![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mk_priv.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to mk_priv.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 root 1: /*
2: * $Source: /mit/kerberos/src/lib/krb/RCS/mk_priv.c,v $
3: * $Author: jtkohl $
4: *
5: * Copyright 1986, 1987, 1988 by the Massachusetts Institute
6: * of Technology.
7: *
8: * For copying and distribution information, please see the file
9: * <mit-copyright.h>.
10: *
11: * This routine constructs a Kerberos 'private msg', i.e.
12: * cryptographically sealed with a private session key.
13: *
14: * Note-- bcopy is used to avoid alignment problems on IBM RT.
15: *
16: * Note-- It's too bad that it did a long int compare on the RT before.
17: *
18: * Returns either < 0 ===> error, or resulting size of message
19: *
20: * Steve Miller Project Athena MIT/DEC
21: */
22:
23: #ifndef lint
24: static char *rcsid_mk_priv_c=
25: "$Header: mk_priv.c,v 4.13 89/03/22 14:48:59 jtkohl Exp $";
26: #endif /* lint */
27:
28: #include <mit-copyright.h>
29:
30: /* system include files */
31: #include <stdio.h>
32: #include <errno.h>
33: #include <sys/types.h>
34: #include <netinet/in.h>
35: #include <sys/time.h>
36:
37: /* application include files */
38: #include <des.h>
39: #include <krb.h>
40: #include <prot.h>
41: #include "lsb_addr_comp.h"
42:
43: extern char *errmsg();
44: extern int errno;
45: extern int krb_debug;
46:
47: /* static storage */
48:
49:
50: static u_long c_length;
51: static struct timeval msg_time;
52: static u_char msg_time_5ms;
53: static long msg_time_sec;
54:
55: /*
56: * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes
57: * some user data "in" of "length" bytes and creates a packet in "out"
58: * consisting of the user data, a timestamp, and the sender's network
59: * address.
60: #ifndef NOENCRYTION
61: * The packet is encrypted by pcbc_encrypt(), using the given
62: * "key" and "schedule".
63: #endif
64: * The length of the resulting packet "out" is
65: * returned.
66: *
67: * It is similar to krb_mk_safe() except for the additional key
68: * schedule argument "schedule" and the fact that the data is encrypted
69: * rather than appended with a checksum. Also, the protocol version
70: * number is "private_msg_ver", defined in krb_rd_priv.c, rather than
71: * KRB_PROT_VERSION, defined in "krb.h".
72: *
73: * The "out" packet consists of:
74: *
75: * Size Variable Field
76: * ---- -------- -----
77: *
78: * 1 byte private_msg_ver protocol version number
79: * 1 byte AUTH_MSG_PRIVATE | message type plus local
80: * HOST_BYTE_ORDER byte order in low bit
81: *
82: #ifdef NOENCRYPTION
83: * 4 bytes c_length length of data
84: #else
85: * 4 bytes c_length length of encrypted data
86: *
87: * ===================== begin encrypt ================================
88: #endif
89: *
90: * 4 bytes length length of user data
91: * length in user data
92: * 1 byte msg_time_5ms timestamp milliseconds
93: * 4 bytes sender->sin.addr.s_addr sender's IP address
94: *
95: * 4 bytes msg_time_sec or timestamp seconds with
96: * -msg_time_sec direction in sign bit
97: *
98: * 0<=n<=7 bytes pad to 8 byte multiple zeroes
99: #ifndef NOENCRYPTION
100: * (done by pcbc_encrypt())
101: *
102: * ======================= end encrypt ================================
103: #endif
104: */
105:
106: long krb_mk_priv(in,out,length,schedule,key,sender,receiver)
107: u_char *in; /* application data */
108: u_char *out; /* put msg here, leave room for
109: * header! breaks if in and out
110: * (header stuff) overlap */
111: u_long length; /* of in data */
112: Key_schedule schedule; /* precomputed key schedule */
113: C_Block key; /* encryption key for seed and ivec */
114: struct sockaddr_in *sender; /* sender address */
115: struct sockaddr_in *receiver; /* receiver address */
116: {
117: register u_char *p,*q;
118: static u_char *c_length_ptr;
119: extern int private_msg_ver; /* in krb_rd_priv.c */
120:
121: /*
122: * get the current time to use instead of a sequence #, since
123: * process lifetime may be shorter than the lifetime of a session
124: * key.
125: */
126: if (gettimeofday(&msg_time,(struct timezone *)0)) {
127: return -1;
128: }
129: msg_time_sec = (long) msg_time.tv_sec;
130: msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
131:
132: p = out;
133:
134: *p++ = private_msg_ver;
135: *p++ = AUTH_MSG_PRIVATE | HOST_BYTE_ORDER;
136:
137: /* calculate cipher length */
138: c_length_ptr = p;
139: p += sizeof(c_length);
140:
141: #ifndef NOENCRYPTION
142: /* start for encrypted stuff */
143: #endif
144: q = p;
145:
146: /* stuff input length */
147: bcopy((char *)&length,(char *)p,sizeof(length));
148: p += sizeof(length);
149:
150: #ifdef NOENCRYPTION
151: /* make all the stuff contiguous for checksum */
152: #else
153: /* make all the stuff contiguous for checksum and encryption */
154: #endif
155: bcopy((char *)in,(char *)p,(int) length);
156: p += length;
157:
158: /* stuff time 5ms */
159: bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
160: p += sizeof(msg_time_5ms);
161:
162: /* stuff source address */
163: bcopy((char *)&sender->sin_addr.s_addr,(char *)p,
164: sizeof(sender->sin_addr.s_addr));
165: p += sizeof(sender->sin_addr.s_addr);
166:
167: /*
168: * direction bit is the sign bit of the timestamp. Ok
169: * until 2038??
170: */
171: /* For compatibility with broken old code, compares are done in VAX
172: byte order (LSBFIRST) */
173: if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
174: receiver->sin_addr.s_addr)==-1)
175: msg_time_sec = -msg_time_sec;
176: else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
177: receiver->sin_addr.s_addr)==0)
178: if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
179: msg_time_sec = -msg_time_sec;
180: /* stuff time sec */
181: bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
182: p += sizeof(msg_time_sec);
183:
184: /*
185: * All that for one tiny bit! Heaven help those that talk to
186: * themselves.
187: */
188:
189: #ifdef notdef
190: /*
191: * calculate the checksum of the length, address, sequence, and
192: * inp data
193: */
194: cksum = quad_cksum(q,NULL,p-q,0,key);
195: if (krb_debug)
196: printf("\ncksum = %u",cksum);
197: /* stuff checksum */
198: bcopy((char *) &cksum,(char *) p,sizeof(cksum));
199: p += sizeof(cksum);
200: #endif
201:
202: #ifdef NOENCRYPTION
203: /*
204: * All the data have been assembled, compute length
205: */
206: #else
207: /*
208: * All the data have been assembled, compute length and encrypt
209: * starting with the length, data, and timestamps use the key as
210: * an ivec.
211: */
212: #endif
213:
214: c_length = p - q;
215: c_length = ((c_length + sizeof(C_Block) -1)/sizeof(C_Block)) *
216: sizeof(C_Block);
217: /* stuff the length */
218: bcopy((char *) &c_length,(char *)c_length_ptr,sizeof(c_length));
219:
220: #ifndef NOENCRYPTION
221: /* pcbc encrypt, pad as needed, use key as ivec */
222: pcbc_encrypt((C_Block *) q,(C_Block *) q, (long) (p-q), schedule,
223: key, ENCRYPT);
224: #endif /* NOENCRYPTION */
225:
226: return (q - out + c_length); /* resulting size */
227: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.