1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
/*
* $Source$
* $Author$
*
* Copyright 1990 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* For copying and distribution information, please see the file
* <krb5/copyright.h>.
*
* krb5_mk_rep()
*/
#if !defined(lint) && !defined(SABER)
static char rcsid_mk_rep_c[] =
"$Id$";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
#include <krb5/asn1.h>
#include <krb5/libos.h>
#include <krb5/libos-proto.h>
#include <krb5/ext-proto.h>
/*
Formats a KRB_AP_REP message into outbuf.
The reply in repl is encrypted under the key in kblock, and the resulting
message encoded and left in outbuf.
The outbuf buffer storage is allocated, and should be freed by the
caller when finished.
returns system errors
*/
krb5_error_code
krb5_mk_rep(repl, kblock, outbuf)
const krb5_ap_rep_enc_part *repl;
const krb5_keyblock *kblock;
krb5_data *outbuf;
{
krb5_error_code retval;
krb5_data *scratch;
krb5_ap_rep reply;
krb5_enctype etype;
krb5_encrypt_block eblock;
krb5_data *toutbuf;
/* verify a valid etype is available */
if (!valid_keytype(kblock->keytype))
return KRB5_PROG_KEYTYPE_NOSUPP;
etype = krb5_keytype_array[kblock->keytype]->system->proto_enctype;
if (!valid_etype(etype))
return KRB5_PROG_ETYPE_NOSUPP;
/* encode it before encrypting */
if (retval = encode_krb5_ap_rep_enc_part(repl, &scratch))
return retval;
#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
krb5_free_data(scratch); }
/* put together an eblock for this encryption */
krb5_use_cstype(&eblock, etype);
reply.enc_part.etype = etype;
reply.enc_part.kvno = 0; /* XXX user set? */
reply.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length,
eblock.crypto_entry);
/* add padding area, and zero it */
if (!(scratch->data = realloc(scratch->data,
reply.enc_part.ciphertext.length))) {
/* may destroy scratch->data */
xfree(scratch);
return ENOMEM;
}
memset(scratch->data + scratch->length, 0,
reply.enc_part.ciphertext.length - scratch->length);
if (!(reply.enc_part.ciphertext.data =
malloc(reply.enc_part.ciphertext.length))) {
retval = ENOMEM;
goto clean_scratch;
}
#define cleanup_encpart() {\
(void) memset(reply.enc_part.ciphertext.data, 0,\
reply.enc_part.ciphertext.length); \
free(reply.enc_part.ciphertext.data); \
reply.enc_part.ciphertext.length = 0; reply.enc_part.ciphertext.data = 0;}
/* do any necessary key pre-processing */
if (retval = krb5_process_key(&eblock, kblock)) {
goto clean_encpart;
}
#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
/* call the encryption routine */
if (retval = krb5_encrypt((krb5_pointer) scratch->data,
(krb5_pointer) reply.enc_part.ciphertext.data,
scratch->length, &eblock, 0)) {
goto clean_prockey;
}
/* encrypted part now assembled-- do some cleanup */
cleanup_scratch();
if (retval = krb5_finish_key(&eblock)) {
cleanup_encpart();
return retval;
}
if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
*outbuf = *toutbuf;
xfree(toutbuf);
}
cleanup_encpart();
return retval;
clean_prockey:
cleanup_prockey();
clean_encpart:
cleanup_encpart();
clean_scratch:
cleanup_scratch();
return retval;
}
|
