xref: /illumos-gate/usr/src/lib/krb5/kdb/decrypt_key.c (revision 159d09a2)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 
7 /*
8  * lib/kdb/decrypt_key.c
9  *
10  * Copyright 1990,1991 by the Massachusetts Institute of Technology.
11  * All Rights Reserved.
12  *
13  * Export of this software from the United States of America may
14  *   require a specific license from the United States Government.
15  *   It is the responsibility of any person or organization contemplating
16  *   export to obtain such a license before exporting.
17  *
18  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
19  * distribute this software and its documentation for any purpose and
20  * without fee is hereby granted, provided that the above copyright
21  * notice appear in all copies and that both that copyright notice and
22  * this permission notice appear in supporting documentation, and that
23  * the name of M.I.T. not be used in advertising or publicity pertaining
24  * to distribution of the software without specific, written prior
25  * permission.  Furthermore if you modify this software you must label
26  * your software as modified software and not distribute it in such a
27  * fashion that it might be confused with the original M.I.T. software.
28  * M.I.T. makes no representations about the suitability of
29  * this software for any purpose.  It is provided "as is" without express
30  * or implied warranty.
31  *
32  *
33  * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions
34  */
35 
36 /*
37  * Copyright (C) 1998 by the FundsXpress, INC.
38  *
39  * All rights reserved.
40  *
41  * Export of this software from the United States of America may require
42  * a specific license from the United States Government.  It is the
43  * responsibility of any person or organization contemplating export to
44  * obtain such a license before exporting.
45  *
46  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
47  * distribute this software and its documentation for any purpose and
48  * without fee is hereby granted, provided that the above copyright
49  * notice appear in all copies and that both that copyright notice and
50  * this permission notice appear in supporting documentation, and that
51  * the name of FundsXpress. not be used in advertising or publicity pertaining
52  * to distribution of the software without specific, written prior
53  * permission.  FundsXpress makes no representations about the suitability of
54  * this software for any purpose.  It is provided "as is" without express
55  * or implied warranty.
56  *
57  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
58  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
59  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
60  */
61 
62 #include "k5-int.h"
63 #include <krb5/kdb.h>
64 
65 /*
66  * Decrypt a key from storage in the database.  "eblock" is used
67  * to decrypt the key in "in" into "out"; the storage pointed to by "out"
68  * is allocated before use.
69  */
70 
71 krb5_error_code
krb5_dbekd_decrypt_key_data(krb5_context context,const krb5_keyblock * mkey,const krb5_key_data * key_data,krb5_keyblock * dbkey,krb5_keysalt * keysalt)72 krb5_dbekd_decrypt_key_data( krb5_context 	  context,
73 			     const krb5_keyblock	* mkey,
74 			     const krb5_key_data	* key_data,
75 			     krb5_keyblock 	* dbkey,
76 			     krb5_keysalt 	* keysalt)
77 {
78     krb5_error_code 	  retval = 0;
79     krb5_int16		  tmplen;
80     krb5_octet		* ptr;
81     krb5_enc_data	  cipher;
82     krb5_data		  plain;
83 
84     ptr = key_data->key_data_contents[0];
85 
86     if (ptr) {
87 	krb5_kdb_decode_int16(ptr, tmplen);
88 	ptr += 2;
89 
90 	cipher.enctype = ENCTYPE_UNKNOWN;
91 	cipher.ciphertext.length = key_data->key_data_length[0]-2;
92 	cipher.ciphertext.data = (char *)ptr;  /* SUNWresync121 XXX */
93 	plain.length = key_data->key_data_length[0]-2;
94 	if ((plain.data = (char *) malloc(plain.length)) == NULL)
95 	    return(ENOMEM);
96 	(void) memset(plain.data, 0, plain.length);
97 
98 	if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0,
99 				     &cipher, &plain))) {
100 	    krb5_xfree(plain.data);
101 	    return retval;
102 	}
103 
104 	/* tmplen is the true length of the key.  plain.data is the
105 	   plaintext data length, but it may be padded, since the
106 	   old-style etypes didn't store the real length.  I can check
107 	   to make sure that there are enough bytes, but I can't do
108 	   any better than that. */
109 
110 	if (tmplen > plain.length) {
111 	    krb5_xfree(plain.data);
112 	    return(KRB5_CRYPTO_INTERNAL);
113 	}
114 
115 	dbkey->magic = KV5M_KEYBLOCK;
116 	dbkey->enctype = key_data->key_data_type[0];
117 	dbkey->length = tmplen;
118 	dbkey->contents = (unsigned char *) plain.data;  /* SUNWresync121 XXX */
119 	dbkey->dk_list = NULL;
120 	dbkey->hKey = CK_INVALID_HANDLE;
121     }
122 
123     /* Decode salt data */
124     if (keysalt) {
125 	if (key_data->key_data_ver == 2) {
126 	    keysalt->type = key_data->key_data_type[1];
127 	    if ((keysalt->data.length = key_data->key_data_length[1])) {
128 		if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){
129 		    if (key_data->key_data_contents[0]) {
130 			krb5_xfree(dbkey->contents);
131 			dbkey->contents = 0;
132 			dbkey->length = 0;
133 		    }
134 		    return ENOMEM;
135 		}
136 		memcpy(keysalt->data.data, key_data->key_data_contents[1],
137 		       (size_t) keysalt->data.length);
138 	    } else
139 		keysalt->data.data = (char *) NULL;
140 	} else {
141 	    keysalt->type = KRB5_KDB_SALTTYPE_NORMAL;
142 	    keysalt->data.data = (char *) NULL;
143 	    keysalt->data.length = 0;
144 	}
145     }
146 
147     return retval;
148 }
149