1226031Sstas/*
2226031Sstas * Copyright (c) 1997 - 2008 Kungliga Tekniska H��gskolan
3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4226031Sstas * All rights reserved.
5226031Sstas *
6226031Sstas * Redistribution and use in source and binary forms, with or without
7226031Sstas * modification, are permitted provided that the following conditions
8226031Sstas * are met:
9226031Sstas *
10226031Sstas * 1. Redistributions of source code must retain the above copyright
11226031Sstas *    notice, this list of conditions and the following disclaimer.
12226031Sstas *
13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright
14226031Sstas *    notice, this list of conditions and the following disclaimer in the
15226031Sstas *    documentation and/or other materials provided with the distribution.
16226031Sstas *
17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors
18226031Sstas *    may be used to endorse or promote products derived from this software
19226031Sstas *    without specific prior written permission.
20226031Sstas *
21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24226031Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31226031Sstas * SUCH DAMAGE.
32226031Sstas */
33226031Sstas
34226031Sstas#include "krb5_locl.h"
35226031Sstas
36226031Sstas/* coverity[+alloc : arg-*3] */
37226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
38226031Sstaskrb5_salttype_to_string (krb5_context context,
39226031Sstas			 krb5_enctype etype,
40226031Sstas			 krb5_salttype stype,
41226031Sstas			 char **string)
42226031Sstas{
43226031Sstas    struct _krb5_encryption_type *e;
44226031Sstas    struct salt_type *st;
45226031Sstas
46226031Sstas    e = _krb5_find_enctype (etype);
47226031Sstas    if (e == NULL) {
48226031Sstas	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
49226031Sstas			       "encryption type %d not supported",
50226031Sstas			       etype);
51226031Sstas	return KRB5_PROG_ETYPE_NOSUPP;
52226031Sstas    }
53226031Sstas    for (st = e->keytype->string_to_key; st && st->type; st++) {
54226031Sstas	if (st->type == stype) {
55226031Sstas	    *string = strdup (st->name);
56226031Sstas	    if (*string == NULL) {
57226031Sstas		krb5_set_error_message (context, ENOMEM,
58226031Sstas					N_("malloc: out of memory", ""));
59226031Sstas		return ENOMEM;
60226031Sstas	    }
61226031Sstas	    return 0;
62226031Sstas	}
63226031Sstas    }
64226031Sstas    krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP,
65226031Sstas			    "salttype %d not supported", stype);
66226031Sstas    return HEIM_ERR_SALTTYPE_NOSUPP;
67226031Sstas}
68226031Sstas
69226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
70226031Sstaskrb5_string_to_salttype (krb5_context context,
71226031Sstas			 krb5_enctype etype,
72226031Sstas			 const char *string,
73226031Sstas			 krb5_salttype *salttype)
74226031Sstas{
75226031Sstas    struct _krb5_encryption_type *e;
76226031Sstas    struct salt_type *st;
77226031Sstas
78226031Sstas    e = _krb5_find_enctype (etype);
79226031Sstas    if (e == NULL) {
80226031Sstas	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
81226031Sstas			       N_("encryption type %d not supported", ""),
82226031Sstas			       etype);
83226031Sstas	return KRB5_PROG_ETYPE_NOSUPP;
84226031Sstas    }
85226031Sstas    for (st = e->keytype->string_to_key; st && st->type; st++) {
86226031Sstas	if (strcasecmp (st->name, string) == 0) {
87226031Sstas	    *salttype = st->type;
88226031Sstas	    return 0;
89226031Sstas	}
90226031Sstas    }
91226031Sstas    krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
92226031Sstas			   N_("salttype %s not supported", ""), string);
93226031Sstas    return HEIM_ERR_SALTTYPE_NOSUPP;
94226031Sstas}
95226031Sstas
96226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
97226031Sstaskrb5_get_pw_salt(krb5_context context,
98226031Sstas		 krb5_const_principal principal,
99226031Sstas		 krb5_salt *salt)
100226031Sstas{
101226031Sstas    size_t len;
102226031Sstas    size_t i;
103226031Sstas    krb5_error_code ret;
104226031Sstas    char *p;
105226031Sstas
106226031Sstas    salt->salttype = KRB5_PW_SALT;
107226031Sstas    len = strlen(principal->realm);
108226031Sstas    for (i = 0; i < principal->name.name_string.len; ++i)
109226031Sstas	len += strlen(principal->name.name_string.val[i]);
110226031Sstas    ret = krb5_data_alloc (&salt->saltvalue, len);
111226031Sstas    if (ret)
112226031Sstas	return ret;
113226031Sstas    p = salt->saltvalue.data;
114226031Sstas    memcpy (p, principal->realm, strlen(principal->realm));
115226031Sstas    p += strlen(principal->realm);
116226031Sstas    for (i = 0; i < principal->name.name_string.len; ++i) {
117226031Sstas	memcpy (p,
118226031Sstas		principal->name.name_string.val[i],
119226031Sstas		strlen(principal->name.name_string.val[i]));
120226031Sstas	p += strlen(principal->name.name_string.val[i]);
121226031Sstas    }
122226031Sstas    return 0;
123226031Sstas}
124226031Sstas
125226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
126226031Sstaskrb5_free_salt(krb5_context context,
127226031Sstas	       krb5_salt salt)
128226031Sstas{
129226031Sstas    krb5_data_free(&salt.saltvalue);
130226031Sstas    return 0;
131226031Sstas}
132226031Sstas
133226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
134226031Sstaskrb5_string_to_key_data (krb5_context context,
135226031Sstas			 krb5_enctype enctype,
136226031Sstas			 krb5_data password,
137226031Sstas			 krb5_principal principal,
138226031Sstas			 krb5_keyblock *key)
139226031Sstas{
140226031Sstas    krb5_error_code ret;
141226031Sstas    krb5_salt salt;
142226031Sstas
143226031Sstas    ret = krb5_get_pw_salt(context, principal, &salt);
144226031Sstas    if(ret)
145226031Sstas	return ret;
146226031Sstas    ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
147226031Sstas    krb5_free_salt(context, salt);
148226031Sstas    return ret;
149226031Sstas}
150226031Sstas
151226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
152226031Sstaskrb5_string_to_key (krb5_context context,
153226031Sstas		    krb5_enctype enctype,
154226031Sstas		    const char *password,
155226031Sstas		    krb5_principal principal,
156226031Sstas		    krb5_keyblock *key)
157226031Sstas{
158226031Sstas    krb5_data pw;
159226031Sstas    pw.data = rk_UNCONST(password);
160226031Sstas    pw.length = strlen(password);
161226031Sstas    return krb5_string_to_key_data(context, enctype, pw, principal, key);
162226031Sstas}
163226031Sstas
164226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
165226031Sstaskrb5_string_to_key_data_salt (krb5_context context,
166226031Sstas			      krb5_enctype enctype,
167226031Sstas			      krb5_data password,
168226031Sstas			      krb5_salt salt,
169226031Sstas			      krb5_keyblock *key)
170226031Sstas{
171226031Sstas    krb5_data opaque;
172226031Sstas    krb5_data_zero(&opaque);
173226031Sstas    return krb5_string_to_key_data_salt_opaque(context, enctype, password,
174226031Sstas					       salt, opaque, key);
175226031Sstas}
176226031Sstas
177226031Sstas/*
178226031Sstas * Do a string -> key for encryption type `enctype' operation on
179226031Sstas * `password' (with salt `salt' and the enctype specific data string
180226031Sstas * `opaque'), returning the resulting key in `key'
181226031Sstas */
182226031Sstas
183226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
184226031Sstaskrb5_string_to_key_data_salt_opaque (krb5_context context,
185226031Sstas				     krb5_enctype enctype,
186226031Sstas				     krb5_data password,
187226031Sstas				     krb5_salt salt,
188226031Sstas				     krb5_data opaque,
189226031Sstas				     krb5_keyblock *key)
190226031Sstas{
191226031Sstas    struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
192226031Sstas    struct salt_type *st;
193226031Sstas    if(et == NULL) {
194226031Sstas	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
195226031Sstas			       N_("encryption type %d not supported", ""),
196226031Sstas			       enctype);
197226031Sstas	return KRB5_PROG_ETYPE_NOSUPP;
198226031Sstas    }
199226031Sstas    for(st = et->keytype->string_to_key; st && st->type; st++)
200226031Sstas	if(st->type == salt.salttype)
201226031Sstas	    return (*st->string_to_key)(context, enctype, password,
202226031Sstas					salt, opaque, key);
203226031Sstas    krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
204226031Sstas			   N_("salt type %d not supported", ""),
205226031Sstas			   salt.salttype);
206226031Sstas    return HEIM_ERR_SALTTYPE_NOSUPP;
207226031Sstas}
208226031Sstas
209226031Sstas/*
210226031Sstas * Do a string -> key for encryption type `enctype' operation on the
211226031Sstas * string `password' (with salt `salt'), returning the resulting key
212226031Sstas * in `key'
213226031Sstas */
214226031Sstas
215226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
216226031Sstaskrb5_string_to_key_salt (krb5_context context,
217226031Sstas			 krb5_enctype enctype,
218226031Sstas			 const char *password,
219226031Sstas			 krb5_salt salt,
220226031Sstas			 krb5_keyblock *key)
221226031Sstas{
222226031Sstas    krb5_data pw;
223226031Sstas    pw.data = rk_UNCONST(password);
224226031Sstas    pw.length = strlen(password);
225226031Sstas    return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
226226031Sstas}
227226031Sstas
228226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
229226031Sstaskrb5_string_to_key_salt_opaque (krb5_context context,
230226031Sstas				krb5_enctype enctype,
231226031Sstas				const char *password,
232226031Sstas				krb5_salt salt,
233226031Sstas				krb5_data opaque,
234226031Sstas				krb5_keyblock *key)
235226031Sstas{
236226031Sstas    krb5_data pw;
237226031Sstas    pw.data = rk_UNCONST(password);
238226031Sstas    pw.length = strlen(password);
239226031Sstas    return krb5_string_to_key_data_salt_opaque(context, enctype,
240226031Sstas					       pw, salt, opaque, key);
241226031Sstas}
242226031Sstas
243226031Sstas
244226031SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
245226031Sstaskrb5_string_to_key_derived(krb5_context context,
246226031Sstas			   const void *str,
247226031Sstas			   size_t len,
248226031Sstas			   krb5_enctype etype,
249226031Sstas			   krb5_keyblock *key)
250226031Sstas{
251226031Sstas    struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
252226031Sstas    krb5_error_code ret;
253226031Sstas    struct _krb5_key_data kd;
254226031Sstas    size_t keylen;
255226031Sstas    u_char *tmp;
256226031Sstas
257226031Sstas    if(et == NULL) {
258226031Sstas	krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
259226031Sstas				N_("encryption type %d not supported", ""),
260226031Sstas				etype);
261226031Sstas	return KRB5_PROG_ETYPE_NOSUPP;
262226031Sstas    }
263226031Sstas    keylen = et->keytype->bits / 8;
264226031Sstas
265226031Sstas    ALLOC(kd.key, 1);
266226031Sstas    if(kd.key == NULL) {
267226031Sstas	krb5_set_error_message (context, ENOMEM,
268226031Sstas				N_("malloc: out of memory", ""));
269226031Sstas	return ENOMEM;
270226031Sstas    }
271226031Sstas    ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
272226031Sstas    if(ret) {
273226031Sstas	free(kd.key);
274226031Sstas	return ret;
275226031Sstas    }
276226031Sstas    kd.key->keytype = etype;
277226031Sstas    tmp = malloc (keylen);
278226031Sstas    if(tmp == NULL) {
279226031Sstas	krb5_free_keyblock(context, kd.key);
280226031Sstas	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
281226031Sstas	return ENOMEM;
282226031Sstas    }
283226031Sstas    ret = _krb5_n_fold(str, len, tmp, keylen);
284226031Sstas    if (ret) {
285226031Sstas	free(tmp);
286226031Sstas	krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
287226031Sstas	return ret;
288226031Sstas    }
289226031Sstas    kd.schedule = NULL;
290226031Sstas    _krb5_DES3_random_to_key(context, kd.key, tmp, keylen);
291226031Sstas    memset(tmp, 0, keylen);
292226031Sstas    free(tmp);
293226031Sstas    ret = _krb5_derive_key(context,
294226031Sstas			   et,
295226031Sstas			   &kd,
296226031Sstas			   "kerberos", /* XXX well known constant */
297226031Sstas			   strlen("kerberos"));
298226031Sstas    if (ret) {
299226031Sstas	_krb5_free_key_data(context, &kd, et);
300226031Sstas	return ret;
301226031Sstas    }
302226031Sstas    ret = krb5_copy_keyblock_contents(context, kd.key, key);
303226031Sstas    _krb5_free_key_data(context, &kd, et);
304226031Sstas    return ret;
305226031Sstas}
306