Author: metze Date: 2005-03-07 14:01:29 +0000 (Mon, 07 Mar 2005) New Revision: 241
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=241 Log: make GSS_C_DCE_STYLE gss_wrap()/unwrap() working:-) the caller need to pass the BLOB with 'verifier'+'encrypted_data' metze Modified: branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h Changeset: Modified: branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c =================================================================== --- branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c 2005-03-01 18:58:11 UTC (rev 240) +++ branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.c 2005-03-07 14:01:29 UTC (rev 241) @@ -344,10 +344,14 @@ if (conf_state) *conf_state = 0; - datalen = input_message_buffer->length + 1 /* padding */; + datalen = input_message_buffer->length; len = 30; - /* if GSS_C_DCE_STYLE is in use, we only need to encapsulate the WRAP token */ + /* if GSS_C_DCE_STYLE is in use: + * - we only need to encapsulate the WRAP token + * - we should not add padding + */ if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + datalen += 1 /* padding */; len += datalen; } gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); @@ -404,7 +408,10 @@ /* p points to data */ p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; memcpy(p, input_message_buffer->value, input_message_buffer->length); - p[input_message_buffer->length] = 1; /* PADDING */ + /* only add padding when GSS_C_DCE_STYLE is not in use */ + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + p[input_message_buffer->length] = 1; /* PADDING */ + } ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, p0 + 16, 8, /* SGN_CKSUM */ @@ -493,7 +500,7 @@ u_char *p, *p0; int cmp; int conf_flag; - size_t padlen; + size_t padlen = 0; if (conf_state) *conf_state = 0; @@ -504,10 +511,10 @@ len = input_message_buffer->length; /* if we have GSS_C_DCE_STYLE in use, we only need to decapsulate the WRAP token */ if (context_handle->flags & GSS_C_DCE_STYLE) { - if (input_message_buffer->length < 45) { + if (input_message_buffer->length < (GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE)) { return GSS_S_BAD_MECH; } - len = 45; + len = GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE; } omret = _gssapi_verify_mech_header(&p0, len, @@ -610,13 +617,15 @@ } memset(k6_data, 0, sizeof(k6_data)); - ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = 0; - return ret; + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; + return ret; + } + output_message_buffer->length -= padlen; } - output_message_buffer->length -= padlen; ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, cksum_data, sizeof(cksum_data), Modified: branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h =================================================================== --- branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h 2005-03-01 18:58:11 UTC (rev 240) +++ branches/tmp/heimdal-gssapi/lib/gssapi/arcfour.h 2005-03-07 14:01:29 UTC (rev 241) @@ -37,6 +37,7 @@ #define GSSAPI_ARCFOUR_H_ 1 #define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 +#define GSS_ARCFOUR_WRAP_TOKEN_OFFSET 13 OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status, const gss_ctx_id_t context_handle,