1 /* $NetBSD: mit_glue.c,v 1.1.1.1 2011/04/13 18:15:36 elric Exp $ */ 2 3 /* 4 * Copyright (c) 2003 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #define KRB5_DEPRECATED 37 38 #include "krb5_locl.h" 39 40 #ifndef HEIMDAL_SMALLER 41 42 /* 43 * Glue for MIT API 44 */ 45 46 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 47 krb5_c_make_checksum(krb5_context context, 48 krb5_cksumtype cksumtype, 49 const krb5_keyblock *key, 50 krb5_keyusage usage, 51 const krb5_data *input, 52 krb5_checksum *cksum) 53 { 54 krb5_error_code ret; 55 krb5_crypto crypto; 56 57 ret = krb5_crypto_init(context, key, 0, &crypto); 58 if (ret) 59 return ret; 60 61 ret = krb5_create_checksum(context, crypto, usage, cksumtype, 62 input->data, input->length, cksum); 63 krb5_crypto_destroy(context, crypto); 64 65 return ret ; 66 } 67 68 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 69 krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 70 krb5_keyusage usage, const krb5_data *data, 71 const krb5_checksum *cksum, krb5_boolean *valid) 72 { 73 krb5_error_code ret; 74 krb5_checksum data_cksum; 75 76 *valid = 0; 77 78 ret = krb5_c_make_checksum(context, cksum->cksumtype, 79 key, usage, data, &data_cksum); 80 if (ret) 81 return ret; 82 83 if (data_cksum.cksumtype == cksum->cksumtype 84 && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) 85 *valid = 1; 86 87 krb5_free_checksum_contents(context, &data_cksum); 88 89 return 0; 90 } 91 92 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 93 krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, 94 krb5_cksumtype *type, krb5_data **data) 95 { 96 krb5_error_code ret; 97 98 if (type) 99 *type = cksum->cksumtype; 100 if (data) { 101 *data = malloc(sizeof(**data)); 102 if (*data == NULL) 103 return ENOMEM; 104 105 ret = der_copy_octet_string(&cksum->checksum, *data); 106 if (ret) { 107 free(*data); 108 *data = NULL; 109 return ret; 110 } 111 } 112 return 0; 113 } 114 115 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 116 krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, 117 krb5_cksumtype type, const krb5_data *data) 118 { 119 cksum->cksumtype = type; 120 return der_copy_octet_string(data, &cksum->checksum); 121 } 122 123 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 124 krb5_free_checksum (krb5_context context, krb5_checksum *cksum) 125 { 126 krb5_checksum_free(context, cksum); 127 free(cksum); 128 } 129 130 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 131 krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) 132 { 133 krb5_checksum_free(context, cksum); 134 memset(cksum, 0, sizeof(*cksum)); 135 } 136 137 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 138 krb5_checksum_free(krb5_context context, krb5_checksum *cksum) 139 { 140 free_Checksum(cksum); 141 } 142 143 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 144 krb5_c_valid_enctype (krb5_enctype etype) 145 { 146 return krb5_enctype_valid(NULL, etype); 147 } 148 149 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 150 krb5_c_valid_cksumtype(krb5_cksumtype ctype) 151 { 152 return krb5_cksumtype_valid(NULL, ctype); 153 } 154 155 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 156 krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) 157 { 158 return krb5_checksum_is_collision_proof(NULL, ctype); 159 } 160 161 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 162 krb5_c_is_keyed_cksum(krb5_cksumtype ctype) 163 { 164 return krb5_checksum_is_keyed(NULL, ctype); 165 } 166 167 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 168 krb5_copy_checksum (krb5_context context, 169 const krb5_checksum *old, 170 krb5_checksum **new) 171 { 172 *new = malloc(sizeof(**new)); 173 if (*new == NULL) 174 return ENOMEM; 175 return copy_Checksum(old, *new); 176 } 177 178 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 179 krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, 180 size_t *length) 181 { 182 return krb5_checksumsize(context, cksumtype, length); 183 } 184 185 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 186 krb5_c_block_size(krb5_context context, 187 krb5_enctype enctype, 188 size_t *blocksize) 189 { 190 krb5_error_code ret; 191 krb5_crypto crypto; 192 krb5_keyblock key; 193 194 ret = krb5_generate_random_keyblock(context, enctype, &key); 195 if (ret) 196 return ret; 197 198 ret = krb5_crypto_init(context, &key, 0, &crypto); 199 krb5_free_keyblock_contents(context, &key); 200 if (ret) 201 return ret; 202 ret = krb5_crypto_getblocksize(context, crypto, blocksize); 203 krb5_crypto_destroy(context, crypto); 204 205 return ret; 206 } 207 208 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 209 krb5_c_decrypt(krb5_context context, 210 const krb5_keyblock key, 211 krb5_keyusage usage, 212 const krb5_data *ivec, 213 krb5_enc_data *input, 214 krb5_data *output) 215 { 216 krb5_error_code ret; 217 krb5_crypto crypto; 218 219 ret = krb5_crypto_init(context, &key, input->enctype, &crypto); 220 if (ret) 221 return ret; 222 223 if (ivec) { 224 size_t blocksize; 225 226 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 227 if (ret) { 228 krb5_crypto_destroy(context, crypto); 229 return ret; 230 } 231 232 if (blocksize > ivec->length) { 233 krb5_crypto_destroy(context, crypto); 234 return KRB5_BAD_MSIZE; 235 } 236 } 237 238 ret = krb5_decrypt_ivec(context, crypto, usage, 239 input->ciphertext.data, input->ciphertext.length, 240 output, 241 ivec ? ivec->data : NULL); 242 243 krb5_crypto_destroy(context, crypto); 244 245 return ret ; 246 } 247 248 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 249 krb5_c_encrypt(krb5_context context, 250 const krb5_keyblock *key, 251 krb5_keyusage usage, 252 const krb5_data *ivec, 253 const krb5_data *input, 254 krb5_enc_data *output) 255 { 256 krb5_error_code ret; 257 krb5_crypto crypto; 258 259 ret = krb5_crypto_init(context, key, 0, &crypto); 260 if (ret) 261 return ret; 262 263 if (ivec) { 264 size_t blocksize; 265 266 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 267 if (ret) { 268 krb5_crypto_destroy(context, crypto); 269 return ret; 270 } 271 272 if (blocksize > ivec->length) { 273 krb5_crypto_destroy(context, crypto); 274 return KRB5_BAD_MSIZE; 275 } 276 } 277 278 ret = krb5_encrypt_ivec(context, crypto, usage, 279 input->data, input->length, 280 &output->ciphertext, 281 ivec ? ivec->data : NULL); 282 output->kvno = 0; 283 krb5_crypto_getenctype(context, crypto, &output->enctype); 284 285 krb5_crypto_destroy(context, crypto); 286 287 return ret ; 288 } 289 290 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 291 krb5_c_encrypt_length(krb5_context context, 292 krb5_enctype enctype, 293 size_t inputlen, 294 size_t *length) 295 { 296 krb5_error_code ret; 297 krb5_crypto crypto; 298 krb5_keyblock key; 299 300 ret = krb5_generate_random_keyblock(context, enctype, &key); 301 if (ret) 302 return ret; 303 304 ret = krb5_crypto_init(context, &key, 0, &crypto); 305 krb5_free_keyblock_contents(context, &key); 306 if (ret) 307 return ret; 308 309 *length = krb5_get_wrapped_length(context, crypto, inputlen); 310 krb5_crypto_destroy(context, crypto); 311 312 return 0; 313 } 314 315 /** 316 * Deprecated: keytypes doesn't exists, they are really enctypes. 317 * 318 * @ingroup krb5_deprecated 319 */ 320 321 KRB5_DEPRECATED 322 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 323 krb5_c_enctype_compare(krb5_context context, 324 krb5_enctype e1, 325 krb5_enctype e2, 326 krb5_boolean *similar) 327 { 328 *similar = (e1 == e2); 329 return 0; 330 } 331 332 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 333 krb5_c_make_random_key(krb5_context context, 334 krb5_enctype enctype, 335 krb5_keyblock *random_key) 336 { 337 return krb5_generate_random_keyblock(context, enctype, random_key); 338 } 339 340 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 341 krb5_c_keylengths(krb5_context context, 342 krb5_enctype enctype, 343 size_t *ilen, 344 size_t *keylen) 345 { 346 krb5_error_code ret; 347 348 ret = krb5_enctype_keybits(context, enctype, ilen); 349 if (ret) 350 return ret; 351 *ilen = (*ilen + 7) / 8; 352 return krb5_enctype_keysize(context, enctype, keylen); 353 } 354 355 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 356 krb5_c_prf_length(krb5_context context, 357 krb5_enctype type, 358 size_t *length) 359 { 360 return krb5_crypto_prf_length(context, type, length); 361 } 362 363 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 364 krb5_c_prf(krb5_context context, 365 const krb5_keyblock *key, 366 const krb5_data *input, 367 krb5_data *output) 368 { 369 krb5_crypto crypto; 370 krb5_error_code ret; 371 372 ret = krb5_crypto_init(context, key, 0, &crypto); 373 if (ret) 374 return ret; 375 376 ret = krb5_crypto_prf(context, crypto, input, output); 377 krb5_crypto_destroy(context, crypto); 378 379 return ret; 380 } 381 382 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 383 krb5_c_random_make_octets(krb5_context context, krb5_data * data) 384 { 385 return krb5_generate_random_keyblock(context, data->length, data->data); 386 } 387 388 /** 389 * MIT compat glue 390 * 391 * @ingroup krb5_ccache 392 */ 393 394 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 395 krb5_cc_copy_creds(krb5_context context, 396 const krb5_ccache from, 397 krb5_ccache to) 398 { 399 return krb5_cc_copy_cache(context, from, to); 400 } 401 402 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 403 krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, 404 krb5_keyblock **keyblock) 405 { 406 return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); 407 } 408 409 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 410 krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, 411 krb5_keyblock **keyblock) 412 { 413 return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); 414 } 415 416 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 417 krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, 418 krb5_keyblock *keyblock) 419 { 420 return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); 421 } 422 423 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 424 krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, 425 krb5_keyblock *keyblock) 426 { 427 return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); 428 } 429 430 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 431 krb5_free_default_realm(krb5_context context, krb5_realm realm) 432 { 433 return krb5_xfree(realm); 434 } 435 436 #endif /* HEIMDAL_SMALLER */ 437