2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gsskrb5_locl.h"
38 (OM_uint32
* minor_status
,
39 const gsskrb5_ctx context_handle
,
41 const gss_buffer_t message_buffer
,
42 const gss_buffer_t token_buffer
,
43 gss_qop_t
* qop_state
,
50 u_char hash
[16], *seq
;
51 DES_key_schedule schedule
;
58 p
= token_buffer
->value
;
59 ret
= _gsskrb5_verify_header (&p
,
66 if (memcmp(p
, "\x00\x00", 2) != 0)
69 if (memcmp (p
, "\xff\xff\xff\xff", 4) != 0)
76 MD5_Update (&md5
, p
- 24, 8);
77 MD5_Update (&md5
, message_buffer
->value
,
78 message_buffer
->length
);
79 MD5_Final (hash
, &md5
);
81 memset (&zero
, 0, sizeof(zero
));
82 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
84 DES_set_key_unchecked (&deskey
, &schedule
);
85 DES_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
87 if (memcmp (p
- 8, hash
, 8) != 0) {
88 memset (deskey
, 0, sizeof(deskey
));
89 memset (&schedule
, 0, sizeof(schedule
));
93 /* verify sequence number */
95 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
98 DES_set_key_unchecked (&deskey
, &schedule
);
99 DES_cbc_encrypt ((void *)p
, (void *)p
, 8,
100 &schedule
, (DES_cblock
*)hash
, DES_DECRYPT
);
102 memset (deskey
, 0, sizeof(deskey
));
103 memset (&schedule
, 0, sizeof(schedule
));
106 _gsskrb5_decode_om_uint32(seq
, &seq_number
);
108 if (context_handle
->more_flags
& LOCAL
)
109 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
111 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
114 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
115 return GSS_S_BAD_MIC
;
118 ret
= _gssapi_msg_order_check(context_handle
->order
, seq_number
);
120 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
124 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
126 return GSS_S_COMPLETE
;
131 (OM_uint32
* minor_status
,
132 const gsskrb5_ctx context_handle
,
133 krb5_context context
,
134 const gss_buffer_t message_buffer
,
135 const gss_buffer_t token_buffer
,
136 gss_qop_t
* qop_state
,
152 p
= token_buffer
->value
;
153 ret
= _gsskrb5_verify_header (&p
,
154 token_buffer
->length
,
160 if (memcmp(p
, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
161 return GSS_S_BAD_SIG
;
163 if (memcmp (p
, "\xff\xff\xff\xff", 4) != 0)
164 return GSS_S_BAD_MIC
;
167 ret
= krb5_crypto_init(context
, key
,
168 ETYPE_DES3_CBC_NONE
, &crypto
);
171 return GSS_S_FAILURE
;
174 /* verify sequence number */
180 memcpy(ivec
, p
+ 8, 8);
182 ret
= krb5_decrypt_ivec (context
,
185 p
, 8, &seq_data
, ivec
);
188 krb5_crypto_destroy (context
, crypto
);
190 return GSS_S_FAILURE
;
195 if (seq_data
.length
!= 8) {
196 krb5_data_free (&seq_data
);
198 krb5_crypto_destroy (context
, crypto
);
199 return GSS_S_BAD_MIC
;
204 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
207 _gsskrb5_decode_om_uint32(seq
, &seq_number
);
209 if (context_handle
->more_flags
& LOCAL
)
210 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
212 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
214 krb5_data_free (&seq_data
);
216 krb5_crypto_destroy (context
, crypto
);
218 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
219 return GSS_S_BAD_MIC
;
222 ret
= _gssapi_msg_order_check(context_handle
->order
, seq_number
);
224 krb5_crypto_destroy (context
, crypto
);
226 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
230 /* verify checksum */
232 tmp
= malloc (message_buffer
->length
+ 8);
234 krb5_crypto_destroy (context
, crypto
);
235 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
236 *minor_status
= ENOMEM
;
237 return GSS_S_FAILURE
;
240 memcpy (tmp
, p
- 8, 8);
241 memcpy (tmp
+ 8, message_buffer
->value
, message_buffer
->length
);
243 csum
.cksumtype
= CKSUMTYPE_HMAC_SHA1_DES3
;
244 csum
.checksum
.length
= 20;
245 csum
.checksum
.data
= p
+ 8;
247 ret
= krb5_verify_checksum (context
, crypto
,
249 tmp
, message_buffer
->length
+ 8,
253 krb5_crypto_destroy (context
, crypto
);
255 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
256 return GSS_S_BAD_MIC
;
258 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
260 krb5_crypto_destroy (context
, crypto
);
261 return GSS_S_COMPLETE
;
265 _gsskrb5_verify_mic_internal
266 (OM_uint32
* minor_status
,
267 const gsskrb5_ctx ctx
,
268 krb5_context context
,
269 const gss_buffer_t message_buffer
,
270 const gss_buffer_t token_buffer
,
271 gss_qop_t
* qop_state
,
277 krb5_keytype keytype
;
279 if (ctx
->more_flags
& IS_CFX
)
280 return _gssapi_verify_mic_cfx (minor_status
, ctx
,
281 context
, message_buffer
, token_buffer
,
284 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
285 ret
= _gsskrb5i_get_token_key(ctx
, context
, &key
);
286 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
289 return GSS_S_FAILURE
;
292 krb5_enctype_to_keytype (context
, key
->keytype
, &keytype
);
295 ret
= verify_mic_des (minor_status
, ctx
, context
,
296 message_buffer
, token_buffer
, qop_state
, key
,
300 ret
= verify_mic_des3 (minor_status
, ctx
, context
,
301 message_buffer
, token_buffer
, qop_state
, key
,
304 case KEYTYPE_ARCFOUR
:
305 case KEYTYPE_ARCFOUR_56
:
306 ret
= _gssapi_verify_mic_arcfour (minor_status
, ctx
,
308 message_buffer
, token_buffer
,
309 qop_state
, key
, type
);
314 krb5_free_keyblock (context
, key
);
321 (OM_uint32
* minor_status
,
322 const gss_ctx_id_t context_handle
,
323 const gss_buffer_t message_buffer
,
324 const gss_buffer_t token_buffer
,
325 gss_qop_t
* qop_state
328 krb5_context context
;
331 GSSAPI_KRB5_INIT (&context
);
333 if (qop_state
!= NULL
)
334 *qop_state
= GSS_C_QOP_DEFAULT
;
336 ret
= _gsskrb5_verify_mic_internal(minor_status
,
337 (gsskrb5_ctx
)context_handle
,
339 message_buffer
, token_buffer
,
340 qop_state
, "\x01\x01");