search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in favour...
[Samba.git] / source / heimdal / lib / gssapi / krb5 / wrap.c
blobebbc975b8a308aa1f626583dc3ba982c4814e3bf
1 /*
2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5/gsskrb5_locl.h"
35
36 RCSID("$Id: wrap.c,v 1.37 2006/10/18 15:59:33 lha Exp $");
37
38 /*
39 * Return initiator subkey, or if that doesn't exists, the subkey.
40 */
41
42 krb5_error_code
43 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key)
44 {
45 krb5_error_code ret;
46 *key = NULL;
47
48 if (ctx->more_flags & LOCAL) {
49 ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context,
50 ctx->auth_context,
51 key);
52 } else {
53 ret = krb5_auth_con_getremotesubkey(_gsskrb5_context,
54 ctx->auth_context,
55 key);
56 }
57 if (*key == NULL)
58 ret = krb5_auth_con_getkey(_gsskrb5_context,
59 ctx->auth_context,
60 key);
61 if (*key == NULL) {
62 _gsskrb5_set_status("No initiator subkey available");
63 return GSS_KRB5_S_KG_NO_SUBKEY;
64 }
65 return ret;
66 }
67
68 krb5_error_code
69 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key)
70 {
71 krb5_error_code ret;
72 *key = NULL;
73
74 if (ctx->more_flags & LOCAL) {
75 ret = krb5_auth_con_getremotesubkey(_gsskrb5_context,
76 ctx->auth_context,
77 key);
78 } else {
79 ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context,
80 ctx->auth_context,
81 key);
82 }
83 if (*key == NULL) {
84 _gsskrb5_set_status("No acceptor subkey available");
85 return GSS_KRB5_S_KG_NO_SUBKEY;
86 }
87 return ret;
88 }
89
90 OM_uint32
91 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx, krb5_keyblock **key)
92 {
93 _gsskrb5i_get_acceptor_subkey(ctx, key);
94 if(*key == NULL) {
95 /*
96 * Only use the initiator subkey or ticket session key if an
97 * acceptor subkey was not required.
98 */
99 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
100 _gsskrb5i_get_initiator_subkey(ctx, key);
101 }
102 if (*key == NULL) {
103 _gsskrb5_set_status("No token key available");
104 return GSS_KRB5_S_KG_NO_SUBKEY;
105 }
106 return 0;
107 }
108
109 static OM_uint32
110 sub_wrap_size (
111 OM_uint32 req_output_size,
112 OM_uint32 * max_input_size,
113 int blocksize,
114 int extrasize
115 )
116 {
117 size_t len, total_len;
118
119 len = 8 + req_output_size + blocksize + extrasize;
120
121 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
122
123 total_len -= req_output_size; /* token length */
124 if (total_len < req_output_size) {
125 *max_input_size = (req_output_size - total_len);
126 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
127 } else {
128 *max_input_size = 0;
129 }
130 return GSS_S_COMPLETE;
131 }
132
133 OM_uint32
134 _gsskrb5_wrap_size_limit (
135 OM_uint32 * minor_status,
136 const gss_ctx_id_t context_handle,
137 int conf_req_flag,
138 gss_qop_t qop_req,
139 OM_uint32 req_output_size,
140 OM_uint32 * max_input_size
141 )
142 {
143 krb5_keyblock *key;
144 OM_uint32 ret;
145 krb5_keytype keytype;
146 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
147
148 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
149 ret = _gsskrb5i_get_token_key(ctx, &key);
150 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
151 if (ret) {
152 _gsskrb5_set_error_string ();
153 *minor_status = ret;
154 return GSS_S_FAILURE;
155 }
156 krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype);
157
158 switch (keytype) {
159 case KEYTYPE_DES :
160 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
161 break;
162 case KEYTYPE_ARCFOUR:
163 case KEYTYPE_ARCFOUR_56:
164 ret = _gssapi_wrap_size_arcfour(minor_status, ctx,
165 conf_req_flag, qop_req,
166 req_output_size, max_input_size, key);
167 break;
168 case KEYTYPE_DES3 :
169 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
170 break;
171 default :
172 ret = _gssapi_wrap_size_cfx(minor_status, ctx,
173 conf_req_flag, qop_req,
174 req_output_size, max_input_size, key);
175 break;
176 }
177 krb5_free_keyblock (_gsskrb5_context, key);
178 *minor_status = 0;
179 return ret;
180 }
181
182 static OM_uint32
183 wrap_des
184 (OM_uint32 * minor_status,
185 const gsskrb5_ctx ctx,
186 int conf_req_flag,
187 gss_qop_t qop_req,
188 const gss_buffer_t input_message_buffer,
189 int * conf_state,
190 gss_buffer_t output_message_buffer,
191 krb5_keyblock *key
192 )
193 {
194 u_char *p;
195 MD5_CTX md5;
196 u_char hash[16];
197 DES_key_schedule schedule;
198 DES_cblock deskey;
199 DES_cblock zero;
200 int i;
201 int32_t seq_number;
202 size_t len, total_len, padlength, datalen;
203
204 padlength = 8 - (input_message_buffer->length % 8);
205 datalen = input_message_buffer->length + padlength + 8;
206 len = datalen + 22;
207 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
208
209 output_message_buffer->length = total_len;
210 output_message_buffer->value = malloc (total_len);
211 if (output_message_buffer->value == NULL) {
212 output_message_buffer->length = 0;
213 *minor_status = ENOMEM;
214 return GSS_S_FAILURE;
215 }
216
217 p = _gsskrb5_make_header(output_message_buffer->value,
218 len,
219 "\x02\x01", /* TOK_ID */
220 GSS_KRB5_MECHANISM);
221
222 /* SGN_ALG */
223 memcpy (p, "\x00\x00", 2);
224 p += 2;
225 /* SEAL_ALG */
226 if(conf_req_flag)
227 memcpy (p, "\x00\x00", 2);
228 else
229 memcpy (p, "\xff\xff", 2);
230 p += 2;
231 /* Filler */
232 memcpy (p, "\xff\xff", 2);
233 p += 2;
234
235 /* fill in later */
236 memset (p, 0, 16);
237 p += 16;
238
239 /* confounder + data + pad */
240 krb5_generate_random_block(p, 8);
241 memcpy (p + 8, input_message_buffer->value,
242 input_message_buffer->length);
243 memset (p + 8 + input_message_buffer->length, padlength, padlength);
244
245 /* checksum */
246 MD5_Init (&md5);
247 MD5_Update (&md5, p - 24, 8);
248 MD5_Update (&md5, p, datalen);
249 MD5_Final (hash, &md5);
250
251 memset (&zero, 0, sizeof(zero));
252 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
253 DES_set_key (&deskey, &schedule);
254 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
255 &schedule, &zero);
256 memcpy (p - 8, hash, 8);
257
258 /* sequence number */
259 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
260 krb5_auth_con_getlocalseqnumber (_gsskrb5_context,
261 ctx->auth_context,
262 &seq_number);
263
264 p -= 16;
265 p[0] = (seq_number >> 0) & 0xFF;
266 p[1] = (seq_number >> 8) & 0xFF;
267 p[2] = (seq_number >> 16) & 0xFF;
268 p[3] = (seq_number >> 24) & 0xFF;
269 memset (p + 4,
270 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
271 4);
272
273 DES_set_key (&deskey, &schedule);
274 DES_cbc_encrypt ((void *)p, (void *)p, 8,
275 &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
276
277 krb5_auth_con_setlocalseqnumber (_gsskrb5_context,
278 ctx->auth_context,
279 ++seq_number);
280 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
281
282 /* encrypt the data */
283 p += 16;
284
285 if(conf_req_flag) {
286 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
287
288 for (i = 0; i < sizeof(deskey); ++i)
289 deskey[i] ^= 0xf0;
290 DES_set_key (&deskey, &schedule);
291 memset (&zero, 0, sizeof(zero));
292 DES_cbc_encrypt ((void *)p,
293 (void *)p,
294 datalen,
295 &schedule,
296 &zero,
297 DES_ENCRYPT);
298 }
299 memset (deskey, 0, sizeof(deskey));
300 memset (&schedule, 0, sizeof(schedule));
301
302 if(conf_state != NULL)
303 *conf_state = conf_req_flag;
304 *minor_status = 0;
305 return GSS_S_COMPLETE;
306 }
307
308 static OM_uint32
309 wrap_des3
310 (OM_uint32 * minor_status,
311 const gsskrb5_ctx ctx,
312 int conf_req_flag,
313 gss_qop_t qop_req,
314 const gss_buffer_t input_message_buffer,
315 int * conf_state,
316 gss_buffer_t output_message_buffer,
317 krb5_keyblock *key
318 )
319 {
320 u_char *p;
321 u_char seq[8];
322 int32_t seq_number;
323 size_t len, total_len, padlength, datalen;
324 uint32_t ret;
325 krb5_crypto crypto;
326 Checksum cksum;
327 krb5_data encdata;
328
329 padlength = 8 - (input_message_buffer->length % 8);
330 datalen = input_message_buffer->length + padlength + 8;
331 len = datalen + 34;
332 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
333
334 output_message_buffer->length = total_len;
335 output_message_buffer->value = malloc (total_len);
336 if (output_message_buffer->value == NULL) {
337 output_message_buffer->length = 0;
338 *minor_status = ENOMEM;
339 return GSS_S_FAILURE;
340 }
341
342 p = _gsskrb5_make_header(output_message_buffer->value,
343 len,
344 "\x02\x01", /* TOK_ID */
345 GSS_KRB5_MECHANISM);
346
347 /* SGN_ALG */
348 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
349 p += 2;
350 /* SEAL_ALG */
351 if(conf_req_flag)
352 memcpy (p, "\x02\x00", 2); /* DES3-KD */
353 else
354 memcpy (p, "\xff\xff", 2);
355 p += 2;
356 /* Filler */
357 memcpy (p, "\xff\xff", 2);
358 p += 2;
359
360 /* calculate checksum (the above + confounder + data + pad) */
361
362 memcpy (p + 20, p - 8, 8);
363 krb5_generate_random_block(p + 28, 8);
364 memcpy (p + 28 + 8, input_message_buffer->value,
365 input_message_buffer->length);
366 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
367
368 ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
369 if (ret) {
370 _gsskrb5_set_error_string ();
371 free (output_message_buffer->value);
372 output_message_buffer->length = 0;
373 output_message_buffer->value = NULL;
374 *minor_status = ret;
375 return GSS_S_FAILURE;
376 }
377
378 ret = krb5_create_checksum (_gsskrb5_context,
379 crypto,
380 KRB5_KU_USAGE_SIGN,
381 0,
382 p + 20,
383 datalen + 8,
384 &cksum);
385 krb5_crypto_destroy (_gsskrb5_context, crypto);
386 if (ret) {
387 _gsskrb5_set_error_string ();
388 free (output_message_buffer->value);
389 output_message_buffer->length = 0;
390 output_message_buffer->value = NULL;
391 *minor_status = ret;
392 return GSS_S_FAILURE;
393 }
394
395 /* zero out SND_SEQ + SGN_CKSUM in case */
396 memset (p, 0, 28);
397
398 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
399 free_Checksum (&cksum);
400
401 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
402 /* sequence number */
403 krb5_auth_con_getlocalseqnumber (_gsskrb5_context,
404 ctx->auth_context,
405 &seq_number);
406
407 seq[0] = (seq_number >> 0) & 0xFF;
408 seq[1] = (seq_number >> 8) & 0xFF;
409 seq[2] = (seq_number >> 16) & 0xFF;
410 seq[3] = (seq_number >> 24) & 0xFF;
411 memset (seq + 4,
412 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
413 4);
414
415
416 ret = krb5_crypto_init(_gsskrb5_context, key, ETYPE_DES3_CBC_NONE,
417 &crypto);
418 if (ret) {
419 free (output_message_buffer->value);
420 output_message_buffer->length = 0;
421 output_message_buffer->value = NULL;
422 *minor_status = ret;
423 return GSS_S_FAILURE;
424 }
425
426 {
427 DES_cblock ivec;
428
429 memcpy (&ivec, p + 8, 8);
430 ret = krb5_encrypt_ivec (_gsskrb5_context,
431 crypto,
432 KRB5_KU_USAGE_SEQ,
433 seq, 8, &encdata,
434 &ivec);
435 }
436 krb5_crypto_destroy (_gsskrb5_context, crypto);
437 if (ret) {
438 _gsskrb5_set_error_string ();
439 free (output_message_buffer->value);
440 output_message_buffer->length = 0;
441 output_message_buffer->value = NULL;
442 *minor_status = ret;
443 return GSS_S_FAILURE;
444 }
445
446 assert (encdata.length == 8);
447
448 memcpy (p, encdata.data, encdata.length);
449 krb5_data_free (&encdata);
450
451 krb5_auth_con_setlocalseqnumber (_gsskrb5_context,
452 ctx->auth_context,
453 ++seq_number);
454 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
455
456 /* encrypt the data */
457 p += 28;
458
459 if(conf_req_flag) {
460 krb5_data tmp;
461
462 ret = krb5_crypto_init(_gsskrb5_context, key,
463 ETYPE_DES3_CBC_NONE, &crypto);
464 if (ret) {
465 _gsskrb5_set_error_string ();
466 free (output_message_buffer->value);
467 output_message_buffer->length = 0;
468 output_message_buffer->value = NULL;
469 *minor_status = ret;
470 return GSS_S_FAILURE;
471 }
472 ret = krb5_encrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL,
473 p, datalen, &tmp);
474 krb5_crypto_destroy(_gsskrb5_context, crypto);
475 if (ret) {
476 _gsskrb5_set_error_string ();
477 free (output_message_buffer->value);
478 output_message_buffer->length = 0;
479 output_message_buffer->value = NULL;
480 *minor_status = ret;
481 return GSS_S_FAILURE;
482 }
483 assert (tmp.length == datalen);
484
485 memcpy (p, tmp.data, datalen);
486 krb5_data_free(&tmp);
487 }
488 if(conf_state != NULL)
489 *conf_state = conf_req_flag;
490 *minor_status = 0;
491 return GSS_S_COMPLETE;
492 }
493
494 OM_uint32 _gsskrb5_wrap
495 (OM_uint32 * minor_status,
496 const gss_ctx_id_t context_handle,
497 int conf_req_flag,
498 gss_qop_t qop_req,
499 const gss_buffer_t input_message_buffer,
500 int * conf_state,
501 gss_buffer_t output_message_buffer
502 )
503 {
504 krb5_keyblock *key;
505 OM_uint32 ret;
506 krb5_keytype keytype;
507 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
508
509 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
510 ret = _gsskrb5i_get_token_key(ctx, &key);
511 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
512 if (ret) {
513 _gsskrb5_set_error_string ();
514 *minor_status = ret;
515 return GSS_S_FAILURE;
516 }
517 krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype);
518
519 switch (keytype) {
520 case KEYTYPE_DES :
521 ret = wrap_des (minor_status, ctx, conf_req_flag,
522 qop_req, input_message_buffer, conf_state,
523 output_message_buffer, key);
524 break;
525 case KEYTYPE_DES3 :
526 ret = wrap_des3 (minor_status, ctx, conf_req_flag,
527 qop_req, input_message_buffer, conf_state,
528 output_message_buffer, key);
529 break;
530 case KEYTYPE_ARCFOUR:
531 case KEYTYPE_ARCFOUR_56:
532 ret = _gssapi_wrap_arcfour (minor_status, ctx, conf_req_flag,
533 qop_req, input_message_buffer, conf_state,
534 output_message_buffer, key);
535 break;
536 default :
537 ret = _gssapi_wrap_cfx (minor_status, ctx, conf_req_flag,
538 qop_req, input_message_buffer, conf_state,
539 output_message_buffer, key);
540 break;
541 }
542 krb5_free_keyblock (_gsskrb5_context, key);
543 return ret;
544 }
Samba GIT mirror