2 * lib/kdb/decrypt_key.c
4 * Copyright 1990,1991 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
27 * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions
31 * Copyright (C) 1998 by the FundsXpress, INC.
33 * All rights reserved.
35 * Export of this software from the United States of America may require
36 * a specific license from the United States Government. It is the
37 * responsibility of any person or organization contemplating export to
38 * obtain such a license before exporting.
40 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
41 * distribute this software and its documentation for any purpose and
42 * without fee is hereby granted, provided that the above copyright
43 * notice appear in all copies and that both that copyright notice and
44 * this permission notice appear in supporting documentation, and that
45 * the name of FundsXpress. not be used in advertising or publicity pertaining
46 * to distribution of the software without specific, written prior
47 * permission. FundsXpress makes no representations about the suitability of
48 * this software for any purpose. It is provided "as is" without express
49 * or implied warranty.
51 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
52 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
53 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
60 * Decrypt a key from storage in the database. "eblock" is used
61 * to decrypt the key in "in" into "out"; the storage pointed to by "out"
62 * is allocated before use.
66 krb5_dbekd_decrypt_key_data( krb5_context context,
67 const krb5_keyblock * mkey,
68 const krb5_key_data * key_data,
69 krb5_keyblock * dbkey,
70 krb5_keysalt * keysalt)
72 krb5_error_code retval = 0;
78 ptr = key_data->key_data_contents[0];
81 krb5_kdb_decode_int16(ptr, tmplen);
84 cipher.enctype = ENCTYPE_UNKNOWN;
85 cipher.ciphertext.length = key_data->key_data_length[0]-2;
86 cipher.ciphertext.data = ptr;
87 plain.length = key_data->key_data_length[0]-2;
88 if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL)
91 if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0,
93 krb5_xfree(plain.data);
97 /* tmplen is the true length of the key. plain.data is the
98 plaintext data length, but it may be padded, since the
99 old-style etypes didn't store the real length. I can check
100 to make sure that there are enough bytes, but I can't do
101 any better than that. */
103 if (tmplen > plain.length) {
104 krb5_xfree(plain.data);
105 return(KRB5_CRYPTO_INTERNAL);
108 dbkey->magic = KV5M_KEYBLOCK;
109 dbkey->enctype = key_data->key_data_type[0];
110 dbkey->length = tmplen;
111 dbkey->contents = plain.data;
114 /* Decode salt data */
116 if (key_data->key_data_ver == 2) {
117 keysalt->type = key_data->key_data_type[1];
118 if ((keysalt->data.length = key_data->key_data_length[1])) {
119 if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){
120 if (key_data->key_data_contents[0]) {
121 krb5_xfree(dbkey->contents);
127 memcpy(keysalt->data.data, key_data->key_data_contents[1],
128 (size_t) keysalt->data.length);
130 keysalt->data.data = (char *) NULL;
132 keysalt->type = KRB5_KDB_SALTTYPE_NORMAL;
133 keysalt->data.data = (char *) NULL;
134 keysalt->data.length = 0;