static inline void gss_krb5_add_padding(struct xdr_buf *buf, int offset, int blocksize) { int padding = gss_krb5_padding(blocksize, buf->len - offset); char *p; struct kvec *iov; if (buf->page_len || buf->tail[0].iov_len) iov = &buf->tail[0]; else iov = &buf->head[0]; p = iov->iov_base + iov->iov_len; iov->iov_len += padding; buf->len += padding; memset(p, padding, padding); }
u32 krb5_make_token(struct krb5_ctx *ctx, int qop_req, struct xdr_netobj * text, struct xdr_netobj * token, int toktype) { s32 checksum_type; struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; int blocksize = 0, tmsglen; unsigned char *ptr, *krb5_hdr, *msg_start; s32 now; dprintk("RPC: gss_krb5_seal"); now = jiffies; if (qop_req != 0) goto out_err; switch (ctx->signalg) { case SGN_ALG_DES_MAC_MD5: checksum_type = CKSUMTYPE_RSA_MD5; break; default: dprintk("RPC: gss_krb5_seal: ctx->signalg %d not" " supported\n", ctx->signalg); goto out_err; } if (ctx->sealalg != SEAL_ALG_NONE && ctx->sealalg != SEAL_ALG_DES) { dprintk("RPC: gss_krb5_seal: ctx->sealalg %d not supported\n", ctx->sealalg); goto out_err; } if (toktype == KG_TOK_WRAP_MSG) { blocksize = crypto_tfm_alg_blocksize(ctx->enc); tmsglen = blocksize + text->len + gss_krb5_padding(blocksize, blocksize + text->len); } else { tmsglen = 0; } token->len = g_token_size(&ctx->mech_used, 22 + tmsglen); if ((token->data = kmalloc(token->len, GFP_KERNEL)) == NULL) goto out_err; ptr = token->data; g_make_token_header(&ctx->mech_used, 22 + tmsglen, &ptr, toktype); /* ptr now at byte 2 of header described in rfc 1964, section 1.2.1: */ krb5_hdr = ptr - 2; msg_start = krb5_hdr + 24; *(u16 *)(krb5_hdr + 2) = htons(ctx->signalg); memset(krb5_hdr + 4, 0xff, 4); if (toktype == KG_TOK_WRAP_MSG) *(u16 *)(krb5_hdr + 4) = htons(ctx->sealalg); if (toktype == KG_TOK_WRAP_MSG) { unsigned char pad = gss_krb5_padding(blocksize, text->len); get_random_bytes(msg_start, blocksize); /* "confounder" */ memcpy(msg_start + blocksize, text->data, text->len); memset(msg_start + blocksize + text->len, pad, pad); if (compute_checksum(checksum_type, krb5_hdr, msg_start, tmsglen, &md5cksum)) goto out_err; if (krb5_encrypt(ctx->enc, NULL, msg_start, msg_start, tmsglen)) goto out_err; } else { /* Sign only. */ if (compute_checksum(checksum_type, krb5_hdr, text->data, text->len, &md5cksum)) goto out_err; } switch (ctx->signalg) { case SGN_ALG_DES_MAC_MD5: if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, md5cksum.len)) goto out_err; memcpy(krb5_hdr + 16, md5cksum.data + md5cksum.len - CKSUM_SIZE, CKSUM_SIZE); dprintk("make_seal_token: cksum data: \n"); print_hexl((u32 *) (krb5_hdr + 16), CKSUM_SIZE, 0); break; default: BUG(); } kfree(md5cksum.data); if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))) goto out_err; ctx->seq_send++; return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); out_err: if (md5cksum.data) kfree(md5cksum.data); if (token->data) kfree(token->data); token->data = 0; token->len = 0; return GSS_S_FAILURE; }