/**
* shishi_apreq_add_authenticator:
* @handle: shishi handle as allocated by shishi_init().
* @apreq: AP-REQ to add authenticator field to.
* @key: key to to use for encryption.
* @keyusage: cryptographic key usage value to use in encryption.
* @authenticator: authenticator as allocated by shishi_authenticator().
*
* Encrypts DER encoded authenticator using key and store it in the
* AP-REQ.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_apreq_add_authenticator (Shishi * handle,
Shishi_asn1 apreq,
Shishi_key * key,
int keyusage, Shishi_asn1 authenticator)
{
int res;
char *buf;
size_t buflen;
char *der;
size_t derlen;
res = shishi_asn1_to_der (handle, authenticator, &der, &derlen);
if (res != SHISHI_OK)
{
shishi_error_printf (handle, "Could not DER encode authenticator: %s\n",
shishi_strerror (res));
return res;
}
res = shishi_encrypt (handle, key, keyusage, der, derlen, &buf, &buflen);
free (der);
if (res != SHISHI_OK)
{
shishi_error_printf (handle, "Cannot encrypt authenticator.\n");
return res;
}
res = shishi_apreq_set_authenticator (handle, apreq, shishi_key_type (key),
shishi_key_version (key),
buf, buflen);
return res;
}
/**
* shishi_kdcreq_add_padata_preauth:
* @handle: shishi handle as allocated by shishi_init().
* @kdcreq: KDC-REQ to add pre-authentication data to.
* @key: Key used to encrypt pre-auth data.
*
* Add pre-authentication data to KDC-REQ.
*
* Return value: Returns SHISHI_OK iff successful.
**/
int
shishi_kdcreq_add_padata_preauth (Shishi * handle,
Shishi_asn1 kdcreq, Shishi_key * key)
{
char *der, *data;
size_t derlen, datalen;
Shishi_asn1 pa;
struct timeval tv;
int rc;
Shishi_asn1 ed;
pa = shishi_asn1_pa_enc_ts_enc (handle);
if (!pa)
return SHISHI_ASN1_ERROR;
rc = gettimeofday (&tv, NULL);
if (rc != 0)
return SHISHI_GETTIMEOFDAY_ERROR;
rc = shishi_asn1_write (handle, pa, "patimestamp",
shishi_generalize_time (handle, tv.tv_sec),
SHISHI_GENERALIZEDTIME_LENGTH);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write_integer (handle, pa, "pausec", tv.tv_usec);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_to_der (handle, pa, &der, &derlen);
if (rc != SHISHI_OK)
return rc;
rc = shishi_encrypt (handle, key, SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP,
der, derlen, &data, &datalen);
free (der);
if (rc != SHISHI_OK)
return rc;
ed = shishi_asn1_encrypteddata (handle);
if (!ed)
return SHISHI_ASN1_ERROR;
rc = shishi_asn1_write_integer (handle, ed, "etype", shishi_key_type (key));
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, ed, "cipher", data, datalen);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_write (handle, ed, "kvno", NULL, 0);
if (rc != SHISHI_OK)
return rc;
rc = shishi_asn1_to_der (handle, ed, &der, &derlen);
free (data);
if (rc != SHISHI_OK)
return rc;
rc = shishi_kdcreq_add_padata (handle, kdcreq, SHISHI_PA_ENC_TIMESTAMP,
der, derlen);
free (der);
if (rc != SHISHI_OK)
return rc;
return rc;
}
/* write encrypted data to socket */
int
writeenc (Shishi * h, int sock, char *buf, int wlen, int *len,
shishi_ivector * iv, Shishi_key * enckey, int proto)
{
char *out;
char *bufbis;
int rc;
int dlen, outlen;
dlen = wlen;
dlen = htonl (dlen);
/* data to encrypt = size + data */
if (proto == 2)
{
bufbis = malloc (wlen + sizeof (int));
if (!bufbis)
{
perror ("writeenc");
return 1;
}
memcpy (bufbis, (char *) &dlen, sizeof (int));
memcpy (bufbis + sizeof (int), buf, wlen);
/* encrypt it */
rc =
shishi_crypto_encrypt (iv->ctx, bufbis, wlen + sizeof (int), &out,
&outlen);
}
else
{
bufbis = malloc (wlen);
if (!bufbis)
{
perror ("bufbis");
return 1;
}
memcpy (bufbis, buf, wlen);
/* data to encrypt = size + data */
rc =
shishi_encrypt (h, enckey, iv->keyusage, bufbis, wlen, &out, &outlen);
}
if (rc != SHISHI_OK)
{
fprintf (stderr, "decryption error\n");
free (bufbis);
return 1;
}
free (bufbis);
/* data to send = original size + encrypted data */
/* send it */
write (sock, &dlen, sizeof (int));
write (sock, out, outlen);
*len = wlen;
free (out);
return SHISHI_OK;
}
