/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/* Solaris Kerberos:
* this code is based on the
* file, but has been modified to use the Solaris resident md5.o kernel
* This means that the MD5* functions are called instead of krb5_MD5*.
*/
#include <des_int.h>
#include <krb5.h>
#include <keyhash_provider.h>
/* Force acceptance of krb5-beta5 md5des checksum for now. */
#define KRB5_MD5DES_BETA5_COMPAT
/* des-cbc(xorkey, conf | rsa-md5(conf | data)) */
/* this could be done in terms of the md5 and des providers, but
that's less efficient, and there's no need for this to be generic */
/*ARGSUSED*/
static krb5_error_code
{
int i;
char *outptr;
return(KRB5_BAD_KEYSIZE);
if (ivec)
return(KRB5_CRYPTO_INTERNAL);
return(KRB5_CRYPTO_INTERNAL);
/* create the confounder */
return(ret);
/* hash the confounder, then the input data */
if (hash_input == NULL)
return(KRB5_RC_MALLOC);
/* Save the pointer to the beginning of the output buffer */
/*
* Move the output ptr ahead so we can write the hash
* digest directly into the buffer.
*/
/* Use generic hash function that calls to kEF */
return(KRB5_KEF_ERROR);
}
/* restore the original ptr to the output data */
/*
* Put the confounder in the beginning of the buffer to be
* encrypted.
*/
for (i=0; i<sizeof(xorkey); i++)
xorkey[i] ^= 0xf0;
/*
* Solaris Kerberos:
* Encryption Framework checks for parity and weak keys.
*/
if (ret) {
return (ret);
}
/* encrypt it, in place. this has a return value, but it's
always zero. */
return(ret);
}
/*ARGSUSED*/
static krb5_error_code
{
int i;
int compathash = 0;
return(KRB5_BAD_KEYSIZE);
if (ivec)
return(KRB5_CRYPTO_INTERNAL);
#ifdef KRB5_MD5DES_BETA5_COMPAT
return(KRB5_CRYPTO_INTERNAL);
else
compathash = 1;
#else
return(KRB5_CRYPTO_INTERNAL);
#endif
}
/* create and schedule the encryption key */
if (!compathash) {
for (i=0; i<sizeof(xorkey); i++)
xorkey[i] ^= 0xf0;
}
/*
* Solaris Kerberos:
* Encryption Framework checks for parity and weak keys
*/
/* decrypt it. this has a return value, but it's always zero. */
if (!compathash) {
&newkey, (unsigned char*) mit_des_zeroblock, 0);
} else {
}
/* hash the confounder, then the input data */
i = 1;
if (!compathash)
i++;
if (hash_input == NULL)
return(KRB5_RC_MALLOC);
i=0;
if (!compathash) {
i++;
}
goto cleanup;
}
/* compare the decrypted hash to the computed one */
if (!compathash) {
(void *)outtmp, MD5_CKSUM_LENGTH);
} else {
(void *)outtmp, MD5_CKSUM_LENGTH);
}
return(ret);
}
};