2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
39 gss_krb5_get_localkey(const gss_ctx_id_t context_handle
,
44 krb5_auth_con_getlocalsubkey(gssapi_krb5_context
,
45 context_handle
->auth_context
,
48 krb5_auth_con_getremotesubkey(gssapi_krb5_context
,
49 context_handle
->auth_context
,
52 krb5_auth_con_getkey(gssapi_krb5_context
,
53 context_handle
->auth_context
,
63 OM_uint32 req_output_size
,
64 OM_uint32
* max_input_size
,
69 size_t len
, total_len
, padlength
;
70 padlength
= blocksize
- (req_output_size
% blocksize
);
71 len
= req_output_size
+ 8 + padlength
+ extrasize
;
72 gssapi_krb5_encap_length(len
, &len
, &total_len
);
73 *max_input_size
= (OM_uint32
)total_len
;
74 return GSS_S_COMPLETE
;
79 OM_uint32
* minor_status
,
80 const gss_ctx_id_t context_handle
,
83 OM_uint32 req_output_size
,
84 OM_uint32
* max_input_size
91 ret
= gss_krb5_get_localkey(context_handle
, &key
);
93 gssapi_krb5_set_error_string ();
97 krb5_enctype_to_keytype (gssapi_krb5_context
, key
->keytype
, &keytype
);
101 case KEYTYPE_ARCFOUR
:
102 ret
= sub_wrap_size(req_output_size
, max_input_size
, 8, 22);
105 ret
= sub_wrap_size(req_output_size
, max_input_size
, 8, 34);
108 *minor_status
= KRB5_PROG_ETYPE_NOSUPP
;
112 krb5_free_keyblock (gssapi_krb5_context
, key
);
119 (OM_uint32
* minor_status
,
120 const gss_ctx_id_t context_handle
,
123 const gss_buffer_t input_message_buffer
,
125 gss_buffer_t output_message_buffer
,
132 des_key_schedule schedule
;
137 size_t len
, total_len
, padlength
, datalen
;
139 padlength
= 8 - (input_message_buffer
->length
% 8);
140 datalen
= input_message_buffer
->length
+ padlength
+ 8;
142 gssapi_krb5_encap_length (len
, &len
, &total_len
);
144 output_message_buffer
->length
= total_len
;
145 output_message_buffer
->value
= malloc (total_len
);
146 if (output_message_buffer
->value
== NULL
) {
147 *minor_status
= ENOMEM
;
148 return GSS_S_FAILURE
;
151 p
= gssapi_krb5_make_header(output_message_buffer
->value
,
153 "\x02\x01"); /* TOK_ID */
156 memcpy (p
, "\x00\x00", 2);
160 memcpy (p
, "\x00\x00", 2);
162 memcpy (p
, "\xff\xff", 2);
165 memcpy (p
, "\xff\xff", 2);
172 /* confounder + data + pad */
173 krb5_generate_random_block(p
, 8);
174 memcpy (p
+ 8, input_message_buffer
->value
,
175 input_message_buffer
->length
);
176 memset (p
+ 8 + input_message_buffer
->length
, padlength
, padlength
);
180 MD5_Update (&md5
, p
- 24, 8);
181 MD5_Update (&md5
, p
, datalen
);
182 MD5_Final (hash
, &md5
);
184 memset (&zero
, 0, sizeof(zero
));
185 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
186 des_set_key (&deskey
, schedule
);
187 des_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
189 memcpy (p
- 8, hash
, 8);
191 /* sequence number */
192 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context
,
193 context_handle
->auth_context
,
197 p
[0] = (seq_number
>> 0) & 0xFF;
198 p
[1] = (seq_number
>> 8) & 0xFF;
199 p
[2] = (seq_number
>> 16) & 0xFF;
200 p
[3] = (seq_number
>> 24) & 0xFF;
202 (context_handle
->more_flags
& LOCAL
) ? 0 : 0xFF,
205 des_set_key (&deskey
, schedule
);
206 des_cbc_encrypt ((void *)p
, (void *)p
, 8,
207 schedule
, (des_cblock
*)(p
+ 8), DES_ENCRYPT
);
209 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context
,
210 context_handle
->auth_context
,
213 /* encrypt the data */
217 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
219 for (i
= 0; i
< sizeof(deskey
); ++i
)
221 des_set_key (&deskey
, schedule
);
222 memset (&zero
, 0, sizeof(zero
));
223 des_cbc_encrypt ((void *)p
,
230 memset (deskey
, 0, sizeof(deskey
));
231 memset (schedule
, 0, sizeof(schedule
));
233 if(conf_state
!= NULL
)
234 *conf_state
= conf_req_flag
;
236 return GSS_S_COMPLETE
;
241 (OM_uint32
* minor_status
,
242 const gss_ctx_id_t context_handle
,
245 const gss_buffer_t input_message_buffer
,
247 gss_buffer_t output_message_buffer
,
254 size_t len
, total_len
, padlength
, datalen
;
260 padlength
= 8 - (input_message_buffer
->length
% 8);
261 datalen
= input_message_buffer
->length
+ padlength
+ 8;
263 gssapi_krb5_encap_length (len
, &len
, &total_len
);
265 output_message_buffer
->length
= total_len
;
266 output_message_buffer
->value
= malloc (total_len
);
267 if (output_message_buffer
->value
== NULL
) {
268 *minor_status
= ENOMEM
;
269 return GSS_S_FAILURE
;
272 p
= gssapi_krb5_make_header(output_message_buffer
->value
,
274 "\x02\x01"); /* TOK_ID */
277 memcpy (p
, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
281 memcpy (p
, "\x02\x00", 2); /* DES3-KD */
283 memcpy (p
, "\xff\xff", 2);
286 memcpy (p
, "\xff\xff", 2);
289 /* calculate checksum (the above + confounder + data + pad) */
291 memcpy (p
+ 20, p
- 8, 8);
292 krb5_generate_random_block(p
+ 28, 8);
293 memcpy (p
+ 28 + 8, input_message_buffer
->value
,
294 input_message_buffer
->length
);
295 memset (p
+ 28 + 8 + input_message_buffer
->length
, padlength
, padlength
);
297 ret
= krb5_crypto_init(gssapi_krb5_context
, key
, 0, &crypto
);
299 gssapi_krb5_set_error_string ();
300 free (output_message_buffer
->value
);
302 return GSS_S_FAILURE
;
305 ret
= krb5_create_checksum (gssapi_krb5_context
,
312 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
314 gssapi_krb5_set_error_string ();
315 free (output_message_buffer
->value
);
317 return GSS_S_FAILURE
;
320 /* zero out SND_SEQ + SGN_CKSUM in case */
323 memcpy (p
+ 8, cksum
.checksum
.data
, cksum
.checksum
.length
);
324 free_Checksum (&cksum
);
326 /* sequence number */
327 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context
,
328 context_handle
->auth_context
,
331 seq
[0] = (seq_number
>> 0) & 0xFF;
332 seq
[1] = (seq_number
>> 8) & 0xFF;
333 seq
[2] = (seq_number
>> 16) & 0xFF;
334 seq
[3] = (seq_number
>> 24) & 0xFF;
336 (context_handle
->more_flags
& LOCAL
) ? 0 : 0xFF,
340 ret
= krb5_crypto_init(gssapi_krb5_context
, key
, ETYPE_DES3_CBC_NONE
,
343 free (output_message_buffer
->value
);
345 return GSS_S_FAILURE
;
351 memcpy (&ivec
, p
+ 8, 8);
352 ret
= krb5_encrypt_ivec (gssapi_krb5_context
,
358 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
360 gssapi_krb5_set_error_string ();
361 free (output_message_buffer
->value
);
363 return GSS_S_FAILURE
;
366 assert (encdata
.length
== 8);
368 memcpy (p
, encdata
.data
, encdata
.length
);
369 krb5_data_free (&encdata
);
371 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context
,
372 context_handle
->auth_context
,
375 /* encrypt the data */
381 ret
= krb5_crypto_init(gssapi_krb5_context
, key
,
382 ETYPE_DES3_CBC_NONE
, &crypto
);
384 gssapi_krb5_set_error_string ();
385 free (output_message_buffer
->value
);
387 return GSS_S_FAILURE
;
389 ret
= krb5_encrypt(gssapi_krb5_context
, crypto
, KRB5_KU_USAGE_SEAL
,
391 krb5_crypto_destroy(gssapi_krb5_context
, crypto
);
393 gssapi_krb5_set_error_string ();
394 free (output_message_buffer
->value
);
396 return GSS_S_FAILURE
;
398 assert (tmp
.length
== datalen
);
400 memcpy (p
, tmp
.data
, datalen
);
401 krb5_data_free(&tmp
);
403 if(conf_state
!= NULL
)
404 *conf_state
= conf_req_flag
;
406 return GSS_S_COMPLETE
;
410 (OM_uint32
* minor_status
,
411 const gss_ctx_id_t context_handle
,
414 const gss_buffer_t input_message_buffer
,
416 gss_buffer_t output_message_buffer
421 krb5_keytype keytype
;
423 ret
= gss_krb5_get_localkey(context_handle
, &key
);
425 gssapi_krb5_set_error_string ();
427 return GSS_S_FAILURE
;
429 krb5_enctype_to_keytype (gssapi_krb5_context
, key
->keytype
, &keytype
);
433 ret
= wrap_des (minor_status
, context_handle
, conf_req_flag
,
434 qop_req
, input_message_buffer
, conf_state
,
435 output_message_buffer
, key
);
438 ret
= wrap_des3 (minor_status
, context_handle
, conf_req_flag
,
439 qop_req
, input_message_buffer
, conf_state
,
440 output_message_buffer
, key
);
442 case KEYTYPE_ARCFOUR
:
443 ret
= _gssapi_wrap_arcfour (minor_status
, context_handle
, conf_req_flag
,
444 qop_req
, input_message_buffer
, conf_state
,
445 output_message_buffer
, key
);
448 *minor_status
= KRB5_PROG_ETYPE_NOSUPP
;
452 krb5_free_keyblock (gssapi_krb5_context
, key
);