news@stanford.edu.mu.edu (05/09/91)
In testing the interoperability of Kerberos between two different machine architectures (NCR Tower 650 (M68020) and NCR 3300 (i486)). I have noticed an incompatibility in the safe message interface. The problem is due to the different byte order of the two machines. krb_mk_safe() and krb_rd_safe() use the des_quad_cksum() function to generate a 16 byte checksum. krb_rd_safe() uses the macro swap_u_16 on the received checksum (if necessary) before comparing it to the calculated checksum. However, this macro reverses the order of the entire 16 bytes, when actually each of the 4 longs that are stuffed into the 16 byte checksum need to be swapped. One solution is to resolve the byte order in the des_quad_cksum() routine since the result is always used as a byte string. I.e. make the byte order of the 16 byte checksum produced by quad_cksum() machine independent. Note, des_quad_cksum() still returns a long in host byte order. This would also eliminate the swap_u_16 macro in krb_rd_req(). Has this problem already been solved? (I am using version 4.9) If not, is this solution correct, or should the byte order be fixed in krb_rd_safe() by using a different macro or function? Here is a diff of the solution described above. ------------------------------------------------ *** oquad_cksum.c Fri Mar 22 17:08:42 1991 --- quad_cksum.c Fri Mar 22 17:06:16 1991 *************** *** 122,127 **** --- 122,129 ---- * checksum is written unto the address pointed to. */ + unsigned long zz; + unsigned long zz2; register unsigned long z; register unsigned long z2; register unsigned long x; *************** *** 159,166 **** } if (out != NULL) { ! *out++ = z; ! *out++ = z2; } } /* return final z value as 32 bit version of checksum */ --- 161,170 ---- } if (out != NULL) { ! zz = z; ! zz2 = z2; ! *out++ = vaxtohl(&zz); ! *out++ = vaxtohl(&zz2); } } /* return final z value as 32 bit version of checksum */ *** ord_safe.c Fri Mar 22 17:10:10 1991 --- rd_safe.c Fri Mar 22 17:10:04 1991 *************** *** 165,171 **** */ bcopy((char *)p,(char *)big_cksum,sizeof(big_cksum)); - if (swap_bytes) swap_u_16(big_cksum); #ifdef NOENCRYPTION bzero(calc_cksum, sizeof(calc_cksum)); --- 165,170 ---- --------------------------------------------------------------------------- Jack Dundon NCR E&M San Diego (619)485-3397