sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code
samba-mirror/third_party/heimdal/lib/krb5/salt.c
Stefan Metzmacher 7055827b8f HEIMDAL: move code from source4/heimdal* to third_party/heimdal* 
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
2022-01-19 21:41:59 +00:00

363 lines
11 KiB
C
Raw Blame History

/*
* Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "krb5_locl.h"
/* coverity[+alloc : arg-*3] */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
krb5_salttype stype,
char **string)
{
struct _krb5_encryption_type *e;
struct salt_type *st;
*string = NULL;
e = _krb5_find_enctype (etype);
if (e == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) {
if (st->type == stype) {
*string = strdup (st->name);
if (*string == NULL)
return krb5_enomem(context);
return 0;
}
}
krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP,
"salttype %d not supported", stype);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_salttype (krb5_context context,
krb5_enctype etype,
const char *string,
krb5_salttype *salttype)
{
struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
if (e == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) {
if (strcasecmp (st->name, string) == 0) {
*salttype = st->type;
return 0;
}
}
krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
N_("salttype %s not supported", ""), string);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
/*
* Like MIT's krb5_string_to_keysalts(), but simpler and with a context
* argument.
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_keysalts2(krb5_context context, const char *string,
size_t *nksaltp, krb5_key_salt_tuple **ksaltp)
{
/* deleted: tupleseps, ksaltseps, dups */
krb5_key_salt_tuple *tmp = NULL;
krb5_error_code ret = 0;
char *copy, *token, *stype_str;
char *lasts = NULL;
krb5_enctype etype;
krb5_salttype stype;
size_t i;
*ksaltp = NULL;
*nksaltp = 0;
if ((copy = strdup(string)) == NULL)
return krb5_enomem(context);
for (token = strtok_r(copy, ", \t", &lasts), ret = 0;
token != NULL;
token = strtok_r(NULL, ", \t", &lasts)) {
if ((stype_str = strchr(token, ':')) != NULL)
*(stype_str++) = '\0';
if ((ret = krb5_string_to_enctype(context, token, &etype)))
continue;
if (stype_str == NULL)
stype = KRB5_PW_SALT;
else if ((ret = krb5_string_to_salttype(context, etype, stype_str, &stype)))
continue;
for (i = 0; i < *nksaltp; i++) {
if ((*ksaltp)[i].ks_enctype == etype &&
(*ksaltp)[i].ks_salttype == stype)
goto skip;
}
tmp = realloc(*ksaltp, ((*nksaltp) + 1) * sizeof(**ksaltp));
if (tmp == NULL) {
ret = krb5_enomem(context);
break;
}
*ksaltp = tmp;
(*ksaltp)[*nksaltp].ks_enctype = etype;
(*ksaltp)[*nksaltp].ks_salttype = stype;
(*nksaltp)++;
skip:
(void)1;
}
free(copy);
if (ret == ENOMEM) {
free(*ksaltp);
*nksaltp = 0;
*ksaltp = NULL;
} else if (*nksaltp) {
return 0;
} else if (ret == 0) {
return KRB5_PROG_ETYPE_NOSUPP;
}
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
{
size_t len;
size_t i;
krb5_error_code ret;
char *p;
salt->salttype = KRB5_PW_SALT;
len = strlen(principal->realm);
for (i = 0; i < principal->name.name_string.len; ++i)
len += strlen(principal->name.name_string.val[i]);
ret = krb5_data_alloc (&salt->saltvalue, len);
if (ret)
return ret;
p = salt->saltvalue.data;
memcpy (p, principal->realm, strlen(principal->realm));
p += strlen(principal->realm);
for (i = 0; i < principal->name.name_string.len; ++i) {
memcpy (p,
principal->name.name_string.val[i],
strlen(principal->name.name_string.val[i]));
p += strlen(principal->name.name_string.val[i]);
}
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_salt(krb5_context context,
krb5_salt salt)
{
krb5_data_free(&salt.saltvalue);
return 0;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data (krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_const_principal principal,
krb5_keyblock *key)
{
krb5_error_code ret;
krb5_salt salt;
ret = krb5_get_pw_salt(context, principal, &salt);
if(ret)
return ret;
ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
krb5_free_salt(context, salt);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key (krb5_context context,
krb5_enctype enctype,
const char *password,
krb5_const_principal principal,
krb5_keyblock *key)
{
krb5_data pw;
pw.data = rk_UNCONST(password);
pw.length = strlen(password);
return krb5_string_to_key_data(context, enctype, pw, principal, key);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
krb5_keyblock *key)
{
krb5_data opaque;
krb5_data_zero(&opaque);
return krb5_string_to_key_data_salt_opaque(context, enctype, password,
salt, opaque, key);
}
/*
* Do a string -> key for encryption type `enctype' operation on
* `password' (with salt `salt' and the enctype specific data string
* `opaque'), returning the resulting key in `key'
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
krb5_data opaque,
krb5_keyblock *key)
{
struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
struct salt_type *st;
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
enctype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for(st = et->keytype->string_to_key; st && st->type; st++)
if(st->type == salt.salttype)
return (*st->string_to_key)(context, enctype, password,
salt, opaque, key);
krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
N_("salt type %d not supported", ""),
salt.salttype);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
/*
* Do a string -> key for encryption type `enctype' operation on the
* string `password' (with salt `salt'), returning the resulting key
* in `key'
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype,
const char *password,
krb5_salt salt,
krb5_keyblock *key)
{
krb5_data pw;
pw.data = rk_UNCONST(password);
pw.length = strlen(password);
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt_opaque (krb5_context context,
krb5_enctype enctype,
const char *password,
krb5_salt salt,
krb5_data opaque,
krb5_keyblock *key)
{
krb5_data pw;
pw.data = rk_UNCONST(password);
pw.length = strlen(password);
return krb5_string_to_key_data_salt_opaque(context, enctype,
pw, salt, opaque, key);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_derived(krb5_context context,
const void *str,
size_t len,
krb5_enctype etype,
krb5_keyblock *key)
{
struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
krb5_error_code ret;
struct _krb5_key_data kd;
size_t keylen;
u_char *tmp;
if(et == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
keylen = et->keytype->bits / 8;
ALLOC(kd.key, 1);
if (kd.key == NULL)
return krb5_enomem(context);
ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
if(ret) {
free(kd.key);
return ret;
}
kd.key->keytype = etype;
tmp = malloc (keylen);
if(tmp == NULL) {
krb5_free_keyblock(context, kd.key);
return krb5_enomem(context);
}
ret = _krb5_n_fold(str, len, tmp, keylen);
if (ret) {
free(tmp);
krb5_enomem(context);
return ret;
}
kd.schedule = NULL;
_krb5_DES3_random_to_key(context, kd.key, tmp, keylen);
memset(tmp, 0, keylen);
free(tmp);
ret = _krb5_derive_key(context,
et,
&kd,
"kerberos", /* XXX well known constant */
strlen("kerberos"));
if (ret) {
_krb5_free_key_data(context, &kd, et);
return ret;
}
ret = krb5_copy_keyblock_contents(context, kd.key, key);
_krb5_free_key_data(context, &kd, et);
return ret;
}
View Git Blame Copy Permalink