*** empty log message ***

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@462 dc483132-0cff-0310-8789-dd5450dbe970
author: edg <edg@mit.edu> 1990-04-03 17:33:38 +0000
committer: edg <edg@mit.edu> 1990-04-03 17:33:38 +0000
commit: f68a6b52c5aa8dab65138db022001cc014684f27 (patch)
tree: cc555228b446b644c74dc25e24359c173f535364 /src
parent: e6380c6fa93611a04698db29977d5f49cfc38334 (diff)
download: krb5-f68a6b52c5aa8dab65138db022001cc014684f27.tar.gz
krb5-f68a6b52c5aa8dab65138db022001cc014684f27.tar.xz
krb5-f68a6b52c5aa8dab65138db022001cc014684f27.zip
2 files changed, 295 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
new file mode 100644
index 000000000..f2b920e25
--- /dev/null
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -0,0 +1,143 @@
+/*
+ * $Source$
+ * $Author$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/mit-copyright.h>.
+ *
+ * krb5_mk_priv()
+ */
+
+#if !defined(lint) && !defined(SABER)
+static char mk_priv_c[] =
+"$Id$";
+#endif	/* !lint & !SABER */
+
+#include <krb5/copyright.h>
+#include <krb5/krb5.h>
+#include <krb5/krb5_err.h>
+
+#include <errno.h>
+
+#include <krb5/asn1.h>
+#include <stdio.h>
+#include <krb5/libos-proto.h>
+#include <krb5/ext-proto.h>
+
+/*
+ Formats a KRB_PRIV message into outbuf.
+
+ userdata is formatted as the user data in the message.
+ etype specifies the encryption type; key specifies the key for the
+ encryption; sender_addr and recv_addr specify the full addresses (host
+ and port) of the sender and receiver.
+
+ The outbuf buffer storage is allocated, and should be freed by the
+ caller when finished.
+
+ returns system errors
+*/
+krb5_error_code
+krb5_mk_priv(DECLARG(krb5_data *, userdata),
+	     DECLARG(krb5_enctype, etype),
+	     DECLARG(krb5_keyblock *, key),
+	     DECLARG(krb5_fulladdr *, sender_addr),
+	     DECLARG(krb5_fulladdr *, recv_addr),
+	     DECLARG(krb5_data *, outbuf))
+OLDDECLARG(krb5_data *, userdata)
+OLDDECLARG(krb5_enctype, etype)
+OLDDECLARG(krb5_keyblock *, key)
+OLDDECLARG(krb5_fulladdr *, sender_addr)
+OLDDECLARG(krb5_fulladdr *, recv_addr)
+OLDDECLARG(krb5_data *, outbuf)
+{
+    krb5_error_code retval;
+    krb5_encrypt_block eblock;
+    krb5_priv privmsg;
+    krb5_priv_enc_part privmsg_enc_part;
+    krb5_address *addrs[2];
+    krb5_data *scratch;
+
+    if (!valid_etype(etype))
+	return KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
+    privmsg.etype = etype; 
+
+    privmsg_enc_part.user_data = *userdata;
+    privmsg_enc_part.addresses = addrs;
+
+    addrs[0] = sender_addr->address;
+    addrs[1] = 0;
+
+    if (retval = krb5_ms_timeofday(&privmsg_enc_part.timestamp, &privmsg_enc_part.msec))
+	return retval;
+
+    if (krb5_fulladdr_order(sender_addr, recv_addr) > 0)
+	privmsg_enc_part.msec = (privmsg_enc_part.msec & MSEC_VAL_MASK) | MSEC_DIRBIT;
+    else
+	/* this should be a no-op, but just to be sure... */
+	privmsg_enc_part.msec = privmsg_enc_part.msec & MSEC_VAL_MASK;
+
+    /* start by encoding to-be-encrypted part of the message */
+
+    if (retval = encode_krb5_enc_priv_part(&privmsg_enc_part, &scratch))
+	return retval;
+
+#define cleanup_scratch() { (void) bzero(scratch->data, scratch->length); krb5_free_data(scratch); }
+
+    /* put together an eblock for this encryption */
+
+    eblock.crypto_entry = krb5_csarray[etype]->system;
+    privmsg.enc_part.length = krb5_encrypt_size(scratch->length,
+                                                     eblock.crypto_entry);
+    if (!(privmsg.enc_part.data = malloc(privmsg.enc_part.length))) {
+        retval = ENOMEM;
+        goto clean_scratch;
+    }
+
+#define cleanup_encpart() {(void) bzero(privmsg.enc_part.data, privmsg.enc_part.length); free(privmsg.enc_part.data); privmsg.enc_part.length = 0; privmsg.enc_part.data = 0;}
+
+    /* do any necessary key pre-processing */
+    if (retval = (*eblock.crypto_entry->process_key)(&eblock, key)) {
+        goto clean_encpart;
+    }
+
+#define cleanup_prockey() {(void) (*eblock.crypto_entry->finish_key)(&eblock);}
+
+    /* call the encryption routine */
+    if (retval =
+        (*eblock.crypto_entry->encrypt_func)((krb5_pointer) scratch->data,
+                                             (krb5_pointer) privmsg.enc_part.data,
+                                             scratch->length, &eblock)) {
+        goto clean_prockey;
+    }
+
+    /* private message is now assembled-- do some cleanup */
+    cleanup_scratch();
+
+    if (retval = (*eblock.crypto_entry->finish_key)(&eblock)) {
+        cleanup_encpart();
+        return retval;
+    }
+    /* encode private message */
+    if (retval = encode_krb5_priv(&privmsg, &scratch))  {
+        cleanup_encpart();
+	return retval;
+    }
+
+    cleanup_encpart();
+    *outbuf = *scratch;
+    free((char *)scratch);
+    return 0;
+
+ clean_prockey:
+    cleanup_prockey();
+ clean_encpart:
+    cleanup_encpart();
+ clean_scratch:
+    cleanup_scratch();
+
+    return retval;
+}
+
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
new file mode 100644
index 000000000..c0b50eff1
--- /dev/null
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -0,0 +1,152 @@
+/*
+ * $Source$
+ * $Author$
+ *
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/mit-copyright.h>.
+ *
+ * krb5_rd_priv()
+ */
+
+#if !defined(lint) && !defined(SABER)
+static char rd_priv_c[] =
+"$Id$";
+#endif	/* !lint & !SABER */
+
+#include <krb5/copyright.h>
+#include <krb5/krb5.h>
+#include <krb5/krb5_err.h>
+
+#include <errno.h>
+
+#include <krb5/asn1.h>
+#include <stdio.h>
+#include <krb5/libos-proto.h>
+#include <krb5/ext-proto.h>
+
+extern krb5_deltat krb5_clockskew = 100;   /* temporary assingment for debugging */
+#define in_clock_skew(date) (abs((date)-currenttime) < krb5_clockskew)
+
+krb5_error_code
+krb5_rd_priv(DECLARG(krb5_data *, inbuf),
+	     DECLARG(krb5_keyblock *, key),
+	     DECLARG(krb5_fulladdr *, sender_addr),
+	     DECLARG(krb5_fulladdr *, recv_addr),
+	     DECLARG(krb5_data *, outbuf))
+OLDDECLARG(krb5_data *, inbuf)
+OLDDECLARG(krb5_keyblock *, key)
+OLDDECLARG(krb5_fulladdr *, sender_addr)
+OLDDECLARG(krb5_fulladdr *, recv_addr)
+OLDDECLARG(krb5_data *, outbuf)
+{
+    krb5_error_code retval;
+    krb5_encrypt_block eblock;
+    krb5_priv *privmsg;
+    krb5_priv_enc_part *privmsg_enc_part;
+    krb5_data scratch;
+    krb5_timestamp currenttime;
+    krb5_ui_2 computed_direction;
+
+    /* decode private message */
+    if (retval = decode_krb5_priv(inbuf, &privmsg))  {
+	return retval;
+    }
+    
+#define cleanup_privmsg() {(void)xfree(privmsg->enc_part.data); (void)xfree(privmsg);}
+    if (!valid_etype(privmsg->etype)) {
+	cleanup_privmsg();
+	return KRB5KRB_AP_ERR_MODIFIED; /* XXX */
+    }
+			   
+    /* put together an eblock for this decryption */
+
+    eblock.crypto_entry = krb5_csarray[privmsg->etype]->system;
+    scratch.length = privmsg->enc_part.length;
+    
+    if (!(scratch.data = malloc(scratch.length))) {
+	cleanup_privmsg();
+        return ENOMEM;
+    }
+
+#define cleanup_scratch() {(void)bzero(scratch.data, scratch.length); (void)xfree(scratch.data);}
+
+    /* do any necessary key pre-processing */
+    if (retval = (*eblock.crypto_entry->process_key)(&eblock, key)) {
+        cleanup_privmsg();
+	cleanup_scratch();
+	return retval;
+    }
+
+#define cleanup_prockey() {(void) (*eblock.crypto_entry->finish_key)(&eblock);}
+
+    /* call the decryption routine */
+    if (retval =
+        (*eblock.crypto_entry->decrypt_func)((krb5_pointer) privmsg->enc_part.data,
+                                             (krb5_pointer) scratch.data,
+                                             scratch.length, &eblock)) {
+	cleanup_privmsg();
+	cleanup_scratch();
+        cleanup_prockey();
+	return retval;
+    }
+
+    /* private message is now decrypted -- do some cleanup */
+
+    cleanup_privmsg();
+
+    if (retval = (*eblock.crypto_entry->finish_key)(&eblock)) {
+        cleanup_scratch();
+        return retval;
+    }
+
+    /*  now decode the decrypted stuff */
+    if (retval = decode_krb5_enc_priv_part(&scratch, &privmsg_enc_part)) {
+	cleanup_scratch();
+	return retval;
+    }
+    cleanup_scratch();
+
+#define cleanup_data() {(void)bzero(privmsg_enc_part->user_data.data,privmsg_enc_part->user_data.length); (void)xfree(privmsg_enc_part->user_data.data);}
+#define cleanup_mesg() {(void)xfree(privmsg_enc_part);}
+
+    if (sender_addr && !krb5_address_compare(sender_addr->address,
+					  privmsg_enc_part->addresses[0])) {
+	cleanup_data();
+	cleanup_mesg();
+	return KRB5KRB_AP_ERR_BADADDR;
+    }
+
+    if (retval = krb5_timeofday(&currenttime)) {
+	cleanup_data();
+	cleanup_mesg();
+	return retval;
+    }
+    if (!in_clock_skew(privmsg_enc_part->timestamp)) {
+	cleanup_data();
+	cleanup_mesg();  
+	return KRB5KRB_AP_ERR_SKEW;
+    }
+
+    /* 
+     * check with the replay cache should be inserted here !!!! 
+     */
+
+    computed_direction = (krb5_fulladdr_order(sender_addr, recv_addr) > 0) ?
+	                 MSEC_DIRBIT : 0; 
+    /* what if sender_addr == 0 ?????*/
+    if (computed_direction != privmsg_enc_part->msec & MSEC_DIRBIT) {
+	cleanup_data();
+	cleanup_mesg();
+	return KRB5KRB_AP_ERR_REPEAT;
+    }
+
+    /* everything is ok - return data to the user */
+
+    *outbuf = privmsg_enc_part->user_data;
+    cleanup_mesg();
+    return 0;
+
+}
+
author	edg <edg@mit.edu>	1990-04-03 17:33:38 +0000
committer	edg <edg@mit.edu>	1990-04-03 17:33:38 +0000
commit	f68a6b52c5aa8dab65138db022001cc014684f27 (patch)
tree	cc555228b446b644c74dc25e24359c173f535364 /src
parent	e6380c6fa93611a04698db29977d5f49cfc38334 (diff)
download	krb5-f68a6b52c5aa8dab65138db022001cc014684f27.tar.gz krb5-f68a6b52c5aa8dab65138db022001cc014684f27.tar.xz krb5-f68a6b52c5aa8dab65138db022001cc014684f27.zip