1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/crypto/krb/enctype_util.c */
3 /*
4 * Copyright (C) 1998 by the FundsXpress, INC.
5 *
6 * All rights reserved.
7 *
8 * Export of this software from the United States of America may require
9 * a specific license from the United States Government. It is the
10 * responsibility of any person or organization contemplating export to
11 * obtain such a license before exporting.
12 *
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of FundsXpress. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. FundsXpress makes no representations about the suitability of
21 * this software for any purpose. It is provided "as is" without express
22 * or implied warranty.
23 *
24 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
25 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
26 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
27 */
28
29 /*
30 * krb5int_c_valid_enctype()
31 * krb5int_c_weak_enctype()
32 * krb5_c_enctype_compare()
33 * krb5_string_to_enctype()
34 * krb5_enctype_to_string()
35 */
36
37 #include "crypto_int.h"
38
39 struct {
40 krb5_enctype etype;
41 const char *name;
42 } unsupported_etypes[] = {
43 { ENCTYPE_DES_CBC_CRC, "des-cbc-crc" },
44 { ENCTYPE_DES_CBC_MD4, "des-cbc-md4" },
45 { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" },
46 { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" },
47 { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" },
48 { ENCTYPE_NULL, NULL }
49 };
50
51 krb5_boolean KRB5_CALLCONV
krb5_c_valid_enctype(krb5_enctype etype)52 krb5_c_valid_enctype(krb5_enctype etype)
53 {
54 return (find_enctype(etype) != NULL);
55 }
56
57 krb5_boolean KRB5_CALLCONV
krb5int_c_weak_enctype(krb5_enctype etype)58 krb5int_c_weak_enctype(krb5_enctype etype)
59 {
60 const struct krb5_keytypes *ktp;
61
62 ktp = find_enctype(etype);
63 return (ktp != NULL && (ktp->flags & ETYPE_WEAK) != 0);
64 }
65
66 krb5_boolean KRB5_CALLCONV
krb5int_c_deprecated_enctype(krb5_enctype etype)67 krb5int_c_deprecated_enctype(krb5_enctype etype)
68 {
69 const struct krb5_keytypes *ktp = find_enctype(etype);
70 return ktp == NULL || (ktp->flags & ETYPE_DEPRECATED) != 0;
71 }
72
73 krb5_error_code KRB5_CALLCONV
krb5_c_enctype_compare(krb5_context context,krb5_enctype e1,krb5_enctype e2,krb5_boolean * similar)74 krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
75 krb5_boolean *similar)
76 {
77 const struct krb5_keytypes *ktp1, *ktp2;
78
79 ktp1 = find_enctype(e1);
80 ktp2 = find_enctype(e2);
81 if (ktp1 == NULL || ktp2 == NULL)
82 return KRB5_BAD_ENCTYPE;
83
84 *similar = (ktp1->enc == ktp2->enc && ktp1->str2key == ktp2->str2key);
85 return 0;
86 }
87
88 krb5_error_code KRB5_CALLCONV
krb5_string_to_enctype(char * string,krb5_enctype * enctypep)89 krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
90 {
91 int i;
92 unsigned int j;
93 const char *alias;
94 const struct krb5_keytypes *ktp;
95
96 for (i = 0; i < krb5int_enctypes_length; i++) {
97 ktp = &krb5int_enctypes_list[i];
98 if (strcasecmp(ktp->name, string) == 0) {
99 *enctypep = ktp->etype;
100 return 0;
101 }
102 for (j = 0; j < MAX_ETYPE_ALIASES; j++) {
103 alias = ktp->aliases[j];
104 if (alias == NULL)
105 break;
106 if (strcasecmp(alias, string) == 0) {
107 *enctypep = ktp->etype;
108 return 0;
109 }
110 }
111 }
112
113 return EINVAL;
114 }
115
116 krb5_error_code KRB5_CALLCONV
krb5_enctype_to_string(krb5_enctype enctype,char * buffer,size_t buflen)117 krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
118 {
119 const struct krb5_keytypes *ktp;
120
121 ktp = find_enctype(enctype);
122 if (ktp == NULL)
123 return EINVAL;
124 if (strlcpy(buffer, ktp->out_string, buflen) >= buflen)
125 return ENOMEM;
126 return 0;
127 }
128
129 krb5_error_code KRB5_CALLCONV
krb5_enctype_to_name(krb5_enctype enctype,krb5_boolean shortest,char * buffer,size_t buflen)130 krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest,
131 char *buffer, size_t buflen)
132 {
133 const struct krb5_keytypes *ktp;
134 const char *name;
135 int i;
136
137 for (i = 0; unsupported_etypes[i].etype != ENCTYPE_NULL; i++) {
138 if (enctype == unsupported_etypes[i].etype) {
139 if (strlcpy(buffer, unsupported_etypes[i].name, buflen) >= buflen)
140 return ENOMEM;
141 return 0;
142 }
143 }
144
145 ktp = find_enctype(enctype);
146 if (ktp == NULL)
147 return EINVAL;
148 name = ktp->name;
149 if (shortest) {
150 for (i = 0; i < MAX_ETYPE_ALIASES; i++) {
151 if (ktp->aliases[i] == NULL)
152 break;
153 if (strlen(ktp->aliases[i]) < strlen(name))
154 name = ktp->aliases[i];
155 }
156 }
157 if (strlcpy(buffer, name, buflen) >= buflen)
158 return ENOMEM;
159 return 0;
160 }
161
162 /* The security of a mechanism cannot be summarized with a simple integer
163 * value, but we provide a per-enctype value for Cyrus SASL's SSF. */
164 krb5_error_code
k5_enctype_to_ssf(krb5_enctype enctype,unsigned int * ssf_out)165 k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out)
166 {
167 const struct krb5_keytypes *ktp;
168
169 *ssf_out = 0;
170
171 ktp = find_enctype(enctype);
172 if (ktp == NULL)
173 return EINVAL;
174 *ssf_out = ktp->ssf;
175 return 0;
176 }
177