📄 kx509.c
字号:
/* * Copyright (c) 2006 - 2007 Kungliga Tekniska H鰃skolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */#include "kdc_locl.h"#include <hex.h>#include <rfc2459_asn1.h>#include <hx509.h>RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");/* * */krb5_error_code_kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size){ if (len < 4) return -1; if (memcmp("\x00\x00\x02\x00", ptr, 4) != 0) return -1; return decode_Kx509Request(((unsigned char *)ptr) + 4, len - 4, req, size);}/* * */static const unsigned char version_2_0[4] = {0 , 0, 2, 0};static krb5_error_codeverify_req_hash(krb5_context context, const Kx509Request *req, krb5_keyblock *key){ unsigned char digest[SHA_DIGEST_LENGTH]; HMAC_CTX ctx; if (req->pk_hash.length != sizeof(digest)) { krb5_set_error_string(context, "pk-hash have wrong length: %lu", (unsigned long)req->pk_hash.length); return KRB5KDC_ERR_PREAUTH_FAILED; } HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); if (sizeof(digest) != HMAC_size(&ctx)) krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length); HMAC_Final(&ctx, digest, 0); HMAC_CTX_cleanup(&ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { krb5_set_error_string(context, "pk-hash is not correct"); return KRB5KDC_ERR_PREAUTH_FAILED; } return 0;}static krb5_error_codecalculate_reply_hash(krb5_context context, krb5_keyblock *key, Kx509Response *rep){ HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); rep->hash->length = HMAC_size(&ctx); rep->hash->data = malloc(rep->hash->length); if (rep->hash->data == NULL) { HMAC_CTX_cleanup(&ctx); krb5_set_error_string(context, "out of memory"); return ENOMEM; } HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); if (rep->error_code) { int32_t t = *rep->error_code; do { unsigned char p = (t & 0xff); HMAC_Update(&ctx, &p, 1); t >>= 8; } while (t); } if (rep->certificate) HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); if (rep->e_text) HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); HMAC_Final(&ctx, rep->hash->data, 0); HMAC_CTX_cleanup(&ctx); return 0;}/* * Build a certifate for `principal⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -