1*5053Sgtb /*
2*5053Sgtb * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
3*5053Sgtb * Use is subject to license terms.
4*5053Sgtb */
5*5053Sgtb
60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
7*5053Sgtb
80Sstevel@tonic-gate /*
90Sstevel@tonic-gate * Copyright 1993 by OpenVision Technologies, Inc.
100Sstevel@tonic-gate *
110Sstevel@tonic-gate * Permission to use, copy, modify, distribute, and sell this software
120Sstevel@tonic-gate * and its documentation for any purpose is hereby granted without fee,
130Sstevel@tonic-gate * provided that the above copyright notice appears in all copies and
140Sstevel@tonic-gate * that both that copyright notice and this permission notice appear in
150Sstevel@tonic-gate * supporting documentation, and that the name of OpenVision not be used
160Sstevel@tonic-gate * in advertising or publicity pertaining to distribution of the software
170Sstevel@tonic-gate * without specific, written prior permission. OpenVision makes no
180Sstevel@tonic-gate * representations about the suitability of this software for any
190Sstevel@tonic-gate * purpose. It is provided "as is" without express or implied warranty.
200Sstevel@tonic-gate *
210Sstevel@tonic-gate * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
220Sstevel@tonic-gate * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
230Sstevel@tonic-gate * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
240Sstevel@tonic-gate * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
250Sstevel@tonic-gate * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
260Sstevel@tonic-gate * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
270Sstevel@tonic-gate * PERFORMANCE OF THIS SOFTWARE.
280Sstevel@tonic-gate */
290Sstevel@tonic-gate
30*5053Sgtb #include "gssapiP_krb5.h"
31*5053Sgtb #ifdef HAVE_MEMORY_H
320Sstevel@tonic-gate #include <memory.h>
33*5053Sgtb #endif
340Sstevel@tonic-gate
350Sstevel@tonic-gate /* Checksumming the channel bindings always uses plain MD5. */
360Sstevel@tonic-gate krb5_error_code
kg_checksum_channel_bindings(context,cb,cksum,bigend)370Sstevel@tonic-gate kg_checksum_channel_bindings(context, cb, cksum, bigend)
380Sstevel@tonic-gate krb5_context context;
390Sstevel@tonic-gate gss_channel_bindings_t cb;
400Sstevel@tonic-gate krb5_checksum *cksum;
410Sstevel@tonic-gate int bigend;
420Sstevel@tonic-gate {
43*5053Sgtb size_t len;
44*5053Sgtb char *buf = 0;
45*5053Sgtb char *ptr;
460Sstevel@tonic-gate size_t sumlen;
470Sstevel@tonic-gate krb5_data plaind;
480Sstevel@tonic-gate krb5_error_code code;
49*5053Sgtb void *temp;
500Sstevel@tonic-gate
51*5053Sgtb /* initialize the the cksum */
52*5053Sgtb code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen);
53*5053Sgtb if (code)
540Sstevel@tonic-gate return(code);
550Sstevel@tonic-gate
560Sstevel@tonic-gate cksum->checksum_type = CKSUMTYPE_RSA_MD5;
570Sstevel@tonic-gate cksum->length = sumlen;
580Sstevel@tonic-gate
590Sstevel@tonic-gate /* generate a buffer full of zeros if no cb specified */
600Sstevel@tonic-gate
610Sstevel@tonic-gate if (cb == GSS_C_NO_CHANNEL_BINDINGS) {
620Sstevel@tonic-gate if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) {
630Sstevel@tonic-gate return(ENOMEM);
640Sstevel@tonic-gate }
650Sstevel@tonic-gate memset(cksum->contents, '\0', cksum->length);
660Sstevel@tonic-gate return(0);
670Sstevel@tonic-gate }
680Sstevel@tonic-gate
690Sstevel@tonic-gate /* create the buffer to checksum into */
700Sstevel@tonic-gate
710Sstevel@tonic-gate len = (sizeof(krb5_int32)*5+
720Sstevel@tonic-gate cb->initiator_address.length+
730Sstevel@tonic-gate cb->acceptor_address.length+
740Sstevel@tonic-gate cb->application_data.length);
750Sstevel@tonic-gate
760Sstevel@tonic-gate if ((buf = (char *) xmalloc(len)) == NULL)
770Sstevel@tonic-gate return(ENOMEM);
780Sstevel@tonic-gate
790Sstevel@tonic-gate /* helper macros. This code currently depends on a long being 32
800Sstevel@tonic-gate bits, and htonl dtrt. */
810Sstevel@tonic-gate
820Sstevel@tonic-gate ptr = buf;
830Sstevel@tonic-gate
840Sstevel@tonic-gate TWRITE_INT(ptr, cb->initiator_addrtype, bigend);
850Sstevel@tonic-gate TWRITE_BUF(ptr, cb->initiator_address, bigend);
860Sstevel@tonic-gate TWRITE_INT(ptr, cb->acceptor_addrtype, bigend);
870Sstevel@tonic-gate TWRITE_BUF(ptr, cb->acceptor_address, bigend);
880Sstevel@tonic-gate TWRITE_BUF(ptr, cb->application_data, bigend);
890Sstevel@tonic-gate
900Sstevel@tonic-gate /* checksum the data */
910Sstevel@tonic-gate
920Sstevel@tonic-gate plaind.length = len;
930Sstevel@tonic-gate plaind.data = buf;
940Sstevel@tonic-gate
95*5053Sgtb #if 0
96*5053Sgtb /*
97*5053Sgtb * SUNW15resync
98*5053Sgtb * MIT 1.5-6 seems/is wrong here in 2 ways
99*5053Sgtb * - why free then alloc contents again?
100*5053Sgtb * - calling krb5_free_checksum_contents results in cksum->length
101*5053Sgtb * getting set to 0 which causes ftp to fail
102*5053Sgtb * so lets stick w/oldey-but-goodey code.
103*5053Sgtb */
104*5053Sgtb code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0,
105*5053Sgtb &plaind, cksum);
106*5053Sgtb if (code)
107*5053Sgtb goto cleanup;
108*5053Sgtb
109*5053Sgtb if ((temp = xmalloc(cksum->length)) == NULL) {
110*5053Sgtb krb5_free_checksum_contents(context, cksum);
111*5053Sgtb code = ENOMEM;
112*5053Sgtb goto cleanup;
1130Sstevel@tonic-gate }
1140Sstevel@tonic-gate
115*5053Sgtb memcpy(temp, cksum->contents, cksum->length);
116*5053Sgtb krb5_free_checksum_contents(context, cksum);
117*5053Sgtb cksum->contents = (krb5_octet *)temp;
118*5053Sgtb /* SUNW15resync - need to reset cksum->length here */
119*5053Sgtb
1200Sstevel@tonic-gate /* success */
121*5053Sgtb cleanup:
122*5053Sgtb if (buf)
123*5053Sgtb xfree(buf);
124*5053Sgtb #endif /* 0 */
1250Sstevel@tonic-gate
126*5053Sgtb if (code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0,
127*5053Sgtb &plaind, cksum)) {
128*5053Sgtb xfree(cksum->contents); /* SUNW15resync -just in case not already free */
129*5053Sgtb xfree(buf);
130*5053Sgtb return(code);
131*5053Sgtb }
132*5053Sgtb
133*5053Sgtb /* success */
134*5053Sgtb
135*5053Sgtb xfree(buf);
136*5053Sgtb return code;
1370Sstevel@tonic-gate }
138