/* * Compute a derived key into the keyblock outkey. This variation on * krb5int_derive_key does not cache the result, as it is only used * directly in situations which are not expected to be repeated with * the same inkey and constant. */ krb5_error_code krb5int_derive_keyblock(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_keyblock *outkey, const krb5_data *in_constant) { krb5_error_code ret; krb5_data rawkey = empty_data(); /* Allocate a buffer for the raw key bytes. */ ret = alloc_data(&rawkey, enc->keybytes); if (ret) goto cleanup; /* Derive pseudo-random data for the key bytes. */ ret = krb5int_derive_random(enc, inkey, &rawkey, in_constant); if (ret) goto cleanup; /* Postprocess the key. */ ret = enc->make_key(&rawkey, outkey); cleanup: zapfree(rawkey.data, enc->keybytes); return ret; }
/* Our DR function, a simple wrapper around krb5int_derive_random(). */ static krb5_error_code dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, unsigned char *out, const krb5_data *in_constant) { krb5_data outdata = make_data(out, enc->keybytes); krb5_key key = NULL; krb5_error_code ret; ret = krb5_k_create_key(NULL, inkey, &key); if (ret != 0) return ret; ret = krb5int_derive_random(enc, key, &outdata, in_constant, DERIVE_RFC3961); krb5_k_free_key(NULL, key); return ret; }
void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) { krb5_error_code r; r = krb5int_derive_random (enc, in, out, usage, DERIVE_RFC3961); CHECK; }