2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5/gsskrb5_locl.h"
36 RCSID("$Id: wrap.c,v 1.37 2006/10/18 15:59:33 lha Exp $");
39 * Return initiator subkey, or if that doesn't exists, the subkey.
43 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx
, krb5_keyblock
**key
)
48 if (ctx
->more_flags
& LOCAL
) {
49 ret
= krb5_auth_con_getlocalsubkey(_gsskrb5_context
,
53 ret
= krb5_auth_con_getremotesubkey(_gsskrb5_context
,
58 ret
= krb5_auth_con_getkey(_gsskrb5_context
,
62 _gsskrb5_set_status("No initiator subkey available");
63 return GSS_KRB5_S_KG_NO_SUBKEY
;
69 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx
, krb5_keyblock
**key
)
74 if (ctx
->more_flags
& LOCAL
) {
75 ret
= krb5_auth_con_getremotesubkey(_gsskrb5_context
,
79 ret
= krb5_auth_con_getlocalsubkey(_gsskrb5_context
,
84 _gsskrb5_set_status("No acceptor subkey available");
85 return GSS_KRB5_S_KG_NO_SUBKEY
;
91 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx
, krb5_keyblock
**key
)
93 _gsskrb5i_get_acceptor_subkey(ctx
, key
);
96 * Only use the initiator subkey or ticket session key if an
97 * acceptor subkey was not required.
99 if ((ctx
->more_flags
& ACCEPTOR_SUBKEY
) == 0)
100 _gsskrb5i_get_initiator_subkey(ctx
, key
);
103 _gsskrb5_set_status("No token key available");
104 return GSS_KRB5_S_KG_NO_SUBKEY
;
111 OM_uint32 req_output_size
,
112 OM_uint32
* max_input_size
,
117 size_t len
, total_len
;
119 len
= 8 + req_output_size
+ blocksize
+ extrasize
;
121 _gsskrb5_encap_length(len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
123 total_len
-= req_output_size
; /* token length */
124 if (total_len
< req_output_size
) {
125 *max_input_size
= (req_output_size
- total_len
);
126 (*max_input_size
) &= (~(OM_uint32
)(blocksize
- 1));
130 return GSS_S_COMPLETE
;
134 _gsskrb5_wrap_size_limit (
135 OM_uint32
* minor_status
,
136 const gss_ctx_id_t context_handle
,
139 OM_uint32 req_output_size
,
140 OM_uint32
* max_input_size
145 krb5_keytype keytype
;
146 const gsskrb5_ctx ctx
= (const gsskrb5_ctx
) context_handle
;
148 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
149 ret
= _gsskrb5i_get_token_key(ctx
, &key
);
150 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
152 _gsskrb5_set_error_string ();
154 return GSS_S_FAILURE
;
156 krb5_enctype_to_keytype (_gsskrb5_context
, key
->keytype
, &keytype
);
160 ret
= sub_wrap_size(req_output_size
, max_input_size
, 8, 22);
162 case KEYTYPE_ARCFOUR
:
163 case KEYTYPE_ARCFOUR_56
:
164 ret
= _gssapi_wrap_size_arcfour(minor_status
, ctx
,
165 conf_req_flag
, qop_req
,
166 req_output_size
, max_input_size
, key
);
169 ret
= sub_wrap_size(req_output_size
, max_input_size
, 8, 34);
172 ret
= _gssapi_wrap_size_cfx(minor_status
, ctx
,
173 conf_req_flag
, qop_req
,
174 req_output_size
, max_input_size
, key
);
177 krb5_free_keyblock (_gsskrb5_context
, key
);
184 (OM_uint32
* minor_status
,
185 const gsskrb5_ctx ctx
,
188 const gss_buffer_t input_message_buffer
,
190 gss_buffer_t output_message_buffer
,
197 DES_key_schedule schedule
;
202 size_t len
, total_len
, padlength
, datalen
;
204 padlength
= 8 - (input_message_buffer
->length
% 8);
205 datalen
= input_message_buffer
->length
+ padlength
+ 8;
207 _gsskrb5_encap_length (len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
209 output_message_buffer
->length
= total_len
;
210 output_message_buffer
->value
= malloc (total_len
);
211 if (output_message_buffer
->value
== NULL
) {
212 output_message_buffer
->length
= 0;
213 *minor_status
= ENOMEM
;
214 return GSS_S_FAILURE
;
217 p
= _gsskrb5_make_header(output_message_buffer
->value
,
219 "\x02\x01", /* TOK_ID */
223 memcpy (p
, "\x00\x00", 2);
227 memcpy (p
, "\x00\x00", 2);
229 memcpy (p
, "\xff\xff", 2);
232 memcpy (p
, "\xff\xff", 2);
239 /* confounder + data + pad */
240 krb5_generate_random_block(p
, 8);
241 memcpy (p
+ 8, input_message_buffer
->value
,
242 input_message_buffer
->length
);
243 memset (p
+ 8 + input_message_buffer
->length
, padlength
, padlength
);
247 MD5_Update (&md5
, p
- 24, 8);
248 MD5_Update (&md5
, p
, datalen
);
249 MD5_Final (hash
, &md5
);
251 memset (&zero
, 0, sizeof(zero
));
252 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
253 DES_set_key (&deskey
, &schedule
);
254 DES_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
256 memcpy (p
- 8, hash
, 8);
258 /* sequence number */
259 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
260 krb5_auth_con_getlocalseqnumber (_gsskrb5_context
,
265 p
[0] = (seq_number
>> 0) & 0xFF;
266 p
[1] = (seq_number
>> 8) & 0xFF;
267 p
[2] = (seq_number
>> 16) & 0xFF;
268 p
[3] = (seq_number
>> 24) & 0xFF;
270 (ctx
->more_flags
& LOCAL
) ? 0 : 0xFF,
273 DES_set_key (&deskey
, &schedule
);
274 DES_cbc_encrypt ((void *)p
, (void *)p
, 8,
275 &schedule
, (DES_cblock
*)(p
+ 8), DES_ENCRYPT
);
277 krb5_auth_con_setlocalseqnumber (_gsskrb5_context
,
280 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
282 /* encrypt the data */
286 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
288 for (i
= 0; i
< sizeof(deskey
); ++i
)
290 DES_set_key (&deskey
, &schedule
);
291 memset (&zero
, 0, sizeof(zero
));
292 DES_cbc_encrypt ((void *)p
,
299 memset (deskey
, 0, sizeof(deskey
));
300 memset (&schedule
, 0, sizeof(schedule
));
302 if(conf_state
!= NULL
)
303 *conf_state
= conf_req_flag
;
305 return GSS_S_COMPLETE
;
310 (OM_uint32
* minor_status
,
311 const gsskrb5_ctx ctx
,
314 const gss_buffer_t input_message_buffer
,
316 gss_buffer_t output_message_buffer
,
323 size_t len
, total_len
, padlength
, datalen
;
329 padlength
= 8 - (input_message_buffer
->length
% 8);
330 datalen
= input_message_buffer
->length
+ padlength
+ 8;
332 _gsskrb5_encap_length (len
, &len
, &total_len
, GSS_KRB5_MECHANISM
);
334 output_message_buffer
->length
= total_len
;
335 output_message_buffer
->value
= malloc (total_len
);
336 if (output_message_buffer
->value
== NULL
) {
337 output_message_buffer
->length
= 0;
338 *minor_status
= ENOMEM
;
339 return GSS_S_FAILURE
;
342 p
= _gsskrb5_make_header(output_message_buffer
->value
,
344 "\x02\x01", /* TOK_ID */
348 memcpy (p
, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
352 memcpy (p
, "\x02\x00", 2); /* DES3-KD */
354 memcpy (p
, "\xff\xff", 2);
357 memcpy (p
, "\xff\xff", 2);
360 /* calculate checksum (the above + confounder + data + pad) */
362 memcpy (p
+ 20, p
- 8, 8);
363 krb5_generate_random_block(p
+ 28, 8);
364 memcpy (p
+ 28 + 8, input_message_buffer
->value
,
365 input_message_buffer
->length
);
366 memset (p
+ 28 + 8 + input_message_buffer
->length
, padlength
, padlength
);
368 ret
= krb5_crypto_init(_gsskrb5_context
, key
, 0, &crypto
);
370 _gsskrb5_set_error_string ();
371 free (output_message_buffer
->value
);
372 output_message_buffer
->length
= 0;
373 output_message_buffer
->value
= NULL
;
375 return GSS_S_FAILURE
;
378 ret
= krb5_create_checksum (_gsskrb5_context
,
385 krb5_crypto_destroy (_gsskrb5_context
, crypto
);
387 _gsskrb5_set_error_string ();
388 free (output_message_buffer
->value
);
389 output_message_buffer
->length
= 0;
390 output_message_buffer
->value
= NULL
;
392 return GSS_S_FAILURE
;
395 /* zero out SND_SEQ + SGN_CKSUM in case */
398 memcpy (p
+ 8, cksum
.checksum
.data
, cksum
.checksum
.length
);
399 free_Checksum (&cksum
);
401 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
402 /* sequence number */
403 krb5_auth_con_getlocalseqnumber (_gsskrb5_context
,
407 seq
[0] = (seq_number
>> 0) & 0xFF;
408 seq
[1] = (seq_number
>> 8) & 0xFF;
409 seq
[2] = (seq_number
>> 16) & 0xFF;
410 seq
[3] = (seq_number
>> 24) & 0xFF;
412 (ctx
->more_flags
& LOCAL
) ? 0 : 0xFF,
416 ret
= krb5_crypto_init(_gsskrb5_context
, key
, ETYPE_DES3_CBC_NONE
,
419 free (output_message_buffer
->value
);
420 output_message_buffer
->length
= 0;
421 output_message_buffer
->value
= NULL
;
423 return GSS_S_FAILURE
;
429 memcpy (&ivec
, p
+ 8, 8);
430 ret
= krb5_encrypt_ivec (_gsskrb5_context
,
436 krb5_crypto_destroy (_gsskrb5_context
, crypto
);
438 _gsskrb5_set_error_string ();
439 free (output_message_buffer
->value
);
440 output_message_buffer
->length
= 0;
441 output_message_buffer
->value
= NULL
;
443 return GSS_S_FAILURE
;
446 assert (encdata
.length
== 8);
448 memcpy (p
, encdata
.data
, encdata
.length
);
449 krb5_data_free (&encdata
);
451 krb5_auth_con_setlocalseqnumber (_gsskrb5_context
,
454 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
456 /* encrypt the data */
462 ret
= krb5_crypto_init(_gsskrb5_context
, key
,
463 ETYPE_DES3_CBC_NONE
, &crypto
);
465 _gsskrb5_set_error_string ();
466 free (output_message_buffer
->value
);
467 output_message_buffer
->length
= 0;
468 output_message_buffer
->value
= NULL
;
470 return GSS_S_FAILURE
;
472 ret
= krb5_encrypt(_gsskrb5_context
, crypto
, KRB5_KU_USAGE_SEAL
,
474 krb5_crypto_destroy(_gsskrb5_context
, crypto
);
476 _gsskrb5_set_error_string ();
477 free (output_message_buffer
->value
);
478 output_message_buffer
->length
= 0;
479 output_message_buffer
->value
= NULL
;
481 return GSS_S_FAILURE
;
483 assert (tmp
.length
== datalen
);
485 memcpy (p
, tmp
.data
, datalen
);
486 krb5_data_free(&tmp
);
488 if(conf_state
!= NULL
)
489 *conf_state
= conf_req_flag
;
491 return GSS_S_COMPLETE
;
494 OM_uint32 _gsskrb5_wrap
495 (OM_uint32
* minor_status
,
496 const gss_ctx_id_t context_handle
,
499 const gss_buffer_t input_message_buffer
,
501 gss_buffer_t output_message_buffer
506 krb5_keytype keytype
;
507 const gsskrb5_ctx ctx
= (const gsskrb5_ctx
) context_handle
;
509 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
510 ret
= _gsskrb5i_get_token_key(ctx
, &key
);
511 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
513 _gsskrb5_set_error_string ();
515 return GSS_S_FAILURE
;
517 krb5_enctype_to_keytype (_gsskrb5_context
, key
->keytype
, &keytype
);
521 ret
= wrap_des (minor_status
, ctx
, conf_req_flag
,
522 qop_req
, input_message_buffer
, conf_state
,
523 output_message_buffer
, key
);
526 ret
= wrap_des3 (minor_status
, ctx
, conf_req_flag
,
527 qop_req
, input_message_buffer
, conf_state
,
528 output_message_buffer
, key
);
530 case KEYTYPE_ARCFOUR
:
531 case KEYTYPE_ARCFOUR_56
:
532 ret
= _gssapi_wrap_arcfour (minor_status
, ctx
, conf_req_flag
,
533 qop_req
, input_message_buffer
, conf_state
,
534 output_message_buffer
, key
);
537 ret
= _gssapi_wrap_cfx (minor_status
, ctx
, conf_req_flag
,
538 qop_req
, input_message_buffer
, conf_state
,
539 output_message_buffer
, key
);
542 krb5_free_keyblock (_gsskrb5_context
, key
);