![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mk_safe.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to mk_safe.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 root 1: /*
2: * $Source: /mit/kerberos/src/lib/krb/RCS/mk_safe.c,v $
3: * $Author: jtkohl $
4: *
5: * Copyright 1986, 1987, 1988 by the Massachusetts Institute
6: * of Technology.
7: *
8: * For copying and distribution information, please see the file
9: * <mit-copyright.h>.
10: *
11: * This routine constructs a Kerberos 'safe msg', i.e. authenticated
12: * using a private session key to seed a checksum. Msg is NOT
13: * encrypted.
14: *
15: * Note-- bcopy is used to avoid alignment problems on IBM RT
16: *
17: * Returns either <0 ===> error, or resulting size of message
18: *
19: * Steve Miller Project Athena MIT/DEC
20: */
21:
22: #ifndef lint
23: static char *rcsid_mk_safe_c=
24: "$Header: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $";
25: #endif /* lint */
26:
27: #include <mit-copyright.h>
28:
29: /* system include files */
30: #include <stdio.h>
31: #include <errno.h>
32: #include <sys/types.h>
33: #include <netinet/in.h>
34: #include <sys/time.h>
35:
36: /* application include files */
37: #include <des.h>
38: #include <krb.h>
39: #include <prot.h>
40: #include "lsb_addr_comp.h"
41:
42: extern char *errmsg();
43: extern int errno;
44: extern int krb_debug;
45:
46: /* static storage */
47:
48: static u_long cksum;
49: static C_Block big_cksum[2];
50: static struct timeval msg_time;
51: static u_char msg_time_5ms;
52: static long msg_time_sec;
53:
54: /*
55: * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
56: * user data "in" of "length" bytes and creates a packet in "out"
57: * consisting of the user data, a timestamp, and the sender's network
58: * address, followed by a checksum computed on the above, using the
59: * given "key". The length of the resulting packet is returned.
60: *
61: * The "out" packet consists of:
62: *
63: * Size Variable Field
64: * ---- -------- -----
65: *
66: * 1 byte KRB_PROT_VERSION protocol version number
67: * 1 byte AUTH_MSG_SAFE | message type plus local
68: * HOST_BYTE_ORDER byte order in low bit
69: *
70: * ===================== begin checksum ================================
71: *
72: * 4 bytes length length of user data
73: * length in user data
74: * 1 byte msg_time_5ms timestamp milliseconds
75: * 4 bytes sender->sin.addr.s_addr sender's IP address
76: *
77: * 4 bytes msg_time_sec or timestamp seconds with
78: * -msg_time_sec direction in sign bit
79: *
80: * ======================= end checksum ================================
81: *
82: * 16 bytes big_cksum quadratic checksum of
83: * above using "key"
84: */
85:
86: long krb_mk_safe(in,out,length,key,sender,receiver)
87: u_char *in; /* application data */
88: u_char *out; /*
89: * put msg here, leave room for header!
90: * breaks if in and out (header stuff)
91: * overlap
92: */
93: u_long length; /* of in data */
94: C_Block *key; /* encryption key for seed and ivec */
95: struct sockaddr_in *sender; /* sender address */
96: struct sockaddr_in *receiver; /* receiver address */
97: {
98: register u_char *p,*q;
99:
100: /*
101: * get the current time to use instead of a sequence #, since
102: * process lifetime may be shorter than the lifetime of a session
103: * key.
104: */
105: if (gettimeofday(&msg_time,(struct timezone *)0)) {
106: return -1;
107: }
108: msg_time_sec = (long) msg_time.tv_sec;
109: msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
110:
111: p = out;
112:
113: *p++ = KRB_PROT_VERSION;
114: *p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER;
115:
116: q = p; /* start for checksum stuff */
117: /* stuff input length */
118: bcopy((char *)&length,(char *)p,sizeof(length));
119: p += sizeof(length);
120:
121: /* make all the stuff contiguous for checksum */
122: bcopy((char *)in,(char *)p,(int) length);
123: p += length;
124:
125: /* stuff time 5ms */
126: bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
127: p += sizeof(msg_time_5ms);
128:
129: /* stuff source address */
130: bcopy((char *) &sender->sin_addr.s_addr,(char *)p,
131: sizeof(sender->sin_addr.s_addr));
132: p += sizeof(sender->sin_addr.s_addr);
133:
134: /*
135: * direction bit is the sign bit of the timestamp. Ok until
136: * 2038??
137: */
138: /* For compatibility with broken old code, compares are done in VAX
139: byte order (LSBFIRST) */
140: if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
141: receiver->sin_addr.s_addr)==-1)
142: msg_time_sec = -msg_time_sec;
143: else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
144: receiver->sin_addr.s_addr)==0)
145: if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
146: msg_time_sec = -msg_time_sec;
147: /*
148: * all that for one tiny bit! Heaven help those that talk to
149: * themselves.
150: */
151:
152: /* stuff time sec */
153: bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
154: p += sizeof(msg_time_sec);
155:
156: #ifdef NOENCRYPTION
157: cksum = 0;
158: bzero(big_cksum, sizeof(big_cksum));
159: #else /* Do encryption */
160: /* calculate the checksum of length, timestamps, and input data */
161: cksum = quad_cksum(q,big_cksum,p-q,2,key);
162: #endif /* NOENCRYPTION */
163: if (krb_debug)
164: printf("\ncksum = %u",cksum);
165:
166: /* stuff checksum */
167: bcopy((char *)big_cksum,(char *)p,sizeof(big_cksum));
168: p += sizeof(big_cksum);
169:
170: return ((long)(p - out)); /* resulting size */
171:
172: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.