From ad085f3dbb2d398f638d4cb2c040d4e1dfec2fbb Mon Sep 17 00:00:00 2001 From: John Kohl Date: Fri, 28 Sep 1990 10:30:25 +0000 Subject: [PATCH] *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1152 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/mk_rep.c | 124 ++++++++++++++++++++++++++++++++++++++ src/lib/krb5/krb/rd_rep.c | 97 +++++++++++++++++++++++++++++ 2 files changed, 221 insertions(+) create mode 100644 src/lib/krb5/krb/mk_rep.c create mode 100644 src/lib/krb5/krb/rd_rep.c diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c new file mode 100644 index 000000000..f68b21565 --- /dev/null +++ b/src/lib/krb5/krb/mk_rep.c @@ -0,0 +1,124 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_mk_rep() + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_mk_rep_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include + +#include +#include + +#include + +/* + Formats a KRB_AP_REP message into outbuf. + + The reply in repl is encrypted under the key in creds, and the resulting + message encoded and left in outbuf. + + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. + + returns system errors +*/ + +krb5_error_code +krb5_mk_rep(repl, creds, outbuf) +const krb5_ap_rep_enc_part *repl; +const krb5_creds *creds; +krb5_data *outbuf; +{ + krb5_error_code retval; + krb5_data *scratch; + krb5_ap_rep reply; + krb5_enctype etype; + krb5_encrypt_block eblock; + krb5_data *toutbuf; + + /* verify a valid etype is available */ + if (!valid_keytype(creds->keyblock.keytype)) + return KRB5_PROG_KEYTYPE_NOSUPP; + + etype = krb5_keytype_array[creds->keyblock.keytype]->system->proto_enctype; + + if (!valid_etype(etype)) + return KRB5_PROG_ETYPE_NOSUPP; + + /* encode it before encrypting */ + if (retval = encode_krb5_ap_rep_enc_part(repl, &scratch)) + return retval; + +#define cleanup_scratch() { (void) bzero(scratch->data, scratch->length); krb5_free_data(scratch); } + + /* put together an eblock for this encryption */ + + eblock.crypto_entry = krb5_csarray[etype]->system; + reply.enc_part.length = krb5_encrypt_size(scratch->length, + eblock.crypto_entry); + /* add padding area, and zero it */ + if (!(scratch->data = realloc(scratch->data, reply.enc_part.length))) { + /* may destroy scratch->data */ + xfree(scratch); + return ENOMEM; + } + bzero(scratch->data + scratch->length, + reply.enc_part.length - scratch->length); + if (!(reply.enc_part.data = malloc(reply.enc_part.length))) { + retval = ENOMEM; + goto clean_scratch; + } + +#define cleanup_encpart() {(void) bzero(reply.enc_part.data, reply.enc_part.length); free(reply.enc_part.data); reply.enc_part.length = 0; reply.enc_part.data = 0;} + + /* do any necessary key pre-processing */ + if (retval = krb5_process_key(&eblock, &creds->keyblock)) { + goto clean_encpart; + } + +#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} + + /* call the encryption routine */ + if (retval = krb5_encrypt((krb5_pointer) scratch->data, + (krb5_pointer) reply.enc_part.data, + scratch->length, &eblock, 0)) { + goto clean_prockey; + } + + /* encrypted part now assembled-- do some cleanup */ + cleanup_scratch(); + + if (retval = krb5_finish_key(&eblock)) { + cleanup_encpart(); + return retval; + } + + if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) { + *outbuf = *toutbuf; + xfree(toutbuf); + } + cleanup_encpart(); + return retval; + + clean_prockey: + cleanup_prockey(); + clean_encpart: + cleanup_encpart(); + clean_scratch: + cleanup_scratch(); + + return retval; +} diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c new file mode 100644 index 000000000..78cc9d78f --- /dev/null +++ b/src/lib/krb5/krb/rd_rep.c @@ -0,0 +1,97 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_rd_rep() + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_rd_req_dec_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include +#include +#include + +/* + Parses a KRB_AP_REP message, returning its contents. + + repl is filled in with the fields from the encrypted response. + + creds supplies the encryption key used to decrypt the message. + + returns system errors, encryption errors, replay errors + */ + +krb5_error_code +krb5_rd_rep(inbuf, creds, repl) +const krb5_data *inbuf; +const krb5_creds *creds; +krb5_ap_rep_enc_part *repl; +{ + krb5_error_code retval; + krb5_ap_rep *reply; + krb5_encrypt_block eblock; + krb5_data scratch; + krb5_ap_rep_enc_part *local_repl; + + if (!krb5_is_ap_rep(inbuf)) + return KRB5KRB_AP_ERR_MSG_TYPE; + + if (!valid_keytype(creds->keyblock.keytype)) + return KRB5_PROG_KEYTYPE_NOSUPP; + + /* decode it */ + + if (retval = decode_krb5_ap_rep(inbuf, &reply)) + return retval; + + /* put together an eblock for this encryption */ + + eblock.crypto_entry = krb5_keytype_array[creds->keyblock.keytype]->system; + + scratch.length = reply->enc_part.length; + if (!(scratch.data = malloc(scratch.length))) { + krb5_free_ap_rep(reply); + return(ENOMEM); + } + + /* do any necessary key pre-processing */ + if (retval = krb5_process_key(&eblock, &creds->keyblock)) { + errout: + free(scratch.data); + krb5_free_ap_rep(reply); + return(retval); + } + + /* call the encryption routine */ + if (retval = krb5_decrypt((krb5_pointer) reply->enc_part.data, + (krb5_pointer) scratch.data, + scratch.length, &eblock, 0)) { + (void) krb5_finish_key(&eblock); + goto errout; + } +#define clean_scratch() {bzero(scratch.data, scratch.length); free(scratch.data);} + /* finished with the top-level encoding of the ap_rep */ + krb5_free_ap_rep(reply); + if (retval = krb5_finish_key(&eblock)) { + + clean_scratch(); + return retval; + } + /* now decode the decrypted stuff */ + if (!(retval = decode_krb5_ap_rep_enc_part(&scratch, &local_repl))) { + *repl = *local_repl; + free((char *)local_repl); + } + clean_scratch(); + return retval; +} -- 2.26.2