/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * Message protection services: checksum helpers.
+ */
+
#include "gssapiP_eap.h"
static int
gssEapChecksum(krb5_context context,
krb5_cksumtype type,
size_t rrc,
- krb5_keyblock *key,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
+ krb5_keyblock *crypto,
+#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
krb5_crypto_iov *kiov;
size_t kiov_count;
int i = 0, j;
- unsigned int k5_checksumlen;
+ size_t k5_checksumlen;
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_cksumtype cksumtype;
+#endif
if (verify)
*valid = FALSE;
- code = krb5_c_crypto_length(context, KRB_KEYTYPE(key),
- KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
+ code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
if (code != 0)
return code;
}
i++;
+#ifdef HAVE_HEIMDAL_VERSION
+ if (verify) {
+ code = krb5_verify_checksum_iov(context, crypto, sign_usage,
+ kiov, kiov_count, &cksumtype);
+ *valid = (code == 0);
+ } else {
+ code = krb5_create_checksum_iov(context, crypto, sign_usage,
+ kiov, kiov_count, &cksumtype);
+ }
+#else
if (verify) {
krb5_boolean kvalid = FALSE;
- code = krb5_c_verify_checksum_iov(context, type, key,
+ code = krb5_c_verify_checksum_iov(context, type, crypto,
sign_usage, kiov, kiov_count, &kvalid);
*valid = kvalid;
} else {
- code = krb5_c_make_checksum_iov(context, type, key,
+ code = krb5_c_make_checksum_iov(context, type, crypto,
sign_usage, kiov, kiov_count);
}
+#endif /* HAVE_HEIMDAL_VERSION */
GSSEAP_FREE(kiov);
gssEapSign(krb5_context context,
krb5_cksumtype type,
size_t rrc,
- krb5_keyblock *key,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
+ krb5_keyblock *crypto,
+#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count)
{
- return gssEapChecksum(context, type, rrc, key,
+ return gssEapChecksum(context, type, rrc, crypto,
sign_usage, iov, iov_count, 0, NULL);
}
gssEapVerify(krb5_context context,
krb5_cksumtype type,
size_t rrc,
- krb5_keyblock *key,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
+ krb5_keyblock *crypto,
+#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
int *valid)
{
- return gssEapChecksum(context, type, rrc, key,
+ return gssEapChecksum(context, type, rrc, crypto,
sign_usage, iov, iov_count, 1, valid);
}
+
+#if 0
+OM_uint32
+gssEapEncodeGssChannelBindings(OM_uint32 *minor,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t encodedBindings)
+{
+ OM_uint32 major, tmpMinor;
+ size_t length;
+ unsigned char *p;
+
+ if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS) {
+ length = 24;
+ length += chanBindings->initiator_address.length;
+ length += chanBindings->acceptor_address.length;
+ length += chanBindings->application_data.length;
+
+ encodedBindings->value = GSSEAP_MALLOC(length);
+ if (encodedBindings->value == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ encodedBindings->length = length;
+ p = (unsigned char *)encodedBindings->value;
+
+ store_uint32_be(chanBindings->initiator_addrtype, p);
+ store_buffer(&chanBindings->initiator_address, p + 4, 0);
+ p += 4 + chanBindings->initiator_address.length;
+
+ store_uint32_be(chanBindings->acceptor_addrtype, p);
+ store_buffer(&chanBindings->acceptor_address, p + 4, 0);
+ p += 4 + chanBindings->acceptor_address.length;
+
+ store_buffer(&chanBindings->application_data, p, 1);
+ p += chanBindings->application_data.length;
+ } else {
+ encodedBindings->length = 0;
+ encodedBindings->value = NULL;
+ }
+
+ *minor = 0;
+ return GSS_S_COMPLETE;
+}
+#endif