aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss/gss_krb5_seal.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_seal.c')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c44
1 files changed, 8 insertions, 36 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index afeeb8715a7..13f8ae97945 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -70,22 +70,13 @@
70# define RPCDBG_FACILITY RPCDBG_AUTH 70# define RPCDBG_FACILITY RPCDBG_AUTH
71#endif 71#endif
72 72
73static inline int
74gss_krb5_padding(int blocksize, int length) {
75 /* Most of the code is block-size independent but in practice we
76 * use only 8: */
77 BUG_ON(blocksize != 8);
78 return 8 - (length & 7);
79}
80
81u32 73u32
82krb5_make_token(struct krb5_ctx *ctx, int qop_req, 74gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
83 struct xdr_buf *text, struct xdr_netobj *token, 75 struct xdr_netobj *token)
84 int toktype)
85{ 76{
77 struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
86 s32 checksum_type; 78 s32 checksum_type;
87 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 79 struct xdr_netobj md5cksum = {.len = 0, .data = NULL};
88 int blocksize = 0, tmsglen;
89 unsigned char *ptr, *krb5_hdr, *msg_start; 80 unsigned char *ptr, *krb5_hdr, *msg_start;
90 s32 now; 81 s32 now;
91 82
@@ -93,9 +84,6 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
93 84
94 now = get_seconds(); 85 now = get_seconds();
95 86
96 if (qop_req != 0)
97 goto out_err;
98
99 switch (ctx->signalg) { 87 switch (ctx->signalg) {
100 case SGN_ALG_DES_MAC_MD5: 88 case SGN_ALG_DES_MAC_MD5:
101 checksum_type = CKSUMTYPE_RSA_MD5; 89 checksum_type = CKSUMTYPE_RSA_MD5;
@@ -111,21 +99,13 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
111 goto out_err; 99 goto out_err;
112 } 100 }
113 101
114 if (toktype == KG_TOK_WRAP_MSG) { 102 token->len = g_token_size(&ctx->mech_used, 22);
115 blocksize = crypto_tfm_alg_blocksize(ctx->enc);
116 tmsglen = blocksize + text->len
117 + gss_krb5_padding(blocksize, blocksize + text->len);
118 } else {
119 tmsglen = 0;
120 }
121
122 token->len = g_token_size(&ctx->mech_used, 22 + tmsglen);
123 103
124 ptr = token->data; 104 ptr = token->data;
125 g_make_token_header(&ctx->mech_used, 22 + tmsglen, &ptr); 105 g_make_token_header(&ctx->mech_used, 22, &ptr);
126 106
127 *ptr++ = (unsigned char) ((toktype>>8)&0xff); 107 *ptr++ = (unsigned char) ((KG_TOK_MIC_MSG>>8)&0xff);
128 *ptr++ = (unsigned char) (toktype&0xff); 108 *ptr++ = (unsigned char) (KG_TOK_MIC_MSG&0xff);
129 109
130 /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ 110 /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */
131 krb5_hdr = ptr - 2; 111 krb5_hdr = ptr - 2;
@@ -133,17 +113,9 @@ krb5_make_token(struct krb5_ctx *ctx, int qop_req,
133 113
134 *(u16 *)(krb5_hdr + 2) = htons(ctx->signalg); 114 *(u16 *)(krb5_hdr + 2) = htons(ctx->signalg);
135 memset(krb5_hdr + 4, 0xff, 4); 115 memset(krb5_hdr + 4, 0xff, 4);
136 if (toktype == KG_TOK_WRAP_MSG)
137 *(u16 *)(krb5_hdr + 4) = htons(ctx->sealalg);
138 116
139 if (toktype == KG_TOK_WRAP_MSG) { 117 if (make_checksum(checksum_type, krb5_hdr, 8, text, 0, &md5cksum))
140 /* XXX removing support for now */
141 goto out_err;
142 } else { /* Sign only. */
143 if (make_checksum(checksum_type, krb5_hdr, 8, text,
144 &md5cksum))
145 goto out_err; 118 goto out_err;
146 }
147 119
148 switch (ctx->signalg) { 120 switch (ctx->signalg) {
149 case SGN_ALG_DES_MAC_MD5: 121 case SGN_ALG_DES_MAC_MD5:
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-18 19:32:10 -0400