1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/kdb/encrypt_key.c */
3 /*
4  * Copyright 1990,1991 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 /*
27  * Copyright (C) 1998 by the FundsXpress, INC.
28  *
29  * All rights reserved.
30  *
31  * Export of this software from the United States of America may require
32  * a specific license from the United States Government.  It is the
33  * responsibility of any person or organization contemplating export to
34  * obtain such a license before exporting.
35  *
36  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
37  * distribute this software and its documentation for any purpose and
38  * without fee is hereby granted, provided that the above copyright
39  * notice appear in all copies and that both that copyright notice and
40  * this permission notice appear in supporting documentation, and that
41  * the name of FundsXpress. not be used in advertising or publicity pertaining
42  * to distribution of the software without specific, written prior
43  * permission.  FundsXpress makes no representations about the suitability of
44  * this software for any purpose.  It is provided "as is" without express
45  * or implied warranty.
46  *
47  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50  */
51 
52 #include "k5-int.h"
53 #include "kdb.h"
54 
55 /*
56  * Encrypt a key for storage in the database.  "eblock" is used
57  * to encrypt the key in "in" into "out"; the storage pointed to by "out"
58  * is allocated before use.
59  */
60 
61 krb5_error_code
krb5_dbe_def_encrypt_key_data(krb5_context context,const krb5_keyblock * mkey,const krb5_keyblock * dbkey,const krb5_keysalt * keysalt,int keyver,krb5_key_data * key_data)62 krb5_dbe_def_encrypt_key_data( krb5_context             context,
63                                const krb5_keyblock    * mkey,
64                                const krb5_keyblock    * dbkey,
65                                const krb5_keysalt     * keysalt,
66                                int                      keyver,
67                                krb5_key_data          * key_data)
68 {
69     krb5_error_code               retval;
70     krb5_octet                  * ptr;
71     size_t                        len;
72     int                           i;
73     krb5_data                     plain;
74     krb5_enc_data                 cipher;
75 
76     for (i = 0; i < key_data->key_data_ver; i++) {
77         free(key_data->key_data_contents[i]);
78         key_data->key_data_contents[i] = NULL;
79     }
80 
81     key_data->key_data_ver = 1;
82     key_data->key_data_kvno = keyver;
83 
84     /*
85      * The First element of the type/length/contents
86      * fields is the key type/length/contents
87      */
88     if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length,
89                                         &len)))
90         return(retval);
91 
92     ptr = malloc(2 + len);
93     if (ptr == NULL)
94         return(ENOMEM);
95 
96     key_data->key_data_type[0] = dbkey->enctype;
97     key_data->key_data_length[0] = 2 + len;
98     key_data->key_data_contents[0] = ptr;
99 
100     krb5_kdb_encode_int16(dbkey->length, ptr);
101     ptr += 2;
102 
103     plain.length = dbkey->length;
104     plain.data = (char *) dbkey->contents;
105 
106     cipher.ciphertext.length = len;
107     cipher.ciphertext.data = (char *) ptr;
108 
109     if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
110                                  &plain, &cipher))) {
111         free(key_data->key_data_contents[0]);
112         return retval;
113     }
114 
115     /* After key comes the salt in necessary */
116     if (keysalt) {
117         if (keysalt->type > 0) {
118             key_data->key_data_ver++;
119             key_data->key_data_type[1] = keysalt->type;
120             if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
121                 key_data->key_data_contents[1] = malloc(keysalt->data.length);
122                 if (key_data->key_data_contents[1] == NULL) {
123                     free(key_data->key_data_contents[0]);
124                     return ENOMEM;
125                 }
126                 memcpy(key_data->key_data_contents[1], keysalt->data.data,
127                        (size_t) keysalt->data.length);
128             }
129         }
130     }
131 
132     return retval;
133 }
134