diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:03:03 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:19 -0400 |
| commit | fc263a917afad3bda7b823a6edc803a40e7f6015 (patch) | |
| tree | c6773866431c48aea2b837f5ba06314ec21369b4 | |
| parent | 8b23707612cffdba694dcd18aa8a018918aa86dc (diff) | |
gss_krb5: Save the raw session key in the context
This is needed for deriving arcfour-hmac keys "on the fly"
using the sequence number or checksu
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| -rw-r--r-- | include/linux/sunrpc/gss_krb5.h | 1 | ||||
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_mech.c | 27 |
2 files changed, 14 insertions, 14 deletions
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index 633f41f11a40..b0ab827add26 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h | |||
| @@ -101,6 +101,7 @@ struct krb5_ctx { | |||
| 101 | struct crypto_blkcipher *initiator_enc; | 101 | struct crypto_blkcipher *initiator_enc; |
| 102 | struct crypto_blkcipher *acceptor_enc_aux; | 102 | struct crypto_blkcipher *acceptor_enc_aux; |
| 103 | struct crypto_blkcipher *initiator_enc_aux; | 103 | struct crypto_blkcipher *initiator_enc_aux; |
| 104 | u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */ | ||
| 104 | u8 cksum[GSS_KRB5_MAX_KEYLEN]; | 105 | u8 cksum[GSS_KRB5_MAX_KEYLEN]; |
| 105 | s32 endtime; | 106 | s32 endtime; |
| 106 | u32 seq_send; | 107 | u32 seq_send; |
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index 506a2e7d4fad..893fad71e306 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c | |||
| @@ -344,7 +344,7 @@ set_cdata(u8 cdata[GSS_KRB5_K5CLENGTH], u32 usage, u8 seed) | |||
| 344 | } | 344 | } |
| 345 | 345 | ||
| 346 | static int | 346 | static int |
| 347 | context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) | 347 | context_derive_keys_des3(struct krb5_ctx *ctx) |
| 348 | { | 348 | { |
| 349 | struct xdr_netobj c, keyin, keyout; | 349 | struct xdr_netobj c, keyin, keyout; |
| 350 | u8 cdata[GSS_KRB5_K5CLENGTH]; | 350 | u8 cdata[GSS_KRB5_K5CLENGTH]; |
| @@ -353,18 +353,18 @@ context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) | |||
| 353 | c.len = GSS_KRB5_K5CLENGTH; | 353 | c.len = GSS_KRB5_K5CLENGTH; |
| 354 | c.data = cdata; | 354 | c.data = cdata; |
| 355 | 355 | ||
| 356 | keyin.data = rawkey; | 356 | keyin.data = ctx->Ksess; |
| 357 | keyin.len = keylen; | 357 | keyin.len = ctx->gk5e->keylength; |
| 358 | keyout.len = keylen; | 358 | keyout.len = ctx->gk5e->keylength; |
| 359 | 359 | ||
| 360 | /* seq uses the raw key */ | 360 | /* seq uses the raw key */ |
| 361 | ctx->seq = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, | 361 | ctx->seq = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, |
| 362 | rawkey); | 362 | ctx->Ksess); |
| 363 | if (ctx->seq == NULL) | 363 | if (ctx->seq == NULL) |
| 364 | goto out_err; | 364 | goto out_err; |
| 365 | 365 | ||
| 366 | ctx->enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, | 366 | ctx->enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, |
| 367 | rawkey); | 367 | ctx->Ksess); |
| 368 | if (ctx->enc == NULL) | 368 | if (ctx->enc == NULL) |
| 369 | goto out_free_seq; | 369 | goto out_free_seq; |
| 370 | 370 | ||
| @@ -389,7 +389,7 @@ out_err: | |||
| 389 | } | 389 | } |
| 390 | 390 | ||
| 391 | static int | 391 | static int |
| 392 | context_derive_keys_new(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) | 392 | context_derive_keys_new(struct krb5_ctx *ctx) |
| 393 | { | 393 | { |
| 394 | struct xdr_netobj c, keyin, keyout; | 394 | struct xdr_netobj c, keyin, keyout; |
| 395 | u8 cdata[GSS_KRB5_K5CLENGTH]; | 395 | u8 cdata[GSS_KRB5_K5CLENGTH]; |
| @@ -398,9 +398,9 @@ context_derive_keys_new(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) | |||
| 398 | c.len = GSS_KRB5_K5CLENGTH; | 398 | c.len = GSS_KRB5_K5CLENGTH; |
| 399 | c.data = cdata; | 399 | c.data = cdata; |
| 400 | 400 | ||
| 401 | keyin.data = rawkey; | 401 | keyin.data = ctx->Ksess; |
| 402 | keyin.len = keylen; | 402 | keyin.len = ctx->gk5e->keylength; |
| 403 | keyout.len = keylen; | 403 | keyout.len = ctx->gk5e->keylength; |
| 404 | 404 | ||
| 405 | /* initiator seal encryption */ | 405 | /* initiator seal encryption */ |
| 406 | set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION); | 406 | set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION); |
| @@ -502,7 +502,6 @@ out_err: | |||
| 502 | static int | 502 | static int |
| 503 | gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) | 503 | gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) |
| 504 | { | 504 | { |
| 505 | u8 rawkey[GSS_KRB5_MAX_KEYLEN]; | ||
| 506 | int keylen; | 505 | int keylen; |
| 507 | 506 | ||
| 508 | p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags)); | 507 | p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags)); |
| @@ -538,7 +537,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) | |||
| 538 | } | 537 | } |
| 539 | keylen = ctx->gk5e->keylength; | 538 | keylen = ctx->gk5e->keylength; |
| 540 | 539 | ||
| 541 | p = simple_get_bytes(p, end, rawkey, keylen); | 540 | p = simple_get_bytes(p, end, ctx->Ksess, keylen); |
| 542 | if (IS_ERR(p)) | 541 | if (IS_ERR(p)) |
| 543 | goto out_err; | 542 | goto out_err; |
| 544 | 543 | ||
| @@ -557,10 +556,10 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) | |||
| 557 | 556 | ||
| 558 | switch (ctx->enctype) { | 557 | switch (ctx->enctype) { |
| 559 | case ENCTYPE_DES3_CBC_RAW: | 558 | case ENCTYPE_DES3_CBC_RAW: |
| 560 | return context_derive_keys_des3(ctx, rawkey, keylen); | 559 | return context_derive_keys_des3(ctx); |
| 561 | case ENCTYPE_AES128_CTS_HMAC_SHA1_96: | 560 | case ENCTYPE_AES128_CTS_HMAC_SHA1_96: |
| 562 | case ENCTYPE_AES256_CTS_HMAC_SHA1_96: | 561 | case ENCTYPE_AES256_CTS_HMAC_SHA1_96: |
| 563 | return context_derive_keys_new(ctx, rawkey, keylen); | 562 | return context_derive_keys_new(ctx); |
| 564 | default: | 563 | default: |
| 565 | return -EINVAL; | 564 | return -EINVAL; |
| 566 | } | 565 | } |