arcfour_provider.c revision 505d05c73a6e56769f263d4803b22eddd168ee24
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Copyright (c) 2000 by Computer Science Laboratory,
* Rensselaer Polytechnic Institute
* #include STD_DISCLAIMER
*/
#include <k5-int.h>
#include <arcfour.h>
/* from a random bitstrem, construct a key */
static krb5_error_code
#ifndef _KERNEL
static krb5_error_code
const krb5_keyblock *key,
{
krb5_error_code ret = 0;
"k5_arcfour_decrypt.");
return (PKCS_ERR);
}
/* Create an object handle for the key */
sizeof(template)/sizeof(CK_ATTRIBUTE),
"k5_arcfour_decrypt: rv = 0x%x.", rv);
}
return (ret);
}
#endif /* !_KERNEL */
/* The workhorse of the arcfour system, this impliments the cipher */
/* ARGSUSED */
static krb5_error_code
{
krb5_error_code ret = 0;
#ifndef _KERNEL
CK_SESSION_HANDLE session = 0;
int need_init = 0;
#endif
return(KRB5_BAD_KEYSIZE);
return(KRB5_BAD_MSIZE);
#ifndef _KERNEL
/*
* If RC4 is being used to encrypt a stream of data blocks,
* the keys for encrypt and decrypt must be kept separate
* so that their associated state data doesn't get mixed up
* between operations. The r-cmds (rlogin, rsh, rcp) use
* the "init_state" function (see bottom of this module)
* to set up and prepare for stream encryption.
*
* Normally, the RC4 key is used as a single operation
* (i.e. call C_Encrypt) instead of a constantly updating
* stream cipher (C_EncryptUpdate). In those cases, we just
* use a short-term key object defined locally. We don't
* have to save state between operations.
*
* This logic here is to make sure that the keys are tracked
* correctly depending on how they are used and that the RC4
* context record is properly initialized.
*/
/* Just use a local, 1-time only key object */
need_init = 1;
} else {
/* If the dKey handle was not defined, we need to initialize one */
need_init = 1;
/* Use the long-term key object in the RC4 context area */
}
}
if (need_init) {
if (ret)
goto cleanup;
mechanism.ulParameterLen = 0;
"k5_arcfour_decrypt: rv = 0x%x", rv);
goto cleanup;
}
}
(CK_ULONG_PTR)&outlen);
else {
(CK_ULONG_PTR)&outlen);
}
"C_DecryptUpdate failed in k5_arcfour_decrypt: "
"rv = 0x%x", rv);
}
if (ret)
/* If we used a 1-time only key object, destroy it now */
if (hKey != CK_INVALID_HANDLE)
#else /* !_KERNEL */
#endif /* !_KERNEL */
return (ret);
}
/* ARGSUSED */
static krb5_error_code
{
krb5_error_code ret = 0;
#ifndef _KERNEL
int need_init = 0;
#endif
return(KRB5_BAD_KEYSIZE);
return(KRB5_BAD_MSIZE);
#ifndef _KERNEL
/*
* See the comments in the k5_arcfour_decrypt routine (above)
* for an explanation of why the key handles are initialized
* and used as they are here.
*/
need_init = 1;
} else {
need_init = 1;
}
}
if (need_init) {
if (ret)
goto cleanup;
mechanism.ulParameterLen = 0;
"k5_arcfour_encrypt: rv = 0x%x", rv);
goto cleanup;
}
}
/*
* If we've initialize the stream for use with r-commands,
* use the open-ended session handle and call.
*/
(CK_ULONG_PTR)&outlen);
else {
(CK_ULONG_PTR)&outlen);
}
"C_EncryptUpdate failed in k5_arcfour_encrypt: "
"rv = 0x%x", rv);
}
if (ret)
if (hKey != CK_INVALID_HANDLE)
#else /* !_KERNEL */
#endif /* !_KERNEL */
return (ret);
}
/* ARGSUSED */
static krb5_error_code
{
krb5_error_code ret = 0;
return(KRB5_BAD_KEYSIZE);
return(KRB5_CRYPTO_INTERNAL);
#ifdef _KERNEL
#else
#endif /* _KERNEL */
return (ret);
}
/*ARGSUSED*/
static krb5_error_code
const krb5_keyblock *key,
{
krb5_error_code retval = 0;
#ifndef _KERNEL
if (retval)
return (retval);
if (retval)
return (retval);
}
#endif
return (retval);
}
/* Since the arcfour cipher is identical going forwards and backwards,
we just call "docrypt" directly
*/
const struct krb5_enc_provider krb5int_enc_arcfour = {
1,
16, 16,
};