(generate_dh_keyblock): use the new function krb5_random_to_key
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13743 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
51
kdc/pkinit.c
51
kdc/pkinit.c
@@ -220,14 +220,12 @@ check_dh_params(DH *dh)
|
||||
|
||||
static krb5_error_code
|
||||
generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
|
||||
krb5_keyblock *reply_key)
|
||||
krb5_enctype enctype, krb5_keyblock *reply_key)
|
||||
{
|
||||
unsigned char *dh_gen_key = NULL;
|
||||
krb5_keyblock key;
|
||||
int dh_gen_keylen;
|
||||
krb5_error_code ret;
|
||||
/* XXX don't hardcode the keytype */
|
||||
krb5_enctype enctype = ETYPE_DES3_CBC_SHA1;
|
||||
|
||||
memset(&key, 0, sizeof(key));
|
||||
|
||||
@@ -261,46 +259,15 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
|
||||
goto out;
|
||||
}
|
||||
|
||||
switch (enctype) {
|
||||
case ETYPE_DES_CBC_CRC:
|
||||
case ETYPE_DES_CBC_MD4:
|
||||
case ETYPE_DES_CBC_MD5:
|
||||
case ETYPE_DES3_CBC_SHA1:
|
||||
case ETYPE_OLD_DES3_CBC_SHA1: {
|
||||
DES_cblock *k;
|
||||
ret = krb5_random_to_key(context, enctype,
|
||||
dh_gen_key, dh_gen_keylen, &key);
|
||||
|
||||
ret = krb5_generate_random_keyblock(context, enctype, &key);
|
||||
if (ret)
|
||||
goto out;
|
||||
memset(key.keyvalue.data, 0, key.keyvalue.length);
|
||||
|
||||
if (dh_gen_keylen < key.keyvalue.length) {
|
||||
krb5_set_error_string(context, "Too small key generated by "
|
||||
"Diffie-Hellman mechanism");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
goto out;
|
||||
}
|
||||
memcpy(key.keyvalue.data, dh_gen_key, key.keyvalue.length);
|
||||
k = key.keyvalue.data;
|
||||
DES_set_odd_parity(&k[0]);
|
||||
switch (enctype) {
|
||||
case ETYPE_DES3_CBC_SHA1:
|
||||
case ETYPE_OLD_DES3_CBC_SHA1:
|
||||
DES_set_odd_parity(&k[1]);
|
||||
DES_set_odd_parity(&k[2]);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
break;
|
||||
if (ret) {
|
||||
krb5_set_error_string(context,
|
||||
"pkinit - can't create key from DH key");
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
goto out;
|
||||
}
|
||||
default:
|
||||
krb5_set_error_string(context, "PKINIT DH, unsupported enctype: %d",
|
||||
(int)enctype);
|
||||
ret = KRB5_KDC_ERR_KEY_TOO_WEAK;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = krb5_copy_keyblock_contents(context, &key, reply_key);
|
||||
|
||||
out:
|
||||
@@ -946,7 +913,7 @@ pk_mk_pa_reply(krb5_context context,
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = generate_dh_keyblock(context, client_params,
|
||||
ret = generate_dh_keyblock(context, client_params, enctype,
|
||||
&client_params->reply_key);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
Reference in New Issue
Block a user