1 /* $NetBSD: mit_glue.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2003 Kungliga Tekniska Hgskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "krb5_locl.h" 37 38 #ifndef HEIMDAL_SMALLER 39 40 /* 41 * Glue for MIT API 42 */ 43 44 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 45 krb5_c_make_checksum(krb5_context context, 46 krb5_cksumtype cksumtype, 47 const krb5_keyblock *key, 48 krb5_keyusage usage, 49 const krb5_data *input, 50 krb5_checksum *cksum) 51 { 52 krb5_error_code ret; 53 krb5_crypto crypto; 54 55 ret = krb5_crypto_init(context, key, 0, &crypto); 56 if (ret) 57 return ret; 58 59 ret = krb5_create_checksum(context, crypto, usage, cksumtype, 60 input->data, input->length, cksum); 61 krb5_crypto_destroy(context, crypto); 62 63 return ret ; 64 } 65 66 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 67 krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, 68 krb5_keyusage usage, const krb5_data *data, 69 const krb5_checksum *cksum, krb5_boolean *valid) 70 { 71 krb5_error_code ret; 72 krb5_checksum data_cksum; 73 74 *valid = 0; 75 76 ret = krb5_c_make_checksum(context, cksum->cksumtype, 77 key, usage, data, &data_cksum); 78 if (ret) 79 return ret; 80 81 if (data_cksum.cksumtype == cksum->cksumtype 82 && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) 83 *valid = 1; 84 85 krb5_free_checksum_contents(context, &data_cksum); 86 87 return 0; 88 } 89 90 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 91 krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, 92 krb5_cksumtype *type, krb5_data **data) 93 { 94 krb5_error_code ret; 95 96 if (type) 97 *type = cksum->cksumtype; 98 if (data) { 99 *data = malloc(sizeof(**data)); 100 if (*data == NULL) 101 return krb5_enomem(context); 102 103 ret = der_copy_octet_string(&cksum->checksum, *data); 104 if (ret) { 105 free(*data); 106 *data = NULL; 107 return ret; 108 } 109 } 110 return 0; 111 } 112 113 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 114 krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, 115 krb5_cksumtype type, const krb5_data *data) 116 { 117 cksum->cksumtype = type; 118 return der_copy_octet_string(data, &cksum->checksum); 119 } 120 121 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 122 krb5_free_checksum (krb5_context context, krb5_checksum *cksum) 123 { 124 krb5_checksum_free(context, cksum); 125 free(cksum); 126 } 127 128 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 129 krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) 130 { 131 krb5_checksum_free(context, cksum); 132 memset(cksum, 0, sizeof(*cksum)); 133 } 134 135 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 136 krb5_checksum_free(krb5_context context, krb5_checksum *cksum) 137 { 138 free_Checksum(cksum); 139 } 140 141 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 142 krb5_c_valid_enctype (krb5_enctype etype) 143 { 144 return !krb5_enctype_valid(NULL, etype); 145 } 146 147 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 148 krb5_c_valid_cksumtype(krb5_cksumtype ctype) 149 { 150 return krb5_cksumtype_valid(NULL, ctype); 151 } 152 153 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 154 krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) 155 { 156 return krb5_checksum_is_collision_proof(NULL, ctype); 157 } 158 159 KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL 160 krb5_c_is_keyed_cksum(krb5_cksumtype ctype) 161 { 162 return krb5_checksum_is_keyed(NULL, ctype); 163 } 164 165 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 166 krb5_copy_checksum (krb5_context context, 167 const krb5_checksum *old, 168 krb5_checksum **new) 169 { 170 *new = malloc(sizeof(**new)); 171 if (*new == NULL) 172 return krb5_enomem(context); 173 return copy_Checksum(old, *new); 174 } 175 176 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 177 krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, 178 size_t *length) 179 { 180 return krb5_checksumsize(context, cksumtype, length); 181 } 182 183 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 184 krb5_c_block_size(krb5_context context, 185 krb5_enctype enctype, 186 size_t *blocksize) 187 { 188 krb5_error_code ret; 189 krb5_crypto crypto; 190 krb5_keyblock key; 191 192 ret = krb5_generate_random_keyblock(context, enctype, &key); 193 if (ret) 194 return ret; 195 196 ret = krb5_crypto_init(context, &key, 0, &crypto); 197 krb5_free_keyblock_contents(context, &key); 198 if (ret) 199 return ret; 200 ret = krb5_crypto_getblocksize(context, crypto, blocksize); 201 krb5_crypto_destroy(context, crypto); 202 203 return ret; 204 } 205 206 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 207 krb5_c_decrypt(krb5_context context, 208 const krb5_keyblock key, 209 krb5_keyusage usage, 210 const krb5_data *ivec, 211 krb5_enc_data *input, 212 krb5_data *output) 213 { 214 krb5_error_code ret; 215 krb5_crypto crypto; 216 217 ret = krb5_crypto_init(context, &key, input->enctype, &crypto); 218 if (ret) 219 return ret; 220 221 if (ivec) { 222 size_t blocksize; 223 224 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 225 if (ret) { 226 krb5_crypto_destroy(context, crypto); 227 return ret; 228 } 229 230 if (blocksize > ivec->length) { 231 krb5_crypto_destroy(context, crypto); 232 return KRB5_BAD_MSIZE; 233 } 234 } 235 236 ret = krb5_decrypt_ivec(context, crypto, usage, 237 input->ciphertext.data, input->ciphertext.length, 238 output, 239 ivec ? ivec->data : NULL); 240 241 krb5_crypto_destroy(context, crypto); 242 243 return ret ; 244 } 245 246 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 247 krb5_c_encrypt(krb5_context context, 248 const krb5_keyblock *key, 249 krb5_keyusage usage, 250 const krb5_data *ivec, 251 const krb5_data *input, 252 krb5_enc_data *output) 253 { 254 krb5_error_code ret; 255 krb5_crypto crypto; 256 257 ret = krb5_crypto_init(context, key, 0, &crypto); 258 if (ret) 259 return ret; 260 261 if (ivec) { 262 size_t blocksize; 263 264 ret = krb5_crypto_getblocksize(context, crypto, &blocksize); 265 if (ret) { 266 krb5_crypto_destroy(context, crypto); 267 return ret; 268 } 269 270 if (blocksize > ivec->length) { 271 krb5_crypto_destroy(context, crypto); 272 return KRB5_BAD_MSIZE; 273 } 274 } 275 276 ret = krb5_encrypt_ivec(context, crypto, usage, 277 input->data, input->length, 278 &output->ciphertext, 279 ivec ? ivec->data : NULL); 280 output->kvno = 0; 281 krb5_crypto_getenctype(context, crypto, &output->enctype); 282 283 krb5_crypto_destroy(context, crypto); 284 285 return ret ; 286 } 287 288 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 289 krb5_c_encrypt_length(krb5_context context, 290 krb5_enctype enctype, 291 size_t inputlen, 292 size_t *length) 293 { 294 krb5_error_code ret; 295 krb5_crypto crypto; 296 krb5_keyblock key; 297 298 ret = krb5_generate_random_keyblock(context, enctype, &key); 299 if (ret) 300 return ret; 301 302 ret = krb5_crypto_init(context, &key, 0, &crypto); 303 krb5_free_keyblock_contents(context, &key); 304 if (ret) 305 return ret; 306 307 *length = krb5_get_wrapped_length(context, crypto, inputlen); 308 krb5_crypto_destroy(context, crypto); 309 310 return 0; 311 } 312 313 /** 314 * Deprecated: keytypes doesn't exists, they are really enctypes. 315 * 316 * @ingroup krb5_deprecated 317 */ 318 319 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 320 krb5_c_enctype_compare(krb5_context context, 321 krb5_enctype e1, 322 krb5_enctype e2, 323 krb5_boolean *similar) 324 KRB5_DEPRECATED_FUNCTION("Use X instead") 325 { 326 *similar = (e1 == e2); 327 return 0; 328 } 329 330 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 331 krb5_c_make_random_key(krb5_context context, 332 krb5_enctype enctype, 333 krb5_keyblock *random_key) 334 { 335 return krb5_generate_random_keyblock(context, enctype, random_key); 336 } 337 338 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 339 krb5_c_keylengths(krb5_context context, 340 krb5_enctype enctype, 341 size_t *ilen, 342 size_t *keylen) 343 { 344 krb5_error_code ret; 345 346 ret = krb5_enctype_keybits(context, enctype, ilen); 347 if (ret) 348 return ret; 349 *ilen = (*ilen + 7) / 8; 350 return krb5_enctype_keysize(context, enctype, keylen); 351 } 352 353 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 354 krb5_c_prf_length(krb5_context context, 355 krb5_enctype type, 356 size_t *length) 357 { 358 return krb5_crypto_prf_length(context, type, length); 359 } 360 361 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 362 krb5_c_prf(krb5_context context, 363 const krb5_keyblock *key, 364 const krb5_data *input, 365 krb5_data *output) 366 { 367 krb5_crypto crypto; 368 krb5_error_code ret; 369 370 ret = krb5_crypto_init(context, key, 0, &crypto); 371 if (ret) 372 return ret; 373 374 ret = krb5_crypto_prf(context, crypto, input, output); 375 krb5_crypto_destroy(context, crypto); 376 377 return ret; 378 } 379 380 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 381 krb5_c_random_make_octets(krb5_context context, krb5_data * data) 382 { 383 krb5_generate_random_block(data->data, data->length); 384 return 0; 385 } 386 387 /** 388 * MIT compat glue 389 * 390 * @ingroup krb5_ccache 391 */ 392 393 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 394 krb5_cc_copy_creds(krb5_context context, 395 const krb5_ccache from, 396 krb5_ccache to) 397 { 398 return krb5_cc_copy_cache(context, from, to); 399 } 400 401 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 402 krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, 403 krb5_keyblock **keyblock) 404 { 405 return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); 406 } 407 408 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 409 krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, 410 krb5_keyblock **keyblock) 411 { 412 return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); 413 } 414 415 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 416 krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, 417 krb5_keyblock *keyblock) 418 { 419 return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); 420 } 421 422 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 423 krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, 424 krb5_keyblock *keyblock) 425 { 426 return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); 427 } 428 429 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 430 krb5_free_default_realm(krb5_context context, krb5_realm realm) 431 { 432 return krb5_xfree(realm); 433 } 434 435 #endif /* HEIMDAL_SMALLER */ 436
Indexes created Sat Feb 28 05:31:39 UTC 2026