2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 /* coverity[+alloc : arg-*3] */
37 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
38 krb5_salttype_to_string (krb5_context context
,
43 struct _krb5_encryption_type
*e
;
46 e
= _krb5_find_enctype (etype
);
48 krb5_set_error_message(context
, KRB5_PROG_ETYPE_NOSUPP
,
49 "encryption type %d not supported",
51 return KRB5_PROG_ETYPE_NOSUPP
;
53 for (st
= e
->keytype
->string_to_key
; st
&& st
->type
; st
++) {
54 if (st
->type
== stype
) {
55 *string
= strdup (st
->name
);
56 if (*string
== NULL
) {
57 krb5_set_error_message (context
, ENOMEM
,
58 N_("malloc: out of memory", ""));
64 krb5_set_error_message (context
, HEIM_ERR_SALTTYPE_NOSUPP
,
65 "salttype %d not supported", stype
);
66 return HEIM_ERR_SALTTYPE_NOSUPP
;
69 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
70 krb5_string_to_salttype (krb5_context context
,
73 krb5_salttype
*salttype
)
75 struct _krb5_encryption_type
*e
;
78 e
= _krb5_find_enctype (etype
);
80 krb5_set_error_message(context
, KRB5_PROG_ETYPE_NOSUPP
,
81 N_("encryption type %d not supported", ""),
83 return KRB5_PROG_ETYPE_NOSUPP
;
85 for (st
= e
->keytype
->string_to_key
; st
&& st
->type
; st
++) {
86 if (strcasecmp (st
->name
, string
) == 0) {
91 krb5_set_error_message(context
, HEIM_ERR_SALTTYPE_NOSUPP
,
92 N_("salttype %s not supported", ""), string
);
93 return HEIM_ERR_SALTTYPE_NOSUPP
;
96 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
97 krb5_get_pw_salt(krb5_context context
,
98 krb5_const_principal principal
,
106 salt
->salttype
= KRB5_PW_SALT
;
107 len
= strlen(principal
->realm
);
108 for (i
= 0; i
< principal
->name
.name_string
.len
; ++i
)
109 len
+= strlen(principal
->name
.name_string
.val
[i
]);
110 ret
= krb5_data_alloc (&salt
->saltvalue
, len
);
113 p
= salt
->saltvalue
.data
;
114 memcpy (p
, principal
->realm
, strlen(principal
->realm
));
115 p
+= strlen(principal
->realm
);
116 for (i
= 0; i
< principal
->name
.name_string
.len
; ++i
) {
118 principal
->name
.name_string
.val
[i
],
119 strlen(principal
->name
.name_string
.val
[i
]));
120 p
+= strlen(principal
->name
.name_string
.val
[i
]);
125 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
126 krb5_free_salt(krb5_context context
,
129 krb5_data_free(&salt
.saltvalue
);
133 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
134 krb5_string_to_key_data (krb5_context context
,
135 krb5_enctype enctype
,
137 krb5_principal principal
,
143 ret
= krb5_get_pw_salt(context
, principal
, &salt
);
146 ret
= krb5_string_to_key_data_salt(context
, enctype
, password
, salt
, key
);
147 krb5_free_salt(context
, salt
);
151 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
152 krb5_string_to_key (krb5_context context
,
153 krb5_enctype enctype
,
154 const char *password
,
155 krb5_principal principal
,
159 pw
.data
= rk_UNCONST(password
);
160 pw
.length
= strlen(password
);
161 return krb5_string_to_key_data(context
, enctype
, pw
, principal
, key
);
164 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
165 krb5_string_to_key_data_salt (krb5_context context
,
166 krb5_enctype enctype
,
172 krb5_data_zero(&opaque
);
173 return krb5_string_to_key_data_salt_opaque(context
, enctype
, password
,
178 * Do a string -> key for encryption type `enctype' operation on
179 * `password' (with salt `salt' and the enctype specific data string
180 * `opaque'), returning the resulting key in `key'
183 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
184 krb5_string_to_key_data_salt_opaque (krb5_context context
,
185 krb5_enctype enctype
,
191 struct _krb5_encryption_type
*et
=_krb5_find_enctype(enctype
);
192 struct salt_type
*st
;
194 krb5_set_error_message(context
, KRB5_PROG_ETYPE_NOSUPP
,
195 N_("encryption type %d not supported", ""),
197 return KRB5_PROG_ETYPE_NOSUPP
;
199 for(st
= et
->keytype
->string_to_key
; st
&& st
->type
; st
++)
200 if(st
->type
== salt
.salttype
)
201 return (*st
->string_to_key
)(context
, enctype
, password
,
203 krb5_set_error_message(context
, HEIM_ERR_SALTTYPE_NOSUPP
,
204 N_("salt type %d not supported", ""),
206 return HEIM_ERR_SALTTYPE_NOSUPP
;
210 * Do a string -> key for encryption type `enctype' operation on the
211 * string `password' (with salt `salt'), returning the resulting key
215 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
216 krb5_string_to_key_salt (krb5_context context
,
217 krb5_enctype enctype
,
218 const char *password
,
223 pw
.data
= rk_UNCONST(password
);
224 pw
.length
= strlen(password
);
225 return krb5_string_to_key_data_salt(context
, enctype
, pw
, salt
, key
);
228 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
229 krb5_string_to_key_salt_opaque (krb5_context context
,
230 krb5_enctype enctype
,
231 const char *password
,
237 pw
.data
= rk_UNCONST(password
);
238 pw
.length
= strlen(password
);
239 return krb5_string_to_key_data_salt_opaque(context
, enctype
,
240 pw
, salt
, opaque
, key
);
244 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
245 krb5_string_to_key_derived(krb5_context context
,
251 struct _krb5_encryption_type
*et
= _krb5_find_enctype(etype
);
253 struct _krb5_key_data kd
;
258 krb5_set_error_message (context
, KRB5_PROG_ETYPE_NOSUPP
,
259 N_("encryption type %d not supported", ""),
261 return KRB5_PROG_ETYPE_NOSUPP
;
263 keylen
= et
->keytype
->bits
/ 8;
267 krb5_set_error_message (context
, ENOMEM
,
268 N_("malloc: out of memory", ""));
271 ret
= krb5_data_alloc(&kd
.key
->keyvalue
, et
->keytype
->size
);
276 kd
.key
->keytype
= etype
;
277 tmp
= malloc (keylen
);
279 krb5_free_keyblock(context
, kd
.key
);
280 krb5_set_error_message (context
, ENOMEM
, N_("malloc: out of memory", ""));
283 ret
= _krb5_n_fold(str
, len
, tmp
, keylen
);
286 krb5_set_error_message (context
, ENOMEM
, N_("malloc: out of memory", ""));
290 _krb5_DES3_random_to_key(context
, kd
.key
, tmp
, keylen
);
291 memset(tmp
, 0, keylen
);
293 ret
= _krb5_derive_key(context
,
296 "kerberos", /* XXX well known constant */
299 _krb5_free_key_data(context
, &kd
, et
);
302 ret
= krb5_copy_keyblock_contents(context
, kd
.key
, key
);
303 _krb5_free_key_data(context
, &kd
, et
);