oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Support PK-INIT-27 DH (and remove -19)

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16080 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-09-20 19:10:29 +00:00
parent fa4a72a52b
commit 39b04f72d8
1 changed files with 54 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
kdc/pkinit.c
View File

@@ -333,16 +333,11 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
goto out;
}
ret = krb5_random_to_key(context, enctype,
dh_gen_key, dh_gen_keylen, &key);
if (ret) {
krb5_set_error_string(context,
"pkinit - can't create key from DH key");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
ret = krb5_copy_keyblock_contents(context, &key, reply_key);
ret = _krb5_pk_octetstring2key(context,
enctype,
dh_gen_key, dh_gen_keylen,
NULL, NULL,
reply_key);
out:
if (dh_gen_key)
@@ -1139,16 +1134,18 @@ pk_mk_pa_reply_dh(krb5_context context,
ContentInfo *content_info)
{
ASN1_INTEGER *dh_pub_key = NULL;
ContentInfo contentinfo;
KDCDHKeyInfo dh_info;
krb5_error_code ret;
SignedData sd;
krb5_data buf, sd_buf;
krb5_data buf, signed_data;
size_t size;
memset(&contentinfo, 0, sizeof(contentinfo));
memset(&dh_info, 0, sizeof(dh_info));
memset(&sd, 0, sizeof(sd));
krb5_data_zero(&buf);
krb5_data_zero(&sd_buf);
krb5_data_zero(&signed_data);
dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL);
if (dh_pub_key == NULL) {
@@ -1190,17 +1187,21 @@ pk_mk_pa_reply_dh(krb5_context context,
ret = _krb5_pk_create_sign(context,
oid_id_pkdhkeydata(),
&buf,
kdc_identity,
&sd_buf);
kdc_identity,
&signed_data);
krb5_data_free(&buf);
if (ret)
goto out;
ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(),
ret = _krb5_pk_mk_ContentInfo(context,
&signed_data,
oid_id_pkcs7_signedData(),
content_info);
krb5_data_free(&sd_buf);
if (ret)
goto out;
out:
krb5_data_free(&signed_data);
free_KDCDHKeyInfo(&dh_info);
return ret;
@@ -1249,14 +1250,15 @@ _kdc_pk_mk_pa_reply(krb5_context context,
if (client_params->type == PKINIT_COMPAT_27) {
PA_PK_AS_REP rep;
pa_type = KRB5_PADATA_PK_AS_REP;
memset(&rep, 0, sizeof(rep));
pa_type = KRB5_PADATA_PK_AS_REP;
if (client_params->dh == NULL) {
rep.element = choice_PA_PK_AS_REP_encKeyPack;
ContentInfo info;
rep.element = choice_PA_PK_AS_REP_encKeyPack;
krb5_generate_random_keyblock(context, enctype,
&client_params->reply_key);
ret = pk_mk_pa_reply_enckey(context,
@@ -1283,8 +1285,37 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_abortx(context, "Internal ASN.1 encoder error");
} else {
krb5_set_error_string(context, "DH -27 not implemented");
ret = KRB5KRB_ERR_GENERIC;
ContentInfo info;
rep.element = choice_PA_PK_AS_REP_dhInfo;
ret = check_dh_params(client_params->dh);
if (ret)
return ret;
ret = generate_dh_keyblock(context, client_params, enctype,
&client_params->reply_key);
if (ret)
return ret;
ret = pk_mk_pa_reply_dh(context, client_params->dh,
client_params,
&client_params->reply_key,
&info);
ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
rep.u.dhInfo.dhSignedData.length, &info, &size,
ret);
free_ContentInfo(&info);
if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo "
"failed %d", ret);
free_PA_PK_AS_REP(&rep);
goto out;
}
if (rep.u.encKeyPack.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
}
if (ret) {
free_PA_PK_AS_REP(&rep);
@@ -1319,21 +1350,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
&client_params->reply_key,
&rep.u.encKeyPack);
} else {
rep.element = choice_PA_PK_AS_REP_19_dhSignedData;
ret = check_dh_params(client_params->dh);
if (ret)
return ret;
ret = generate_dh_keyblock(context, client_params, enctype,
&client_params->reply_key);
if (ret)
return ret;
ret = pk_mk_pa_reply_dh(context, client_params->dh,
client_params,
&client_params->reply_key,
&rep.u.dhSignedData);
krb5_set_error_string(context, "DH -19 not implemented");
ret = KRB5KRB_ERR_GENERIC;
}
if (ret) {
free_PA_PK_AS_REP_19(&rep);