Example #1
0
int
gssEapEncrypt(krb5_context context,
              int dce_style,
              size_t ec,
              size_t rrc,
#ifdef HAVE_HEIMDAL_VERSION
              krb5_crypto crypto,
#else
              krb5_keyblock *crypto,
#endif
              int usage,
              gss_iov_buffer_desc *iov,
              int iov_count)
{
    krb5_error_code code;
    size_t kiov_count;
    krb5_crypto_iov *kiov = NULL;

    code = mapIov(context, dce_style, ec, rrc, crypto,
                  iov, iov_count, &kiov, &kiov_count);
    if (code != 0)
        goto cleanup;

#ifdef HAVE_HEIMDAL_VERSION
    code = krb5_encrypt_iov_ivec(context, crypto, usage, kiov, kiov_count, NULL);
#else
    code = krb5_c_encrypt_iov(context, crypto, usage, NULL, kiov, kiov_count);
#endif
    if (code != 0)
        goto cleanup;

cleanup:
    if (kiov != NULL)
        GSSEAP_FREE(kiov);

    return code;
}
Example #2
0
static int
iov_test(krb5_context context)
{
    krb5_enctype enctype = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
    krb5_error_code ret;
    krb5_crypto crypto;
    krb5_keyblock key;
    krb5_data signonly, in, in2;
    krb5_crypto_iov iov[6];
    size_t len, i;
    unsigned char *base, *p;

    ret = krb5_generate_random_keyblock(context, enctype, &key);
    if (ret)
	krb5_err(context, 1, ret, "krb5_generate_random_keyblock");

    ret = krb5_crypto_init(context, &key, 0, &crypto);
    if (ret)
	krb5_err(context, 1, ret, "krb5_crypto_init");


    ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len);
    if (ret)
	krb5_err(context, 1, ret, "krb5_crypto_length");

    signonly.data = "This should be signed";
    signonly.length = strlen(signonly.data);
    in.data = "inputdata";
    in.length = strlen(in.data);

    in2.data = "INPUTDATA";
    in2.length = strlen(in2.data);


    memset(iov, 0, sizeof(iov));

    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
    iov[1].data = in;
    iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
    iov[2].data = signonly;
    iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
    iov[4].flags = KRB5_CRYPTO_TYPE_PADDING;
    iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER;

    ret = krb5_crypto_length_iov(context, crypto, iov,
				 sizeof(iov)/sizeof(iov[0]));
    if (ret)
	krb5_err(context, 1, ret, "krb5_crypto_length_iov");

    for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
	if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
	    continue;
	len += iov[i].data.length;
    }

    base = emalloc(len);

    /*
     * Allocate data for the fields
     */

    for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
	if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
	    continue;;
	iov[i].data.data = p;
	p += iov[i].data.length;
    }
    assert(iov[1].data.length == in.length);
    memcpy(iov[1].data.data, in.data, iov[1].data.length);

    /*
     * Encrypt
     */

    ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov,
				sizeof(iov)/sizeof(iov[0]), NULL);
    if (ret)
	krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");

    /*
     * Decrypt
     */

    ret = krb5_decrypt_iov_ivec(context, crypto, 7,
				iov, sizeof(iov)/sizeof(iov[0]), NULL);
    if (ret)
	krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");

    /*
     * Verify data
     */

    if (krb5_data_cmp(&iov[1].data, &in) != 0)
	krb5_errx(context, 1, "decrypted data not same");

    /*
     * Free memory
     */

    free(base);

    /* Set up for second try */

    iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
    iov[3].data = in;

    ret = krb5_crypto_length_iov(context, crypto,
				 iov, sizeof(iov)/sizeof(iov[0]));
    if (ret)
	krb5_err(context, 1, ret, "krb5_crypto_length_iov");

    for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
	if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
	    continue;
	len += iov[i].data.length;
    }

    base = emalloc(len);

    /*
     * Allocate data for the fields
     */

    for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
	if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
	    continue;;
	iov[i].data.data = p;
	p += iov[i].data.length;
    }
    assert(iov[1].data.length == in.length);
    memcpy(iov[1].data.data, in.data, iov[1].data.length);

    assert(iov[3].data.length == in2.length);
    memcpy(iov[3].data.data, in2.data, iov[3].data.length);



    /*
     * Encrypt
     */

    ret = krb5_encrypt_iov_ivec(context, crypto, 7,
				iov, sizeof(iov)/sizeof(iov[0]), NULL);
    if (ret)
	krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");

    /*
     * Decrypt
     */

    ret = krb5_decrypt_iov_ivec(context, crypto, 7,
				iov, sizeof(iov)/sizeof(iov[0]), NULL);
    if (ret)
	krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");

    /*
     * Verify data
     */

    if (krb5_data_cmp(&iov[1].data, &in) != 0)
	krb5_errx(context, 1, "decrypted data 2.1 not same");

    if (krb5_data_cmp(&iov[3].data, &in2) != 0)
	krb5_errx(context, 1, "decrypted data 2.2 not same");

    /*
     * Free memory
     */

    free(base);

    krb5_crypto_destroy(context, crypto);

    krb5_free_keyblock_contents(context, &key);

    return 0;
}
Example #3
0
static int
krb_enc_iov2(krb5_context context,
	     krb5_crypto crypto,
	     unsigned usage,
	     size_t cipher_len,
	     krb5_data *clear)
{
    krb5_crypto_iov iov[4];
    krb5_data decrypt;
    int ret;
    char *p, *q;
    size_t len, i;

    p = clear->data;
    len = clear->length;

    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
    krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
    iov[0].data.data = emalloc(iov[0].data.length);

    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
    iov[1].data.length = len;
    iov[1].data.data = emalloc(iov[1].data.length);
    memcpy(iov[1].data.data, p, iov[1].data.length);

    /* padding buffer */
    iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
    krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length);
    iov[2].data.data = emalloc(iov[2].data.length);

    iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
    krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length);
    iov[3].data.data = emalloc(iov[3].data.length);

    ret = krb5_encrypt_iov_ivec(context, crypto, usage,
				iov, sizeof(iov)/sizeof(iov[0]), NULL);
    if (ret)
	errx(1, "encrypt iov failed: %d", ret);

    /* check len */
    for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
	len += iov[i].data.length;
    if (len != cipher_len)
	errx(1, "cipher len wrong");

    /*
     * Plain decrypt
     */

    p = q = emalloc(len);
    for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
	memcpy(q, iov[i].data.data, iov[i].data.length);
	q += iov[i].data.length;
    }

    ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt);
    if (ret)
	krb5_err(context, 1, ret, "krb5_decrypt");
    else
	krb5_data_free(&decrypt);

    free(p);

    /*
     * Now decrypt use iov
     */

    /* padding turn into data */
    p = q = emalloc(iov[1].data.length + iov[2].data.length);

    memcpy(q, iov[1].data.data, iov[1].data.length);
    q += iov[1].data.length;
    memcpy(q, iov[2].data.data, iov[2].data.length);

    free(iov[1].data.data);
    free(iov[2].data.data);

    iov[1].data.data = p;
    iov[1].data.length += iov[2].data.length;

    iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY;
    iov[2].data.length = 0;

    ret = krb5_decrypt_iov_ivec(context, crypto, usage,
				iov, sizeof(iov)/sizeof(iov[0]), NULL);
    free(iov[0].data.data);
    free(iov[3].data.data);

    if (ret)
	krb5_err(context, 1, ret, "decrypt iov failed: %d", ret);

    if (clear->length != iov[1].data.length)
	errx(1, "length incorrect");

    p = clear->data;
    if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0)
	errx(1, "iov[1] incorrect");

    free(iov[1].data.data);

    return 0;
}