1 /* 2 * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * Copyright (C) 1998 by the FundsXpress, INC. 10 * 11 * All rights reserved. 12 * 13 * Export of this software from the United States of America may require 14 * a specific license from the United States Government. It is the 15 * responsibility of any person or organization contemplating export to 16 * obtain such a license before exporting. 17 * 18 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 19 * distribute this software and its documentation for any purpose and 20 * without fee is hereby granted, provided that the above copyright 21 * notice appear in all copies and that both that copyright notice and 22 * this permission notice appear in supporting documentation, and that 23 * the name of FundsXpress. not be used in advertising or publicity pertaining 24 * to distribution of the software without specific, written prior 25 * permission. FundsXpress makes no representations about the suitability of 26 * this software for any purpose. It is provided "as is" without express 27 * or implied warranty. 28 * 29 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 30 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 31 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 32 */ 33 34 #include <k5-int.h> 35 #include <old.h> 36 37 #ifndef HAVE_MEMMOVE 38 #ifdef HAVE_BCOPY 39 #define memmove(dst,src,size) bcopy(src,dst,size) 40 #endif 41 #endif 42 43 /*ARGSUSED*/ 44 krb5_error_code 45 krb5_old_decrypt(context, enc, hash, key, usage, ivec, input, arg_output) 46 krb5_context context; 47 krb5_const struct krb5_enc_provider *enc; 48 krb5_const struct krb5_hash_provider *hash; 49 krb5_const krb5_keyblock *key; 50 krb5_keyusage usage; 51 krb5_const krb5_data *ivec; 52 krb5_const krb5_data *input; 53 krb5_data *arg_output; 54 { 55 krb5_error_code ret; 56 size_t blocksize, hashsize, plainsize; 57 unsigned char *cn; 58 krb5_data output, cksum, crcivec; 59 int alloced; 60 unsigned char orig_cksum[128], new_cksum[128]; 61 62 (*(enc->block_size))(&blocksize); 63 (*(hash->hash_size))(&hashsize); 64 65 plainsize = input->length - blocksize - hashsize; 66 67 if (arg_output->length < plainsize) 68 return(KRB5_BAD_MSIZE); 69 70 if (arg_output->length < input->length) { 71 output.length = input->length; 72 73 if ((output.data = (char *) MALLOC(output.length)) == NULL) { 74 return(ENOMEM); 75 } 76 77 alloced = 1; 78 } else { 79 output.length = input->length; 80 81 output.data = arg_output->data; 82 83 alloced = 0; 84 } 85 86 /* decrypt it */ 87 88 /* save last ciphertext block in case we decrypt in place */ 89 if (ivec != NULL && ivec->length == blocksize) { 90 cn = MALLOC(blocksize); 91 if (cn == NULL) { 92 ret = ENOMEM; 93 goto cleanup; 94 } 95 (void) memcpy(cn, input->data + input->length - blocksize, blocksize); 96 } else 97 cn = NULL; 98 99 /* XXX this is gross, but I don't have much choice */ 100 if ((key->enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) { 101 crcivec.length = key->length; 102 crcivec.data = (char *) key->contents; 103 ivec = &crcivec; 104 } 105 106 if ((ret = ((*(enc->decrypt))(context, key, ivec, input, &output)))) 107 goto cleanup; 108 109 /* verify the checksum */ 110 111 (void) memcpy(orig_cksum, output.data+blocksize, hashsize); 112 (void) memset(output.data+blocksize, 0, hashsize); 113 114 cksum.length = hashsize; 115 cksum.data = (char *)new_cksum; 116 117 if ((ret = ((*(hash->hash))(context, 1, &output, &cksum)))) 118 goto cleanup; 119 120 if (memcmp(cksum.data, orig_cksum, cksum.length) != 0) { 121 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 122 goto cleanup; 123 } 124 125 /* copy the plaintext around */ 126 127 if (alloced) { 128 (void) memcpy(arg_output->data, output.data+blocksize+hashsize, 129 plainsize); 130 } else { 131 (void) memmove(arg_output->data, arg_output->data+blocksize+hashsize, 132 plainsize); 133 } 134 arg_output->length = plainsize; 135 136 /* update ivec */ 137 if (cn != NULL) 138 (void) memcpy(ivec->data, cn, blocksize); 139 140 ret = 0; 141 142 cleanup: 143 if (alloced) { 144 (void) memset(output.data, 0, output.length); 145 FREE(output.data, output.length); 146 } 147 148 if (cn != NULL) 149 FREE(cn, blocksize); 150 (void) memset(new_cksum, 0, hashsize); 151 152 return(ret); 153 } 154