KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_salttype (krb5_context context,
krb5_enctype etype,
const char *string,
krb5_salttype *salttype)
{
struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
if (e == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) {
if (strcasecmp (st->name, string) == 0) {
*salttype = st->type;
return 0;
}
}
krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
N_("salttype %s not supported", ""), string);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
/* coverity[+alloc : arg-*3] */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
krb5_salttype stype,
char **string)
{
struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
if (e == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for (st = e->keytype->string_to_key; st && st->type; st++) {
if (st->type == stype) {
*string = strdup (st->name);
if (*string == NULL) {
krb5_set_error_message (context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
return 0;
}
}
krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP,
"salttype %d not supported", stype);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
krb5_data opaque,
krb5_keyblock *key)
{
struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
struct salt_type *st;
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
enctype);
return KRB5_PROG_ETYPE_NOSUPP;
}
for(st = et->keytype->string_to_key; st && st->type; st++)
if(st->type == salt.salttype)
return (*st->string_to_key)(context, enctype, password,
salt, opaque, key);
krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP,
N_("salt type %d not supported", ""),
salt.salttype);
return HEIM_ERR_SALTTYPE_NOSUPP;
}
static krb5_error_code
AES_SHA1_string_to_key(krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
krb5_data opaque,
krb5_keyblock *key)
{
krb5_error_code ret;
uint32_t iter;
struct _krb5_encryption_type *et;
struct _krb5_key_data kd;
if (opaque.length == 0)
iter = _krb5_AES_SHA1_string_to_default_iterator;
else if (opaque.length == 4) {
unsigned long v;
_krb5_get_int(opaque.data, &v, 4);
iter = ((uint32_t)v);
} else
return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
et = _krb5_find_enctype(enctype);
if (et == NULL)
return KRB5_PROG_KEYTYPE_NOSUPP;
kd.schedule = NULL;
ALLOC(kd.key, 1);
if (kd.key == NULL)
return krb5_enomem(context);
kd.key->keytype = enctype;
ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
if (ret) {
krb5_set_error_message (context, ret, N_("malloc: out of memory", ""));
return ret;
}
ret = PKCS5_PBKDF2_HMAC(password.data, password.length,
salt.saltvalue.data, salt.saltvalue.length,
iter,
EVP_sha1(),
et->keytype->size, kd.key->keyvalue.data);
if (ret != 1) {
_krb5_free_key_data(context, &kd, et);
krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
"Error calculating s2k");
return KRB5_PROG_KEYTYPE_NOSUPP;
}
ret = _krb5_derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
if (ret == 0)
ret = krb5_copy_keyblock_contents(context, kd.key, key);
_krb5_free_key_data(context, &kd, et);
return ret;
}
krb5_error_code
_krb5_pk_octetstring2key(krb5_context context,
krb5_enctype type,
const void *dhdata,
size_t dhsize,
const heim_octet_string *c_n,
const heim_octet_string *k_n,
krb5_keyblock *key)
{
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
krb5_error_code ret;
size_t keylen, offset;
void *keydata;
unsigned char counter;
unsigned char shaoutput[SHA_DIGEST_LENGTH];
EVP_MD_CTX *m;
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
type);
return KRB5_PROG_ETYPE_NOSUPP;
}
keylen = (et->keytype->bits + 7) / 8;
keydata = malloc(keylen);
if (keydata == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
m = EVP_MD_CTX_create();
if (m == NULL) {
free(keydata);
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
counter = 0;
offset = 0;
do {
EVP_DigestInit_ex(m, EVP_sha1(), NULL);
EVP_DigestUpdate(m, &counter, 1);
EVP_DigestUpdate(m, dhdata, dhsize);
if (c_n)
EVP_DigestUpdate(m, c_n->data, c_n->length);
if (k_n)
EVP_DigestUpdate(m, k_n->data, k_n->length);
EVP_DigestFinal_ex(m, shaoutput, NULL);
memcpy((unsigned char *)keydata + offset,
shaoutput,
min(keylen - offset, sizeof(shaoutput)));
offset += sizeof(shaoutput);
counter++;
} while(offset < keylen);
memset(shaoutput, 0, sizeof(shaoutput));
EVP_MD_CTX_destroy(m);
ret = krb5_random_to_key(context, type, keydata, keylen, key);
memset(keydata, 0, sizeof(keylen));
free(keydata);
return ret;
}
krb5_error_code
_krb5_pk_kdf(krb5_context context,
const struct AlgorithmIdentifier *ai,
const void *dhdata,
size_t dhsize,
krb5_const_principal client,
krb5_const_principal server,
krb5_enctype enctype,
const krb5_data *as_req,
const krb5_data *pk_as_rep,
const Ticket *ticket,
krb5_keyblock *key)
{
struct _krb5_encryption_type *et;
krb5_error_code ret;
krb5_data other;
size_t keylen, offset;
uint32_t counter;
unsigned char *keydata;
unsigned char shaoutput[SHA512_DIGEST_LENGTH];
const EVP_MD *md;
EVP_MD_CTX *m;
if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) {
md = EVP_sha1();
} else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) {
md = EVP_sha256();
} else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) {
md = EVP_sha512();
} else {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("KDF not supported", ""));
return KRB5_PROG_ETYPE_NOSUPP;
}
if (ai->parameters != NULL &&
(ai->parameters->length != 2 ||
memcmp(ai->parameters->data, "\x05\x00", 2) != 0))
{
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("kdf params not NULL or the NULL-type",
""));
return KRB5_PROG_ETYPE_NOSUPP;
}
et = _krb5_find_enctype(enctype);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
enctype);
return KRB5_PROG_ETYPE_NOSUPP;
}
keylen = (et->keytype->bits + 7) / 8;
keydata = malloc(keylen);
if (keydata == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
ret = encode_otherinfo(context, ai, client, server,
enctype, as_req, pk_as_rep, ticket, &other);
if (ret) {
free(keydata);
return ret;
}
m = EVP_MD_CTX_create();
if (m == NULL) {
free(keydata);
free(other.data);
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
offset = 0;
counter = 1;
do {
unsigned char cdata[4];
EVP_DigestInit_ex(m, md, NULL);
_krb5_put_int(cdata, counter, 4);
EVP_DigestUpdate(m, cdata, 4);
EVP_DigestUpdate(m, dhdata, dhsize);
EVP_DigestUpdate(m, other.data, other.length);
EVP_DigestFinal_ex(m, shaoutput, NULL);
memcpy((unsigned char *)keydata + offset,
shaoutput,
min(keylen - offset, EVP_MD_CTX_size(m)));
offset += EVP_MD_CTX_size(m);
counter++;
} while(offset < keylen);
memset(shaoutput, 0, sizeof(shaoutput));
EVP_MD_CTX_destroy(m);
free(other.data);
ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
memset(keydata, 0, sizeof(keylen));
free(keydata);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_derived(krb5_context context,
const void *str,
size_t len,
krb5_enctype etype,
krb5_keyblock *key)
{
struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
krb5_error_code ret;
struct _krb5_key_data kd;
size_t keylen;
u_char *tmp;
if(et == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
keylen = et->keytype->bits / 8;
ALLOC(kd.key, 1);
if(kd.key == NULL) {
krb5_set_error_message (context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
if(ret) {
free(kd.key);
return ret;
}
kd.key->keytype = etype;
tmp = malloc (keylen);
if(tmp == NULL) {
krb5_free_keyblock(context, kd.key);
krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
ret = _krb5_n_fold(str, len, tmp, keylen);
if (ret) {
free(tmp);
krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
return ret;
}
kd.schedule = NULL;
_krb5_DES3_random_to_key(context, kd.key, tmp, keylen);
memset(tmp, 0, keylen);
free(tmp);
ret = _krb5_derive_key(context,
et,
&kd,
"kerberos", /* XXX well known constant */
strlen("kerberos"));
if (ret) {
_krb5_free_key_data(context, &kd, et);
return ret;
}
ret = krb5_copy_keyblock_contents(context, kd.key, key);
_krb5_free_key_data(context, &kd, et);
return ret;
}
static krb5_error_code
AES_SHA2_string_to_key(krb5_context context,
krb5_enctype enctype,
krb5_data password,
krb5_salt salt,
krb5_data opaque,
krb5_keyblock *key)
{
krb5_error_code ret;
uint32_t iter;
struct _krb5_encryption_type *et = NULL;
struct _krb5_key_data kd;
krb5_data saltp;
size_t enctypesz;
const EVP_MD *md = NULL;
krb5_data_zero(&saltp);
kd.key = NULL;
kd.schedule = NULL;
if (opaque.length == 0) {
iter = _krb5_AES_SHA2_string_to_default_iterator;
} else if (opaque.length == 4) {
unsigned long v;
_krb5_get_int(opaque.data, &v, 4);
iter = ((uint32_t)v);
} else {
ret = KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
goto cleanup;
}
et = _krb5_find_enctype(enctype);
if (et == NULL) {
ret = KRB5_PROG_KEYTYPE_NOSUPP;
goto cleanup;
}
kd.schedule = NULL;
ALLOC(kd.key, 1);
if (kd.key == NULL) {
ret = krb5_enomem(context);
goto cleanup;
}
kd.key->keytype = enctype;
ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
if (ret) {
ret = krb5_enomem(context);
goto cleanup;
}
enctypesz = strlen(et->name) + 1;
ret = krb5_data_alloc(&saltp, enctypesz + salt.saltvalue.length);
if (ret) {
ret = krb5_enomem(context);
goto cleanup;
}
memcpy(saltp.data, et->name, enctypesz);
memcpy((unsigned char *)saltp.data + enctypesz,
salt.saltvalue.data, salt.saltvalue.length);
ret = _krb5_aes_sha2_md_for_enctype(context, enctype, &md);
if (ret)
goto cleanup;
ret = PKCS5_PBKDF2_HMAC(password.data, password.length,
saltp.data, saltp.length,
iter, md,
et->keytype->size, kd.key->keyvalue.data);
if (ret != 1) {
krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP,
"Error calculating s2k");
ret = KRB5_PROG_KEYTYPE_NOSUPP;
goto cleanup;
}
ret = _krb5_derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
if (ret)
goto cleanup;
ret = krb5_copy_keyblock_contents(context, kd.key, key);
if (ret)
goto cleanup;
cleanup:
krb5_data_free(&saltp);
_krb5_free_key_data(context, &kd, et);
return ret;
}
