aes_s2k.c revision 159d09a20817016f09b3ea28d1bdada4a336bb91
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
*
* Copyright 2003 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* krb5int_aes_string_to_key
*/
#include "k5-int.h"
#include "dk.h"
#include "aes_s2k.h"
#define MAX_ITERATION_COUNT 0x1000000L
const struct krb5_enc_provider *enc,
{
unsigned long iter_count;
/* Solaris Kerberos */
if (params) {
return KRB5_ERR_BAD_S2K_PARAMS;
/* The first two need casts in case 'int' is 16 bits. */
iter_count = (((unsigned long)p[0] << 24)
| ((unsigned long)p[1] << 16)
| (p[2] << 8)
| (p[3]));
if (iter_count == 0) {
/*
iter_count = (1L << 16) << 16;
if (((iter_count >> 16) >> 16) != 1)
return KRB5_ERR_BAD_S2K_PARAMS;
*/
}
} else
/* This is not a protocol specification constraint; this is an
implementation limit, which should eventually be controlled by
a config file. */
if (iter_count >= MAX_ITERATION_COUNT)
return KRB5_ERR_BAD_S2K_PARAMS;
/*
* Dense key space, no parity bits or anything, so take a shortcut
* and use the key contents buffer for the generated bytes.
*/
/* Solaris Kerberos */
return KRB5_CRYPTO_INTERNAL;
/* Solaris Kerberos */
if (err) {
return err;
}
/*
* Solaris Kerberos:
* The derive key operation below will not work correctly
* if the input and output key pointers are to the same
* data. This is because the key object handle (PKCS#11)
* gets out-of-sync with the original key when the contents
* are modified. We copy the original key here for use
* below in the derive_key step, then we free this key
* before exiting.
*/
if (err) {
return err;
}
if (err) {
}
return (err);
}