diff options
Diffstat (limited to 'src/lib/krb4/mk_safe.c')
-rw-r--r-- | src/lib/krb4/mk_safe.c | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/src/lib/krb4/mk_safe.c b/src/lib/krb4/mk_safe.c new file mode 100644 index 0000000000..c3ed94d323 --- /dev/null +++ b/src/lib/krb4/mk_safe.c @@ -0,0 +1,154 @@ +/* + * mk_safe.c + * + * Copyright 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This routine constructs a Kerberos 'safe msg', i.e. authenticated + * using a private session key to seed a checksum. Msg is NOT + * encrypted. + * + * Returns either <0 ===> error, or resulting size of message + * + * Steve Miller Project Athena MIT/DEC + */ + +#include "mit-copyright.h" +#include <stdio.h> +#include <string.h> + +#define DEFINE_SOCKADDR /* Ask for sockets declarations from krb.h. */ +#include "krb.h" +#include "des.h" +#include "prot.h" +#include "lsb_addr_cmp.h" + +extern int krb_debug; + +/* + * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some + * user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address, followed by a checksum computed on the above, using the + * given "key". The length of the resulting packet is returned. + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_SAFE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * ===================== begin checksum ================================ + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * ======================= end checksum ================================ + * + * 16 bytes big_cksum quadratic checksum of + * above using "key" + */ + +long INTERFACE +krb_mk_safe(in,out,length,key,sender,receiver) + u_char *in; /* application data */ + u_char *out; /* + * put msg here, leave room for header! + * breaks if in and out (header stuff) + * overlap + */ + unsigned KRB4_32 length; /* of in data */ + C_Block *key; /* encryption key for seed and ivec */ + struct sockaddr_in *sender; /* sender address */ + struct sockaddr_in *receiver; /* receiver address */ +{ + register u_char *p,*q; + + unsigned KRB4_32 cksum; + unsigned KRB4_32 big_cksum[4]; + unsigned KRB4_32 msg_secs; + unsigned KRB4_32 msg_usecs; + u_char msg_time_5ms; + KRB4_32 msg_time_sec; + + /* + * get the current time to use instead of a sequence #, since + * process lifetime may be shorter than the lifetime of a session + * key. + */ + + msg_secs = TIME_GMT_UNIXSEC_US(&msg_usecs); + msg_time_sec = msg_secs; + msg_time_5ms = msg_usecs/5000; /* 5ms quanta */ + + p = out; + + *p++ = KRB_PROT_VERSION; + *p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER; + + q = p; /* start for checksum stuff */ + /* stuff input length */ + memcpy((char *)p, (char *)&length, sizeof(length)); + p += sizeof(length); + + /* make all the stuff contiguous for checksum */ + memcpy((char *)p, (char *)in, (int) length); + p += length; + + /* stuff time 5ms */ + memcpy((char *)p, (char *)&msg_time_5ms, sizeof(msg_time_5ms)); + p += sizeof(msg_time_5ms); + + /* stuff source address */ + memcpy((char *)p, (char *) &sender->sin_addr.s_addr, + sizeof(sender->sin_addr.s_addr)); + p += sizeof(sender->sin_addr.s_addr); + + /* + * direction bit is the sign bit of the timestamp. Ok until + * 2038?? + */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ + receiver->sin_addr.s_addr)==-1) + msg_time_sec = -msg_time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) + if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) + msg_time_sec = -msg_time_sec; + /* + * all that for one tiny bit! Heaven help those that talk to + * themselves. + */ + + /* stuff time sec */ + memcpy((char *)p, (char *)&msg_time_sec, sizeof(msg_time_sec)); + p += sizeof(msg_time_sec); + +#ifdef NOENCRYPTION + cksum = 0; + memset((char*) big_cksum, 0, sizeof(big_cksum)); +#else /* Do encryption */ + /* calculate the checksum of length, timestamps, and input data */ + cksum = quad_cksum(q,big_cksum,p-q,2,(C_Block*) key); +#endif /* NOENCRYPTION */ + DEB (("\ncksum = %u",cksum)); + + /* stuff checksum */ + memcpy((char *)p, (char *)big_cksum, sizeof(big_cksum)); + p += sizeof(big_cksum); + + return ((long)(p - out)); /* resulting size */ +} |