1178825Sdfr/* 2233294Sstas * Copyright (c) 2003 Kungliga Tekniska H��gskolan 3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4233294Sstas * All rights reserved. 5178825Sdfr * 6233294Sstas * Redistribution and use in source and binary forms, with or without 7233294Sstas * modification, are permitted provided that the following conditions 8233294Sstas * are met: 9178825Sdfr * 10233294Sstas * 1. Redistributions of source code must retain the above copyright 11233294Sstas * notice, this list of conditions and the following disclaimer. 12178825Sdfr * 13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright 14233294Sstas * notice, this list of conditions and the following disclaimer in the 15233294Sstas * documentation and/or other materials provided with the distribution. 16178825Sdfr * 17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors 18233294Sstas * may be used to endorse or promote products derived from this software 19233294Sstas * without specific prior written permission. 20178825Sdfr * 21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24233294Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31233294Sstas * SUCH DAMAGE. 32178825Sdfr */ 33178825Sdfr 34178825Sdfr#include "krb5_locl.h" 35178825Sdfr 36233294Sstas#ifndef HEIMDAL_SMALLER 37233294Sstas 38178825Sdfr/* 39178825Sdfr * Glue for MIT API 40178825Sdfr */ 41178825Sdfr 42233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 43233294Sstaskrb5_c_make_checksum(krb5_context context, 44233294Sstas krb5_cksumtype cksumtype, 45233294Sstas const krb5_keyblock *key, 46178825Sdfr krb5_keyusage usage, 47233294Sstas const krb5_data *input, 48178825Sdfr krb5_checksum *cksum) 49178825Sdfr{ 50178825Sdfr krb5_error_code ret; 51178825Sdfr krb5_crypto crypto; 52178825Sdfr 53178825Sdfr ret = krb5_crypto_init(context, key, 0, &crypto); 54178825Sdfr if (ret) 55178825Sdfr return ret; 56178825Sdfr 57178825Sdfr ret = krb5_create_checksum(context, crypto, usage, cksumtype, 58178825Sdfr input->data, input->length, cksum); 59178825Sdfr krb5_crypto_destroy(context, crypto); 60178825Sdfr 61178825Sdfr return ret ; 62178825Sdfr} 63178825Sdfr 64233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 65178825Sdfrkrb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 66178825Sdfr krb5_keyusage usage, const krb5_data *data, 67178825Sdfr const krb5_checksum *cksum, krb5_boolean *valid) 68178825Sdfr{ 69178825Sdfr krb5_error_code ret; 70178825Sdfr krb5_checksum data_cksum; 71178825Sdfr 72178825Sdfr *valid = 0; 73178825Sdfr 74178825Sdfr ret = krb5_c_make_checksum(context, cksum->cksumtype, 75178825Sdfr key, usage, data, &data_cksum); 76178825Sdfr if (ret) 77178825Sdfr return ret; 78178825Sdfr 79178825Sdfr if (data_cksum.cksumtype == cksum->cksumtype 80233294Sstas && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) 81178825Sdfr *valid = 1; 82178825Sdfr 83178825Sdfr krb5_free_checksum_contents(context, &data_cksum); 84178825Sdfr 85178825Sdfr return 0; 86178825Sdfr} 87178825Sdfr 88233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 89178825Sdfrkrb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, 90178825Sdfr krb5_cksumtype *type, krb5_data **data) 91178825Sdfr{ 92178825Sdfr krb5_error_code ret; 93178825Sdfr 94178825Sdfr if (type) 95178825Sdfr *type = cksum->cksumtype; 96178825Sdfr if (data) { 97178825Sdfr *data = malloc(sizeof(**data)); 98178825Sdfr if (*data == NULL) 99178825Sdfr return ENOMEM; 100178825Sdfr 101178825Sdfr ret = der_copy_octet_string(&cksum->checksum, *data); 102178825Sdfr if (ret) { 103178825Sdfr free(*data); 104178825Sdfr *data = NULL; 105178825Sdfr return ret; 106178825Sdfr } 107178825Sdfr } 108178825Sdfr return 0; 109178825Sdfr} 110178825Sdfr 111233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 112178825Sdfrkrb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, 113178825Sdfr krb5_cksumtype type, const krb5_data *data) 114178825Sdfr{ 115178825Sdfr cksum->cksumtype = type; 116178825Sdfr return der_copy_octet_string(data, &cksum->checksum); 117178825Sdfr} 118178825Sdfr 119233294SstasKRB5_LIB_FUNCTION void KRB5_LIB_CALL 120178825Sdfrkrb5_free_checksum (krb5_context context, krb5_checksum *cksum) 121178825Sdfr{ 122178825Sdfr krb5_checksum_free(context, cksum); 123178825Sdfr free(cksum); 124178825Sdfr} 125178825Sdfr 126233294SstasKRB5_LIB_FUNCTION void KRB5_LIB_CALL 127178825Sdfrkrb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) 128178825Sdfr{ 129178825Sdfr krb5_checksum_free(context, cksum); 130178825Sdfr memset(cksum, 0, sizeof(*cksum)); 131178825Sdfr} 132178825Sdfr 133233294SstasKRB5_LIB_FUNCTION void KRB5_LIB_CALL 134178825Sdfrkrb5_checksum_free(krb5_context context, krb5_checksum *cksum) 135178825Sdfr{ 136178825Sdfr free_Checksum(cksum); 137178825Sdfr} 138178825Sdfr 139233294SstasKRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 140178825Sdfrkrb5_c_valid_enctype (krb5_enctype etype) 141178825Sdfr{ 142233294Sstas return !krb5_enctype_valid(NULL, etype); 143178825Sdfr} 144178825Sdfr 145233294SstasKRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 146178825Sdfrkrb5_c_valid_cksumtype(krb5_cksumtype ctype) 147178825Sdfr{ 148178825Sdfr return krb5_cksumtype_valid(NULL, ctype); 149178825Sdfr} 150178825Sdfr 151233294SstasKRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 152178825Sdfrkrb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) 153178825Sdfr{ 154178825Sdfr return krb5_checksum_is_collision_proof(NULL, ctype); 155178825Sdfr} 156178825Sdfr 157233294SstasKRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 158178825Sdfrkrb5_c_is_keyed_cksum(krb5_cksumtype ctype) 159178825Sdfr{ 160178825Sdfr return krb5_checksum_is_keyed(NULL, ctype); 161178825Sdfr} 162178825Sdfr 163233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 164178825Sdfrkrb5_copy_checksum (krb5_context context, 165178825Sdfr const krb5_checksum *old, 166178825Sdfr krb5_checksum **new) 167178825Sdfr{ 168178825Sdfr *new = malloc(sizeof(**new)); 169178825Sdfr if (*new == NULL) 170178825Sdfr return ENOMEM; 171178825Sdfr return copy_Checksum(old, *new); 172178825Sdfr} 173178825Sdfr 174233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 175178825Sdfrkrb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, 176178825Sdfr size_t *length) 177178825Sdfr{ 178178825Sdfr return krb5_checksumsize(context, cksumtype, length); 179178825Sdfr} 180178825Sdfr 181233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 182233294Sstaskrb5_c_block_size(krb5_context context, 183233294Sstas krb5_enctype enctype, 184178825Sdfr size_t *blocksize) 185178825Sdfr{ 186178825Sdfr krb5_error_code ret; 187178825Sdfr krb5_crypto crypto; 188178825Sdfr krb5_keyblock key; 189178825Sdfr 190178825Sdfr ret = krb5_generate_random_keyblock(context, enctype, &key); 191178825Sdfr if (ret) 192178825Sdfr return ret; 193178825Sdfr 194178825Sdfr ret = krb5_crypto_init(context, &key, 0, &crypto); 195178825Sdfr krb5_free_keyblock_contents(context, &key); 196178825Sdfr if (ret) 197178825Sdfr return ret; 198178825Sdfr ret = krb5_crypto_getblocksize(context, crypto, blocksize); 199178825Sdfr krb5_crypto_destroy(context, crypto); 200178825Sdfr 201178825Sdfr return ret; 202178825Sdfr} 203178825Sdfr 204233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 205233294Sstaskrb5_c_decrypt(krb5_context context, 206233294Sstas const krb5_keyblock key, 207233294Sstas krb5_keyusage usage, 208233294Sstas const krb5_data *ivec, 209233294Sstas krb5_enc_data *input, 210178825Sdfr krb5_data *output) 211178825Sdfr{ 212178825Sdfr krb5_error_code ret; 213178825Sdfr krb5_crypto crypto; 214178825Sdfr 215178825Sdfr ret = krb5_crypto_init(context, &key, input->enctype, &crypto); 216178825Sdfr if (ret) 217178825Sdfr return ret; 218178825Sdfr 219178825Sdfr if (ivec) { 220178825Sdfr size_t blocksize; 221178825Sdfr 222178825Sdfr ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 223178825Sdfr if (ret) { 224178825Sdfr krb5_crypto_destroy(context, crypto); 225178825Sdfr return ret; 226178825Sdfr } 227233294Sstas 228178825Sdfr if (blocksize > ivec->length) { 229178825Sdfr krb5_crypto_destroy(context, crypto); 230178825Sdfr return KRB5_BAD_MSIZE; 231178825Sdfr } 232178825Sdfr } 233178825Sdfr 234233294Sstas ret = krb5_decrypt_ivec(context, crypto, usage, 235233294Sstas input->ciphertext.data, input->ciphertext.length, 236233294Sstas output, 237178825Sdfr ivec ? ivec->data : NULL); 238178825Sdfr 239178825Sdfr krb5_crypto_destroy(context, crypto); 240178825Sdfr 241178825Sdfr return ret ; 242178825Sdfr} 243178825Sdfr 244233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 245233294Sstaskrb5_c_encrypt(krb5_context context, 246233294Sstas const krb5_keyblock *key, 247178825Sdfr krb5_keyusage usage, 248233294Sstas const krb5_data *ivec, 249178825Sdfr const krb5_data *input, 250178825Sdfr krb5_enc_data *output) 251178825Sdfr{ 252178825Sdfr krb5_error_code ret; 253178825Sdfr krb5_crypto crypto; 254178825Sdfr 255178825Sdfr ret = krb5_crypto_init(context, key, 0, &crypto); 256178825Sdfr if (ret) 257178825Sdfr return ret; 258178825Sdfr 259178825Sdfr if (ivec) { 260178825Sdfr size_t blocksize; 261178825Sdfr 262178825Sdfr ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 263178825Sdfr if (ret) { 264178825Sdfr krb5_crypto_destroy(context, crypto); 265178825Sdfr return ret; 266178825Sdfr } 267178825Sdfr 268178825Sdfr if (blocksize > ivec->length) { 269178825Sdfr krb5_crypto_destroy(context, crypto); 270178825Sdfr return KRB5_BAD_MSIZE; 271178825Sdfr } 272178825Sdfr } 273178825Sdfr 274233294Sstas ret = krb5_encrypt_ivec(context, crypto, usage, 275233294Sstas input->data, input->length, 276233294Sstas &output->ciphertext, 277178825Sdfr ivec ? ivec->data : NULL); 278178825Sdfr output->kvno = 0; 279178825Sdfr krb5_crypto_getenctype(context, crypto, &output->enctype); 280178825Sdfr 281178825Sdfr krb5_crypto_destroy(context, crypto); 282178825Sdfr 283178825Sdfr return ret ; 284178825Sdfr} 285178825Sdfr 286233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 287233294Sstaskrb5_c_encrypt_length(krb5_context context, 288233294Sstas krb5_enctype enctype, 289178825Sdfr size_t inputlen, 290178825Sdfr size_t *length) 291178825Sdfr{ 292178825Sdfr krb5_error_code ret; 293178825Sdfr krb5_crypto crypto; 294178825Sdfr krb5_keyblock key; 295178825Sdfr 296178825Sdfr ret = krb5_generate_random_keyblock(context, enctype, &key); 297178825Sdfr if (ret) 298178825Sdfr return ret; 299178825Sdfr 300178825Sdfr ret = krb5_crypto_init(context, &key, 0, &crypto); 301178825Sdfr krb5_free_keyblock_contents(context, &key); 302178825Sdfr if (ret) 303178825Sdfr return ret; 304178825Sdfr 305178825Sdfr *length = krb5_get_wrapped_length(context, crypto, inputlen); 306178825Sdfr krb5_crypto_destroy(context, crypto); 307178825Sdfr 308178825Sdfr return 0; 309178825Sdfr} 310178825Sdfr 311233294Sstas/** 312233294Sstas * Deprecated: keytypes doesn't exists, they are really enctypes. 313233294Sstas * 314233294Sstas * @ingroup krb5_deprecated 315233294Sstas */ 316233294Sstas 317233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 318233294Sstaskrb5_c_enctype_compare(krb5_context context, 319178825Sdfr krb5_enctype e1, 320233294Sstas krb5_enctype e2, 321178825Sdfr krb5_boolean *similar) 322233294Sstas KRB5_DEPRECATED_FUNCTION("Use X instead") 323178825Sdfr{ 324233294Sstas *similar = (e1 == e2); 325178825Sdfr return 0; 326178825Sdfr} 327178825Sdfr 328233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 329178825Sdfrkrb5_c_make_random_key(krb5_context context, 330233294Sstas krb5_enctype enctype, 331178825Sdfr krb5_keyblock *random_key) 332178825Sdfr{ 333178825Sdfr return krb5_generate_random_keyblock(context, enctype, random_key); 334178825Sdfr} 335178825Sdfr 336233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 337178825Sdfrkrb5_c_keylengths(krb5_context context, 338178825Sdfr krb5_enctype enctype, 339178825Sdfr size_t *ilen, 340178825Sdfr size_t *keylen) 341178825Sdfr{ 342178825Sdfr krb5_error_code ret; 343178825Sdfr 344178825Sdfr ret = krb5_enctype_keybits(context, enctype, ilen); 345178825Sdfr if (ret) 346178825Sdfr return ret; 347178825Sdfr *ilen = (*ilen + 7) / 8; 348178825Sdfr return krb5_enctype_keysize(context, enctype, keylen); 349178825Sdfr} 350178825Sdfr 351233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 352178825Sdfrkrb5_c_prf_length(krb5_context context, 353178825Sdfr krb5_enctype type, 354178825Sdfr size_t *length) 355178825Sdfr{ 356178825Sdfr return krb5_crypto_prf_length(context, type, length); 357178825Sdfr} 358178825Sdfr 359233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 360178825Sdfrkrb5_c_prf(krb5_context context, 361178825Sdfr const krb5_keyblock *key, 362233294Sstas const krb5_data *input, 363178825Sdfr krb5_data *output) 364178825Sdfr{ 365178825Sdfr krb5_crypto crypto; 366178825Sdfr krb5_error_code ret; 367178825Sdfr 368178825Sdfr ret = krb5_crypto_init(context, key, 0, &crypto); 369178825Sdfr if (ret) 370178825Sdfr return ret; 371178825Sdfr 372178825Sdfr ret = krb5_crypto_prf(context, crypto, input, output); 373178825Sdfr krb5_crypto_destroy(context, crypto); 374178825Sdfr 375178825Sdfr return ret; 376178825Sdfr} 377233294Sstas 378233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 379233294Sstaskrb5_c_random_make_octets(krb5_context context, krb5_data * data) 380233294Sstas{ 381233294Sstas return krb5_generate_random_keyblock(context, data->length, data->data); 382233294Sstas} 383233294Sstas 384233294Sstas/** 385233294Sstas * MIT compat glue 386233294Sstas * 387233294Sstas * @ingroup krb5_ccache 388233294Sstas */ 389233294Sstas 390233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 391233294Sstaskrb5_cc_copy_creds(krb5_context context, 392233294Sstas const krb5_ccache from, 393233294Sstas krb5_ccache to) 394233294Sstas{ 395233294Sstas return krb5_cc_copy_cache(context, from, to); 396233294Sstas} 397233294Sstas 398233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 399233294Sstaskrb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, 400233294Sstas krb5_keyblock **keyblock) 401233294Sstas{ 402233294Sstas return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); 403233294Sstas} 404233294Sstas 405233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 406233294Sstaskrb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, 407233294Sstas krb5_keyblock **keyblock) 408233294Sstas{ 409233294Sstas return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); 410233294Sstas} 411233294Sstas 412233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 413233294Sstaskrb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, 414233294Sstas krb5_keyblock *keyblock) 415233294Sstas{ 416233294Sstas return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); 417233294Sstas} 418233294Sstas 419233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 420233294Sstaskrb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, 421233294Sstas krb5_keyblock *keyblock) 422233294Sstas{ 423233294Sstas return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); 424233294Sstas} 425233294Sstas 426233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 427233294Sstaskrb5_free_default_realm(krb5_context context, krb5_realm realm) 428233294Sstas{ 429233294Sstas return krb5_xfree(realm); 430233294Sstas} 431233294Sstas 432233294Sstas#endif /* HEIMDAL_SMALLER */ 433