Changeset View
Changeset View
Standalone View
Standalone View
crypto/heimdal/kdc/kx509.c
Show First 20 Lines • Show All 58 Lines • ▼ Show 20 Lines | |||||
static const unsigned char version_2_0[4] = {0 , 0, 2, 0}; | static const unsigned char version_2_0[4] = {0 , 0, 2, 0}; | ||||
static krb5_error_code | static krb5_error_code | ||||
verify_req_hash(krb5_context context, | verify_req_hash(krb5_context context, | ||||
const Kx509Request *req, | const Kx509Request *req, | ||||
krb5_keyblock *key) | krb5_keyblock *key) | ||||
{ | { | ||||
unsigned char digest[SHA_DIGEST_LENGTH]; | unsigned char digest[SHA_DIGEST_LENGTH]; | ||||
HMAC_CTX ctx; | HMAC_CTX *ctx; | ||||
if (req->pk_hash.length != sizeof(digest)) { | if (req->pk_hash.length != sizeof(digest)) { | ||||
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, | krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, | ||||
"pk-hash have wrong length: %lu", | "pk-hash have wrong length: %lu", | ||||
(unsigned long)req->pk_hash.length); | (unsigned long)req->pk_hash.length); | ||||
return KRB5KDC_ERR_PREAUTH_FAILED; | return KRB5KDC_ERR_PREAUTH_FAILED; | ||||
} | } | ||||
HMAC_CTX_init(&ctx); | ctx = HMAC_CTX_new(); | ||||
HMAC_Init_ex(&ctx, | if (ctx == NULL) { | ||||
krb5_set_error_message(context, ENOMEM, | |||||
"HMAC context malloc failed"); | |||||
return ENOMEM; | |||||
} | |||||
HMAC_Init_ex(ctx, | |||||
key->keyvalue.data, key->keyvalue.length, | key->keyvalue.data, key->keyvalue.length, | ||||
EVP_sha1(), NULL); | EVP_sha1(), NULL); | ||||
if (sizeof(digest) != HMAC_size(&ctx)) | if (sizeof(digest) != HMAC_size(ctx)) | ||||
krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); | krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); | ||||
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); | HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); | ||||
HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length); | HMAC_Update(ctx, req->pk_key.data, req->pk_key.length); | ||||
HMAC_Final(&ctx, digest, 0); | HMAC_Final(ctx, digest, 0); | ||||
HMAC_CTX_cleanup(&ctx); | HMAC_CTX_free(ctx); | ||||
if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { | if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { | ||||
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, | krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, | ||||
"pk-hash is not correct"); | "pk-hash is not correct"); | ||||
return KRB5KDC_ERR_PREAUTH_FAILED; | return KRB5KDC_ERR_PREAUTH_FAILED; | ||||
} | } | ||||
return 0; | return 0; | ||||
} | } | ||||
static krb5_error_code | static krb5_error_code | ||||
calculate_reply_hash(krb5_context context, | calculate_reply_hash(krb5_context context, | ||||
krb5_keyblock *key, | krb5_keyblock *key, | ||||
Kx509Response *rep) | Kx509Response *rep) | ||||
{ | { | ||||
krb5_error_code ret; | krb5_error_code ret; | ||||
HMAC_CTX ctx; | HMAC_CTX *ctx; | ||||
HMAC_CTX_init(&ctx); | ctx = HMAC_CTX_new(); | ||||
if (ctx == NULL) { | |||||
krb5_set_error_message(context, ENOMEM, | |||||
"HMAC context malloc failed"); | |||||
return ENOMEM; | |||||
} | |||||
HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, | HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length, | ||||
EVP_sha1(), NULL); | EVP_sha1(), NULL); | ||||
ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx)); | ret = krb5_data_alloc(rep->hash, HMAC_size(ctx)); | ||||
if (ret) { | if (ret) { | ||||
HMAC_CTX_cleanup(&ctx); | HMAC_CTX_free(ctx); | ||||
krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); | krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); | ||||
return ENOMEM; | return ENOMEM; | ||||
} | } | ||||
HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); | HMAC_Update(ctx, version_2_0, sizeof(version_2_0)); | ||||
if (rep->error_code) { | if (rep->error_code) { | ||||
int32_t t = *rep->error_code; | int32_t t = *rep->error_code; | ||||
do { | do { | ||||
unsigned char p = (t & 0xff); | unsigned char p = (t & 0xff); | ||||
HMAC_Update(&ctx, &p, 1); | HMAC_Update(ctx, &p, 1); | ||||
t >>= 8; | t >>= 8; | ||||
} while (t); | } while (t); | ||||
} | } | ||||
if (rep->certificate) | if (rep->certificate) | ||||
HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); | HMAC_Update(ctx, rep->certificate->data, rep->certificate->length); | ||||
if (rep->e_text) | if (rep->e_text) | ||||
HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); | HMAC_Update(ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); | ||||
HMAC_Final(&ctx, rep->hash->data, 0); | HMAC_Final(ctx, rep->hash->data, 0); | ||||
HMAC_CTX_cleanup(&ctx); | HMAC_CTX_free(ctx); | ||||
return 0; | return 0; | ||||
} | } | ||||
/* | /* | ||||
* Build a certifate for `principal´ that will expire at `endtime´. | * Build a certifate for `principal´ that will expire at `endtime´. | ||||
*/ | */ | ||||
▲ Show 20 Lines • Show All 331 Lines • Show Last 20 Lines |