krb5_error_code
krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
- const krb5_data *kd_data, const krb5_data *input,
- krb5_data *output);
-
-krb5_error_code
-krb5int_arcfour_gsscrypt_iov(const krb5_keyblock *keyblock,
- krb5_keyusage usage, const krb5_data *kd_data,
- krb5_crypto_iov *data, size_t num_data);
+ const krb5_data *kd_data, krb5_crypto_iov *data,
+ size_t num_data);
/*
* Attempt to zero memory in a way that compilers won't optimize out.
krb5_error_code (*arcfour_gsscrypt)(const krb5_keyblock *keyblock,
krb5_keyusage usage,
const krb5_data *kd_data,
- const krb5_data *input,
- krb5_data *output);
- krb5_error_code (*arcfour_gsscrypt_iov)(const krb5_keyblock *keyblock,
- krb5_keyusage usage,
- const krb5_data *kd_data,
- krb5_crypto_iov *data,
- size_t num_data);
+ krb5_crypto_iov *data,
+ size_t num_data);
krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
krb5_auth_context,
zapfree(comp_checksum.data, comp_checksum.length);
return ret;
}
-
-/* Encrypt or decrypt data for a GSSAPI token. */
-krb5_error_code
-krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
- const krb5_data *kd_data, const krb5_data *input,
- krb5_data *output)
-{
- const struct krb5_enc_provider *enc = &krb5int_enc_arcfour;
- const struct krb5_hash_provider *hash = &krb5int_hash_md5;
- krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
- krb5_key enc_key;
- krb5_error_code ret;
-
- ret = krb5int_c_init_keyblock(NULL, keyblock->enctype, enc->keybytes,
- &usage_keyblock);
- if (ret != 0)
- goto cleanup;
- ret = krb5int_c_init_keyblock(NULL, keyblock->enctype, enc->keybytes,
- &enc_keyblock);
- if (ret != 0)
- goto cleanup;
-
- /* Derive a usage key from the session key and usage. */
- ret = krb5int_arcfour_usage_key(enc, hash, keyblock, usage,
- usage_keyblock);
- if (ret != 0)
- goto cleanup;
-
- /* Derive the encryption key from the usage key and kd_data. */
- ret = krb5int_arcfour_enc_key(enc, hash, usage_keyblock, kd_data,
- enc_keyblock);
- if (ret != 0)
- goto cleanup;
-
- /* Encrypt or decrypt (encrypt works for both) the input. */
- ret = krb5_k_create_key(NULL, enc_keyblock, &enc_key);
- if (ret != 0)
- goto cleanup;
- ret = (*enc->encrypt)(enc_key, 0, input, output);
- krb5_k_free_key(NULL, enc_key);
-
-cleanup:
- krb5int_c_free_keyblock(NULL, usage_keyblock);
- krb5int_c_free_keyblock(NULL, enc_keyblock);
- return ret;
-}
};
krb5_error_code
-krb5int_arcfour_gsscrypt_iov(const krb5_keyblock *keyblock,
- krb5_keyusage usage, const krb5_data *kd_data,
- krb5_crypto_iov *data, size_t num_data)
+krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
+ const krb5_data *kd_data, krb5_crypto_iov *data,
+ size_t num_data)
{
const struct krb5_enc_provider *enc = &krb5int_enc_arcfour;
const struct krb5_hash_provider *hash = &krb5int_hash_md5;
krb5int_aes_decrypt
krb5int_enc_des3
krb5int_arcfour_gsscrypt
-krb5int_arcfour_gsscrypt_iov
{
krb5_error_code code;
krb5_data kd = make_data((char *) kd_data, kd_data_len);
- krb5_data input = make_data((char *) input_buf, input_len);
- krb5_data output = make_data(output_buf, input_len);
+ krb5_crypto_iov kiov;
krb5int_access kaccess;
code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION);
if (code)
return code;
- return (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, &input, &output);
+ memcpy(output_buf, input_buf, input_len);
+ kiov.flags = KRB5_CRYPTO_TYPE_DATA;
+ kiov.data = make_data(output_buf, input_len);
+ return (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, &kiov, 1);
}
/* AEAD */
iov, iov_count, &kiov, &kiov_count);
if (code)
return code;
- code = (*kaccess.arcfour_gsscrypt_iov)(keyblock, usage, &kd,
- kiov, kiov_count);
+ code = (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, kiov, kiov_count);
free(kiov);
return code;
}
krb5int_access internals_temp;
#endif
S (arcfour_gsscrypt, krb5int_arcfour_gsscrypt),
- S (arcfour_gsscrypt_iov, krb5int_arcfour_gsscrypt_iov),
S (free_addrlist, krb5int_free_addrlist),
S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
S (sendto_udp, &krb5int_sendto),