oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(make_keys): add aes support

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12402 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-06-25 23:56:58 +00:00
parent 05881f3847
commit 3fef574a4e
1 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
lib/kadm5/set_keys.c
View File

@@ -48,11 +48,17 @@ static krb5_error_code
make_keys(krb5_context context, krb5_principal principal, const char *password, make_keys(krb5_context context, krb5_principal principal, const char *password,
Key **keys_ret, size_t *num_keys_ret) Key **keys_ret, size_t *num_keys_ret)
{ {
krb5_enctype all_etypes[] = { ETYPE_DES3_CBC_SHA1, krb5_enctype all_etypes[] = {
ETYPE_DES_CBC_MD5, #ifdef ENABLE_AES
ETYPE_DES_CBC_MD4, ETYPE_AES256_CTS_HMAC_SHA1_96,
ETYPE_DES_CBC_CRC }; #endif
ETYPE_DES3_CBC_SHA1,
ETYPE_DES_CBC_MD5,
ETYPE_DES_CBC_MD4,
ETYPE_DES_CBC_CRC
};
unsigned n_all_etypes = sizeof(all_etypes) / sizeof(all_etypes[0]);
krb5_enctype e; krb5_enctype e;
@@ -64,7 +70,13 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
Key key; Key key;
int i; int i;
char *v4_ktypes[] = {"des3:pw-salt", "v4", NULL}; char *v4_ktypes[] = {
#ifdef ENABLE_AES
"aes256-cts-hmac-sha1-96",
#endif
"des3:pw-salt",
"v4",
NULL};
ktypes = krb5_config_get_strings(context, NULL, "kadmin", ktypes = krb5_config_get_strings(context, NULL, "kadmin",
"default_keys", NULL); "default_keys", NULL);
@@ -118,14 +130,19 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
/* XXX there should be a string_to_etypes handling /* XXX there should be a string_to_etypes handling
special cases like `des' and `all' */ special cases like `des' and `all' */
if(strcmp(buf[i], "des") == 0) { if(strcmp(buf[i], "des") == 0) {
etypes = all_etypes + 1; etypes = des_types;
num_etypes = 3; num_etypes = n_des_types;
continue; continue;
} else if(strcmp(buf[i], "des3") == 0) { } else if(strcmp(buf[i], "des3") == 0) {
e = ETYPE_DES3_CBC_SHA1; e = ETYPE_DES3_CBC_SHA1;
etypes = &e; etypes = &e;
num_etypes = 1; num_etypes = 1;
continue; continue;
} else if(strcmp(buf[i], "aes") == 0) {
e = ETYPE_AES256_CTS_HMAC_SHA1_96;
etypes = &e;
num_etypes = 1;
continue;
} else { } else {
ret = krb5_string_to_enctype(context, buf[i], &e); ret = krb5_string_to_enctype(context, buf[i], &e);
if(ret == 0) { if(ret == 0) {
@@ -143,13 +160,13 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
if(strcmp(buf[i], "pw-salt") == 0) { if(strcmp(buf[i], "pw-salt") == 0) {
if(etypes == NULL) { if(etypes == NULL) {
etypes = all_etypes; etypes = all_etypes;
num_etypes = 4; num_etypes = n_all_etypes;
} }
salt.salttype = KRB5_PW_SALT; salt.salttype = KRB5_PW_SALT;
} else if(strcmp(buf[i], "afs3-salt") == 0) { } else if(strcmp(buf[i], "afs3-salt") == 0) {
if(etypes == NULL) { if(etypes == NULL) {
etypes = all_etypes + 1; etypes = des_types;
num_etypes = 3; num_etypes = n_des_types;
} }
salt.salttype = KRB5_AFS3_SALT; salt.salttype = KRB5_AFS3_SALT;
} }
@@ -260,7 +277,7 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
ret = krb5_get_pw_salt(context, principal, &v5_salt); ret = krb5_get_pw_salt(context, principal, &v5_salt);
if(ret) if(ret)
goto out; goto out;
for(i = 0; i < 4; i++) { for(i = 0; i < n_all_etypes; i++) {
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
ret = krb5_string_to_key_salt(context, all_etypes[i], password, ret = krb5_string_to_key_salt(context, all_etypes[i], password,
v5_salt, &key.key); v5_salt, &key.key);