aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorKevin Coffman <kwc@citi.umich.edu>2010-03-17 13:02:46 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2010-05-14 15:09:15 -0400
commit725f2865d4df31ac0768b13ae763beadc4bb8ce9 (patch)
tree20b2da47713e7f38a61d37cbb2c95ad52c88609f /include
parent4fc4c3ce0dc1096cbd0daa3fe8f6905cbec2b87e (diff)
gss_krb5: Introduce encryption type framework
Make the client and server code consistent regarding the extra buffer space made available for the auth code when wrapping data. Add some comments/documentation about the available buffer space in the xdr_buf head and tail when gss_wrap is called. Add a compile-time check to make sure we are not exceeding the available buffer space. Add a central function to shift head data. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/sunrpc/gss_krb5.h25
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index e7bbdba474d5..31bb8a538bf1 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -40,6 +40,12 @@
40#include <linux/sunrpc/gss_err.h> 40#include <linux/sunrpc/gss_err.h>
41#include <linux/sunrpc/gss_asn1.h> 41#include <linux/sunrpc/gss_asn1.h>
42 42
43/* Maximum checksum function output for the supported crypto algorithms */
44#define GSS_KRB5_MAX_CKSUM_LEN (20)
45
46/* Maximum blocksize for the supported crypto algorithms */
47#define GSS_KRB5_MAX_BLOCKSIZE (16)
48
43struct krb5_ctx { 49struct krb5_ctx {
44 int initiate; /* 1 = initiating, 0 = accepting */ 50 int initiate; /* 1 = initiating, 0 = accepting */
45 struct crypto_blkcipher *enc; 51 struct crypto_blkcipher *enc;
@@ -113,6 +119,22 @@ enum seal_alg {
113#define ENCTYPE_DES3_CBC_SHA1 0x0010 119#define ENCTYPE_DES3_CBC_SHA1 0x0010
114#define ENCTYPE_UNKNOWN 0x01ff 120#define ENCTYPE_UNKNOWN 0x01ff
115 121
122/*
123 * This compile-time check verifies that we will not exceed the
124 * slack space allotted by the client and server auth_gss code
125 * before they call gss_wrap().
126 */
127#define GSS_KRB5_MAX_SLACK_NEEDED \
128 (GSS_KRB5_TOK_HDR_LEN /* gss token header */ \
129 + GSS_KRB5_MAX_CKSUM_LEN /* gss token checksum */ \
130 + GSS_KRB5_MAX_BLOCKSIZE /* confounder */ \
131 + GSS_KRB5_MAX_BLOCKSIZE /* possible padding */ \
132 + GSS_KRB5_TOK_HDR_LEN /* encrypted hdr in v2 token */\
133 + GSS_KRB5_MAX_CKSUM_LEN /* encryption hmac */ \
134 + 4 + 4 /* RPC verifier */ \
135 + GSS_KRB5_TOK_HDR_LEN \
136 + GSS_KRB5_MAX_CKSUM_LEN)
137
116s32 138s32
117make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body, 139make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body,
118 int body_offset, struct xdr_netobj *cksum); 140 int body_offset, struct xdr_netobj *cksum);
@@ -157,3 +179,6 @@ s32
157krb5_get_seq_num(struct crypto_blkcipher *key, 179krb5_get_seq_num(struct crypto_blkcipher *key,
158 unsigned char *cksum, 180 unsigned char *cksum,
159 unsigned char *buf, int *direction, u32 *seqnum); 181 unsigned char *buf, int *direction, u32 *seqnum);
182
183int
184xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen);