xref: /titanic_52/usr/src/lib/krb5/kdb/encrypt_key.c (revision 159d09a20817016f09b3ea28d1bdada4a336bb91)

/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */


/*
 * lib/kdb/encrypt_key.c
 *
 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 *
 * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions
 */

/*
 * Copyright (C) 1998 by the FundsXpress, INC.
 *
 * All rights reserved.
 *
 * Export of this software from the United States of America may require
 * a specific license from the United States Government.  It is the
 * responsibility of any person or organization contemplating export to
 * obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of FundsXpress. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  FundsXpress makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#include "k5-int.h"
#include <krb5/kdb.h>

/*
 * Encrypt a key for storage in the database.  "eblock" is used
 * to encrypt the key in "in" into "out"; the storage pointed to by "out"
 * is allocated before use.
 */

krb5_error_code
krb5_dbekd_encrypt_key_data( krb5_context 		  context,
			     const krb5_keyblock	* mkey,
			     const krb5_keyblock 	* dbkey,
			     const krb5_keysalt		* keysalt,
			     int			  keyver,
			     krb5_key_data	        * key_data)
{
    krb5_error_code 		  retval;
    krb5_octet			* ptr;
    size_t			  len;
    int				  i;
    krb5_data			  plain;
    krb5_enc_data		  cipher;

    for (i = 0; i < key_data->key_data_ver; i++)
	if (key_data->key_data_contents[i])
	    krb5_xfree(key_data->key_data_contents[i]);

    key_data->key_data_ver = 1;
    key_data->key_data_kvno = keyver;

    /*
     * The First element of the type/length/contents
     * fields is the key type/length/contents
     */
    if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length,
					&len)))
	return(retval);

    if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL)
	return(ENOMEM);

    (void) memset(ptr, 0, 2 + len);

    key_data->key_data_type[0] = dbkey->enctype;
    key_data->key_data_length[0] = 2 + len;
    key_data->key_data_contents[0] = ptr;

    krb5_kdb_encode_int16(dbkey->length, ptr);
    ptr += 2;

    plain.length = dbkey->length;
    plain.data = (char *)dbkey->contents;  /* SUNWresync121 XXX */

    cipher.ciphertext.length = len;
    cipher.ciphertext.data = (char *)ptr; /* SUNWresync121 XXX */

    if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
				 &plain, &cipher))) {
	krb5_xfree(key_data->key_data_contents[0]);
	return retval;
    }

    /* After key comes the salt in necessary */
    if (keysalt) {
	if (keysalt->type > 0) {
	    key_data->key_data_ver++;
	    key_data->key_data_type[1] = keysalt->type;
	    if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
		key_data->key_data_contents[1] =
		    (krb5_octet *)malloc(keysalt->data.length);
		if (key_data->key_data_contents[1] == NULL) {
		    krb5_xfree(key_data->key_data_contents[0]);
		    return ENOMEM;
		}
		memcpy(key_data->key_data_contents[1], keysalt->data.data,
		       (size_t) keysalt->data.length);
	    }
	}
    }

    return retval;
}