Вход

Разработка защищенных сетевых протоколов в рамках стека стека TCP/IP в задаче аутентификации корпоративных пользователей.

Рекомендуемая категория для самостоятельной подготовки:
Дипломная работа*
Код 110914
Дата создания 2011
Страниц 102
Источников 13
Мы сможем обработать ваш заказ (!) 29 марта в 18:00 [мск]
Файлы будут доступны для скачивания только после обработки заказа.
7 280руб.
КУПИТЬ

Содержание

Содержание
Перечень терминов и сокращений
Введение
Общая часть
1.1 Задачи и требования к безопасности в частных, корпоративных и публичных сетях
1.2 Симметричные алгоритмы шифрования
1.3 Ассиметричные алгоритмы шифрования
1.4 Односторонние хэш-функции
1.5 Электронная цифровая подпись
1.6 Технологии защищенного канала, VPN, IPSec
1.7 Аутентификация и авторизация
1.8 Проблемы безопасности публичных сетей
Специальная часть
2.1 Краткая характеристика и структура стека протоколов TCP/IP
2.2 Анализ существующих защищенных сетевых протоколов: выявление достоинств и недостатков
2.3 Разработка нового защищенного сетевого протокола
2.4 Алгоритм работы разработанного сетевого протокола
2.5 Преимущества и недостатки разработанного сетевого протокола
Заключение
Список использованных источников
Приложения

Фрагмент работы для ознакомления

value, princ) == 0);
gss_release_buffer(&minor_stat, &gss_str);
return success;
}
static int
gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str)
{
OM_uint32 status, minor_stat;
gss_OID gss_type;
status = gss_display_name(&minor_stat, gss_name, str, &gss_type);
if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_prot1_name))
return 1;
return 0;
}
static int
log_unauth(
char *op,
char *target,
gss_buffer_t client,
gss_buffer_t server,
struct svc_req *rqstp)
{
size_t tlen, clen, slen;
char *tdots, *cdots, *sdots;
tlen = strlen(target);
trunc_name(&tlen, &tdots);
clen = client->length;
trunc_name(&clen, &cdots);
slen = server->length;
trunc_name(&slen, &sdots);
return prot1_klog_syslog(LOG_NOTICE,
"Unauthorized request: %s, %.*s%s, "
"client=%.*s%s, service=%.*s%s, addr=%s",
op, (int)tlen, target, tdots,
(int)clen, (char *)client->value, cdots,
(int)slen, (char *)server->value, sdots,
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
}
static int
log_done(
char *op,
char *target,
const char *errmsg,
gss_buffer_t client,
gss_buffer_t server,
struct svc_req *rqstp)
{
size_t tlen, clen, slen;
char *tdots, *cdots, *sdots;
tlen = strlen(target);
trunc_name(&tlen, &tdots);
clen = client->length;
trunc_name(&clen, &cdots);
slen = server->length;
trunc_name(&slen, &sdots);
return prot1_klog_syslog(LOG_NOTICE,
"Request: %s, %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s",
op, (int)tlen, target, tdots, errmsg,
(int)clen, (char *)client->value, cdots,
(int)slen, (char *)server->value, sdots,
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
}
generic_ret *
create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name, service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
restriction_t *rp;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (CHANGEPW_SERVICE(rqstp)
|| !admint_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
arg->rec.principal, &rp)
|| admint_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = ADM_AUTH_ADD;
log_unauth("adm_create_principal", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_create_principal((void *)handle,
&arg->rec, arg->mask,
arg->passwd);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_create_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name, service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
restriction_t *rp;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (CHANGEPW_SERVICE(rqstp)
|| !admint_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
arg->rec.principal, &rp)
|| admint_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = ADM_AUTH_ADD;
log_unauth("adm_create_principal", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_create_principal_3((void *)handle,
&arg->rec, arg->mask,
arg->n_ks_tuple,
arg->ks_tuple,
arg->passwd);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_create_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (CHANGEPW_SERVICE(rqstp)
|| !admint_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
arg->princ, NULL)) {
ret.code = ADM_AUTH_DELETE;
log_unauth("adm_delete_principal", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_delete_principal((void *)handle, arg->princ);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_delete_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
restriction_t *rp;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (CHANGEPW_SERVICE(rqstp)
|| !admint_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
arg->rec.principal, &rp)
|| admint_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = ADM_AUTH_MODIFY;
log_unauth("adm_modify_principal", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_modify_principal((void *)handle, &arg->rec,
arg->mask);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_modify_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg1,
*prime_arg2;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
restriction_t *rp;
const char *errmsg = NULL;
size_t tlen1, tlen2, clen, slen;
char *tdots1, *tdots2, *cdots, *sdots;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->src, &prime_arg1) ||
prot1_unparse_name(handle->context, arg->dest, &prime_arg2)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
tlen1 = strlen(prime_arg1);
trunc_name(&tlen1, &tdots1);
tlen2 = strlen(prime_arg2);
trunc_name(&tlen2, &tdots2);
clen = client_name.length;
trunc_name(&clen, &cdots);
slen = service_name.length;
trunc_name(&slen, &sdots);
ret.code = ADM_OK;
if (! CHANGEPW_SERVICE(rqstp)) {
if (!admint_acl_check(handle->context, rqst2name(rqstp),
ACL_DELETE, arg->src, NULL))
ret.code = ADM_AUTH_DELETE;
if (!admint_acl_check(handle->context, rqst2name(rqstp),
ACL_ADD, arg->dest, &rp) || rp) {
if (ret.code == ADM_AUTH_DELETE)
ret.code = ADM_AUTH_INSUFFICIENT;
else
ret.code = ADM_AUTH_ADD;
}
} else
ret.code = ADM_AUTH_INSUFFICIENT;
if (ret.code != ADM_OK) {
prot1_klog_syslog(LOG_NOTICE,
"Unauthorized request: adm_rename_principal, "
"%.*s%s to %.*s%s, "
"client=%.*s%s, service=%.*s%s, addr=%s",
(int)tlen1, prime_arg1, tdots1,
(int)tlen2, prime_arg2, tdots2,
(int)clen, (char *)client_name.value, cdots,
(int)slen, (char *)service_name.value, sdots,
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
} else {
ret.code = adm_rename_principal((void *)handle, arg->src,
arg->dest);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
prot1_klog_syslog(LOG_NOTICE,
"Request: adm_rename_principal, "
"%.*s%s to %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s",
(int)tlen1, prime_arg1, tdots1,
(int)tlen2, prime_arg2, tdots2,
errmsg ? errmsg : "success",
(int)clen, (char *)client_name.value, cdots,
(int)slen, (char *)service_name.value, sdots,
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg1);
free(prime_arg2);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
gprinc_ret *
get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_gprinc_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
funcname = "adm_get_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (! cmp_gss_prot1_name(handle, rqst2name(rqstp), arg->princ) &&
(CHANGEPW_SERVICE(rqstp) || !admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_INQUIRE,
arg->princ,
NULL))) {
ret.code = ADM_AUTH_GET;
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_get_principal(handle, arg->princ, &ret.rec,
arg->mask);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done(funcname, prime_arg, errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
gprincs_ret *
get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
{
static gprincs_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_gprincs_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
prime_arg = arg->exp;
if (prime_arg == NULL)
prime_arg = "*";
if (CHANGEPW_SERVICE(rqstp) || !admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_LIST,
NULL,
NULL)) {
ret.code = ADM_AUTH_LIST;
log_unauth("adm_get_principals", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_get_principals((void *)handle,
arg->exp, &ret.princs,
&ret.count);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_get_principals", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (cmp_gss_prot1_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
FALSE, 0, NULL, arg->pass);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = adm_chpass_principal((void *)handle, arg->princ,
arg->pass);
} else {
log_unauth("adm_chpass_principal", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_CHANGEPW;
}
if (ret.code != ADM_AUTH_CHANGEPW) {
if (ret.code != 0)
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_chpass_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (cmp_gss_prot1_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
arg->pass);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = adm_chpass_principal_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
arg->pass);
} else {
log_unauth("adm_chpass_principal", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_CHANGEPW;
}
if(ret.code != ADM_AUTH_CHANGEPW) {
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_chpass_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_SETKEY, arg->princ, NULL)) {
ret.code = adm_setv4key_principal((void *)handle, arg->princ,
arg->keyblock);
} else {
log_unauth("adm_setv4key_principal", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_SETKEY;
}
if(ret.code != ADM_AUTH_SETKEY) {
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_setv4key_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_SETKEY, arg->princ, NULL)) {
ret.code = adm_setkey_principal((void *)handle, arg->princ,
arg->keyblocks, arg->n_keys);
} else {
log_unauth("adm_setkey_principal", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_SETKEY;
}
if(ret.code != ADM_AUTH_SETKEY) {
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_setkey_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_SETKEY, arg->princ, NULL)) {
ret.code = adm_setkey_principal_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
arg->keyblocks, arg->n_keys);
} else {
log_unauth("adm_setkey_principal", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_SETKEY;
}
if(ret.code != ADM_AUTH_SETKEY) {
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_setkey_principal", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
chrand_ret *
chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
{
static chrand_ret ret;
prot1_keyblock *k;
int nkeys;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_chrand_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
funcname = "adm_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (cmp_gss_prot1_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
FALSE, 0, NULL, &k, &nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = adm_randkey_principal((void *)handle, arg->princ,
&k, &nkeys);
} else {
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_CHANGEPW;
}
if(ret.code == ADM_OK) {
ret.keys = k;
ret.n_keys = nkeys;
}
if(ret.code != ADM_AUTH_CHANGEPW) {
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done(funcname, prime_arg, errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
chrand_ret *
chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
{
static chrand_ret ret;
prot1_keyblock *k;
int nkeys;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_chrand_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
funcname = "adm_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (cmp_gss_prot1_name(handle, rqst2name(rqstp), arg->princ)) {
ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
&k, &nkeys);
} else if (!(CHANGEPW_SERVICE(rqstp)) &&
admint_acl_check(handle->context, rqst2name(rqstp),
ACL_CHANGEPW, arg->princ, NULL)) {
ret.code = adm_randkey_principal_3((void *)handle, arg->princ,
arg->keepold,
arg->n_ks_tuple,
arg->ks_tuple,
&k, &nkeys);
} else {
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_CHANGEPW;
}
if(ret.code == ADM_OK) {
ret.keys = k;
ret.n_keys = nkeys;
}
if(ret.code != ADM_AUTH_CHANGEPW) {
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done(funcname, prime_arg, errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
prime_arg = arg->rec.policy;
if (CHANGEPW_SERVICE(rqstp) || !admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_ADD, NULL, NULL)) {
ret.code = ADM_AUTH_ADD;
log_unauth("adm_create_policy", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_create_policy((void *)handle, &arg->rec,
arg->mask);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_create_policy",
((prime_arg == NULL) ? "(null)" : prime_arg),
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
prime_arg = arg->name;
if (CHANGEPW_SERVICE(rqstp) || !admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_DELETE, NULL, NULL)) {
log_unauth("adm_delete_policy", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_DELETE;
} else {
ret.code = adm_delete_policy((void *)handle, arg->name);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_delete_policy",
((prime_arg == NULL) ? "(null)" : prime_arg),
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
prime_arg = arg->rec.policy;
if (CHANGEPW_SERVICE(rqstp) || !admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_MODIFY, NULL, NULL)) {
log_unauth("adm_modify_policy", prime_arg,
&client_name, &service_name, rqstp);
ret.code = ADM_AUTH_MODIFY;
} else {
ret.code = adm_modify_policy((void *)handle, &arg->rec,
arg->mask);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_modify_policy",
((prime_arg == NULL) ? "(null)" : prime_arg),
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
gpol_ret *
get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
{
static gpol_ret ret;
adm_ret_t ret2;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_principal_ent_rec caller_ent;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_gpol_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
funcname = "adm_get_policy";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
prime_arg = arg->name;
ret.code = ADM_AUTH_GET;
if (!CHANGEPW_SERVICE(rqstp) && admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_INQUIRE, NULL, NULL))
ret.code = ADM_OK;
else {
ret.code = adm_get_principal(handle->lhandle,
handle->current_caller,
&caller_ent,
ADM_PRINCIPAL_NORMAL_MASK);
if (ret.code == ADM_OK) {
if (caller_ent.aux_attributes & ADM_POLICY &&
strcmp(caller_ent.policy, arg->name) == 0) {
ret.code = ADM_OK;
} else ret.code = ADM_AUTH_GET;
ret2 = adm_free_principal_ent(handle->lhandle,
&caller_ent);
ret.code = ret.code ? ret.code : ret2;
}
}
if (ret.code == ADM_OK) {
ret.code = adm_get_policy(handle, arg->name, &ret.rec);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done(funcname,
((prime_arg == NULL) ? "(null)" : prime_arg),
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
} else {
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
}
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
gpols_ret *
get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
{
static gpols_ret ret;
char *prime_arg;
gss_buffer_desc client_name,
service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_gpols_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
prime_arg = arg->exp;
if (prime_arg == NULL)
prime_arg = "*";
if (CHANGEPW_SERVICE(rqstp) || !admint_acl_check(handle->context,
rqst2name(rqstp),
ACL_LIST, NULL, NULL)) {
ret.code = ADM_AUTH_LIST;
log_unauth("adm_get_policies", prime_arg,
&client_name, &service_name, rqstp);
} else {
ret.code = adm_get_policies((void *)handle,
arg->exp, &ret.pols,
&ret.count);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_get_policies", prime_arg,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
getprivs_ret * get_privs_2_svc(prot1_ui_4 *arg, struct svc_req *rqstp)
{
static getprivs_ret ret;
gss_buffer_desc client_name, service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_getprivs_ret, &ret);
if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
ret.code = adm_get_privs((void *)handle, &ret.privs);
if( ret.code != 0 )
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done("adm_get_privs", client_name.value,
errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *
purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg, *funcname;
gss_buffer_desc client_name, service_name;
OM_uint32 minor_stat;
adm_server_handle_t handle;
const char *errmsg = NULL;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
goto exit_func;
if ((ret.code = check_handle((void *)handle)))
goto exit_func;
ret.api_version = handle->api_version;
funcname = "adm_purgekeys";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (prot1_unparse_name(handle->context, arg->princ, &prime_arg)) {
ret.code = ADM_BAD_PRINCIPAL;
goto exit_func;
}
if (CHANGEPW_SERVICE(rqstp)
|| !admint_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
arg->princ, NULL)) {
ret.code = ADM_AUTH_MODIFY;
log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp);
} else {
ret.code = adm_purgekeys((void *)handle, arg->princ,
arg->keepkvno);
if (ret.code != 0)
errmsg = prot1_get_error_message(handle->context, ret.code);
log_done(funcname, prime_arg, errmsg ? errmsg : "success",
&client_name, &service_name, rqstp);
if (errmsg != NULL)
prot1_free_error_message(handle->context, errmsg);
}
free(prime_arg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
free_server_handle(handle);
return &ret;
}
generic_ret *init_2_svc(prot1_ui_4 *arg, struct svc_req *rqstp)
{
static generic_ret ret;
gss_buffer_desc client_name,
service_name;
adm_server_handle_t handle;
OM_uint32 minor_stat;
const char *errmsg = NULL;
size_t clen, slen;
char *cdots, *sdots;
xdr_free(xdr_generic_ret, &ret);
if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
goto exit_func;
if (! (ret.code = check_handle((void *)handle))) {
ret.api_version = handle->api_version;
}
free_server_handle(handle);
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = ADM_FAILURE;
goto exit_func;
}
if (ret.code != 0)
errmsg = prot1_get_error_message(NULL, ret.code);
clen = client_name.length;
trunc_name(&clen, &cdots);
slen = service_name.length;
trunc_name(&slen, &sdots);
prot1_klog_syslog(LOG_NOTICE, "Request: adm_init, %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s, "
"vers=%d, flavor=%d",
(int)clen, (char *)client_name.value, cdots,
errmsg ? errmsg : "success",
(int)clen, (char *)client_name.value, cdots,
(int)slen, (char *)service_name.value, sdots,
inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
ret.api_version & ~(ADM_API_VERSION_MASK),
rqstp->rq_cred.oa_flavor);
if (errmsg != NULL)
prot1_free_error_message(NULL, errmsg);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
exit_func:
return(&ret);
}
gss_name_t
rqst2name(struct svc_req *rqstp)
{
if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS)
return rqstp->rq_clntname;
else
return rqstp->rq_clntcred;
}
3
Протокол
Служба выделения мандатов
(TGS)
Сервер
Клиент
1
2
3
4
5
Протокол
Подпротокол: «Обмен данными со службой аутентификация»
Подпротокол: «Обмен билетами на получение сервиса»
Подпротокол: «Обмен данными между клиентом и сервером»
Рисунок 1.1 - Схема шифрования алгоритма Эль-Гемаля [7, с. 44, рисунок 2.14]
Дешифрование
m=(b / ax ) mod p
Шифротекст
(a,b)
Шифрование
Выбрать случайное k:
(k,p-1)=1
Вычислить
a=gk mod p
b=ykm mod p
Сообщение m
Закрытый ключ x
Открытый ключ (p,g,y)
Генерация ключей
Выбрать простое p и 2 случайных числа g и x
Вычислить y=gx mod p
Отправитель
Получатель
Рисунок 1.2 - Схема шифрования алгоритма RSA [7, с. 45, рисунок 2.15]
Дешифрование
m=(cd ) mod n
Шифротекст
c
Шифрование
c=me mod n
Сообщение m
Закрытый ключ d
Открытый ключ (e,n)
Генерация ключей
Выбрать простые p и q
Вычислить n=p*q
Выбрать случайное e такое, что: (e,(p-1)(q-1))=1
Найти с помощью алгоритма Евклида d такое, что:
ed ( 1 mod (p-1)(q-1)
Отправитель
Получатель
Рисунок 1.3 - Схема шифрования алгоритма Рабина [7, с. 49, рисунок 2.16]
Дешифрование
r=c(p+1)/4 mod p
s=c(q+1)/4 mod q
x=(aps+bqr) mod n
y=(aps-bqr) mod n
m=((x),((y)
Шифротекст
c
Шифрование
c=m2 mod n
Сообщение m
Закрытый ключ (p,q,a,b)
Открытый ключ (n)
Генерация ключей
Выбрать простые p и q такие, что р( 3 mod 4
q( 3 mod 4
Вычислить n=p*q
С помощью алгоритма Евклида решить
ар+bq=1
Отправитель
Получатель
ЭЦП верна
да
h=H(m)
Сообщение m
h=H(m)
Рисунок 1.4 - Схема ЭЦП на основе алгоритма RSA [7, с. 70, рисунок 4.1]
sign=h d mod n

Письмо с ЭЦП
(m, sign)
h=sign e mod n
c=me mod n
Закрытый ключ d
Открытый ключ (e,n)
Генерация ключей
Выбрать простые p и q
Вычислить n=p*q
Выбрать случайное e такое, что: (e,(p-1)(q-1))=1
Найти с помощью алгоритма Евклида d такое, что:
ed ( 1 mod (p-1)(q-1)
Получатель
Отправитель
ЭЦП верна
да
a=r
Сообщение m
h=H(m)
Открытые параметры (p,q,v)
Рисунок 1.5 - Схема ЭЦП на основе алгоритма DSA [7, с. 72, рисунок 4.2]
Формирование подписи
выбрать случайное k<q
r=(gk mod p) mod q
s=( (h+xr)/k) mod q
Письмо с ЭЦП
(m,r,s)
w= s-1 mod q
u1 = (H(m)(w) mod q
u2 = (rw) mod q
a = ((gu1( yu2 ) mod p) mod q
Закрытый ключ x
Открытый ключ (y)
Генерация ключей
Выбрать случайное x
Вычислить
y=gx mod p
Получатель
Отправитель
ЭЦП верна
да
R=r
Сообщение m
h=H(m)
Открытый параметр (P)
Рисунок 1.6 - Схема ЭЦП ГОСТ Р 34.10-2001 [7, с. 75, рисунок 4.4]
Формирование подписи
Выбрать случайное k
r=КоординатаX(k*P)
s=( (rd+kh)) mod q
Письмо с ЭЦП
(m,r,s)
h=H( m)
u1 = s/h mod q
u2 = (-r)/h mod q
R = КоординатаХ(u1P+u2Q)
Закрытый ключ d
Открытый ключ (Q)
Генерация ключей
Выбрать случайное d
Вычислить
Q=d*P
Получатель
Отправитель

Список литературы [ всего 13]

Список использованных источников
1.ГОСТ Р ИСО/МЭК 9594-8-98 Информационная технология. Взаимосвязь открытых систем. Справочник. Часть 8. Основы аутентификации. – Введ. 01.01.1999. – М.: Издательство стандартов, 1999. – 32 с.
2.ГОСТ Р ИСО 7498-2-99 Информационная технология. Взаимосвязь открытых систем. Базовая эталонная модель. Часть 2. Архитектура защиты информации. – Введ. 01.01.2000. - М.: Издательство стандартов, 2000. – 39 с.
3.Бабенко Л.К. Современные алгоритмы блочного шифрования и методы их анализа / Л.К. Бабенко, Е.А. Ищукова. - М.: Гелиос АРВ, 2006. – 376 с.
4.Галкин В.А. Телекоммуникации и сети / В.А. Галкин, Ю.А. Григорьев. – М.: Издательство МГТУ именно Н.Э. Баумана, 2003. – 607 с.
5.Компьютерные сети: учеб. пособие по администрированию локальных и объединенных сетей. - М.: Познавательная книга, 2003. - 304 с.
6.Конеев И.Р. Информационная безопасность предприятия / И.Р. Конев, А.В. Беляев. - СПб.: БХВ-Петербург, 2003. – 752 с.
7.Лясин Д.Н. Методы и средства защиты компьютерной информации: учебное пособие / Д.Н. Лясин, С.Г. Саньков. – Волгоград: ВолгГТУ, 2005. – 127 с.
8.Поляк-Брагинский А.В. Сеть своими руками. 2-е изд., перераб. и доп. / А.В. Поляк-Брагинский. - СПб.: БХВ-Петербург, 2004. - 432 с.
9.Чекмарев А.Н. Microsoft Windows Server 2003 / Русская версия / А.Н. Чекмарев, А.В. Вишневский, О.И. Кокорева. - СПб.: БХВ-Петербург, 2007. - 1120 с.
10.Шнайер Б. Прикладная криптография. Протоколы, алгоритмы, исходные тексты на языке Си / Б. Шнайер. - М.: Триумф, 2002. - 816 с.
11.Электронная Лаборатория Сетевой Безопасности. Симметричные алгоритмы шифрования [Электронный ресурс] – Режим доступа: [http://ypn.ru/233/symmetric-encryption-algorithms; 11.06.2011]: Загл. с экрана.
12.Электронная лаборатория «Искусство управления информационной безопасностью» [Электронный ресурс] – Режим доступа: [http://www.iso27000.ru; 11.06.2011]: Загл. с экрана.
13.Элементарное введение в эллиптическую криптографию: Протоколы криптографии на эллиптических кривых. – М.: КомКнига, 2006. – 280 с.
Очень похожие работы
Пожалуйста, внимательно изучайте содержание и фрагменты работы. Деньги за приобретённые готовые работы по причине несоответствия данной работы вашим требованиям или её уникальности не возвращаются.
* Категория работы носит оценочный характер в соответствии с качественными и количественными параметрами предоставляемого материала. Данный материал ни целиком, ни любая из его частей не является готовым научным трудом, выпускной квалификационной работой, научным докладом или иной работой, предусмотренной государственной системой научной аттестации или необходимой для прохождения промежуточной или итоговой аттестации. Данный материал представляет собой субъективный результат обработки, структурирования и форматирования собранной его автором информации и предназначен, прежде всего, для использования в качестве источника для самостоятельной подготовки работы указанной тематики.
bmt: 0.00461
© Рефератбанк, 2002 - 2024