diff options
Diffstat (limited to 'src/lib/gssapi/krb5/k5seal.c')
| -rw-r--r-- | src/lib/gssapi/krb5/k5seal.c | 59 |
1 files changed, 32 insertions, 27 deletions
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index d1cdce4..99275be 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -78,11 +78,11 @@ make_seal_token_v1 (krb5_context context, * tlen is the length of the token * including header. */ unsigned int conflen=0, tmsglen, tlen, msglen; - unsigned char *t, *ptr; + unsigned char *t, *metadata, *checksum, *payload; unsigned char *plain; unsigned char pad; krb5_keyusage sign_usage = KG_USAGE_SIGN; - + struct k5buf buf; assert((!do_encrypt) || (toktype == KG_TOK_SEAL_MSG)); /* create the token buffer */ @@ -108,31 +108,37 @@ make_seal_token_v1 (krb5_context context, msglen = text->length; pad = 0; } - tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen); - if ((t = (unsigned char *) gssalloc_malloc(tlen)) == NULL) + tlen = g_token_size(oid, 14 + cksum_size + tmsglen); + t = gssalloc_malloc(tlen); + if (t == NULL) return(ENOMEM); + k5_buf_init_fixed(&buf, t, tlen); /*** fill in the token */ - ptr = t; - g_make_token_header(oid, 14+cksum_size+tmsglen, &ptr, toktype); + g_make_token_header(&buf, oid, 14 + cksum_size + tmsglen, toktype); + metadata = k5_buf_get_space(&buf, 14); + checksum = k5_buf_get_space(&buf, cksum_size); + payload = k5_buf_get_space(&buf, tmsglen); + assert(metadata != NULL && checksum != NULL && payload != NULL); + assert(buf.len == tlen); /* 0..1 SIGN_ALG */ - store_16_le(signalg, &ptr[0]); + store_16_le(signalg, &metadata[0]); /* 2..3 SEAL_ALG or Filler */ if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) { - store_16_le(sealalg, &ptr[2]); + store_16_le(sealalg, &metadata[2]); } else { /* No seal */ - ptr[2] = 0xff; - ptr[3] = 0xff; + metadata[2] = 0xFF; + metadata[3] = 0xFF; } /* 4..5 Filler */ - ptr[4] = 0xff; - ptr[5] = 0xff; + metadata[4] = 0xFF; + metadata[5] = 0xFF; /* pad the plaintext, encrypt if needed, and stick it in the token */ @@ -183,8 +189,9 @@ make_seal_token_v1 (krb5_context context, gssalloc_free(t); return(ENOMEM); } - (void) memcpy(data_ptr, ptr-2, 8); - (void) memcpy(data_ptr+8, plain, msglen); + /* Checksum over the token ID, metadata bytes, and plaintext. */ + memcpy(data_ptr, metadata - 2, 8); + memcpy(data_ptr + 8, plain, msglen); plaind.length = 8 + msglen; plaind.data = data_ptr; code = krb5_k_make_checksum(context, md5cksum.checksum_type, seq, @@ -204,10 +211,10 @@ make_seal_token_v1 (krb5_context context, */ if (md5cksum.length != cksum_size) abort (); - memcpy (ptr+14, md5cksum.contents, md5cksum.length); + memcpy(checksum, md5cksum.contents, md5cksum.length); break; case SGN_ALG_HMAC_MD5: - memcpy (ptr+14, md5cksum.contents, cksum_size); + memcpy(checksum, md5cksum.contents, cksum_size); break; } @@ -215,8 +222,9 @@ make_seal_token_v1 (krb5_context context, /* create the seq_num */ - if ((code = kg_make_seq_num(context, seq, direction?0:0xff, - (krb5_ui_4)*seqnum, ptr+14, ptr+6))) { + code = kg_make_seq_num(context, seq, direction?0:0xff, + (krb5_ui_4)*seqnum, checksum, metadata + 6); + if (code) { xfree (plain); gssalloc_free(t); return(code); @@ -240,10 +248,8 @@ make_seal_token_v1 (krb5_context context, assert (enc_key->length == 16); for (i = 0; i <= 15; i++) ((char *) enc_key->contents)[i] ^=0xf0; - code = kg_arcfour_docrypt (enc_key, 0, - bigend_seqnum, 4, - plain, tmsglen, - ptr+14+cksum_size); + code = kg_arcfour_docrypt(enc_key, 0, bigend_seqnum, 4, plain, + tmsglen, payload); krb5_free_keyblock (context, enc_key); if (code) { @@ -254,10 +260,9 @@ make_seal_token_v1 (krb5_context context, } break; default: - if ((code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL, - (krb5_pointer) plain, - (krb5_pointer) (ptr+cksum_size+14), - tmsglen))) { + code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL, plain, + payload, tmsglen); + if (code) { xfree(plain); gssalloc_free(t); return(code); @@ -265,7 +270,7 @@ make_seal_token_v1 (krb5_context context, } }else { if (tmsglen) - memcpy(ptr+14+cksum_size, plain, tmsglen); + memcpy(payload, plain, tmsglen); } xfree(plain); |