/** * shishi_apreq_add_authenticator: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ to add authenticator field to. * @key: key to to use for encryption. * @keyusage: cryptographic key usage value to use in encryption. * @authenticator: authenticator as allocated by shishi_authenticator(). * * Encrypts DER encoded authenticator using key and store it in the * AP-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_apreq_add_authenticator (Shishi * handle, Shishi_asn1 apreq, Shishi_key * key, int keyusage, Shishi_asn1 authenticator) { int res; char *buf; size_t buflen; char *der; size_t derlen; res = shishi_asn1_to_der (handle, authenticator, &der, &derlen); if (res != SHISHI_OK) { shishi_error_printf (handle, "Could not DER encode authenticator: %s\n", shishi_strerror (res)); return res; } res = shishi_encrypt (handle, key, keyusage, der, derlen, &buf, &buflen); free (der); if (res != SHISHI_OK) { shishi_error_printf (handle, "Cannot encrypt authenticator.\n"); return res; } res = shishi_apreq_set_authenticator (handle, apreq, shishi_key_type (key), shishi_key_version (key), buf, buflen); return res; }
/** * shishi_kdcreq_add_padata_preauth: * @handle: shishi handle as allocated by shishi_init(). * @kdcreq: KDC-REQ to add pre-authentication data to. * @key: Key used to encrypt pre-auth data. * * Add pre-authentication data to KDC-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_kdcreq_add_padata_preauth (Shishi * handle, Shishi_asn1 kdcreq, Shishi_key * key) { char *der, *data; size_t derlen, datalen; Shishi_asn1 pa; struct timeval tv; int rc; Shishi_asn1 ed; pa = shishi_asn1_pa_enc_ts_enc (handle); if (!pa) return SHISHI_ASN1_ERROR; rc = gettimeofday (&tv, NULL); if (rc != 0) return SHISHI_GETTIMEOFDAY_ERROR; rc = shishi_asn1_write (handle, pa, "patimestamp", shishi_generalize_time (handle, tv.tv_sec), SHISHI_GENERALIZEDTIME_LENGTH); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_write_integer (handle, pa, "pausec", tv.tv_usec); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_to_der (handle, pa, &der, &derlen); if (rc != SHISHI_OK) return rc; rc = shishi_encrypt (handle, key, SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP, der, derlen, &data, &datalen); free (der); if (rc != SHISHI_OK) return rc; ed = shishi_asn1_encrypteddata (handle); if (!ed) return SHISHI_ASN1_ERROR; rc = shishi_asn1_write_integer (handle, ed, "etype", shishi_key_type (key)); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_write (handle, ed, "cipher", data, datalen); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_write (handle, ed, "kvno", NULL, 0); if (rc != SHISHI_OK) return rc; rc = shishi_asn1_to_der (handle, ed, &der, &derlen); free (data); if (rc != SHISHI_OK) return rc; rc = shishi_kdcreq_add_padata (handle, kdcreq, SHISHI_PA_ENC_TIMESTAMP, der, derlen); free (der); if (rc != SHISHI_OK) return rc; return rc; }
/* write encrypted data to socket */ int writeenc (Shishi * h, int sock, char *buf, int wlen, int *len, shishi_ivector * iv, Shishi_key * enckey, int proto) { char *out; char *bufbis; int rc; int dlen, outlen; dlen = wlen; dlen = htonl (dlen); /* data to encrypt = size + data */ if (proto == 2) { bufbis = malloc (wlen + sizeof (int)); if (!bufbis) { perror ("writeenc"); return 1; } memcpy (bufbis, (char *) &dlen, sizeof (int)); memcpy (bufbis + sizeof (int), buf, wlen); /* encrypt it */ rc = shishi_crypto_encrypt (iv->ctx, bufbis, wlen + sizeof (int), &out, &outlen); } else { bufbis = malloc (wlen); if (!bufbis) { perror ("bufbis"); return 1; } memcpy (bufbis, buf, wlen); /* data to encrypt = size + data */ rc = shishi_encrypt (h, enckey, iv->keyusage, bufbis, wlen, &out, &outlen); } if (rc != SHISHI_OK) { fprintf (stderr, "decryption error\n"); free (bufbis); return 1; } free (bufbis); /* data to send = original size + encrypted data */ /* send it */ write (sock, &dlen, sizeof (int)); write (sock, out, outlen); *len = wlen; free (out); return SHISHI_OK; }