xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/kadm5/randkey_c.c (revision d3273b5b76f5afaafe308cead5511dbb8df8c5e9) 
1 /*	$NetBSD: randkey_c.c,v 1.2 2017/01/28 21:31:49 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "kadm5_locl.h"
37 
38 __RCSID("$NetBSD: randkey_c.c,v 1.2 2017/01/28 21:31:49 christos Exp $");
39 
40 kadm5_ret_t
kadm5_c_randkey_principal(void * server_handle,krb5_principal princ,krb5_boolean keepold,int n_ks_tuple,krb5_key_salt_tuple * ks_tuple,krb5_keyblock ** new_keys,int * n_keys)41 kadm5_c_randkey_principal(void *server_handle,
42 			  krb5_principal princ,
43 			  krb5_boolean keepold,
44 			  int n_ks_tuple,
45 			  krb5_key_salt_tuple *ks_tuple,
46 			  krb5_keyblock **new_keys,
47 			  int *n_keys)
48 {
49     kadm5_client_context *context = server_handle;
50     kadm5_ret_t ret;
51     krb5_storage *sp;
52     unsigned char buf[1536];
53     int32_t tmp;
54     size_t i;
55     krb5_data reply;
56 
57     ret = _kadm5_connect(server_handle);
58     if(ret)
59 	return ret;
60 
61     sp = krb5_storage_from_mem(buf, sizeof(buf));
62     if (sp == NULL) {
63 	krb5_clear_error_message(context->context);
64 	return ENOMEM;
65     }
66 
67     /*
68      * NOTE WELL: This message is extensible.  It currently consists of:
69      *
70      *  - opcode (kadm_randkey)
71      *  - principal name (princ)
72      *
73      * followed by optional items, each of which must be present if
74      * there are any items following them that are also present:
75      *
76      *  - keepold boolean (whether to delete old kvnos)
77      *  - number of key/salt type tuples
78      *  - array of {enctype, salttype}
79      *
80      * Eventually we may add:
81      *
82      *  - opaque string2key parameters (salt, rounds, ...)
83      */
84     ret = krb5_store_int32(sp, kadm_randkey);
85     if (ret == 0)
86         ret = krb5_store_principal(sp, princ);
87 
88     if (ret == 0 && (keepold == TRUE || n_ks_tuple > 0))
89 	ret = krb5_store_uint32(sp, keepold);
90     if (ret == 0 && n_ks_tuple > 0)
91 	ret = krb5_store_uint32(sp, n_ks_tuple);
92     for (i = 0; ret == 0 && i < n_ks_tuple; i++) {
93 	ret = krb5_store_int32(sp, ks_tuple[i].ks_enctype);
94         if (ret == 0)
95             krb5_store_int32(sp, ks_tuple[i].ks_salttype);
96     }
97     if (ret)
98         return ret;
99     /* Future extensions go here */
100 
101     ret = _kadm5_client_send(context, sp);
102     krb5_storage_free(sp);
103     if (ret)
104 	return ret;
105     ret = _kadm5_client_recv(context, &reply);
106     if(ret)
107 	return ret;
108     sp = krb5_storage_from_data(&reply);
109     if (sp == NULL) {
110 	krb5_clear_error_message(context->context);
111 	krb5_data_free (&reply);
112 	return ENOMEM;
113     }
114     krb5_clear_error_message(context->context);
115     ret = krb5_ret_int32(sp, &tmp);
116     if (ret == 0)
117         ret = tmp;
118     if (ret == 0){
119 	krb5_keyblock *k;
120 
121 	ret = krb5_ret_int32(sp, &tmp);
122         if (ret)
123             goto out;
124 	if (tmp < 0) {
125 	    ret = EOVERFLOW;
126 	    goto out;
127 	}
128 	k = calloc(tmp, sizeof(*k));
129 	if (k == NULL) {
130 	    ret = ENOMEM;
131 	    goto out;
132 	}
133 	for(i = 0; ret == 0 && i < tmp; i++)
134 	    ret = krb5_ret_keyblock(sp, &k[i]);
135 	if (ret == 0 && n_keys && new_keys) {
136 	    *n_keys = tmp;
137 	    *new_keys = k;
138 	} else {
139             krb5_free_keyblock_contents(context->context, &k[i]);
140             for (; i > 0; i--)
141                 krb5_free_keyblock_contents(context->context, &k[i - 1]);
142             free(k);
143         }
144     }
145 out:
146     krb5_storage_free(sp);
147     krb5_data_free (&reply);
148     return ret;
149 }
150