2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
39 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle
,
44 krb5_auth_con_getremotesubkey(gssapi_krb5_context
,
45 context_handle
->auth_context
,
48 krb5_auth_con_getlocalsubkey(gssapi_krb5_context
,
49 context_handle
->auth_context
,
52 krb5_auth_con_getkey(gssapi_krb5_context
,
53 context_handle
->auth_context
,
63 (OM_uint32
* minor_status
,
64 const gss_ctx_id_t context_handle
,
65 const gss_buffer_t input_message_buffer
,
66 gss_buffer_t output_message_buffer
,
68 gss_qop_t
* qop_state
,
75 u_char hash
[16], seq_data
[8];
76 des_key_schedule schedule
;
85 p
= input_message_buffer
->value
;
86 ret
= gssapi_krb5_verify_header (&p
,
87 input_message_buffer
->length
,
94 if (memcmp (p
, "\x00\x00", 2) != 0)
97 if (memcmp (p
, "\x00\x00", 2) == 0) {
99 } else if (memcmp (p
, "\xFF\xFF", 2) == 0) {
102 return GSS_S_BAD_MIC
;
104 if(conf_state
!= NULL
)
105 *conf_state
= cstate
;
106 if (memcmp (p
, "\xff\xff", 2) != 0)
107 return GSS_S_DEFECTIVE_TOKEN
;
111 len
= p
- (u_char
*)input_message_buffer
->value
;
115 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
117 for (i
= 0; i
< sizeof(deskey
); ++i
)
119 des_set_key (&deskey
, schedule
);
120 memset (&zero
, 0, sizeof(zero
));
121 des_cbc_encrypt ((void *)p
,
123 input_message_buffer
->length
- len
,
128 memset (deskey
, 0, sizeof(deskey
));
129 memset (schedule
, 0, sizeof(schedule
));
133 pad
= (u_char
*)input_message_buffer
->value
+ input_message_buffer
->length
- 1;
136 for (i
= padlength
; i
> 0 && *pad
== padlength
; i
--, pad
--)
139 return GSS_S_BAD_MIC
;
142 MD5_Update (&md5
, p
- 24, 8);
143 MD5_Update (&md5
, p
, input_message_buffer
->length
- len
);
144 MD5_Final (hash
, &md5
);
146 memset (&zero
, 0, sizeof(zero
));
147 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
148 des_set_key (&deskey
, schedule
);
149 des_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
151 if (memcmp (p
- 8, hash
, 8) != 0)
152 return GSS_S_BAD_MIC
;
154 /* verify sequence number */
156 krb5_auth_getremoteseqnumber (gssapi_krb5_context
,
157 context_handle
->auth_context
,
159 seq_data
[0] = (seq_number
>> 0) & 0xFF;
160 seq_data
[1] = (seq_number
>> 8) & 0xFF;
161 seq_data
[2] = (seq_number
>> 16) & 0xFF;
162 seq_data
[3] = (seq_number
>> 24) & 0xFF;
163 memset (seq_data
+ 4,
164 (context_handle
->more_flags
& LOCAL
) ? 0xFF : 0,
168 des_set_key (&deskey
, schedule
);
169 des_cbc_encrypt ((void *)p
, (void *)p
, 8,
170 schedule
, (des_cblock
*)hash
, DES_DECRYPT
);
172 memset (deskey
, 0, sizeof(deskey
));
173 memset (schedule
, 0, sizeof(schedule
));
175 if (memcmp (p
, seq_data
, 8) != 0) {
176 return GSS_S_BAD_MIC
;
179 krb5_auth_con_setremoteseqnumber (gssapi_krb5_context
,
180 context_handle
->auth_context
,
185 output_message_buffer
->length
= input_message_buffer
->length
186 - len
- padlength
- 8;
187 output_message_buffer
->value
= malloc(output_message_buffer
->length
);
188 if(output_message_buffer
->length
!= 0 && output_message_buffer
->value
== NULL
)
189 return GSS_S_FAILURE
;
190 memcpy (output_message_buffer
->value
,
192 output_message_buffer
->length
);
193 return GSS_S_COMPLETE
;
198 (OM_uint32
* minor_status
,
199 const gss_ctx_id_t context_handle
,
200 const gss_buffer_t input_message_buffer
,
201 gss_buffer_t output_message_buffer
,
203 gss_qop_t
* qop_state
,
221 p
= input_message_buffer
->value
;
222 ret
= gssapi_krb5_verify_header (&p
,
223 input_message_buffer
->length
,
228 if (memcmp (p
, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
229 return GSS_S_BAD_SIG
;
231 if (memcmp (p
, "\x02\x00", 2) == 0) {
233 } else if (memcmp (p
, "\xff\xff", 2) == 0) {
236 return GSS_S_BAD_MIC
;
238 if(conf_state
!= NULL
)
239 *conf_state
= cstate
;
240 if (memcmp (p
, "\xff\xff", 2) != 0)
241 return GSS_S_DEFECTIVE_TOKEN
;
245 len
= p
- (u_char
*)input_message_buffer
->value
;
251 ret
= krb5_crypto_init(gssapi_krb5_context
, key
,
252 ETYPE_DES3_CBC_NONE
, &crypto
);
254 gssapi_krb5_set_error_string ();
256 return GSS_S_FAILURE
;
258 ret
= krb5_decrypt(gssapi_krb5_context
, crypto
, KRB5_KU_USAGE_SEAL
,
259 p
, input_message_buffer
->length
- len
, &tmp
);
260 krb5_crypto_destroy(gssapi_krb5_context
, crypto
);
262 gssapi_krb5_set_error_string ();
264 return GSS_S_FAILURE
;
266 assert (tmp
.length
== input_message_buffer
->length
- len
);
268 memcpy (p
, tmp
.data
, tmp
.length
);
269 krb5_data_free(&tmp
);
273 pad
= (u_char
*)input_message_buffer
->value
+ input_message_buffer
->length
- 1;
276 for (i
= padlength
; i
> 0 && *pad
== padlength
; i
--, pad
--)
279 return GSS_S_BAD_MIC
;
281 /* verify sequence number */
283 krb5_auth_getremoteseqnumber (gssapi_krb5_context
,
284 context_handle
->auth_context
,
286 seq
[0] = (seq_number
>> 0) & 0xFF;
287 seq
[1] = (seq_number
>> 8) & 0xFF;
288 seq
[2] = (seq_number
>> 16) & 0xFF;
289 seq
[3] = (seq_number
>> 24) & 0xFF;
291 (context_handle
->more_flags
& LOCAL
) ? 0xFF : 0,
296 ret
= krb5_crypto_init(gssapi_krb5_context
, key
,
297 ETYPE_DES3_CBC_NONE_IVEC
, &crypto
);
299 gssapi_krb5_set_error_string ();
301 return GSS_S_FAILURE
;
306 memcpy(&ivec
, p
+ 8, 8);
307 ret
= krb5_decrypt_ivec (gssapi_krb5_context
,
313 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
315 gssapi_krb5_set_error_string ();
317 return GSS_S_FAILURE
;
319 if (seq_data
.length
!= 8) {
320 krb5_data_free (&seq_data
);
321 return GSS_S_BAD_MIC
;
324 cmp
= memcmp (seq
, seq_data
.data
, seq_data
.length
);
325 krb5_data_free (&seq_data
);
327 return GSS_S_BAD_MIC
;
330 krb5_auth_con_setremoteseqnumber (gssapi_krb5_context
,
331 context_handle
->auth_context
,
334 /* verify checksum */
336 memcpy (cksum
, p
+ 8, 20);
338 memcpy (p
+ 20, p
- 8, 8);
340 csum
.cksumtype
= CKSUMTYPE_HMAC_SHA1_DES3
;
341 csum
.checksum
.length
= 20;
342 csum
.checksum
.data
= cksum
;
344 ret
= krb5_crypto_init(gssapi_krb5_context
, key
, 0, &crypto
);
346 gssapi_krb5_set_error_string ();
348 return GSS_S_FAILURE
;
351 ret
= krb5_verify_checksum (gssapi_krb5_context
, crypto
,
354 input_message_buffer
->length
- len
+ 8,
356 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
358 gssapi_krb5_set_error_string ();
360 return GSS_S_FAILURE
;
365 output_message_buffer
->length
= input_message_buffer
->length
366 - len
- padlength
- 8;
367 output_message_buffer
->value
= malloc(output_message_buffer
->length
);
368 if(output_message_buffer
->length
!= 0 && output_message_buffer
->value
== NULL
)
369 return GSS_S_FAILURE
;
370 memcpy (output_message_buffer
->value
,
372 output_message_buffer
->length
);
373 return GSS_S_COMPLETE
;
377 (OM_uint32
* minor_status
,
378 const gss_ctx_id_t context_handle
,
379 const gss_buffer_t input_message_buffer
,
380 gss_buffer_t output_message_buffer
,
382 gss_qop_t
* qop_state
387 krb5_keytype keytype
;
389 ret
= gss_krb5_get_remotekey(context_handle
, &key
);
391 gssapi_krb5_set_error_string ();
393 return GSS_S_FAILURE
;
395 krb5_enctype_to_keytype (gssapi_krb5_context
, key
->keytype
, &keytype
);
399 ret
= unwrap_des (minor_status
, context_handle
,
400 input_message_buffer
, output_message_buffer
,
401 conf_state
, qop_state
, key
);
404 ret
= unwrap_des3 (minor_status
, context_handle
,
405 input_message_buffer
, output_message_buffer
,
406 conf_state
, qop_state
, key
);
409 *minor_status
= KRB5_PROG_ETYPE_NOSUPP
;
413 krb5_free_keyblock (gssapi_krb5_context
, key
);