![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mk_priv.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to mk_priv.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 ! root 1: /* ! 2: * $Source: /mit/kerberos/src/lib/krb/RCS/mk_priv.c,v $ ! 3: * $Author: jtkohl $ ! 4: * ! 5: * Copyright 1986, 1987, 1988 by the Massachusetts Institute ! 6: * of Technology. ! 7: * ! 8: * For copying and distribution information, please see the file ! 9: * <mit-copyright.h>. ! 10: * ! 11: * This routine constructs a Kerberos 'private msg', i.e. ! 12: * cryptographically sealed with a private session key. ! 13: * ! 14: * Note-- bcopy is used to avoid alignment problems on IBM RT. ! 15: * ! 16: * Note-- It's too bad that it did a long int compare on the RT before. ! 17: * ! 18: * Returns either < 0 ===> error, or resulting size of message ! 19: * ! 20: * Steve Miller Project Athena MIT/DEC ! 21: */ ! 22: ! 23: #ifndef lint ! 24: static char *rcsid_mk_priv_c= ! 25: "$Header: mk_priv.c,v 4.13 89/03/22 14:48:59 jtkohl Exp $"; ! 26: #endif /* lint */ ! 27: ! 28: #include <mit-copyright.h> ! 29: ! 30: /* system include files */ ! 31: #include <stdio.h> ! 32: #include <errno.h> ! 33: #include <sys/types.h> ! 34: #include <netinet/in.h> ! 35: #include <sys/time.h> ! 36: ! 37: /* application include files */ ! 38: #include <des.h> ! 39: #include <krb.h> ! 40: #include <prot.h> ! 41: #include "lsb_addr_comp.h" ! 42: ! 43: extern char *errmsg(); ! 44: extern int errno; ! 45: extern int krb_debug; ! 46: ! 47: /* static storage */ ! 48: ! 49: ! 50: static u_long c_length; ! 51: static struct timeval msg_time; ! 52: static u_char msg_time_5ms; ! 53: static long msg_time_sec; ! 54: ! 55: /* ! 56: * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes ! 57: * some user data "in" of "length" bytes and creates a packet in "out" ! 58: * consisting of the user data, a timestamp, and the sender's network ! 59: * address. ! 60: #ifndef NOENCRYTION ! 61: * The packet is encrypted by pcbc_encrypt(), using the given ! 62: * "key" and "schedule". ! 63: #endif ! 64: * The length of the resulting packet "out" is ! 65: * returned. ! 66: * ! 67: * It is similar to krb_mk_safe() except for the additional key ! 68: * schedule argument "schedule" and the fact that the data is encrypted ! 69: * rather than appended with a checksum. Also, the protocol version ! 70: * number is "private_msg_ver", defined in krb_rd_priv.c, rather than ! 71: * KRB_PROT_VERSION, defined in "krb.h". ! 72: * ! 73: * The "out" packet consists of: ! 74: * ! 75: * Size Variable Field ! 76: * ---- -------- ----- ! 77: * ! 78: * 1 byte private_msg_ver protocol version number ! 79: * 1 byte AUTH_MSG_PRIVATE | message type plus local ! 80: * HOST_BYTE_ORDER byte order in low bit ! 81: * ! 82: #ifdef NOENCRYPTION ! 83: * 4 bytes c_length length of data ! 84: #else ! 85: * 4 bytes c_length length of encrypted data ! 86: * ! 87: * ===================== begin encrypt ================================ ! 88: #endif ! 89: * ! 90: * 4 bytes length length of user data ! 91: * length in user data ! 92: * 1 byte msg_time_5ms timestamp milliseconds ! 93: * 4 bytes sender->sin.addr.s_addr sender's IP address ! 94: * ! 95: * 4 bytes msg_time_sec or timestamp seconds with ! 96: * -msg_time_sec direction in sign bit ! 97: * ! 98: * 0<=n<=7 bytes pad to 8 byte multiple zeroes ! 99: #ifndef NOENCRYPTION ! 100: * (done by pcbc_encrypt()) ! 101: * ! 102: * ======================= end encrypt ================================ ! 103: #endif ! 104: */ ! 105: ! 106: long krb_mk_priv(in,out,length,schedule,key,sender,receiver) ! 107: u_char *in; /* application data */ ! 108: u_char *out; /* put msg here, leave room for ! 109: * header! breaks if in and out ! 110: * (header stuff) overlap */ ! 111: u_long length; /* of in data */ ! 112: Key_schedule schedule; /* precomputed key schedule */ ! 113: C_Block key; /* encryption key for seed and ivec */ ! 114: struct sockaddr_in *sender; /* sender address */ ! 115: struct sockaddr_in *receiver; /* receiver address */ ! 116: { ! 117: register u_char *p,*q; ! 118: static u_char *c_length_ptr; ! 119: extern int private_msg_ver; /* in krb_rd_priv.c */ ! 120: ! 121: /* ! 122: * get the current time to use instead of a sequence #, since ! 123: * process lifetime may be shorter than the lifetime of a session ! 124: * key. ! 125: */ ! 126: if (gettimeofday(&msg_time,(struct timezone *)0)) { ! 127: return -1; ! 128: } ! 129: msg_time_sec = (long) msg_time.tv_sec; ! 130: msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */ ! 131: ! 132: p = out; ! 133: ! 134: *p++ = private_msg_ver; ! 135: *p++ = AUTH_MSG_PRIVATE | HOST_BYTE_ORDER; ! 136: ! 137: /* calculate cipher length */ ! 138: c_length_ptr = p; ! 139: p += sizeof(c_length); ! 140: ! 141: #ifndef NOENCRYPTION ! 142: /* start for encrypted stuff */ ! 143: #endif ! 144: q = p; ! 145: ! 146: /* stuff input length */ ! 147: bcopy((char *)&length,(char *)p,sizeof(length)); ! 148: p += sizeof(length); ! 149: ! 150: #ifdef NOENCRYPTION ! 151: /* make all the stuff contiguous for checksum */ ! 152: #else ! 153: /* make all the stuff contiguous for checksum and encryption */ ! 154: #endif ! 155: bcopy((char *)in,(char *)p,(int) length); ! 156: p += length; ! 157: ! 158: /* stuff time 5ms */ ! 159: bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms)); ! 160: p += sizeof(msg_time_5ms); ! 161: ! 162: /* stuff source address */ ! 163: bcopy((char *)&sender->sin_addr.s_addr,(char *)p, ! 164: sizeof(sender->sin_addr.s_addr)); ! 165: p += sizeof(sender->sin_addr.s_addr); ! 166: ! 167: /* ! 168: * direction bit is the sign bit of the timestamp. Ok ! 169: * until 2038?? ! 170: */ ! 171: /* For compatibility with broken old code, compares are done in VAX ! 172: byte order (LSBFIRST) */ ! 173: if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ ! 174: receiver->sin_addr.s_addr)==-1) ! 175: msg_time_sec = -msg_time_sec; ! 176: else if (lsb_net_ulong_less(sender->sin_addr.s_addr, ! 177: receiver->sin_addr.s_addr)==0) ! 178: if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) ! 179: msg_time_sec = -msg_time_sec; ! 180: /* stuff time sec */ ! 181: bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec)); ! 182: p += sizeof(msg_time_sec); ! 183: ! 184: /* ! 185: * All that for one tiny bit! Heaven help those that talk to ! 186: * themselves. ! 187: */ ! 188: ! 189: #ifdef notdef ! 190: /* ! 191: * calculate the checksum of the length, address, sequence, and ! 192: * inp data ! 193: */ ! 194: cksum = quad_cksum(q,NULL,p-q,0,key); ! 195: if (krb_debug) ! 196: printf("\ncksum = %u",cksum); ! 197: /* stuff checksum */ ! 198: bcopy((char *) &cksum,(char *) p,sizeof(cksum)); ! 199: p += sizeof(cksum); ! 200: #endif ! 201: ! 202: #ifdef NOENCRYPTION ! 203: /* ! 204: * All the data have been assembled, compute length ! 205: */ ! 206: #else ! 207: /* ! 208: * All the data have been assembled, compute length and encrypt ! 209: * starting with the length, data, and timestamps use the key as ! 210: * an ivec. ! 211: */ ! 212: #endif ! 213: ! 214: c_length = p - q; ! 215: c_length = ((c_length + sizeof(C_Block) -1)/sizeof(C_Block)) * ! 216: sizeof(C_Block); ! 217: /* stuff the length */ ! 218: bcopy((char *) &c_length,(char *)c_length_ptr,sizeof(c_length)); ! 219: ! 220: #ifndef NOENCRYPTION ! 221: /* pcbc encrypt, pad as needed, use key as ivec */ ! 222: pcbc_encrypt((C_Block *) q,(C_Block *) q, (long) (p-q), schedule, ! 223: key, ENCRYPT); ! 224: #endif /* NOENCRYPTION */ ! 225: ! 226: return (q - out + c_length); /* resulting size */ ! 227: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.