|
Packit Service |
99d1c0 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit Service |
99d1c0 |
/* lib/kdb/encrypt_key.c */
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
|
|
Packit Service |
99d1c0 |
* All Rights Reserved.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Export of this software from the United States of America may
|
|
Packit Service |
99d1c0 |
* require a specific license from the United States Government.
|
|
Packit Service |
99d1c0 |
* It is the responsibility of any person or organization contemplating
|
|
Packit Service |
99d1c0 |
* export to obtain such a license before exporting.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit Service |
99d1c0 |
* distribute this software and its documentation for any purpose and
|
|
Packit Service |
99d1c0 |
* without fee is hereby granted, provided that the above copyright
|
|
Packit Service |
99d1c0 |
* notice appear in all copies and that both that copyright notice and
|
|
Packit Service |
99d1c0 |
* this permission notice appear in supporting documentation, and that
|
|
Packit Service |
99d1c0 |
* the name of M.I.T. not be used in advertising or publicity pertaining
|
|
Packit Service |
99d1c0 |
* to distribution of the software without specific, written prior
|
|
Packit Service |
99d1c0 |
* permission. Furthermore if you modify this software you must label
|
|
Packit Service |
99d1c0 |
* your software as modified software and not distribute it in such a
|
|
Packit Service |
99d1c0 |
* fashion that it might be confused with the original M.I.T. software.
|
|
Packit Service |
99d1c0 |
* M.I.T. makes no representations about the suitability of
|
|
Packit Service |
99d1c0 |
* this software for any purpose. It is provided "as is" without express
|
|
Packit Service |
99d1c0 |
* or implied warranty.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copyright (C) 1998 by the FundsXpress, INC.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* All rights reserved.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Export of this software from the United States of America may require
|
|
Packit Service |
99d1c0 |
* a specific license from the United States Government. It is the
|
|
Packit Service |
99d1c0 |
* responsibility of any person or organization contemplating export to
|
|
Packit Service |
99d1c0 |
* obtain such a license before exporting.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit Service |
99d1c0 |
* distribute this software and its documentation for any purpose and
|
|
Packit Service |
99d1c0 |
* without fee is hereby granted, provided that the above copyright
|
|
Packit Service |
99d1c0 |
* notice appear in all copies and that both that copyright notice and
|
|
Packit Service |
99d1c0 |
* this permission notice appear in supporting documentation, and that
|
|
Packit Service |
99d1c0 |
* the name of FundsXpress. not be used in advertising or publicity pertaining
|
|
Packit Service |
99d1c0 |
* to distribution of the software without specific, written prior
|
|
Packit Service |
99d1c0 |
* permission. FundsXpress makes no representations about the suitability of
|
|
Packit Service |
99d1c0 |
* this software for any purpose. It is provided "as is" without express
|
|
Packit Service |
99d1c0 |
* or implied warranty.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
|
Packit Service |
99d1c0 |
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
|
Packit Service |
99d1c0 |
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
#include "k5-int.h"
|
|
Packit Service |
99d1c0 |
#include "kdb.h"
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Encrypt a key for storage in the database. "eblock" is used
|
|
Packit Service |
99d1c0 |
* to encrypt the key in "in" into "out"; the storage pointed to by "out"
|
|
Packit Service |
99d1c0 |
* is allocated before use.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_error_code
|
|
Packit Service |
99d1c0 |
krb5_dbe_def_encrypt_key_data( krb5_context context,
|
|
Packit Service |
99d1c0 |
const krb5_keyblock * mkey,
|
|
Packit Service |
99d1c0 |
const krb5_keyblock * dbkey,
|
|
Packit Service |
99d1c0 |
const krb5_keysalt * keysalt,
|
|
Packit Service |
99d1c0 |
int keyver,
|
|
Packit Service |
99d1c0 |
krb5_key_data * key_data)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
krb5_error_code retval;
|
|
Packit Service |
99d1c0 |
krb5_octet * ptr;
|
|
Packit Service |
99d1c0 |
size_t len;
|
|
Packit Service |
99d1c0 |
int i;
|
|
Packit Service |
99d1c0 |
krb5_data plain;
|
|
Packit Service |
99d1c0 |
krb5_enc_data cipher;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
for (i = 0; i < key_data->key_data_ver; i++) {
|
|
Packit Service |
99d1c0 |
free(key_data->key_data_contents[i]);
|
|
Packit Service |
99d1c0 |
key_data->key_data_contents[i] = NULL;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
key_data->key_data_ver = 1;
|
|
Packit Service |
99d1c0 |
key_data->key_data_kvno = keyver;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* The First element of the type/length/contents
|
|
Packit Service |
99d1c0 |
* fields is the key type/length/contents
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length,
|
|
Packit Service |
99d1c0 |
&len)))
|
|
Packit Service |
99d1c0 |
return(retval);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
ptr = malloc(2 + len);
|
|
Packit Service |
99d1c0 |
if (ptr == NULL)
|
|
Packit Service |
99d1c0 |
return(ENOMEM);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
key_data->key_data_type[0] = dbkey->enctype;
|
|
Packit Service |
99d1c0 |
key_data->key_data_length[0] = 2 + len;
|
|
Packit Service |
99d1c0 |
key_data->key_data_contents[0] = ptr;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_kdb_encode_int16(dbkey->length, ptr);
|
|
Packit Service |
99d1c0 |
ptr += 2;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
plain.length = dbkey->length;
|
|
Packit Service |
99d1c0 |
plain.data = (char *) dbkey->contents;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
cipher.ciphertext.length = len;
|
|
Packit Service |
99d1c0 |
cipher.ciphertext.data = (char *) ptr;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
|
|
Packit Service |
99d1c0 |
&plain, &cipher))) {
|
|
Packit Service |
99d1c0 |
free(key_data->key_data_contents[0]);
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* After key comes the salt in necessary */
|
|
Packit Service |
99d1c0 |
if (keysalt) {
|
|
Packit Service |
99d1c0 |
if (keysalt->type > 0) {
|
|
Packit Service |
99d1c0 |
key_data->key_data_ver++;
|
|
Packit Service |
99d1c0 |
key_data->key_data_type[1] = keysalt->type;
|
|
Packit Service |
99d1c0 |
if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
|
|
Packit Service |
99d1c0 |
key_data->key_data_contents[1] = malloc(keysalt->data.length);
|
|
Packit Service |
99d1c0 |
if (key_data->key_data_contents[1] == NULL) {
|
|
Packit Service |
99d1c0 |
free(key_data->key_data_contents[0]);
|
|
Packit Service |
99d1c0 |
return ENOMEM;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
memcpy(key_data->key_data_contents[1], keysalt->data.data,
|
|
Packit Service |
99d1c0 |
(size_t) keysalt->data.length);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
return retval;
|
|
Packit Service |
99d1c0 |
}
|