1 /* 2 * lib/krb5/krb/encode_kdc.c 3 * 4 * Copyright 1990 by the Massachusetts Institute of Technology. 5 * All Rights Reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 * 26 * 27 * krb5_encode_kdc_rep() function. 28 */ 29 30 #include "k5-int.h" 31 32 /* 33 Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep, 34 using message type type and encryption key client_key and encryption type 35 etype. 36 37 The string *enc_rep will be allocated before formatting; the caller should 38 free when finished. 39 40 returns system errors 41 42 dec_rep->enc_part.ciphertext is allocated and filled in. 43 */ 44 /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG 45 stuff... */ 46 krb5_error_code 47 krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type, 48 const krb5_enc_kdc_rep_part *encpart, 49 int using_subkey, const krb5_keyblock *client_key, 50 krb5_kdc_rep *dec_rep, krb5_data **enc_rep) 51 { 52 krb5_data *scratch; 53 krb5_error_code retval; 54 krb5_enc_kdc_rep_part tmp_encpart; 55 krb5_keyusage usage; 56 57 if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype)) 58 return KRB5_PROG_ETYPE_NOSUPP; 59 60 switch (type) { 61 case KRB5_AS_REP: 62 usage = KRB5_KEYUSAGE_AS_REP_ENCPART; 63 break; 64 case KRB5_TGS_REP: 65 if (using_subkey) 66 usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY; 67 else 68 usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY; 69 break; 70 default: 71 return KRB5_BADMSGTYPE; 72 } 73 74 /* 75 * We don't want to modify encpart, but we need to be able to pass 76 * in the message type to the encoder, so it can set the ASN.1 77 * type correct. 78 * 79 * Although note that it may be doing nothing with the message 80 * type, to be compatible with old versions of Kerberos that always 81 * encode this as a TGS_REP regardly of what it really should be; 82 * also note that the reason why we are passing it in a structure 83 * instead of as an argument to encode_krb5_enc_kdc_rep_part (the 84 * way we should) is for compatibility with the ISODE version of 85 * this fuction. Ah, compatibility.... 86 */ 87 tmp_encpart = *encpart; 88 tmp_encpart.msg_type = type; 89 retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch); 90 if (retval) { 91 return retval; 92 } 93 memset(&tmp_encpart, 0, sizeof(tmp_encpart)); 94 95 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \ 96 krb5_free_data(context, scratch); } 97 98 retval = krb5_encrypt_helper(context, client_key, usage, scratch, 99 &dec_rep->enc_part); 100 101 #define cleanup_encpart() { \ 102 (void) memset(dec_rep->enc_part.ciphertext.data, 0, \ 103 dec_rep->enc_part.ciphertext.length); \ 104 free(dec_rep->enc_part.ciphertext.data); \ 105 dec_rep->enc_part.ciphertext.length = 0; \ 106 dec_rep->enc_part.ciphertext.data = 0;} 107 108 cleanup_scratch(); 109 110 if (retval) 111 return(retval); 112 113 /* now it's ready to be encoded for the wire! */ 114 115 switch (type) { 116 case KRB5_AS_REP: 117 retval = encode_krb5_as_rep(dec_rep, enc_rep); 118 break; 119 case KRB5_TGS_REP: 120 retval = encode_krb5_tgs_rep(dec_rep, enc_rep); 121 break; 122 } 123 124 if (retval) 125 cleanup_encpart(); 126 127 return retval; 128 } 129