#define CKSUMTYPE_HMAC_SHA1_96_AES_256 CKSUMTYPE_HMAC_SHA1_96_AES256
#endif
+/*
+ * KRB5_KU_OTHER_ENCRYPTED in Heimdal
+ * KRB5_KEYUSAGE_APP_DATA_ENCRYPT in MIT
+ */
+#if defined(KRB5_KEYUSAGE_APP_DATA_ENCRYPT) && !defined(KRB5_KU_OTHER_ENCRYPTED)
+#define KRB5_KU_OTHER_ENCRYPTED KRB5_KEYUSAGE_APP_DATA_ENCRYPT
+#endif
+
typedef struct {
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
krb5_address **addrs;
DATA_BLOB reply_key_blob = data_blob_null;
krb5_context ctx;
krb5_keyblock reply_key;
- krb5_crypto crypto;
+ krb5_enc_data input;
krb5_data plain_data;
DATA_BLOB plain_data_blob = data_blob_null;
reply_key_blob.data, reply_key_blob.length,
&reply_key), 0,
"smb_krb5_keyblock_init_contents");
- torture_assert_int_equal(tctx, krb5_crypto_init(ctx,
- &reply_key, ETYPE_NULL,
- &crypto), 0,
- "krb5_crypto_init");
- torture_assert_int_equal(tctx, krb5_decrypt(ctx, crypto,
+
+ ZERO_STRUCT(input);
+
+ input.ciphertext.data = (char *)r->buffers[1].info->credential_info.encrypted_data.data;
+ input.ciphertext.length = r->buffers[1].info->credential_info.encrypted_data.length;
+ input.enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+
+ plain_data.data = malloc(r->buffers[1].info->credential_info.encrypted_data.length);
+ plain_data.length = r->buffers[1].info->credential_info.encrypted_data.length;
+ torture_assert(tctx, plain_data.data, "malloc failed");
+
+ torture_assert_krb5_error_equal(tctx, krb5_c_decrypt(ctx,
+#ifdef SAMBA4_USES_HEIMDAL
+ reply_key,
+#else
+ &reply_key,
+#endif
KRB5_KU_OTHER_ENCRYPTED,
- r->buffers[1].info->credential_info.encrypted_data.data,
- r->buffers[1].info->credential_info.encrypted_data.length,
+ NULL,
+ &input,
&plain_data), 0,
"krb5_decrypt");
+
torture_assert_int_equal(tctx, plain_data.length, 112, "plain_data.length");
plain_data_blob = data_blob_talloc(tctx, plain_data.data, plain_data.length);
torture_assert_int_equal(tctx, plain_data_blob.length, 112, "plain_data_blob.length");
- krb5_data_free(&plain_data);
- krb5_crypto_destroy(ctx, crypto);
+ kerberos_free_data_contents(ctx, &plain_data);
krb5_free_keyblock_contents(ctx, &reply_key);
krb5_free_context(ctx);
torture_assert_data_blob_equal(tctx,