1226031Sstas/* 2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan 3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4226031Sstas * All rights reserved. 5226031Sstas * 6226031Sstas * Redistribution and use in source and binary forms, with or without 7226031Sstas * modification, are permitted provided that the following conditions 8226031Sstas * are met: 9226031Sstas * 10226031Sstas * 1. Redistributions of source code must retain the above copyright 11226031Sstas * notice, this list of conditions and the following disclaimer. 12226031Sstas * 13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright 14226031Sstas * notice, this list of conditions and the following disclaimer in the 15226031Sstas * documentation and/or other materials provided with the distribution. 16226031Sstas * 17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors 18226031Sstas * may be used to endorse or promote products derived from this software 19226031Sstas * without specific prior written permission. 20226031Sstas * 21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24226031Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31226031Sstas * SUCH DAMAGE. 32226031Sstas */ 33226031Sstas 34226031Sstas#include "krb5_locl.h" 35226031Sstas 36226031Sstas/* coverity[+alloc : arg-*3] */ 37226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 38226031Sstaskrb5_salttype_to_string (krb5_context context, 39226031Sstas krb5_enctype etype, 40226031Sstas krb5_salttype stype, 41226031Sstas char **string) 42226031Sstas{ 43226031Sstas struct _krb5_encryption_type *e; 44226031Sstas struct salt_type *st; 45226031Sstas 46226031Sstas e = _krb5_find_enctype (etype); 47226031Sstas if (e == NULL) { 48226031Sstas krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 49226031Sstas "encryption type %d not supported", 50226031Sstas etype); 51226031Sstas return KRB5_PROG_ETYPE_NOSUPP; 52226031Sstas } 53226031Sstas for (st = e->keytype->string_to_key; st && st->type; st++) { 54226031Sstas if (st->type == stype) { 55226031Sstas *string = strdup (st->name); 56226031Sstas if (*string == NULL) { 57226031Sstas krb5_set_error_message (context, ENOMEM, 58226031Sstas N_("malloc: out of memory", "")); 59226031Sstas return ENOMEM; 60226031Sstas } 61226031Sstas return 0; 62226031Sstas } 63226031Sstas } 64226031Sstas krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP, 65226031Sstas "salttype %d not supported", stype); 66226031Sstas return HEIM_ERR_SALTTYPE_NOSUPP; 67226031Sstas} 68226031Sstas 69226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 70226031Sstaskrb5_string_to_salttype (krb5_context context, 71226031Sstas krb5_enctype etype, 72226031Sstas const char *string, 73226031Sstas krb5_salttype *salttype) 74226031Sstas{ 75226031Sstas struct _krb5_encryption_type *e; 76226031Sstas struct salt_type *st; 77226031Sstas 78226031Sstas e = _krb5_find_enctype (etype); 79226031Sstas if (e == NULL) { 80226031Sstas krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 81226031Sstas N_("encryption type %d not supported", ""), 82226031Sstas etype); 83226031Sstas return KRB5_PROG_ETYPE_NOSUPP; 84226031Sstas } 85226031Sstas for (st = e->keytype->string_to_key; st && st->type; st++) { 86226031Sstas if (strcasecmp (st->name, string) == 0) { 87226031Sstas *salttype = st->type; 88226031Sstas return 0; 89226031Sstas } 90226031Sstas } 91226031Sstas krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, 92226031Sstas N_("salttype %s not supported", ""), string); 93226031Sstas return HEIM_ERR_SALTTYPE_NOSUPP; 94226031Sstas} 95226031Sstas 96226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 97226031Sstaskrb5_get_pw_salt(krb5_context context, 98226031Sstas krb5_const_principal principal, 99226031Sstas krb5_salt *salt) 100226031Sstas{ 101226031Sstas size_t len; 102226031Sstas size_t i; 103226031Sstas krb5_error_code ret; 104226031Sstas char *p; 105226031Sstas 106226031Sstas salt->salttype = KRB5_PW_SALT; 107226031Sstas len = strlen(principal->realm); 108226031Sstas for (i = 0; i < principal->name.name_string.len; ++i) 109226031Sstas len += strlen(principal->name.name_string.val[i]); 110226031Sstas ret = krb5_data_alloc (&salt->saltvalue, len); 111226031Sstas if (ret) 112226031Sstas return ret; 113226031Sstas p = salt->saltvalue.data; 114226031Sstas memcpy (p, principal->realm, strlen(principal->realm)); 115226031Sstas p += strlen(principal->realm); 116226031Sstas for (i = 0; i < principal->name.name_string.len; ++i) { 117226031Sstas memcpy (p, 118226031Sstas principal->name.name_string.val[i], 119226031Sstas strlen(principal->name.name_string.val[i])); 120226031Sstas p += strlen(principal->name.name_string.val[i]); 121226031Sstas } 122226031Sstas return 0; 123226031Sstas} 124226031Sstas 125226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 126226031Sstaskrb5_free_salt(krb5_context context, 127226031Sstas krb5_salt salt) 128226031Sstas{ 129226031Sstas krb5_data_free(&salt.saltvalue); 130226031Sstas return 0; 131226031Sstas} 132226031Sstas 133226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 134226031Sstaskrb5_string_to_key_data (krb5_context context, 135226031Sstas krb5_enctype enctype, 136226031Sstas krb5_data password, 137226031Sstas krb5_principal principal, 138226031Sstas krb5_keyblock *key) 139226031Sstas{ 140226031Sstas krb5_error_code ret; 141226031Sstas krb5_salt salt; 142226031Sstas 143226031Sstas ret = krb5_get_pw_salt(context, principal, &salt); 144226031Sstas if(ret) 145226031Sstas return ret; 146226031Sstas ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key); 147226031Sstas krb5_free_salt(context, salt); 148226031Sstas return ret; 149226031Sstas} 150226031Sstas 151226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 152226031Sstaskrb5_string_to_key (krb5_context context, 153226031Sstas krb5_enctype enctype, 154226031Sstas const char *password, 155226031Sstas krb5_principal principal, 156226031Sstas krb5_keyblock *key) 157226031Sstas{ 158226031Sstas krb5_data pw; 159226031Sstas pw.data = rk_UNCONST(password); 160226031Sstas pw.length = strlen(password); 161226031Sstas return krb5_string_to_key_data(context, enctype, pw, principal, key); 162226031Sstas} 163226031Sstas 164226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 165226031Sstaskrb5_string_to_key_data_salt (krb5_context context, 166226031Sstas krb5_enctype enctype, 167226031Sstas krb5_data password, 168226031Sstas krb5_salt salt, 169226031Sstas krb5_keyblock *key) 170226031Sstas{ 171226031Sstas krb5_data opaque; 172226031Sstas krb5_data_zero(&opaque); 173226031Sstas return krb5_string_to_key_data_salt_opaque(context, enctype, password, 174226031Sstas salt, opaque, key); 175226031Sstas} 176226031Sstas 177226031Sstas/* 178226031Sstas * Do a string -> key for encryption type `enctype' operation on 179226031Sstas * `password' (with salt `salt' and the enctype specific data string 180226031Sstas * `opaque'), returning the resulting key in `key' 181226031Sstas */ 182226031Sstas 183226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 184226031Sstaskrb5_string_to_key_data_salt_opaque (krb5_context context, 185226031Sstas krb5_enctype enctype, 186226031Sstas krb5_data password, 187226031Sstas krb5_salt salt, 188226031Sstas krb5_data opaque, 189226031Sstas krb5_keyblock *key) 190226031Sstas{ 191226031Sstas struct _krb5_encryption_type *et =_krb5_find_enctype(enctype); 192226031Sstas struct salt_type *st; 193226031Sstas if(et == NULL) { 194226031Sstas krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, 195226031Sstas N_("encryption type %d not supported", ""), 196226031Sstas enctype); 197226031Sstas return KRB5_PROG_ETYPE_NOSUPP; 198226031Sstas } 199226031Sstas for(st = et->keytype->string_to_key; st && st->type; st++) 200226031Sstas if(st->type == salt.salttype) 201226031Sstas return (*st->string_to_key)(context, enctype, password, 202226031Sstas salt, opaque, key); 203226031Sstas krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, 204226031Sstas N_("salt type %d not supported", ""), 205226031Sstas salt.salttype); 206226031Sstas return HEIM_ERR_SALTTYPE_NOSUPP; 207226031Sstas} 208226031Sstas 209226031Sstas/* 210226031Sstas * Do a string -> key for encryption type `enctype' operation on the 211226031Sstas * string `password' (with salt `salt'), returning the resulting key 212226031Sstas * in `key' 213226031Sstas */ 214226031Sstas 215226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 216226031Sstaskrb5_string_to_key_salt (krb5_context context, 217226031Sstas krb5_enctype enctype, 218226031Sstas const char *password, 219226031Sstas krb5_salt salt, 220226031Sstas krb5_keyblock *key) 221226031Sstas{ 222226031Sstas krb5_data pw; 223226031Sstas pw.data = rk_UNCONST(password); 224226031Sstas pw.length = strlen(password); 225226031Sstas return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); 226226031Sstas} 227226031Sstas 228226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 229226031Sstaskrb5_string_to_key_salt_opaque (krb5_context context, 230226031Sstas krb5_enctype enctype, 231226031Sstas const char *password, 232226031Sstas krb5_salt salt, 233226031Sstas krb5_data opaque, 234226031Sstas krb5_keyblock *key) 235226031Sstas{ 236226031Sstas krb5_data pw; 237226031Sstas pw.data = rk_UNCONST(password); 238226031Sstas pw.length = strlen(password); 239226031Sstas return krb5_string_to_key_data_salt_opaque(context, enctype, 240226031Sstas pw, salt, opaque, key); 241226031Sstas} 242226031Sstas 243226031Sstas 244226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 245226031Sstaskrb5_string_to_key_derived(krb5_context context, 246226031Sstas const void *str, 247226031Sstas size_t len, 248226031Sstas krb5_enctype etype, 249226031Sstas krb5_keyblock *key) 250226031Sstas{ 251226031Sstas struct _krb5_encryption_type *et = _krb5_find_enctype(etype); 252226031Sstas krb5_error_code ret; 253226031Sstas struct _krb5_key_data kd; 254226031Sstas size_t keylen; 255226031Sstas u_char *tmp; 256226031Sstas 257226031Sstas if(et == NULL) { 258226031Sstas krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, 259226031Sstas N_("encryption type %d not supported", ""), 260226031Sstas etype); 261226031Sstas return KRB5_PROG_ETYPE_NOSUPP; 262226031Sstas } 263226031Sstas keylen = et->keytype->bits / 8; 264226031Sstas 265226031Sstas ALLOC(kd.key, 1); 266226031Sstas if(kd.key == NULL) { 267226031Sstas krb5_set_error_message (context, ENOMEM, 268226031Sstas N_("malloc: out of memory", "")); 269226031Sstas return ENOMEM; 270226031Sstas } 271226031Sstas ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); 272226031Sstas if(ret) { 273226031Sstas free(kd.key); 274226031Sstas return ret; 275226031Sstas } 276226031Sstas kd.key->keytype = etype; 277226031Sstas tmp = malloc (keylen); 278226031Sstas if(tmp == NULL) { 279226031Sstas krb5_free_keyblock(context, kd.key); 280226031Sstas krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 281226031Sstas return ENOMEM; 282226031Sstas } 283226031Sstas ret = _krb5_n_fold(str, len, tmp, keylen); 284226031Sstas if (ret) { 285226031Sstas free(tmp); 286226031Sstas krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); 287226031Sstas return ret; 288226031Sstas } 289226031Sstas kd.schedule = NULL; 290226031Sstas _krb5_DES3_random_to_key(context, kd.key, tmp, keylen); 291226031Sstas memset(tmp, 0, keylen); 292226031Sstas free(tmp); 293226031Sstas ret = _krb5_derive_key(context, 294226031Sstas et, 295226031Sstas &kd, 296226031Sstas "kerberos", /* XXX well known constant */ 297226031Sstas strlen("kerberos")); 298226031Sstas if (ret) { 299226031Sstas _krb5_free_key_data(context, &kd, et); 300226031Sstas return ret; 301226031Sstas } 302226031Sstas ret = krb5_copy_keyblock_contents(context, kd.key, key); 303226031Sstas _krb5_free_key_data(context, &kd, et); 304226031Sstas return ret; 305226031Sstas} 306