diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:03:05 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:20 -0400 |
| commit | 5af46547ec451918f3ba51efe59b317d33adf701 (patch) | |
| tree | 0878529858a5ded9224e633dd13b431e6b69e28c /net/sunrpc/auth_gss/gss_krb5_wrap.c | |
| parent | 1dbd9029f3024d058da1cf6c6658c28aac2e4e1c (diff) | |
| download | kernel_samsung_smdk4412-5af46547ec451918f3ba51efe59b317d33adf701.zip kernel_samsung_smdk4412-5af46547ec451918f3ba51efe59b317d33adf701.tar.gz kernel_samsung_smdk4412-5af46547ec451918f3ba51efe59b317d33adf701.tar.bz2 | |
gss_krb5: Use confounder length in wrap code
All encryption types use a confounder at the beginning of the
wrap token. In all encryption types except arcfour-hmac, the
confounder is the same as the blocksize. arcfour-hmac has a
blocksize of one, but uses an eight byte confounder.
Add an entry to the crypto framework definitions for the
confounder length and change the wrap/unwrap code to use
the confounder length rather than assuming it is always
the blocksize.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/auth_gss/gss_krb5_wrap.c')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_wrap.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index a95e7e0a..383db89 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c @@ -168,6 +168,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct page **tmp_pages; u32 seq_send; u8 *cksumkey; + u32 conflen = kctx->gk5e->conflen; dprintk("RPC: %s\n", __func__); @@ -176,7 +177,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, blocksize = crypto_blkcipher_blocksize(kctx->enc); gss_krb5_add_padding(buf, offset, blocksize); BUG_ON((buf->len - offset) % blocksize); - plainlen = blocksize + buf->len - offset; + plainlen = conflen + buf->len - offset; headlen = g_token_size(&kctx->mech_used, GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength + plainlen) - @@ -204,7 +205,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, memset(ptr + 4, 0xff, 4); *(__be16 *)(ptr + 4) = cpu_to_le16(kctx->gk5e->sealalg); - gss_krb5_make_confounder(msg_start, blocksize); + gss_krb5_make_confounder(msg_start, conflen); if (kctx->gk5e->keyed_cksum) cksumkey = kctx->cksum; @@ -214,7 +215,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, /* XXXJBF: UGH!: */ tmp_pages = buf->pages; buf->pages = pages; - if (make_checksum(kctx, ptr, 8, buf, offset + headlen - blocksize, + if (make_checksum(kctx, ptr, 8, buf, offset + headlen - conflen, cksumkey, KG_USAGE_SEAL, &md5cksum)) return GSS_S_FAILURE; buf->pages = tmp_pages; @@ -231,7 +232,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset, seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))) return GSS_S_FAILURE; - if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - blocksize, + if (gss_encrypt_xdr_buf(kctx->enc, buf, offset + headlen - conflen, pages)) return GSS_S_FAILURE; @@ -254,6 +255,7 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf) void *data_start, *orig_start; int data_len; int blocksize; + u32 conflen = kctx->gk5e->conflen; int crypt_offset; u8 *cksumkey; @@ -327,7 +329,7 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf) blocksize = crypto_blkcipher_blocksize(kctx->enc); data_start = ptr + (GSS_KRB5_TOK_HDR_LEN + kctx->gk5e->cksumlength) + - blocksize; + conflen; orig_start = buf->head[0].iov_base + offset; data_len = (buf->head[0].iov_base + buf->head[0].iov_len) - data_start; memmove(orig_start, data_start, data_len); |