1/*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "krb5_locl.h"
35
36/* coverity[+alloc : arg-*3] */
37KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
38krb5_salttype_to_string (krb5_context context,
39			 krb5_enctype etype,
40			 krb5_salttype stype,
41			 char **string)
42{
43    struct _krb5_encryption_type *e;
44    struct salt_type *st;
45
46    e = _krb5_find_enctype (etype);
47    if (e == NULL) {
48	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
49			       "encryption type %d not supported",
50			       etype);
51	return KRB5_PROG_ETYPE_NOSUPP;
52    }
53    for (st = e->keytype->string_to_key; st && st->type; st++) {
54	if (st->type == stype) {
55	    *string = strdup (st->name);
56	    if (*string == NULL) {
57		krb5_set_error_message (context, ENOMEM,
58					N_("malloc: out of memory", ""));
59		return ENOMEM;
60	    }
61	    return 0;
62	}
63    }
64    krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP,
65			    "salttype %d not supported", stype);
66    return HEIM_ERR_SALTTYPE_NOSUPP;
67}
68
69KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
70krb5_string_to_salttype (krb5_context context,
71			 krb5_enctype etype,
72			 const char *string,
73			 krb5_salttype *salttype)
74{
75    struct _krb5_encryption_type *e;
76    struct salt_type *st;
77
78    e = _krb5_find_enctype (etype);
79    if (e == NULL) {
80	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
81			       N_("encryption type %d not supported", ""),
82			       etype);
83	return KRB5_PROG_ETYPE_NOSUPP;
84    }
85    for (st = e->keytype->string_to_key; st && st->type; st++) {
86	if (strcasecmp (st->name, string) == 0) {
87	    *salttype = st->type;
88	    return 0;
89	}
90    }
91    krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
92			   N_("salttype %s not supported", ""), string);
93    return HEIM_ERR_SALTTYPE_NOSUPP;
94}
95
96KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
97krb5_get_pw_salt(krb5_context context,
98		 krb5_const_principal principal,
99		 krb5_salt *salt)
100{
101    size_t len;
102    size_t i;
103    krb5_error_code ret;
104    char *p;
105
106    salt->salttype = KRB5_PW_SALT;
107    len = strlen(principal->realm);
108    for (i = 0; i < principal->name.name_string.len; ++i)
109	len += strlen(principal->name.name_string.val[i]);
110    ret = krb5_data_alloc (&salt->saltvalue, len);
111    if (ret)
112	return ret;
113    p = salt->saltvalue.data;
114    memcpy (p, principal->realm, strlen(principal->realm));
115    p += strlen(principal->realm);
116    for (i = 0; i < principal->name.name_string.len; ++i) {
117	memcpy (p,
118		principal->name.name_string.val[i],
119		strlen(principal->name.name_string.val[i]));
120	p += strlen(principal->name.name_string.val[i]);
121    }
122    return 0;
123}
124
125KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
126krb5_free_salt(krb5_context context,
127	       krb5_salt salt)
128{
129    krb5_data_free(&salt.saltvalue);
130    return 0;
131}
132
133KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
134krb5_string_to_key_data (krb5_context context,
135			 krb5_enctype enctype,
136			 krb5_data password,
137			 krb5_principal principal,
138			 krb5_keyblock *key)
139{
140    krb5_error_code ret;
141    krb5_salt salt;
142
143    ret = krb5_get_pw_salt(context, principal, &salt);
144    if(ret)
145	return ret;
146    ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
147    krb5_free_salt(context, salt);
148    return ret;
149}
150
151KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
152krb5_string_to_key (krb5_context context,
153		    krb5_enctype enctype,
154		    const char *password,
155		    krb5_principal principal,
156		    krb5_keyblock *key)
157{
158    krb5_data pw;
159    pw.data = rk_UNCONST(password);
160    pw.length = strlen(password);
161    return krb5_string_to_key_data(context, enctype, pw, principal, key);
162}
163
164KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
165krb5_string_to_key_data_salt (krb5_context context,
166			      krb5_enctype enctype,
167			      krb5_data password,
168			      krb5_salt salt,
169			      krb5_keyblock *key)
170{
171    krb5_data opaque;
172    krb5_data_zero(&opaque);
173    return krb5_string_to_key_data_salt_opaque(context, enctype, password,
174					       salt, opaque, key);
175}
176
177/*
178 * Do a string -> key for encryption type `enctype' operation on
179 * `password' (with salt `salt' and the enctype specific data string
180 * `opaque'), returning the resulting key in `key'
181 */
182
183KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
184krb5_string_to_key_data_salt_opaque (krb5_context context,
185				     krb5_enctype enctype,
186				     krb5_data password,
187				     krb5_salt salt,
188				     krb5_data opaque,
189				     krb5_keyblock *key)
190{
191    struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
192    struct salt_type *st;
193    if(et == NULL) {
194	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
195			       N_("encryption type %d not supported", ""),
196			       enctype);
197	return KRB5_PROG_ETYPE_NOSUPP;
198    }
199    for(st = et->keytype->string_to_key; st && st->type; st++)
200	if(st->type == salt.salttype)
201	    return (*st->string_to_key)(context, enctype, password,
202					salt, opaque, key);
203    krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
204			   N_("salt type %d not supported", ""),
205			   salt.salttype);
206    return HEIM_ERR_SALTTYPE_NOSUPP;
207}
208
209/*
210 * Do a string -> key for encryption type `enctype' operation on the
211 * string `password' (with salt `salt'), returning the resulting key
212 * in `key'
213 */
214
215KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
216krb5_string_to_key_salt (krb5_context context,
217			 krb5_enctype enctype,
218			 const char *password,
219			 krb5_salt salt,
220			 krb5_keyblock *key)
221{
222    krb5_data pw;
223    pw.data = rk_UNCONST(password);
224    pw.length = strlen(password);
225    return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
226}
227
228KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
229krb5_string_to_key_salt_opaque (krb5_context context,
230				krb5_enctype enctype,
231				const char *password,
232				krb5_salt salt,
233				krb5_data opaque,
234				krb5_keyblock *key)
235{
236    krb5_data pw;
237    pw.data = rk_UNCONST(password);
238    pw.length = strlen(password);
239    return krb5_string_to_key_data_salt_opaque(context, enctype,
240					       pw, salt, opaque, key);
241}
242
243
244KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
245krb5_string_to_key_derived(krb5_context context,
246			   const void *str,
247			   size_t len,
248			   krb5_enctype etype,
249			   krb5_keyblock *key)
250{
251    struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
252    krb5_error_code ret;
253    struct _krb5_key_data kd;
254    size_t keylen;
255    u_char *tmp;
256
257    if(et == NULL) {
258	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
259				N_("encryption type %d not supported", ""),
260				etype);
261	return KRB5_PROG_ETYPE_NOSUPP;
262    }
263    keylen = et->keytype->bits / 8;
264
265    ALLOC(kd.key, 1);
266    if(kd.key == NULL) {
267	krb5_set_error_message (context, ENOMEM,
268				N_("malloc: out of memory", ""));
269	return ENOMEM;
270    }
271    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
272    if(ret) {
273	free(kd.key);
274	return ret;
275    }
276    kd.key->keytype = etype;
277    tmp = malloc (keylen);
278    if(tmp == NULL) {
279	krb5_free_keyblock(context, kd.key);
280	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
281	return ENOMEM;
282    }
283    ret = _krb5_n_fold(str, len, tmp, keylen);
284    if (ret) {
285	free(tmp);
286	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
287	return ret;
288    }
289    kd.schedule = NULL;
290    _krb5_DES3_random_to_key(context, kd.key, tmp, keylen);
291    memset(tmp, 0, keylen);
292    free(tmp);
293    ret = _krb5_derive_key(context,
294			   et,
295			   &kd,
296			   "kerberos", /* XXX well known constant */
297			   strlen("kerberos"));
298    if (ret) {
299	_krb5_free_key_data(context, &kd, et);
300	return ret;
301    }
302    ret = krb5_copy_keyblock_contents(context, kd.key, key);
303    _krb5_free_key_data(context, &kd, et);
304    return ret;
305}
306