1 /* $NetBSD: mit_glue.c,v 1.1.1.2 2014/04/24 12:45:50 pettai Exp $ */
2
3 /*
4 * Copyright (c) 2003 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "krb5_locl.h"
37
38 #ifndef HEIMDAL_SMALLER
39
40 /*
41 * Glue for MIT API
42 */
43
44 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_make_checksum(krb5_context context,krb5_cksumtype cksumtype,const krb5_keyblock * key,krb5_keyusage usage,const krb5_data * input,krb5_checksum * cksum)45 krb5_c_make_checksum(krb5_context context,
46 krb5_cksumtype cksumtype,
47 const krb5_keyblock *key,
48 krb5_keyusage usage,
49 const krb5_data *input,
50 krb5_checksum *cksum)
51 {
52 krb5_error_code ret;
53 krb5_crypto crypto;
54
55 ret = krb5_crypto_init(context, key, 0, &crypto);
56 if (ret)
57 return ret;
58
59 ret = krb5_create_checksum(context, crypto, usage, cksumtype,
60 input->data, input->length, cksum);
61 krb5_crypto_destroy(context, crypto);
62
63 return ret ;
64 }
65
66 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_verify_checksum(krb5_context context,const krb5_keyblock * key,krb5_keyusage usage,const krb5_data * data,const krb5_checksum * cksum,krb5_boolean * valid)67 krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
68 krb5_keyusage usage, const krb5_data *data,
69 const krb5_checksum *cksum, krb5_boolean *valid)
70 {
71 krb5_error_code ret;
72 krb5_checksum data_cksum;
73
74 *valid = 0;
75
76 ret = krb5_c_make_checksum(context, cksum->cksumtype,
77 key, usage, data, &data_cksum);
78 if (ret)
79 return ret;
80
81 if (data_cksum.cksumtype == cksum->cksumtype
82 && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0)
83 *valid = 1;
84
85 krb5_free_checksum_contents(context, &data_cksum);
86
87 return 0;
88 }
89
90 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_get_checksum(krb5_context context,const krb5_checksum * cksum,krb5_cksumtype * type,krb5_data ** data)91 krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
92 krb5_cksumtype *type, krb5_data **data)
93 {
94 krb5_error_code ret;
95
96 if (type)
97 *type = cksum->cksumtype;
98 if (data) {
99 *data = malloc(sizeof(**data));
100 if (*data == NULL)
101 return ENOMEM;
102
103 ret = der_copy_octet_string(&cksum->checksum, *data);
104 if (ret) {
105 free(*data);
106 *data = NULL;
107 return ret;
108 }
109 }
110 return 0;
111 }
112
113 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_set_checksum(krb5_context context,krb5_checksum * cksum,krb5_cksumtype type,const krb5_data * data)114 krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
115 krb5_cksumtype type, const krb5_data *data)
116 {
117 cksum->cksumtype = type;
118 return der_copy_octet_string(data, &cksum->checksum);
119 }
120
121 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_checksum(krb5_context context,krb5_checksum * cksum)122 krb5_free_checksum (krb5_context context, krb5_checksum *cksum)
123 {
124 krb5_checksum_free(context, cksum);
125 free(cksum);
126 }
127
128 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_checksum_contents(krb5_context context,krb5_checksum * cksum)129 krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum)
130 {
131 krb5_checksum_free(context, cksum);
132 memset(cksum, 0, sizeof(*cksum));
133 }
134
135 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_checksum_free(krb5_context context,krb5_checksum * cksum)136 krb5_checksum_free(krb5_context context, krb5_checksum *cksum)
137 {
138 free_Checksum(cksum);
139 }
140
141 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_valid_enctype(krb5_enctype etype)142 krb5_c_valid_enctype (krb5_enctype etype)
143 {
144 return !krb5_enctype_valid(NULL, etype);
145 }
146
147 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_valid_cksumtype(krb5_cksumtype ctype)148 krb5_c_valid_cksumtype(krb5_cksumtype ctype)
149 {
150 return krb5_cksumtype_valid(NULL, ctype);
151 }
152
153 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)154 krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
155 {
156 return krb5_checksum_is_collision_proof(NULL, ctype);
157 }
158
159 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_c_is_keyed_cksum(krb5_cksumtype ctype)160 krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
161 {
162 return krb5_checksum_is_keyed(NULL, ctype);
163 }
164
165 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_checksum(krb5_context context,const krb5_checksum * old,krb5_checksum ** new)166 krb5_copy_checksum (krb5_context context,
167 const krb5_checksum *old,
168 krb5_checksum **new)
169 {
170 *new = malloc(sizeof(**new));
171 if (*new == NULL)
172 return ENOMEM;
173 return copy_Checksum(old, *new);
174 }
175
176 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_checksum_length(krb5_context context,krb5_cksumtype cksumtype,size_t * length)177 krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype,
178 size_t *length)
179 {
180 return krb5_checksumsize(context, cksumtype, length);
181 }
182
183 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_block_size(krb5_context context,krb5_enctype enctype,size_t * blocksize)184 krb5_c_block_size(krb5_context context,
185 krb5_enctype enctype,
186 size_t *blocksize)
187 {
188 krb5_error_code ret;
189 krb5_crypto crypto;
190 krb5_keyblock key;
191
192 ret = krb5_generate_random_keyblock(context, enctype, &key);
193 if (ret)
194 return ret;
195
196 ret = krb5_crypto_init(context, &key, 0, &crypto);
197 krb5_free_keyblock_contents(context, &key);
198 if (ret)
199 return ret;
200 ret = krb5_crypto_getblocksize(context, crypto, blocksize);
201 krb5_crypto_destroy(context, crypto);
202
203 return ret;
204 }
205
206 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_decrypt(krb5_context context,const krb5_keyblock key,krb5_keyusage usage,const krb5_data * ivec,krb5_enc_data * input,krb5_data * output)207 krb5_c_decrypt(krb5_context context,
208 const krb5_keyblock key,
209 krb5_keyusage usage,
210 const krb5_data *ivec,
211 krb5_enc_data *input,
212 krb5_data *output)
213 {
214 krb5_error_code ret;
215 krb5_crypto crypto;
216
217 ret = krb5_crypto_init(context, &key, input->enctype, &crypto);
218 if (ret)
219 return ret;
220
221 if (ivec) {
222 size_t blocksize;
223
224 ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
225 if (ret) {
226 krb5_crypto_destroy(context, crypto);
227 return ret;
228 }
229
230 if (blocksize > ivec->length) {
231 krb5_crypto_destroy(context, crypto);
232 return KRB5_BAD_MSIZE;
233 }
234 }
235
236 ret = krb5_decrypt_ivec(context, crypto, usage,
237 input->ciphertext.data, input->ciphertext.length,
238 output,
239 ivec ? ivec->data : NULL);
240
241 krb5_crypto_destroy(context, crypto);
242
243 return ret ;
244 }
245
246 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_encrypt(krb5_context context,const krb5_keyblock * key,krb5_keyusage usage,const krb5_data * ivec,const krb5_data * input,krb5_enc_data * output)247 krb5_c_encrypt(krb5_context context,
248 const krb5_keyblock *key,
249 krb5_keyusage usage,
250 const krb5_data *ivec,
251 const krb5_data *input,
252 krb5_enc_data *output)
253 {
254 krb5_error_code ret;
255 krb5_crypto crypto;
256
257 ret = krb5_crypto_init(context, key, 0, &crypto);
258 if (ret)
259 return ret;
260
261 if (ivec) {
262 size_t blocksize;
263
264 ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
265 if (ret) {
266 krb5_crypto_destroy(context, crypto);
267 return ret;
268 }
269
270 if (blocksize > ivec->length) {
271 krb5_crypto_destroy(context, crypto);
272 return KRB5_BAD_MSIZE;
273 }
274 }
275
276 ret = krb5_encrypt_ivec(context, crypto, usage,
277 input->data, input->length,
278 &output->ciphertext,
279 ivec ? ivec->data : NULL);
280 output->kvno = 0;
281 krb5_crypto_getenctype(context, crypto, &output->enctype);
282
283 krb5_crypto_destroy(context, crypto);
284
285 return ret ;
286 }
287
288 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_encrypt_length(krb5_context context,krb5_enctype enctype,size_t inputlen,size_t * length)289 krb5_c_encrypt_length(krb5_context context,
290 krb5_enctype enctype,
291 size_t inputlen,
292 size_t *length)
293 {
294 krb5_error_code ret;
295 krb5_crypto crypto;
296 krb5_keyblock key;
297
298 ret = krb5_generate_random_keyblock(context, enctype, &key);
299 if (ret)
300 return ret;
301
302 ret = krb5_crypto_init(context, &key, 0, &crypto);
303 krb5_free_keyblock_contents(context, &key);
304 if (ret)
305 return ret;
306
307 *length = krb5_get_wrapped_length(context, crypto, inputlen);
308 krb5_crypto_destroy(context, crypto);
309
310 return 0;
311 }
312
313 /**
314 * Deprecated: keytypes doesn't exists, they are really enctypes.
315 *
316 * @ingroup krb5_deprecated
317 */
318
319 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_enctype_compare(krb5_context context,krb5_enctype e1,krb5_enctype e2,krb5_boolean * similar)320 krb5_c_enctype_compare(krb5_context context,
321 krb5_enctype e1,
322 krb5_enctype e2,
323 krb5_boolean *similar)
324 KRB5_DEPRECATED_FUNCTION("Use X instead")
325 {
326 *similar = (e1 == e2);
327 return 0;
328 }
329
330 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_make_random_key(krb5_context context,krb5_enctype enctype,krb5_keyblock * random_key)331 krb5_c_make_random_key(krb5_context context,
332 krb5_enctype enctype,
333 krb5_keyblock *random_key)
334 {
335 return krb5_generate_random_keyblock(context, enctype, random_key);
336 }
337
338 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_keylengths(krb5_context context,krb5_enctype enctype,size_t * ilen,size_t * keylen)339 krb5_c_keylengths(krb5_context context,
340 krb5_enctype enctype,
341 size_t *ilen,
342 size_t *keylen)
343 {
344 krb5_error_code ret;
345
346 ret = krb5_enctype_keybits(context, enctype, ilen);
347 if (ret)
348 return ret;
349 *ilen = (*ilen + 7) / 8;
350 return krb5_enctype_keysize(context, enctype, keylen);
351 }
352
353 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_prf_length(krb5_context context,krb5_enctype type,size_t * length)354 krb5_c_prf_length(krb5_context context,
355 krb5_enctype type,
356 size_t *length)
357 {
358 return krb5_crypto_prf_length(context, type, length);
359 }
360
361 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_prf(krb5_context context,const krb5_keyblock * key,const krb5_data * input,krb5_data * output)362 krb5_c_prf(krb5_context context,
363 const krb5_keyblock *key,
364 const krb5_data *input,
365 krb5_data *output)
366 {
367 krb5_crypto crypto;
368 krb5_error_code ret;
369
370 ret = krb5_crypto_init(context, key, 0, &crypto);
371 if (ret)
372 return ret;
373
374 ret = krb5_crypto_prf(context, crypto, input, output);
375 krb5_crypto_destroy(context, crypto);
376
377 return ret;
378 }
379
380 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_c_random_make_octets(krb5_context context,krb5_data * data)381 krb5_c_random_make_octets(krb5_context context, krb5_data * data)
382 {
383 return krb5_generate_random_keyblock(context, data->length, data->data);
384 }
385
386 /**
387 * MIT compat glue
388 *
389 * @ingroup krb5_ccache
390 */
391
392 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_creds(krb5_context context,const krb5_ccache from,krb5_ccache to)393 krb5_cc_copy_creds(krb5_context context,
394 const krb5_ccache from,
395 krb5_ccache to)
396 {
397 return krb5_cc_copy_cache(context, from, to);
398 }
399
400 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getsendsubkey(krb5_context context,krb5_auth_context auth_context,krb5_keyblock ** keyblock)401 krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context,
402 krb5_keyblock **keyblock)
403 {
404 return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock);
405 }
406
407 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getrecvsubkey(krb5_context context,krb5_auth_context auth_context,krb5_keyblock ** keyblock)408 krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context,
409 krb5_keyblock **keyblock)
410 {
411 return krb5_auth_con_getremotesubkey(context, auth_context, keyblock);
412 }
413
414 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setsendsubkey(krb5_context context,krb5_auth_context auth_context,krb5_keyblock * keyblock)415 krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context,
416 krb5_keyblock *keyblock)
417 {
418 return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock);
419 }
420
421 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setrecvsubkey(krb5_context context,krb5_auth_context auth_context,krb5_keyblock * keyblock)422 krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context,
423 krb5_keyblock *keyblock)
424 {
425 return krb5_auth_con_setremotesubkey(context, auth_context, keyblock);
426 }
427
428 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_default_realm(krb5_context context,krb5_realm realm)429 krb5_free_default_realm(krb5_context context, krb5_realm realm)
430 {
431 return krb5_xfree(realm);
432 }
433
434 #endif /* HEIMDAL_SMALLER */
435