X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_cksum.c;h=cbd531d3fbdcca7ac370798d7cf691f04306f992;hb=163856b1a70d7773c46d4ea5495b85c4dce0f089;hp=d2b0bd8f5a7f0185c9909ce809f57b4e7034e0e8;hpb=9fbf196192538e4712b5596790db276b74b7e35a;p=mech_eap.orig diff --git a/util_cksum.c b/util_cksum.c index d2b0bd8..cbd531d 100644 --- a/util_cksum.c +++ b/util_cksum.c @@ -51,13 +51,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Message protection services: checksum helpers. + */ + #include "gssapiP_eap.h" static int gssEapChecksum(krb5_context context, krb5_cksumtype type, size_t rrc, - krb5_keyblock *key, +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto crypto, +#else + krb5_keyblock *crypto, +#endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count, @@ -70,13 +78,15 @@ gssEapChecksum(krb5_context context, krb5_crypto_iov *kiov; size_t kiov_count; int i = 0, j; - unsigned int k5_checksumlen; + size_t k5_checksumlen; +#ifdef HAVE_HEIMDAL_VERSION + krb5_cksumtype cksumtype; +#endif if (verify) *valid = FALSE; - code = krb5_c_crypto_length(context, KRB_KEYTYPE(key), - KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen); + code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen); if (code != 0) return code; @@ -126,17 +136,28 @@ gssEapChecksum(krb5_context context, } i++; +#ifdef HAVE_HEIMDAL_VERSION + if (verify) { + code = krb5_verify_checksum_iov(context, crypto, sign_usage, + kiov, kiov_count, &cksumtype); + *valid = (code == 0); + } else { + code = krb5_create_checksum_iov(context, crypto, sign_usage, + kiov, kiov_count, &cksumtype); + } +#else if (verify) { krb5_boolean kvalid = FALSE; - code = krb5_c_verify_checksum_iov(context, type, key, + code = krb5_c_verify_checksum_iov(context, type, crypto, sign_usage, kiov, kiov_count, &kvalid); *valid = kvalid; } else { - code = krb5_c_make_checksum_iov(context, type, key, + code = krb5_c_make_checksum_iov(context, type, crypto, sign_usage, kiov, kiov_count); } +#endif /* HAVE_HEIMDAL_VERSION */ GSSEAP_FREE(kiov); @@ -147,12 +168,16 @@ int gssEapSign(krb5_context context, krb5_cksumtype type, size_t rrc, - krb5_keyblock *key, +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto crypto, +#else + krb5_keyblock *crypto, +#endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count) { - return gssEapChecksum(context, type, rrc, key, + return gssEapChecksum(context, type, rrc, crypto, sign_usage, iov, iov_count, 0, NULL); } @@ -160,12 +185,61 @@ int gssEapVerify(krb5_context context, krb5_cksumtype type, size_t rrc, - krb5_keyblock *key, +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto crypto, +#else + krb5_keyblock *crypto, +#endif krb5_keyusage sign_usage, gss_iov_buffer_desc *iov, int iov_count, int *valid) { - return gssEapChecksum(context, type, rrc, key, + return gssEapChecksum(context, type, rrc, crypto, sign_usage, iov, iov_count, 1, valid); } + +#if 0 +OM_uint32 +gssEapEncodeGssChannelBindings(OM_uint32 *minor, + gss_channel_bindings_t chanBindings, + gss_buffer_t encodedBindings) +{ + OM_uint32 major, tmpMinor; + size_t length; + unsigned char *p; + + if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS) { + length = 24; + length += chanBindings->initiator_address.length; + length += chanBindings->acceptor_address.length; + length += chanBindings->application_data.length; + + encodedBindings->value = GSSEAP_MALLOC(length); + if (encodedBindings->value == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + + encodedBindings->length = length; + p = (unsigned char *)encodedBindings->value; + + store_uint32_be(chanBindings->initiator_addrtype, p); + store_buffer(&chanBindings->initiator_address, p + 4, 0); + p += 4 + chanBindings->initiator_address.length; + + store_uint32_be(chanBindings->acceptor_addrtype, p); + store_buffer(&chanBindings->acceptor_address, p + 4, 0); + p += 4 + chanBindings->acceptor_address.length; + + store_buffer(&chanBindings->application_data, p, 1); + p += chanBindings->application_data.length; + } else { + encodedBindings->length = 0; + encodedBindings->value = NULL; + } + + *minor = 0; + return GSS_S_COMPLETE; +} +#endif