1/* $NetBSD: mit_glue.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 3/* 4 * Copyright (c) 2003 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "krb5_locl.h" 37 38#ifndef HEIMDAL_SMALLER 39 40/* 41 * Glue for MIT API 42 */ 43 44KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 45krb5_c_make_checksum(krb5_context context, 46 krb5_cksumtype cksumtype, 47 const krb5_keyblock *key, 48 krb5_keyusage usage, 49 const krb5_data *input, 50 krb5_checksum *cksum) 51{ 52 krb5_error_code ret; 53 krb5_crypto crypto; 54 55 ret = krb5_crypto_init(context, key, 0, &crypto); 56 if (ret) 57 return ret; 58 59 ret = krb5_create_checksum(context, crypto, usage, cksumtype, 60 input->data, input->length, cksum); 61 krb5_crypto_destroy(context, crypto); 62 63 return ret ; 64} 65 66KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 67krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 68 krb5_keyusage usage, const krb5_data *data, 69 const krb5_checksum *cksum, krb5_boolean *valid) 70{ 71 krb5_error_code ret; 72 krb5_checksum data_cksum; 73 74 *valid = 0; 75 76 ret = krb5_c_make_checksum(context, cksum->cksumtype, 77 key, usage, data, &data_cksum); 78 if (ret) 79 return ret; 80 81 if (data_cksum.cksumtype == cksum->cksumtype 82 && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) 83 *valid = 1; 84 85 krb5_free_checksum_contents(context, &data_cksum); 86 87 return 0; 88} 89 90KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 91krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, 92 krb5_cksumtype *type, krb5_data **data) 93{ 94 krb5_error_code ret; 95 96 if (type) 97 *type = cksum->cksumtype; 98 if (data) { 99 *data = malloc(sizeof(**data)); 100 if (*data == NULL) 101 return krb5_enomem(context); 102 103 ret = der_copy_octet_string(&cksum->checksum, *data); 104 if (ret) { 105 free(*data); 106 *data = NULL; 107 return ret; 108 } 109 } 110 return 0; 111} 112 113KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 114krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, 115 krb5_cksumtype type, const krb5_data *data) 116{ 117 cksum->cksumtype = type; 118 return der_copy_octet_string(data, &cksum->checksum); 119} 120 121KRB5_LIB_FUNCTION void KRB5_LIB_CALL 122krb5_free_checksum (krb5_context context, krb5_checksum *cksum) 123{ 124 krb5_checksum_free(context, cksum); 125 free(cksum); 126} 127 128KRB5_LIB_FUNCTION void KRB5_LIB_CALL 129krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) 130{ 131 krb5_checksum_free(context, cksum); 132 memset(cksum, 0, sizeof(*cksum)); 133} 134 135KRB5_LIB_FUNCTION void KRB5_LIB_CALL 136krb5_checksum_free(krb5_context context, krb5_checksum *cksum) 137{ 138 free_Checksum(cksum); 139} 140 141KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 142krb5_c_valid_enctype (krb5_enctype etype) 143{ 144 return !krb5_enctype_valid(NULL, etype); 145} 146 147KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 148krb5_c_valid_cksumtype(krb5_cksumtype ctype) 149{ 150 return krb5_cksumtype_valid(NULL, ctype); 151} 152 153KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 154krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) 155{ 156 return krb5_checksum_is_collision_proof(NULL, ctype); 157} 158 159KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 160krb5_c_is_keyed_cksum(krb5_cksumtype ctype) 161{ 162 return krb5_checksum_is_keyed(NULL, ctype); 163} 164 165KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 166krb5_copy_checksum (krb5_context context, 167 const krb5_checksum *old, 168 krb5_checksum **new) 169{ 170 *new = malloc(sizeof(**new)); 171 if (*new == NULL) 172 return krb5_enomem(context); 173 return copy_Checksum(old, *new); 174} 175 176KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 177krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, 178 size_t *length) 179{ 180 return krb5_checksumsize(context, cksumtype, length); 181} 182 183KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 184krb5_c_block_size(krb5_context context, 185 krb5_enctype enctype, 186 size_t *blocksize) 187{ 188 krb5_error_code ret; 189 krb5_crypto crypto; 190 krb5_keyblock key; 191 192 ret = krb5_generate_random_keyblock(context, enctype, &key); 193 if (ret) 194 return ret; 195 196 ret = krb5_crypto_init(context, &key, 0, &crypto); 197 krb5_free_keyblock_contents(context, &key); 198 if (ret) 199 return ret; 200 ret = krb5_crypto_getblocksize(context, crypto, blocksize); 201 krb5_crypto_destroy(context, crypto); 202 203 return ret; 204} 205 206KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 207krb5_c_decrypt(krb5_context context, 208 const krb5_keyblock key, 209 krb5_keyusage usage, 210 const krb5_data *ivec, 211 krb5_enc_data *input, 212 krb5_data *output) 213{ 214 krb5_error_code ret; 215 krb5_crypto crypto; 216 217 ret = krb5_crypto_init(context, &key, input->enctype, &crypto); 218 if (ret) 219 return ret; 220 221 if (ivec) { 222 size_t blocksize; 223 224 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 225 if (ret) { 226 krb5_crypto_destroy(context, crypto); 227 return ret; 228 } 229 230 if (blocksize > ivec->length) { 231 krb5_crypto_destroy(context, crypto); 232 return KRB5_BAD_MSIZE; 233 } 234 } 235 236 ret = krb5_decrypt_ivec(context, crypto, usage, 237 input->ciphertext.data, input->ciphertext.length, 238 output, 239 ivec ? ivec->data : NULL); 240 241 krb5_crypto_destroy(context, crypto); 242 243 return ret ; 244} 245 246KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 247krb5_c_encrypt(krb5_context context, 248 const krb5_keyblock *key, 249 krb5_keyusage usage, 250 const krb5_data *ivec, 251 const krb5_data *input, 252 krb5_enc_data *output) 253{ 254 krb5_error_code ret; 255 krb5_crypto crypto; 256 257 ret = krb5_crypto_init(context, key, 0, &crypto); 258 if (ret) 259 return ret; 260 261 if (ivec) { 262 size_t blocksize; 263 264 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 265 if (ret) { 266 krb5_crypto_destroy(context, crypto); 267 return ret; 268 } 269 270 if (blocksize > ivec->length) { 271 krb5_crypto_destroy(context, crypto); 272 return KRB5_BAD_MSIZE; 273 } 274 } 275 276 ret = krb5_encrypt_ivec(context, crypto, usage, 277 input->data, input->length, 278 &output->ciphertext, 279 ivec ? ivec->data : NULL); 280 output->kvno = 0; 281 krb5_crypto_getenctype(context, crypto, &output->enctype); 282 283 krb5_crypto_destroy(context, crypto); 284 285 return ret ; 286} 287 288KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 289krb5_c_encrypt_length(krb5_context context, 290 krb5_enctype enctype, 291 size_t inputlen, 292 size_t *length) 293{ 294 krb5_error_code ret; 295 krb5_crypto crypto; 296 krb5_keyblock key; 297 298 ret = krb5_generate_random_keyblock(context, enctype, &key); 299 if (ret) 300 return ret; 301 302 ret = krb5_crypto_init(context, &key, 0, &crypto); 303 krb5_free_keyblock_contents(context, &key); 304 if (ret) 305 return ret; 306 307 *length = krb5_get_wrapped_length(context, crypto, inputlen); 308 krb5_crypto_destroy(context, crypto); 309 310 return 0; 311} 312 313/** 314 * Deprecated: keytypes doesn't exists, they are really enctypes. 315 * 316 * @ingroup krb5_deprecated 317 */ 318 319KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 320krb5_c_enctype_compare(krb5_context context, 321 krb5_enctype e1, 322 krb5_enctype e2, 323 krb5_boolean *similar) 324 KRB5_DEPRECATED_FUNCTION("Use X instead") 325{ 326 *similar = (e1 == e2); 327 return 0; 328} 329 330KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 331krb5_c_make_random_key(krb5_context context, 332 krb5_enctype enctype, 333 krb5_keyblock *random_key) 334{ 335 return krb5_generate_random_keyblock(context, enctype, random_key); 336} 337 338KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 339krb5_c_keylengths(krb5_context context, 340 krb5_enctype enctype, 341 size_t *ilen, 342 size_t *keylen) 343{ 344 krb5_error_code ret; 345 346 ret = krb5_enctype_keybits(context, enctype, ilen); 347 if (ret) 348 return ret; 349 *ilen = (*ilen + 7) / 8; 350 return krb5_enctype_keysize(context, enctype, keylen); 351} 352 353KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 354krb5_c_prf_length(krb5_context context, 355 krb5_enctype type, 356 size_t *length) 357{ 358 return krb5_crypto_prf_length(context, type, length); 359} 360 361KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 362krb5_c_prf(krb5_context context, 363 const krb5_keyblock *key, 364 const krb5_data *input, 365 krb5_data *output) 366{ 367 krb5_crypto crypto; 368 krb5_error_code ret; 369 370 ret = krb5_crypto_init(context, key, 0, &crypto); 371 if (ret) 372 return ret; 373 374 ret = krb5_crypto_prf(context, crypto, input, output); 375 krb5_crypto_destroy(context, crypto); 376 377 return ret; 378} 379 380KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 381krb5_c_random_make_octets(krb5_context context, krb5_data * data) 382{ 383 krb5_generate_random_block(data->data, data->length); 384 return 0; 385} 386 387/** 388 * MIT compat glue 389 * 390 * @ingroup krb5_ccache 391 */ 392 393KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 394krb5_cc_copy_creds(krb5_context context, 395 const krb5_ccache from, 396 krb5_ccache to) 397{ 398 return krb5_cc_copy_cache(context, from, to); 399} 400 401KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 402krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, 403 krb5_keyblock **keyblock) 404{ 405 return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); 406} 407 408KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 409krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, 410 krb5_keyblock **keyblock) 411{ 412 return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); 413} 414 415KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 416krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, 417 krb5_keyblock *keyblock) 418{ 419 return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); 420} 421 422KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 423krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, 424 krb5_keyblock *keyblock) 425{ 426 return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); 427} 428 429KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 430krb5_free_default_realm(krb5_context context, krb5_realm realm) 431{ 432 return krb5_xfree(realm); 433} 434 435#endif /* HEIMDAL_SMALLER */ 436