Differential D17276 Diff 48455 crypto/heimdal/kdc/kx509.c

Changeset View

Standalone View

crypto/heimdal/kdc/kx509.c

	Show First 20 Lines • Show All 58 Lines • ▼ Show 20 Lines
	static const unsigned char version_2_0[4] = {0 , 0, 2, 0};			static const unsigned char version_2_0[4] = {0 , 0, 2, 0};

	static krb5_error_code			static krb5_error_code
	verify_req_hash(krb5_context context,			verify_req_hash(krb5_context context,
	const Kx509Request *req,			const Kx509Request *req,
	krb5_keyblock *key)			krb5_keyblock *key)
	{			{
	unsigned char digest[SHA_DIGEST_LENGTH];			unsigned char digest[SHA_DIGEST_LENGTH];
	HMAC_CTX ctx;			HMAC_CTX *ctx;

	if (req->pk_hash.length != sizeof(digest)) {			if (req->pk_hash.length != sizeof(digest)) {
	krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,			krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
	"pk-hash have wrong length: %lu",			"pk-hash have wrong length: %lu",
	(unsigned long)req->pk_hash.length);			(unsigned long)req->pk_hash.length);
	return KRB5KDC_ERR_PREAUTH_FAILED;			return KRB5KDC_ERR_PREAUTH_FAILED;
	}			}

	HMAC_CTX_init(&ctx);			ctx = HMAC_CTX_new();
	HMAC_Init_ex(&ctx,			if (ctx == NULL) {
				krb5_set_error_message(context, ENOMEM,
				"HMAC context malloc failed");
				return ENOMEM;
				}
				HMAC_Init_ex(ctx,
	key->keyvalue.data, key->keyvalue.length,			key->keyvalue.data, key->keyvalue.length,
	EVP_sha1(), NULL);			EVP_sha1(), NULL);
	if (sizeof(digest) != HMAC_size(&ctx))			if (sizeof(digest) != HMAC_size(ctx))
	krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");			krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
	HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));			HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
	HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length);			HMAC_Update(ctx, req->pk_key.data, req->pk_key.length);
	HMAC_Final(&ctx, digest, 0);			HMAC_Final(ctx, digest, 0);
	HMAC_CTX_cleanup(&ctx);			HMAC_CTX_free(ctx);

	if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {			if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
	krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,			krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
	"pk-hash is not correct");			"pk-hash is not correct");
	return KRB5KDC_ERR_PREAUTH_FAILED;			return KRB5KDC_ERR_PREAUTH_FAILED;
	}			}
	return 0;			return 0;
	}			}

	static krb5_error_code			static krb5_error_code
	calculate_reply_hash(krb5_context context,			calculate_reply_hash(krb5_context context,
	krb5_keyblock *key,			krb5_keyblock *key,
	Kx509Response *rep)			Kx509Response *rep)
	{			{
	krb5_error_code ret;			krb5_error_code ret;
	HMAC_CTX ctx;			HMAC_CTX *ctx;

	HMAC_CTX_init(&ctx);			ctx = HMAC_CTX_new();
				if (ctx == NULL) {
				krb5_set_error_message(context, ENOMEM,
				"HMAC context malloc failed");
				return ENOMEM;
				}

	HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length,			HMAC_Init_ex(ctx, key->keyvalue.data, key->keyvalue.length,
	EVP_sha1(), NULL);			EVP_sha1(), NULL);
	ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx));			ret = krb5_data_alloc(rep->hash, HMAC_size(ctx));
	if (ret) {			if (ret) {
	HMAC_CTX_cleanup(&ctx);			HMAC_CTX_free(ctx);
	krb5_set_error_message(context, ENOMEM, "malloc: out of memory");			krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
	return ENOMEM;			return ENOMEM;
	}			}

	HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));			HMAC_Update(ctx, version_2_0, sizeof(version_2_0));
	if (rep->error_code) {			if (rep->error_code) {
	int32_t t = *rep->error_code;			int32_t t = *rep->error_code;
	do {			do {
	unsigned char p = (t & 0xff);			unsigned char p = (t & 0xff);
	HMAC_Update(&ctx, &p, 1);			HMAC_Update(ctx, &p, 1);
	t >>= 8;			t >>= 8;
	} while (t);			} while (t);
	}			}
	if (rep->certificate)			if (rep->certificate)
	HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);			HMAC_Update(ctx, rep->certificate->data, rep->certificate->length);
	if (rep->e_text)			if (rep->e_text)
	HMAC_Update(&ctx, (unsigned char )rep->e_text, strlen(*rep->e_text));			HMAC_Update(ctx, (unsigned char )rep->e_text, strlen(*rep->e_text));

	HMAC_Final(&ctx, rep->hash->data, 0);			HMAC_Final(ctx, rep->hash->data, 0);
	HMAC_CTX_cleanup(&ctx);			HMAC_CTX_free(ctx);

	return 0;			return 0;
	}			}

	/*			/*
	* Build a certifate for `principal´ that will expire at `endtime´.			* Build a certifate for `principal´ that will expire at `endtime´.
	*/			*/

	▲ Show 20 Lines • Show All 331 Lines • Show Last 20 Lines