#include <krb5/ext-proto.h>
/*
- Takes encrypted dec_ticket->enc_part, encrypts with dec_ticket->etype
+ Decrypts dec_ticket->enc_part
using *srv_key, and places result in dec_ticket->enc_part2.
The storage of dec_ticket->enc_part2 will be allocated before return.
krb5_data scratch;
krb5_error_code retval;
- if (!valid_etype(ticket->etype))
+ if (!valid_etype(ticket->enc_part.etype))
return KRB5_PROG_ETYPE_NOSUPP;
/* put together an eblock for this encryption */
- eblock.crypto_entry = krb5_csarray[ticket->etype]->system;
+ eblock.crypto_entry = krb5_csarray[ticket->enc_part.etype]->system;
- scratch.length = ticket->enc_part.length;
- if (!(scratch.data = malloc(ticket->enc_part.length)))
+ scratch.length = ticket->enc_part.ciphertext.length;
+ if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length)))
return(ENOMEM);
/* do any necessary key pre-processing */
}
/* call the encryption routine */
- if (retval = krb5_decrypt((krb5_pointer) ticket->enc_part.data,
+ if (retval = krb5_decrypt((krb5_pointer) ticket->enc_part.ciphertext.data,
(krb5_pointer) scratch.data,
scratch.length, &eblock, 0)) {
(void) krb5_finish_key(&eblock);
#include <krb5/ext-proto.h>
/*
- Takes unencrypted dec_ticket & dec_tkt_part, encrypts with dec_ticket->etype
+ Takes unencrypted dec_ticket & dec_tkt_part, encrypts with
+ dec_ticket->enc_part.etype
using *srv_key, and places result in dec_ticket->enc_part.
- The string dec_ticket->enc_part will be allocated before formatting.
+ The string dec_ticket->enc_part.ciphertext will be allocated before
+ formatting.
returns errors from encryption routines, system errors
- enc_part->data allocated & filled in with encrypted stuff
+ enc_part->ciphertext.data allocated & filled in with encrypted stuff
*/
krb5_error_code
/* encrypt the encrypted part */
- if (!valid_etype(dec_ticket->etype))
+ if (!valid_etype(dec_ticket->enc_part.etype))
return KRB5_PROG_ETYPE_NOSUPP;
/* start by encoding the to-be-encrypted part. */
/* put together an eblock for this encryption */
- eblock.crypto_entry = krb5_csarray[dec_ticket->etype]->system;
- dec_ticket->enc_part.length = krb5_encrypt_size(scratch->length,
- eblock.crypto_entry);
+ eblock.crypto_entry = krb5_csarray[dec_ticket->enc_part.etype]->system;
+ dec_ticket->enc_part.ciphertext.length =
+ krb5_encrypt_size(scratch->length,
+ eblock.crypto_entry);
/* add padding area, and zero it */
- if (!(scratch->data = realloc(scratch->data, dec_ticket->enc_part.length))) {
+ if (!(scratch->data = realloc(scratch->data,
+ dec_ticket->enc_part.ciphertext.length))) {
/* may destroy scratch->data */
xfree(scratch);
return ENOMEM;
}
bzero(scratch->data + scratch->length,
- dec_ticket->enc_part.length - scratch->length);
- if (!(dec_ticket->enc_part.data = malloc(dec_ticket->enc_part.length))) {
+ dec_ticket->enc_part.ciphertext.length - scratch->length);
+ if (!(dec_ticket->enc_part.ciphertext.data =
+ malloc(dec_ticket->enc_part.ciphertext.length))) {
retval = ENOMEM;
goto clean_scratch;
}
-#define cleanup_encpart() {(void) bzero(dec_ticket->enc_part.data, dec_ticket->enc_part.length); free(dec_ticket->enc_part.data); dec_ticket->enc_part.length = 0; dec_ticket->enc_part.data = 0;}
+#define cleanup_encpart() {\
+(void) bzero(dec_ticket->enc_part.ciphertext.data, \
+ dec_ticket->enc_part.ciphertext.length); \
+free(dec_ticket->enc_part.ciphertext.data); \
+dec_ticket->enc_part.ciphertext.length = 0; \
+dec_ticket->enc_part.ciphertext.data = 0;}
/* do any necessary key pre-processing */
if (retval = krb5_process_key(&eblock, srv_key)) {
/* call the encryption routine */
if (retval = krb5_encrypt((krb5_pointer) scratch->data,
- (krb5_pointer) dec_ticket->enc_part.data,
+ (krb5_pointer) dec_ticket->enc_part.ciphertext.data,
scratch->length, &eblock, 0)) {
goto clean_prockey;
}
krb5_data scratch;
krb5_enc_kdc_rep_part *local_encpart;
- if (!valid_etype(dec_rep->etype))
+ if (!valid_etype(dec_rep->enc_part.etype))
return KRB5_PROG_ETYPE_NOSUPP;
/* set up scratch decrypt/decode area */
- scratch.length = dec_rep->enc_part.length;
- if (!(scratch.data = malloc(dec_rep->enc_part.length))) {
+ scratch.length = dec_rep->enc_part.ciphertext.length;
+ if (!(scratch.data = malloc(dec_rep->enc_part.ciphertext.length))) {
return(ENOMEM);
}
/* put together an eblock for this encryption */
- eblock.crypto_entry = krb5_csarray[dec_rep->etype]->system;
+ eblock.crypto_entry = krb5_csarray[dec_rep->enc_part.etype]->system;
/* do any necessary key pre-processing */
if (retval = krb5_process_key(&eblock, key)) {
}
/* call the decryption routine */
- if (retval = krb5_decrypt((krb5_pointer) dec_rep->enc_part.data,
+ if (retval = krb5_decrypt((krb5_pointer) dec_rep->enc_part.ciphertext.data,
(krb5_pointer) scratch.data,
scratch.length, &eblock, 0)) {
(void) krb5_finish_key(&eblock);
/* put together an eblock for this encryption */
eblock.crypto_entry = krb5_csarray[etype]->system;
- request.authenticator.length = krb5_encrypt_size(scratch->length,
- eblock.crypto_entry);
+ request.authenticator.etype = etype;
+ request.authenticator.kvno = 0; /* XXX user set? */
+ request.authenticator.ciphertext.length =
+ krb5_encrypt_size(scratch->length, eblock.crypto_entry);
/* add padding area, and zero it */
- if (!(scratch->data = realloc(scratch->data, request.authenticator.length))) {
+ if (!(scratch->data = realloc(scratch->data,
+ request.authenticator.ciphertext.length))) {
/* may destroy scratch->data */
xfree(scratch);
retval = ENOMEM;
goto clean_ticket;
}
bzero(scratch->data + scratch->length,
- request.authenticator.length - scratch->length);
- if (!(request.authenticator.data = malloc(request.authenticator.length))) {
+ request.authenticator.ciphertext.length - scratch->length);
+ if (!(request.authenticator.ciphertext.data =
+ malloc(request.authenticator.ciphertext.length))) {
retval = ENOMEM;
goto clean_scratch;
}
-#define cleanup_encpart() {(void) bzero(request.authenticator.data, request.authenticator.length); free(request.authenticator.data); request.authenticator.length = 0; request.authenticator.data = 0;}
+#define cleanup_encpart() {\
+(void) bzero(request.authenticator.ciphertext.data, \
+ request.authenticator.ciphertext.length); \
+free(request.authenticator.ciphertext.data); \
+request.authenticator.ciphertext.length = 0; \
+request.authenticator.ciphertext.data = 0;}
/* do any necessary key pre-processing */
if (retval = krb5_process_key(&eblock, &creds->keyblock)) {
/* call the encryption routine */
if (retval = krb5_encrypt((krb5_pointer) scratch->data,
- (krb5_pointer) request.authenticator.data,
+ (krb5_pointer) request.authenticator.ciphertext.data,
scratch->length, &eblock, 0)) {
goto clean_prockey;
}