23  *	token.c
80  * token which has an ASN.1 application 0 header prepended. The unserialized
81  * token supplied should be of type DH_INIT_CNTX.
105  *	~      ~		Serialized DH token
111  * We will define the token_size to be the sizeof the serialize token plus
116 __make_ap_token(gss_buffer_t result, /* The serialized token */
118 		dh_token_t token, /* The unserialized input token */
119 		dh_key_set_t keys /* The session keys to sign the token */)
126 	/* Allocate the signature for the input token */
127 	if ((stat = __alloc_sig(get_qop(token),
128 				&token->verifier))
133 	 * We will first determine the size of the output token in
137 	/* Fetch the size of a serialized DH token */
138 	token_size = xdr_sizeof((xdrproc_t)xdr_dh_token_desc, (void *)token);
141 	 * The token itself needs to be pasted on to the ASN.1
161 		__free_signature(&token->verifier);
182 	/* Encode the Diffie-Hellmam token */
192 	/* Paste the DH token on */
193 	if ((stat = __xdr_encode_token(&xdrs, NULL, token, keys))
195 		__free_signature(&token->verifier);
199 	/* We're done with the signature, the token has been serialized */
200 	__free_signature(&token->verifier);
206  * __make_token: Given an unserialized DH token, serialize it puting the
207  * serialized output in result. If this token has a type of DH_MIC, then
209  * over the message as well as the serialized token.
212 __make_token(gss_buffer_t result, /* Serialized token goes here */
214 	    dh_token_t token,	/* The token to encode */
222 	/* Allocate a signature for this token */
223 	if ((stat = __alloc_sig(get_qop(token),
224 				&token->verifier))
228 	/* Get the output token size to know how much to allocate */
229 	token_size = xdr_sizeof((xdrproc_t)xdr_dh_token_desc, (void *)token);
231 	/* Allocate the buffer to hold the serialized token */
234 		__free_signature(&token->verifier);
245 	/* Encode the token */
246 	if ((stat = __xdr_encode_token(&xdrs, msg, token, keys))
248 		__free_signature(&token->verifier);
253 	__free_signature(&token->verifier);
259  * token which has an ASN.1 application 0 header prepended. The resulting
260  * unserialized token supplied should be of type DH_INIT_CNTX..
262  * The ASN.1 applicationtion prefix  and token is encoded as follows:
284  *	~      ~		Serialized DH token
290  * We will define the token_size to be the sizeof the serialize token plus
295 __get_ap_token(gss_buffer_t input, /* The token to deserialize */
297 	    dh_token_t token, /* The resulting token */
298 	    dh_signature_t sig /* The signature found over the input token */)
306 	/* Set p and buf to point to the beginning of the token */
309 	/* Check that this is an ASN.1 APPLICATION 0 token */
347 	 * The DH token length is the application length minus the length
352 	/* Sanity check the token length */
356 	/* Check that this token is for this OID */
365 	/* Get the start of XDR encoded token */
372 	 * Clear the deserialized token (we'll have the xdr routines
375 	memset(token, 0, sizeof (dh_token_desc));
381 	 * Decode the DH_INIT_CNTX token. Note that at this point we have no
384 	 * caller can then attempt to decrypt the session keys in token
386 	 * integrity of the token.
388 	if ((stat = __xdr_decode_token(&xdrs, NULL, token, NULL, sig))
390 		xdr_free(xdr_dh_token_desc, (char *)token);
398  * __get_token: Deserialize a supplied Diffie-Hellman token. Note the
400  * should only be supplied if the token is of DH_MIC type.
403 __get_token(gss_buffer_t input, /* The token to deserialize */
405 	    dh_token_t token,    /* The decode token */
412 	/* Create a an XDR stream out of the input token */
416 	memset(token, 0, sizeof (dh_token_desc));
419 	/* Decode the token */
420 	if ((stat = __xdr_decode_token(&xdrs, msg, token, keys, &sig))
422 		/* If we fail release the deserialized token */
423 		xdr_free(xdr_dh_token_desc, (char *)token);
439  * serialized token. Note this protocol is designed with the signature as
440  * the last part of any token. In this way the signature that is calculated is
441  * always done over the entire token. All fields in any token are thus
474  * __xdr_decode_token: Decode a token from an XDR stream into a token_desc
476  * token and an optional message. The calculated signature will be
478  * routine will compare that the verifier in the deserialized token is
480  * the usual case. However if the supplied serialized token is DH_INIT_CNTX,
482  * our raw signature (Non encrypted) and the deserialized token. Higher in
486  * token.

Indexes created Tue Jul 24 14:28:13 CEST 2018