search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[heimdal.git] / lib / gssapi / krb5 / verify_mic.c
blob2776ad46e81323e594e7effec371df540c700ee6
1 /*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gssapi_locl.h"
35
36 RCSID("$Id$");
37
38 static OM_uint32
39 verify_mic_des
40 (OM_uint32 * minor_status,
41 const gss_ctx_id_t context_handle,
42 const gss_buffer_t message_buffer,
43 const gss_buffer_t token_buffer,
44 gss_qop_t * qop_state,
45 krb5_keyblock *key
46 )
47 {
48 u_char *p;
49 MD5_CTX md5;
50 u_char hash[16], seq_data[8];
51 des_key_schedule schedule;
52 des_cblock zero;
53 des_cblock deskey;
54 int32_t seq_number;
55 OM_uint32 ret;
56
57 p = token_buffer->value;
58 ret = gssapi_krb5_verify_header (&p,
59 token_buffer->length,
60 "\x01\x01");
61 if (ret)
62 return ret;
63
64 if (memcmp(p, "\x00\x00", 2) != 0)
65 return GSS_S_BAD_SIG;
66 p += 2;
67 if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
68 return GSS_S_BAD_MIC;
69 p += 4;
70 p += 16;
71
72 /* verify checksum */
73 MD5Init (&md5);
74 MD5Update (&md5, p - 24, 8);
75 MD5Update (&md5, message_buffer->value,
76 message_buffer->length);
77 MD5Final (hash, &md5);
78
79 memset (&zero, 0, sizeof(zero));
80 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
81
82 des_set_key (&deskey, schedule);
83 des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
84 schedule, &zero);
85 if (memcmp (p - 8, hash, 8) != 0) {
86 memset (deskey, 0, sizeof(deskey));
87 memset (schedule, 0, sizeof(schedule));
88 return GSS_S_BAD_MIC;
89 }
90
91 /* verify sequence number */
92
93 krb5_auth_getremoteseqnumber (gssapi_krb5_context,
94 context_handle->auth_context,
95 &seq_number);
96 seq_data[0] = (seq_number >> 0) & 0xFF;
97 seq_data[1] = (seq_number >> 8) & 0xFF;
98 seq_data[2] = (seq_number >> 16) & 0xFF;
99 seq_data[3] = (seq_number >> 24) & 0xFF;
100 memset (seq_data + 4,
101 (context_handle->more_flags & LOCAL) ? 0xFF : 0,
102 4);
103
104 p -= 16;
105 des_set_key (&deskey, schedule);
106 des_cbc_encrypt ((void *)p, (void *)p, 8,
107 schedule, (des_cblock *)hash, DES_DECRYPT);
108
109 memset (deskey, 0, sizeof(deskey));
110 memset (schedule, 0, sizeof(schedule));
111
112 if (memcmp (p, seq_data, 8) != 0) {
113 return GSS_S_BAD_MIC;
114 }
115
116 krb5_auth_setremoteseqnumber (gssapi_krb5_context,
117 context_handle->auth_context,
118 ++seq_number);
119
120 return GSS_S_COMPLETE;
121 }
122
123 static OM_uint32
124 verify_mic_des3
125 (OM_uint32 * minor_status,
126 const gss_ctx_id_t context_handle,
127 const gss_buffer_t message_buffer,
128 const gss_buffer_t token_buffer,
129 gss_qop_t * qop_state,
130 krb5_keyblock *key
131 )
132 {
133 u_char *p;
134 u_char seq[8];
135 int32_t seq_number;
136 OM_uint32 ret;
137 krb5_crypto crypto;
138 krb5_data seq_data;
139 int cmp;
140 Checksum csum;
141 char *tmp;
142
143 p = token_buffer->value;
144 ret = gssapi_krb5_verify_header (&p,
145 token_buffer->length,
146 "\x01\x01");
147 if (ret)
148 return ret;
149
150 if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
151 return GSS_S_BAD_SIG;
152 p += 2;
153 if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
154 return GSS_S_BAD_MIC;
155 p += 4;
156
157 ret = krb5_crypto_init(gssapi_krb5_context, key,
158 ETYPE_DES3_CBC_NONE, &crypto);
159 if (ret){
160 *minor_status = ret;
161 return GSS_S_FAILURE;
162 }
163
164 /* verify sequence number */
165
166 ret = krb5_decrypt (gssapi_krb5_context,
167 crypto,
168 KRB5_KU_USAGE_SEQ,
169 p, 8, &seq_data);
170 if (ret) {
171 krb5_crypto_destroy (gssapi_krb5_context, crypto);
172 *minor_status = ret;
173 return GSS_S_FAILURE;
174 }
175
176 if (seq_data.length != 8) {
177 krb5_crypto_destroy (gssapi_krb5_context, crypto);
178 krb5_data_free (&seq_data);
179 return GSS_S_BAD_MIC;
180 }
181
182 krb5_auth_getremoteseqnumber (gssapi_krb5_context,
183 context_handle->auth_context,
184 &seq_number);
185 seq[0] = (seq_number >> 0) & 0xFF;
186 seq[1] = (seq_number >> 8) & 0xFF;
187 seq[2] = (seq_number >> 16) & 0xFF;
188 seq[3] = (seq_number >> 24) & 0xFF;
189 memset (seq + 4,
190 (context_handle->more_flags & LOCAL) ? 0xFF : 0,
191 4);
192 cmp = memcmp (seq, seq_data.data, seq_data.length);
193 krb5_data_free (&seq_data);
194 if (cmp != 0) {
195 krb5_crypto_destroy (gssapi_krb5_context, crypto);
196 return GSS_S_BAD_MIC;
197 }
198
199 /* verify checksum */
200
201 tmp = malloc (message_buffer->length + 8);
202 if (tmp == NULL) {
203 krb5_crypto_destroy (gssapi_krb5_context, crypto);
204 *minor_status = ENOMEM;
205 return GSS_S_FAILURE;
206 }
207
208 memcpy (tmp, p - 8, 8);
209 memcpy (tmp + 8, message_buffer->value, message_buffer->length);
210
211 csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
212 csum.checksum.length = 20;
213 csum.checksum.data = p + 8;
214
215 ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
216 KRB5_KU_USAGE_SIGN,
217 tmp, message_buffer->length + 8,
218 &csum);
219 free (tmp);
220 if (ret) {
221 krb5_crypto_destroy (gssapi_krb5_context, crypto);
222 *minor_status = ret;
223 return GSS_S_BAD_MIC;
224 }
225
226 krb5_auth_setremoteseqnumber (gssapi_krb5_context,
227 context_handle->auth_context,
228 ++seq_number);
229
230 krb5_crypto_destroy (gssapi_krb5_context, crypto);
231 return GSS_S_COMPLETE;
232 }
233
234 OM_uint32
235 gss_verify_mic
236 (OM_uint32 * minor_status,
237 const gss_ctx_id_t context_handle,
238 const gss_buffer_t message_buffer,
239 const gss_buffer_t token_buffer,
240 gss_qop_t * qop_state
241 )
242 {
243 krb5_keyblock *key;
244 OM_uint32 ret;
245 krb5_keytype keytype;
246
247 ret = krb5_auth_con_getremotesubkey (gssapi_krb5_context,
248 context_handle->auth_context,
249 &key);
250 if (ret) {
251 *minor_status = ret;
252 return GSS_S_FAILURE;
253 }
254 krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
255 switch (keytype) {
256 case KEYTYPE_DES :
257 ret = verify_mic_des (minor_status, context_handle,
258 message_buffer, token_buffer, qop_state, key);
259 break;
260 case KEYTYPE_DES3 :
261 ret = verify_mic_des3 (minor_status, context_handle,
262 message_buffer, token_buffer, qop_state, key);
263 break;
264 default :
265 *minor_status = KRB5_PROG_ETYPE_NOSUPP;
266 ret = GSS_S_FAILURE;
267 break;
268 }
269 krb5_free_keyblock (gssapi_krb5_context, key);
270 return ret;
271 }
Heimdal