![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mk_safe.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to mk_safe.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 ! root 1: /* ! 2: * $Source: /mit/kerberos/src/lib/krb/RCS/mk_safe.c,v $ ! 3: * $Author: jtkohl $ ! 4: * ! 5: * Copyright 1986, 1987, 1988 by the Massachusetts Institute ! 6: * of Technology. ! 7: * ! 8: * For copying and distribution information, please see the file ! 9: * <mit-copyright.h>. ! 10: * ! 11: * This routine constructs a Kerberos 'safe msg', i.e. authenticated ! 12: * using a private session key to seed a checksum. Msg is NOT ! 13: * encrypted. ! 14: * ! 15: * Note-- bcopy is used to avoid alignment problems on IBM RT ! 16: * ! 17: * Returns either <0 ===> error, or resulting size of message ! 18: * ! 19: * Steve Miller Project Athena MIT/DEC ! 20: */ ! 21: ! 22: #ifndef lint ! 23: static char *rcsid_mk_safe_c= ! 24: "$Header: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $"; ! 25: #endif /* lint */ ! 26: ! 27: #include <mit-copyright.h> ! 28: ! 29: /* system include files */ ! 30: #include <stdio.h> ! 31: #include <errno.h> ! 32: #include <sys/types.h> ! 33: #include <netinet/in.h> ! 34: #include <sys/time.h> ! 35: ! 36: /* application include files */ ! 37: #include <des.h> ! 38: #include <krb.h> ! 39: #include <prot.h> ! 40: #include "lsb_addr_comp.h" ! 41: ! 42: extern char *errmsg(); ! 43: extern int errno; ! 44: extern int krb_debug; ! 45: ! 46: /* static storage */ ! 47: ! 48: static u_long cksum; ! 49: static C_Block big_cksum[2]; ! 50: static struct timeval msg_time; ! 51: static u_char msg_time_5ms; ! 52: static long msg_time_sec; ! 53: ! 54: /* ! 55: * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some ! 56: * user data "in" of "length" bytes and creates a packet in "out" ! 57: * consisting of the user data, a timestamp, and the sender's network ! 58: * address, followed by a checksum computed on the above, using the ! 59: * given "key". The length of the resulting packet is returned. ! 60: * ! 61: * The "out" packet consists of: ! 62: * ! 63: * Size Variable Field ! 64: * ---- -------- ----- ! 65: * ! 66: * 1 byte KRB_PROT_VERSION protocol version number ! 67: * 1 byte AUTH_MSG_SAFE | message type plus local ! 68: * HOST_BYTE_ORDER byte order in low bit ! 69: * ! 70: * ===================== begin checksum ================================ ! 71: * ! 72: * 4 bytes length length of user data ! 73: * length in user data ! 74: * 1 byte msg_time_5ms timestamp milliseconds ! 75: * 4 bytes sender->sin.addr.s_addr sender's IP address ! 76: * ! 77: * 4 bytes msg_time_sec or timestamp seconds with ! 78: * -msg_time_sec direction in sign bit ! 79: * ! 80: * ======================= end checksum ================================ ! 81: * ! 82: * 16 bytes big_cksum quadratic checksum of ! 83: * above using "key" ! 84: */ ! 85: ! 86: long krb_mk_safe(in,out,length,key,sender,receiver) ! 87: u_char *in; /* application data */ ! 88: u_char *out; /* ! 89: * put msg here, leave room for header! ! 90: * breaks if in and out (header stuff) ! 91: * overlap ! 92: */ ! 93: u_long length; /* of in data */ ! 94: C_Block *key; /* encryption key for seed and ivec */ ! 95: struct sockaddr_in *sender; /* sender address */ ! 96: struct sockaddr_in *receiver; /* receiver address */ ! 97: { ! 98: register u_char *p,*q; ! 99: ! 100: /* ! 101: * get the current time to use instead of a sequence #, since ! 102: * process lifetime may be shorter than the lifetime of a session ! 103: * key. ! 104: */ ! 105: if (gettimeofday(&msg_time,(struct timezone *)0)) { ! 106: return -1; ! 107: } ! 108: msg_time_sec = (long) msg_time.tv_sec; ! 109: msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */ ! 110: ! 111: p = out; ! 112: ! 113: *p++ = KRB_PROT_VERSION; ! 114: *p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER; ! 115: ! 116: q = p; /* start for checksum stuff */ ! 117: /* stuff input length */ ! 118: bcopy((char *)&length,(char *)p,sizeof(length)); ! 119: p += sizeof(length); ! 120: ! 121: /* make all the stuff contiguous for checksum */ ! 122: bcopy((char *)in,(char *)p,(int) length); ! 123: p += length; ! 124: ! 125: /* stuff time 5ms */ ! 126: bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms)); ! 127: p += sizeof(msg_time_5ms); ! 128: ! 129: /* stuff source address */ ! 130: bcopy((char *) &sender->sin_addr.s_addr,(char *)p, ! 131: sizeof(sender->sin_addr.s_addr)); ! 132: p += sizeof(sender->sin_addr.s_addr); ! 133: ! 134: /* ! 135: * direction bit is the sign bit of the timestamp. Ok until ! 136: * 2038?? ! 137: */ ! 138: /* For compatibility with broken old code, compares are done in VAX ! 139: byte order (LSBFIRST) */ ! 140: if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ ! 141: receiver->sin_addr.s_addr)==-1) ! 142: msg_time_sec = -msg_time_sec; ! 143: else if (lsb_net_ulong_less(sender->sin_addr.s_addr, ! 144: receiver->sin_addr.s_addr)==0) ! 145: if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) ! 146: msg_time_sec = -msg_time_sec; ! 147: /* ! 148: * all that for one tiny bit! Heaven help those that talk to ! 149: * themselves. ! 150: */ ! 151: ! 152: /* stuff time sec */ ! 153: bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec)); ! 154: p += sizeof(msg_time_sec); ! 155: ! 156: #ifdef NOENCRYPTION ! 157: cksum = 0; ! 158: bzero(big_cksum, sizeof(big_cksum)); ! 159: #else /* Do encryption */ ! 160: /* calculate the checksum of length, timestamps, and input data */ ! 161: cksum = quad_cksum(q,big_cksum,p-q,2,key); ! 162: #endif /* NOENCRYPTION */ ! 163: if (krb_debug) ! 164: printf("\ncksum = %u",cksum); ! 165: ! 166: /* stuff checksum */ ! 167: bcopy((char *)big_cksum,(char *)p,sizeof(big_cksum)); ! 168: p += sizeof(big_cksum); ! 169: ! 170: return ((long)(p - out)); /* resulting size */ ! 171: ! 172: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.