1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/kdb/encrypt_key.c */
3 /*
4 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26 /*
27 * Copyright (C) 1998 by the FundsXpress, INC.
28 *
29 * All rights reserved.
30 *
31 * Export of this software from the United States of America may require
32 * a specific license from the United States Government. It is the
33 * responsibility of any person or organization contemplating export to
34 * obtain such a license before exporting.
35 *
36 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37 * distribute this software and its documentation for any purpose and
38 * without fee is hereby granted, provided that the above copyright
39 * notice appear in all copies and that both that copyright notice and
40 * this permission notice appear in supporting documentation, and that
41 * the name of FundsXpress. not be used in advertising or publicity pertaining
42 * to distribution of the software without specific, written prior
43 * permission. FundsXpress makes no representations about the suitability of
44 * this software for any purpose. It is provided "as is" without express
45 * or implied warranty.
46 *
47 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50 */
51
52 #include "k5-int.h"
53 #include "kdb.h"
54
55 /*
56 * Encrypt a key for storage in the database. "eblock" is used
57 * to encrypt the key in "in" into "out"; the storage pointed to by "out"
58 * is allocated before use.
59 */
60
61 krb5_error_code
krb5_dbe_def_encrypt_key_data(krb5_context context,const krb5_keyblock * mkey,const krb5_keyblock * dbkey,const krb5_keysalt * keysalt,int keyver,krb5_key_data * key_data)62 krb5_dbe_def_encrypt_key_data( krb5_context context,
63 const krb5_keyblock * mkey,
64 const krb5_keyblock * dbkey,
65 const krb5_keysalt * keysalt,
66 int keyver,
67 krb5_key_data * key_data)
68 {
69 krb5_error_code retval;
70 krb5_octet * ptr;
71 size_t len;
72 int i;
73 krb5_data plain;
74 krb5_enc_data cipher;
75
76 for (i = 0; i < key_data->key_data_ver; i++) {
77 free(key_data->key_data_contents[i]);
78 key_data->key_data_contents[i] = NULL;
79 }
80
81 key_data->key_data_ver = 1;
82 key_data->key_data_kvno = keyver;
83
84 /*
85 * The First element of the type/length/contents
86 * fields is the key type/length/contents
87 */
88 if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length,
89 &len)))
90 return(retval);
91
92 ptr = malloc(2 + len);
93 if (ptr == NULL)
94 return(ENOMEM);
95
96 key_data->key_data_type[0] = dbkey->enctype;
97 key_data->key_data_length[0] = 2 + len;
98 key_data->key_data_contents[0] = ptr;
99
100 krb5_kdb_encode_int16(dbkey->length, ptr);
101 ptr += 2;
102
103 plain.length = dbkey->length;
104 plain.data = (char *) dbkey->contents;
105
106 cipher.ciphertext.length = len;
107 cipher.ciphertext.data = (char *) ptr;
108
109 if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
110 &plain, &cipher))) {
111 free(key_data->key_data_contents[0]);
112 return retval;
113 }
114
115 /* After key comes the salt in necessary */
116 if (keysalt) {
117 if (keysalt->type > 0) {
118 key_data->key_data_ver++;
119 key_data->key_data_type[1] = keysalt->type;
120 if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
121 key_data->key_data_contents[1] = malloc(keysalt->data.length);
122 if (key_data->key_data_contents[1] == NULL) {
123 free(key_data->key_data_contents[0]);
124 return ENOMEM;
125 }
126 memcpy(key_data->key_data_contents[1], keysalt->data.data,
127 (size_t) keysalt->data.length);
128 }
129 }
130 }
131
132 return retval;
133 }
134