From e4b199e2a05705c453da2250b17cf3c7e4135dda Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 17 Sep 2011 19:25:16 +1000 Subject: [PATCH] Simplify verify_mic path Allow verify_mic, wrapped on top of the IOV routines, to pass in a single HEADER buffer rather than needing to understand the underlying split between header and trailer. --- moonshot/mech_eap/unwrap_iov.c | 9 ++++++++- moonshot/mech_eap/util_context.c | 8 +------- moonshot/mech_eap/verify_mic.c | 9 ++------- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/moonshot/mech_eap/unwrap_iov.c b/moonshot/mech_eap/unwrap_iov.c index 6291172..5ceefa2 100644 --- a/moonshot/mech_eap/unwrap_iov.c +++ b/moonshot/mech_eap/unwrap_iov.c @@ -243,7 +243,14 @@ unwrapToken(OM_uint32 *minor, goto defective; seqnum = load_uint64_be(ptr + 8); - code = gssEapVerify(krbContext, ctx->checksumType, 0, + /* + * Although MIC tokens don't have a RRC, they are similarly + * composed of a header and a checksum. So the verify_mic() + * can be implemented with a single header buffer, fake the + * RRC to the putative trailer length if no trailer buffer. + */ + code = gssEapVerify(krbContext, ctx->checksumType, + trailer != NULL ? 0 : header->buffer.length - 16, KRB_CRYPTO_CONTEXT(ctx), keyUsage, iov, iov_count, &valid); if (code != 0 || valid == FALSE) { diff --git a/moonshot/mech_eap/util_context.c b/moonshot/mech_eap/util_context.c index ba0dc87..e18edc5 100644 --- a/moonshot/mech_eap/util_context.c +++ b/moonshot/mech_eap/util_context.c @@ -328,13 +328,7 @@ gssEapMakeOrVerifyTokenMIC(OM_uint32 *minor, GSSEAP_ASSERT(i < 2 + (3 * tokens->buffers.count)); iov[i].type = GSS_IOV_BUFFER_TYPE_HEADER; - iov[i].buffer.length = 16; - iov[i].buffer.value = tokenMIC->value; - i++; - - iov[i].type = GSS_IOV_BUFFER_TYPE_TRAILER; - iov[i].buffer.length = tokenMIC->length - 16; - iov[i].buffer.value = (unsigned char *)tokenMIC->value + 16; + iov[i].buffer = *tokenMIC; i++; major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL, diff --git a/moonshot/mech_eap/verify_mic.c b/moonshot/mech_eap/verify_mic.c index d72c57e..c0829f5 100644 --- a/moonshot/mech_eap/verify_mic.c +++ b/moonshot/mech_eap/verify_mic.c @@ -58,17 +58,12 @@ gss_verify_mic(OM_uint32 *minor, iov[0].buffer = *message_buffer; iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER; - iov[1].buffer.length = 16; - iov[1].buffer.value = message_token->value; - - iov[2].type = GSS_IOV_BUFFER_TYPE_TRAILER; - iov[2].buffer.length = message_token->length - 16; - iov[2].buffer.value = (unsigned char *)message_token->value + 16; + iov[1].buffer = *message_token; GSSEAP_MUTEX_LOCK(&ctx->mutex); major = gssEapUnwrapOrVerifyMIC(minor, ctx, &conf_state, qop_state, - iov, 3, TOK_TYPE_MIC); + iov, 2, TOK_TYPE_MIC); GSSEAP_MUTEX_UNLOCK(&ctx->mutex); -- 2.1.4