/*
* Compute a derived key into the keyblock outkey. This variation on
* krb5int_derive_key does not cache the result, as it is only used
* directly in situations which are not expected to be repeated with
* the same inkey and constant.
*/
krb5_error_code
krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_keyblock *outkey,
const krb5_data *in_constant)
{
krb5_error_code ret;
krb5_data rawkey = empty_data();
/* Allocate a buffer for the raw key bytes. */
ret = alloc_data(&rawkey, enc->keybytes);
if (ret)
goto cleanup;
/* Derive pseudo-random data for the key bytes. */
ret = krb5int_derive_random(enc, inkey, &rawkey, in_constant);
if (ret)
goto cleanup;
/* Postprocess the key. */
ret = enc->make_key(&rawkey, outkey);
cleanup:
zapfree(rawkey.data, enc->keybytes);
return ret;
}
/* Our DR function, a simple wrapper around krb5int_derive_random(). */
static krb5_error_code
dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
unsigned char *out, const krb5_data *in_constant)
{
krb5_data outdata = make_data(out, enc->keybytes);
krb5_key key = NULL;
krb5_error_code ret;
ret = krb5_k_create_key(NULL, inkey, &key);
if (ret != 0)
return ret;
ret = krb5int_derive_random(enc, key, &outdata, in_constant,
DERIVE_RFC3961);
krb5_k_free_key(NULL, key);
return ret;
}
void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) {
krb5_error_code r;
r = krb5int_derive_random (enc, in, out, usage, DERIVE_RFC3961);
CHECK;
}
