Implement gssEapDeriveRFC3961Key

[mech_eap.orig] / wrap_iov.c

diff --git a/wrap_iov.c b/wrap_iov.c
index cd17e06..754eb0f 100644 (file)
--- a/wrap_iov.c
+++ b/wrap_iov.c
@@ -75,10 +75,13 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
     size_t rrc = 0;
     unsigned int gssHeaderLen, gssTrailerLen;
     size_t dataLen, assocDataLen;
+    krb5_context krbContext;
 
     if (!CTX_IS_ESTABLISHED(ctx))
         return GSS_S_NO_CONTEXT;
 
+    GSSEAP_KRB_INIT(&krbContext);
+
     acceptorFlag = CTX_IS_INITIATOR(ctx) ? 0 : TOK_FLAG_SENDER_IS_ACCEPTOR;
     keyUsage = ((toktype == TOK_TYPE_WRAP)
                 ? (CTX_IS_INITIATOR(ctx)
@@ -107,12 +110,12 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         size_t ec = 0;
         size_t confDataLen = dataLen - assocDataLen;
 
-        code = krb5_c_crypto_length(ctx->kerberosCtx, ctx->encryptionType,
+        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
                                     KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
         if (code != 0)
             goto cleanup;
 
-        code = krb5_c_padding_length(ctx->kerberosCtx, ctx->encryptionType,
+        code = krb5_c_padding_length(krbContext, ctx->encryptionType,
                                      confDataLen + 16 /* E(Header) */,
                                      &krbPadLen);
         if (code != 0)
@@ -120,13 +123,13 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
         if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
             /* Windows rejects AEAD tokens with non-zero EC */
-            code = krb5_c_block_size(ctx->kerberosCtx, ctx->encryptionType, &ec);
+            code = krb5_c_block_size(krbContext, ctx->encryptionType, &ec);
             if (code != 0)
                 goto cleanup;
         } else
             ec = krbPadLen;
 
-        code = krb5_c_crypto_length(ctx->kerberosCtx, ctx->encryptionType,
+        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
                                     KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
         if (code != 0)
             goto cleanup;
@@ -187,9 +190,9 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         memset(tbuf, 0xFF, ec);
         memcpy(tbuf + ec, header->buffer.value, 16);
 
-        code = gssEapEncrypt(ctx->kerberosCtx,
+        code = gssEapEncrypt(krbContext,
                              ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
-                             ec, rrc, ctx->rfc3961Key,
+                             ec, rrc, &ctx->rfc3961Key,
                              keyUsage, 0, iov, iov_count);
         if (code != 0)
             goto cleanup;
@@ -203,7 +206,7 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
 
         gssHeaderLen = 16;
 
-        code = krb5_c_crypto_length(ctx->kerberosCtx, ctx->encryptionType,
+        code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
                                     KRB5_CRYPTO_TYPE_CHECKSUM,
                                     &gssTrailerLen);
         if (code != 0)
@@ -257,8 +260,8 @@ gssEapWrapOrGetMIC(OM_uint32 *minor,
         }
         store_64_be(ctx->sendSeq, outbuf + 8);
 
-        code = gssEapSign(ctx->kerberosCtx, ctx->checksumType,
-                          rrc, ctx->rfc3961Key, keyUsage,
+        code = gssEapSign(krbContext, ctx->checksumType,
+                          rrc, &ctx->rfc3961Key, keyUsage,
                           iov, iov_count);
         if (code != 0)
             goto cleanup;