oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Support cached DH variable (still need to store it though), don't

Browse Source 
check the oid of the DH signedData for now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16097 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-09-25 15:14:31 +00:00
parent 8191484ee6
commit 70a6c9a2e4
1 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
lib/krb5/pkinit.c
View File

@@ -110,6 +110,7 @@ struct krb5_pk_cert {
struct krb5_pk_init_ctx_data { struct krb5_pk_init_ctx_data {
struct krb5_pk_identity *id; struct krb5_pk_identity *id;
DH *dh; DH *dh;
krb5_data *clientDHNonce;
}; };
@@ -512,6 +513,7 @@ build_auth_pack_19(krb5_context context,
static krb5_error_code static krb5_error_code
build_auth_pack(krb5_context context, build_auth_pack(krb5_context context,
unsigned nonce, unsigned nonce,
krb5_pk_init_ctx ctx,
DH *dh, DH *dh,
const KDC_REQ_BODY *body, const KDC_REQ_BODY *body,
AuthPack *a) AuthPack *a)
@@ -557,6 +559,24 @@ build_auth_pack(krb5_context context,
krb5_data dhbuf; krb5_data dhbuf;
size_t size; size_t size;
if (1 /* support_cached_dh */) {
ALLOC(a->clientDHNonce, 1);
if (a->clientDHNonce == NULL) {
krb5_clear_error_string(context);
return ENOMEM;
}
ret = krb5_data_alloc(a->clientDHNonce, 40);
if (a->clientDHNonce == NULL) {
krb5_clear_error_string(context);
return ENOMEM;
}
memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
ret = krb5_copy_data(context, a->clientDHNonce,
&ctx->clientDHNonce);
if (ret)
return ret;
}
ALLOC(a->clientPublicValue, 1); ALLOC(a->clientPublicValue, 1);
if (a->clientPublicValue == NULL) if (a->clientPublicValue == NULL)
return ENOMEM; return ENOMEM;
@@ -712,7 +732,7 @@ pk_mk_padata(krb5_context context,
memset(&ap, 0, sizeof(ap)); memset(&ap, 0, sizeof(ap));
ret = build_auth_pack(context, nonce, ctx->dh, req_body, &ap); ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap);
if (ret) { if (ret) {
free_AuthPack(&ap); free_AuthPack(&ap);
goto out; goto out;
@@ -1666,10 +1686,12 @@ pk_rd_pa_reply_dh(krb5_context context,
if (ret) if (ret)
goto out; goto out;
#if 0
if (heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { if (heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
ret = KRB5KRB_AP_ERR_MSG_TYPE; /* XXX */ ret = KRB5KRB_AP_ERR_MSG_TYPE; /* XXX */
goto out; goto out;
} }
#endif
ret = decode_KDCDHKeyInfo(content.data, ret = decode_KDCDHKeyInfo(content.data,
content.length, content.length,
@@ -1829,8 +1851,10 @@ _krb5_pk_rd_pa_reply(krb5_context context,
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
break; break;
} }
ret = pk_rd_pa_reply_dh(context, &ci, ctx, ret = pk_rd_pa_reply_dh(context, &ci, ctx, etype,
etype, NULL, NULL, nonce, pa, key); ctx->clientDHNonce,
rep.u.dhInfo.serverDHNonce,
nonce, pa, key);
free_ContentInfo(&ci); free_ContentInfo(&ci);
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
@@ -2568,6 +2592,10 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
ENGINE_free(ctx->id->engine); ENGINE_free(ctx->id->engine);
ctx->id->engine = NULL; ctx->id->engine = NULL;
} }
if (ctx->clientDHNonce) {
krb5_free_data(NULL, ctx->clientDHNonce);
ctx->clientDHNonce = NULL;
}
free(ctx->id); free(ctx->id);
ctx->id = NULL; ctx->id = NULL;
} }
@@ -2601,6 +2629,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
} }
opt->private->pk_init_ctx->dh = NULL; opt->private->pk_init_ctx->dh = NULL;
opt->private->pk_init_ctx->id = NULL; opt->private->pk_init_ctx->id = NULL;
opt->private->pk_init_ctx->clientDHNonce = NULL;
ret = _krb5_pk_load_openssl_id(context, ret = _krb5_pk_load_openssl_id(context,
&opt->private->pk_init_ctx->id, &opt->private->pk_init_ctx->id,
user_id, user_id,