news@stanford.edu.mu.edu (05/09/91)
In testing the interoperability of Kerberos between two different
machine architectures (NCR Tower 650 (M68020) and NCR 3300 (i486)).
I have noticed an incompatibility in the safe message interface.
The problem is due to the different byte order of the two machines.
krb_mk_safe() and krb_rd_safe() use the des_quad_cksum() function
to generate a 16 byte checksum. krb_rd_safe() uses the macro
swap_u_16 on the received checksum (if necessary) before comparing
it to the calculated checksum. However, this macro reverses the
order of the entire 16 bytes, when actually each of the 4 longs
that are stuffed into the 16 byte checksum need to be swapped.
One solution is to resolve the byte order in the des_quad_cksum()
routine since the result is always used as a byte string.
I.e. make the byte order of the 16 byte checksum produced by quad_cksum()
machine independent. Note, des_quad_cksum() still returns a long in host
byte order. This would also eliminate the swap_u_16 macro in krb_rd_req().
Has this problem already been solved? (I am using version 4.9)
If not, is this solution correct, or should the byte order be fixed
in krb_rd_safe() by using a different macro or function?
Here is a diff of the solution described above.
------------------------------------------------
*** oquad_cksum.c Fri Mar 22 17:08:42 1991
--- quad_cksum.c Fri Mar 22 17:06:16 1991
***************
*** 122,127 ****
--- 122,129 ----
* checksum is written unto the address pointed to.
*/
+ unsigned long zz;
+ unsigned long zz2;
register unsigned long z;
register unsigned long z2;
register unsigned long x;
***************
*** 159,166 ****
}
if (out != NULL) {
! *out++ = z;
! *out++ = z2;
}
}
/* return final z value as 32 bit version of checksum */
--- 161,170 ----
}
if (out != NULL) {
! zz = z;
! zz2 = z2;
! *out++ = vaxtohl(&zz);
! *out++ = vaxtohl(&zz2);
}
}
/* return final z value as 32 bit version of checksum */
*** ord_safe.c Fri Mar 22 17:10:10 1991
--- rd_safe.c Fri Mar 22 17:10:04 1991
***************
*** 165,171 ****
*/
bcopy((char *)p,(char *)big_cksum,sizeof(big_cksum));
- if (swap_bytes) swap_u_16(big_cksum);
#ifdef NOENCRYPTION
bzero(calc_cksum, sizeof(calc_cksum));
--- 165,170 ----
---------------------------------------------------------------------------
Jack Dundon
NCR E&M San Diego
(619)485-3397