2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gsskrb5_locl.h"
37 * Return initiator subkey, or if that doesn't exists, the subkey.
41 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx
,
48 if (ctx
->more_flags
& LOCAL
) {
49 ret
= krb5_auth_con_getlocalsubkey(context
,
53 ret
= krb5_auth_con_getremotesubkey(context
,
57 if (ret
== 0 && *key
== NULL
)
58 ret
= krb5_auth_con_getkey(context
,
61 if (ret
== 0 && *key
== NULL
) {
62 krb5_set_error_message(context
, 0, "No initiator subkey available");
63 return GSS_KRB5_S_KG_NO_SUBKEY
;
69 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx
,
76 if (ctx
->more_flags
& LOCAL
) {
77 ret
= krb5_auth_con_getremotesubkey(context
,
81 ret
= krb5_auth_con_getlocalsubkey(context
,
85 if (ret
== 0 && *key
== NULL
) {
86 krb5_set_error_message(context
, 0, "No acceptor subkey available");
87 return GSS_KRB5_S_KG_NO_SUBKEY
;
93 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx
,
97 _gsskrb5i_get_acceptor_subkey(ctx
, context
, key
);
100 * Only use the initiator subkey or ticket session key if an
101 * acceptor subkey was not required.
103 if ((ctx
->more_flags
& ACCEPTOR_SUBKEY
) == 0)
104 _gsskrb5i_get_initiator_subkey(ctx
, context
, key
);
107 krb5_set_error_message(context
, 0, "No token key available");
108 return GSS_KRB5_S_KG_NO_SUBKEY
;
115 OM_uint32 req_output_size
,
116 OM_uint32
* max_input_size
,
121 size_t len
, total_len
;
123 len
= 8 + req_output_size
+ blocksize
+ extrasize
;
125 _gsskrb5_encap_length(len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
127 total_len
-= req_output_size
; /* token length */
128 if (total_len
< req_output_size
) {
129 *max_input_size
= (req_output_size
- total_len
);
130 (*max_input_size
) &= (~(OM_uint32
)(blocksize
- 1));
134 return GSS_S_COMPLETE
;
138 _gsskrb5_wrap_size_limit (
139 OM_uint32
* minor_status
,
140 const gss_ctx_id_t context_handle
,
143 OM_uint32 req_output_size
,
144 OM_uint32
* max_input_size
147 krb5_context context
;
150 krb5_keytype keytype
;
151 const gsskrb5_ctx ctx
= (const gsskrb5_ctx
) context_handle
;
153 GSSAPI_KRB5_INIT (&context
);
155 if (ctx
->more_flags
& IS_CFX
)
156 return _gssapi_wrap_size_cfx(minor_status
, ctx
, context
,
157 conf_req_flag
, qop_req
,
158 req_output_size
, max_input_size
);
160 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
161 ret
= _gsskrb5i_get_token_key(ctx
, context
, &key
);
162 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
165 return GSS_S_FAILURE
;
167 krb5_enctype_to_keytype (context
, key
->keytype
, &keytype
);
171 ret
= sub_wrap_size(req_output_size
, max_input_size
, 8, 22);
173 case KEYTYPE_ARCFOUR
:
174 case KEYTYPE_ARCFOUR_56
:
175 ret
= _gssapi_wrap_size_arcfour(minor_status
, ctx
, context
,
176 conf_req_flag
, qop_req
,
177 req_output_size
, max_input_size
, key
);
180 ret
= sub_wrap_size(req_output_size
, max_input_size
, 8, 34);
186 krb5_free_keyblock (context
, key
);
193 (OM_uint32
* minor_status
,
194 const gsskrb5_ctx ctx
,
195 krb5_context context
,
198 const gss_buffer_t input_message_buffer
,
200 gss_buffer_t output_message_buffer
,
207 DES_key_schedule schedule
;
208 EVP_CIPHER_CTX des_ctx
;
213 size_t len
, total_len
, padlength
, datalen
;
215 if (IS_DCE_STYLE(ctx
)) {
217 datalen
= input_message_buffer
->length
;
219 _gsskrb5_encap_length (len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
220 total_len
+= datalen
;
223 padlength
= 8 - (input_message_buffer
->length
% 8);
224 datalen
= input_message_buffer
->length
+ padlength
+ 8;
226 _gsskrb5_encap_length (len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
229 output_message_buffer
->length
= total_len
;
230 output_message_buffer
->value
= malloc (total_len
);
231 if (output_message_buffer
->value
== NULL
) {
232 output_message_buffer
->length
= 0;
233 *minor_status
= ENOMEM
;
234 return GSS_S_FAILURE
;
237 p
= _gsskrb5_make_header(output_message_buffer
->value
,
239 "\x02\x01", /* TOK_ID */
243 memcpy (p
, "\x00\x00", 2);
247 memcpy (p
, "\x00\x00", 2);
249 memcpy (p
, "\xff\xff", 2);
252 memcpy (p
, "\xff\xff", 2);
259 /* confounder + data + pad */
260 krb5_generate_random_block(p
, 8);
261 memcpy (p
+ 8, input_message_buffer
->value
,
262 input_message_buffer
->length
);
263 memset (p
+ 8 + input_message_buffer
->length
, padlength
, padlength
);
266 EVP_MD_CTX_init(&md5
);
267 EVP_DigestInit_ex(&md5
, EVP_md5(), NULL
);
268 EVP_DigestUpdate(&md5
, p
- 24, 8);
269 EVP_DigestUpdate(&md5
, p
, datalen
);
270 EVP_DigestFinal_ex(&md5
, hash
, NULL
);
271 EVP_MD_CTX_cleanup(&md5
);
273 memset (&zero
, 0, sizeof(zero
));
274 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
275 DES_set_key_unchecked (&deskey
, &schedule
);
276 DES_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
278 memcpy (p
- 8, hash
, 8);
280 /* sequence number */
281 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
282 krb5_auth_con_getlocalseqnumber (context
,
287 p
[0] = (seq_number
>> 0) & 0xFF;
288 p
[1] = (seq_number
>> 8) & 0xFF;
289 p
[2] = (seq_number
>> 16) & 0xFF;
290 p
[3] = (seq_number
>> 24) & 0xFF;
292 (ctx
->more_flags
& LOCAL
) ? 0 : 0xFF,
295 EVP_CIPHER_CTX_init(&des_ctx
);
296 EVP_CipherInit_ex(&des_ctx
, EVP_des_cbc(), NULL
, key
->keyvalue
.data
, p
+ 8, 1);
297 EVP_Cipher(&des_ctx
, p
, p
, 8);
298 EVP_CIPHER_CTX_cleanup(&des_ctx
);
300 krb5_auth_con_setlocalseqnumber (context
,
303 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
305 /* encrypt the data */
309 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
311 for (i
= 0; i
< sizeof(deskey
); ++i
)
314 EVP_CIPHER_CTX_init(&des_ctx
);
315 EVP_CipherInit_ex(&des_ctx
, EVP_des_cbc(), NULL
, deskey
, zero
, 1);
316 EVP_Cipher(&des_ctx
, p
, p
, datalen
);
317 EVP_CIPHER_CTX_cleanup(&des_ctx
);
319 memset (deskey
, 0, sizeof(deskey
));
320 memset (&schedule
, 0, sizeof(schedule
));
322 if(conf_state
!= NULL
)
323 *conf_state
= conf_req_flag
;
325 return GSS_S_COMPLETE
;
330 (OM_uint32
* minor_status
,
331 const gsskrb5_ctx ctx
,
332 krb5_context context
,
335 const gss_buffer_t input_message_buffer
,
337 gss_buffer_t output_message_buffer
,
344 size_t len
, total_len
, padlength
, datalen
;
350 if (IS_DCE_STYLE(ctx
)) {
352 datalen
= input_message_buffer
->length
;
354 _gsskrb5_encap_length (len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
355 total_len
+= datalen
;
358 padlength
= 8 - (input_message_buffer
->length
% 8);
359 datalen
= input_message_buffer
->length
+ padlength
+ 8;
361 _gsskrb5_encap_length (len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
364 output_message_buffer
->length
= total_len
;
365 output_message_buffer
->value
= malloc (total_len
);
366 if (output_message_buffer
->value
== NULL
) {
367 output_message_buffer
->length
= 0;
368 *minor_status
= ENOMEM
;
369 return GSS_S_FAILURE
;
372 p
= _gsskrb5_make_header(output_message_buffer
->value
,
374 "\x02\x01", /* TOK_ID */
378 memcpy (p
, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
382 memcpy (p
, "\x02\x00", 2); /* DES3-KD */
384 memcpy (p
, "\xff\xff", 2);
387 memcpy (p
, "\xff\xff", 2);
390 /* calculate checksum (the above + confounder + data + pad) */
392 memcpy (p
+ 20, p
- 8, 8);
393 krb5_generate_random_block(p
+ 28, 8);
394 memcpy (p
+ 28 + 8, input_message_buffer
->value
,
395 input_message_buffer
->length
);
396 memset (p
+ 28 + 8 + input_message_buffer
->length
, padlength
, padlength
);
398 ret
= krb5_crypto_init(context
, key
, 0, &crypto
);
400 free (output_message_buffer
->value
);
401 output_message_buffer
->length
= 0;
402 output_message_buffer
->value
= NULL
;
404 return GSS_S_FAILURE
;
407 ret
= krb5_create_checksum (context
,
414 krb5_crypto_destroy (context
, crypto
);
416 free (output_message_buffer
->value
);
417 output_message_buffer
->length
= 0;
418 output_message_buffer
->value
= NULL
;
420 return GSS_S_FAILURE
;
423 /* zero out SND_SEQ + SGN_CKSUM in case */
426 memcpy (p
+ 8, cksum
.checksum
.data
, cksum
.checksum
.length
);
427 free_Checksum (&cksum
);
429 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
430 /* sequence number */
431 krb5_auth_con_getlocalseqnumber (context
,
435 seq
[0] = (seq_number
>> 0) & 0xFF;
436 seq
[1] = (seq_number
>> 8) & 0xFF;
437 seq
[2] = (seq_number
>> 16) & 0xFF;
438 seq
[3] = (seq_number
>> 24) & 0xFF;
440 (ctx
->more_flags
& LOCAL
) ? 0 : 0xFF,
444 ret
= krb5_crypto_init(context
, key
, ETYPE_DES3_CBC_NONE
,
447 free (output_message_buffer
->value
);
448 output_message_buffer
->length
= 0;
449 output_message_buffer
->value
= NULL
;
451 return GSS_S_FAILURE
;
457 memcpy (&ivec
, p
+ 8, 8);
458 ret
= krb5_encrypt_ivec (context
,
464 krb5_crypto_destroy (context
, crypto
);
466 free (output_message_buffer
->value
);
467 output_message_buffer
->length
= 0;
468 output_message_buffer
->value
= NULL
;
470 return GSS_S_FAILURE
;
473 assert (encdata
.length
== 8);
475 memcpy (p
, encdata
.data
, encdata
.length
);
476 krb5_data_free (&encdata
);
478 krb5_auth_con_setlocalseqnumber (context
,
481 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
483 /* encrypt the data */
489 ret
= krb5_crypto_init(context
, key
,
490 ETYPE_DES3_CBC_NONE
, &crypto
);
492 free (output_message_buffer
->value
);
493 output_message_buffer
->length
= 0;
494 output_message_buffer
->value
= NULL
;
496 return GSS_S_FAILURE
;
498 ret
= krb5_encrypt(context
, crypto
, KRB5_KU_USAGE_SEAL
,
500 krb5_crypto_destroy(context
, crypto
);
502 free (output_message_buffer
->value
);
503 output_message_buffer
->length
= 0;
504 output_message_buffer
->value
= NULL
;
506 return GSS_S_FAILURE
;
508 assert (tmp
.length
== datalen
);
510 memcpy (p
, tmp
.data
, datalen
);
511 krb5_data_free(&tmp
);
513 if(conf_state
!= NULL
)
514 *conf_state
= conf_req_flag
;
516 return GSS_S_COMPLETE
;
519 OM_uint32 _gsskrb5_wrap
520 (OM_uint32
* minor_status
,
521 const gss_ctx_id_t context_handle
,
524 const gss_buffer_t input_message_buffer
,
526 gss_buffer_t output_message_buffer
529 krb5_context context
;
532 krb5_keytype keytype
;
533 const gsskrb5_ctx ctx
= (const gsskrb5_ctx
) context_handle
;
535 output_message_buffer
->value
= NULL
;
536 output_message_buffer
->length
= 0;
538 GSSAPI_KRB5_INIT (&context
);
540 if (ctx
->more_flags
& IS_CFX
)
541 return _gssapi_wrap_cfx (minor_status
, ctx
, context
, conf_req_flag
,
542 input_message_buffer
, conf_state
,
543 output_message_buffer
);
545 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
546 ret
= _gsskrb5i_get_token_key(ctx
, context
, &key
);
547 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
550 return GSS_S_FAILURE
;
552 krb5_enctype_to_keytype (context
, key
->keytype
, &keytype
);
556 ret
= wrap_des (minor_status
, ctx
, context
, conf_req_flag
,
557 qop_req
, input_message_buffer
, conf_state
,
558 output_message_buffer
, key
);
561 ret
= wrap_des3 (minor_status
, ctx
, context
, conf_req_flag
,
562 qop_req
, input_message_buffer
, conf_state
,
563 output_message_buffer
, key
);
565 case KEYTYPE_ARCFOUR
:
566 case KEYTYPE_ARCFOUR_56
:
567 ret
= _gssapi_wrap_arcfour (minor_status
, ctx
, context
, conf_req_flag
,
568 qop_req
, input_message_buffer
, conf_state
,
569 output_message_buffer
, key
);
575 krb5_free_keyblock (context
, key
);