linux/net/sunrpc/auth_gss/gss_krb5_seqnum.c

/*
 *  linux/net/sunrpc/gss_krb5_seqnum.c
 *
 *  Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/util_seqnum.c
 *
 *  Copyright (c) 2000 The Regents of the University of Michigan.
 *  All rights reserved.
 *
 *  Andy Adamson   <andros@umich.edu>
 */

/*
 * Copyright 1993 by OpenVision Technologies, Inc.
 *
 * Permission to use, copy, modify, distribute, and sell this software
 * and its documentation for any purpose is hereby granted without fee,
 * provided that the above copyright notice appears in all copies and
 * that both that copyright notice and this permission notice appear in
 * supporting documentation, and that the name of OpenVision not be used
 * in advertising or publicity pertaining to distribution of the software
 * without specific, written prior permission. OpenVision makes no
 * representations about the suitability of this software for any
 * purpose.  It is provided "as is" without express or implied warranty.
 *
 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

#include <linux/types.h>
#include <linux/sunrpc/gss_krb5.h>
#include <linux/crypto.h>

#ifdef RPC_DEBUG
# define RPCDBG_FACILITY        RPCDBG_AUTH
#endif

static s32
krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
		      unsigned char *cksum, unsigned char *buf)
{
	struct crypto_blkcipher *cipher;
	unsigned char plain[8];
	s32 code;

	dprintk("RPC:       %s:\n", __func__);
	cipher = crypto_alloc_blkcipher(kctx->gk5e->encrypt_name, 0,
					CRYPTO_ALG_ASYNC);
	if (IS_ERR(cipher))
		return PTR_ERR(cipher);

	plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
	plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
	plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);
	plain[3] = (unsigned char) ((seqnum >> 0) & 0xff);
	plain[4] = direction;
	plain[5] = direction;
	plain[6] = direction;
	plain[7] = direction;

	code = krb5_rc4_setup_seq_key(kctx, cipher, cksum);
	if (code)
		goto out;

	code = krb5_encrypt(cipher, cksum, plain, buf, 8);
out:
	crypto_free_blkcipher(cipher);
	return code;
}
s32
krb5_make_seq_num(struct krb5_ctx *kctx,
		struct crypto_blkcipher *key,
		int direction,
		u32 seqnum,
		unsigned char *cksum, unsigned char *buf)
{
	unsigned char plain[8];

	if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
		return krb5_make_rc4_seq_num(kctx, direction, seqnum,
					     cksum, buf);

	plain[0] = (unsigned char) (seqnum & 0xff);
	plain[1] = (unsigned char) ((seqnum >> 8) & 0xff);
	plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);
	plain[3] = (unsigned char) ((seqnum >> 24) & 0xff);

	plain[4] = direction;
	plain[5] = direction;
	plain[6] = direction;
	plain[7] = direction;

	return krb5_encrypt(key, cksum, plain, buf, 8);
}

static s32
krb5_get_rc4_seq_num(struct krb5_ctx *kctx, unsigned char *cksum,
		     unsigned char *buf, int *direction, s32 *seqnum)
{
	struct crypto_blkcipher *cipher;
	unsigned char plain[8];
	s32 code;

	dprintk("RPC:       %s:\n", __func__);
	cipher = crypto_alloc_blkcipher(kctx->gk5e->encrypt_name, 0,
					CRYPTO_ALG_ASYNC);
	if (IS_ERR(cipher))
		return PTR_ERR(cipher);

	code = krb5_rc4_setup_seq_key(kctx, cipher, cksum);
	if (code)
		goto out;

	code = krb5_decrypt(cipher, cksum, buf, plain, 8);
	if (code)
		goto out;

	if ((plain[4] != plain[5]) || (plain[4] != plain[6])
				   || (plain[4] != plain[7])) {
		code = (s32)KG_BAD_SEQ;
		goto out;
	}

	*direction = plain[4];

	*seqnum = ((plain[0] << 24) | (plain[1] << 16) |
					(plain[2] << 8) | (plain[3]));
out:
	crypto_free_blkcipher(cipher);
	return code;
}

s32
krb5_get_seq_num(struct krb5_ctx *kctx,
	       unsigned char *cksum,
	       unsigned char *buf,
	       int *direction, u32 *seqnum)
{
	s32 code;
	unsigned char plain[8];
	struct crypto_blkcipher *key = kctx->seq;

	dprintk("RPC:       krb5_get_seq_num:\n");

	if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
		return krb5_get_rc4_seq_num(kctx, cksum, buf,
					    direction, seqnum);

	if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
		return code;

	if ((plain[4] != plain[5]) || (plain[4] != plain[6]) ||
	    (plain[4] != plain[7]))
		return (s32)KG_BAD_SEQ;

	*direction = plain[4];

	*seqnum = ((plain[0]) |
		   (plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24));

	return 0;
}
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`/*`
			`* linux/net/sunrpc/gss_krb5_seqnum.c`
			`*`
			`* Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/util_seqnum.c`
			`*`
			`* Copyright (c) 2000 The Regents of the University of Michigan.`
			`* All rights reserved.`
			`*`
			`* Andy Adamson <andros@umich.edu>`
			`*/`

			`/*`
			`* Copyright 1993 by OpenVision Technologies, Inc.`
[NET] SUNRPC: Fix whitespace errors. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-02-09 15:38:13 -08:00			`*`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`* Permission to use, copy, modify, distribute, and sell this software`
			`* and its documentation for any purpose is hereby granted without fee,`
			`* provided that the above copyright notice appears in all copies and`
			`* that both that copyright notice and this permission notice appear in`
			`* supporting documentation, and that the name of OpenVision not be used`
			`* in advertising or publicity pertaining to distribution of the software`
			`* without specific, written prior permission. OpenVision makes no`
			`* representations about the suitability of this software for any`
			`* purpose. It is provided "as is" without express or implied warranty.`
[NET] SUNRPC: Fix whitespace errors. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-02-09 15:38:13 -08:00			`*`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,`
			`* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO`
			`* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR`
			`* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF`
			`* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR`
			`* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR`
			`* PERFORMANCE OF THIS SOFTWARE.`
			`*/`

			`#include <linux/types.h>`
			`#include <linux/sunrpc/gss_krb5.h>`
			`#include <linux/crypto.h>`

			`#ifdef RPC_DEBUG`
			`# define RPCDBG_FACILITY RPCDBG_AUTH`
			`#endif`

gss_krb5: Add support for rc4-hmac encryption Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:06 -04:00			`static s32`
			`krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,`
			`unsigned char cksum, unsigned char buf)`
			`{`
			`struct crypto_blkcipher *cipher;`
			`unsigned char plain[8];`
			`s32 code;`

			`dprintk("RPC: %s:\n", __func__);`
			`cipher = crypto_alloc_blkcipher(kctx->gk5e->encrypt_name, 0,`
			`CRYPTO_ALG_ASYNC);`
			`if (IS_ERR(cipher))`
			`return PTR_ERR(cipher);`

			`plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);`
			`plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);`
			`plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);`
			`plain[3] = (unsigned char) ((seqnum >> 0) & 0xff);`
			`plain[4] = direction;`
			`plain[5] = direction;`
			`plain[6] = direction;`
			`plain[7] = direction;`

			`code = krb5_rc4_setup_seq_key(kctx, cipher, cksum);`
			`if (code)`
			`goto out;`

			`code = krb5_encrypt(cipher, cksum, plain, buf, 8);`
			`out:`
			`crypto_free_blkcipher(cipher);`
			`return code;`
			`}`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`s32`
gssd_krb5: More arcfour-hmac support For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:04 -04:00			`krb5_make_seq_num(struct krb5_ctx *kctx,`
			`struct crypto_blkcipher *key,`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`int direction,`
gss_krb5: consistently use unsigned for seqnum Consistently use unsigned (u32 vs. s32) for seqnum. In get_mic function, send the local copy of seq_send, rather than the context version. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> 2008-03-31 10:31:33 -04:00			`u32 seqnum,`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`unsigned char cksum, unsigned char buf)`
			`{`
			`unsigned char plain[8];`

gss_krb5: Add support for rc4-hmac encryption Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:06 -04:00			`if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)`
			`return krb5_make_rc4_seq_num(kctx, direction, seqnum,`
			`cksum, buf);`

Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`plain[0] = (unsigned char) (seqnum & 0xff);`
			`plain[1] = (unsigned char) ((seqnum >> 8) & 0xff);`
			`plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);`
			`plain[3] = (unsigned char) ((seqnum >> 24) & 0xff);`

			`plain[4] = direction;`
			`plain[5] = direction;`
			`plain[6] = direction;`
			`plain[7] = direction;`

			`return krb5_encrypt(key, cksum, plain, buf, 8);`
			`}`

gss_krb5: Add support for rc4-hmac encryption Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:06 -04:00			`static s32`
			`krb5_get_rc4_seq_num(struct krb5_ctx kctx, unsigned char cksum,`
			`unsigned char buf, int direction, s32 *seqnum)`
			`{`
			`struct crypto_blkcipher *cipher;`
			`unsigned char plain[8];`
			`s32 code;`

			`dprintk("RPC: %s:\n", __func__);`
			`cipher = crypto_alloc_blkcipher(kctx->gk5e->encrypt_name, 0,`
			`CRYPTO_ALG_ASYNC);`
			`if (IS_ERR(cipher))`
			`return PTR_ERR(cipher);`

			`code = krb5_rc4_setup_seq_key(kctx, cipher, cksum);`
			`if (code)`
			`goto out;`

			`code = krb5_decrypt(cipher, cksum, buf, plain, 8);`
			`if (code)`
			`goto out;`

			`if ((plain[4] != plain[5]) \|\| (plain[4] != plain[6])`
			`\|\| (plain[4] != plain[7])) {`
			`code = (s32)KG_BAD_SEQ;`
			`goto out;`
			`}`

			`*direction = plain[4];`

			`*seqnum = ((plain[0] << 24) \| (plain[1] << 16) \|`
			`(plain[2] << 8) \| (plain[3]));`
			`out:`
			`crypto_free_blkcipher(cipher);`
			`return code;`
			`}`

Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`s32`
gssd_krb5: More arcfour-hmac support For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:04 -04:00			`krb5_get_seq_num(struct krb5_ctx *kctx,`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`unsigned char *cksum,`
			`unsigned char *buf,`
gss_krb5: consistently use unsigned for seqnum Consistently use unsigned (u32 vs. s32) for seqnum. In get_mic function, send the local copy of seq_send, rather than the context version. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> 2008-03-31 10:31:33 -04:00			`int direction, u32 seqnum)`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`{`
			`s32 code;`
			`unsigned char plain[8];`
gssd_krb5: More arcfour-hmac support For the arcfour-hmac support, the make_seq_num and get_seq_num functions need access to the kerberos context structure. This will be used in a later patch. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:04 -04:00			`struct crypto_blkcipher *key = kctx->seq;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00
SUNRPC: fix print format for tk_pid in auth_gss support The tk_pid field is an unsigned short. The proper print format specifier for that type is %5u, not %4d. Also clean up some miscellaneous print formatting nits. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2007-01-31 12:14:05 -05:00			`dprintk("RPC: krb5_get_seq_num:\n");`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00
gss_krb5: Add support for rc4-hmac encryption Add necessary changes to add kernel support for the rc4-hmac Kerberos encryption type used by Microsoft and described in rfc4757. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> 2010-03-17 13:03:06 -04:00			`if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)`
			`return krb5_get_rc4_seq_num(kctx, cksum, buf,`
			`direction, seqnum);`

Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))`
			`return code;`

net: Move && and \|\| to end of previous line Not including net/atm/ Compiled tested x86 allyesconfig only Added a > 80 column line or two, which I ignored. Existing checkpatch plaints willfully, cheerfully ignored. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2009-11-29 16:55:45 -08:00			`if ((plain[4] != plain[5]) \|\| (plain[4] != plain[6]) \|\|`
			`(plain[4] != plain[7]))`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`return (s32)KG_BAD_SEQ;`

			`*direction = plain[4];`

			`*seqnum = ((plain[0]) \|`
			`(plain[1] << 8) \| (plain[2] << 16) \| (plain[3] << 24));`

net: return operator cleanup Change "return (EXPR);" to "return EXPR;" return is not a function, parentheses are not required. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2010-09-22 20:43:57 +00:00			`return 0;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-16 15:20:36 -07:00			`}`