search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
switch to use EVP interface instead of old crypto interface
[heimdal.git] / lib / gssapi / krb5 / wrap.c
blob536be3427ae9d861fb7159be1fcfd47d204af7fa
1 /*
2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gsskrb5_locl.h"
35
36 /*
37 * Return initiator subkey, or if that doesn't exists, the subkey.
38 */
39
40 krb5_error_code
41 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
42 krb5_context context,
43 krb5_keyblock **key)
44 {
45 krb5_error_code ret;
46 *key = NULL;
47
48 if (ctx->more_flags & LOCAL) {
49 ret = krb5_auth_con_getlocalsubkey(context,
50 ctx->auth_context,
51 key);
52 } else {
53 ret = krb5_auth_con_getremotesubkey(context,
54 ctx->auth_context,
55 key);
56 }
57 if (ret == 0 && *key == NULL)
58 ret = krb5_auth_con_getkey(context,
59 ctx->auth_context,
60 key);
61 if (ret == 0 && *key == NULL) {
62 krb5_set_error_message(context, 0, "No initiator subkey available");
63 return GSS_KRB5_S_KG_NO_SUBKEY;
64 }
65 return ret;
66 }
67
68 krb5_error_code
69 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
70 krb5_context context,
71 krb5_keyblock **key)
72 {
73 krb5_error_code ret;
74 *key = NULL;
75
76 if (ctx->more_flags & LOCAL) {
77 ret = krb5_auth_con_getremotesubkey(context,
78 ctx->auth_context,
79 key);
80 } else {
81 ret = krb5_auth_con_getlocalsubkey(context,
82 ctx->auth_context,
83 key);
84 }
85 if (ret == 0 && *key == NULL) {
86 krb5_set_error_message(context, 0, "No acceptor subkey available");
87 return GSS_KRB5_S_KG_NO_SUBKEY;
88 }
89 return ret;
90 }
91
92 OM_uint32
93 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
94 krb5_context context,
95 krb5_keyblock **key)
96 {
97 _gsskrb5i_get_acceptor_subkey(ctx, context, key);
98 if(*key == NULL) {
99 /*
100 * Only use the initiator subkey or ticket session key if an
101 * acceptor subkey was not required.
102 */
103 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
104 _gsskrb5i_get_initiator_subkey(ctx, context, key);
105 }
106 if (*key == NULL) {
107 krb5_set_error_message(context, 0, "No token key available");
108 return GSS_KRB5_S_KG_NO_SUBKEY;
109 }
110 return 0;
111 }
112
113 static OM_uint32
114 sub_wrap_size (
115 OM_uint32 req_output_size,
116 OM_uint32 * max_input_size,
117 int blocksize,
118 int extrasize
119 )
120 {
121 size_t len, total_len;
122
123 len = 8 + req_output_size + blocksize + extrasize;
124
125 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
126
127 total_len -= req_output_size; /* token length */
128 if (total_len < req_output_size) {
129 *max_input_size = (req_output_size - total_len);
130 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
131 } else {
132 *max_input_size = 0;
133 }
134 return GSS_S_COMPLETE;
135 }
136
137 OM_uint32
138 _gsskrb5_wrap_size_limit (
139 OM_uint32 * minor_status,
140 const gss_ctx_id_t context_handle,
141 int conf_req_flag,
142 gss_qop_t qop_req,
143 OM_uint32 req_output_size,
144 OM_uint32 * max_input_size
145 )
146 {
147 krb5_context context;
148 krb5_keyblock *key;
149 OM_uint32 ret;
150 krb5_keytype keytype;
151 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
152
153 GSSAPI_KRB5_INIT (&context);
154
155 if (ctx->more_flags & IS_CFX)
156 return _gssapi_wrap_size_cfx(minor_status, ctx, context,
157 conf_req_flag, qop_req,
158 req_output_size, max_input_size);
159
160 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
161 ret = _gsskrb5i_get_token_key(ctx, context, &key);
162 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
163 if (ret) {
164 *minor_status = ret;
165 return GSS_S_FAILURE;
166 }
167 krb5_enctype_to_keytype (context, key->keytype, &keytype);
168
169 switch (keytype) {
170 case KEYTYPE_DES :
171 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
172 break;
173 case KEYTYPE_ARCFOUR:
174 case KEYTYPE_ARCFOUR_56:
175 ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
176 conf_req_flag, qop_req,
177 req_output_size, max_input_size, key);
178 break;
179 case KEYTYPE_DES3 :
180 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
181 break;
182 default :
183 abort();
184 break;
185 }
186 krb5_free_keyblock (context, key);
187 *minor_status = 0;
188 return ret;
189 }
190
191 static OM_uint32
192 wrap_des
193 (OM_uint32 * minor_status,
194 const gsskrb5_ctx ctx,
195 krb5_context context,
196 int conf_req_flag,
197 gss_qop_t qop_req,
198 const gss_buffer_t input_message_buffer,
199 int * conf_state,
200 gss_buffer_t output_message_buffer,
201 krb5_keyblock *key
202 )
203 {
204 u_char *p;
205 EVP_MD_CTX md5;
206 u_char hash[16];
207 DES_key_schedule schedule;
208 EVP_CIPHER_CTX des_ctx;
209 DES_cblock deskey;
210 DES_cblock zero;
211 int i;
212 int32_t seq_number;
213 size_t len, total_len, padlength, datalen;
214
215 if (IS_DCE_STYLE(ctx)) {
216 padlength = 0;
217 datalen = input_message_buffer->length;
218 len = 22 + 8;
219 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
220 total_len += datalen;
221 datalen += 8;
222 } else {
223 padlength = 8 - (input_message_buffer->length % 8);
224 datalen = input_message_buffer->length + padlength + 8;
225 len = datalen + 22;
226 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
227 }
228
229 output_message_buffer->length = total_len;
230 output_message_buffer->value = malloc (total_len);
231 if (output_message_buffer->value == NULL) {
232 output_message_buffer->length = 0;
233 *minor_status = ENOMEM;
234 return GSS_S_FAILURE;
235 }
236
237 p = _gsskrb5_make_header(output_message_buffer->value,
238 len,
239 "\x02\x01", /* TOK_ID */
240 GSS_KRB5_MECHANISM);
241
242 /* SGN_ALG */
243 memcpy (p, "\x00\x00", 2);
244 p += 2;
245 /* SEAL_ALG */
246 if(conf_req_flag)
247 memcpy (p, "\x00\x00", 2);
248 else
249 memcpy (p, "\xff\xff", 2);
250 p += 2;
251 /* Filler */
252 memcpy (p, "\xff\xff", 2);
253 p += 2;
254
255 /* fill in later */
256 memset (p, 0, 16);
257 p += 16;
258
259 /* confounder + data + pad */
260 krb5_generate_random_block(p, 8);
261 memcpy (p + 8, input_message_buffer->value,
262 input_message_buffer->length);
263 memset (p + 8 + input_message_buffer->length, padlength, padlength);
264
265 /* checksum */
266 EVP_MD_CTX_init(&md5);
267 EVP_DigestInit_ex(&md5, EVP_md5(), NULL);
268 EVP_DigestUpdate(&md5, p - 24, 8);
269 EVP_DigestUpdate(&md5, p, datalen);
270 EVP_DigestFinal_ex(&md5, hash, NULL);
271 EVP_MD_CTX_cleanup(&md5);
272
273 memset (&zero, 0, sizeof(zero));
274 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
275 DES_set_key_unchecked (&deskey, &schedule);
276 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
277 &schedule, &zero);
278 memcpy (p - 8, hash, 8);
279
280 /* sequence number */
281 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
282 krb5_auth_con_getlocalseqnumber (context,
283 ctx->auth_context,
284 &seq_number);
285
286 p -= 16;
287 p[0] = (seq_number >> 0) & 0xFF;
288 p[1] = (seq_number >> 8) & 0xFF;
289 p[2] = (seq_number >> 16) & 0xFF;
290 p[3] = (seq_number >> 24) & 0xFF;
291 memset (p + 4,
292 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
293 4);
294
295 EVP_CIPHER_CTX_init(&des_ctx);
296 EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
297 EVP_Cipher(&des_ctx, p, p, 8);
298 EVP_CIPHER_CTX_cleanup(&des_ctx);
299
300 krb5_auth_con_setlocalseqnumber (context,
301 ctx->auth_context,
302 ++seq_number);
303 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
304
305 /* encrypt the data */
306 p += 16;
307
308 if(conf_req_flag) {
309 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
310
311 for (i = 0; i < sizeof(deskey); ++i)
312 deskey[i] ^= 0xf0;
313
314 EVP_CIPHER_CTX_init(&des_ctx);
315 EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1);
316 EVP_Cipher(&des_ctx, p, p, datalen);
317 EVP_CIPHER_CTX_cleanup(&des_ctx);
318 }
319 memset (deskey, 0, sizeof(deskey));
320 memset (&schedule, 0, sizeof(schedule));
321
322 if(conf_state != NULL)
323 *conf_state = conf_req_flag;
324 *minor_status = 0;
325 return GSS_S_COMPLETE;
326 }
327
328 static OM_uint32
329 wrap_des3
330 (OM_uint32 * minor_status,
331 const gsskrb5_ctx ctx,
332 krb5_context context,
333 int conf_req_flag,
334 gss_qop_t qop_req,
335 const gss_buffer_t input_message_buffer,
336 int * conf_state,
337 gss_buffer_t output_message_buffer,
338 krb5_keyblock *key
339 )
340 {
341 u_char *p;
342 u_char seq[8];
343 int32_t seq_number;
344 size_t len, total_len, padlength, datalen;
345 uint32_t ret;
346 krb5_crypto crypto;
347 Checksum cksum;
348 krb5_data encdata;
349
350 if (IS_DCE_STYLE(ctx)) {
351 padlength = 0;
352 datalen = input_message_buffer->length;
353 len = 34 + 8;
354 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
355 total_len += datalen;
356 datalen += 8;
357 } else {
358 padlength = 8 - (input_message_buffer->length % 8);
359 datalen = input_message_buffer->length + padlength + 8;
360 len = datalen + 34;
361 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
362 }
363
364 output_message_buffer->length = total_len;
365 output_message_buffer->value = malloc (total_len);
366 if (output_message_buffer->value == NULL) {
367 output_message_buffer->length = 0;
368 *minor_status = ENOMEM;
369 return GSS_S_FAILURE;
370 }
371
372 p = _gsskrb5_make_header(output_message_buffer->value,
373 len,
374 "\x02\x01", /* TOK_ID */
375 GSS_KRB5_MECHANISM);
376
377 /* SGN_ALG */
378 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
379 p += 2;
380 /* SEAL_ALG */
381 if(conf_req_flag)
382 memcpy (p, "\x02\x00", 2); /* DES3-KD */
383 else
384 memcpy (p, "\xff\xff", 2);
385 p += 2;
386 /* Filler */
387 memcpy (p, "\xff\xff", 2);
388 p += 2;
389
390 /* calculate checksum (the above + confounder + data + pad) */
391
392 memcpy (p + 20, p - 8, 8);
393 krb5_generate_random_block(p + 28, 8);
394 memcpy (p + 28 + 8, input_message_buffer->value,
395 input_message_buffer->length);
396 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
397
398 ret = krb5_crypto_init(context, key, 0, &crypto);
399 if (ret) {
400 free (output_message_buffer->value);
401 output_message_buffer->length = 0;
402 output_message_buffer->value = NULL;
403 *minor_status = ret;
404 return GSS_S_FAILURE;
405 }
406
407 ret = krb5_create_checksum (context,
408 crypto,
409 KRB5_KU_USAGE_SIGN,
410 0,
411 p + 20,
412 datalen + 8,
413 &cksum);
414 krb5_crypto_destroy (context, crypto);
415 if (ret) {
416 free (output_message_buffer->value);
417 output_message_buffer->length = 0;
418 output_message_buffer->value = NULL;
419 *minor_status = ret;
420 return GSS_S_FAILURE;
421 }
422
423 /* zero out SND_SEQ + SGN_CKSUM in case */
424 memset (p, 0, 28);
425
426 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
427 free_Checksum (&cksum);
428
429 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
430 /* sequence number */
431 krb5_auth_con_getlocalseqnumber (context,
432 ctx->auth_context,
433 &seq_number);
434
435 seq[0] = (seq_number >> 0) & 0xFF;
436 seq[1] = (seq_number >> 8) & 0xFF;
437 seq[2] = (seq_number >> 16) & 0xFF;
438 seq[3] = (seq_number >> 24) & 0xFF;
439 memset (seq + 4,
440 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
441 4);
442
443
444 ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
445 &crypto);
446 if (ret) {
447 free (output_message_buffer->value);
448 output_message_buffer->length = 0;
449 output_message_buffer->value = NULL;
450 *minor_status = ret;
451 return GSS_S_FAILURE;
452 }
453
454 {
455 DES_cblock ivec;
456
457 memcpy (&ivec, p + 8, 8);
458 ret = krb5_encrypt_ivec (context,
459 crypto,
460 KRB5_KU_USAGE_SEQ,
461 seq, 8, &encdata,
462 &ivec);
463 }
464 krb5_crypto_destroy (context, crypto);
465 if (ret) {
466 free (output_message_buffer->value);
467 output_message_buffer->length = 0;
468 output_message_buffer->value = NULL;
469 *minor_status = ret;
470 return GSS_S_FAILURE;
471 }
472
473 assert (encdata.length == 8);
474
475 memcpy (p, encdata.data, encdata.length);
476 krb5_data_free (&encdata);
477
478 krb5_auth_con_setlocalseqnumber (context,
479 ctx->auth_context,
480 ++seq_number);
481 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
482
483 /* encrypt the data */
484 p += 28;
485
486 if(conf_req_flag) {
487 krb5_data tmp;
488
489 ret = krb5_crypto_init(context, key,
490 ETYPE_DES3_CBC_NONE, &crypto);
491 if (ret) {
492 free (output_message_buffer->value);
493 output_message_buffer->length = 0;
494 output_message_buffer->value = NULL;
495 *minor_status = ret;
496 return GSS_S_FAILURE;
497 }
498 ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
499 p, datalen, &tmp);
500 krb5_crypto_destroy(context, crypto);
501 if (ret) {
502 free (output_message_buffer->value);
503 output_message_buffer->length = 0;
504 output_message_buffer->value = NULL;
505 *minor_status = ret;
506 return GSS_S_FAILURE;
507 }
508 assert (tmp.length == datalen);
509
510 memcpy (p, tmp.data, datalen);
511 krb5_data_free(&tmp);
512 }
513 if(conf_state != NULL)
514 *conf_state = conf_req_flag;
515 *minor_status = 0;
516 return GSS_S_COMPLETE;
517 }
518
519 OM_uint32 _gsskrb5_wrap
520 (OM_uint32 * minor_status,
521 const gss_ctx_id_t context_handle,
522 int conf_req_flag,
523 gss_qop_t qop_req,
524 const gss_buffer_t input_message_buffer,
525 int * conf_state,
526 gss_buffer_t output_message_buffer
527 )
528 {
529 krb5_context context;
530 krb5_keyblock *key;
531 OM_uint32 ret;
532 krb5_keytype keytype;
533 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
534
535 output_message_buffer->value = NULL;
536 output_message_buffer->length = 0;
537
538 GSSAPI_KRB5_INIT (&context);
539
540 if (ctx->more_flags & IS_CFX)
541 return _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
542 input_message_buffer, conf_state,
543 output_message_buffer);
544
545 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
546 ret = _gsskrb5i_get_token_key(ctx, context, &key);
547 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
548 if (ret) {
549 *minor_status = ret;
550 return GSS_S_FAILURE;
551 }
552 krb5_enctype_to_keytype (context, key->keytype, &keytype);
553
554 switch (keytype) {
555 case KEYTYPE_DES :
556 ret = wrap_des (minor_status, ctx, context, conf_req_flag,
557 qop_req, input_message_buffer, conf_state,
558 output_message_buffer, key);
559 break;
560 case KEYTYPE_DES3 :
561 ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
562 qop_req, input_message_buffer, conf_state,
563 output_message_buffer, key);
564 break;
565 case KEYTYPE_ARCFOUR:
566 case KEYTYPE_ARCFOUR_56:
567 ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
568 qop_req, input_message_buffer, conf_state,
569 output_message_buffer, key);
570 break;
571 default :
572 abort();
573 break;
574 }
575 krb5_free_keyblock (context, key);
576 return ret;
577 }
Heimdal