Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fc263a91 authored by Kevin Coffman's avatar Kevin Coffman Committed by Trond Myklebust
Browse files

gss_krb5: Save the raw session key in the context 



This is needed for deriving arcfour-hmac keys "on the fly"
using the sequence number or checksu

Signed-off-by: default avatarKevin Coffman <kwc@citi.umich.edu>
Signed-off-by: default avatarSteve Dickson <steved@redhat.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 8b237076

include/linux/sunrpc/gss_krb5.h

+1 −0
Original line number Diff line number Diff line
@@ -101,6 +101,7 @@ struct krb5_ctx { 
	struct crypto_blkcipher *initiator_enc;

	struct crypto_blkcipher *acceptor_enc_aux;

	struct crypto_blkcipher *initiator_enc_aux;

	u8			Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */

	u8			cksum[GSS_KRB5_MAX_KEYLEN];

	s32			endtime;

	u32			seq_send;

net/sunrpc/auth_gss/gss_krb5_mech.c

+13 −14
Original line number Diff line number Diff line
@@ -344,7 +344,7 @@ set_cdata(u8 cdata[GSS_KRB5_K5CLENGTH], u32 usage, u8 seed) 
}



static int

context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen)

context_derive_keys_des3(struct krb5_ctx *ctx)

{

	struct xdr_netobj c, keyin, keyout;

	u8 cdata[GSS_KRB5_K5CLENGTH];
@@ -353,18 +353,18 @@ context_derive_keys_des3(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) 
	c.len = GSS_KRB5_K5CLENGTH;

	c.data = cdata;



	keyin.data = rawkey;

	keyin.len = keylen;

	keyout.len = keylen;

	keyin.data = ctx->Ksess;

	keyin.len = ctx->gk5e->keylength;

	keyout.len = ctx->gk5e->keylength;



	/* seq uses the raw key */

	ctx->seq = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name,

					   rawkey);

					   ctx->Ksess);

	if (ctx->seq == NULL)

		goto out_err;



	ctx->enc = context_v2_alloc_cipher(ctx, ctx->gk5e->encrypt_name,

					   rawkey);

					   ctx->Ksess);

	if (ctx->enc == NULL)

		goto out_free_seq;
@@ -389,7 +389,7 @@ out_err: 
}



static int

context_derive_keys_new(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen)

context_derive_keys_new(struct krb5_ctx *ctx)

{

	struct xdr_netobj c, keyin, keyout;

	u8 cdata[GSS_KRB5_K5CLENGTH];
@@ -398,9 +398,9 @@ context_derive_keys_new(struct krb5_ctx *ctx, u8 *rawkey, u32 keylen) 
	c.len = GSS_KRB5_K5CLENGTH;

	c.data = cdata;



	keyin.data = rawkey;

	keyin.len = keylen;

	keyout.len = keylen;

	keyin.data = ctx->Ksess;

	keyin.len = ctx->gk5e->keylength;

	keyout.len = ctx->gk5e->keylength;



	/* initiator seal encryption */

	set_cdata(cdata, KG_USAGE_INITIATOR_SEAL, KEY_USAGE_SEED_ENCRYPTION);
@@ -502,7 +502,6 @@ out_err: 
static int

gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx)

{

	u8 rawkey[GSS_KRB5_MAX_KEYLEN];

	int keylen;



	p = simple_get_bytes(p, end, &ctx->flags, sizeof(ctx->flags));
@@ -538,7 +537,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) 
	}

	keylen = ctx->gk5e->keylength;



	p = simple_get_bytes(p, end, rawkey, keylen);

	p = simple_get_bytes(p, end, ctx->Ksess, keylen);

	if (IS_ERR(p))

		goto out_err;
@@ -557,10 +556,10 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx) 


	switch (ctx->enctype) {

	case ENCTYPE_DES3_CBC_RAW:

		return context_derive_keys_des3(ctx, rawkey, keylen);

		return context_derive_keys_des3(ctx);

	case ENCTYPE_AES128_CTS_HMAC_SHA1_96:

	case ENCTYPE_AES256_CTS_HMAC_SHA1_96:

		return context_derive_keys_new(ctx, rawkey, keylen);

		return context_derive_keys_new(ctx);

	default:

		return -EINVAL;

	}