2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 /* coverity[+alloc : arg-*3] */
37 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
38 krb5_salttype_to_string (krb5_context context,
43 struct _krb5_encryption_type *e;
46 e = _krb5_find_enctype (etype);
48 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
49 "encryption type %d not supported",
51 return KRB5_PROG_ETYPE_NOSUPP;
53 for (st = e->keytype->string_to_key; st && st->type; st++) {
54 if (st->type == stype) {
55 *string = strdup (st->name);
56 if (*string == NULL) {
57 krb5_set_error_message (context, ENOMEM,
58 N_("malloc: out of memory", ""));
64 krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP,
65 "salttype %d not supported", stype);
66 return HEIM_ERR_SALTTYPE_NOSUPP;
69 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
70 krb5_string_to_salttype (krb5_context context,
73 krb5_salttype *salttype)
75 struct _krb5_encryption_type *e;
78 e = _krb5_find_enctype (etype);
80 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
81 N_("encryption type %d not supported", ""),
83 return KRB5_PROG_ETYPE_NOSUPP;
85 for (st = e->keytype->string_to_key; st && st->type; st++) {
86 if (strcasecmp (st->name, string) == 0) {
91 krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
92 N_("salttype %s not supported", ""), string);
93 return HEIM_ERR_SALTTYPE_NOSUPP;
96 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
97 krb5_get_pw_salt(krb5_context context,
98 krb5_const_principal principal,
106 salt->salttype = KRB5_PW_SALT;
107 len = strlen(principal->realm);
108 for (i = 0; i < principal->name.name_string.len; ++i)
109 len += strlen(principal->name.name_string.val[i]);
110 ret = krb5_data_alloc (&salt->saltvalue, len);
113 p = salt->saltvalue.data;
114 memcpy (p, principal->realm, strlen(principal->realm));
115 p += strlen(principal->realm);
116 for (i = 0; i < principal->name.name_string.len; ++i) {
118 principal->name.name_string.val[i],
119 strlen(principal->name.name_string.val[i]));
120 p += strlen(principal->name.name_string.val[i]);
125 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
126 krb5_free_salt(krb5_context context,
129 krb5_data_free(&salt.saltvalue);
133 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
134 krb5_string_to_key_data (krb5_context context,
135 krb5_enctype enctype,
137 krb5_principal principal,
143 ret = krb5_get_pw_salt(context, principal, &salt);
146 ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
147 krb5_free_salt(context, salt);
151 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
152 krb5_string_to_key (krb5_context context,
153 krb5_enctype enctype,
154 const char *password,
155 krb5_principal principal,
159 pw.data = rk_UNCONST(password);
160 pw.length = strlen(password);
161 return krb5_string_to_key_data(context, enctype, pw, principal, key);
164 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
165 krb5_string_to_key_data_salt (krb5_context context,
166 krb5_enctype enctype,
172 krb5_data_zero(&opaque);
173 return krb5_string_to_key_data_salt_opaque(context, enctype, password,
178 * Do a string -> key for encryption type `enctype' operation on
179 * `password' (with salt `salt' and the enctype specific data string
180 * `opaque'), returning the resulting key in `key'
183 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
184 krb5_string_to_key_data_salt_opaque (krb5_context context,
185 krb5_enctype enctype,
191 struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
192 struct salt_type *st;
194 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
195 N_("encryption type %d not supported", ""),
197 return KRB5_PROG_ETYPE_NOSUPP;
199 for(st = et->keytype->string_to_key; st && st->type; st++)
200 if(st->type == salt.salttype)
201 return (*st->string_to_key)(context, enctype, password,
203 krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
204 N_("salt type %d not supported", ""),
206 return HEIM_ERR_SALTTYPE_NOSUPP;
210 * Do a string -> key for encryption type `enctype' operation on the
211 * string `password' (with salt `salt'), returning the resulting key
215 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
216 krb5_string_to_key_salt (krb5_context context,
217 krb5_enctype enctype,
218 const char *password,
223 pw.data = rk_UNCONST(password);
224 pw.length = strlen(password);
225 return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
228 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
229 krb5_string_to_key_salt_opaque (krb5_context context,
230 krb5_enctype enctype,
231 const char *password,
237 pw.data = rk_UNCONST(password);
238 pw.length = strlen(password);
239 return krb5_string_to_key_data_salt_opaque(context, enctype,
240 pw, salt, opaque, key);
244 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
245 krb5_string_to_key_derived(krb5_context context,
251 struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
253 struct _krb5_key_data kd;
258 krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
259 N_("encryption type %d not supported", ""),
261 return KRB5_PROG_ETYPE_NOSUPP;
263 keylen = et->keytype->bits / 8;
267 krb5_set_error_message (context, ENOMEM,
268 N_("malloc: out of memory", ""));
271 ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
276 kd.key->keytype = etype;
277 tmp = malloc (keylen);
279 krb5_free_keyblock(context, kd.key);
280 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
283 ret = _krb5_n_fold(str, len, tmp, keylen);
286 krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
290 _krb5_DES3_random_to_key(context, kd.key, tmp, keylen);
291 memset(tmp, 0, keylen);
293 ret = _krb5_derive_key(context,
296 "kerberos", /* XXX well known constant */
299 _krb5_free_key_data(context, &kd, et);
302 ret = krb5_copy_keyblock_contents(context, kd.key, key);
303 _krb5_free_key_data(context, &kd, et);