1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * lib/kdb/encrypt_key.c 10 * 11 * Copyright 1990,1991 by the Massachusetts Institute of Technology. 12 * All Rights Reserved. 13 * 14 * Export of this software from the United States of America may 15 * require a specific license from the United States Government. 16 * It is the responsibility of any person or organization contemplating 17 * export to obtain such a license before exporting. 18 * 19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20 * distribute this software and its documentation for any purpose and 21 * without fee is hereby granted, provided that the above copyright 22 * notice appear in all copies and that both that copyright notice and 23 * this permission notice appear in supporting documentation, and that 24 * the name of M.I.T. not be used in advertising or publicity pertaining 25 * to distribution of the software without specific, written prior 26 * permission. Furthermore if you modify this software you must label 27 * your software as modified software and not distribute it in such a 28 * fashion that it might be confused with the original M.I.T. software. 29 * M.I.T. makes no representations about the suitability of 30 * this software for any purpose. It is provided "as is" without express 31 * or implied warranty. 32 * 33 * 34 * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions 35 */ 36 37 /* 38 * Copyright (C) 1998 by the FundsXpress, INC. 39 * 40 * All rights reserved. 41 * 42 * Export of this software from the United States of America may require 43 * a specific license from the United States Government. It is the 44 * responsibility of any person or organization contemplating export to 45 * obtain such a license before exporting. 46 * 47 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 48 * distribute this software and its documentation for any purpose and 49 * without fee is hereby granted, provided that the above copyright 50 * notice appear in all copies and that both that copyright notice and 51 * this permission notice appear in supporting documentation, and that 52 * the name of FundsXpress. not be used in advertising or publicity pertaining 53 * to distribution of the software without specific, written prior 54 * permission. FundsXpress makes no representations about the suitability of 55 * this software for any purpose. It is provided "as is" without express 56 * or implied warranty. 57 * 58 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 59 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 60 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 61 */ 62 63 #include "k5-int.h" 64 65 /* 66 * Encrypt a key for storage in the database. "eblock" is used 67 * to encrypt the key in "in" into "out"; the storage pointed to by "out" 68 * is allocated before use. 69 */ 70 71 krb5_error_code 72 krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data) 73 krb5_context context; 74 const krb5_keyblock * mkey; 75 const krb5_keyblock * dbkey; 76 const krb5_keysalt * keysalt; 77 int keyver; 78 krb5_key_data * key_data; 79 { 80 krb5_error_code retval; 81 krb5_keyblock tmp; 82 krb5_octet * ptr; 83 size_t len; 84 int i; 85 krb5_data plain; 86 krb5_enc_data cipher; 87 88 for (i = 0; i < key_data->key_data_ver; i++) 89 if (key_data->key_data_contents[i]) 90 krb5_xfree(key_data->key_data_contents[i]); 91 92 key_data->key_data_ver = 1; 93 key_data->key_data_kvno = keyver; 94 95 /* 96 * The First element of the type/length/contents 97 * fields is the key type/length/contents 98 */ 99 if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length, 100 &len))) 101 return(retval); 102 103 if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL) 104 return(ENOMEM); 105 106 (void) memset(ptr, 0, 2 + len); 107 108 key_data->key_data_type[0] = dbkey->enctype; 109 key_data->key_data_length[0] = 2 + len; 110 key_data->key_data_contents[0] = ptr; 111 112 krb5_kdb_encode_int16(dbkey->length, ptr); 113 ptr += 2; 114 115 plain.length = dbkey->length; 116 plain.data = (char *)dbkey->contents; /* SUNWresync121 XXX */ 117 118 cipher.ciphertext.length = len; 119 cipher.ciphertext.data = (char *)ptr; /* SUNWresync121 XXX */ 120 121 if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0, 122 &plain, &cipher))) { 123 krb5_xfree(key_data->key_data_contents[0]); 124 return retval; 125 } 126 127 /* After key comes the salt in necessary */ 128 if (keysalt) { 129 if (keysalt->type > 0) { 130 key_data->key_data_ver++; 131 key_data->key_data_type[1] = keysalt->type; 132 if (key_data->key_data_length[1] = keysalt->data.length) { 133 key_data->key_data_contents[1] = 134 (krb5_octet *)malloc(keysalt->data.length); 135 if (key_data->key_data_contents[1] == NULL) { 136 krb5_xfree(key_data->key_data_contents[0]); 137 return ENOMEM; 138 } 139 memcpy(key_data->key_data_contents[1], keysalt->data.data, 140 (size_t) keysalt->data.length); 141 } 142 } 143 } 144 145 return retval; 146 } 147