedea0SLionel Sambuc EVP_CIPHER_CTX_init(&key->dctx);
48ebfedea0SLionel Sambuc
49ebfedea0SLionel Sambuc EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1);
50ebfedea0SLionel Sambuc EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0);
51ebfedea0SLionel Sambuc }
52ebfedea0SLionel Sambuc
53ebfedea0SLionel Sambuc void
_krb5_evp_cleanup(krb5_context context,struct _krb5_key_data * kd)54ebfedea0SLionel Sambuc _krb5_evp_cleanup(krb5_context context, struct _krb5_key_data *kd)
55ebfedea0SLionel Sambuc {
56ebfedea0SLionel Sambuc struct _krb5_evp_schedule *key = kd->schedule->data;
57ebfedea0SLionel Sambuc EVP_CIPHER_CTX_cleanup(&key->ectx);
58ebfedea0SLionel Sambuc EVP_CIPHER_CTX_cleanup(&key->dctx);
59ebfedea0SLionel Sambuc }
60ebfedea0SLionel Sambuc
61ebfedea0SLionel Sambuc krb5_error_code
_krb5_evp_encrypt(krb5_context context,struct _krb5_key_data * key,void * data,size_t len,krb5_boolean encryptp,int usage,void * ivec)62ebfedea0SLionel Sambuc _krb5_evp_encrypt(krb5_context context,
63ebfedea0SLionel Sambuc struct _krb5_key_data *key,
64ebfedea0SLionel Sambuc void *data,
65ebfedea0SLionel Sambuc size_t len,
66ebfedea0SLionel Sambuc krb5_boolean encryptp,
67ebfedea0SLionel Sambuc int usage,
68ebfedea0SLionel Sambuc void *ivec)
69ebfedea0SLionel Sambuc {
70ebfedea0SLionel Sambuc struct _krb5_evp_schedule *ctx = key->schedule->data;
71ebfedea0SLionel Sambuc EVP_CIPHER_CTX *c;
72ebfedea0SLionel Sambuc c = encryptp ? &ctx->ectx : &ctx->dctx;
73ebfedea0SLionel Sambuc if (ivec == NULL) {
74ebfedea0SLionel Sambuc /* alloca ? */
75ebfedea0SLionel Sambuc size_t len2 = EVP_CIPHER_CTX_iv_length(c);
76ebfedea0SLionel Sambuc void *loiv = malloc(len2);
77ebfedea0SLionel Sambuc if (loiv == NULL) {
78ebfedea0SLionel Sambuc krb5_clear_error_message(context);
79ebfedea0SLionel Sambuc return ENOMEM;
80ebfedea0SLionel Sambuc }
81ebfedea0SLionel Sambuc memset(loiv, 0, len2);
82ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);
83ebfedea0SLionel Sambuc free(loiv);
84ebfedea0SLionel Sambuc } else
85ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);
86ebfedea0SLionel Sambuc EVP_Cipher(c, data, data, len);
87ebfedea0SLionel Sambuc return 0;
88ebfedea0SLionel Sambuc }
89ebfedea0SLionel Sambuc
90ebfedea0SLionel Sambuc static const unsigned char zero_ivec[EVP_MAX_BLOCK_LENGTH] = { 0 };
91ebfedea0SLionel Sambuc
92ebfedea0SLionel Sambuc krb5_error_code
_krb5_evp_encrypt_cts(krb5_context context,struct _krb5_key_data * key,void * data,size_t len,krb5_boolean encryptp,int usage,void * ivec)93ebfedea0SLionel Sambuc _krb5_evp_encrypt_cts(krb5_context context,
94ebfedea0SLionel Sambuc struct _krb5_key_data *key,
95ebfedea0SLionel Sambuc void *data,
96ebfedea0SLionel Sambuc size_t len,
97ebfedea0SLionel Sambuc krb5_boolean encryptp,
98ebfedea0SLionel Sambuc int usage,
99ebfedea0SLionel Sambuc void *ivec)
100ebfedea0SLionel Sambuc {
101ebfedea0SLionel Sambuc size_t i, blocksize;
102ebfedea0SLionel Sambuc struct _krb5_evp_schedule *ctx = key->schedule->data;
103*0a6a1f1dSLionel Sambuc unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
104ebfedea0SLionel Sambuc EVP_CIPHER_CTX *c;
105ebfedea0SLionel Sambuc unsigned char *p;
106ebfedea0SLionel Sambuc
107ebfedea0SLionel Sambuc c = encryptp ? &ctx->ectx : &ctx->dctx;
108ebfedea0SLionel Sambuc
109ebfedea0SLionel Sambuc blocksize = EVP_CIPHER_CTX_block_size(c);
110ebfedea0SLionel Sambuc
111ebfedea0SLionel Sambuc if (len < blocksize) {
112ebfedea0SLionel Sambuc krb5_set_error_message(context, EINVAL,
113ebfedea0SLionel Sambuc "message block too short");
114ebfedea0SLionel Sambuc return EINVAL;
115ebfedea0SLionel Sambuc } else if (len == blocksize) {
116ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
117ebfedea0SLionel Sambuc EVP_Cipher(c, data, data, len);
118ebfedea0SLionel Sambuc return 0;
119ebfedea0SLionel Sambuc }
120ebfedea0SLionel Sambuc
121ebfedea0SLionel Sambuc if (ivec)
122ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);
123ebfedea0SLionel Sambuc else
124ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
125ebfedea0SLionel Sambuc
126ebfedea0SLionel Sambuc if (encryptp) {
127ebfedea0SLionel Sambuc
128ebfedea0SLionel Sambuc p = data;
129ebfedea0SLionel Sambuc i = ((len - 1) / blocksize) * blocksize;
130ebfedea0SLionel Sambuc EVP_Cipher(c, p, p, i);
131ebfedea0SLionel Sambuc p += i - blocksize;
132ebfedea0SLionel Sambuc len -= i;
133ebfedea0SLionel Sambuc memcpy(ivec2, p, blocksize);
134ebfedea0SLionel Sambuc
135ebfedea0SLionel Sambuc for (i = 0; i < len; i++)
136ebfedea0SLionel Sambuc tmp[i] = p[i + blocksize] ^ ivec2[i];
137ebfedea0SLionel Sambuc for (; i < blocksize; i++)
138ebfedea0SLionel Sambuc tmp[i] = 0 ^ ivec2[i];
139ebfedea0SLionel Sambuc
140ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
141ebfedea0SLionel Sambuc EVP_Cipher(c, p, tmp, blocksize);
142ebfedea0SLionel Sambuc
143ebfedea0SLionel Sambuc memcpy(p + blocksize, ivec2, len);
144ebfedea0SLionel Sambuc if (ivec)
145ebfedea0SLionel Sambuc memcpy(ivec, p, blocksize);
146ebfedea0SLionel Sambuc } else {
147*0a6a1f1dSLionel Sambuc unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH];
148ebfedea0SLionel Sambuc
149ebfedea0SLionel Sambuc p = data;
150ebfedea0SLionel Sambuc if (len > blocksize * 2) {
151ebfedea0SLionel Sambuc /* remove last two blocks and round up, decrypt this with cbc, then do cts dance */
152ebfedea0SLionel Sambuc i = ((((len - blocksize * 2) + blocksize - 1) / blocksize) * blocksize);
153ebfedea0SLionel Sambuc memcpy(ivec2, p + i - blocksize, blocksize);
154ebfedea0SLionel Sambuc EVP_Cipher(c, p, p, i);
155ebfedea0SLionel Sambuc p += i;
156ebfedea0SLionel Sambuc len -= i + blocksize;
157ebfedea0SLionel Sambuc } else {
158ebfedea0SLionel Sambuc if (ivec)
159ebfedea0SLionel Sambuc memcpy(ivec2, ivec, blocksize);
160ebfedea0SLionel Sambuc else
161ebfedea0SLionel Sambuc memcpy(ivec2, zero_ivec, blocksize);
162ebfedea0SLionel Sambuc len -= blocksize;
163ebfedea0SLionel Sambuc }
164ebfedea0SLionel Sambuc
165ebfedea0SLionel Sambuc memcpy(tmp, p, blocksize);
166ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
167ebfedea0SLionel Sambuc EVP_Cipher(c, tmp2, p, blocksize);
168ebfedea0SLionel Sambuc
169ebfedea0SLionel Sambuc memcpy(tmp3, p + blocksize, len);
170ebfedea0SLionel Sambuc memcpy(tmp3 + len, tmp2 + len, blocksize - len); /* xor 0 */
171ebfedea0SLionel Sambuc
172ebfedea0SLionel Sambuc for (i = 0; i < len; i++)
173ebfedea0SLionel Sambuc p[i + blocksize] = tmp2[i] ^ tmp3[i];
174ebfedea0SLionel Sambuc
175ebfedea0SLionel Sambuc EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);
176ebfedea0SLionel Sambuc EVP_Cipher(c, p, tmp3, blocksize);
177ebfedea0SLionel Sambuc
178ebfedea0SLionel Sambuc for (i = 0; i < blocksize; i++)
179ebfedea0SLionel Sambuc p[i] ^= ivec2[i];
180ebfedea0SLionel Sambuc if (ivec)
181ebfedea0SLionel Sambuc memcpy(ivec, tmp, blocksize);
182ebfedea0SLionel Sambuc }
183ebfedea0SLionel Sambuc return 0;
184ebfedea0SLionel Sambuc }
185