/* DCE compatible decrypt proc */
static krb5_error_code
decrypt_tkt_with_subkey (krb5_context context,
krb5_keyblock *key,
krb5_key_usage usage,
krb5_const_pointer subkey,
krb5_kdc_rep *dec_rep)
{
krb5_error_code ret;
krb5_data data;
size_t size;
krb5_crypto crypto;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret)
return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
usage,
&dec_rep->kdc_rep.enc_part,
&data);
krb5_crypto_destroy(context, crypto);
if(ret && subkey){
/* DCE compat -- try to decrypt with subkey */
ret = krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto);
if (ret)
return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
&dec_rep->kdc_rep.enc_part,
&data);
krb5_crypto_destroy(context, crypto);
}
if (ret)
return ret;
ret = krb5_decode_EncASRepPart(context,
data.data,
data.length,
&dec_rep->enc_part,
&size);
if (ret)
ret = krb5_decode_EncTGSRepPart(context,
data.data,
data.length,
&dec_rep->enc_part,
&size);
krb5_data_free (&data);
return ret;
}
static krb5_error_code
decrypt_tkt (krb5_context context,
krb5_keyblock *key,
krb5_key_usage usage,
krb5_const_pointer decrypt_arg,
krb5_kdc_rep *dec_rep)
{
krb5_error_code ret;
krb5_data data;
size_t size;
krb5_crypto crypto;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret)
return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
usage,
&dec_rep->kdc_rep.enc_part,
&data);
krb5_crypto_destroy(context, crypto);
if (ret)
return ret;
ret = krb5_decode_EncASRepPart(context,
data.data,
data.length,
&dec_rep->enc_part,
&size);
if (ret)
ret = krb5_decode_EncTGSRepPart(context,
data.data,
data.length,
&dec_rep->enc_part,
&size);
krb5_data_free (&data);
if (ret)
return ret;
return 0;
}