gss_krb5_seqnum.c 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
  1. /*
  2. * linux/net/sunrpc/gss_krb5_seqnum.c
  3. *
  4. * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/util_seqnum.c
  5. *
  6. * Copyright (c) 2000 The Regents of the University of Michigan.
  7. * All rights reserved.
  8. *
  9. * Andy Adamson <andros@umich.edu>
  10. */
  11. /*
  12. * Copyright 1993 by OpenVision Technologies, Inc.
  13. *
  14. * Permission to use, copy, modify, distribute, and sell this software
  15. * and its documentation for any purpose is hereby granted without fee,
  16. * provided that the above copyright notice appears in all copies and
  17. * that both that copyright notice and this permission notice appear in
  18. * supporting documentation, and that the name of OpenVision not be used
  19. * in advertising or publicity pertaining to distribution of the software
  20. * without specific, written prior permission. OpenVision makes no
  21. * representations about the suitability of this software for any
  22. * purpose. It is provided "as is" without express or implied warranty.
  23. *
  24. * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  25. * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  26. * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  27. * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
  28. * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
  29. * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  30. * PERFORMANCE OF THIS SOFTWARE.
  31. */
  32. #include <crypto/skcipher.h>
  33. #include <linux/types.h>
  34. #include <linux/sunrpc/gss_krb5.h>
  35. #if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
  36. # define RPCDBG_FACILITY RPCDBG_AUTH
  37. #endif
  38. static s32
  39. krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
  40. unsigned char *cksum, unsigned char *buf)
  41. {
  42. struct crypto_skcipher *cipher;
  43. unsigned char plain[8];
  44. s32 code;
  45. dprintk("RPC: %s:\n", __func__);
  46. cipher = crypto_alloc_skcipher(kctx->gk5e->encrypt_name, 0,
  47. CRYPTO_ALG_ASYNC);
  48. if (IS_ERR(cipher))
  49. return PTR_ERR(cipher);
  50. plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
  51. plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
  52. plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);
  53. plain[3] = (unsigned char) ((seqnum >> 0) & 0xff);
  54. plain[4] = direction;
  55. plain[5] = direction;
  56. plain[6] = direction;
  57. plain[7] = direction;
  58. code = krb5_rc4_setup_seq_key(kctx, cipher, cksum);
  59. if (code)
  60. goto out;
  61. code = krb5_encrypt(cipher, cksum, plain, buf, 8);
  62. out:
  63. crypto_free_skcipher(cipher);
  64. return code;
  65. }
  66. s32
  67. krb5_make_seq_num(struct krb5_ctx *kctx,
  68. struct crypto_skcipher *key,
  69. int direction,
  70. u32 seqnum,
  71. unsigned char *cksum, unsigned char *buf)
  72. {
  73. unsigned char plain[8];
  74. if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
  75. return krb5_make_rc4_seq_num(kctx, direction, seqnum,
  76. cksum, buf);
  77. plain[0] = (unsigned char) (seqnum & 0xff);
  78. plain[1] = (unsigned char) ((seqnum >> 8) & 0xff);
  79. plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);
  80. plain[3] = (unsigned char) ((seqnum >> 24) & 0xff);
  81. plain[4] = direction;
  82. plain[5] = direction;
  83. plain[6] = direction;
  84. plain[7] = direction;
  85. return krb5_encrypt(key, cksum, plain, buf, 8);
  86. }
  87. static s32
  88. krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum,
  89. unsigned char *buf, int *direction, s32 *seqnum)
  90. {
  91. struct crypto_skcipher *cipher;
  92. unsigned char plain[8];
  93. s32 code;
  94. dprintk("RPC: %s:\n", __func__);
  95. cipher = crypto_alloc_skcipher(kctx->gk5e->encrypt_name, 0,
  96. CRYPTO_ALG_ASYNC);
  97. if (IS_ERR(cipher))
  98. return PTR_ERR(cipher);
  99. code = krb5_rc4_setup_seq_key(kctx, cipher, cksum);
  100. if (code)
  101. goto out;
  102. code = krb5_decrypt(cipher, cksum, buf, plain, 8);
  103. if (code)
  104. goto out;
  105. if ((plain[4] != plain[5]) || (plain[4] != plain[6])
  106. || (plain[4] != plain[7])) {
  107. code = (s32)KG_BAD_SEQ;
  108. goto out;
  109. }
  110. *direction = plain[4];
  111. *seqnum = ((plain[0] << 24) | (plain[1] << 16) |
  112. (plain[2] << 8) | (plain[3]));
  113. out:
  114. crypto_free_skcipher(cipher);
  115. return code;
  116. }
  117. s32
  118. krb5_get_seq_num(struct krb5_ctx *kctx,
  119. unsigned char *cksum,
  120. unsigned char *buf,
  121. int *direction, u32 *seqnum)
  122. {
  123. s32 code;
  124. unsigned char plain[8];
  125. struct crypto_skcipher *key = kctx->seq;
  126. dprintk("RPC: krb5_get_seq_num:\n");
  127. if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
  128. return krb5_get_rc4_seq_num(kctx, cksum, buf,
  129. direction, seqnum);
  130. if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
  131. return code;
  132. if ((plain[4] != plain[5]) || (plain[4] != plain[6]) ||
  133. (plain[4] != plain[7]))
  134. return (s32)KG_BAD_SEQ;
  135. *direction = plain[4];
  136. *seqnum = ((plain[0]) |
  137. (plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24));
  138. return 0;
  139. }