Lines Matching refs:ki
129 #define HASHLEN(ki) (((ki)->hash_len > MAX_DIGEST) ? \
130 (panic("nfs_gss.c:%d ki->hash_len is invalid = %d\n", __LINE__, (ki)->hash_len), MAX_DIGEST) : (ki)->hash_len)
132 #define HASHLEN(ki) (((ki)->hash_len > MAX_DIGEST) ? \
133 (printf("nfs_gss.c:%d ki->hash_len is invalid = %d\n", __LINE__, (ki)->hash_len), MAX_DIGEST) : (ki)->hash_len)
162 #define ALG_MIC(ki) (((ki)->type == NFS_GSS_1DES) ? krb5_mic : krb5_mic3)
163 #define ALG_WRAP(ki) (((ki)->type == NFS_GSS_1DES) ? krb5_wrap : krb5_wrap3)
210 static int nfs_gss_token_get(gss_key_info *ki, u_char *, u_char *, int, uint32_t *, u_char *);
211 static int nfs_gss_token_put(gss_key_info *ki, u_char *, u_char *, int, int, u_char *);
448 gss_key_info *ki;
510 ki = &cp->gss_clnt_kinfo;
581 nfs_gss_cksum_chain(ki, nmc, ALG_MIC(ki), offset, 0, cksum);
583 toklen = nfs_gss_token_put(ki, ALG_MIC(ki), tokbuf, 1, 0, cksum);
613 nfs_gss_cksum_chain(ki, nmc, ALG_MIC(ki), start, len, cksum);
616 toklen = nfs_gss_token_put(ki, ALG_MIC(ki), tokbuf, 1, 0, cksum);
654 nfs_gss_cksum_chain(ki, &nmc_tmp, ALG_WRAP(ki), 0, len, cksum);
657 toklen = nfs_gss_token_put(ki, ALG_WRAP(ki), tokbuf, 1, len, cksum);
667 nfs_gss_encrypt_chain(ki, &nmc_tmp, 0, len, DES_ENCRYPT);
705 gss_key_info *ki = &cp->gss_clnt_kinfo;
750 if (verflen != KRB5_SZ_TOKEN(ki->hash_len))
760 error = nfs_gss_token_get(ki, ALG_MIC(ki), tokbuf, 0, NULL, cksum1);
770 nfs_gss_cksum_rep(ki, gsp->gss_seqnum, cksum2);
771 if (bcmp(cksum1, cksum2, HASHLEN(ki)) == 0)
810 nfs_gss_cksum_chain(ki, nmc, ALG_MIC(ki), start, reslen, cksum1);
834 if (cksumlen != KRB5_SZ_TOKEN(ki->hash_len)) {
841 error = nfs_gss_token_get(ki, ALG_MIC(ki), tokbuf, 0, NULL, cksum2);
846 if (bcmp(cksum1, cksum2, HASHLEN(ki)) != 0) {
868 nfsm_chain_get_opaque(error, nmc, KRB5_SZ_TOKMAX(ki->hash_len), tokbuf);
871 error = nfs_gss_token_get(ki, ALG_WRAP(ki), tokbuf, 0,
880 nfs_gss_encrypt_chain(ki, nmc, start, reslen, DES_DECRYPT);
883 nfs_gss_cksum_chain(ki, nmc, ALG_WRAP(ki), start, reslen, cksum2);
886 if (bcmp(cksum1, cksum2, HASHLEN(ki)) != 0) {
1003 gss_key_info *ki = &cp->gss_clnt_kinfo;
1088 nfs_gss_cksum_rep(ki, cp->gss_clnt_seqwin, cksum1);
1094 error = nfs_gss_token_get(ki, ALG_MIC(ki), cp->gss_clnt_verf, 0,
1099 if (error || bcmp(cksum1, cksum2, HASHLEN(ki)) != 0) {
2100 gss_key_info *ki;
2180 ki = &cp->gss_svc_kinfo;
2202 nfs_gss_cksum_chain(ki, nmc, ALG_MIC(ki), 0, 0, cksum1);
2216 if (flavor != RPCSEC_GSS || verflen != KRB5_SZ_TOKEN(ki->hash_len))
2223 error = nfs_gss_token_get(ki, ALG_MIC(ki), tokbuf, 1,
2228 if (bcmp(cksum1, cksum2, HASHLEN(ki)) != 0) {
2277 nfs_gss_cksum_chain(ki, nmc, ALG_MIC(ki), start, arglen, cksum1);
2298 if (cksumlen != KRB5_SZ_TOKEN(ki->hash_len)) {
2305 error = nfs_gss_token_get(ki, ALG_MIC(ki), tokbuf, 1,
2309 if (error || bcmp(cksum1, cksum2, HASHLEN(ki)) != 0) {
2331 nfsm_chain_get_opaque(error, nmc, KRB5_SZ_TOKMAX(ki->hash_len), tokbuf);
2334 error = nfs_gss_token_get(ki, ALG_WRAP(ki), tokbuf, 1,
2343 nfs_gss_encrypt_chain(ki, nmc, start, arglen, DES_DECRYPT);
2346 nfs_gss_cksum_chain(ki, nmc, ALG_WRAP(ki), start, arglen, cksum2);
2349 if (bcmp(cksum1, cksum2, HASHLEN(ki)) != 0) {
2408 gss_key_info *ki;
2411 ki = &cp->gss_svc_kinfo;
2431 nfs_gss_cksum_rep(ki, cp->gss_svc_seqwin, cksum);
2433 nfs_gss_cksum_rep(ki, nd->nd_gss_seqnum, cksum);
2438 toklen = nfs_gss_token_put(ki, ALG_MIC(ki), tokbuf, 0, 0, cksum);
2500 gss_key_info *ki = &cp->gss_svc_kinfo;
2527 nfs_gss_cksum_mchain(ki, results, ALG_MIC(ki), 0, reslen, cksum);
2530 toklen = nfs_gss_token_put(ki, ALG_MIC(ki), tokbuf, 0, 0, cksum);
2552 nfs_gss_cksum_mchain(ki, results, ALG_WRAP(ki), 0, reslen, cksum);
2555 toklen = nfs_gss_token_put(ki, ALG_WRAP(ki), tokbuf, 0, reslen, cksum);
2564 nfs_gss_encrypt_mchain(ki, results, 0, reslen, DES_ENCRYPT);
3070 gss_key_info *ki,
3089 toklen = KRB5_SZ_MECH + KRB5_SZ_ALG + KRB5_SZ_SEQ + HASHLEN(ki);
3131 gss_des_crypt(ki, (des_cblock *) plain, (des_cblock *) p, 8,
3141 bcopy(cksum, p, HASHLEN(ki));
3142 p += HASHLEN(ki);
3209 gss_key_info *ki,
3251 gss_des_crypt(ki, (des_cblock *)p, (des_cblock *) plain, 8,
3269 bcopy(p, cksum, HASHLEN(ki));
3270 p += HASHLEN(ki);
3349 gss_key_info *ki,
3361 gss_digest_Init(&context, ki);
3406 gss_key_info *ki,
3421 return (nfs_gss_cksum_mchain(ki, nmc->nmc_mhead, alg, offset, len, cksum));
3429 nfs_gss_cksum_rep(gss_key_info *ki, uint32_t seqnum, u_char *cksum)
3434 gss_digest_Init(&context, ki);
3440 gss_digest_Update(&context, ALG_MIC(ki), KRB5_SZ_ALG);
3454 gss_key_info *ki,
3501 gss_des_crypt(ki, (des_cblock *) ptr, (des_cblock *) ptr,
3511 gss_des_crypt(ki, (des_cblock *) tmp, (des_cblock *) tmp, 8,
3525 gss_key_info *ki,
3539 return (nfs_gss_encrypt_mchain(ki, nmc->nmc_mhead, offset, len, encrypt));
3547 gss_digest_Init(GSS_DIGEST_CTX *ctx, gss_key_info *ki)
3549 ctx->type = ki->type;
3550 switch (ki->type) {
3551 case NFS_GSS_1DES: MD5_DESCBC_Init(&ctx->m_ctx, &ki->ks_u.des.gss_sched);
3553 case NFS_GSS_3DES: HMAC_SHA1_DES3KD_Init(&ctx->h_ctx, ki->ks_u.des3.ckey, 0);
3556 printf("gss_digest_Init: Unknown key info type %d\n", ki->type);
3583 gss_des_crypt(gss_key_info *ki, des_cblock *in, des_cblock *out,
3586 switch (ki->type) {
3590 &ki->ks_u.des.gss_sched_Ke :
3591 &ki->ks_u.des.gss_sched);
3597 des3_cbc_encrypt(in, out, len, &ki->ks_u.des3.gss_sched, iv, retiv, encrypt);
3603 gss_key_init(gss_key_info *ki, uint32_t skeylen)
3609 ki->keybytes = skeylen;
3612 ki->type = NFS_GSS_1DES;
3613 ki->hash_len = MD5_DESCBC_DIGEST_LENGTH;
3614 ki->ks_u.des.key = (des_cblock *)ki->skey;
3615 rc = des_cbc_key_sched(ki->ks_u.des.key, &ki->ks_u.des.gss_sched);
3618 for (i = 0; i < ki->keybytes; i++)
3619 k[0][i] = 0xf0 ^ (*ki->ks_u.des.key)[i];
3620 rc = des_cbc_key_sched(&k[0], &ki->ks_u.des.gss_sched_Ke);
3623 ki->type = NFS_GSS_3DES;
3624 ki->hash_len = SHA_DIGEST_LENGTH;
3625 ki->ks_u.des3.key = (des_cblock (*)[3])ki->skey;
3626 des3_derive_key(*ki->ks_u.des3.key, ki->ks_u.des3.ckey,
3628 rc = des3_cbc_key_sched(*ki->ks_u.des3.key, &ki->ks_u.des3.gss_sched);