dk_encrypt.c revision 159d09a20817016f09b3ea28d1bdada4a336bb91
6267N/A * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 6267N/A * Use is subject to license terms. 6267N/A * Copyright (C) 1998 by the FundsXpress, INC. 6267N/A * Export of this software from the United States of America may require 6267N/A * a specific license from the United States Government. It is the 6267N/A * responsibility of any person or organization contemplating export to 6267N/A * obtain such a license before exporting. 6267N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 6267N/A * distribute this software and its documentation for any purpose and 6267N/A * without fee is hereby granted, provided that the above copyright 6267N/A * notice appear in all copies and that both that copyright notice and 6267N/A * this permission notice appear in supporting documentation, and that 6267N/A * the name of FundsXpress. not be used in advertising or publicity pertaining 6267N/A * to distribution of the software without specific, written prior 6267N/A * permission. FundsXpress makes no representations about the suitability of 6267N/A * this software for any purpose. It is provided "as is" without express 6267N/A * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 6267N/A * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 6267N/A * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 6267N/A/* the spec says that the confounder size and padding are specific to 6267N/A the encryption algorithm. This code (dk_encrypt_length and 6267N/A dk_encrypt) assume the confounder is always the blocksize, and the 6267N/A padding is always zero bytes up to the blocksize. If these 6267N/A assumptions ever fails, the keytype table should be extended to 6267N/A include these bits of info. */ 6267N/A * Derive the encryption and hmac keys. 6267N/A * This routine is optimized to fetch the DK 6267N/A * from the original key's DK list. /* put together the plaintext */ /* encrypt the plaintext */ * Always use the derived encryption key here. /* ret is set correctly by the prior call */ /* Not necessarily "AES", per se, but "a CBC+CTS mode block cipher with a 96-bit truncated HMAC". */ /* No roundup, since CTS requires no padding once we've hit the char buff[
256];
/* sufficiently large enough to hold current hmacs */ /* truncate the HMAC output accordingly */ * Derive the encryption and hmac keys. * This routine is optimized to fetch the DK * from the original key's DK list. /* key->length, ivec will be tested in enc->encrypt */ /* Ciphertext stealing; there should be no more. */ /* encrypt the plaintext */ /* ret is set correctly by the prior call */