KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *key)
{
krb5_error_code ret;
krb5_keyblock *subkey;
ret = krb5_generate_subkey_extended (context, key,
auth_context->keytype,
&subkey);
if(ret)
return ret;
if(auth_context->local_subkey)
krb5_free_keyblock(context, auth_context->local_subkey);
auth_context->local_subkey = subkey;
return 0;
}
krb5_error_code
krb5int_generate_and_save_subkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *keyblock,
krb5_enctype enctype)
{
/* Provide some more fodder for random number code.
This isn't strong cryptographically; the point here is not
to guarantee randomness, but to make it less likely that multiple
sessions could pick the same subkey. */
struct {
krb5_int32 sec, usec;
} rnd_data;
krb5_data d;
krb5_error_code retval;
krb5_keyblock *kb = NULL;
if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
d.length = sizeof(rnd_data);
d.data = (char *) &rnd_data;
krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
}
retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
if (retval)
return retval;
retval = krb5_auth_con_setsendsubkey(context, auth_context, kb);
if (retval)
goto cleanup;
retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb);
if (retval)
goto cleanup;
cleanup:
if (retval) {
(void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
(void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
}
krb5_free_keyblock(context, kb);
return retval;
}