* $Source: /mit/kerberos/src/lib/krb/RCS/mk_safe.c,v $
* Copyright 1986, 1987, 1988 by the Massachusetts Institute
* For copying and distribution information, please see the file
* This routine constructs a Kerberos 'safe msg', i.e. authenticated
* using a private session key to seed a checksum. Msg is NOT
* Note-- bcopy is used to avoid alignment problems on IBM RT
* Returns either <0 ===> error, or resulting size of message
* Steve Miller Project Athena MIT/DEC
static char *rcsid_mk_safe_c
=
"$Header: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $";
#include <mit-copyright.h>
/* system include files */
/* application include files */
#include "lsb_addr_comp.h"
static C_Block big_cksum
[2];
static struct timeval msg_time
;
static u_char msg_time_5ms
;
static long msg_time_sec
;
* krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some
* user data "in" of "length" bytes and creates a packet in "out"
* consisting of the user data, a timestamp, and the sender's network
* address, followed by a checksum computed on the above, using the
* given "key". The length of the resulting packet is returned.
* The "out" packet consists of:
* 1 byte KRB_PROT_VERSION protocol version number
* 1 byte AUTH_MSG_SAFE | message type plus local
* HOST_BYTE_ORDER byte order in low bit
* ===================== begin checksum ================================
* 4 bytes length length of user data
* 1 byte msg_time_5ms timestamp milliseconds
* 4 bytes sender->sin.addr.s_addr sender's IP address
* 4 bytes msg_time_sec or timestamp seconds with
* -msg_time_sec direction in sign bit
* ======================= end checksum ================================
* 16 bytes big_cksum quadratic checksum of
long krb_mk_safe(in
,out
,length
,key
,sender
,receiver
)
u_char
*in
; /* application data */
* put msg here, leave room for header!
* breaks if in and out (header stuff)
u_long length
; /* of in data */
C_Block
*key
; /* encryption key for seed and ivec */
struct sockaddr_in
*sender
; /* sender address */
struct sockaddr_in
*receiver
; /* receiver address */
* get the current time to use instead of a sequence #, since
* process lifetime may be shorter than the lifetime of a session
if (gettimeofday(&msg_time
,(struct timezone
*)0)) {
msg_time_sec
= (long) msg_time
.tv_sec
;
msg_time_5ms
= msg_time
.tv_usec
/5000; /* 5ms quanta */
*p
++ = AUTH_MSG_SAFE
| HOST_BYTE_ORDER
;
q
= p
; /* start for checksum stuff */
bcopy((char *)&length
,(char *)p
,sizeof(length
));
/* make all the stuff contiguous for checksum */
bcopy((char *)in
,(char *)p
,(int) length
);
bcopy((char *)&msg_time_5ms
,(char *)p
,sizeof(msg_time_5ms
));
p
+= sizeof(msg_time_5ms
);
/* stuff source address */
bcopy((char *) &sender
->sin_addr
.s_addr
,(char *)p
,
sizeof(sender
->sin_addr
.s_addr
));
p
+= sizeof(sender
->sin_addr
.s_addr
);
* direction bit is the sign bit of the timestamp. Ok until
/* For compatibility with broken old code, compares are done in VAX
if (lsb_net_ulong_less(sender
->sin_addr
.s_addr
, /* src < recv */
receiver
->sin_addr
.s_addr
)==-1)
msg_time_sec
= -msg_time_sec
;
else if (lsb_net_ulong_less(sender
->sin_addr
.s_addr
,
receiver
->sin_addr
.s_addr
)==0)
if (lsb_net_ushort_less(sender
->sin_port
,receiver
->sin_port
) == -1)
msg_time_sec
= -msg_time_sec
;
* all that for one tiny bit! Heaven help those that talk to
bcopy((char *)&msg_time_sec
,(char *)p
,sizeof(msg_time_sec
));
p
+= sizeof(msg_time_sec
);
bzero(big_cksum
, sizeof(big_cksum
));
#else /* Do encryption */
/* calculate the checksum of length, timestamps, and input data */
cksum
= quad_cksum(q
,big_cksum
,p
-q
,2,key
);
#endif /* NOENCRYPTION */
printf("\ncksum = %u",cksum
);
bcopy((char *)big_cksum
,(char *)p
,sizeof(big_cksum
));
return ((long)(p
- out
)); /* resulting size */