Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "krb5_locl.h"
35 :
36 : KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
37 56982 : krb5_mk_rep(krb5_context context,
38 : krb5_auth_context auth_context,
39 : krb5_data *outbuf)
40 : {
41 977 : krb5_error_code ret;
42 977 : AP_REP ap;
43 977 : EncAPRepPart body;
44 56982 : u_char *buf = NULL;
45 977 : size_t buf_size;
46 56982 : size_t len = 0;
47 977 : krb5_crypto crypto;
48 :
49 56982 : ap.pvno = 5;
50 56982 : ap.msg_type = krb_ap_rep;
51 :
52 56982 : memset (&body, 0, sizeof(body));
53 :
54 56982 : body.ctime = auth_context->authenticator->ctime;
55 56982 : body.cusec = auth_context->authenticator->cusec;
56 56982 : if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
57 52130 : if (auth_context->local_subkey == NULL) {
58 52130 : ret = krb5_auth_con_generatelocalsubkey(context,
59 : auth_context,
60 : auth_context->keyblock);
61 52130 : if(ret) {
62 0 : free_EncAPRepPart(&body);
63 0 : return ret;
64 : }
65 : }
66 52130 : ret = krb5_copy_keyblock(context, auth_context->local_subkey,
67 : &body.subkey);
68 52130 : if (ret) {
69 0 : free_EncAPRepPart(&body);
70 0 : return krb5_enomem(context);
71 : }
72 : } else
73 4756 : body.subkey = NULL;
74 56982 : if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
75 56982 : if(auth_context->local_seqnumber == 0)
76 53344 : krb5_generate_seq_number (context,
77 53344 : auth_context->keyblock,
78 : &auth_context->local_seqnumber);
79 56982 : ALLOC(body.seq_number, 1);
80 56982 : if (body.seq_number == NULL) {
81 0 : free_EncAPRepPart(&body);
82 0 : return krb5_enomem(context);
83 : }
84 56982 : *(body.seq_number) = auth_context->local_seqnumber;
85 : } else
86 0 : body.seq_number = NULL;
87 :
88 56982 : ap.enc_part.etype = auth_context->keyblock->keytype;
89 56982 : ap.enc_part.kvno = NULL;
90 :
91 56982 : ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
92 56982 : free_EncAPRepPart (&body);
93 56982 : if(ret)
94 0 : return ret;
95 56982 : if (buf_size != len)
96 0 : krb5_abortx(context, "internal error in ASN.1 encoder");
97 56982 : ret = krb5_crypto_init(context, auth_context->keyblock,
98 : 0 /* ap.enc_part.etype */, &crypto);
99 56982 : if (ret) {
100 0 : free (buf);
101 0 : return ret;
102 : }
103 57959 : ret = krb5_encrypt (context,
104 : crypto,
105 : KRB5_KU_AP_REQ_ENC_PART,
106 56982 : buf + buf_size - len,
107 : len,
108 : &ap.enc_part.cipher);
109 56982 : krb5_crypto_destroy(context, crypto);
110 56982 : free(buf);
111 56982 : if (ret)
112 0 : return ret;
113 :
114 56982 : ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
115 56982 : if (ret == 0 && outbuf->length != len)
116 0 : krb5_abortx(context, "internal error in ASN.1 encoder");
117 56982 : free_AP_REP (&ap);
118 56982 : return ret;
119 : }
|
