search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
[heimdal.git] / lib / gssapi / krb5 / arcfour.c
blob13bf1d3465394fc8ccf3db6ea9e19c571df26138
1 /*
2 * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gsskrb5_locl.h"
35
36 /*
37 * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
38 *
39 * The arcfour message have the following formats:
40 *
41 * MIC token
42 * TOK_ID[2] = 01 01
43 * SGN_ALG[2] = 11 00
44 * Filler[4]
45 * SND_SEQ[8]
46 * SGN_CKSUM[8]
47 *
48 * WRAP token
49 * TOK_ID[2] = 02 01
50 * SGN_ALG[2];
51 * SEAL_ALG[2]
52 * Filler[2]
53 * SND_SEQ[2]
54 * SGN_CKSUM[8]
55 * Confounder[8]
56 */
57
58 /*
59 * WRAP in DCE-style have a fixed size header, the oid and length over
60 * the WRAP header is a total of
61 * GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE +
62 * GSS_ARCFOUR_WRAP_TOKEN_SIZE byte (ie total of 45 bytes overhead,
63 * remember the 2 bytes from APPL [0] SEQ).
64 */
65
66 #define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
67 #define GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE 13
68
69
70 static krb5_error_code
71 arcfour_mic_key(krb5_context context, krb5_keyblock *key,
72 const void *cksum_data, size_t cksum_size,
73 void *key6_data, size_t key6_size)
74 {
75 krb5_error_code ret;
76
77 Checksum cksum_k5;
78 krb5_keyblock key5;
79 char k5_data[16];
80
81 Checksum cksum_k6;
82
83 char T[4];
84
85 memset(T, 0, 4);
86 cksum_k5.checksum.data = k5_data;
87 cksum_k5.checksum.length = sizeof(k5_data);
88
89 if (key->keytype == KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56) {
90 char L40[14] = "fortybits";
91
92 memcpy(L40 + 10, T, sizeof(T));
93 ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
94 L40, 14, 0, key, &cksum_k5);
95 memset(&k5_data[7], 0xAB, 9);
96 } else {
97 ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
98 T, 4, 0, key, &cksum_k5);
99 }
100 if (ret)
101 return ret;
102
103 key5.keytype = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5;
104 key5.keyvalue = cksum_k5.checksum;
105
106 cksum_k6.checksum.data = key6_data;
107 cksum_k6.checksum.length = key6_size;
108
109 return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
110 cksum_data, cksum_size, 0, &key5, &cksum_k6);
111 }
112
113
114 static krb5_error_code
115 arcfour_mic_cksum_iov(krb5_context context,
116 krb5_keyblock *key, unsigned usage,
117 u_char *sgn_cksum, size_t sgn_cksum_sz,
118 const u_char *v1, size_t l1,
119 const void *v2, size_t l2,
120 const gss_iov_buffer_desc *iov,
121 int iov_count,
122 const gss_iov_buffer_desc *padding)
123 {
124 Checksum CKSUM;
125 u_char *ptr;
126 size_t len;
127 size_t ofs = 0;
128 int i;
129 krb5_crypto crypto;
130 krb5_error_code ret;
131
132 assert(sgn_cksum_sz == 8);
133
134 len = l1 + l2;
135
136 for (i=0; i < iov_count; i++) {
137 switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
138 case GSS_IOV_BUFFER_TYPE_DATA:
139 case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
140 break;
141 default:
142 continue;
143 }
144
145 len += iov[i].buffer.length;
146 }
147
148 if (padding) {
149 len += padding->buffer.length;
150 }
151
152 ptr = malloc(len);
153 if (ptr == NULL)
154 return ENOMEM;
155
156 memcpy(ptr + ofs, v1, l1);
157 ofs += l1;
158 memcpy(ptr + ofs, v2, l2);
159 ofs += l2;
160
161 for (i=0; i < iov_count; i++) {
162 switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) {
163 case GSS_IOV_BUFFER_TYPE_DATA:
164 case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
165 break;
166 default:
167 continue;
168 }
169
170 memcpy(ptr + ofs,
171 iov[i].buffer.value,
172 iov[i].buffer.length);
173 ofs += iov[i].buffer.length;
174 }
175
176 if (padding) {
177 memcpy(ptr + ofs,
178 padding->buffer.value,
179 padding->buffer.length);
180 ofs += padding->buffer.length;
181 }
182
183 ret = krb5_crypto_init(context, key, 0, &crypto);
184 if (ret) {
185 free(ptr);
186 return ret;
187 }
188
189 ret = krb5_create_checksum(context,
190 crypto,
191 usage,
192 0,
193 ptr, len,
194 &CKSUM);
195 memset(ptr, 0, len);
196 free(ptr);
197 if (ret == 0) {
198 memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
199 free_Checksum(&CKSUM);
200 }
201 krb5_crypto_destroy(context, crypto);
202
203 return ret;
204 }
205
206 static krb5_error_code
207 arcfour_mic_cksum(krb5_context context,
208 krb5_keyblock *key, unsigned usage,
209 u_char *sgn_cksum, size_t sgn_cksum_sz,
210 const u_char *v1, size_t l1,
211 const void *v2, size_t l2,
212 const void *v3, size_t l3)
213 {
214 gss_iov_buffer_desc iov;
215
216 iov.type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
217 iov.buffer.value = rk_UNCONST(v3);
218 iov.buffer.length = l3;
219
220 return arcfour_mic_cksum_iov(context, key, usage,
221 sgn_cksum, sgn_cksum_sz,
222 v1, l1, v2, l2,
223 &iov, 1, NULL);
224 }
225
226
227 OM_uint32
228 _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
229 const gsskrb5_ctx context_handle,
230 krb5_context context,
231 gss_qop_t qop_req,
232 const gss_buffer_t message_buffer,
233 gss_buffer_t message_token,
234 krb5_keyblock *key)
235 {
236 krb5_error_code ret;
237 int32_t seq_number;
238 size_t len, total_len;
239 u_char k6_data[16], *p0, *p;
240 EVP_CIPHER_CTX rc4_key;
241
242 _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
243
244 message_token->length = total_len;
245 message_token->value = malloc (total_len);
246 if (message_token->value == NULL) {
247 *minor_status = ENOMEM;
248 return GSS_S_FAILURE;
249 }
250
251 p0 = _gssapi_make_mech_header(message_token->value,
252 len,
253 GSS_KRB5_MECHANISM);
254 p = p0;
255
256 *p++ = 0x01; /* TOK_ID */
257 *p++ = 0x01;
258 *p++ = 0x11; /* SGN_ALG */
259 *p++ = 0x00;
260 *p++ = 0xff; /* Filler */
261 *p++ = 0xff;
262 *p++ = 0xff;
263 *p++ = 0xff;
264
265 p = NULL;
266
267 ret = arcfour_mic_cksum(context,
268 key, KRB5_KU_USAGE_SIGN,
269 p0 + 16, 8, /* SGN_CKSUM */
270 p0, 8, /* TOK_ID, SGN_ALG, Filer */
271 message_buffer->value, message_buffer->length,
272 NULL, 0);
273 if (ret) {
274 _gsskrb5_release_buffer(minor_status, message_token);
275 *minor_status = ret;
276 return GSS_S_FAILURE;
277 }
278
279 ret = arcfour_mic_key(context, key,
280 p0 + 16, 8, /* SGN_CKSUM */
281 k6_data, sizeof(k6_data));
282 if (ret) {
283 _gsskrb5_release_buffer(minor_status, message_token);
284 *minor_status = ret;
285 return GSS_S_FAILURE;
286 }
287
288 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
289 krb5_auth_con_getlocalseqnumber (context,
290 context_handle->auth_context,
291 &seq_number);
292 p = p0 + 8; /* SND_SEQ */
293 _gsskrb5_encode_be_om_uint32(seq_number, p);
294
295 krb5_auth_con_setlocalseqnumber (context,
296 context_handle->auth_context,
297 ++seq_number);
298 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
299
300 memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
301
302 EVP_CIPHER_CTX_init(&rc4_key);
303 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
304 EVP_Cipher(&rc4_key, p, p, 8);
305 EVP_CIPHER_CTX_cleanup(&rc4_key);
306
307 memset(k6_data, 0, sizeof(k6_data));
308
309 *minor_status = 0;
310 return GSS_S_COMPLETE;
311 }
312
313
314 OM_uint32
315 _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
316 const gsskrb5_ctx context_handle,
317 krb5_context context,
318 const gss_buffer_t message_buffer,
319 const gss_buffer_t token_buffer,
320 gss_qop_t * qop_state,
321 krb5_keyblock *key,
322 const char *type)
323 {
324 krb5_error_code ret;
325 uint32_t seq_number;
326 OM_uint32 omret;
327 u_char SND_SEQ[8], cksum_data[8], *p;
328 char k6_data[16];
329 int cmp;
330
331 if (qop_state)
332 *qop_state = 0;
333
334 p = token_buffer->value;
335 omret = _gsskrb5_verify_header (&p,
336 token_buffer->length,
337 type,
338 GSS_KRB5_MECHANISM);
339 if (omret)
340 return omret;
341
342 if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
343 return GSS_S_BAD_SIG;
344 p += 2;
345 if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
346 return GSS_S_BAD_MIC;
347 p += 4;
348
349 ret = arcfour_mic_cksum(context,
350 key, KRB5_KU_USAGE_SIGN,
351 cksum_data, sizeof(cksum_data),
352 p - 8, 8,
353 message_buffer->value, message_buffer->length,
354 NULL, 0);
355 if (ret) {
356 *minor_status = ret;
357 return GSS_S_FAILURE;
358 }
359
360 ret = arcfour_mic_key(context, key,
361 cksum_data, sizeof(cksum_data),
362 k6_data, sizeof(k6_data));
363 if (ret) {
364 *minor_status = ret;
365 return GSS_S_FAILURE;
366 }
367
368 cmp = ct_memcmp(cksum_data, p + 8, 8);
369 if (cmp) {
370 *minor_status = 0;
371 return GSS_S_BAD_MIC;
372 }
373
374 {
375 EVP_CIPHER_CTX rc4_key;
376
377 EVP_CIPHER_CTX_init(&rc4_key);
378 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
379 EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
380 EVP_CIPHER_CTX_cleanup(&rc4_key);
381
382 memset(k6_data, 0, sizeof(k6_data));
383 }
384
385 _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
386
387 if (context_handle->more_flags & LOCAL)
388 cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
389 else
390 cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
391
392 memset(SND_SEQ, 0, sizeof(SND_SEQ));
393 if (cmp != 0) {
394 *minor_status = 0;
395 return GSS_S_BAD_MIC;
396 }
397
398 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
399 omret = _gssapi_msg_order_check(context_handle->order, seq_number);
400 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
401 if (omret)
402 return omret;
403
404 *minor_status = 0;
405 return GSS_S_COMPLETE;
406 }
407
408 OM_uint32
409 _gssapi_wrap_arcfour(OM_uint32 * minor_status,
410 const gsskrb5_ctx context_handle,
411 krb5_context context,
412 int conf_req_flag,
413 gss_qop_t qop_req,
414 const gss_buffer_t input_message_buffer,
415 int * conf_state,
416 gss_buffer_t output_message_buffer,
417 krb5_keyblock *key)
418 {
419 u_char Klocaldata[16], k6_data[16], *p, *p0;
420 size_t len, total_len, datalen;
421 krb5_keyblock Klocal;
422 krb5_error_code ret;
423 int32_t seq_number;
424
425 if (conf_state)
426 *conf_state = 0;
427
428 datalen = input_message_buffer->length;
429
430 if (IS_DCE_STYLE(context_handle)) {
431 len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
432 _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
433 total_len += datalen;
434 } else {
435 datalen += 1; /* padding */
436 len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
437 _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
438 }
439
440 output_message_buffer->length = total_len;
441 output_message_buffer->value = malloc (total_len);
442 if (output_message_buffer->value == NULL) {
443 *minor_status = ENOMEM;
444 return GSS_S_FAILURE;
445 }
446
447 p0 = _gssapi_make_mech_header(output_message_buffer->value,
448 len,
449 GSS_KRB5_MECHANISM);
450 p = p0;
451
452 *p++ = 0x02; /* TOK_ID */
453 *p++ = 0x01;
454 *p++ = 0x11; /* SGN_ALG */
455 *p++ = 0x00;
456 if (conf_req_flag) {
457 *p++ = 0x10; /* SEAL_ALG */
458 *p++ = 0x00;
459 } else {
460 *p++ = 0xff; /* SEAL_ALG */
461 *p++ = 0xff;
462 }
463 *p++ = 0xff; /* Filler */
464 *p++ = 0xff;
465
466 p = NULL;
467
468 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
469 krb5_auth_con_getlocalseqnumber (context,
470 context_handle->auth_context,
471 &seq_number);
472
473 _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8);
474
475 krb5_auth_con_setlocalseqnumber (context,
476 context_handle->auth_context,
477 ++seq_number);
478 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
479
480 memset (p0 + 8 + 4,
481 (context_handle->more_flags & LOCAL) ? 0 : 0xff,
482 4);
483
484 krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
485
486 /* p points to data */
487 p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
488 memcpy(p, input_message_buffer->value, input_message_buffer->length);
489
490 if (!IS_DCE_STYLE(context_handle))
491 p[input_message_buffer->length] = 1; /* padding */
492
493 ret = arcfour_mic_cksum(context,
494 key, KRB5_KU_USAGE_SEAL,
495 p0 + 16, 8, /* SGN_CKSUM */
496 p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
497 p0 + 24, 8, /* Confounder */
498 p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
499 datalen);
500 if (ret) {
501 *minor_status = ret;
502 _gsskrb5_release_buffer(minor_status, output_message_buffer);
503 return GSS_S_FAILURE;
504 }
505
506 {
507 int i;
508
509 Klocal.keytype = key->keytype;
510 Klocal.keyvalue.data = Klocaldata;
511 Klocal.keyvalue.length = sizeof(Klocaldata);
512
513 for (i = 0; i < 16; i++)
514 Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
515 }
516 ret = arcfour_mic_key(context, &Klocal,
517 p0 + 8, 4, /* SND_SEQ */
518 k6_data, sizeof(k6_data));
519 memset(Klocaldata, 0, sizeof(Klocaldata));
520 if (ret) {
521 _gsskrb5_release_buffer(minor_status, output_message_buffer);
522 *minor_status = ret;
523 return GSS_S_FAILURE;
524 }
525
526
527 if(conf_req_flag) {
528 EVP_CIPHER_CTX rc4_key;
529
530 EVP_CIPHER_CTX_init(&rc4_key);
531 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
532 EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen);
533 EVP_CIPHER_CTX_cleanup(&rc4_key);
534 }
535 memset(k6_data, 0, sizeof(k6_data));
536
537 ret = arcfour_mic_key(context, key,
538 p0 + 16, 8, /* SGN_CKSUM */
539 k6_data, sizeof(k6_data));
540 if (ret) {
541 _gsskrb5_release_buffer(minor_status, output_message_buffer);
542 *minor_status = ret;
543 return GSS_S_FAILURE;
544 }
545
546 {
547 EVP_CIPHER_CTX rc4_key;
548
549 EVP_CIPHER_CTX_init(&rc4_key);
550 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
551 EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
552 EVP_CIPHER_CTX_cleanup(&rc4_key);
553 memset(k6_data, 0, sizeof(k6_data));
554 }
555
556 if (conf_state)
557 *conf_state = conf_req_flag;
558
559 *minor_status = 0;
560 return GSS_S_COMPLETE;
561 }
562
563 OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
564 const gsskrb5_ctx context_handle,
565 krb5_context context,
566 const gss_buffer_t input_message_buffer,
567 gss_buffer_t output_message_buffer,
568 int *conf_state,
569 gss_qop_t *qop_state,
570 krb5_keyblock *key)
571 {
572 u_char Klocaldata[16];
573 krb5_keyblock Klocal;
574 krb5_error_code ret;
575 uint32_t seq_number;
576 size_t datalen;
577 OM_uint32 omret;
578 u_char k6_data[16], SND_SEQ[8], Confounder[8];
579 u_char cksum_data[8];
580 u_char *p, *p0;
581 int cmp;
582 int conf_flag;
583 size_t padlen = 0, len;
584
585 if (conf_state)
586 *conf_state = 0;
587 if (qop_state)
588 *qop_state = 0;
589
590 p0 = input_message_buffer->value;
591
592 if (IS_DCE_STYLE(context_handle)) {
593 len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
594 GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
595 if (input_message_buffer->length < len)
596 return GSS_S_BAD_MECH;
597 } else {
598 len = input_message_buffer->length;
599 }
600
601 omret = _gssapi_verify_mech_header(&p0,
602 len,
603 GSS_KRB5_MECHANISM);
604 if (omret)
605 return omret;
606
607 /* length of mech header */
608 len = (p0 - (u_char *)input_message_buffer->value) +
609 GSS_ARCFOUR_WRAP_TOKEN_SIZE;
610
611 if (len > input_message_buffer->length)
612 return GSS_S_BAD_MECH;
613
614 /* length of data */
615 datalen = input_message_buffer->length - len;
616
617 p = p0;
618
619 if (memcmp(p, "\x02\x01", 2) != 0)
620 return GSS_S_BAD_SIG;
621 p += 2;
622 if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
623 return GSS_S_BAD_SIG;
624 p += 2;
625
626 if (memcmp (p, "\x10\x00", 2) == 0)
627 conf_flag = 1;
628 else if (memcmp (p, "\xff\xff", 2) == 0)
629 conf_flag = 0;
630 else
631 return GSS_S_BAD_SIG;
632
633 p += 2;
634 if (memcmp (p, "\xff\xff", 2) != 0)
635 return GSS_S_BAD_MIC;
636 p = NULL;
637
638 ret = arcfour_mic_key(context, key,
639 p0 + 16, 8, /* SGN_CKSUM */
640 k6_data, sizeof(k6_data));
641 if (ret) {
642 *minor_status = ret;
643 return GSS_S_FAILURE;
644 }
645
646 {
647 EVP_CIPHER_CTX rc4_key;
648
649 EVP_CIPHER_CTX_init(&rc4_key);
650 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
651 EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
652 EVP_CIPHER_CTX_cleanup(&rc4_key);
653 memset(k6_data, 0, sizeof(k6_data));
654 }
655
656 _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
657
658 if (context_handle->more_flags & LOCAL)
659 cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
660 else
661 cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
662
663 if (cmp != 0) {
664 *minor_status = 0;
665 return GSS_S_BAD_MIC;
666 }
667
668 {
669 int i;
670
671 Klocal.keytype = key->keytype;
672 Klocal.keyvalue.data = Klocaldata;
673 Klocal.keyvalue.length = sizeof(Klocaldata);
674
675 for (i = 0; i < 16; i++)
676 Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
677 }
678 ret = arcfour_mic_key(context, &Klocal,
679 SND_SEQ, 4,
680 k6_data, sizeof(k6_data));
681 memset(Klocaldata, 0, sizeof(Klocaldata));
682 if (ret) {
683 *minor_status = ret;
684 return GSS_S_FAILURE;
685 }
686
687 output_message_buffer->value = malloc(datalen);
688 if (output_message_buffer->value == NULL) {
689 *minor_status = ENOMEM;
690 return GSS_S_FAILURE;
691 }
692 output_message_buffer->length = datalen;
693
694 if(conf_flag) {
695 EVP_CIPHER_CTX rc4_key;
696
697 EVP_CIPHER_CTX_init(&rc4_key);
698 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
699 EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
700 EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen);
701 EVP_CIPHER_CTX_cleanup(&rc4_key);
702 } else {
703 memcpy(Confounder, p0 + 24, 8); /* Confounder */
704 memcpy(output_message_buffer->value,
705 p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
706 datalen);
707 }
708 memset(k6_data, 0, sizeof(k6_data));
709
710 if (!IS_DCE_STYLE(context_handle)) {
711 ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
712 if (ret) {
713 _gsskrb5_release_buffer(minor_status, output_message_buffer);
714 *minor_status = 0;
715 return ret;
716 }
717 output_message_buffer->length -= padlen;
718 }
719
720 ret = arcfour_mic_cksum(context,
721 key, KRB5_KU_USAGE_SEAL,
722 cksum_data, sizeof(cksum_data),
723 p0, 8,
724 Confounder, sizeof(Confounder),
725 output_message_buffer->value,
726 output_message_buffer->length + padlen);
727 if (ret) {
728 _gsskrb5_release_buffer(minor_status, output_message_buffer);
729 *minor_status = ret;
730 return GSS_S_FAILURE;
731 }
732
733 cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
734 if (cmp) {
735 _gsskrb5_release_buffer(minor_status, output_message_buffer);
736 *minor_status = 0;
737 return GSS_S_BAD_MIC;
738 }
739
740 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
741 omret = _gssapi_msg_order_check(context_handle->order, seq_number);
742 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
743 if (omret)
744 return omret;
745
746 if (conf_state)
747 *conf_state = conf_flag;
748
749 *minor_status = 0;
750 return GSS_S_COMPLETE;
751 }
752
753 static OM_uint32
754 max_wrap_length_arcfour(const gsskrb5_ctx ctx,
755 krb5_crypto crypto,
756 size_t input_length,
757 OM_uint32 *max_input_size)
758 {
759 /*
760 * if GSS_C_DCE_STYLE is in use:
761 * - we only need to encapsulate the WRAP token
762 * However, since this is a fixed since, we just
763 */
764 if (IS_DCE_STYLE(ctx)) {
765 size_t len, total_len;
766
767 len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
768 _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
769
770 if (input_length < len)
771 *max_input_size = 0;
772 else
773 *max_input_size = input_length - len;
774
775 } else {
776 size_t extrasize = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
777 size_t blocksize = 8;
778 size_t len, total_len;
779
780 len = 8 + input_length + blocksize + extrasize;
781
782 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
783
784 total_len -= input_length; /* token length */
785 if (total_len < input_length) {
786 *max_input_size = (input_length - total_len);
787 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
788 } else {
789 *max_input_size = 0;
790 }
791 }
792
793 return GSS_S_COMPLETE;
794 }
795
796 OM_uint32
797 _gssapi_wrap_size_arcfour(OM_uint32 *minor_status,
798 const gsskrb5_ctx ctx,
799 krb5_context context,
800 int conf_req_flag,
801 gss_qop_t qop_req,
802 OM_uint32 req_output_size,
803 OM_uint32 *max_input_size,
804 krb5_keyblock *key)
805 {
806 krb5_error_code ret;
807 krb5_crypto crypto;
808
809 ret = krb5_crypto_init(context, key, 0, &crypto);
810 if (ret != 0) {
811 *minor_status = ret;
812 return GSS_S_FAILURE;
813 }
814
815 ret = max_wrap_length_arcfour(ctx, crypto,
816 req_output_size, max_input_size);
817 if (ret != 0) {
818 *minor_status = ret;
819 krb5_crypto_destroy(context, crypto);
820 return GSS_S_FAILURE;
821 }
822
823 krb5_crypto_destroy(context, crypto);
824
825 return GSS_S_COMPLETE;
826 }
Heimdal