Cross Reference: gen_seqnum.c
xref
: /
osnet-11
/
usr
/
src
/
lib
/
gss_mechs
/
mech_krb5
/
krb5
/
krb
/
gen_seqnum.c
Home
History
Annotate
Line#
Navigate
Download
Search
only in
./
2
N/A
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2
N/A
/*
2
N/A
*
lib
/
krb5
/
krb
/
gen_seqnum.c
2
N/A
*
2
N/A
* Copyright 1991 by the Massachusetts Institute of Technology.
2
N/A
* All Rights Reserved.
2
N/A
*
2
N/A
* Export of this software from the United States of America may
2
N/A
* require a specific license from the United States Government.
2
N/A
* It is the responsibility of any person or organization contemplating
2
N/A
* export to obtain such a license before exporting.
2
N/A
*
2
N/A
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
2
N/A
* distribute this software and its documentation for any purpose and
2
N/A
* without fee is hereby granted, provided that the above copyright
2
N/A
* notice appear in all copies and that both that copyright notice and
2
N/A
* this permission notice appear in supporting documentation, and that
2
N/A
* the name of M.I.T. not be used in advertising or publicity pertaining
2
N/A
* to distribution of the software without specific, written prior
2
N/A
* permission. Furthermore if you modify this software you must label
2
N/A
* your software as modified software and not distribute it in such a
2
N/A
* fashion that it might be confused with the original M.I.T. software.
2
N/A
* M.I.T. makes no representations about the suitability of
2
N/A
* this software for any purpose. It is provided "as is" without express
2
N/A
* or implied warranty.
2
N/A
*
2
N/A
*
2
N/A
* Routine to automatically generate a starting sequence number.
2
N/A
* We do this by getting a random key and encrypting something with it,
2
N/A
* then taking the output and slicing it up.
2
N/A
*/
2
N/A
2
N/A
/*
2
N/A
* Copyright (c) 2011, Oracle
and
/
or
its affiliates. All rights reserved.
2
N/A
*/
2
N/A
2
N/A
#
include
"
k5-int.h
"
2
N/A
2
N/A
#
ifndef
MIN
2
N/A
#
define
MIN
(a,b) ((a) < (b) ? (a) : (b))
2
N/A
#
endif
2
N/A
2
N/A
static
inline
krb5_data
2
N/A
key2data
(
krb5_keyblock
k)
2
N/A
{
2
N/A
krb5_data
d;
2
N/A
d.
magic
=
KV5M_DATA
;
2
N/A
d.
length
= k.
length
;
2
N/A
d.
data
= (
char
*) k.
contents
;
2
N/A
return
d;
2
N/A
}
2
N/A
2
N/A
krb5_error_code
2
N/A
krb5_generate_seq_number
(
krb5_context
context
,
const
krb5_keyblock
*
key
,
krb5_ui_4
*
seqno
)
2
N/A
{
2
N/A
krb5_data
seed
;
2
N/A
krb5_error_code
retval
;
2
N/A
2
N/A
/*
2
N/A
* Solaris Kerberos: Don't bother with this PRNG stuff,
2
N/A
* we have /
dev
/
random
and PKCS#11 to handle Random Numbers.
2
N/A
*/
2
N/A
#
if
0
2
N/A
seed
=
key2data
(*
key
);
2
N/A
if
((
retval
=
krb5_c_random_add_entropy
(
context
,
KRB5_C_RANDSOURCE_TRUSTEDPARTY
, &
seed
)))
2
N/A
return
(
retval
);
2
N/A
#
endif
/* 0 */
2
N/A
2
N/A
seed
.
length
=
sizeof
(*
seqno
);
2
N/A
seed
.
data
= (
char
*)
seqno
;
2
N/A
retval
=
krb5_c_random_make_octets
(
context
, &
seed
);
2
N/A
if
(
retval
)
2
N/A
return
retval
;
2
N/A
/*
2
N/A
* Work around implementation incompatibilities by not generating
2
N/A
* initial sequence numbers greater than 2^30. Previous MIT
2
N/A
* implementations use signed sequence numbers, so initial
2
N/A
* sequence numbers 2^31 to 2^32-1 inclusive will be rejected.
2
N/A
* Letting the maximum initial sequence number be 2^30-1 allows
2
N/A
* for about 2^30 messages to be sent before wrapping into
2
N/A
* "negative" numbers.
2
N/A
*/
2
N/A
*
seqno
&=
0x3fffffff
;
2
N/A
if
(*
seqno
== 0)
2
N/A
*
seqno
=
1
;
2
N/A
return
0;
2
N/A
}