DWORD VmKdcGenerateMasterKey( PBYTE *ppMasterKey, PDWORD pMasterKeyLen) { DWORD dwError = 0; krb5_error_code err = 0; krb5_keyblock keyBlock = {0}; krb5_context krb5Context; ssize_t asn1_masterkey_len = 0; int len = 0; PBYTE asn1_masterkey = NULL; KrbMKey inMasterKey = {0}; err = krb5_heim_init_context(&krb5Context); if (err) { dwError = ERROR_ALLOC_KRB5_CONTEXT; BAIL_ON_VMKDC_ERROR(dwError); } /* TBD: FIXME - Only use VMKDC_ENCTYPE_AES256_CTS_HMAC_SHA1_96 for now */ err = krb5_heim_generate_random_keyblock(krb5Context, VMKDC_ENCTYPE_AES256_CTS_HMAC_SHA1_96, &keyBlock); if (err) { dwError = ERROR_ALLOC_KRB5_CONTEXT; BAIL_ON_VMKDC_ERROR(dwError); } inMasterKey.kvno = VMKDC_DEFAULT_KVNO; inMasterKey.key.keytype = keyBlock.keytype; inMasterKey.key.keyvalue = keyBlock.keyvalue; ASN1_MALLOC_ENCODE(KrbMKey, asn1_masterkey, len, &inMasterKey, &asn1_masterkey_len, err); if (asn1_masterkey_len > 0) { *ppMasterKey = asn1_masterkey; *pMasterKeyLen = (DWORD) asn1_masterkey_len; } error: krb5_heim_free_keyblock_contents(krb5Context, &keyBlock); krb5_heim_free_context(krb5Context); return dwError; }
DWORD VmKdcInitKrb5( PVMKDC_KRB5_CONTEXT *ppRetKrb5) { DWORD dwError = 0; PVMKDC_KRB5_CONTEXT pKrb5; int sts = 0; dwError = VmKdcAllocateMemory(sizeof(*pKrb5), (PVOID*)&pKrb5); BAIL_ON_VMKDC_ERROR(dwError); sts = krb5_heim_init_context(&pKrb5->ctx); if (sts) { dwError = ERROR_ALLOC_KRB5_CONTEXT; BAIL_ON_VMKDC_ERROR(dwError); } error: *ppRetKrb5 = pKrb5; return dwError; }
DWORD VmKdcStringToKeys( PSTR upnName, PSTR password, PBYTE *ppUpnKeys, PDWORD pUpnKeysLen) { DWORD dwError = 0; krb5_principal upnPrincipal; krb5_error_code err = 0; krb5_context krb5Context; krb5_keyblock keyBlocks[2]; PBYTE pAsn1Keys = NULL; DWORD asn1KeysLen = 0; err = krb5_heim_init_context(&krb5Context); if (err) { dwError = ERROR_ALLOC_KRB5_CONTEXT; BAIL_ON_VMKDC_ERROR(dwError); } dwError = _VmKdcParsePrincipalHeimdal( upnName, &upnPrincipal); BAIL_ON_VMKDC_ERROR(dwError); err = krb5_heim_string_to_key( krb5Context, VMKDC_ENCTYPE_AES256_CTS_HMAC_SHA1_96, (const char *)password, upnPrincipal, &keyBlocks[0]); if (err) { dwError = ERROR_ALLOC_KRB5_CONTEXT; BAIL_ON_VMKDC_ERROR(dwError); } err = krb5_heim_string_to_key( krb5Context, ENCTYPE_ARCFOUR_HMAC, (const char *)password, upnPrincipal, &keyBlocks[1]); dwError = _VmKdcAsn1EncodeStringToKeys( keyBlocks, 2, &pAsn1Keys, &asn1KeysLen); BAIL_ON_VMKDC_ERROR(dwError); *ppUpnKeys = pAsn1Keys; *pUpnKeysLen = asn1KeysLen; error: krb5_heim_free_keyblock_contents(krb5Context, &keyBlocks[0]); krb5_heim_free_keyblock_contents(krb5Context, &keyBlocks[1]); krb5_heim_free_context(krb5Context); _VmKdcParsePrincipalHeimdalFree(upnPrincipal); return dwError; }