From: Theodore Tso Date: Mon, 21 Nov 1994 20:33:53 +0000 (+0000) Subject: encode_kdc.c (krb5_encode_kdc_rep): Now requires that the X-Git-Tag: krb5-1.0-beta5~939 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=713fb98f15b22f626aa792a60f0e00f502a04456;p=krb5.git encode_kdc.c (krb5_encode_kdc_rep): Now requires that the caller pass in the encryption block to be used for encrpyting the ticket. That way, this routine doesn't need to create its own encryption block. encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the caller pass in the encryption block to be used for encrpyting the ticket. That way, this routine doesn't need to create its own encryption block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4710 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog index 8709b1a37..cd5855ddd 100644 --- a/src/include/krb5/ChangeLog +++ b/src/include/krb5/ChangeLog @@ -1,3 +1,12 @@ +Mon Nov 21 14:43:14 1994 Theodore Y. Ts'o (tytso@dcl) + + * func-proto.h (krb5_encode_kdc_rep, krb5_encrypt_tkt_part): + Change to use new function prototypes. + + * encryption.h (krb5_eblock_keytype, krb5_eblock_enctype): Define + new macros for finding the key type and encryption type of + an encrypion block. + Fri Nov 18 17:53:38 1994 Theodore Y. Ts'o (tytso@dcl) * kdb.h (KRB5_KDB_SUPPORT_DESMD5): Add new attribute which defines diff --git a/src/include/krb5/encryption.h b/src/include/krb5/encryption.h index 235b38ab4..b8978d7a9 100644 --- a/src/include/krb5/encryption.h +++ b/src/include/krb5/encryption.h @@ -193,6 +193,9 @@ extern int krb5_max_cksum; /* max entry in array */ #define krb5_finish_random_key(eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr) #define krb5_random_key(eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock) +#define krb5_eblock_keytype(eblockp) ((eblockp)->crypto_entry->proto_keytype) +#define krb5_eblock_enctype(eblockp) ((eblockp)->crypto_entry->proto_enctype) + /* * Here's the stuff for the checksum switch: */ diff --git a/src/include/krb5/func-proto.h b/src/include/krb5/func-proto.h index faf9db40c..581994e4c 100644 --- a/src/include/krb5/func-proto.h +++ b/src/include/krb5/func-proto.h @@ -37,7 +37,8 @@ krb5_error_code krb5_encode_ticket PROTOTYPE((const krb5_ticket *, krb5_data ** )); krb5_error_code krb5_encrypt_tkt_part - PROTOTYPE((const krb5_keyblock *, + PROTOTYPE((krb5_encrypt_block *, + const krb5_keyblock *, krb5_ticket * )); krb5_error_code krb5_decrypt_tkt_part PROTOTYPE((const krb5_keyblock *, @@ -307,6 +308,7 @@ void krb5_free_tkt_authent krb5_error_code krb5_encode_kdc_rep PROTOTYPE((const krb5_msgtype, const krb5_enc_kdc_rep_part *, + krb5_encrypt_block *, const krb5_keyblock *, krb5_kdc_rep *, krb5_data ** )); diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index b68f11e41..a9ed389f9 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,20 @@ +Mon Nov 21 15:30:07 1994 Theodore Y. Ts'o (tytso@dcl) + + * encode_kdc.c (krb5_encode_kdc_rep): Now requires that the + caller pass in the encryption block to be used for + encrpyting the ticket. That way, this routine doesn't + need to create its own encryption block. + + * encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the + caller pass in the encryption block to be used for + encrpyting the ticket. That way, this routine doesn't + need to create its own encryption block. + +Fri Nov 18 17:30:44 1994 Theodore Y. Ts'o (tytso@dcl) + + * mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator + using the same encryption system used to encrypt the ticket. + Thu Nov 17 01:56:05 1994 Theodore Y. Ts'o (tytso@dcl) * gc_via_tgt.c (krb5_get_cred_via_tgt): diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c index 4270c57b4..6b01b64d2 100644 --- a/src/lib/krb5/krb/encode_kdc.c +++ b/src/lib/krb5/krb/encode_kdc.c @@ -46,17 +46,18 @@ krb5_error_code krb5_encode_kdc_rep(DECLARG(const krb5_msgtype, type), DECLARG(const krb5_enc_kdc_rep_part *, encpart), + DECLARG(krb5_encrypt_block *, eblock), DECLARG(const krb5_keyblock *, client_key), DECLARG(krb5_kdc_rep *, dec_rep), DECLARG(krb5_data **, enc_rep)) OLDDECLARG(const krb5_msgtype, type) OLDDECLARG(const krb5_enc_kdc_rep_part *, encpart) +OLDDECLARG(krb5_encrypt_block *, eblock) OLDDECLARG(const krb5_keyblock *, client_key) OLDDECLARG(krb5_kdc_rep *, dec_rep) OLDDECLARG(krb5_data **, enc_rep) { krb5_data *scratch; - krb5_encrypt_block eblock; krb5_error_code retval; krb5_enc_kdc_rep_part tmp_encpart; @@ -77,7 +78,7 @@ OLDDECLARG(krb5_data **, enc_rep) * type correct. * * Although note that it may be doing nothing with the message - * type, to be compatible with old versions of Kerberos that ways + * type, to be compatible with old versions of Kerberos that always * encode this as a TGS_REP regardly of what it really should be; * also note that the reason why we are passing it in a structure * instead of as an argument to encode_krb5_enc_kdc_rep_part (the @@ -95,11 +96,8 @@ OLDDECLARG(krb5_data **, enc_rep) #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \ krb5_free_data(scratch); } - /* put together an eblock for this encryption */ - - krb5_use_cstype(&eblock, dec_rep->enc_part.etype); dec_rep->enc_part.ciphertext.length = - krb5_encrypt_size(scratch->length, eblock.crypto_entry); + krb5_encrypt_size(scratch->length, eblock->crypto_entry); /* add padding area, and zero it */ if (!(scratch->data = realloc(scratch->data, dec_rep->enc_part.ciphertext.length))) { @@ -122,24 +120,26 @@ free(dec_rep->enc_part.ciphertext.data); \ dec_rep->enc_part.ciphertext.length = 0; \ dec_rep->enc_part.ciphertext.data = 0;} - retval = krb5_process_key(&eblock, client_key); + retval = krb5_process_key(eblock, client_key); if (retval) { goto clean_encpart; } -#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} +#define cleanup_prockey() {(void) krb5_finish_key(eblock);} retval = krb5_encrypt((krb5_pointer) scratch->data, (krb5_pointer) dec_rep->enc_part.ciphertext.data, - scratch->length, &eblock, 0); + scratch->length, eblock, 0); if (retval) { goto clean_prockey; } + dec_rep->enc_part.etype = krb5_eblock_enctype(eblock); + /* do some cleanup */ cleanup_scratch(); - retval = krb5_finish_key(&eblock); + retval = krb5_finish_key(eblock); if (retval) { cleanup_encpart(); return retval; diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c index 4051ca6bb..bb263da00 100644 --- a/src/lib/krb5/krb/encrypt_tk.c +++ b/src/lib/krb5/krb/encrypt_tk.c @@ -44,20 +44,15 @@ */ krb5_error_code -krb5_encrypt_tkt_part(srv_key, dec_ticket) +krb5_encrypt_tkt_part(eblock, srv_key, dec_ticket) +krb5_encrypt_block *eblock; const krb5_keyblock *srv_key; register krb5_ticket *dec_ticket; { krb5_data *scratch; krb5_error_code retval; - krb5_encrypt_block eblock; register krb5_enc_tkt_part *dec_tkt_part = dec_ticket->enc_part2; - /* encrypt the encrypted part */ - - if (!valid_etype(dec_ticket->enc_part.etype)) - return KRB5_PROG_ETYPE_NOSUPP; - /* start by encoding the to-be-encrypted part. */ if (retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch)) { return retval; @@ -66,12 +61,8 @@ register krb5_ticket *dec_ticket; #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \ krb5_free_data(scratch); } - /* put together an eblock for this encryption */ - - krb5_use_cstype(&eblock, dec_ticket->enc_part.etype); dec_ticket->enc_part.ciphertext.length = - krb5_encrypt_size(scratch->length, - eblock.crypto_entry); + krb5_encrypt_size(scratch->length, eblock->crypto_entry); /* add padding area, and zero it */ if (!(scratch->data = realloc(scratch->data, dec_ticket->enc_part.ciphertext.length))) { @@ -95,23 +86,25 @@ dec_ticket->enc_part.ciphertext.length = 0; \ dec_ticket->enc_part.ciphertext.data = 0;} /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&eblock, srv_key)) { + if (retval = krb5_process_key(eblock, srv_key)) { goto clean_encpart; } -#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} +#define cleanup_prockey() {(void) krb5_finish_key(eblock);} /* call the encryption routine */ if (retval = krb5_encrypt((krb5_pointer) scratch->data, (krb5_pointer) dec_ticket->enc_part.ciphertext.data, - scratch->length, &eblock, 0)) { + scratch->length, eblock, 0)) { goto clean_prockey; } + dec_ticket->enc_part.etype = krb5_eblock_enctype(eblock); + /* ticket is now assembled-- do some cleanup */ cleanup_scratch(); - if (retval = krb5_finish_key(&eblock)) { + if (retval = krb5_finish_key(eblock)) { cleanup_encpart(); return retval; } diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 39b8f121c..13003a704 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -107,7 +107,10 @@ krb5_data *outbuf; if (!valid_keytype(creds->keyblock.keytype)) return KRB5_PROG_KEYTYPE_NOSUPP; - etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype; + if (creds->keyblock.etype == ETYPE_UNKNOWN) + etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype; + else + etype = creds->keyblock.etype; if (!valid_etype(etype)) return KRB5_PROG_ETYPE_NOSUPP;