1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * lib/krb5/krb/gen_seqnum.c
8  *
9  * Copyright 1991 by the Massachusetts Institute of Technology.
10  * All Rights Reserved.
11  *
12  * Export of this software from the United States of America may
13  *   require a specific license from the United States Government.
14  *   It is the responsibility of any person or organization contemplating
15  *   export to obtain such a license before exporting.
16  *
17  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
18  * distribute this software and its documentation for any purpose and
19  * without fee is hereby granted, provided that the above copyright
20  * notice appear in all copies and that both that copyright notice and
21  * this permission notice appear in supporting documentation, and that
22  * the name of M.I.T. not be used in advertising or publicity pertaining
23  * to distribution of the software without specific, written prior
24  * permission.  Furthermore if you modify this software you must label
25  * your software as modified software and not distribute it in such a
26  * fashion that it might be confused with the original M.I.T. software.
27  * M.I.T. makes no representations about the suitability of
28  * this software for any purpose.  It is provided "as is" without express
29  * or implied warranty.
30  *
31  *
32  * Routine to automatically generate a starting sequence number.
33  * We do this by getting a random key and encrypting something with it,
34  * then taking the output and slicing it up.
35  */
36 
37 #include "k5-int.h"
38 
39 #ifndef MIN
40 #define MIN(a,b) ((a) < (b) ? (a) : (b))
41 #endif
42 
43 krb5_error_code
krb5_generate_seq_number(krb5_context context,const krb5_keyblock * key,krb5_ui_4 * seqno)44 krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno)
45 {
46     krb5_data seed;
47     krb5_error_code retval;
48 #if 0
49 /*
50  * Solaris Kerberos:  Don't bother with this PRNG stuff,
51  * we have /dev/random and PKCS#11 to handle Random Numbers.
52  */
53 
54 
55     seed.length = key->length;
56     seed.data = key->contents;
57     if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
58 	return(retval);
59 #endif /* 0 */
60 
61     seed.length = sizeof(*seqno);
62     seed.data = (char *) seqno;
63     retval = krb5_c_random_make_octets(context, &seed);
64     if (retval)
65 	return retval;
66     /*
67      * Work around implementation incompatibilities by not generating
68      * initial sequence numbers greater than 2^30.  Previous MIT
69      * implementations use signed sequence numbers, so initial
70      * sequence numbers 2^31 to 2^32-1 inclusive will be rejected.
71      * Letting the maximum initial sequence number be 2^30-1 allows
72      * for about 2^30 messages to be sent before wrapping into
73      * "negative" numbers.
74      */
75     *seqno &= 0x3fffffff;
76     if (*seqno == 0)
77 	*seqno = 1;
78     return 0;
79 }
80