Print this page
first pass

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/gss_mechs/mech_dh/backend/mech/crypto.c
          +++ new/usr/src/lib/gss_mechs/mech_dh/backend/mech/crypto.c
↓ open down ↓ 73 lines elided ↑ open up ↑
  74   74  cipher_pad(cipher_t c, unsigned int len)
  75   75  {
  76   76          unsigned int pad;
  77   77  
  78   78          pad = c ? c->pad : 1;
  79   79  
  80   80          return (((len + pad - 1)/pad)*pad);
  81   81  }
  82   82  
  83   83  
  84      -/* EXPORT DELETE START */
  85      -
  86   84  /*
  87   85   * Des [en/de]crypt buffer, buf of length, len for each key provided using
  88   86   * an CBC initialization vector ivec.
  89   87   * If the mode is encrypt we will use the following pattern if the number
  90   88   * of keys is odd
  91   89   * encrypt(buf, k[0]), decrypt(buf, k[1]), encrypt(buf, k[2])
  92   90   *      decrypt(buf, k[4]) ... encrypt(buf, k[keynum - 1])
  93   91   * If we have an even number of keys and additional encryption will be
  94   92   * done with the first key, i.e., ecrypt(buf, k[0]);
  95   93   * In each [en/de]cription above we will used the passed in CBC initialization
↓ open down ↓ 45 lines elided ↑ open up ↑
 141  139          if (keynum % 2 == 0)
 142  140                  stat = cbc_crypt(keys[0].c, buf, len, mode, ivec);
 143  141  
 144  142          /* If were decrypting ivec is set from first decryption */
 145  143          if (mode & DES_DECRYPT)
 146  144                  memcpy(ivec, dvec.c, sizeof (des_block));
 147  145  
 148  146          return (stat);
 149  147  }
 150  148  
 151      -/* EXPORT DELETE END */
 152  149  
 153      -
 154  150  /*
 155  151   * DesN crypt packaged for use as a cipher entry
 156  152   */
 157  153  static OM_uint32
 158  154  __dh_desN_crypt(gss_buffer_t buf, dh_key_set_t keys, cipher_mode_t cipher_mode)
 159  155  {
 160  156          int stat = DESERR_BADPARAM;
 161      -/* EXPORT DELETE START */
 162  157          int encrypt_flag = (cipher_mode == ENCIPHER);
 163  158          unsigned mode = (encrypt_flag ? DES_ENCRYPT : DES_DECRYPT) | DES_HW;
 164  159          des_block ivec;
 165  160  
 166  161          if (keys->dh_key_set_len < 1)
 167  162                  return (DH_BADARG_FAILURE);
 168  163  
 169  164          /*
 170  165           * We all ways start of with ivec set to zeros. There is no
 171  166           * good way to maintain ivecs since packets could be out of sequence
 172  167           * duplicated or worst of all lost. Under these conditions the
 173  168           * higher level protocol would have to some how resync the ivecs
 174  169           * on both sides and start again. Theres no mechanism for this in
 175  170           * GSS.
 176  171           */
 177  172          memset(&ivec, 0, sizeof (ivec));
 178  173  
 179  174          /* Do the encryption/decryption */
 180  175          stat = __desN_crypt(keys->dh_key_set_val, keys->dh_key_set_len,
 181  176                              (char *)buf->value, buf->length, mode, ivec.c);
 182      -/* EXPORT DELETE END */
 183  177  
 184  178          if (DES_FAILED(stat))
 185  179                  return (DH_CIPHER_FAILURE);
 186  180  
 187  181          return (DH_SUCCESS);
 188  182  }
 189  183  
 190  184  /*
 191  185   * Package up plain des cbc crypt for use as a cipher entry.
 192  186   */
 193  187  static OM_uint32
 194  188  __dh_des_crypt(gss_buffer_t buf, dh_key_set_t keys, cipher_mode_t cipher_mode)
 195  189  {
 196  190          int stat = DESERR_BADPARAM;
 197      -/* EXPORT DELETE START */
 198  191          int encrypt_flag = (cipher_mode == ENCIPHER);
 199  192          unsigned mode = (encrypt_flag ? DES_ENCRYPT : DES_DECRYPT) | DES_HW;
 200  193          des_block ivec;
 201  194  
 202  195          if (keys->dh_key_set_len < 1)
 203  196                  return (DH_BADARG_FAILURE);
 204  197  
 205  198          /*  Set the ivec to zeros and then cbc crypt the result */
 206  199          memset(&ivec, 0, sizeof (ivec));
 207  200          stat = cbc_crypt(keys->dh_key_set_val[0].c, (char *)buf->value,
 208  201                          buf->length, mode, ivec.c);
 209      -/* EXPORT DELETE END */
 210  202  
 211  203          if (DES_FAILED(stat))
 212  204                  return (DH_CIPHER_FAILURE);
 213  205  
 214  206          return (DH_SUCCESS);
 215  207  }
 216  208  
 217  209  /*
 218  210   * MD5_verifier: This is a verifier routine suitable for use in a
 219  211   * verifier entry. It calculates the MD5 check sum over an optional
↓ open down ↓ 363 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX