1/* 2 * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "sasl_mac_krb_locl.h" 35 36RCSID("$Id: mk_priv.c,v 1.4 2005/01/10 19:10:46 snsimon Exp $"); 37 38/* application include files */ 39#include "krb-archaeology.h" 40 41/* 42 * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes 43 * some user data "in" of "length" bytes and creates a packet in "out" 44 * consisting of the user data, a timestamp, and the sender's network 45 * address. 46 * The packet is encrypted by pcbc_encrypt(), using the given 47 * "key" and "schedule". 48 * The length of the resulting packet "out" is 49 * returned. 50 * 51 * It is similar to krb_mk_safe() except for the additional key 52 * schedule argument "schedule" and the fact that the data is encrypted 53 * rather than appended with a checksum. The protocol version is 54 * KRB_PROT_VERSION, defined in "krb.h". 55 * 56 * The "out" packet consists of: 57 * 58 * Size Variable Field 59 * ---- -------- ----- 60 * 61 * 1 byte KRB_PROT_VERSION protocol version number 62 * 1 byte AUTH_MSG_PRIVATE | message type plus local 63 * HOST_BYTE_ORDER byte order in low bit 64 * 65 * 4 bytes c_length length of data 66 * we encrypt from here with pcbc_encrypt 67 * 68 * 4 bytes length length of user data 69 * length in user data 70 * 1 byte msg_time_5ms timestamp milliseconds 71 * 4 bytes sender->sin.addr.s_addr sender's IP address 72 * 73 * 4 bytes msg_time_sec or timestamp seconds with 74 * -msg_time_sec direction in sign bit 75 * 76 * 0<=n<=7 bytes pad to 8 byte multiple zeroes 77 */ 78 79int32_t 80krb_mk_priv(void *in, void *out, u_int32_t length, 81 struct des_ks_struct *schedule, des_cblock *key, 82 struct sockaddr_in *sender, struct sockaddr_in *receiver) 83{ 84 unsigned char *p = (unsigned char*)out; 85 unsigned char *cipher; 86 87 struct timeval tv; 88 u_int32_t src_addr; 89 u_int32_t len; 90 91 p += krb_put_int(KRB_PROT_VERSION, p, 1, 1); 92 p += krb_put_int(AUTH_MSG_PRIVATE, p, 1, 1); 93 94 len = 4 + length + 1 + 4 + 4; 95 len = (len + 7) & ~7; 96 p += krb_put_int(len, p, 4, 4); 97 98 cipher = p; 99 100 p += krb_put_int(length, p, 4, 4); 101 102 memcpy(p, in, length); 103 p += length; 104 105 krb_kdctimeofday(&tv); 106 107 *p++ =tv.tv_usec / 5000; 108 109 src_addr = sender->sin_addr.s_addr; 110 p += krb_put_address(src_addr, p, 4); 111 112 p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4); 113 114 memset(p, 0, 7); 115 116 des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, 117 len, schedule, key, DES_ENCRYPT); 118 119 return (cipher - (unsigned char*)out) + len; 120} 121