Add some master key support functions.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3364 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -94,11 +94,47 @@ hdb_etype2key(krb5_context context,
|
|||||||
return hdb_next_etype2key(context,e, etype, key);
|
return hdb_next_etype2key(context,e, etype, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* this is really ugly, bus has to be this way until the crypto
|
/* this is a bit ugly, but will get better when the crypto framework
|
||||||
framework gets fixed */
|
gets fixed */
|
||||||
|
|
||||||
|
krb5_error_code
|
||||||
|
hdb_process_master_key(krb5_context context, EncryptionKey key,
|
||||||
|
krb5_data *schedule)
|
||||||
|
{
|
||||||
|
if(key.keytype != KEYTYPE_DES)
|
||||||
|
return KRB5_PROG_KEYTYPE_NOSUPP;
|
||||||
|
schedule->length = sizeof(des_key_schedule);
|
||||||
|
schedule->data = malloc(schedule->length);
|
||||||
|
|
||||||
|
des_set_key((des_cblock*)key.keyvalue.data, schedule->data);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
krb5_error_code
|
||||||
|
hdb_read_master_key(krb5_context context, const char *filename,
|
||||||
|
EncryptionKey *key)
|
||||||
|
{
|
||||||
|
FILE *f;
|
||||||
|
unsigned char buf[256];
|
||||||
|
size_t len;
|
||||||
|
krb5_error_code ret;
|
||||||
|
if(filename == NULL)
|
||||||
|
filename = HDB_DB_DIR "/m-key";
|
||||||
|
f = fopen(filename, "r");
|
||||||
|
if(f == NULL)
|
||||||
|
return errno;
|
||||||
|
len = fread(buf, 1, sizeof(buf), f);
|
||||||
|
if(ferror(f))
|
||||||
|
ret = errno;
|
||||||
|
else
|
||||||
|
ret = decode_EncryptionKey(buf, len, key, &len);
|
||||||
|
fclose(f);
|
||||||
|
memset(buf, 0, sizeof(buf));
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
Key *
|
Key *
|
||||||
hdb_unseal_key(Key *key, des_key_schedule master_key)
|
hdb_unseal_key(Key *key, krb5_data schedule)
|
||||||
{
|
{
|
||||||
des_cblock iv;
|
des_cblock iv;
|
||||||
int num = 0;
|
int num = 0;
|
||||||
@@ -110,12 +146,12 @@ hdb_unseal_key(Key *key, des_key_schedule master_key)
|
|||||||
des_cfb64_encrypt(key->key.keyvalue.data,
|
des_cfb64_encrypt(key->key.keyvalue.data,
|
||||||
new_key->key.keyvalue.data,
|
new_key->key.keyvalue.data,
|
||||||
key->key.keyvalue.length,
|
key->key.keyvalue.length,
|
||||||
master_key, &iv, &num, 0);
|
schedule.data, &iv, &num, 0);
|
||||||
return new_key;
|
return new_key;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
hdb_seal_key(Key *key, des_key_schedule master_key)
|
hdb_seal_key(Key *key, krb5_data schedule)
|
||||||
{
|
{
|
||||||
des_cblock iv;
|
des_cblock iv;
|
||||||
int num = 0;
|
int num = 0;
|
||||||
@@ -124,7 +160,7 @@ hdb_seal_key(Key *key, des_key_schedule master_key)
|
|||||||
des_cfb64_encrypt(key->key.keyvalue.data,
|
des_cfb64_encrypt(key->key.keyvalue.data,
|
||||||
key->key.keyvalue.data,
|
key->key.keyvalue.data,
|
||||||
key->key.keyvalue.length,
|
key->key.keyvalue.length,
|
||||||
master_key, &iv, &num, 1);
|
schedule.data, &iv, &num, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|||||||
Reference in New Issue
Block a user