224 is_initiator(struct krb5_context *kc)  in is_initiator()  argument
226 	return (kc->kc_more_flags & LOCAL);  in is_initiator()
233 is_acceptor(struct krb5_context *kc)  in is_acceptor()  argument
235 	return !(kc->kc_more_flags & LOCAL);  in is_acceptor()
239 get_initiator_subkey(struct krb5_context *kc, struct krb5_keyblock **kdp)  in get_initiator_subkey()  argument
242 	if (is_initiator(kc))  in get_initiator_subkey()
243 		copy_key(&kc->kc_local_subkey, kdp);  in get_initiator_subkey()
245 		copy_key(&kc->kc_remote_subkey, kdp);  in get_initiator_subkey()
247 		copy_key(&kc->kc_keyblock, kdp);  in get_initiator_subkey()
251 get_acceptor_subkey(struct krb5_context *kc, struct krb5_keyblock **kdp)  in get_acceptor_subkey()  argument
254 	if (is_initiator(kc))  in get_acceptor_subkey()
255 		copy_key(&kc->kc_remote_subkey, kdp);  in get_acceptor_subkey()
257 		copy_key(&kc->kc_local_subkey, kdp);  in get_acceptor_subkey()
261 get_keys(struct krb5_context *kc)  in get_keys()  argument
269 	get_acceptor_subkey(kc, &keydata);  in get_keys()
271 		if ((kc->kc_more_flags & ACCEPTOR_SUBKEY) == 0)  in get_keys()
272 			get_initiator_subkey(kc, &keydata);  in get_keys()
303 	kc->kc_tokenkey = key;  in get_keys()
324 		kc->kc_encryptkey = ekey;  in get_keys()
326 		kc->kc_checksumkey = key;  in get_keys()
337 		kc->kc_checksumkey = krb5_get_checksum_key(key, KG_USAGE_SIGN);  in get_keys()
339 		kc->kc_encryptkey = key;  in get_keys()
347 		if (is_initiator(kc)) {  in get_keys()
351 			kc->kc_send_seal_Ke = krb5_get_encryption_key(key,  in get_keys()
353 			kc->kc_send_seal_Ki = krb5_get_integrity_key(key,  in get_keys()
355 			kc->kc_send_seal_Kc = krb5_get_checksum_key(key,  in get_keys()
357 			kc->kc_send_sign_Kc = krb5_get_checksum_key(key,  in get_keys()
360 			kc->kc_recv_seal_Ke = krb5_get_encryption_key(key,  in get_keys()
362 			kc->kc_recv_seal_Ki = krb5_get_integrity_key(key,  in get_keys()
364 			kc->kc_recv_seal_Kc = krb5_get_checksum_key(key,  in get_keys()
366 			kc->kc_recv_sign_Kc = krb5_get_checksum_key(key,  in get_keys()
372 			kc->kc_send_seal_Ke = krb5_get_encryption_key(key,  in get_keys()
374 			kc->kc_send_seal_Ki = krb5_get_integrity_key(key,  in get_keys()
376 			kc->kc_send_seal_Kc = krb5_get_checksum_key(key,  in get_keys()
378 			kc->kc_send_sign_Kc = krb5_get_checksum_key(key,  in get_keys()
381 			kc->kc_recv_seal_Ke = krb5_get_encryption_key(key,  in get_keys()
383 			kc->kc_recv_seal_Ki = krb5_get_integrity_key(key,  in get_keys()
385 			kc->kc_recv_seal_Kc = krb5_get_checksum_key(key,  in get_keys()
387 			kc->kc_recv_sign_Kc = krb5_get_checksum_key(key,  in get_keys()
399 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_init()  local
401 	mtx_init(&kc->kc_lock, "krb5 gss lock", NULL, MTX_DEF);  in krb5_init()
409 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_import()  local
440 	kc->kc_ac_flags = get_uint32(&p, &len);  in krb5_import()
442 		get_address(&p, &len, &kc->kc_local_address);  in krb5_import()
444 		get_address(&p, &len, &kc->kc_remote_address);  in krb5_import()
445 	kc->kc_local_port = get_uint16(&p, &len);  in krb5_import()
446 	kc->kc_remote_port = get_uint16(&p, &len);  in krb5_import()
448 		get_keyblock(&p, &len, &kc->kc_keyblock);  in krb5_import()
450 		get_keyblock(&p, &len, &kc->kc_local_subkey);  in krb5_import()
452 		get_keyblock(&p, &len, &kc->kc_remote_subkey);  in krb5_import()
453 	kc->kc_local_seqnumber = get_uint32(&p, &len);  in krb5_import()
454 	kc->kc_remote_seqnumber = get_uint32(&p, &len);  in krb5_import()
455 	kc->kc_keytype = get_uint32(&p, &len);  in krb5_import()
456 	kc->kc_cksumtype = get_uint32(&p, &len);  in krb5_import()
457 	get_data(&p, &len, &kc->kc_source_name);  in krb5_import()
458 	get_data(&p, &len, &kc->kc_target_name);  in krb5_import()
459 	kc->kc_ctx_flags = get_uint32(&p, &len);  in krb5_import()
460 	kc->kc_more_flags = get_uint32(&p, &len);  in krb5_import()
461 	kc->kc_lifetime = get_uint32(&p, &len);  in krb5_import()
466 		kc->kc_msg_order.km_flags = get_uint32(&p, &len);  in krb5_import()
467 		kc->kc_msg_order.km_start = get_uint32(&p, &len);  in krb5_import()
468 		kc->kc_msg_order.km_length = get_uint32(&p, &len);  in krb5_import()
469 		kc->kc_msg_order.km_jitter_window = get_uint32(&p, &len);  in krb5_import()
470 		kc->kc_msg_order.km_first_seq = get_uint32(&p, &len);  in krb5_import()
471 		kc->kc_msg_order.km_elem =  in krb5_import()
472 			malloc(kc->kc_msg_order.km_jitter_window * sizeof(uint32_t),  in krb5_import()
474 		for (i = 0; i < kc->kc_msg_order.km_jitter_window; i++)  in krb5_import()
475 			kc->kc_msg_order.km_elem[i] = get_uint32(&p, &len);  in krb5_import()
477 		kc->kc_msg_order.km_flags = 0;  in krb5_import()
480 	res = get_keys(kc);  in krb5_import()
487 	delete_keyblock(&kc->kc_keyblock);  in krb5_import()
488 	delete_keyblock(&kc->kc_local_subkey);  in krb5_import()
489 	delete_keyblock(&kc->kc_remote_subkey);  in krb5_import()
497 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_delete()  local
499 	delete_address(&kc->kc_local_address);  in krb5_delete()
500 	delete_address(&kc->kc_remote_address);  in krb5_delete()
501 	delete_keyblock(&kc->kc_keyblock);  in krb5_delete()
502 	delete_keyblock(&kc->kc_local_subkey);  in krb5_delete()
503 	delete_keyblock(&kc->kc_remote_subkey);  in krb5_delete()
504 	delete_data(&kc->kc_source_name);  in krb5_delete()
505 	delete_data(&kc->kc_target_name);  in krb5_delete()
506 	if (kc->kc_msg_order.km_elem)  in krb5_delete()
507 		free(kc->kc_msg_order.km_elem, M_GSSAPI);  in krb5_delete()
512 	if (kc->kc_tokenkey) {  in krb5_delete()
513 		krb5_free_key(kc->kc_tokenkey);  in krb5_delete()
514 		if (kc->kc_encryptkey) {  in krb5_delete()
515 			krb5_free_key(kc->kc_encryptkey);  in krb5_delete()
516 			krb5_free_key(kc->kc_checksumkey);  in krb5_delete()
518 			krb5_free_key(kc->kc_send_seal_Ke);  in krb5_delete()
519 			krb5_free_key(kc->kc_send_seal_Ki);  in krb5_delete()
520 			krb5_free_key(kc->kc_send_seal_Kc);  in krb5_delete()
521 			krb5_free_key(kc->kc_send_sign_Kc);  in krb5_delete()
522 			krb5_free_key(kc->kc_recv_seal_Ke);  in krb5_delete()
523 			krb5_free_key(kc->kc_recv_seal_Ki);  in krb5_delete()
524 			krb5_free_key(kc->kc_recv_seal_Kc);  in krb5_delete()
525 			krb5_free_key(kc->kc_recv_sign_Kc);  in krb5_delete()
528 	mtx_destroy(&kc->kc_lock);  in krb5_delete()
772 krb5_sequence_check(struct krb5_context *kc, uint32_t seq)  in krb5_sequence_check()  argument
775 	struct krb5_msg_order *mo = &kc->kc_msg_order;  in krb5_sequence_check()
780 	mtx_lock(&kc->kc_lock);  in krb5_sequence_check()
833 	mtx_unlock(&kc->kc_lock);  in krb5_sequence_check()
858 krb5_get_mic_old(struct krb5_context *kc, struct mbuf *m,  in krb5_get_mic_old()  argument
869 	tlen = token_length(kc->kc_tokenkey);  in krb5_get_mic_old()
886 	cklen = kc->kc_checksumkey->ks_class->ec_checksumlen;  in krb5_get_mic_old()
894 	krb5_checksum(kc->kc_checksumkey, 15, mic, mic->m_len - 8,  in krb5_get_mic_old()
910 	seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1);  in krb5_get_mic_old()
922 	if (is_initiator(kc)) {  in krb5_get_mic_old()
938 	krb5_encrypt(kc->kc_tokenkey, mic, mic->m_len - cklen - 8, 8, buf, 8);  in krb5_get_mic_old()
945 krb5_get_mic_new(struct krb5_context *kc,  struct mbuf *m,  in krb5_get_mic_new()  argument
948 	struct krb5_key_state *key = kc->kc_send_sign_Kc;  in krb5_get_mic_new()
970 	if (is_acceptor(kc))  in krb5_get_mic_new()
972 	if (kc->kc_more_flags & ACCEPTOR_SUBKEY)  in krb5_get_mic_new()
988 	seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1);  in krb5_get_mic_new()
1012 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_get_mic()  local
1019 	if (time_uptime > kc->kc_lifetime)  in krb5_get_mic()
1022 	switch (kc->kc_tokenkey->ks_class->ec_type) {  in krb5_get_mic()
1024 		return (krb5_get_mic_old(kc, m, micp, sgn_alg_des_md5));  in krb5_get_mic()
1027 		return (krb5_get_mic_old(kc, m, micp, sgn_alg_des3_sha1));  in krb5_get_mic()
1031 		return (krb5_get_mic_old(kc, m, micp, sgn_alg_hmac_md5));  in krb5_get_mic()
1034 		return (krb5_get_mic_new(kc, m, micp));  in krb5_get_mic()
1041 krb5_verify_mic_old(struct krb5_context *kc, struct mbuf *m, struct mbuf *mic,  in krb5_verify_mic_old()  argument
1052 	tlen = token_length(kc->kc_tokenkey);  in krb5_verify_mic_old()
1082 	cklen = kc->kc_checksumkey->ks_class->ec_checksumlen;  in krb5_verify_mic_old()
1089 	krb5_checksum(kc->kc_checksumkey, 15, mic, mic->m_len - 8,  in krb5_verify_mic_old()
1109 	krb5_decrypt(kc->kc_tokenkey, tm, 0, 8, p + 8, 8);  in krb5_verify_mic_old()
1118 	if (is_initiator(kc)) {  in krb5_verify_mic_old()
1129 	if (kc->kc_msg_order.km_flags &  in krb5_verify_mic_old()
1131 		return (krb5_sequence_check(kc, seq));  in krb5_verify_mic_old()
1138 krb5_verify_mic_new(struct krb5_context *kc, struct mbuf *m, struct mbuf *mic)  in krb5_verify_mic_new()  argument
1141 	struct krb5_key_state *key = kc->kc_recv_sign_Kc;  in krb5_verify_mic_new()
1164 	if (is_initiator(kc))  in krb5_verify_mic_new()
1166 	if (kc->kc_more_flags & ACCEPTOR_SUBKEY)  in krb5_verify_mic_new()
1184 	if (kc->kc_msg_order.km_flags &  in krb5_verify_mic_new()
1192 			res = krb5_sequence_check(kc, seq);  in krb5_verify_mic_new()
1221 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_verify_mic()  local
1227 	if (time_uptime > kc->kc_lifetime)  in krb5_verify_mic()
1230 	switch (kc->kc_tokenkey->ks_class->ec_type) {  in krb5_verify_mic()
1232 		return (krb5_verify_mic_old(kc, m, mic, sgn_alg_des_md5));  in krb5_verify_mic()
1236 		return (krb5_verify_mic_old(kc, m, mic, sgn_alg_hmac_md5));  in krb5_verify_mic()
1239 		return (krb5_verify_mic_old(kc, m, mic, sgn_alg_des3_sha1));  in krb5_verify_mic()
1242 		return (krb5_verify_mic_new(kc, m, mic));  in krb5_verify_mic()
1249 krb5_wrap_old(struct krb5_context *kc, int conf_req_flag,  in krb5_wrap_old()  argument
1265 	tlen = kc->kc_tokenkey->ks_class->ec_msgblocklen;  in krb5_wrap_old()
1275 	tlen = token_length(kc->kc_tokenkey);  in krb5_wrap_old()
1324 	cklen = kc->kc_checksumkey->ks_class->ec_checksumlen;  in krb5_wrap_old()
1330 	krb5_checksum(kc->kc_checksumkey, 13, tm, tm->m_len - 8,  in krb5_wrap_old()
1346 	seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1);  in krb5_wrap_old()
1358 	if (is_initiator(kc)) {  in krb5_wrap_old()
1367 	krb5_encrypt(kc->kc_tokenkey, tm, p - (uint8_t *) tm->m_data,  in krb5_wrap_old()
1381 			krb5_encrypt(kc->kc_encryptkey, m, 0, datalen,  in krb5_wrap_old()
1384 			krb5_encrypt(kc->kc_encryptkey, m, 0, datalen,  in krb5_wrap_old()
1397 krb5_wrap_new(struct krb5_context *kc, int conf_req_flag,  in krb5_wrap_new()  argument
1400 	struct krb5_key_state *Ke = kc->kc_send_seal_Ke;  in krb5_wrap_new()
1401 	struct krb5_key_state *Ki = kc->kc_send_seal_Ki;  in krb5_wrap_new()
1402 	struct krb5_key_state *Kc = kc->kc_send_seal_Kc;  in krb5_wrap_new()
1479 	if (is_acceptor(kc))  in krb5_wrap_new()
1481 	if (kc->kc_more_flags & ACCEPTOR_SUBKEY)  in krb5_wrap_new()
1499 	seq = atomic_fetchadd_32(&kc->kc_local_seqnumber, 1);  in krb5_wrap_new()
1548 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_wrap()  local
1557 	if (time_uptime > kc->kc_lifetime)  in krb5_wrap()
1560 	switch (kc->kc_tokenkey->ks_class->ec_type) {  in krb5_wrap()
1562 		return (krb5_wrap_old(kc, conf_req_flag,  in krb5_wrap()
1567 		return (krb5_wrap_old(kc, conf_req_flag,  in krb5_wrap()
1571 		return (krb5_wrap_old(kc, conf_req_flag,  in krb5_wrap()
1575 		return (krb5_wrap_new(kc, conf_req_flag, mp, conf_state));  in krb5_wrap()
1600 krb5_unwrap_old(struct krb5_context *kc, struct mbuf **mp, int *conf_state,  in krb5_unwrap_old()  argument
1615 	tlen = token_length(kc->kc_tokenkey);  in krb5_unwrap_old()
1616 	cklen = kc->kc_tokenkey->ks_class->ec_checksumlen;  in krb5_unwrap_old()
1660 	krb5_decrypt(kc->kc_tokenkey, m, 8, 8, p + 8, 8);  in krb5_unwrap_old()
1667 	if (is_initiator(kc)) {  in krb5_unwrap_old()
1675 	if (kc->kc_msg_order.km_flags &  in krb5_unwrap_old()
1677 		res = krb5_sequence_check(kc, seq);  in krb5_unwrap_old()
1694 			krb5_decrypt(kc->kc_encryptkey, m, 16 + cklen,  in krb5_unwrap_old()
1697 			krb5_decrypt(kc->kc_encryptkey, m, 16 + cklen,  in krb5_unwrap_old()
1748 	krb5_checksum(kc->kc_checksumkey, 13, hm, 0, datalen + 8, cklen);  in krb5_unwrap_old()
1775 krb5_unwrap_new(struct krb5_context *kc, struct mbuf **mp, int *conf_state)  in krb5_unwrap_new()  argument
1778 	struct krb5_key_state *Ke = kc->kc_recv_seal_Ke;  in krb5_unwrap_new()
1779 	struct krb5_key_state *Ki = kc->kc_recv_seal_Ki;  in krb5_unwrap_new()
1780 	struct krb5_key_state *Kc = kc->kc_recv_seal_Kc;  in krb5_unwrap_new()
1808 	if (is_initiator(kc))  in krb5_unwrap_new()
1810 	if (kc->kc_more_flags & ACCEPTOR_SUBKEY)  in krb5_unwrap_new()
1824 	if (kc->kc_msg_order.km_flags &  in krb5_unwrap_new()
1832 			res = krb5_sequence_check(kc, seq);  in krb5_unwrap_new()
1975 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_unwrap()  local
1984 	if (time_uptime > kc->kc_lifetime)  in krb5_unwrap()
1987 	switch (kc->kc_tokenkey->ks_class->ec_type) {  in krb5_unwrap()
1989 		maj_stat = krb5_unwrap_old(kc, mp, conf_state,  in krb5_unwrap()
1995 		maj_stat = krb5_unwrap_old(kc, mp, conf_state,  in krb5_unwrap()
2000 		maj_stat = krb5_unwrap_old(kc, mp, conf_state,  in krb5_unwrap()
2005 		maj_stat = krb5_unwrap_new(kc, mp, conf_state);  in krb5_unwrap()
2022 	struct krb5_context *kc = (struct krb5_context *)ctx;  in krb5_wrap_size_limit()  local
2032 	ec = kc->kc_tokenkey->ks_class;  in krb5_wrap_size_limit()