diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:02:46 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:15 -0400 |
| commit | 725f2865d4df31ac0768b13ae763beadc4bb8ce9 (patch) | |
| tree | 20b2da47713e7f38a61d37cbb2c95ad52c88609f /include/linux/sunrpc | |
| parent | 4fc4c3ce0dc1096cbd0daa3fe8f6905cbec2b87e (diff) | |
gss_krb5: Introduce encryption type framework
Make the client and server code consistent regarding the extra buffer
space made available for the auth code when wrapping data.
Add some comments/documentation about the available buffer space
in the xdr_buf head and tail when gss_wrap is called.
Add a compile-time check to make sure we are not exceeding the available
buffer space.
Add a central function to shift head data.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'include/linux/sunrpc')
| -rw-r--r-- | include/linux/sunrpc/gss_krb5.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index e7bbdba474d5..31bb8a538bf1 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h | |||
| @@ -40,6 +40,12 @@ | |||
| 40 | #include <linux/sunrpc/gss_err.h> | 40 | #include <linux/sunrpc/gss_err.h> |
| 41 | #include <linux/sunrpc/gss_asn1.h> | 41 | #include <linux/sunrpc/gss_asn1.h> |
| 42 | 42 | ||
| 43 | /* Maximum checksum function output for the supported crypto algorithms */ | ||
| 44 | #define GSS_KRB5_MAX_CKSUM_LEN (20) | ||
| 45 | |||
| 46 | /* Maximum blocksize for the supported crypto algorithms */ | ||
| 47 | #define GSS_KRB5_MAX_BLOCKSIZE (16) | ||
| 48 | |||
| 43 | struct krb5_ctx { | 49 | struct krb5_ctx { |
| 44 | int initiate; /* 1 = initiating, 0 = accepting */ | 50 | int initiate; /* 1 = initiating, 0 = accepting */ |
| 45 | struct crypto_blkcipher *enc; | 51 | struct crypto_blkcipher *enc; |
| @@ -113,6 +119,22 @@ enum seal_alg { | |||
| 113 | #define ENCTYPE_DES3_CBC_SHA1 0x0010 | 119 | #define ENCTYPE_DES3_CBC_SHA1 0x0010 |
| 114 | #define ENCTYPE_UNKNOWN 0x01ff | 120 | #define ENCTYPE_UNKNOWN 0x01ff |
| 115 | 121 | ||
| 122 | /* | ||
| 123 | * This compile-time check verifies that we will not exceed the | ||
| 124 | * slack space allotted by the client and server auth_gss code | ||
| 125 | * before they call gss_wrap(). | ||
| 126 | */ | ||
| 127 | #define GSS_KRB5_MAX_SLACK_NEEDED \ | ||
| 128 | (GSS_KRB5_TOK_HDR_LEN /* gss token header */ \ | ||
| 129 | + GSS_KRB5_MAX_CKSUM_LEN /* gss token checksum */ \ | ||
| 130 | + GSS_KRB5_MAX_BLOCKSIZE /* confounder */ \ | ||
| 131 | + GSS_KRB5_MAX_BLOCKSIZE /* possible padding */ \ | ||
| 132 | + GSS_KRB5_TOK_HDR_LEN /* encrypted hdr in v2 token */\ | ||
| 133 | + GSS_KRB5_MAX_CKSUM_LEN /* encryption hmac */ \ | ||
| 134 | + 4 + 4 /* RPC verifier */ \ | ||
| 135 | + GSS_KRB5_TOK_HDR_LEN \ | ||
| 136 | + GSS_KRB5_MAX_CKSUM_LEN) | ||
| 137 | |||
| 116 | s32 | 138 | s32 |
| 117 | make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body, | 139 | make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body, |
| 118 | int body_offset, struct xdr_netobj *cksum); | 140 | int body_offset, struct xdr_netobj *cksum); |
| @@ -157,3 +179,6 @@ s32 | |||
| 157 | krb5_get_seq_num(struct crypto_blkcipher *key, | 179 | krb5_get_seq_num(struct crypto_blkcipher *key, |
| 158 | unsigned char *cksum, | 180 | unsigned char *cksum, |
| 159 | unsigned char *buf, int *direction, u32 *seqnum); | 181 | unsigned char *buf, int *direction, u32 *seqnum); |
| 182 | |||
| 183 | int | ||
| 184 | xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen); | ||