xref: /freebsd/crypto/heimdal/lib/krb5/mk_rep.c (revision 5c52a79884070364bfc920fb8e492cfac61ec72f) 
1 /*
2  * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <krb5_locl.h>
35 
36 RCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $");
37 
38 krb5_error_code KRB5_LIB_FUNCTION
39 krb5_mk_rep(krb5_context context,
40 	    krb5_auth_context auth_context,
41 	    krb5_data *outbuf)
42 {
43     krb5_error_code ret;
44     AP_REP ap;
45     EncAPRepPart body;
46     u_char *buf = NULL;
47     size_t buf_size;
48     size_t len;
49     krb5_crypto crypto;
50 
51     ap.pvno = 5;
52     ap.msg_type = krb_ap_rep;
53 
54     memset (&body, 0, sizeof(body));
55 
56     body.ctime = auth_context->authenticator->ctime;
57     body.cusec = auth_context->authenticator->cusec;
58     if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
59 	if (auth_context->local_subkey == NULL) {
60 	    ret = krb5_auth_con_generatelocalsubkey(context,
61 						    auth_context,
62 						    auth_context->keyblock);
63 	    if(ret) {
64 		krb5_set_error_string (context,
65 				       "krb5_mk_rep: generating subkey");
66 		free_EncAPRepPart(&body);
67 		return ret;
68 	    }
69 	}
70 	ret = krb5_copy_keyblock(context, auth_context->local_subkey,
71 				 &body.subkey);
72 	if (ret) {
73 	    krb5_set_error_string (context,
74 				   "krb5_copy_keyblock: out of memory");
75 	    free_EncAPRepPart(&body);
76 	    return ENOMEM;
77 	}
78     } else
79 	body.subkey = NULL;
80     if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
81 	if(auth_context->local_seqnumber == 0)
82 	    krb5_generate_seq_number (context,
83 				      auth_context->keyblock,
84 				      &auth_context->local_seqnumber);
85 	ALLOC(body.seq_number, 1);
86 	if (body.seq_number == NULL) {
87 	    krb5_set_error_string (context, "malloc: out of memory");
88 	    free_EncAPRepPart(&body);
89 	    return ENOMEM;
90 	}
91 	*(body.seq_number) = auth_context->local_seqnumber;
92     } else
93 	body.seq_number = NULL;
94 
95     ap.enc_part.etype = auth_context->keyblock->keytype;
96     ap.enc_part.kvno  = NULL;
97 
98     ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
99     free_EncAPRepPart (&body);
100     if(ret)
101 	return ret;
102     if (buf_size != len)
103 	krb5_abortx(context, "internal error in ASN.1 encoder");
104     ret = krb5_crypto_init(context, auth_context->keyblock,
105 			   0 /* ap.enc_part.etype */, &crypto);
106     if (ret) {
107 	free (buf);
108 	return ret;
109     }
110     ret = krb5_encrypt (context,
111 			crypto,
112 			KRB5_KU_AP_REQ_ENC_PART,
113 			buf + buf_size - len,
114 			len,
115 			&ap.enc_part.cipher);
116     krb5_crypto_destroy(context, crypto);
117     free(buf);
118     if (ret)
119 	return ret;
120 
121     ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
122     if (ret == 0 && outbuf->length != len)
123 	krb5_abortx(context, "internal error in ASN.1 encoder");
124     free_AP_REP (&ap);
125     return ret;
126 }
127