1 /* 2 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 /* 8 * lib/krb5/krb/gen_seqnum.c 9 * 10 * Copyright 1991 by the Massachusetts Institute of Technology. 11 * All Rights Reserved. 12 * 13 * Export of this software from the United States of America may 14 * require a specific license from the United States Government. 15 * It is the responsibility of any person or organization contemplating 16 * export to obtain such a license before exporting. 17 * 18 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 19 * distribute this software and its documentation for any purpose and 20 * without fee is hereby granted, provided that the above copyright 21 * notice appear in all copies and that both that copyright notice and 22 * this permission notice appear in supporting documentation, and that 23 * the name of M.I.T. not be used in advertising or publicity pertaining 24 * to distribution of the software without specific, written prior 25 * permission. Furthermore if you modify this software you must label 26 * your software as modified software and not distribute it in such a 27 * fashion that it might be confused with the original M.I.T. software. 28 * M.I.T. makes no representations about the suitability of 29 * this software for any purpose. It is provided "as is" without express 30 * or implied warranty. 31 * 32 * 33 * Routine to automatically generate a starting sequence number. 34 * We do this by getting a random key and encrypting something with it, 35 * then taking the output and slicing it up. 36 */ 37 38 #include <k5-int.h> 39 40 #ifndef MIN 41 #define MIN(a,b) ((a) < (b) ? (a) : (b)) 42 #endif 43 44 krb5_error_code 45 krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno) 46 { 47 krb5_data seed; 48 krb5_error_code retval; 49 #if 0 50 /* 51 * Solaris Kerberos: Don't bother with this PRNG stuff, 52 * we have /dev/random and PKCS#11 to handle Random Numbers. 53 */ 54 55 56 seed.length = key->length; 57 seed.data = (char *)key->contents; 58 if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) 59 return(retval); 60 #endif /* 0 */ 61 62 seed.length = sizeof(*seqno); 63 seed.data = (char *) seqno; 64 retval = krb5_c_random_make_octets(context, &seed); 65 if (retval) 66 return retval; 67 /* 68 * Work around implementation incompatibilities by not generating 69 * initial sequence numbers greater than 2^30. Previous MIT 70 * implementations use signed sequence numbers, so initial 71 * sequence numbers 2^31 to 2^32-1 inclusive will be rejected. 72 * Letting the maximum initial sequence number be 2^30-1 allows 73 * for about 2^30 messages to be sent before wrapping into 74 * "negative" numbers. 75 */ 76 *seqno &= 0x3fffffff; 77 if (*seqno == 0) 78 *seqno = 1; 79 return 0; 80 } 81