2 * Copyright (c) 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gsskrb5_locl.h"
37 _gsskrb5_pseudo_random(OM_uint32
*minor_status
,
38 gss_ctx_id_t context_handle
,
40 const gss_buffer_t prf_in
,
41 ssize_t desired_output_len
,
44 gsskrb5_ctx ctx
= (gsskrb5_ctx
)context_handle
;
48 krb5_data input
, output
;
51 krb5_keyblock
*key
= NULL
;
55 return GSS_S_NO_CONTEXT
;
58 if (desired_output_len
<= 0) {
63 GSSAPI_KRB5_INIT (&context
);
66 case GSS_C_PRF_KEY_FULL
:
67 _gsskrb5i_get_acceptor_subkey(ctx
, context
, &key
);
69 case GSS_C_PRF_KEY_PARTIAL
:
70 _gsskrb5i_get_initiator_subkey(ctx
, context
, &key
);
73 _gsskrb5_set_status(EINVAL
, "unknown kerberos prf_key");
74 *minor_status
= EINVAL
;
79 _gsskrb5_set_status(EINVAL
, "no prf_key found");
80 *minor_status
= EINVAL
;
84 ret
= krb5_crypto_init(context
, key
, 0, &crypto
);
85 krb5_free_keyblock (context
, key
);
91 prf_out
->value
= malloc(desired_output_len
);
92 if (prf_out
->value
== NULL
) {
93 _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG
, "Out of memory");
94 *minor_status
= GSS_KRB5_S_KG_INPUT_TOO_LONG
;
95 krb5_crypto_destroy(context
, crypto
);
98 prf_out
->length
= desired_output_len
;
100 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
102 input
.length
= prf_in
->length
+ 4;
103 input
.data
= malloc(prf_in
->length
+ 4);
104 if (input
.data
== NULL
) {
106 _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG
, "Out of memory");
107 *minor_status
= GSS_KRB5_S_KG_INPUT_TOO_LONG
;
108 gss_release_buffer(&junk
, prf_out
);
109 krb5_crypto_destroy(context
, crypto
);
110 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
111 return GSS_S_FAILURE
;
113 memcpy(((unsigned char *)input
.data
) + 4, prf_in
->value
, prf_in
->length
);
117 while(desired_output_len
> 0) {
118 _gsskrb5_encode_om_uint32(num
, input
.data
);
119 ret
= krb5_crypto_prf(context
, crypto
, &input
, &output
);
124 gss_release_buffer(&junk
, prf_out
);
125 krb5_crypto_destroy(context
, crypto
);
126 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
127 return GSS_S_FAILURE
;
129 memcpy(p
, output
.data
, min(desired_output_len
, output
.length
));
131 desired_output_len
-= output
.length
;
132 krb5_data_free(&output
);
137 krb5_crypto_destroy(context
, crypto
);
139 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
141 return GSS_S_COMPLETE
;