1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/*
* $Source$
* $Author$
*
* Copyright 1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America is assumed
* to require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Routine to automatically generate a starting sequence number.
* We do this by getting a random key and encrypting something with it,
* then taking the output and slicing it up.
*/
#if !defined(lint) && !defined(SABER)
static char rcsid_gen_seqnum_c[] =
"$Id$";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
#include <krb5/ext-proto.h>
#include <krb5/los-proto.h>
#ifndef MIN
#define MIN(a,b) ((a) < (b) ? (a) : (b))
#endif
krb5_error_code
krb5_generate_seq_number(key, seqno)
const krb5_keyblock *key;
krb5_int32 *seqno;
{
krb5_pointer random_state;
krb5_encrypt_block eblock;
krb5_keyblock *subkey;
krb5_error_code retval;
struct tval {
krb5_int32 seconds;
krb5_int32 microseconds;
} timenow;
krb5_octet *intmp, *outtmp;
int esize;
char *outseqno;
if (!valid_keytype(key->keytype))
return KRB5_PROG_KEYTYPE_NOSUPP;
krb5_use_keytype(&eblock, key->keytype);
if (retval = krb5_init_random_key(&eblock, key, &random_state))
return(retval);
if (retval = krb5_random_key(&eblock, random_state, &subkey)) {
(void) krb5_finish_random_key(&eblock, &random_state);
return retval;
}
/* ignore the error if any, since we've already gotten the key out */
if (retval = krb5_finish_random_key(&eblock, &random_state)) {
krb5_free_keyblock(subkey);
return retval;
}
esize = krb5_encrypt_size(sizeof(timenow), eblock.crypto_entry);
intmp = (krb5_octet *)malloc(esize);
if (!intmp) {
krb5_free_keyblock(subkey);
return ENOMEM;
}
outtmp = (krb5_octet *)malloc(esize);
if (!outtmp) {
xfree(intmp);
krb5_free_keyblock(subkey);
return ENOMEM;
}
if (retval = krb5_process_key(&eblock, subkey)) {
goto cleanup;
}
outseqno = (char *)seqno;
if (retval = krb5_us_timeofday(&timenow.seconds,
&timenow.microseconds)) {
goto cleanup;
}
memcpy((char *)intmp, (char *)&timenow, sizeof(timenow));
while (outseqno < (char *)(seqno+1)) {
memset((char *)intmp, 0, esize);
if (retval = krb5_encrypt((krb5_pointer)intmp,
(krb5_pointer)outtmp,
sizeof(timenow),
&eblock,
0)) {
(void) krb5_finish_key(&eblock);
goto cleanup;
}
memcpy(outseqno, (char *)outtmp, MIN((char *)(seqno+1)-outseqno,
esize));
outseqno += MIN((char *)(seqno+1)-outseqno, esize);
/* chain along */
memcpy((char *)intmp,(char *)outtmp,esize);
}
(void) krb5_finish_key(&eblock);
cleanup:
krb5_free_keyblock(subkey);
xfree(intmp);
xfree(outtmp);
return retval;
}
|
