From: steved@redhat.com
To: linux-nfs@vger.kernel.org
Subject: [PATCH 19/23] gssd_krb5: More arcfour-hmac support
Date: Wed, 17 Mar 2010 13:03:04 -0400 [thread overview]
Message-ID: <1268845388-9516-20-git-send-email-steved@redhat.com> (raw)
In-Reply-To: <1268845388-9516-1-git-send-email-steved@redhat.com>
From: Kevin Coffman <kwc@citi.umich.edu>
For the arcfour-hmac support, the make_seq_num and get_seq_num
functions need access to the kerberos context structure.
This will be used in a later patch.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
include/linux/sunrpc/gss_krb5.h | 5 +++--
net/sunrpc/auth_gss/gss_krb5_seal.c | 5 ++---
net/sunrpc/auth_gss/gss_krb5_seqnum.c | 6 ++++--
net/sunrpc/auth_gss/gss_krb5_unseal.c | 3 ++-
net/sunrpc/auth_gss/gss_krb5_wrap.c | 6 +++---
5 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 14c9b0c..9cc39fe 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -275,12 +275,13 @@ gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
int offset);
s32
-krb5_make_seq_num(struct crypto_blkcipher *key,
+krb5_make_seq_num(struct krb5_ctx *kctx,
+ struct crypto_blkcipher *key,
int direction,
u32 seqnum, unsigned char *cksum, unsigned char *buf);
s32
-krb5_get_seq_num(struct crypto_blkcipher *key,
+krb5_get_seq_num(struct krb5_ctx *kctx,
unsigned char *cksum,
unsigned char *buf, int *direction, u32 *seqnum);
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index eb18930..b6bc20f 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -153,9 +153,8 @@ gss_get_mic_v1(struct krb5_ctx *ctx, struct xdr_buf *text,
seq_send = ctx->seq_send++;
spin_unlock(&krb5_seq_lock);
- if (krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
- seq_send, ptr + GSS_KRB5_TOK_HDR_LEN,
- ptr + 8))
+ if (krb5_make_seq_num(ctx, ctx->seq, ctx->initiate ? 0 : 0xff,
+ seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8))
return GSS_S_FAILURE;
return (ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
index 17562b4..46d900e 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
@@ -41,7 +41,8 @@
#endif
s32
-krb5_make_seq_num(struct crypto_blkcipher *key,
+krb5_make_seq_num(struct krb5_ctx *kctx,
+ struct crypto_blkcipher *key,
int direction,
u32 seqnum,
unsigned char *cksum, unsigned char *buf)
@@ -62,13 +63,14 @@ krb5_make_seq_num(struct crypto_blkcipher *key,
}
s32
-krb5_get_seq_num(struct crypto_blkcipher *key,
+krb5_get_seq_num(struct krb5_ctx *kctx,
unsigned char *cksum,
unsigned char *buf,
int *direction, u32 *seqnum)
{
s32 code;
unsigned char plain[8];
+ struct crypto_blkcipher *key = kctx->seq;
dprintk("RPC: krb5_get_seq_num:\n");
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 5491886..b4416e6 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -132,7 +132,8 @@ gss_verify_mic_v1(struct krb5_ctx *ctx,
/* do sequencing checks */
- if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))
+ if (krb5_get_seq_num(ctx, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
+ &direction, &seqnum))
return GSS_S_FAILURE;
if ((ctx->initiate && direction != 0xff) ||
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index c8c402b..82014cc 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -228,7 +228,7 @@ gss_wrap_kerberos_v1(struct krb5_ctx *kctx, int offset,
/* XXX would probably be more efficient to compute checksum
* and encrypt at the same time: */
- if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
+ if ((krb5_make_seq_num(kctx, kctx->seq, kctx->initiate ? 0 : 0xff,
seq_send, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8)))
return GSS_S_FAILURE;
@@ -315,8 +315,8 @@ gss_unwrap_kerberos_v1(struct krb5_ctx *kctx, int offset, struct xdr_buf *buf)
/* do sequencing checks */
- if (krb5_get_seq_num(kctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8,
- &direction, &seqnum))
+ if (krb5_get_seq_num(kctx, ptr + GSS_KRB5_TOK_HDR_LEN,
+ ptr + 8, &direction, &seqnum))
return GSS_S_BAD_SIG;
if ((kctx->initiate && direction != 0xff) ||
--
1.6.6.1
next prev parent reply other threads:[~2010-03-17 17:26 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-17 17:02 [PATCH 00/23] Add new enctypes for gss_krb5 (Round 5) steved
2010-03-17 17:02 ` [PATCH 01/23] gss_krb5: Introduce encryption type framework steved
2010-03-17 17:02 ` [PATCH 02/23] gss_krb5: Added and improved code comments steved
2010-03-17 17:10 ` Chuck Lever
2010-03-17 17:02 ` [PATCH 03/23] gss_krb5: Don't expect blocksize to always be 8 when calculating padding steved
2010-03-17 17:02 ` [PATCH 04/23] gss_krb5: split up functions in preparation of adding new enctypes steved
2010-03-17 17:02 ` [PATCH 05/23] gss_krb5: prepare for new context format steved
2010-03-17 17:02 ` [PATCH 06/23] gss_krb5: introduce encryption type framework steved
2010-03-17 17:02 ` [PATCH 07/23] gss_krb5: add ability to have a keyed checksum (hmac) steved
2010-03-17 17:02 ` [PATCH 08/23] gss_krb5: import functionality to derive keys into the kernel steved
2010-03-17 17:02 ` [PATCH 09/23] gss_krb5: handle new context format from gssd steved
2010-03-17 17:02 ` [PATCH 10/23] gss_krb5: add support for triple-des encryption steved
2010-03-17 17:02 ` [PATCH 11/23] Add new pipefs file indicating which Kerberos enctypes the kernel supports steved
2010-03-17 17:02 ` [PATCH 12/23] Update " steved
2010-03-17 17:02 ` [PATCH 13/23] xdr: Add an export for the helper function write_bytes_to_xdr_buf() steved
2010-03-17 17:02 ` [PATCH 14/23] gss_krb5: add support for new token formats in rfc4121 steved
2010-03-17 17:03 ` [PATCH 15/23] gss_krb5: add remaining pieces to enable AES encryption support steved
2010-03-17 17:03 ` [PATCH 16/23] gss_krb5: Update pipefs file steved
2010-03-17 17:03 ` [PATCH 17/23] gssd_krb5: arcfour-hmac support steved
2010-03-17 17:03 ` [PATCH 18/23] gss_krb5: Save the raw session key in the context steved
2010-03-17 17:03 ` steved [this message]
2010-03-17 17:03 ` [PATCH 20/23] gss_krb5: Use confounder length in wrap code steved
2010-03-17 17:03 ` [PATCH 21/23] gss_krb5: Add support for rc4-hmac encryption steved
2010-03-17 17:03 ` [PATCH 22/23] Update the pipefs file steved
2010-03-17 17:03 ` [PATCH 23/23] Fixed a typo in gss_verify_mic_v2() steved
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268845388-9516-20-git-send-email-steved@redhat.com \
--to=steved@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox