mk_rep.c revision 178825
155682Smarkm/* 2178825Sdfr * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan 355682Smarkm * (Royal Institute of Technology, Stockholm, Sweden). 455682Smarkm * All rights reserved. 555682Smarkm * 655682Smarkm * Redistribution and use in source and binary forms, with or without 755682Smarkm * modification, are permitted provided that the following conditions 855682Smarkm * are met: 955682Smarkm * 1055682Smarkm * 1. Redistributions of source code must retain the above copyright 1155682Smarkm * notice, this list of conditions and the following disclaimer. 1255682Smarkm * 1355682Smarkm * 2. Redistributions in binary form must reproduce the above copyright 1455682Smarkm * notice, this list of conditions and the following disclaimer in the 1555682Smarkm * documentation and/or other materials provided with the distribution. 1655682Smarkm * 1755682Smarkm * 3. Neither the name of the Institute nor the names of its contributors 1855682Smarkm * may be used to endorse or promote products derived from this software 1955682Smarkm * without specific prior written permission. 2055682Smarkm * 2155682Smarkm * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2255682Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2355682Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2455682Smarkm * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2555682Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2655682Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2755682Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2855682Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2955682Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3055682Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3155682Smarkm * SUCH DAMAGE. 3255682Smarkm */ 3355682Smarkm 3455682Smarkm#include <krb5_locl.h> 3555682Smarkm 36178825SdfrRCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $"); 3755682Smarkm 38178825Sdfrkrb5_error_code KRB5_LIB_FUNCTION 3955682Smarkmkrb5_mk_rep(krb5_context context, 4072445Sassar krb5_auth_context auth_context, 4155682Smarkm krb5_data *outbuf) 4255682Smarkm{ 43120945Snectar krb5_error_code ret; 44120945Snectar AP_REP ap; 45120945Snectar EncAPRepPart body; 46120945Snectar u_char *buf = NULL; 47120945Snectar size_t buf_size; 48120945Snectar size_t len; 49120945Snectar krb5_crypto crypto; 5055682Smarkm 51120945Snectar ap.pvno = 5; 52120945Snectar ap.msg_type = krb_ap_rep; 5355682Smarkm 54120945Snectar memset (&body, 0, sizeof(body)); 5555682Smarkm 56120945Snectar body.ctime = auth_context->authenticator->ctime; 57120945Snectar body.cusec = auth_context->authenticator->cusec; 58178825Sdfr if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { 59178825Sdfr if (auth_context->local_subkey == NULL) { 60178825Sdfr ret = krb5_auth_con_generatelocalsubkey(context, 61178825Sdfr auth_context, 62178825Sdfr auth_context->keyblock); 63178825Sdfr if(ret) { 64178825Sdfr krb5_set_error_string (context, 65178825Sdfr "krb5_mk_rep: generating subkey"); 66178825Sdfr free_EncAPRepPart(&body); 67178825Sdfr return ret; 68178825Sdfr } 69178825Sdfr } 70178825Sdfr ret = krb5_copy_keyblock(context, auth_context->local_subkey, 71178825Sdfr &body.subkey); 72178825Sdfr if (ret) { 73178825Sdfr krb5_set_error_string (context, 74178825Sdfr "krb5_copy_keyblock: out of memory"); 75178825Sdfr free_EncAPRepPart(&body); 76178825Sdfr return ENOMEM; 77178825Sdfr } 78178825Sdfr } else 79178825Sdfr body.subkey = NULL; 80120945Snectar if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { 81178825Sdfr if(auth_context->local_seqnumber == 0) 82178825Sdfr krb5_generate_seq_number (context, 83178825Sdfr auth_context->keyblock, 84178825Sdfr &auth_context->local_seqnumber); 85178825Sdfr ALLOC(body.seq_number, 1); 86120945Snectar if (body.seq_number == NULL) { 87120945Snectar krb5_set_error_string (context, "malloc: out of memory"); 88178825Sdfr free_EncAPRepPart(&body); 89120945Snectar return ENOMEM; 90120945Snectar } 91120945Snectar *(body.seq_number) = auth_context->local_seqnumber; 92120945Snectar } else 93120945Snectar body.seq_number = NULL; 9455682Smarkm 95120945Snectar ap.enc_part.etype = auth_context->keyblock->keytype; 96120945Snectar ap.enc_part.kvno = NULL; 9755682Smarkm 98120945Snectar ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); 99120945Snectar free_EncAPRepPart (&body); 100120945Snectar if(ret) 101120945Snectar return ret; 102178825Sdfr if (buf_size != len) 103178825Sdfr krb5_abortx(context, "internal error in ASN.1 encoder"); 104120945Snectar ret = krb5_crypto_init(context, auth_context->keyblock, 105120945Snectar 0 /* ap.enc_part.etype */, &crypto); 106120945Snectar if (ret) { 107120945Snectar free (buf); 108120945Snectar return ret; 109120945Snectar } 110120945Snectar ret = krb5_encrypt (context, 111120945Snectar crypto, 112120945Snectar KRB5_KU_AP_REQ_ENC_PART, 113120945Snectar buf + buf_size - len, 114120945Snectar len, 115120945Snectar &ap.enc_part.cipher); 116120945Snectar krb5_crypto_destroy(context, crypto); 117120945Snectar free(buf); 118120945Snectar if (ret) 119120945Snectar return ret; 12055682Smarkm 121120945Snectar ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); 122178825Sdfr if (ret == 0 && outbuf->length != len) 123178825Sdfr krb5_abortx(context, "internal error in ASN.1 encoder"); 124120945Snectar free_AP_REP (&ap); 125120945Snectar return ret; 12655682Smarkm} 127