2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2N/A/*
2N/A * lib/krb5/krb/gen_seqnum.c
2N/A *
2N/A * Copyright 1991 by the Massachusetts Institute of Technology.
2N/A * All Rights Reserved.
2N/A *
2N/A * Export of this software from the United States of America may
2N/A * require a specific license from the United States Government.
2N/A * It is the responsibility of any person or organization contemplating
2N/A * export to obtain such a license before exporting.
2N/A *
2N/A * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
2N/A * distribute this software and its documentation for any purpose and
2N/A * without fee is hereby granted, provided that the above copyright
2N/A * notice appear in all copies and that both that copyright notice and
2N/A * this permission notice appear in supporting documentation, and that
2N/A * the name of M.I.T. not be used in advertising or publicity pertaining
2N/A * to distribution of the software without specific, written prior
2N/A * permission. Furthermore if you modify this software you must label
2N/A * your software as modified software and not distribute it in such a
2N/A * fashion that it might be confused with the original M.I.T. software.
2N/A * M.I.T. makes no representations about the suitability of
2N/A * this software for any purpose. It is provided "as is" without express
2N/A * or implied warranty.
2N/A *
2N/A *
2N/A * Routine to automatically generate a starting sequence number.
2N/A * We do this by getting a random key and encrypting something with it,
2N/A * then taking the output and slicing it up.
2N/A */
2N/A
2N/A/*
2N/A * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#include "k5-int.h"
2N/A
2N/A#ifndef MIN
2N/A#define MIN(a,b) ((a) < (b) ? (a) : (b))
2N/A#endif
2N/A
2N/Astatic inline krb5_data
2N/Akey2data (krb5_keyblock k)
2N/A{
2N/A krb5_data d;
2N/A d.magic = KV5M_DATA;
2N/A d.length = k.length;
2N/A d.data = (char *) k.contents;
2N/A return d;
2N/A}
2N/A
2N/Akrb5_error_code
2N/Akrb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno)
2N/A{
2N/A krb5_data seed;
2N/A krb5_error_code retval;
2N/A
2N/A/*
2N/A * Solaris Kerberos: Don't bother with this PRNG stuff,
2N/A * we have /dev/random and PKCS#11 to handle Random Numbers.
2N/A */
2N/A#if 0
2N/A seed = key2data(*key);
2N/A if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
2N/A return(retval);
2N/A#endif /* 0 */
2N/A
2N/A seed.length = sizeof(*seqno);
2N/A seed.data = (char *) seqno;
2N/A retval = krb5_c_random_make_octets(context, &seed);
2N/A if (retval)
2N/A return retval;
2N/A /*
2N/A * Work around implementation incompatibilities by not generating
2N/A * initial sequence numbers greater than 2^30. Previous MIT
2N/A * implementations use signed sequence numbers, so initial
2N/A * sequence numbers 2^31 to 2^32-1 inclusive will be rejected.
2N/A * Letting the maximum initial sequence number be 2^30-1 allows
2N/A * for about 2^30 messages to be sent before wrapping into
2N/A * "negative" numbers.
2N/A */
2N/A *seqno &= 0x3fffffff;
2N/A if (*seqno == 0)
2N/A *seqno = 1;
2N/A return 0;
2N/A}