xref: /titanic_50/usr/src/lib/krb5/kdb/decrypt_key.c (revision ff3124eff995e6cd8ebd8c6543648e0670920034)
1 /*
2  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 #pragma ident	"%Z%%M%	%I%	%E% SMI"
7 
8 /*
9  * lib/kdb/decrypt_key.c
10  *
11  * Copyright 1990,1991 by the Massachusetts Institute of Technology.
12  * All Rights Reserved.
13  *
14  * Export of this software from the United States of America may
15  *   require a specific license from the United States Government.
16  *   It is the responsibility of any person or organization contemplating
17  *   export to obtain such a license before exporting.
18  *
19  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
20  * distribute this software and its documentation for any purpose and
21  * without fee is hereby granted, provided that the above copyright
22  * notice appear in all copies and that both that copyright notice and
23  * this permission notice appear in supporting documentation, and that
24  * the name of M.I.T. not be used in advertising or publicity pertaining
25  * to distribution of the software without specific, written prior
26  * permission.  Furthermore if you modify this software you must label
27  * your software as modified software and not distribute it in such a
28  * fashion that it might be confused with the original M.I.T. software.
29  * M.I.T. makes no representations about the suitability of
30  * this software for any purpose.  It is provided "as is" without express
31  * or implied warranty.
32  *
33  *
34  * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions
35  */
36 
37 /*
38  * Copyright (C) 1998 by the FundsXpress, INC.
39  *
40  * All rights reserved.
41  *
42  * Export of this software from the United States of America may require
43  * a specific license from the United States Government.  It is the
44  * responsibility of any person or organization contemplating export to
45  * obtain such a license before exporting.
46  *
47  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
48  * distribute this software and its documentation for any purpose and
49  * without fee is hereby granted, provided that the above copyright
50  * notice appear in all copies and that both that copyright notice and
51  * this permission notice appear in supporting documentation, and that
52  * the name of FundsXpress. not be used in advertising or publicity pertaining
53  * to distribution of the software without specific, written prior
54  * permission.  FundsXpress makes no representations about the suitability of
55  * this software for any purpose.  It is provided "as is" without express
56  * or implied warranty.
57  *
58  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
59  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
60  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
61  */
62 
63 #include "k5-int.h"
64 #include <krb5/kdb.h>
65 
66 /*
67  * Decrypt a key from storage in the database.  "eblock" is used
68  * to decrypt the key in "in" into "out"; the storage pointed to by "out"
69  * is allocated before use.
70  */
71 
72 krb5_error_code
73 krb5_dbekd_decrypt_key_data(context, mkey, key_data, dbkey, keysalt)
74     krb5_context 	  context;
75     const krb5_keyblock	* mkey;
76     const krb5_key_data	* key_data;
77     krb5_keyblock 	* dbkey;
78     krb5_keysalt 	* keysalt;
79 {
80     krb5_error_code 	  retval = 0;
81     krb5_int16		  tmplen;
82     krb5_octet		* ptr;
83     krb5_enc_data	  cipher;
84     krb5_data		  plain;
85 
86     ptr = key_data->key_data_contents[0];
87 
88     if (ptr) {
89 	krb5_kdb_decode_int16(ptr, tmplen);
90 	ptr += 2;
91 
92 	cipher.enctype = ENCTYPE_UNKNOWN;
93 	cipher.ciphertext.length = key_data->key_data_length[0]-2;
94 	cipher.ciphertext.data = (char *)ptr;  /* SUNWresync121 XXX */
95 	plain.length = key_data->key_data_length[0]-2;
96 	if ((plain.data = (char *) malloc(plain.length)) == NULL)
97 	    return(ENOMEM);
98 	(void) memset(plain.data, 0, plain.length);
99 
100 	if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0,
101 				     &cipher, &plain))) {
102 	    krb5_xfree(plain.data);
103 	    return retval;
104 	}
105 
106 	/* tmplen is the true length of the key.  plain.data is the
107 	   plaintext data length, but it may be padded, since the
108 	   old-style etypes didn't store the real length.  I can check
109 	   to make sure that there are enough bytes, but I can't do
110 	   any better than that. */
111 
112 	if (tmplen > plain.length) {
113 	    krb5_xfree(plain.data);
114 	    return(KRB5_CRYPTO_INTERNAL);
115 	}
116 
117 	dbkey->magic = KV5M_KEYBLOCK;
118 	dbkey->enctype = key_data->key_data_type[0];
119 	dbkey->length = tmplen;
120 	dbkey->contents = (unsigned char *) plain.data;  /* SUNWresync121 XXX */
121 	dbkey->dk_list = NULL;
122 	dbkey->hKey = CK_INVALID_HANDLE;
123     }
124 
125     /* Decode salt data */
126     if (keysalt) {
127 	if (key_data->key_data_ver == 2) {
128 	    keysalt->type = key_data->key_data_type[1];
129 	    if ((keysalt->data.length = key_data->key_data_length[1])) {
130 		if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){
131 		    if (key_data->key_data_contents[0]) {
132 			krb5_xfree(dbkey->contents);
133 			dbkey->contents = 0;
134 			dbkey->length = 0;
135 		    }
136 		    return ENOMEM;
137 		}
138 		memcpy(keysalt->data.data, key_data->key_data_contents[1],
139 		       (size_t) keysalt->data.length);
140 	    } else
141 		keysalt->data.data = (char *) NULL;
142 	} else {
143 	    keysalt->type = KRB5_KDB_SALTTYPE_NORMAL;
144 	    keysalt->data.data = (char *) NULL;
145 	    keysalt->data.length = 0;
146 	}
147     }
148 
149     return retval;
150 }
151