aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc
diff options
context:
space:
mode:
authorKevin Coffman <kwc@citi.umich.edu>2010-03-17 13:03:03 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2010-05-14 15:09:19 -0400
commitfc263a917afad3bda7b823a6edc803a40e7f6015 (patch)
treec6773866431c48aea2b837f5ba06314ec21369b4 /net/sunrpc
parent8b23707612cffdba694dcd18aa8a018918aa86dc (diff)
gss_krb5: Save the raw session key in the context
This is needed for deriving arcfour-hmac keys "on the fly" using the sequence number or checksu Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_mech.c27
1 files changed, 13 insertions, 14 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 506a2e7d4fad..893fad71e306 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -344,7 +344,7 @@ set_cdata(u8 cdata[GSS_KRB5_K5CLENGTH], u32 usage, u8 seed)
344} 344}
345 345
346static int 346static int
347context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) 347context_derive_keys_des3(struct krb5_ctx *ctx)
348{ 348{
349 struct xdr_netobj c, keyin, keyout; 349 struct xdr_netobj c, keyin, keyout;
350 u8 cdata[GSS_KRB5_K5CLENGTH]; 350 u8 cdata[GSS_KRB5_K5CLENGTH];
@@ -353,18 +353,18 @@ context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen)
353 c.len = GSS_KRB5_K5CLENGTH; 353 c.len = GSS_KRB5_K5CLENGTH;
354 c.data = cdata; 354 c.data = cdata;
355 355
356 keyin.data = rawkey; 356 keyin.data = ctx->Ksess;
357 keyin.len = keylen; 357 keyin.len = ctx->gk5e->keylength;
358 keyout.len = keylen; 358 keyout.len = ctx->gk5e->keylength;
359 359
360 /* seq uses the raw key */ 360 /* seq uses the raw key */
361 ctx->seq = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, 361 ctx->seq = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name,
362 rawkey); 362 ctx->Ksess);
363 if (ctx->seq == NULL) 363 if (ctx->seq == NULL)
364 goto out_err; 364 goto out_err;
365 365
366 ctx->enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name, 366 ctx->enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name,
367 rawkey); 367 ctx->Ksess);
368 if (ctx->enc == NULL) 368 if (ctx->enc == NULL)
369 goto out_free_seq; 369 goto out_free_seq;
370 370
@@ -389,7 +389,7 @@ out_err:
389} 389}
390 390
391static int 391static int
392context_derive_keys_new(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) 392context_derive_keys_new(struct krb5_ctx *ctx)
393{ 393{
394 struct xdr_netobj c, keyin, keyout; 394 struct xdr_netobj c, keyin, keyout;
395 u8 cdata[GSS_KRB5_K5CLENGTH]; 395 u8 cdata[GSS_KRB5_K5CLENGTH];
@@ -398,9 +398,9 @@ context_derive_keys_new(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen)
398 c.len = GSS_KRB5_K5CLENGTH; 398 c.len = GSS_KRB5_K5CLENGTH;
399 c.data = cdata; 399 c.data = cdata;
400 400
401 keyin.data = rawkey; 401 keyin.data = ctx->Ksess;
402 keyin.len = keylen; 402 keyin.len = ctx->gk5e->keylength;
403 keyout.len = keylen; 403 keyout.len = ctx->gk5e->keylength;
404 404
405 /* initiator seal encryption */ 405 /* initiator seal encryption */
406 set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION); 406 set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);
@@ -502,7 +502,6 @@ out_err:
502static int 502static int
503gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) 503gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx)
504{ 504{
505 u8 rawkey[GSS_KRB5_MAX_KEYLEN];
506 int keylen; 505 int keylen;
507 506
508 p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags)); 507 p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags));
@@ -538,7 +537,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx)
538 } 537 }
539 keylen = ctx->gk5e->keylength; 538 keylen = ctx->gk5e->keylength;
540 539
541 p = simple_get_bytes(p, end, rawkey, keylen); 540 p = simple_get_bytes(p, end, ctx->Ksess, keylen);
542 if (IS_ERR(p)) 541 if (IS_ERR(p))
543 goto out_err; 542 goto out_err;
544 543
@@ -557,10 +556,10 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx)
557 556
558 switch (ctx->enctype) { 557 switch (ctx->enctype) {
559 case ENCTYPE_DES3_CBC_RAW: 558 case ENCTYPE_DES3_CBC_RAW:
560 return context_derive_keys_des3(ctx, rawkey, keylen); 559 return context_derive_keys_des3(ctx);
561 case ENCTYPE_AES128_CTS_HMAC_SHA1_96: 560 case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
562 case ENCTYPE_AES256_CTS_HMAC_SHA1_96: 561 case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
563 return context_derive_keys_new(ctx, rawkey, keylen); 562 return context_derive_keys_new(ctx);
564 default: 563 default:
565 return -EINVAL; 564 return -EINVAL;
566 } 565 }