search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r19604: This is a massive commit, and I appologise in advance for it's size.
[Samba.git] / source / heimdal / lib / gssapi / krb5 / wrap.c
blob85141379992eccd08625ae2f7afc2a6e372355af
1 /*
2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5/gsskrb5_locl.h"
35
36 RCSID("$Id: wrap.c,v 1.37 2006/10/18 15:59:33 lha Exp $");
37
38 /*
39 * Return initiator subkey, or if that doesn't exists, the subkey.
40 */
41
42 krb5_error_code
43 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key)
44 {
45 krb5_error_code ret;
46 *key = NULL;
47
48 if (ctx->more_flags & LOCAL) {
49 ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context,
50 ctx->auth_context,
51 key);
52 } else {
53 ret = krb5_auth_con_getremotesubkey(_gsskrb5_context,
54 ctx->auth_context,
55 key);
56 }
57 if (*key == NULL)
58 ret = krb5_auth_con_getkey(_gsskrb5_context,
59 ctx->auth_context,
60 key);
61 if (*key == NULL) {
62 _gsskrb5_set_status("No initiator subkey available");
63 return GSS_KRB5_S_KG_NO_SUBKEY;
64 }
65 return ret;
66 }
67
68 krb5_error_code
69 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key)
70 {
71 krb5_error_code ret;
72 *key = NULL;
73
74 if (ctx->more_flags & LOCAL) {
75 ret = krb5_auth_con_getremotesubkey(_gsskrb5_context,
76 ctx->auth_context,
77 key);
78 } else {
79 ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context,
80 ctx->auth_context,
81 key);
82 }
83 if (*key == NULL) {
84 _gsskrb5_set_status("No acceptor subkey available");
85 return GSS_KRB5_S_KG_NO_SUBKEY;
86 }
87 return ret;
88 }
89
90 OM_uint32
91 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx, krb5_keyblock **key)
92 {
93 _gsskrb5i_get_acceptor_subkey(ctx, key);
94 if(*key == NULL) {
95 /*
96 * Only use the initiator subkey or ticket session key if an
97 * acceptor subkey was not required.
98 */
99 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
100 _gsskrb5i_get_initiator_subkey(ctx, key);
101 }
102 if (*key == NULL) {
103 _gsskrb5_set_status("No token key available");
104 return GSS_KRB5_S_KG_NO_SUBKEY;
105 }
106 _gsskrb5_clear_status();
107 return 0;
108 }
109
110 static OM_uint32
111 sub_wrap_size (
112 OM_uint32 req_output_size,
113 OM_uint32 * max_input_size,
114 int blocksize,
115 int extrasize
116 )
117 {
118 size_t len, total_len;
119
120 len = 8 + req_output_size + blocksize + extrasize;
121
122 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
123
124 total_len -= req_output_size; /* token length */
125 if (total_len < req_output_size) {
126 *max_input_size = (req_output_size - total_len);
127 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
128 } else {
129 *max_input_size = 0;
130 }
131 return GSS_S_COMPLETE;
132 }
133
134 OM_uint32
135 _gsskrb5_wrap_size_limit (
136 OM_uint32 * minor_status,
137 const gss_ctx_id_t context_handle,
138 int conf_req_flag,
139 gss_qop_t qop_req,
140 OM_uint32 req_output_size,
141 OM_uint32 * max_input_size
142 )
143 {
144 krb5_keyblock *key;
145 OM_uint32 ret;
146 krb5_keytype keytype;
147 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
148
149 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
150 ret = _gsskrb5i_get_token_key(ctx, &key);
151 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
152 if (ret) {
153 _gsskrb5_set_error_string ();
154 *minor_status = ret;
155 return GSS_S_FAILURE;
156 }
157 krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype);
158
159 switch (keytype) {
160 case KEYTYPE_DES :
161 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
162 break;
163 case KEYTYPE_ARCFOUR:
164 case KEYTYPE_ARCFOUR_56:
165 ret = _gssapi_wrap_size_arcfour(minor_status, ctx,
166 conf_req_flag, qop_req,
167 req_output_size, max_input_size, key);
168 break;
169 case KEYTYPE_DES3 :
170 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
171 break;
172 default :
173 ret = _gssapi_wrap_size_cfx(minor_status, ctx,
174 conf_req_flag, qop_req,
175 req_output_size, max_input_size, key);
176 break;
177 }
178 krb5_free_keyblock (_gsskrb5_context, key);
179 *minor_status = 0;
180 return ret;
181 }
182
183 static OM_uint32
184 wrap_des
185 (OM_uint32 * minor_status,
186 const gsskrb5_ctx ctx,
187 int conf_req_flag,
188 gss_qop_t qop_req,
189 const gss_buffer_t input_message_buffer,
190 int * conf_state,
191 gss_buffer_t output_message_buffer,
192 krb5_keyblock *key
193 )
194 {
195 u_char *p;
196 MD5_CTX md5;
197 u_char hash[16];
198 DES_key_schedule schedule;
199 DES_cblock deskey;
200 DES_cblock zero;
201 int i;
202 int32_t seq_number;
203 size_t len, total_len, padlength, datalen;
204
205 padlength = 8 - (input_message_buffer->length % 8);
206 datalen = input_message_buffer->length + padlength + 8;
207 len = datalen + 22;
208 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
209
210 output_message_buffer->length = total_len;
211 output_message_buffer->value = malloc (total_len);
212 if (output_message_buffer->value == NULL) {
213 output_message_buffer->length = 0;
214 *minor_status = ENOMEM;
215 return GSS_S_FAILURE;
216 }
217
218 p = _gsskrb5_make_header(output_message_buffer->value,
219 len,
220 "\x02\x01", /* TOK_ID */
221 GSS_KRB5_MECHANISM);
222
223 /* SGN_ALG */
224 memcpy (p, "\x00\x00", 2);
225 p += 2;
226 /* SEAL_ALG */
227 if(conf_req_flag)
228 memcpy (p, "\x00\x00", 2);
229 else
230 memcpy (p, "\xff\xff", 2);
231 p += 2;
232 /* Filler */
233 memcpy (p, "\xff\xff", 2);
234 p += 2;
235
236 /* fill in later */
237 memset (p, 0, 16);
238 p += 16;
239
240 /* confounder + data + pad */
241 krb5_generate_random_block(p, 8);
242 memcpy (p + 8, input_message_buffer->value,
243 input_message_buffer->length);
244 memset (p + 8 + input_message_buffer->length, padlength, padlength);
245
246 /* checksum */
247 MD5_Init (&md5);
248 MD5_Update (&md5, p - 24, 8);
249 MD5_Update (&md5, p, datalen);
250 MD5_Final (hash, &md5);
251
252 memset (&zero, 0, sizeof(zero));
253 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
254 DES_set_key (&deskey, &schedule);
255 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
256 &schedule, &zero);
257 memcpy (p - 8, hash, 8);
258
259 /* sequence number */
260 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
261 krb5_auth_con_getlocalseqnumber (_gsskrb5_context,
262 ctx->auth_context,
263 &seq_number);
264
265 p -= 16;
266 p[0] = (seq_number >> 0) & 0xFF;
267 p[1] = (seq_number >> 8) & 0xFF;
268 p[2] = (seq_number >> 16) & 0xFF;
269 p[3] = (seq_number >> 24) & 0xFF;
270 memset (p + 4,
271 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
272 4);
273
274 DES_set_key (&deskey, &schedule);
275 DES_cbc_encrypt ((void *)p, (void *)p, 8,
276 &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
277
278 krb5_auth_con_setlocalseqnumber (_gsskrb5_context,
279 ctx->auth_context,
280 ++seq_number);
281 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
282
283 /* encrypt the data */
284 p += 16;
285
286 if(conf_req_flag) {
287 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
288
289 for (i = 0; i < sizeof(deskey); ++i)
290 deskey[i] ^= 0xf0;
291 DES_set_key (&deskey, &schedule);
292 memset (&zero, 0, sizeof(zero));
293 DES_cbc_encrypt ((void *)p,
294 (void *)p,
295 datalen,
296 &schedule,
297 &zero,
298 DES_ENCRYPT);
299 }
300 memset (deskey, 0, sizeof(deskey));
301 memset (&schedule, 0, sizeof(schedule));
302
303 if(conf_state != NULL)
304 *conf_state = conf_req_flag;
305 *minor_status = 0;
306 return GSS_S_COMPLETE;
307 }
308
309 static OM_uint32
310 wrap_des3
311 (OM_uint32 * minor_status,
312 const gsskrb5_ctx ctx,
313 int conf_req_flag,
314 gss_qop_t qop_req,
315 const gss_buffer_t input_message_buffer,
316 int * conf_state,
317 gss_buffer_t output_message_buffer,
318 krb5_keyblock *key
319 )
320 {
321 u_char *p;
322 u_char seq[8];
323 int32_t seq_number;
324 size_t len, total_len, padlength, datalen;
325 uint32_t ret;
326 krb5_crypto crypto;
327 Checksum cksum;
328 krb5_data encdata;
329
330 padlength = 8 - (input_message_buffer->length % 8);
331 datalen = input_message_buffer->length + padlength + 8;
332 len = datalen + 34;
333 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
334
335 output_message_buffer->length = total_len;
336 output_message_buffer->value = malloc (total_len);
337 if (output_message_buffer->value == NULL) {
338 output_message_buffer->length = 0;
339 *minor_status = ENOMEM;
340 return GSS_S_FAILURE;
341 }
342
343 p = _gsskrb5_make_header(output_message_buffer->value,
344 len,
345 "\x02\x01", /* TOK_ID */
346 GSS_KRB5_MECHANISM);
347
348 /* SGN_ALG */
349 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
350 p += 2;
351 /* SEAL_ALG */
352 if(conf_req_flag)
353 memcpy (p, "\x02\x00", 2); /* DES3-KD */
354 else
355 memcpy (p, "\xff\xff", 2);
356 p += 2;
357 /* Filler */
358 memcpy (p, "\xff\xff", 2);
359 p += 2;
360
361 /* calculate checksum (the above + confounder + data + pad) */
362
363 memcpy (p + 20, p - 8, 8);
364 krb5_generate_random_block(p + 28, 8);
365 memcpy (p + 28 + 8, input_message_buffer->value,
366 input_message_buffer->length);
367 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
368
369 ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
370 if (ret) {
371 _gsskrb5_set_error_string ();
372 free (output_message_buffer->value);
373 output_message_buffer->length = 0;
374 output_message_buffer->value = NULL;
375 *minor_status = ret;
376 return GSS_S_FAILURE;
377 }
378
379 ret = krb5_create_checksum (_gsskrb5_context,
380 crypto,
381 KRB5_KU_USAGE_SIGN,
382 0,
383 p + 20,
384 datalen + 8,
385 &cksum);
386 krb5_crypto_destroy (_gsskrb5_context, crypto);
387 if (ret) {
388 _gsskrb5_set_error_string ();
389 free (output_message_buffer->value);
390 output_message_buffer->length = 0;
391 output_message_buffer->value = NULL;
392 *minor_status = ret;
393 return GSS_S_FAILURE;
394 }
395
396 /* zero out SND_SEQ + SGN_CKSUM in case */
397 memset (p, 0, 28);
398
399 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
400 free_Checksum (&cksum);
401
402 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
403 /* sequence number */
404 krb5_auth_con_getlocalseqnumber (_gsskrb5_context,
405 ctx->auth_context,
406 &seq_number);
407
408 seq[0] = (seq_number >> 0) & 0xFF;
409 seq[1] = (seq_number >> 8) & 0xFF;
410 seq[2] = (seq_number >> 16) & 0xFF;
411 seq[3] = (seq_number >> 24) & 0xFF;
412 memset (seq + 4,
413 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
414 4);
415
416
417 ret = krb5_crypto_init(_gsskrb5_context, key, ETYPE_DES3_CBC_NONE,
418 &crypto);
419 if (ret) {
420 free (output_message_buffer->value);
421 output_message_buffer->length = 0;
422 output_message_buffer->value = NULL;
423 *minor_status = ret;
424 return GSS_S_FAILURE;
425 }
426
427 {
428 DES_cblock ivec;
429
430 memcpy (&ivec, p + 8, 8);
431 ret = krb5_encrypt_ivec (_gsskrb5_context,
432 crypto,
433 KRB5_KU_USAGE_SEQ,
434 seq, 8, &encdata,
435 &ivec);
436 }
437 krb5_crypto_destroy (_gsskrb5_context, crypto);
438 if (ret) {
439 _gsskrb5_set_error_string ();
440 free (output_message_buffer->value);
441 output_message_buffer->length = 0;
442 output_message_buffer->value = NULL;
443 *minor_status = ret;
444 return GSS_S_FAILURE;
445 }
446
447 assert (encdata.length == 8);
448
449 memcpy (p, encdata.data, encdata.length);
450 krb5_data_free (&encdata);
451
452 krb5_auth_con_setlocalseqnumber (_gsskrb5_context,
453 ctx->auth_context,
454 ++seq_number);
455 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
456
457 /* encrypt the data */
458 p += 28;
459
460 if(conf_req_flag) {
461 krb5_data tmp;
462
463 ret = krb5_crypto_init(_gsskrb5_context, key,
464 ETYPE_DES3_CBC_NONE, &crypto);
465 if (ret) {
466 _gsskrb5_set_error_string ();
467 free (output_message_buffer->value);
468 output_message_buffer->length = 0;
469 output_message_buffer->value = NULL;
470 *minor_status = ret;
471 return GSS_S_FAILURE;
472 }
473 ret = krb5_encrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL,
474 p, datalen, &tmp);
475 krb5_crypto_destroy(_gsskrb5_context, crypto);
476 if (ret) {
477 _gsskrb5_set_error_string ();
478 free (output_message_buffer->value);
479 output_message_buffer->length = 0;
480 output_message_buffer->value = NULL;
481 *minor_status = ret;
482 return GSS_S_FAILURE;
483 }
484 assert (tmp.length == datalen);
485
486 memcpy (p, tmp.data, datalen);
487 krb5_data_free(&tmp);
488 }
489 if(conf_state != NULL)
490 *conf_state = conf_req_flag;
491 *minor_status = 0;
492 return GSS_S_COMPLETE;
493 }
494
495 OM_uint32 _gsskrb5_wrap
496 (OM_uint32 * minor_status,
497 const gss_ctx_id_t context_handle,
498 int conf_req_flag,
499 gss_qop_t qop_req,
500 const gss_buffer_t input_message_buffer,
501 int * conf_state,
502 gss_buffer_t output_message_buffer
503 )
504 {
505 krb5_keyblock *key;
506 OM_uint32 ret;
507 krb5_keytype keytype;
508 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
509
510 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
511 ret = _gsskrb5i_get_token_key(ctx, &key);
512 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
513 if (ret) {
514 _gsskrb5_set_error_string ();
515 *minor_status = ret;
516 return GSS_S_FAILURE;
517 }
518 krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype);
519
520 switch (keytype) {
521 case KEYTYPE_DES :
522 ret = wrap_des (minor_status, ctx, conf_req_flag,
523 qop_req, input_message_buffer, conf_state,
524 output_message_buffer, key);
525 break;
526 case KEYTYPE_DES3 :
527 ret = wrap_des3 (minor_status, ctx, conf_req_flag,
528 qop_req, input_message_buffer, conf_state,
529 output_message_buffer, key);
530 break;
531 case KEYTYPE_ARCFOUR:
532 case KEYTYPE_ARCFOUR_56:
533 ret = _gssapi_wrap_arcfour (minor_status, ctx, conf_req_flag,
534 qop_req, input_message_buffer, conf_state,
535 output_message_buffer, key);
536 break;
537 default :
538 ret = _gssapi_wrap_cfx (minor_status, ctx, conf_req_flag,
539 qop_req, input_message_buffer, conf_state,
540 output_message_buffer, key);
541 break;
542 }
543 krb5_free_keyblock (_gsskrb5_context, key);
544 return ret;
545 }
Samba GIT mirror