1/* $NetBSD: mit_glue.c,v 1.1.1.1 2011/04/13 18:15:36 elric Exp $ */ 2 3/* 4 * Copyright (c) 2003 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#define KRB5_DEPRECATED 37 38#include "krb5_locl.h" 39 40#ifndef HEIMDAL_SMALLER 41 42/* 43 * Glue for MIT API 44 */ 45 46KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 47krb5_c_make_checksum(krb5_context context, 48 krb5_cksumtype cksumtype, 49 const krb5_keyblock *key, 50 krb5_keyusage usage, 51 const krb5_data *input, 52 krb5_checksum *cksum) 53{ 54 krb5_error_code ret; 55 krb5_crypto crypto; 56 57 ret = krb5_crypto_init(context, key, 0, &crypto); 58 if (ret) 59 return ret; 60 61 ret = krb5_create_checksum(context, crypto, usage, cksumtype, 62 input->data, input->length, cksum); 63 krb5_crypto_destroy(context, crypto); 64 65 return ret ; 66} 67 68KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 69krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 70 krb5_keyusage usage, const krb5_data *data, 71 const krb5_checksum *cksum, krb5_boolean *valid) 72{ 73 krb5_error_code ret; 74 krb5_checksum data_cksum; 75 76 *valid = 0; 77 78 ret = krb5_c_make_checksum(context, cksum->cksumtype, 79 key, usage, data, &data_cksum); 80 if (ret) 81 return ret; 82 83 if (data_cksum.cksumtype == cksum->cksumtype 84 && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) 85 *valid = 1; 86 87 krb5_free_checksum_contents(context, &data_cksum); 88 89 return 0; 90} 91 92KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 93krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, 94 krb5_cksumtype *type, krb5_data **data) 95{ 96 krb5_error_code ret; 97 98 if (type) 99 *type = cksum->cksumtype; 100 if (data) { 101 *data = malloc(sizeof(**data)); 102 if (*data == NULL) 103 return ENOMEM; 104 105 ret = der_copy_octet_string(&cksum->checksum, *data); 106 if (ret) { 107 free(*data); 108 *data = NULL; 109 return ret; 110 } 111 } 112 return 0; 113} 114 115KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 116krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, 117 krb5_cksumtype type, const krb5_data *data) 118{ 119 cksum->cksumtype = type; 120 return der_copy_octet_string(data, &cksum->checksum); 121} 122 123KRB5_LIB_FUNCTION void KRB5_LIB_CALL 124krb5_free_checksum (krb5_context context, krb5_checksum *cksum) 125{ 126 krb5_checksum_free(context, cksum); 127 free(cksum); 128} 129 130KRB5_LIB_FUNCTION void KRB5_LIB_CALL 131krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) 132{ 133 krb5_checksum_free(context, cksum); 134 memset(cksum, 0, sizeof(*cksum)); 135} 136 137KRB5_LIB_FUNCTION void KRB5_LIB_CALL 138krb5_checksum_free(krb5_context context, krb5_checksum *cksum) 139{ 140 free_Checksum(cksum); 141} 142 143KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 144krb5_c_valid_enctype (krb5_enctype etype) 145{ 146 return krb5_enctype_valid(NULL, etype); 147} 148 149KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 150krb5_c_valid_cksumtype(krb5_cksumtype ctype) 151{ 152 return krb5_cksumtype_valid(NULL, ctype); 153} 154 155KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 156krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) 157{ 158 return krb5_checksum_is_collision_proof(NULL, ctype); 159} 160 161KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 162krb5_c_is_keyed_cksum(krb5_cksumtype ctype) 163{ 164 return krb5_checksum_is_keyed(NULL, ctype); 165} 166 167KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 168krb5_copy_checksum (krb5_context context, 169 const krb5_checksum *old, 170 krb5_checksum **new) 171{ 172 *new = malloc(sizeof(**new)); 173 if (*new == NULL) 174 return ENOMEM; 175 return copy_Checksum(old, *new); 176} 177 178KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 179krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, 180 size_t *length) 181{ 182 return krb5_checksumsize(context, cksumtype, length); 183} 184 185KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 186krb5_c_block_size(krb5_context context, 187 krb5_enctype enctype, 188 size_t *blocksize) 189{ 190 krb5_error_code ret; 191 krb5_crypto crypto; 192 krb5_keyblock key; 193 194 ret = krb5_generate_random_keyblock(context, enctype, &key); 195 if (ret) 196 return ret; 197 198 ret = krb5_crypto_init(context, &key, 0, &crypto); 199 krb5_free_keyblock_contents(context, &key); 200 if (ret) 201 return ret; 202 ret = krb5_crypto_getblocksize(context, crypto, blocksize); 203 krb5_crypto_destroy(context, crypto); 204 205 return ret; 206} 207 208KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 209krb5_c_decrypt(krb5_context context, 210 const krb5_keyblock key, 211 krb5_keyusage usage, 212 const krb5_data *ivec, 213 krb5_enc_data *input, 214 krb5_data *output) 215{ 216 krb5_error_code ret; 217 krb5_crypto crypto; 218 219 ret = krb5_crypto_init(context, &key, input->enctype, &crypto); 220 if (ret) 221 return ret; 222 223 if (ivec) { 224 size_t blocksize; 225 226 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 227 if (ret) { 228 krb5_crypto_destroy(context, crypto); 229 return ret; 230 } 231 232 if (blocksize > ivec->length) { 233 krb5_crypto_destroy(context, crypto); 234 return KRB5_BAD_MSIZE; 235 } 236 } 237 238 ret = krb5_decrypt_ivec(context, crypto, usage, 239 input->ciphertext.data, input->ciphertext.length, 240 output, 241 ivec ? ivec->data : NULL); 242 243 krb5_crypto_destroy(context, crypto); 244 245 return ret ; 246} 247 248KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 249krb5_c_encrypt(krb5_context context, 250 const krb5_keyblock *key, 251 krb5_keyusage usage, 252 const krb5_data *ivec, 253 const krb5_data *input, 254 krb5_enc_data *output) 255{ 256 krb5_error_code ret; 257 krb5_crypto crypto; 258 259 ret = krb5_crypto_init(context, key, 0, &crypto); 260 if (ret) 261 return ret; 262 263 if (ivec) { 264 size_t blocksize; 265 266 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 267 if (ret) { 268 krb5_crypto_destroy(context, crypto); 269 return ret; 270 } 271 272 if (blocksize > ivec->length) { 273 krb5_crypto_destroy(context, crypto); 274 return KRB5_BAD_MSIZE; 275 } 276 } 277 278 ret = krb5_encrypt_ivec(context, crypto, usage, 279 input->data, input->length, 280 &output->ciphertext, 281 ivec ? ivec->data : NULL); 282 output->kvno = 0; 283 krb5_crypto_getenctype(context, crypto, &output->enctype); 284 285 krb5_crypto_destroy(context, crypto); 286 287 return ret ; 288} 289 290KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 291krb5_c_encrypt_length(krb5_context context, 292 krb5_enctype enctype, 293 size_t inputlen, 294 size_t *length) 295{ 296 krb5_error_code ret; 297 krb5_crypto crypto; 298 krb5_keyblock key; 299 300 ret = krb5_generate_random_keyblock(context, enctype, &key); 301 if (ret) 302 return ret; 303 304 ret = krb5_crypto_init(context, &key, 0, &crypto); 305 krb5_free_keyblock_contents(context, &key); 306 if (ret) 307 return ret; 308 309 *length = krb5_get_wrapped_length(context, crypto, inputlen); 310 krb5_crypto_destroy(context, crypto); 311 312 return 0; 313} 314 315/** 316 * Deprecated: keytypes doesn't exists, they are really enctypes. 317 * 318 * @ingroup krb5_deprecated 319 */ 320 321KRB5_DEPRECATED 322KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 323krb5_c_enctype_compare(krb5_context context, 324 krb5_enctype e1, 325 krb5_enctype e2, 326 krb5_boolean *similar) 327{ 328 *similar = (e1 == e2); 329 return 0; 330} 331 332KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 333krb5_c_make_random_key(krb5_context context, 334 krb5_enctype enctype, 335 krb5_keyblock *random_key) 336{ 337 return krb5_generate_random_keyblock(context, enctype, random_key); 338} 339 340KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 341krb5_c_keylengths(krb5_context context, 342 krb5_enctype enctype, 343 size_t *ilen, 344 size_t *keylen) 345{ 346 krb5_error_code ret; 347 348 ret = krb5_enctype_keybits(context, enctype, ilen); 349 if (ret) 350 return ret; 351 *ilen = (*ilen + 7) / 8; 352 return krb5_enctype_keysize(context, enctype, keylen); 353} 354 355KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 356krb5_c_prf_length(krb5_context context, 357 krb5_enctype type, 358 size_t *length) 359{ 360 return krb5_crypto_prf_length(context, type, length); 361} 362 363KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 364krb5_c_prf(krb5_context context, 365 const krb5_keyblock *key, 366 const krb5_data *input, 367 krb5_data *output) 368{ 369 krb5_crypto crypto; 370 krb5_error_code ret; 371 372 ret = krb5_crypto_init(context, key, 0, &crypto); 373 if (ret) 374 return ret; 375 376 ret = krb5_crypto_prf(context, crypto, input, output); 377 krb5_crypto_destroy(context, crypto); 378 379 return ret; 380} 381 382KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 383krb5_c_random_make_octets(krb5_context context, krb5_data * data) 384{ 385 return krb5_generate_random_keyblock(context, data->length, data->data); 386} 387 388/** 389 * MIT compat glue 390 * 391 * @ingroup krb5_ccache 392 */ 393 394KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 395krb5_cc_copy_creds(krb5_context context, 396 const krb5_ccache from, 397 krb5_ccache to) 398{ 399 return krb5_cc_copy_cache(context, from, to); 400} 401 402KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 403krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, 404 krb5_keyblock **keyblock) 405{ 406 return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); 407} 408 409KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 410krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, 411 krb5_keyblock **keyblock) 412{ 413 return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); 414} 415 416KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 417krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, 418 krb5_keyblock *keyblock) 419{ 420 return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); 421} 422 423KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 424krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, 425 krb5_keyblock *keyblock) 426{ 427 return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); 428} 429 430KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 431krb5_free_default_realm(krb5_context context, krb5_realm realm) 432{ 433 return krb5_xfree(realm); 434} 435 436#endif /* HEIMDAL_SMALLER */ 437