The public DH key is encoded as an INTEGER in subjectPublicKey.
Don't verify OID's for now. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16098 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
16
kdc/pkinit.c
16
kdc/pkinit.c
@@ -401,6 +401,13 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
|
||||||
|
ret = KRB5_BADMSGTYPE;
|
||||||
|
krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
|
||||||
|
"to 8 bit boundary");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
dh = DH_new();
|
dh = DH_new();
|
||||||
if (dh == NULL) {
|
if (dh == NULL) {
|
||||||
krb5_set_error_string(context, "Cannot create DH structure (%s)",
|
krb5_set_error_string(context, "Cannot create DH structure (%s)",
|
||||||
@@ -423,7 +430,7 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
|
|||||||
heim_integer glue;
|
heim_integer glue;
|
||||||
size_t size;
|
size_t size;
|
||||||
|
|
||||||
ret = der_get_heim_integer(dh_key_info->subjectPublicKey.data,
|
ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
|
||||||
dh_key_info->subjectPublicKey.length / 8,
|
dh_key_info->subjectPublicKey.length / 8,
|
||||||
&glue,
|
&glue,
|
||||||
&size);
|
&size);
|
||||||
@@ -435,11 +442,10 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
|
|||||||
client_params->dh_public_key = integer_to_BN(context,
|
client_params->dh_public_key = integer_to_BN(context,
|
||||||
"subjectPublicKey",
|
"subjectPublicKey",
|
||||||
&glue);
|
&glue);
|
||||||
if (client_params->dh_public_key == NULL) {
|
free_heim_integer(&glue);
|
||||||
krb5_clear_error_string(context);
|
if (client_params->dh_public_key == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (DH_check(dh, &dhret) != 1) {
|
if (DH_check(dh, &dhret) != 1) {
|
||||||
krb5_set_error_string(context, "PKINIT DH data not ok: %s",
|
krb5_set_error_string(context, "PKINIT DH data not ok: %s",
|
||||||
@@ -715,12 +721,14 @@ _kdc_pk_rd_padata(krb5_context context,
|
|||||||
if (ret)
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
#if 0
|
||||||
/* Signature is correct, now verify the signed message */
|
/* Signature is correct, now verify the signed message */
|
||||||
if (heim_oid_cmp(&eContentType, pa_contentType)) {
|
if (heim_oid_cmp(&eContentType, pa_contentType)) {
|
||||||
krb5_set_error_string(context, "got wrong oid for pkauthdata");
|
krb5_set_error_string(context, "got wrong oid for pkauthdata");
|
||||||
ret = KRB5_BADMSGTYPE;
|
ret = KRB5_BADMSGTYPE;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
|
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
|
||||||
AuthPack_Win2k ap;
|
AuthPack_Win2k ap;
|
||||||
|
|||||||
Reference in New Issue
Block a user