Lines Matching +full:mic +full:- +full:int
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
134 *lenp = *lenp - 2; in get_uint16()
150 *lenp = *lenp - 4; in get_uint32()
160 dp->kd_length = sz; in get_data()
161 dp->kd_data = malloc(sz, M_GSSAPI, M_WAITOK); in get_data()
165 bcopy(*pp, dp->kd_data, sz); in get_data()
167 (*lenp) -= sz; in get_data()
173 if (dp->kd_data) { in delete_data()
174 free(dp->kd_data, M_GSSAPI); in delete_data()
175 dp->kd_length = 0; in delete_data()
176 dp->kd_data = NULL; in delete_data()
184 ka->ka_type = get_uint16(pp, lenp); in get_address()
185 get_data(pp, lenp, &ka->ka_addr); in get_address()
191 delete_data(&ka->ka_addr); in delete_address()
198 kk->kk_type = get_uint16(pp, lenp); in get_keyblock()
199 get_data(pp, lenp, &kk->kk_key); in get_keyblock()
205 if (kk->kk_key.kd_data) in delete_keyblock()
206 bzero(kk->kk_key.kd_data, kk->kk_key.kd_length); in delete_keyblock()
207 delete_data(&kk->kk_key); in delete_keyblock()
214 if (from->kk_key.kd_length) in copy_key()
221 * Return non-zero if we are initiator.
223 static __inline int
226 return (kc->kc_more_flags & LOCAL); in is_initiator()
230 * Return non-zero if we are acceptor.
232 static __inline int
235 return !(kc->kc_more_flags & LOCAL); in is_acceptor()
243 copy_key(&kc->kc_local_subkey, kdp); in get_initiator_subkey()
245 copy_key(&kc->kc_remote_subkey, kdp); in get_initiator_subkey()
247 copy_key(&kc->kc_keyblock, kdp); in get_initiator_subkey()
255 copy_key(&kc->kc_remote_subkey, kdp); in get_acceptor_subkey()
257 copy_key(&kc->kc_local_subkey, kdp); in get_acceptor_subkey()
266 int etype; in get_keys()
271 if ((kc->kc_more_flags & ACCEPTOR_SUBKEY) == 0) in get_keys()
277 * GSS-API treats all DES etypes the same and all DES3 etypes in get_keys()
280 switch (keydata->kk_type) { in get_keys()
294 etype = keydata->kk_type; in get_keys()
302 krb5_set_key(key, keydata->kk_key.kd_data); in get_keys()
303 kc->kc_tokenkey = key; in get_keys()
316 int i; in get_keys()
319 ekp = ekey->ks_key; in get_keys()
320 kp = key->ks_key; in get_keys()
321 for (i = 0; i < ec->ec_keylen; i++) in get_keys()
324 kc->kc_encryptkey = ekey; in get_keys()
325 refcount_acquire(&key->ks_refs); in get_keys()
326 kc->kc_checksumkey = key; in get_keys()
337 kc->kc_checksumkey = krb5_get_checksum_key(key, KG_USAGE_SIGN); in get_keys()
338 refcount_acquire(&key->ks_refs); in get_keys()
339 kc->kc_encryptkey = key; in get_keys()
351 kc->kc_send_seal_Ke = krb5_get_encryption_key(key, in get_keys()
353 kc->kc_send_seal_Ki = krb5_get_integrity_key(key, in get_keys()
355 kc->kc_send_seal_Kc = krb5_get_checksum_key(key, in get_keys()
357 kc->kc_send_sign_Kc = krb5_get_checksum_key(key, in get_keys()
360 kc->kc_recv_seal_Ke = krb5_get_encryption_key(key, in get_keys()
362 kc->kc_recv_seal_Ki = krb5_get_integrity_key(key, in get_keys()
364 kc->kc_recv_seal_Kc = krb5_get_checksum_key(key, in get_keys()
366 kc->kc_recv_sign_Kc = krb5_get_checksum_key(key, in get_keys()
372 kc->kc_send_seal_Ke = krb5_get_encryption_key(key, in get_keys()
374 kc->kc_send_seal_Ki = krb5_get_integrity_key(key, in get_keys()
376 kc->kc_send_seal_Kc = krb5_get_checksum_key(key, in get_keys()
378 kc->kc_send_sign_Kc = krb5_get_checksum_key(key, in get_keys()
381 kc->kc_recv_seal_Ke = krb5_get_encryption_key(key, in get_keys()
383 kc->kc_recv_seal_Ki = krb5_get_integrity_key(key, in get_keys()
385 kc->kc_recv_seal_Kc = krb5_get_checksum_key(key, in get_keys()
387 kc->kc_recv_sign_Kc = krb5_get_checksum_key(key, in get_keys()
401 mtx_init(&kc->kc_lock, "krb5 gss lock", NULL, MTX_DEF); in krb5_init()
411 const uint8_t *p = (const uint8_t *) context_token->value; in krb5_import()
412 size_t len = context_token->length; in krb5_import()
414 int i; in krb5_import()
437 len -= krb5_mech_oid.length + 2; in krb5_import()
440 kc->kc_ac_flags = get_uint32(&p, &len); in krb5_import()
442 get_address(&p, &len, &kc->kc_local_address); in krb5_import()
444 get_address(&p, &len, &kc->kc_remote_address); in krb5_import()
445 kc->kc_local_port = get_uint16(&p, &len); in krb5_import()
446 kc->kc_remote_port = get_uint16(&p, &len); in krb5_import()
448 get_keyblock(&p, &len, &kc->kc_keyblock); in krb5_import()
450 get_keyblock(&p, &len, &kc->kc_local_subkey); in krb5_import()
452 get_keyblock(&p, &len, &kc->kc_remote_subkey); in krb5_import()
453 kc->kc_local_seqnumber = get_uint32(&p, &len); in krb5_import()
454 kc->kc_remote_seqnumber = get_uint32(&p, &len); in krb5_import()
455 kc->kc_keytype = get_uint32(&p, &len); in krb5_import()
456 kc->kc_cksumtype = get_uint32(&p, &len); in krb5_import()
457 get_data(&p, &len, &kc->kc_source_name); in krb5_import()
458 get_data(&p, &len, &kc->kc_target_name); in krb5_import()
459 kc->kc_ctx_flags = get_uint32(&p, &len); in krb5_import()
460 kc->kc_more_flags = get_uint32(&p, &len); in krb5_import()
461 kc->kc_lifetime = get_uint32(&p, &len); in krb5_import()
466 kc->kc_msg_order.km_flags = get_uint32(&p, &len); in krb5_import()
467 kc->kc_msg_order.km_start = get_uint32(&p, &len); in krb5_import()
468 kc->kc_msg_order.km_length = get_uint32(&p, &len); in krb5_import()
469 kc->kc_msg_order.km_jitter_window = get_uint32(&p, &len); in krb5_import()
470 kc->kc_msg_order.km_first_seq = get_uint32(&p, &len); in krb5_import()
471 kc->kc_msg_order.km_elem = in krb5_import()
472 malloc(kc->kc_msg_order.km_jitter_window * sizeof(uint32_t), in krb5_import()
474 for (i = 0; i < kc->kc_msg_order.km_jitter_window; i++) in krb5_import()
475 kc->kc_msg_order.km_elem[i] = get_uint32(&p, &len); in krb5_import()
477 kc->kc_msg_order.km_flags = 0; in krb5_import()
487 delete_keyblock(&kc->kc_keyblock); in krb5_import()
488 delete_keyblock(&kc->kc_local_subkey); in krb5_import()
489 delete_keyblock(&kc->kc_remote_subkey); in krb5_import()
499 delete_address(&kc->kc_local_address); in krb5_delete()
500 delete_address(&kc->kc_remote_address); in krb5_delete()
501 delete_keyblock(&kc->kc_keyblock); in krb5_delete()
502 delete_keyblock(&kc->kc_local_subkey); in krb5_delete()
503 delete_keyblock(&kc->kc_remote_subkey); in krb5_delete()
504 delete_data(&kc->kc_source_name); in krb5_delete()
505 delete_data(&kc->kc_target_name); in krb5_delete()
506 if (kc->kc_msg_order.km_elem) in krb5_delete()
507 free(kc->kc_msg_order.km_elem, M_GSSAPI); in krb5_delete()
509 output_token->length = 0; in krb5_delete()
510 output_token->value = NULL; in krb5_delete()
512 if (kc->kc_tokenkey) { in krb5_delete()
513 krb5_free_key(kc->kc_tokenkey); in krb5_delete()
514 if (kc->kc_encryptkey) { in krb5_delete()
515 krb5_free_key(kc->kc_encryptkey); in krb5_delete()
516 krb5_free_key(kc->kc_checksumkey); in krb5_delete()
518 krb5_free_key(kc->kc_send_seal_Ke); in krb5_delete()
519 krb5_free_key(kc->kc_send_seal_Ki); in krb5_delete()
520 krb5_free_key(kc->kc_send_seal_Kc); in krb5_delete()
521 krb5_free_key(kc->kc_send_sign_Kc); in krb5_delete()
522 krb5_free_key(kc->kc_recv_seal_Ke); in krb5_delete()
523 krb5_free_key(kc->kc_recv_seal_Ki); in krb5_delete()
524 krb5_free_key(kc->kc_recv_seal_Kc); in krb5_delete()
525 krb5_free_key(kc->kc_recv_sign_Kc); in krb5_delete()
528 mtx_destroy(&kc->kc_lock); in krb5_delete()
562 inside_len = 2 + oid->length + len; in krb5_make_token()
574 tlen = 1 + len_len + 2 + oid->length + hlen; in krb5_make_token()
578 m->m_len = tlen; in krb5_make_token()
580 p = (uint8_t *) m->m_data; in krb5_make_token()
611 *p++ = oid->length; in krb5_make_token()
612 bcopy(oid->elements, p, oid->length); in krb5_make_token()
613 p += oid->length; in krb5_make_token()
661 if (m->m_len < 2) { in krb5_verify_token()
668 p = m->m_data; in krb5_verify_token()
683 if (m->m_len < len_len + 1) { in krb5_verify_token()
688 p = m->m_data + 1; in krb5_verify_token()
719 if (inside_len < 2 + oid->length + len) in krb5_verify_token()
724 * whole header. The header is 1 + len_len + 2 + oid->length + in krb5_verify_token()
727 hlen = 1 + len_len + 2 + oid->length + len; in krb5_verify_token()
728 if (m->m_len < hlen) { in krb5_verify_token()
733 p = m->m_data + 1 + len_len; in krb5_verify_token()
738 if (*p++ != oid->length) in krb5_verify_token()
740 if (bcmp(oid->elements, p, oid->length)) in krb5_verify_token()
742 p += oid->length; in krb5_verify_token()
750 *encap_len = inside_len - 2 - oid->length; in krb5_verify_token()
756 krb5_insert_seq(struct krb5_msg_order *mo, uint32_t seq, int index) in krb5_insert_seq()
758 int i; in krb5_insert_seq()
760 if (mo->km_length < mo->km_jitter_window) in krb5_insert_seq()
761 mo->km_length++; in krb5_insert_seq()
763 for (i = mo->km_length - 1; i > index; i--) in krb5_insert_seq()
764 mo->km_elem[i] = mo->km_elem[i - 1]; in krb5_insert_seq()
765 mo->km_elem[index] = seq; in krb5_insert_seq()
775 struct krb5_msg_order *mo = &kc->kc_msg_order; in krb5_sequence_check()
776 int check_sequence = mo->km_flags & GSS_C_SEQUENCE_FLAG; in krb5_sequence_check()
777 int check_replay = mo->km_flags & GSS_C_REPLAY_FLAG; in krb5_sequence_check()
778 int i; in krb5_sequence_check()
780 mtx_lock(&kc->kc_lock); in krb5_sequence_check()
783 * Message is in-sequence with no gap. in krb5_sequence_check()
785 if (mo->km_length == 0 || seq == mo->km_elem[0] + 1) { in krb5_sequence_check()
787 * This message is received in-sequence with no gaps. in krb5_sequence_check()
794 if (seq > mo->km_elem[0]) { in krb5_sequence_check()
796 * This message is received in-sequence with a gap. in krb5_sequence_check()
806 if (seq < mo->km_elem[mo->km_length - 1]) { in krb5_sequence_check()
814 for (i = 0; i < mo->km_length; i++) { in krb5_sequence_check()
815 if (mo->km_elem[i] == seq) { in krb5_sequence_check()
819 if (mo->km_elem[i] < seq) { in krb5_sequence_check()
833 mtx_unlock(&kc->kc_lock); in krb5_sequence_check()
854 return (16 + key->ks_class->ec_checksumlen); in token_length()
861 struct mbuf *mlast, *mic, *tm; in krb5_get_mic_old() local
869 tlen = token_length(kc->kc_tokenkey); in krb5_get_mic_old()
870 p = krb5_make_token("\x01\x01", tlen, tlen, &mic); in krb5_get_mic_old()
886 cklen = kc->kc_checksumkey->ks_class->ec_checksumlen; in krb5_get_mic_old()
888 mic->m_len = p - (uint8_t *) mic->m_data; in krb5_get_mic_old()
889 mic->m_next = m; in krb5_get_mic_old()
891 tm->m_len = cklen; in krb5_get_mic_old()
892 mlast->m_next = tm; in krb5_get_mic_old()
894 krb5_checksum(kc->kc_checksumkey, 15, mic, mic->m_len - 8, in krb5_get_mic_old()
896 bcopy(tm->m_data, p + 8, cklen); in krb5_get_mic_old()
897 mic->m_next = NULL; in krb5_get_mic_old()
898 mlast->m_next = NULL; in krb5_get_mic_old()
908 * sequence number big-endian. in krb5_get_mic_old()
910 seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1); in krb5_get_mic_old()
934 * Set the mic buffer to its final size so that the encrypt in krb5_get_mic_old()
937 mic->m_len += 8 + cklen; in krb5_get_mic_old()
938 krb5_encrypt(kc->kc_tokenkey, mic, mic->m_len - cklen - 8, 8, buf, 8); in krb5_get_mic_old()
940 *micp = mic; in krb5_get_mic_old()
948 struct krb5_key_state *key = kc->kc_send_sign_Kc; in krb5_get_mic_new()
949 struct mbuf *mlast, *mic; in krb5_get_mic_new() local
951 int flags; in krb5_get_mic_new()
956 cklen = key->ks_class->ec_checksumlen; in krb5_get_mic_new()
959 MGET(mic, M_WAITOK, MT_DATA); in krb5_get_mic_new()
960 M_ALIGN(mic, 16 + cklen); in krb5_get_mic_new()
961 mic->m_len = 16 + cklen; in krb5_get_mic_new()
962 p = mic->m_data; in krb5_get_mic_new()
972 if (kc->kc_more_flags & ACCEPTOR_SUBKEY) in krb5_get_mic_new()
988 seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1); in krb5_get_mic_new()
1000 mlast->m_next = mic; in krb5_get_mic_new()
1002 mlast->m_next = NULL; in krb5_get_mic_new()
1004 *micp = mic; in krb5_get_mic_new()
1019 if (time_uptime > kc->kc_lifetime) in krb5_get_mic()
1022 switch (kc->kc_tokenkey->ks_class->ec_type) { in krb5_get_mic()
1041 krb5_verify_mic_old(struct krb5_context *kc, struct mbuf *m, struct mbuf *mic, in krb5_verify_mic_old() argument
1052 tlen = token_length(kc->kc_tokenkey); in krb5_verify_mic_old()
1053 p = krb5_verify_token("\x01\x01", tlen, &mic, &elen, FALSE); in krb5_verify_mic_old()
1058 * Disable this check - heimdal-1.1 generates DES3 MIC tokens in krb5_verify_mic_old()
1082 cklen = kc->kc_checksumkey->ks_class->ec_checksumlen; in krb5_verify_mic_old()
1083 mic->m_len = p - (uint8_t *) mic->m_data; in krb5_verify_mic_old()
1084 mic->m_next = m; in krb5_verify_mic_old()
1086 tm->m_len = cklen; in krb5_verify_mic_old()
1087 mlast->m_next = tm; in krb5_verify_mic_old()
1089 krb5_checksum(kc->kc_checksumkey, 15, mic, mic->m_len - 8, in krb5_verify_mic_old()
1091 mic->m_next = NULL; in krb5_verify_mic_old()
1092 mlast->m_next = NULL; in krb5_verify_mic_old()
1093 if (bcmp(tm->m_data, p + 8, cklen)) { in krb5_verify_mic_old()
1105 * sequence number big-endian. in krb5_verify_mic_old()
1107 bcopy(p, tm->m_data, 8); in krb5_verify_mic_old()
1108 tm->m_len = 8; in krb5_verify_mic_old()
1109 krb5_decrypt(kc->kc_tokenkey, tm, 0, 8, p + 8, 8); in krb5_verify_mic_old()
1111 tp = tm->m_data; in krb5_verify_mic_old()
1129 if (kc->kc_msg_order.km_flags & in krb5_verify_mic_old()
1138 krb5_verify_mic_new(struct krb5_context *kc, struct mbuf *m, struct mbuf *mic) in krb5_verify_mic_new() argument
1141 struct krb5_key_state *key = kc->kc_recv_sign_Kc; in krb5_verify_mic_new()
1144 int flags; in krb5_verify_mic_new()
1149 cklen = key->ks_class->ec_checksumlen; in krb5_verify_mic_new()
1151 KASSERT(mic->m_next == NULL, ("MIC should be contiguous")); in krb5_verify_mic_new()
1152 if (mic->m_len != 16 + cklen) in krb5_verify_mic_new()
1154 p = mic->m_data; in krb5_verify_mic_new()
1166 if (kc->kc_more_flags & ACCEPTOR_SUBKEY) in krb5_verify_mic_new()
1184 if (kc->kc_msg_order.km_flags & in krb5_verify_mic_new()
1206 m_copydata(mic, 16, cklen, buf); in krb5_verify_mic_new()
1207 mlast->m_next = mic; in krb5_verify_mic_new()
1209 mlast->m_next = NULL; in krb5_verify_mic_new()
1219 struct mbuf *m, struct mbuf *mic, gss_qop_t *qop_state) in krb5_verify_mic() argument
1227 if (time_uptime > kc->kc_lifetime) in krb5_verify_mic()
1230 switch (kc->kc_tokenkey->ks_class->ec_type) { in krb5_verify_mic()
1232 return (krb5_verify_mic_old(kc, m, mic, sgn_alg_des_md5)); in krb5_verify_mic()
1236 return (krb5_verify_mic_old(kc, m, mic, sgn_alg_hmac_md5)); in krb5_verify_mic()
1239 return (krb5_verify_mic_old(kc, m, mic, sgn_alg_des3_sha1)); in krb5_verify_mic()
1242 return (krb5_verify_mic_new(kc, m, mic)); in krb5_verify_mic()
1249 krb5_wrap_old(struct krb5_context *kc, int conf_req_flag, in krb5_wrap_old()
1250 struct mbuf **mp, int *conf_state, in krb5_wrap_old()
1265 tlen = kc->kc_tokenkey->ks_class->ec_msgblocklen; in krb5_wrap_old()
1266 padlen = tlen - (mlen % tlen); in krb5_wrap_old()
1275 tlen = token_length(kc->kc_tokenkey); in krb5_wrap_old()
1296 m->m_data -= 8; in krb5_wrap_old()
1297 m->m_len += 8; in krb5_wrap_old()
1300 cm->m_len = 8; in krb5_wrap_old()
1301 cm->m_next = m; in krb5_wrap_old()
1304 arc4rand(m->m_data, 8, 0); in krb5_wrap_old()
1306 memset(mlast->m_data + mlast->m_len, padlen, padlen); in krb5_wrap_old()
1307 mlast->m_len += padlen; in krb5_wrap_old()
1310 memset(pm->m_data, padlen, padlen); in krb5_wrap_old()
1311 pm->m_len = padlen; in krb5_wrap_old()
1312 mlast->m_next = pm; in krb5_wrap_old()
1315 tm->m_next = m; in krb5_wrap_old()
1321 * padded message. Fiddle with tm->m_len so that we only in krb5_wrap_old()
1324 cklen = kc->kc_checksumkey->ks_class->ec_checksumlen; in krb5_wrap_old()
1325 tlen = tm->m_len; in krb5_wrap_old()
1326 tm->m_len = p - (uint8_t *) tm->m_data; in krb5_wrap_old()
1328 cm->m_len = cklen; in krb5_wrap_old()
1329 mlast->m_next = cm; in krb5_wrap_old()
1330 krb5_checksum(kc->kc_checksumkey, 13, tm, tm->m_len - 8, in krb5_wrap_old()
1332 tm->m_len = tlen; in krb5_wrap_old()
1333 mlast->m_next = NULL; in krb5_wrap_old()
1334 bcopy(cm->m_data, p + 8, cklen); in krb5_wrap_old()
1346 seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1); in krb5_wrap_old()
1367 krb5_encrypt(kc->kc_tokenkey, tm, p - (uint8_t *) tm->m_data, in krb5_wrap_old()
1374 * big-endian format for ARCFOUR. in krb5_wrap_old()
1381 krb5_encrypt(kc->kc_encryptkey, m, 0, datalen, in krb5_wrap_old()
1384 krb5_encrypt(kc->kc_encryptkey, m, 0, datalen, in krb5_wrap_old()
1397 krb5_wrap_new(struct krb5_context *kc, int conf_req_flag, in krb5_wrap_new()
1398 struct mbuf **mp, int *conf_state) in krb5_wrap_new()
1400 struct krb5_key_state *Ke = kc->kc_send_seal_Ke; in krb5_wrap_new()
1401 struct krb5_key_state *Ki = kc->kc_send_seal_Ki; in krb5_wrap_new()
1402 struct krb5_key_state *Kc = kc->kc_send_seal_Kc; in krb5_wrap_new()
1403 const struct krb5_encryption_class *ec = Ke->ks_class; in krb5_wrap_new()
1406 int flags, EC; in krb5_wrap_new()
1414 blen = ec->ec_blocklen; in krb5_wrap_new()
1415 mblen = ec->ec_msgblocklen; in krb5_wrap_new()
1416 cklen = ec->ec_checksumlen; in krb5_wrap_new()
1447 mlast->m_len += EC + 16 + cklen; in krb5_wrap_new()
1450 tm->m_len = EC + 16 + cklen; in krb5_wrap_new()
1451 mlast->m_next = tm; in krb5_wrap_new()
1458 * a copy of the header - this will be trimmed later. in krb5_wrap_new()
1463 tm->m_len = cklen + 16; in krb5_wrap_new()
1464 mlast->m_next = tm; in krb5_wrap_new()
1469 p = m->m_data; in krb5_wrap_new()
1481 if (kc->kc_more_flags & ACCEPTOR_SUBKEY) in krb5_wrap_new()
1488 /* EC + RRC - set to zero initially */ in krb5_wrap_new()
1499 seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1); in krb5_wrap_new()
1527 bcopy(p, tm->m_data, 16); in krb5_wrap_new()
1529 tm->m_data += 16; in krb5_wrap_new()
1530 tm->m_len -= 16; in krb5_wrap_new()
1545 int conf_req_flag, gss_qop_t qop_req, in krb5_wrap()
1546 struct mbuf **mp, int *conf_state) in krb5_wrap()
1557 if (time_uptime > kc->kc_lifetime) in krb5_wrap()
1560 switch (kc->kc_tokenkey->ks_class->ec_type) { in krb5_wrap()
1582 m_trim(struct mbuf *m, int len) in m_trim()
1585 int off; in m_trim()
1591 n->m_len = off; in m_trim()
1592 if (n->m_next) { in m_trim()
1593 m_freem(n->m_next); in m_trim()
1594 n->m_next = NULL; in m_trim()
1600 krb5_unwrap_old(struct krb5_context *kc, struct mbuf **mp, int *conf_state, in krb5_unwrap_old()
1610 int i, conf; in krb5_unwrap_old()
1615 tlen = token_length(kc->kc_tokenkey); in krb5_unwrap_old()
1616 cklen = kc->kc_tokenkey->ks_class->ec_checksumlen; in krb5_unwrap_old()
1622 datalen = elen - tlen; in krb5_unwrap_old()
1628 m_adj(m, p - (uint8_t *) m->m_data); in krb5_unwrap_old()
1660 krb5_decrypt(kc->kc_tokenkey, m, 8, 8, p + 8, 8); in krb5_unwrap_old()
1675 if (kc->kc_msg_order.km_flags & in krb5_unwrap_old()
1685 * If the token was encrypted, decode it in-place. in krb5_unwrap_old()
1690 * DES and DES3 or an IV of the big-endian encoded in krb5_unwrap_old()
1694 krb5_decrypt(kc->kc_encryptkey, m, 16 + cklen, in krb5_unwrap_old()
1697 krb5_decrypt(kc->kc_encryptkey, m, 16 + cklen, in krb5_unwrap_old()
1706 * RFC1964 specifies between 1<->8 bytes, each with a binary value in krb5_unwrap_old()
1709 if (mlast->m_len > 0) in krb5_unwrap_old()
1710 padlen = mlast->m_data[mlast->m_len - 1]; in krb5_unwrap_old()
1712 n = m_getptr(m, tlen + datalen - 1, &i); in krb5_unwrap_old()
1719 if (n == NULL || n->m_len == i) in krb5_unwrap_old()
1721 padlen = n->m_data[i]; in krb5_unwrap_old()
1725 m_copydata(m, tlen + datalen - padlen, padlen, buf); in krb5_unwrap_old()
1742 hm->m_len = 8; in krb5_unwrap_old()
1743 hm->m_next = m; in krb5_unwrap_old()
1745 cm->m_len = cklen; in krb5_unwrap_old()
1746 mlast->m_next = cm; in krb5_unwrap_old()
1748 krb5_checksum(kc->kc_checksumkey, 13, hm, 0, datalen + 8, cklen); in krb5_unwrap_old()
1749 hm->m_next = NULL; in krb5_unwrap_old()
1750 mlast->m_next = NULL; in krb5_unwrap_old()
1752 if (bcmp(cm->m_data, hm->m_data + 16, cklen)) { in krb5_unwrap_old()
1764 if (mlast->m_len >= padlen) { in krb5_unwrap_old()
1765 mlast->m_len -= padlen; in krb5_unwrap_old()
1767 m_trim(m, datalen - 8 - padlen); in krb5_unwrap_old()
1775 krb5_unwrap_new(struct krb5_context *kc, struct mbuf **mp, int *conf_state) in krb5_unwrap_new()
1778 struct krb5_key_state *Ke = kc->kc_recv_seal_Ke; in krb5_unwrap_new()
1779 struct krb5_key_state *Ki = kc->kc_recv_seal_Ki; in krb5_unwrap_new()
1780 struct krb5_key_state *Kc = kc->kc_recv_seal_Kc; in krb5_unwrap_new()
1781 const struct krb5_encryption_class *ec = Ke->ks_class; in krb5_unwrap_new()
1784 int sealed, flags, EC, RRC; in krb5_unwrap_new()
1793 if (m->m_len < 16) { in krb5_unwrap_new()
1797 p = m->m_data; in krb5_unwrap_new()
1810 if (kc->kc_more_flags & ACCEPTOR_SUBKEY) in krb5_unwrap_new()
1824 if (kc->kc_msg_order.km_flags & in krb5_unwrap_new()
1860 rlen = mlen - 16; in krb5_unwrap_new()
1861 if (RRC <= sizeof(buf) && m->m_len >= rlen) { in krb5_unwrap_new()
1865 bcopy(m->m_data, buf, RRC); in krb5_unwrap_new()
1866 bcopy(m->m_data + RRC, m->m_data, rlen - RRC); in krb5_unwrap_new()
1867 bcopy(buf, m->m_data + rlen - RRC, RRC); in krb5_unwrap_new()
1870 * More complicated - rearrange the mbuf in krb5_unwrap_new()
1880 blen = ec->ec_blocklen; in krb5_unwrap_new()
1881 cklen = ec->ec_checksumlen; in krb5_unwrap_new()
1892 ctlen = mlen - 16 - cklen; in krb5_unwrap_new()
1901 plen = ctlen - blen - 16 - EC; in krb5_unwrap_new()
1918 if (mlast->m_len >= tlen) { in krb5_unwrap_new()
1919 mlast->m_len -= tlen; in krb5_unwrap_new()
1938 plen = mlen - 16 - cklen; in krb5_unwrap_new()
1945 p = hm->m_data; in krb5_unwrap_new()
1950 m->m_next = hm; in krb5_unwrap_new()
1951 hm->m_next = cm; in krb5_unwrap_new()
1953 bcopy(cm->m_data, buf, cklen); in krb5_unwrap_new()
1955 if (bcmp(cm->m_data, buf, cklen)) in krb5_unwrap_new()
1961 mlast->m_next = NULL; in krb5_unwrap_new()
1973 struct mbuf **mp, int *conf_state, gss_qop_t *qop_state) in krb5_unwrap()
1984 if (time_uptime > kc->kc_lifetime) in krb5_unwrap()
1987 switch (kc->kc_tokenkey->ks_class->ec_type) { in krb5_unwrap()
2019 int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, in krb5_wrap_size_limit()
2032 ec = kc->kc_tokenkey->ks_class; in krb5_wrap_size_limit()
2033 switch (ec->ec_type) { in krb5_wrap_size_limit()
2047 overhead += 8 + 8 + ec->ec_msgblocklen; in krb5_wrap_size_limit()
2048 overhead += ec->ec_checksumlen; in krb5_wrap_size_limit()
2056 * up to msgblocklen - 1 bytes of padding in krb5_wrap_size_limit()
2060 overhead = 16 + ec->ec_blocklen; in krb5_wrap_size_limit()
2061 overhead += ec->ec_msgblocklen - 1; in krb5_wrap_size_limit()
2063 overhead += ec->ec_checksumlen; in krb5_wrap_size_limit()
2068 overhead = 16 + ec->ec_checksumlen; in krb5_wrap_size_limit()
2072 *max_input_size = req_output_size - overhead; in krb5_wrap_size_limit()
2099 static int
2100 kgssapi_krb5_modevent(module_t mod, int type, void *data) in kgssapi_krb5_modevent()