freebsd-skq/eBones/krb/mk_safe.c
markm a83b802bad Start the eBones cleanup ball rolling.
These are the start of a lot of work to clean up the FreeBSD eBones code.
these changes include, but are not limited to:
- Create prototypes for all the library routines
- Make all the libraries compile clean with -Wall set
- Fix numerous small bugs shown up in the above process
- Prepare the code for libdes's removal to secure/
- add register, registerd and make_keypair to the make
Lots more will follow in days to come.

OK'ed by: rgrimes
1995-08-25 22:52:32 +00:00

163 lines
4.5 KiB
C

/*
* Copyright 1986, 1987, 1988 by the Massachusetts Institute
* of Technology.
* For copying and distribution information, please see the file
* <Copyright.MIT>.
*
* This routine constructs a Kerberos 'safe msg', i.e. authenticated
* using a private session key to seed a checksum. Msg is NOT
* encrypted.
*
* Note-- bcopy is used to avoid alignment problems on IBM RT
*
* Returns either <0 ===> error, or resulting size of message
*
* Steve Miller Project Athena MIT/DEC
*
* from: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $
* $Id: mk_safe.c,v 1.3 1995/07/18 16:39:17 mark Exp $
*/
#if 0
#ifndef lint
static char rcsid[] =
"$Id: mk_safe.c,v 1.3 1995/07/18 16:39:17 mark Exp $";
#endif /* lint */
#endif
/* system include files */
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/time.h>
/* application include files */
#include <des.h>
#include <krb.h>
#include <prot.h>
#include "lsb_addr_comp.h"
extern char *errmsg();
extern int errno;
extern int krb_debug;
/* static storage */
static u_long cksum;
static C_Block big_cksum[2];
static struct timeval msg_time;
static u_char msg_time_5ms;
static long msg_time_sec;
/*
* krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
* user data "in" of "length" bytes and creates a packet in "out"
* consisting of the user data, a timestamp, and the sender's network
* address, followed by a checksum computed on the above, using the
* given "key". The length of the resulting packet is returned.
*
* The "out" packet consists of:
*
* Size Variable Field
* ---- -------- -----
*
* 1 byte KRB_PROT_VERSION protocol version number
* 1 byte AUTH_MSG_SAFE | message type plus local
* HOST_BYTE_ORDER byte order in low bit
*
* ===================== begin checksum ================================
*
* 4 bytes length length of user data
* length in user data
* 1 byte msg_time_5ms timestamp milliseconds
* 4 bytes sender->sin.addr.s_addr sender's IP address
*
* 4 bytes msg_time_sec or timestamp seconds with
* -msg_time_sec direction in sign bit
*
* ======================= end checksum ================================
*
* 16 bytes big_cksum quadratic checksum of
* above using "key"
*/
long krb_mk_safe(u_char *in, u_char *out, u_long length, des_cblock key,
struct sockaddr_in *sender, struct sockaddr_in *receiver)
{
register u_char *p,*q;
/*
* get the current time to use instead of a sequence #, since
* process lifetime may be shorter than the lifetime of a session
* key.
*/
if (gettimeofday(&msg_time,(struct timezone *)0)) {
return -1;
}
msg_time_sec = (long) msg_time.tv_sec;
msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */
p = out;
*p++ = KRB_PROT_VERSION;
*p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER;
q = p; /* start for checksum stuff */
/* stuff input length */
bcopy((char *)&length,(char *)p,sizeof(length));
p += sizeof(length);
/* make all the stuff contiguous for checksum */
bcopy((char *)in,(char *)p,(int) length);
p += length;
/* stuff time 5ms */
bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms));
p += sizeof(msg_time_5ms);
/* stuff source address */
bcopy((char *) &sender->sin_addr.s_addr,(char *)p,
sizeof(sender->sin_addr.s_addr));
p += sizeof(sender->sin_addr.s_addr);
/*
* direction bit is the sign bit of the timestamp. Ok until
* 2038??
*/
/* For compatibility with broken old code, compares are done in VAX
byte order (LSBFIRST) */
if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */
receiver->sin_addr.s_addr)==-1)
msg_time_sec = -msg_time_sec;
else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
receiver->sin_addr.s_addr)==0)
if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1)
msg_time_sec = -msg_time_sec;
/*
* all that for one tiny bit! Heaven help those that talk to
* themselves.
*/
/* stuff time sec */
bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
p += sizeof(msg_time_sec);
#ifdef NOENCRYPTION
cksum = 0;
bzero(big_cksum, sizeof(big_cksum));
#else
cksum=quad_cksum((des_cblock *)q,big_cksum,p-q,2,(des_cblock *)key);
#endif
if (krb_debug)
printf("\ncksum = %lu",cksum);
/* stuff checksum */
bcopy((char *)big_cksum,(char *)p,sizeof(big_cksum));
p += sizeof(big_cksum);
return ((long)(p - out)); /* resulting size */
}