mk_rep.c revision 178825 
155682Smarkm/*
2178825Sdfr * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
355682Smarkm * (Royal Institute of Technology, Stockholm, Sweden).
455682Smarkm * All rights reserved.
555682Smarkm *
655682Smarkm * Redistribution and use in source and binary forms, with or without
755682Smarkm * modification, are permitted provided that the following conditions
855682Smarkm * are met:
955682Smarkm *
1055682Smarkm * 1. Redistributions of source code must retain the above copyright
1155682Smarkm *    notice, this list of conditions and the following disclaimer.
1255682Smarkm *
1355682Smarkm * 2. Redistributions in binary form must reproduce the above copyright
1455682Smarkm *    notice, this list of conditions and the following disclaimer in the
1555682Smarkm *    documentation and/or other materials provided with the distribution.
1655682Smarkm *
1755682Smarkm * 3. Neither the name of the Institute nor the names of its contributors
1855682Smarkm *    may be used to endorse or promote products derived from this software
1955682Smarkm *    without specific prior written permission.
2055682Smarkm *
2155682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
2255682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2355682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2455682Smarkm * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
2555682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2655682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2755682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2855682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2955682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3055682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3155682Smarkm * SUCH DAMAGE.
3255682Smarkm */
3355682Smarkm
3455682Smarkm#include <krb5_locl.h>
3555682Smarkm
36178825SdfrRCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $");
3755682Smarkm
38178825Sdfrkrb5_error_code KRB5_LIB_FUNCTION
3955682Smarkmkrb5_mk_rep(krb5_context context,
4072445Sassar	    krb5_auth_context auth_context,
4155682Smarkm	    krb5_data *outbuf)
4255682Smarkm{
43120945Snectar    krb5_error_code ret;
44120945Snectar    AP_REP ap;
45120945Snectar    EncAPRepPart body;
46120945Snectar    u_char *buf = NULL;
47120945Snectar    size_t buf_size;
48120945Snectar    size_t len;
49120945Snectar    krb5_crypto crypto;
5055682Smarkm
51120945Snectar    ap.pvno = 5;
52120945Snectar    ap.msg_type = krb_ap_rep;
5355682Smarkm
54120945Snectar    memset (&body, 0, sizeof(body));
5555682Smarkm
56120945Snectar    body.ctime = auth_context->authenticator->ctime;
57120945Snectar    body.cusec = auth_context->authenticator->cusec;
58178825Sdfr    if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
59178825Sdfr	if (auth_context->local_subkey == NULL) {
60178825Sdfr	    ret = krb5_auth_con_generatelocalsubkey(context,
61178825Sdfr						    auth_context,
62178825Sdfr						    auth_context->keyblock);
63178825Sdfr	    if(ret) {
64178825Sdfr		krb5_set_error_string (context,
65178825Sdfr				       "krb5_mk_rep: generating subkey");
66178825Sdfr		free_EncAPRepPart(&body);
67178825Sdfr		return ret;
68178825Sdfr	    }
69178825Sdfr	}
70178825Sdfr	ret = krb5_copy_keyblock(context, auth_context->local_subkey,
71178825Sdfr				 &body.subkey);
72178825Sdfr	if (ret) {
73178825Sdfr	    krb5_set_error_string (context,
74178825Sdfr				   "krb5_copy_keyblock: out of memory");
75178825Sdfr	    free_EncAPRepPart(&body);
76178825Sdfr	    return ENOMEM;
77178825Sdfr	}
78178825Sdfr    } else
79178825Sdfr	body.subkey = NULL;
80120945Snectar    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
81178825Sdfr	if(auth_context->local_seqnumber == 0)
82178825Sdfr	    krb5_generate_seq_number (context,
83178825Sdfr				      auth_context->keyblock,
84178825Sdfr				      &auth_context->local_seqnumber);
85178825Sdfr	ALLOC(body.seq_number, 1);
86120945Snectar	if (body.seq_number == NULL) {
87120945Snectar	    krb5_set_error_string (context, "malloc: out of memory");
88178825Sdfr	    free_EncAPRepPart(&body);
89120945Snectar	    return ENOMEM;
90120945Snectar	}
91120945Snectar	*(body.seq_number) = auth_context->local_seqnumber;
92120945Snectar    } else
93120945Snectar	body.seq_number = NULL;
9455682Smarkm
95120945Snectar    ap.enc_part.etype = auth_context->keyblock->keytype;
96120945Snectar    ap.enc_part.kvno  = NULL;
9755682Smarkm
98120945Snectar    ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
99120945Snectar    free_EncAPRepPart (&body);
100120945Snectar    if(ret)
101120945Snectar	return ret;
102178825Sdfr    if (buf_size != len)
103178825Sdfr	krb5_abortx(context, "internal error in ASN.1 encoder");
104120945Snectar    ret = krb5_crypto_init(context, auth_context->keyblock,
105120945Snectar			   0 /* ap.enc_part.etype */, &crypto);
106120945Snectar    if (ret) {
107120945Snectar	free (buf);
108120945Snectar	return ret;
109120945Snectar    }
110120945Snectar    ret = krb5_encrypt (context,
111120945Snectar			crypto,
112120945Snectar			KRB5_KU_AP_REQ_ENC_PART,
113120945Snectar			buf + buf_size - len,
114120945Snectar			len,
115120945Snectar			&ap.enc_part.cipher);
116120945Snectar    krb5_crypto_destroy(context, crypto);
117120945Snectar    free(buf);
118120945Snectar    if (ret)
119120945Snectar	return ret;
12055682Smarkm
121120945Snectar    ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
122178825Sdfr    if (ret == 0 && outbuf->length != len)
123178825Sdfr	krb5_abortx(context, "internal error in ASN.1 encoder");
124120945Snectar    free_AP_REP (&ap);
125120945Snectar    return ret;
12655682Smarkm}
127