2005-07-11 01:16:55 +00:00
/*
2008-10-27 11:35:07 +01:00
* Copyright ( c ) 1997 - 2003 Kungliga Tekniska Högskolan
* ( Royal Institute of Technology , Stockholm , Sweden ) .
* All rights reserved .
2005-07-11 01:16:55 +00:00
*
2008-10-27 11:35:07 +01:00
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions
* are met :
2005-07-11 01:16:55 +00:00
*
2008-10-27 11:35:07 +01:00
* 1. Redistributions of source code must retain the above copyright
* notice , this list of conditions and the following disclaimer .
2005-07-11 01:16:55 +00:00
*
2008-10-27 11:35:07 +01:00
* 2. Redistributions in binary form must reproduce the above copyright
* notice , this list of conditions and the following disclaimer in the
* documentation and / or other materials provided with the distribution .
2005-07-11 01:16:55 +00:00
*
2008-10-27 11:35:07 +01:00
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission .
2005-07-11 01:16:55 +00:00
*
2008-10-27 11:35:07 +01:00
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ` ` AS IS ' ' AND
* ANY EXPRESS OR IMPLIED WARRANTIES , INCLUDING , BUT NOT LIMITED TO , THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED . IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT , INDIRECT , INCIDENTAL , SPECIAL , EXEMPLARY , OR CONSEQUENTIAL
* DAMAGES ( INCLUDING , BUT NOT LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES ; LOSS OF USE , DATA , OR PROFITS ; OR BUSINESS INTERRUPTION )
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY , WHETHER IN CONTRACT , STRICT
* LIABILITY , OR TORT ( INCLUDING NEGLIGENCE OR OTHERWISE ) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE , EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE .
2005-07-11 01:16:55 +00:00
*/
# include <krb5_locl.h>
2008-08-26 19:35:52 +02:00
RCSID ( " $Id$ " ) ;
2005-07-11 01:16:55 +00:00
2008-10-27 11:35:07 +01:00
2005-07-11 01:16:55 +00:00
krb5_error_code KRB5_LIB_FUNCTION
krb5_mk_priv ( krb5_context context ,
krb5_auth_context auth_context ,
const krb5_data * userdata ,
krb5_data * outbuf ,
krb5_replay_data * outdata )
{
krb5_error_code ret ;
KRB_PRIV s ;
EncKrbPrivPart part ;
u_char * buf = NULL ;
size_t buf_size ;
size_t len ;
krb5_crypto crypto ;
krb5_keyblock * key ;
krb5_replay_data rdata ;
2008-10-27 11:35:07 +01:00
if ( ( auth_context - > flags &
2005-07-11 01:16:55 +00:00
( KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE ) ) & &
outdata = = NULL )
return KRB5_RC_REQUIRED ; /* XXX better error, MIT returns this */
if ( auth_context - > local_subkey )
key = auth_context - > local_subkey ;
else if ( auth_context - > remote_subkey )
key = auth_context - > remote_subkey ;
else
key = auth_context - > keyblock ;
memset ( & rdata , 0 , sizeof ( rdata ) ) ;
part . user_data = * userdata ;
krb5_us_timeofday ( context , & rdata . timestamp , & rdata . usec ) ;
if ( auth_context - > flags & KRB5_AUTH_CONTEXT_DO_TIME ) {
part . timestamp = & rdata . timestamp ;
part . usec = & rdata . usec ;
} else {
part . timestamp = NULL ;
part . usec = NULL ;
}
if ( auth_context - > flags & KRB5_AUTH_CONTEXT_RET_TIME ) {
outdata - > timestamp = rdata . timestamp ;
outdata - > usec = rdata . usec ;
}
if ( auth_context - > flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE ) {
rdata . seq = auth_context - > local_seqnumber ;
part . seq_number = & rdata . seq ;
} else
part . seq_number = NULL ;
if ( auth_context - > flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE )
outdata - > seq = auth_context - > local_seqnumber ;
2008-10-27 11:35:07 +01:00
2005-07-11 01:16:55 +00:00
part . s_address = auth_context - > local_address ;
part . r_address = auth_context - > remote_address ;
krb5_data_zero ( & s . enc_part . cipher ) ;
ASN1_MALLOC_ENCODE ( EncKrbPrivPart , buf , buf_size , & part , & len , ret ) ;
if ( ret )
goto fail ;
if ( buf_size ! = len )
krb5_abortx ( context , " internal error in ASN.1 encoder " ) ;
s . pvno = 5 ;
s . msg_type = krb_priv ;
s . enc_part . etype = key - > keytype ;
s . enc_part . kvno = NULL ;
ret = krb5_crypto_init ( context , key , 0 , & crypto ) ;
if ( ret ) {
free ( buf ) ;
return ret ;
}
2008-10-27 11:35:07 +01:00
ret = krb5_encrypt ( context ,
2005-07-11 01:16:55 +00:00
crypto ,
KRB5_KU_KRB_PRIV ,
2008-10-27 11:35:07 +01:00
buf + buf_size - len ,
2005-07-11 01:16:55 +00:00
len ,
& s . enc_part . cipher ) ;
krb5_crypto_destroy ( context , crypto ) ;
if ( ret ) {
free ( buf ) ;
return ret ;
}
free ( buf ) ;
ASN1_MALLOC_ENCODE ( KRB_PRIV , buf , buf_size , & s , & len , ret ) ;
2006-03-11 04:03:12 +00:00
if ( ret )
2005-07-11 01:16:55 +00:00
goto fail ;
2006-03-11 04:03:12 +00:00
if ( buf_size ! = len )
krb5_abortx ( context , " internal error in ASN.1 encoder " ) ;
2005-07-11 01:16:55 +00:00
krb5_data_free ( & s . enc_part . cipher ) ;
ret = krb5_data_copy ( outbuf , buf + buf_size - len , len ) ;
if ( ret ) {
2008-10-27 11:35:07 +01:00
krb5_set_error_message ( context , ENOMEM ,
N_ ( " malloc: out of memory " , " " ) ) ;
2005-07-11 01:16:55 +00:00
free ( buf ) ;
return ENOMEM ;
}
free ( buf ) ;
if ( auth_context - > flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE )
auth_context - > local_seqnumber =
( auth_context - > local_seqnumber + 1 ) & 0xFFFFFFFF ;
return 0 ;
fail :
free ( buf ) ;
krb5_data_free ( & s . enc_part . cipher ) ;
return ret ;
}