Commit 71aaeb7f authored by Trond Myklebust's avatar Trond Myklebust

RPCSEC_GSS: Make a couple functions in the krb5 code more

    generally useful. This will help prepare for the spkm3
    and lipkey mechanisms.

Patch by Bruce Fields
parent 2d6e6e14
...@@ -81,5 +81,4 @@ int g_token_size( ...@@ -81,5 +81,4 @@ int g_token_size(
void g_make_token_header( void g_make_token_header(
struct xdr_netobj *mech, struct xdr_netobj *mech,
int body_size, int body_size,
unsigned char **buf, unsigned char **buf);
int tok_type);
...@@ -115,7 +115,7 @@ enum seal_alg { ...@@ -115,7 +115,7 @@ enum seal_alg {
#define ENCTYPE_UNKNOWN 0x01ff #define ENCTYPE_UNKNOWN 0x01ff
s32 s32
krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body, make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
struct xdr_netobj *cksum); struct xdr_netobj *cksum);
u32 u32
......
...@@ -5,10 +5,10 @@ ...@@ -5,10 +5,10 @@
obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o obj-$(CONFIG_SUNRPC_GSS) += auth_rpcgss.o
auth_rpcgss-objs := auth_gss.o gss_pseudoflavors.o gss_generic_token.o \ auth_rpcgss-objs := auth_gss.o gss_pseudoflavors.o gss_generic_token.o \
sunrpcgss_syms.o gss_mech_switch.o svcauth_gss.o sunrpcgss_syms.o gss_mech_switch.o svcauth_gss.o gss_krb5_crypto.o
obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o
rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \ rpcsec_gss_krb5-objs := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \
gss_krb5_crypto.o gss_krb5_seqnum.o gss_krb5_seqnum.o
...@@ -155,16 +155,13 @@ g_token_size(struct xdr_netobj *mech, unsigned int body_size) ...@@ -155,16 +155,13 @@ g_token_size(struct xdr_netobj *mech, unsigned int body_size)
be the right size. buf is advanced past the token header */ be the right size. buf is advanced past the token header */
void void
g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf, g_make_token_header(struct xdr_netobj *mech, int body_size, unsigned char **buf)
int tok_type)
{ {
*(*buf)++ = 0x60; *(*buf)++ = 0x60;
der_write_length(buf, 4 + mech->len + body_size); der_write_length(buf, 4 + mech->len + body_size);
*(*buf)++ = 0x06; *(*buf)++ = 0x06;
*(*buf)++ = (unsigned char) mech->len; *(*buf)++ = (unsigned char) mech->len;
TWRITE_STR(*buf, mech->data, ((int) mech->len)); TWRITE_STR(*buf, mech->data, ((int) mech->len));
*(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
*(*buf)++ = (unsigned char) (tok_type&0xff);
} }
/* /*
...@@ -221,9 +218,6 @@ g_verify_token_header(struct xdr_netobj *mech, int *body_size, ...@@ -221,9 +218,6 @@ g_verify_token_header(struct xdr_netobj *mech, int *body_size,
if (ret) if (ret)
return(ret); return(ret);
if ((*buf++ != ((tok_type>>8)&0xff)) || (*buf++ != (tok_type&0xff)))
return(G_WRONG_TOKID);
if (!ret) { if (!ret) {
*buf_in = buf; *buf_in = buf;
*body_size = toksize; *body_size = toksize;
......
...@@ -135,10 +135,9 @@ buf_to_sg(struct scatterlist *sg, char *ptr, int len) { ...@@ -135,10 +135,9 @@ buf_to_sg(struct scatterlist *sg, char *ptr, int len) {
sg->length = len; sg->length = len;
} }
/* checksum the plaintext data and the first 8 bytes of the krb5 token header, /* checksum the plaintext data and hdrlen bytes of the token header */
* as specified by the rfc: */
s32 s32
krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body, make_checksum(s32 cksumtype, char *header, int hdrlen, struct xdr_buf *body,
struct xdr_netobj *cksum) struct xdr_netobj *cksum)
{ {
char *cksumname; char *cksumname;
...@@ -164,7 +163,7 @@ krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body, ...@@ -164,7 +163,7 @@ krb5_make_checksum(s32 cksumtype, char *header, struct xdr_buf *body,
goto out; goto out;
crypto_digest_init(tfm); crypto_digest_init(tfm);
buf_to_sg(sg, header, 8); buf_to_sg(sg, header, hdrlen);
crypto_digest_update(tfm, sg, 1); crypto_digest_update(tfm, sg, 1);
if (body->head[0].iov_len) { if (body->head[0].iov_len) {
buf_to_sg(sg, body->head[0].iov_base, body->head[0].iov_len); buf_to_sg(sg, body->head[0].iov_base, body->head[0].iov_len);
......
...@@ -122,7 +122,10 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req, ...@@ -122,7 +122,10 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
token->len = g_token_size(&ctx->mech_used, 22 + tmsglen); token->len = g_token_size(&ctx->mech_used, 22 + tmsglen);
ptr = token->data; ptr = token->data;
g_make_token_header(&ctx->mech_used, 22 + tmsglen, &ptr, toktype); g_make_token_header(&ctx->mech_used, 22 + tmsglen, &ptr);
*ptr++ = (unsigned char) ((toktype>>8)&0xff);
*ptr++ = (unsigned char) (toktype&0xff);
/* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
krb5_hdr = ptr - 2; krb5_hdr = ptr - 2;
...@@ -137,7 +140,7 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req, ...@@ -137,7 +140,7 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
/* XXX removing support for now */ /* XXX removing support for now */
goto out_err; goto out_err;
} else { /* Sign only. */ } else { /* Sign only. */
if (krb5_make_checksum(checksum_type, krb5_hdr, text, if (make_checksum(checksum_type, krb5_hdr, 8, text,
&md5cksum)) &md5cksum))
goto out_err; goto out_err;
} }
......
...@@ -99,6 +99,10 @@ krb5_read_token(struct krb5_ctx *ctx, ...@@ -99,6 +99,10 @@ krb5_read_token(struct krb5_ctx *ctx,
if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr, toktype, if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr, toktype,
read_token->len)) read_token->len))
goto out; goto out;
if ((*ptr++ != ((toktype>>8)&0xff)) || (*ptr++ != (toktype&0xff)))
goto out;
/* XXX sanity-check bodysize?? */ /* XXX sanity-check bodysize?? */
if (toktype == KG_TOK_WRAP_MSG) { if (toktype == KG_TOK_WRAP_MSG) {
...@@ -149,7 +153,7 @@ krb5_read_token(struct krb5_ctx *ctx, ...@@ -149,7 +153,7 @@ krb5_read_token(struct krb5_ctx *ctx,
switch (signalg) { switch (signalg) {
case SGN_ALG_DES_MAC_MD5: case SGN_ALG_DES_MAC_MD5:
ret = krb5_make_checksum(checksum_type, ptr - 2, ret = make_checksum(checksum_type, ptr - 2, 8,
message_buffer, &md5cksum); message_buffer, &md5cksum);
if (ret) if (ret)
goto out; goto out;
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include <linux/sunrpc/auth_gss.h> #include <linux/sunrpc/auth_gss.h>
#include <linux/sunrpc/svcauth_gss.h> #include <linux/sunrpc/svcauth_gss.h>
#include <linux/sunrpc/gss_asn1.h> #include <linux/sunrpc/gss_asn1.h>
#include <linux/sunrpc/gss_krb5.h>
/* sec_triples: */ /* sec_triples: */
EXPORT_SYMBOL(gss_register_triple); EXPORT_SYMBOL(gss_register_triple);
...@@ -30,6 +31,9 @@ EXPORT_SYMBOL(gss_mech_put); ...@@ -30,6 +31,9 @@ EXPORT_SYMBOL(gss_mech_put);
EXPORT_SYMBOL(g_make_token_header); EXPORT_SYMBOL(g_make_token_header);
EXPORT_SYMBOL(g_verify_token_header); EXPORT_SYMBOL(g_verify_token_header);
EXPORT_SYMBOL(g_token_size); EXPORT_SYMBOL(g_token_size);
EXPORT_SYMBOL(make_checksum);
EXPORT_SYMBOL(krb5_encrypt);
EXPORT_SYMBOL(krb5_decrypt);
/* debug */ /* debug */
EXPORT_SYMBOL(print_hexl); EXPORT_SYMBOL(print_hexl);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment