diff options
| author |   Kevin Coffman <kwc@citi.umich.edu> | 2010-03-17 13:02:46 -0400 |
|---|---|---|
| committer |   Trond Myklebust <Trond.Myklebust@netapp.com> | 2010-05-14 15:09:15 -0400 |
| commit | 725f2865d4df31ac0768b13ae763beadc4bb8ce9 (patch) | |
| tree | 20b2da47713e7f38a61d37cbb2c95ad52c88609f /include/linux/sunrpc/gss_krb5.h | |
| parent | Merge branch 'for-linus' of git://git.infradead.org/users/eparis/notify (diff) | |
| download | linux-dev-725f2865d4df31ac0768b13ae763beadc4bb8ce9.tar.xz linux-dev-725f2865d4df31ac0768b13ae763beadc4bb8ce9.zip | |
gss_krb5: Introduce encryption type framework
Make the client and server code consistent regarding the extra buffer
space made available for the auth code when wrapping data.
Add some comments/documentation about the available buffer space
in the xdr_buf head and tail when gss_wrap is called.
Add a compile-time check to make sure we are not exceeding the available
buffer space.
Add a central function to shift head data.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'include/linux/sunrpc/gss_krb5.h')
| -rw-r--r-- | include/linux/sunrpc/gss_krb5.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h index e7bbdba474d5..31bb8a538bf1 100644 --- a/include/linux/sunrpc/gss_krb5.h +++ b/include/linux/sunrpc/gss_krb5.h @@ -40,6 +40,12 @@ #include <linux/sunrpc/gss_err.h> #include <linux/sunrpc/gss_asn1.h> +/* Maximum checksum function output for the supported crypto algorithms */ +#define GSS_KRB5_MAX_CKSUM_LEN (20) + +/* Maximum blocksize for the supported crypto algorithms */ +#define GSS_KRB5_MAX_BLOCKSIZE (16) + struct krb5_ctx { int initiate; /* 1 = initiating, 0 = accepting */ struct crypto_blkcipher *enc; @@ -113,6 +119,22 @@ enum seal_alg { #define ENCTYPE_DES3_CBC_SHA1 0x0010 #define ENCTYPE_UNKNOWN 0x01ff +/* + * This compile-time check verifies that we will not exceed the + * slack space allotted by the client and server auth_gss code + * before they call gss_wrap(). + */ +#define GSS_KRB5_MAX_SLACK_NEEDED \ + (GSS_KRB5_TOK_HDR_LEN /* gss token header */ \ + + GSS_KRB5_MAX_CKSUM_LEN /* gss token checksum */ \ + + GSS_KRB5_MAX_BLOCKSIZE /* confounder */ \ + + GSS_KRB5_MAX_BLOCKSIZE /* possible padding */ \ + + GSS_KRB5_TOK_HDR_LEN /* encrypted hdr in v2 token */\ + + GSS_KRB5_MAX_CKSUM_LEN /* encryption hmac */ \ + + 4 + 4 /* RPC verifier */ \ + + GSS_KRB5_TOK_HDR_LEN \ + + GSS_KRB5_MAX_CKSUM_LEN) + s32 make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body, int body_offset, struct xdr_netobj *cksum); @@ -157,3 +179,6 @@ s32 krb5_get_seq_num(struct crypto_blkcipher *key, unsigned char *cksum, unsigned char *buf, int *direction, u32 *seqnum); + +int +xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen); |