2 * lib/krb5/krb/encode_kdc.c
4 * Copyright 1990 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. M.I.T. makes no representations about the suitability of
20 * this software for any purpose. It is provided "as is" without express
21 * or implied warranty.
24 * krb5_encode_kdc_rep() function.
30 Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep,
31 using message type type and encryption key client_key and encryption type
34 The string *enc_rep will be allocated before formatting; the caller should
39 dec_rep->enc_part.ciphertext is allocated and filled in.
41 /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
44 krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep)
46 const krb5_msgtype type;
47 const krb5_enc_kdc_rep_part * encpart;
48 krb5_encrypt_block * eblock;
49 const krb5_keyblock * client_key;
50 krb5_kdc_rep * dec_rep;
54 krb5_error_code retval;
55 krb5_enc_kdc_rep_part tmp_encpart;
57 if (!valid_etype(dec_rep->enc_part.etype))
58 return KRB5_PROG_ETYPE_NOSUPP;
65 return KRB5_BADMSGTYPE;
69 * We don't want to modify encpart, but we need to be able to pass
70 * in the message type to the encoder, so it can set the ASN.1
73 * Although note that it may be doing nothing with the message
74 * type, to be compatible with old versions of Kerberos that always
75 * encode this as a TGS_REP regardly of what it really should be;
76 * also note that the reason why we are passing it in a structure
77 * instead of as an argument to encode_krb5_enc_kdc_rep_part (the
78 * way we should) is for compatibility with the ISODE version of
79 * this fuction. Ah, compatibility....
81 tmp_encpart = *encpart;
82 tmp_encpart.msg_type = type;
83 retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch);
87 memset(&tmp_encpart, 0, sizeof(tmp_encpart));
89 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
90 krb5_free_data(context, scratch); }
92 dec_rep->enc_part.ciphertext.length =
93 krb5_encrypt_size(scratch->length, eblock->crypto_entry);
94 /* add padding area, and zero it */
95 if (!(scratch->data = realloc(scratch->data,
96 dec_rep->enc_part.ciphertext.length))) {
97 /* may destroy scratch->data */
101 memset(scratch->data + scratch->length, 0,
102 dec_rep->enc_part.ciphertext.length - scratch->length);
103 if (!(dec_rep->enc_part.ciphertext.data =
104 malloc(dec_rep->enc_part.ciphertext.length))) {
109 #define cleanup_encpart() { \
110 (void) memset(dec_rep->enc_part.ciphertext.data, 0, \
111 dec_rep->enc_part.ciphertext.length); \
112 free(dec_rep->enc_part.ciphertext.data); \
113 dec_rep->enc_part.ciphertext.length = 0; \
114 dec_rep->enc_part.ciphertext.data = 0;}
116 retval = krb5_process_key(context, eblock, client_key);
121 #define cleanup_prockey() {(void) krb5_finish_key(context, eblock);}
123 retval = krb5_encrypt(context, (krb5_pointer) scratch->data,
124 (krb5_pointer) dec_rep->enc_part.ciphertext.data,
125 scratch->length, eblock, 0);
130 dec_rep->enc_part.etype = krb5_eblock_enctype(context, eblock);
132 /* do some cleanup */
135 retval = krb5_finish_key(context, eblock);
141 /* now it's ready to be encoded for the wire! */
145 retval = encode_krb5_as_rep(dec_rep, enc_rep);
148 retval = encode_krb5_tgs_rep(dec_rep, enc_rep);