xref: /titanic_41/usr/src/lib/gss_mechs/mech_krb5/krb5/krb/encode_kdc.c (revision 159d09a20817016f09b3ea28d1bdada4a336bb91)
1 /*
2  * lib/krb5/krb/encode_kdc.c
3  *
4  * Copyright 1990 by the Massachusetts Institute of Technology.
5  * All Rights Reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  *
26  *
27  * krb5_encode_kdc_rep() function.
28  */
29 
30 #include "k5-int.h"
31 
32 /*
33  Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep,
34  using message type type and encryption key client_key and encryption type
35  etype.
36 
37  The string *enc_rep will be allocated before formatting; the caller should
38  free when finished.
39 
40  returns system errors
41 
42  dec_rep->enc_part.ciphertext is allocated and filled in.
43 */
44 /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
45    stuff... */
46 krb5_error_code
krb5_encode_kdc_rep(krb5_context context,krb5_msgtype type,const krb5_enc_kdc_rep_part * encpart,int using_subkey,const krb5_keyblock * client_key,krb5_kdc_rep * dec_rep,krb5_data ** enc_rep)47 krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type,
48 		    const krb5_enc_kdc_rep_part *encpart,
49 		    int using_subkey, const krb5_keyblock *client_key,
50 		    krb5_kdc_rep *dec_rep, krb5_data **enc_rep)
51 {
52     krb5_data *scratch;
53     krb5_error_code retval;
54     krb5_enc_kdc_rep_part tmp_encpart;
55     krb5_keyusage usage;
56 
57     if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype))
58 	return KRB5_PROG_ETYPE_NOSUPP;
59 
60     switch (type) {
61     case KRB5_AS_REP:
62 	usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
63 	break;
64     case KRB5_TGS_REP:
65 	if (using_subkey)
66 	    usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY;
67 	else
68 	    usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY;
69 	break;
70     default:
71 	return KRB5_BADMSGTYPE;
72     }
73 
74     /*
75      * We don't want to modify encpart, but we need to be able to pass
76      * in the message type to the encoder, so it can set the ASN.1
77      * type correct.
78      *
79      * Although note that it may be doing nothing with the message
80      * type, to be compatible with old versions of Kerberos that always
81      * encode this as a TGS_REP regardly of what it really should be;
82      * also note that the reason why we are passing it in a structure
83      * instead of as an argument to encode_krb5_enc_kdc_rep_part (the
84      * way we should) is for compatibility with the ISODE version of
85      * this fuction.  Ah, compatibility....
86      */
87     tmp_encpart = *encpart;
88     tmp_encpart.msg_type = type;
89     retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch);
90     if (retval) {
91 	return retval;
92     }
93     memset(&tmp_encpart, 0, sizeof(tmp_encpart));
94 
95 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
96 krb5_free_data(context, scratch); }
97 
98     retval = krb5_encrypt_helper(context, client_key, usage, scratch,
99 				 &dec_rep->enc_part);
100 
101 #define cleanup_encpart() { \
102 (void) memset(dec_rep->enc_part.ciphertext.data, 0, \
103 	     dec_rep->enc_part.ciphertext.length); \
104 free(dec_rep->enc_part.ciphertext.data); \
105 dec_rep->enc_part.ciphertext.length = 0; \
106 dec_rep->enc_part.ciphertext.data = 0;}
107 
108     cleanup_scratch();
109 
110     if (retval)
111 	return(retval);
112 
113     /* now it's ready to be encoded for the wire! */
114 
115     switch (type) {
116     case KRB5_AS_REP:
117 	retval = encode_krb5_as_rep(dec_rep, enc_rep);
118 	break;
119     case KRB5_TGS_REP:
120 	retval = encode_krb5_tgs_rep(dec_rep, enc_rep);
121 	break;
122     }
123 
124     if (retval)
125 	cleanup_encpart();
126 
127     return retval;
128 }
129