[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/digest-md5
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/digest-md5 |
Date: |
Fri, 24 Sep 2004 01:39:00 +0200 |
Update of /home/cvs/gsasl/lib/digest-md5
In directory dopio:/tmp/cvs-serv7429/lib/digest-md5
Modified Files:
Makefile.am client.c server.c
Added Files:
session.c session.h
Log Message:
Split off and unify data protection in DIGEST-MD5.
--- /home/cvs/gsasl/lib/digest-md5/Makefile.am 2004/09/22 21:58:04 1.10
+++ /home/cvs/gsasl/lib/digest-md5/Makefile.am 2004/09/23 23:38:59 1.11
@@ -23,7 +23,10 @@
-I$(srcdir)/../gl -I../crypto
noinst_LTLIBRARIES = libgsasl-digest_md5.la
-libgsasl_digest_md5_la_SOURCES = digest-md5.h shared.h shared.c getsubopt.c
+libgsasl_digest_md5_la_SOURCES = digest-md5.h \
+ shared.h shared.c \
+ session.h session.c \
+ getsubopt.c
if CLIENT
libgsasl_digest_md5_la_SOURCES += client.c
--- /home/cvs/gsasl/lib/digest-md5/client.c 2004/09/23 00:20:55 1.2
+++ /home/cvs/gsasl/lib/digest-md5/client.c 2004/09/23 23:38:59 1.3
@@ -806,53 +806,14 @@
_Gsasl_digest_md5_client_state *state = mech_data;
int res;
- if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_CONF)
+ if (state && state->step == 3)
{
- return GSASL_INTEGRITY_ERROR;
- }
- else if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_INT)
- {
- char *seqnumin;
- char *hash;
- uint32_t tmp;
- size_t len;
-
- seqnumin = malloc (MAC_SEQNUM_LEN + input_len);
- if (seqnumin == NULL)
- return GSASL_MALLOC_ERROR;
-
- tmp = htonl (state->sendseqnum);
- memcpy (seqnumin, (char *) &tmp, MAC_SEQNUM_LEN);
- memcpy (seqnumin + MAC_SEQNUM_LEN, input, input_len);
-
- res = gsasl_hmac_md5 (state->kic, MD5LEN,
- seqnumin, MAC_SEQNUM_LEN + input_len,
- (char **) &hash);
- free (seqnumin);
- if (res != GSASL_OK || hash == NULL)
- return GSASL_CRYPTO_ERROR;
-
- *output_len = MAC_DATA_LEN + input_len + MAC_HMAC_LEN +
- MAC_MSG_TYPE_LEN + MAC_SEQNUM_LEN;
- *output = malloc (*output_len);
- if (!*output)
- return GSASL_MALLOC_ERROR;
+ res = digest_md5_encode (sctx, input, input_len, output, output_len,
+ state->qop, state->sendseqnum, state->kic);
+ if (res != GSASL_OK)
+ return res;
- len = MAC_DATA_LEN;
- memcpy (output + len, input, input_len);
- len += input_len;
- memcpy (output + len, hash, MAC_HMAC_LEN);
- len += MAC_HMAC_LEN;
- memcpy (output + len, MAC_MSG_TYPE, MAC_MSG_TYPE_LEN);
- len += MAC_MSG_TYPE_LEN;
- tmp = htonl (state->sendseqnum);
- memcpy (output + len, &tmp, MAC_SEQNUM_LEN);
- len += MAC_SEQNUM_LEN;
- tmp = htonl (len - MAC_DATA_LEN);
- memcpy (output, &tmp, MAC_DATA_LEN);
state->sendseqnum++;
-
- free (hash);
}
else
{
@@ -874,65 +835,16 @@
char **output, size_t * output_len)
{
_Gsasl_digest_md5_client_state *state = mech_data;
+ int res;
- if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_CONF)
- {
- return GSASL_INTEGRITY_ERROR;
- }
- else if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_INT)
+ if (state && state->step == 3)
{
- char *seqnumin;
- char *hash;
- uint32_t len, tmp;
- int res;
-
- if (input_len < SASL_INTEGRITY_PREFIX_LENGTH)
- return GSASL_NEEDS_MORE;
-
- len = ntohl (*(uint32_t *) input);
-
- if (input_len < SASL_INTEGRITY_PREFIX_LENGTH + len)
- return GSASL_NEEDS_MORE;
-
- len -= MAC_HMAC_LEN + MAC_MSG_TYPE_LEN + MAC_SEQNUM_LEN;
+ res = digest_md5_decode (sctx, input, input_len, output, output_len,
+ state->qop, state->readseqnum, state->kis);
+ if (res != GSASL_OK)
+ return res;
- seqnumin = malloc (SASL_INTEGRITY_PREFIX_LENGTH + len);
- if (seqnumin == NULL)
- return GSASL_MALLOC_ERROR;
-
- tmp = htonl (state->readseqnum);
-
- memcpy (seqnumin, (char *) &tmp, SASL_INTEGRITY_PREFIX_LENGTH);
- memcpy (seqnumin + SASL_INTEGRITY_PREFIX_LENGTH,
- input + MAC_DATA_LEN, len);
-
- res = gsasl_hmac_md5 (state->kis, MD5LEN,
- seqnumin, MAC_SEQNUM_LEN + len, (char **) &hash);
- free (seqnumin);
- if (res != GSASL_OK || hash == NULL)
- return GSASL_CRYPTO_ERROR;
-
- if (memcmp
- (hash,
- input + input_len - MAC_SEQNUM_LEN - MAC_MSG_TYPE_LEN -
- MAC_HMAC_LEN, MAC_HMAC_LEN) == 0
- && memcmp (MAC_MSG_TYPE,
- input + input_len - MAC_SEQNUM_LEN - MAC_MSG_TYPE_LEN,
- MAC_MSG_TYPE_LEN) == 0
- && memcmp (&tmp, input + input_len - MAC_SEQNUM_LEN,
- MAC_SEQNUM_LEN) == 0)
- {
- *output_len = len;
- *output = malloc (*output_len);
- if (!*output)
- return GSASL_MALLOC_ERROR;
- memcpy (*output, input + MAC_DATA_LEN, len);
- state->readseqnum++;
- }
- else
- return GSASL_INTEGRITY_ERROR;
-
- free (hash);
+ state->readseqnum++;
}
else
{
@@ -943,6 +855,5 @@
memcpy (*output, input, input_len);
}
-
return GSASL_OK;
}
--- /home/cvs/gsasl/lib/digest-md5/server.c 2004/09/23 00:20:56 1.2
+++ /home/cvs/gsasl/lib/digest-md5/server.c 2004/09/23 23:38:59 1.3
@@ -747,53 +747,14 @@
_Gsasl_digest_md5_server_state *state = mech_data;
int res;
- if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_CONF)
+ if (state && state->step == 3)
{
- return GSASL_INTEGRITY_ERROR;
- }
- else if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_INT)
- {
- char *seqnumin;
- char *hash;
- uint32_t tmp;
- size_t len;
-
- seqnumin = malloc (MAC_SEQNUM_LEN + input_len);
- if (seqnumin == NULL)
- return GSASL_MALLOC_ERROR;
+ res = digest_md5_encode (sctx, input, input_len, output, output_len,
+ state->qop, state->sendseqnum, state->kis);
+ if (res != GSASL_OK)
+ return res;
- tmp = htonl (state->sendseqnum);
- memcpy (seqnumin, (char *) &tmp, MAC_SEQNUM_LEN);
- memcpy (seqnumin + MAC_SEQNUM_LEN, input, input_len);
-
- res = gsasl_hmac_md5 (state->kis, MD5LEN,
- seqnumin, MAC_SEQNUM_LEN + input_len,
- (char **) &hash);
- free (seqnumin);
- if (res != GSASL_OK || hash == NULL)
- return GSASL_CRYPTO_ERROR;
-
- *output_len = MAC_DATA_LEN + input_len + MAC_HMAC_LEN +
- MAC_MSG_TYPE_LEN + MAC_SEQNUM_LEN;
- *output = malloc (*output_len);
- if (!*output)
- return GSASL_MALLOC_ERROR;
-
- len = MAC_DATA_LEN;
- memcpy (output + len, input, input_len);
- len += input_len;
- memcpy (output + len, hash, MAC_HMAC_LEN);
- len += MAC_HMAC_LEN;
- memcpy (output + len, MAC_MSG_TYPE, MAC_MSG_TYPE_LEN);
- len += MAC_MSG_TYPE_LEN;
- tmp = htonl (state->sendseqnum);
- memcpy (output + len, &tmp, MAC_SEQNUM_LEN);
- len += MAC_SEQNUM_LEN;
- tmp = htonl (len - MAC_DATA_LEN);
- memcpy (output, &tmp, MAC_DATA_LEN);
state->sendseqnum++;
-
- free (hash);
}
else
{
@@ -814,66 +775,17 @@
size_t input_len,
char **output, size_t * output_len)
{
- _Gsasl_digest_md5_server_state *state = mech_data;
+ _Gsasl_digest_md5_client_state *state = mech_data;
+ int res;
- if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_CONF)
+ if (state && state->step == 3)
{
- return GSASL_INTEGRITY_ERROR;
- }
- else if (state && state->step == 3 && state->qop & GSASL_QOP_AUTH_INT)
- {
- char *seqnumin;
- char *hash;
- uint32_t len, tmp;
- int res;
-
- if (input_len < SASL_INTEGRITY_PREFIX_LENGTH)
- return GSASL_NEEDS_MORE;
-
- len = ntohl (*(uint32_t *) input);
-
- if (input_len < SASL_INTEGRITY_PREFIX_LENGTH + len)
- return GSASL_NEEDS_MORE;
-
- len -= MAC_HMAC_LEN + MAC_MSG_TYPE_LEN + MAC_SEQNUM_LEN;
+ res = digest_md5_decode (sctx, input, input_len, output, output_len,
+ state->qop, state->readseqnum, state->kic);
+ if (res != GSASL_OK)
+ return res;
- seqnumin = malloc (SASL_INTEGRITY_PREFIX_LENGTH + len);
- if (seqnumin == NULL)
- return GSASL_MALLOC_ERROR;
-
- tmp = htonl (state->readseqnum);
-
- memcpy (seqnumin, (char *) &tmp, SASL_INTEGRITY_PREFIX_LENGTH);
- memcpy (seqnumin + SASL_INTEGRITY_PREFIX_LENGTH,
- input + MAC_DATA_LEN, len);
-
- res = gsasl_hmac_md5 (state->kic, MD5LEN,
- seqnumin, MAC_SEQNUM_LEN + len, (char **) &hash);
- free (seqnumin);
- if (res != GSASL_OK || hash == NULL)
- return GSASL_CRYPTO_ERROR;
-
- if (memcmp
- (hash,
- input + input_len - MAC_SEQNUM_LEN - MAC_MSG_TYPE_LEN -
- MAC_HMAC_LEN, MAC_HMAC_LEN) == 0
- && memcmp (MAC_MSG_TYPE,
- input + input_len - MAC_SEQNUM_LEN - MAC_MSG_TYPE_LEN,
- MAC_MSG_TYPE_LEN) == 0
- && memcmp (&tmp, input + input_len - MAC_SEQNUM_LEN,
- MAC_SEQNUM_LEN) == 0)
- {
- *output_len = len;
- *output = malloc (*output_len);
- if (!*output)
- return GSASL_MALLOC_ERROR;
- memcpy (*output, input + MAC_DATA_LEN, len);
- state->readseqnum++;
- }
- else
- return GSASL_INTEGRITY_ERROR;
-
- free (hash);
+ state->readseqnum++;
}
else
{
@@ -884,6 +796,5 @@
memcpy (*output, input, input_len);
}
-
return GSASL_OK;
}
--- /home/cvs/gsasl/lib/digest-md5/session.c 2004/09/23 23:39:00 NONE
+++ /home/cvs/gsasl/lib/digest-md5/session.c 2004/09/23 23:39:00 1.1
/* session.c --- Data integrity/privacy protection of DIGEST-MD5.
* Copyright (C) 2002, 2003, 2004 Simon Josefsson
*
* This file is part of GNU SASL Library.
*
* GNU SASL Library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GNU SASL Library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with GNU SASL Library; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
* 02111-1307 USA
*
*/
/* Get gsasl.h and other stuff. */
#include "shared.h"
/* Get specification. */
#include "session.h"
int
digest_md5_encode (Gsasl_session_ctx * sctx,
const char *input, size_t input_len,
char **output, size_t * output_len,
Gsasl_qop qop,
uint32_t sendseqnum,
char key[MD5LEN])
{
int res;
if (qop & GSASL_QOP_AUTH_CONF)
{
return GSASL_INTEGRITY_ERROR;
}
else if (qop & GSASL_QOP_AUTH_INT)
{
char *seqnumin;
char *hash;
uint32_t tmp;
size_t len;
seqnumin = malloc (MAC_SEQNUM_LEN + input_len);
if (seqnumin == NULL)
return GSASL_MALLOC_ERROR;
tmp = htonl (sendseqnum);
memcpy (seqnumin, (char *) &tmp, MAC_SEQNUM_LEN);
memcpy (seqnumin + MAC_SEQNUM_LEN, input, input_len);
res = gsasl_hmac_md5 (key, MD5LEN,
seqnumin, MAC_SEQNUM_LEN + input_len,
(char **) &hash);
free (seqnumin);
if (res != GSASL_OK || hash == NULL)
return GSASL_CRYPTO_ERROR;
*output_len = MAC_DATA_LEN + input_len + MAC_HMAC_LEN +
MAC_MSG_TYPE_LEN + MAC_SEQNUM_LEN;
*output = malloc (*output_len);
if (!*output)
return GSASL_MALLOC_ERROR;
len = MAC_DATA_LEN;
memcpy (*output + len, input, input_len);
len += input_len;
memcpy (*output + len, hash, MAC_HMAC_LEN);
len += MAC_HMAC_LEN;
memcpy (*output + len, MAC_MSG_TYPE, MAC_MSG_TYPE_LEN);
len += MAC_MSG_TYPE_LEN;
tmp = htonl (sendseqnum);
memcpy (*output + len, &tmp, MAC_SEQNUM_LEN);
len += MAC_SEQNUM_LEN;
tmp = htonl (len - MAC_DATA_LEN);
memcpy (*output, &tmp, MAC_DATA_LEN);
free (hash);
}
return GSASL_OK;
}
int
digest_md5_decode (Gsasl_session_ctx * sctx,
const char *input,
size_t input_len,
char **output, size_t * output_len,
Gsasl_qop qop,
uint32_t readseqnum,
char key[MD5LEN])
{
if (qop & GSASL_QOP_AUTH_CONF)
{
return GSASL_INTEGRITY_ERROR;
}
else if (qop & GSASL_QOP_AUTH_INT)
{
char *seqnumin;
char *hash;
uint32_t len, tmp;
int res;
if (input_len < SASL_INTEGRITY_PREFIX_LENGTH)
return GSASL_NEEDS_MORE;
len = ntohl (*(uint32_t *) input);
if (input_len < SASL_INTEGRITY_PREFIX_LENGTH + len)
return GSASL_NEEDS_MORE;
len -= MAC_HMAC_LEN + MAC_MSG_TYPE_LEN + MAC_SEQNUM_LEN;
seqnumin = malloc (SASL_INTEGRITY_PREFIX_LENGTH + len);
if (seqnumin == NULL)
return GSASL_MALLOC_ERROR;
tmp = htonl (readseqnum);
memcpy (seqnumin, (char *) &tmp, SASL_INTEGRITY_PREFIX_LENGTH);
memcpy (seqnumin + SASL_INTEGRITY_PREFIX_LENGTH,
input + MAC_DATA_LEN, len);
res = gsasl_hmac_md5 (key, MD5LEN, seqnumin, MAC_SEQNUM_LEN + len,
(char **) &hash);
free (seqnumin);
if (res != GSASL_OK || hash == NULL)
return GSASL_CRYPTO_ERROR;
if (memcmp
(hash,
input + input_len - MAC_SEQNUM_LEN - MAC_MSG_TYPE_LEN -
MAC_HMAC_LEN, MAC_HMAC_LEN) == 0
&& memcmp (MAC_MSG_TYPE,
input + input_len - MAC_SEQNUM_LEN - MAC_MSG_TYPE_LEN,
MAC_MSG_TYPE_LEN) == 0
&& memcmp (&tmp, input + input_len - MAC_SEQNUM_LEN,
MAC_SEQNUM_LEN) == 0)
{
*output_len = len;
*output = malloc (*output_len);
if (!*output)
return GSASL_MALLOC_ERROR;
memcpy (*output, input + MAC_DATA_LEN, len);
}
else
return GSASL_INTEGRITY_ERROR;
free (hash);
}
return GSASL_OK;
}
--- /home/cvs/gsasl/lib/digest-md5/session.h 2004/09/23 23:39:00 NONE
+++ /home/cvs/gsasl/lib/digest-md5/session.h 2004/09/23 23:39:00 1.1
/* session.h --- Data integrity/privacy protection of DIGEST-MD5.
* Copyright (C) 2002, 2003, 2004 Simon Josefsson
*
* This file is part of GNU SASL Library.
*
* GNU SASL Library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GNU SASL Library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with GNU SASL Library; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
* 02111-1307 USA
*
*/
#ifndef SESSION_H
#define SESSION_H
#include "digest-md5.h"
int
digest_md5_encode (Gsasl_session_ctx * sctx,
const char *input, size_t input_len,
char **output, size_t * output_len,
Gsasl_qop qop,
uint32_t sendseqnum,
char key[MD5LEN]);
int
digest_md5_decode (Gsasl_session_ctx * sctx,
const char *input,
size_t input_len,
char **output, size_t * output_len,
Gsasl_qop qop,
uint32_t readseqnum,
char key[MD5LEN]);
#endif /* SESSION_H */
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/17
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/18
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/22
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/22
- CVS gsasl/lib/digest-md5,
gsasl-commit <=
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/23
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/23
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/23
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/24
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/24
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/24
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/24
- CVS gsasl/lib/digest-md5, gsasl-commit, 2004/09/26