From e597b84708408ca8b9dc8ceed492875c3d08ff04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 22 Apr 2004 11:54:37 +0000
Subject: [PATCH] (generate_dh_keyblock): use the new function
 krb5_random_to_key

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13743 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 51 +++++++++------------------------------------------
 1 file changed, 9 insertions(+), 42 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 5098c135c..fd2b25d1f 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -220,14 +220,12 @@ check_dh_params(DH *dh)
 
 static krb5_error_code
 generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
-                     krb5_keyblock *reply_key)
+                     krb5_enctype enctype, krb5_keyblock *reply_key)
 {
     unsigned char *dh_gen_key = NULL;
     krb5_keyblock key;
     int dh_gen_keylen;
     krb5_error_code ret;
-    /* XXX don't hardcode the keytype */
-    krb5_enctype enctype = ETYPE_DES3_CBC_SHA1;
 
     memset(&key, 0, sizeof(key));
 
@@ -261,46 +259,15 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
 	goto out;
     }
 
-    switch (enctype) {
-    case ETYPE_DES_CBC_CRC:
-    case ETYPE_DES_CBC_MD4:
-    case ETYPE_DES_CBC_MD5:
-    case ETYPE_DES3_CBC_SHA1:
-    case ETYPE_OLD_DES3_CBC_SHA1: {
-	DES_cblock *k;
+    ret = krb5_random_to_key(context, enctype, 
+			     dh_gen_key, dh_gen_keylen, &key);
 
-	ret = krb5_generate_random_keyblock(context, enctype, &key);
-	if (ret)
-	    goto out;
-	memset(key.keyvalue.data, 0, key.keyvalue.length);
-  
-	if (dh_gen_keylen < key.keyvalue.length) {
-	    krb5_set_error_string(context, "Too small key generated by "
-				  "Diffie-Hellman mechanism");
-	    ret = KRB5KRB_ERR_GENERIC;
-	    goto out;
-	}
-	memcpy(key.keyvalue.data, dh_gen_key, key.keyvalue.length);
-	k = key.keyvalue.data;
-	DES_set_odd_parity(&k[0]);
-	switch (enctype) {
-	case ETYPE_DES3_CBC_SHA1: 
-	case ETYPE_OLD_DES3_CBC_SHA1:
-	    DES_set_odd_parity(&k[1]);
-	    DES_set_odd_parity(&k[2]);
-	    break;
-	default:
-	    break;
-	}
-	break;
+    if (ret) {
+	krb5_set_error_string(context, 
+			      "pkinit - can't create key from DH key");
+	ret = KRB5KRB_ERR_GENERIC;
+	goto out;
     }
-    default:
-	krb5_set_error_string(context, "PKINIT DH, unsupported enctype: %d",
-			      (int)enctype);
-	ret = KRB5_KDC_ERR_KEY_TOO_WEAK;
-	break;
-    }
-
     ret = krb5_copy_keyblock_contents(context, &key, reply_key);
 
  out:
@@ -946,7 +913,7 @@ pk_mk_pa_reply(krb5_context context,
 	if (ret)
 	    return ret;
 
-	ret = generate_dh_keyblock(context, client_params,
+	ret = generate_dh_keyblock(context, client_params, enctype,
 				   &client_params->reply_key);
 	if (ret)
 	    return ret;