search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lib/gssapi/krb5: clear temporary buffer with cleartext data.
[heimdal.git] / lib / gssapi / krb5 / arcfour.c
blob5cd1fe3b9f33a72cd45ed2233a382742bfd26e1d
1 /*
2 * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gsskrb5_locl.h"
35
36 /*
37 * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
38 *
39 * The arcfour message have the following formats:
40 *
41 * MIC token
42 * TOK_ID[2] = 01 01
43 * SGN_ALG[2] = 11 00
44 * Filler[4]
45 * SND_SEQ[8]
46 * SGN_CKSUM[8]
47 *
48 * WRAP token
49 * TOK_ID[2] = 02 01
50 * SGN_ALG[2];
51 * SEAL_ALG[2]
52 * Filler[2]
53 * SND_SEQ[2]
54 * SGN_CKSUM[8]
55 * Confounder[8]
56 */
57
58 /*
59 * WRAP in DCE-style have a fixed size header, the oid and length over
60 * the WRAP header is a total of
61 * GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE +
62 * GSS_ARCFOUR_WRAP_TOKEN_SIZE byte (ie total of 45 bytes overhead,
63 * remember the 2 bytes from APPL [0] SEQ).
64 */
65
66 #define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
67 #define GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE 13
68
69
70 static krb5_error_code
71 arcfour_mic_key(krb5_context context, krb5_keyblock *key,
72 void *cksum_data, size_t cksum_size,
73 void *key6_data, size_t key6_size)
74 {
75 krb5_error_code ret;
76
77 Checksum cksum_k5;
78 krb5_keyblock key5;
79 char k5_data[16];
80
81 Checksum cksum_k6;
82
83 char T[4];
84
85 memset(T, 0, 4);
86 cksum_k5.checksum.data = k5_data;
87 cksum_k5.checksum.length = sizeof(k5_data);
88
89 if (key->keytype == KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56) {
90 char L40[14] = "fortybits";
91
92 memcpy(L40 + 10, T, sizeof(T));
93 ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
94 L40, 14, 0, key, &cksum_k5);
95 memset(&k5_data[7], 0xAB, 9);
96 } else {
97 ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
98 T, 4, 0, key, &cksum_k5);
99 }
100 if (ret)
101 return ret;
102
103 key5.keytype = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5;
104 key5.keyvalue = cksum_k5.checksum;
105
106 cksum_k6.checksum.data = key6_data;
107 cksum_k6.checksum.length = key6_size;
108
109 return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
110 cksum_data, cksum_size, 0, &key5, &cksum_k6);
111 }
112
113
114 static krb5_error_code
115 arcfour_mic_cksum(krb5_context context,
116 krb5_keyblock *key, unsigned usage,
117 u_char *sgn_cksum, size_t sgn_cksum_sz,
118 const u_char *v1, size_t l1,
119 const void *v2, size_t l2,
120 const void *v3, size_t l3)
121 {
122 Checksum CKSUM;
123 u_char *ptr;
124 size_t len;
125 krb5_crypto crypto;
126 krb5_error_code ret;
127
128 assert(sgn_cksum_sz == 8);
129
130 len = l1 + l2 + l3;
131
132 ptr = malloc(len);
133 if (ptr == NULL)
134 return ENOMEM;
135
136 memcpy(ptr, v1, l1);
137 memcpy(ptr + l1, v2, l2);
138 memcpy(ptr + l1 + l2, v3, l3);
139
140 ret = krb5_crypto_init(context, key, 0, &crypto);
141 if (ret) {
142 free(ptr);
143 return ret;
144 }
145
146 ret = krb5_create_checksum(context,
147 crypto,
148 usage,
149 0,
150 ptr, len,
151 &CKSUM);
152 memset(ptr, 0, len);
153 free(ptr);
154 if (ret == 0) {
155 memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
156 free_Checksum(&CKSUM);
157 }
158 krb5_crypto_destroy(context, crypto);
159
160 return ret;
161 }
162
163
164 OM_uint32
165 _gssapi_get_mic_arcfour(OM_uint32 * minor_status,
166 const gsskrb5_ctx context_handle,
167 krb5_context context,
168 gss_qop_t qop_req,
169 const gss_buffer_t message_buffer,
170 gss_buffer_t message_token,
171 krb5_keyblock *key)
172 {
173 krb5_error_code ret;
174 int32_t seq_number;
175 size_t len, total_len;
176 u_char k6_data[16], *p0, *p;
177 EVP_CIPHER_CTX rc4_key;
178
179 _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
180
181 message_token->length = total_len;
182 message_token->value = malloc (total_len);
183 if (message_token->value == NULL) {
184 *minor_status = ENOMEM;
185 return GSS_S_FAILURE;
186 }
187
188 p0 = _gssapi_make_mech_header(message_token->value,
189 len,
190 GSS_KRB5_MECHANISM);
191 p = p0;
192
193 *p++ = 0x01; /* TOK_ID */
194 *p++ = 0x01;
195 *p++ = 0x11; /* SGN_ALG */
196 *p++ = 0x00;
197 *p++ = 0xff; /* Filler */
198 *p++ = 0xff;
199 *p++ = 0xff;
200 *p++ = 0xff;
201
202 p = NULL;
203
204 ret = arcfour_mic_cksum(context,
205 key, KRB5_KU_USAGE_SIGN,
206 p0 + 16, 8, /* SGN_CKSUM */
207 p0, 8, /* TOK_ID, SGN_ALG, Filer */
208 message_buffer->value, message_buffer->length,
209 NULL, 0);
210 if (ret) {
211 _gsskrb5_release_buffer(minor_status, message_token);
212 *minor_status = ret;
213 return GSS_S_FAILURE;
214 }
215
216 ret = arcfour_mic_key(context, key,
217 p0 + 16, 8, /* SGN_CKSUM */
218 k6_data, sizeof(k6_data));
219 if (ret) {
220 _gsskrb5_release_buffer(minor_status, message_token);
221 *minor_status = ret;
222 return GSS_S_FAILURE;
223 }
224
225 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
226 krb5_auth_con_getlocalseqnumber (context,
227 context_handle->auth_context,
228 &seq_number);
229 p = p0 + 8; /* SND_SEQ */
230 _gsskrb5_encode_be_om_uint32(seq_number, p);
231
232 krb5_auth_con_setlocalseqnumber (context,
233 context_handle->auth_context,
234 ++seq_number);
235 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
236
237 memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
238
239 EVP_CIPHER_CTX_init(&rc4_key);
240 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
241 EVP_Cipher(&rc4_key, p, p, 8);
242 EVP_CIPHER_CTX_cleanup(&rc4_key);
243
244 memset(k6_data, 0, sizeof(k6_data));
245
246 *minor_status = 0;
247 return GSS_S_COMPLETE;
248 }
249
250
251 OM_uint32
252 _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
253 const gsskrb5_ctx context_handle,
254 krb5_context context,
255 const gss_buffer_t message_buffer,
256 const gss_buffer_t token_buffer,
257 gss_qop_t * qop_state,
258 krb5_keyblock *key,
259 const char *type)
260 {
261 krb5_error_code ret;
262 uint32_t seq_number;
263 OM_uint32 omret;
264 u_char SND_SEQ[8], cksum_data[8], *p;
265 char k6_data[16];
266 int cmp;
267
268 if (qop_state)
269 *qop_state = 0;
270
271 p = token_buffer->value;
272 omret = _gsskrb5_verify_header (&p,
273 token_buffer->length,
274 type,
275 GSS_KRB5_MECHANISM);
276 if (omret)
277 return omret;
278
279 if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
280 return GSS_S_BAD_SIG;
281 p += 2;
282 if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
283 return GSS_S_BAD_MIC;
284 p += 4;
285
286 ret = arcfour_mic_cksum(context,
287 key, KRB5_KU_USAGE_SIGN,
288 cksum_data, sizeof(cksum_data),
289 p - 8, 8,
290 message_buffer->value, message_buffer->length,
291 NULL, 0);
292 if (ret) {
293 *minor_status = ret;
294 return GSS_S_FAILURE;
295 }
296
297 ret = arcfour_mic_key(context, key,
298 cksum_data, sizeof(cksum_data),
299 k6_data, sizeof(k6_data));
300 if (ret) {
301 *minor_status = ret;
302 return GSS_S_FAILURE;
303 }
304
305 cmp = ct_memcmp(cksum_data, p + 8, 8);
306 if (cmp) {
307 *minor_status = 0;
308 return GSS_S_BAD_MIC;
309 }
310
311 {
312 EVP_CIPHER_CTX rc4_key;
313
314 EVP_CIPHER_CTX_init(&rc4_key);
315 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0);
316 EVP_Cipher(&rc4_key, SND_SEQ, p, 8);
317 EVP_CIPHER_CTX_cleanup(&rc4_key);
318
319 memset(k6_data, 0, sizeof(k6_data));
320 }
321
322 _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
323
324 if (context_handle->more_flags & LOCAL)
325 cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
326 else
327 cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
328
329 memset(SND_SEQ, 0, sizeof(SND_SEQ));
330 if (cmp != 0) {
331 *minor_status = 0;
332 return GSS_S_BAD_MIC;
333 }
334
335 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
336 omret = _gssapi_msg_order_check(context_handle->order, seq_number);
337 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
338 if (omret)
339 return omret;
340
341 *minor_status = 0;
342 return GSS_S_COMPLETE;
343 }
344
345 OM_uint32
346 _gssapi_wrap_arcfour(OM_uint32 * minor_status,
347 const gsskrb5_ctx context_handle,
348 krb5_context context,
349 int conf_req_flag,
350 gss_qop_t qop_req,
351 const gss_buffer_t input_message_buffer,
352 int * conf_state,
353 gss_buffer_t output_message_buffer,
354 krb5_keyblock *key)
355 {
356 u_char Klocaldata[16], k6_data[16], *p, *p0;
357 size_t len, total_len, datalen;
358 krb5_keyblock Klocal;
359 krb5_error_code ret;
360 int32_t seq_number;
361
362 if (conf_state)
363 *conf_state = 0;
364
365 datalen = input_message_buffer->length;
366
367 if (IS_DCE_STYLE(context_handle)) {
368 len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
369 _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
370 total_len += datalen;
371 } else {
372 datalen += 1; /* padding */
373 len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
374 _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
375 }
376
377 output_message_buffer->length = total_len;
378 output_message_buffer->value = malloc (total_len);
379 if (output_message_buffer->value == NULL) {
380 *minor_status = ENOMEM;
381 return GSS_S_FAILURE;
382 }
383
384 p0 = _gssapi_make_mech_header(output_message_buffer->value,
385 len,
386 GSS_KRB5_MECHANISM);
387 p = p0;
388
389 *p++ = 0x02; /* TOK_ID */
390 *p++ = 0x01;
391 *p++ = 0x11; /* SGN_ALG */
392 *p++ = 0x00;
393 if (conf_req_flag) {
394 *p++ = 0x10; /* SEAL_ALG */
395 *p++ = 0x00;
396 } else {
397 *p++ = 0xff; /* SEAL_ALG */
398 *p++ = 0xff;
399 }
400 *p++ = 0xff; /* Filler */
401 *p++ = 0xff;
402
403 p = NULL;
404
405 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
406 krb5_auth_con_getlocalseqnumber (context,
407 context_handle->auth_context,
408 &seq_number);
409
410 _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8);
411
412 krb5_auth_con_setlocalseqnumber (context,
413 context_handle->auth_context,
414 ++seq_number);
415 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
416
417 memset (p0 + 8 + 4,
418 (context_handle->more_flags & LOCAL) ? 0 : 0xff,
419 4);
420
421 krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
422
423 /* p points to data */
424 p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
425 memcpy(p, input_message_buffer->value, input_message_buffer->length);
426
427 if (!IS_DCE_STYLE(context_handle))
428 p[input_message_buffer->length] = 1; /* padding */
429
430 ret = arcfour_mic_cksum(context,
431 key, KRB5_KU_USAGE_SEAL,
432 p0 + 16, 8, /* SGN_CKSUM */
433 p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
434 p0 + 24, 8, /* Confounder */
435 p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
436 datalen);
437 if (ret) {
438 *minor_status = ret;
439 _gsskrb5_release_buffer(minor_status, output_message_buffer);
440 return GSS_S_FAILURE;
441 }
442
443 {
444 int i;
445
446 Klocal.keytype = key->keytype;
447 Klocal.keyvalue.data = Klocaldata;
448 Klocal.keyvalue.length = sizeof(Klocaldata);
449
450 for (i = 0; i < 16; i++)
451 Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
452 }
453 ret = arcfour_mic_key(context, &Klocal,
454 p0 + 8, 4, /* SND_SEQ */
455 k6_data, sizeof(k6_data));
456 memset(Klocaldata, 0, sizeof(Klocaldata));
457 if (ret) {
458 _gsskrb5_release_buffer(minor_status, output_message_buffer);
459 *minor_status = ret;
460 return GSS_S_FAILURE;
461 }
462
463
464 if(conf_req_flag) {
465 EVP_CIPHER_CTX rc4_key;
466
467 EVP_CIPHER_CTX_init(&rc4_key);
468 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
469 EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen);
470 EVP_CIPHER_CTX_cleanup(&rc4_key);
471 }
472 memset(k6_data, 0, sizeof(k6_data));
473
474 ret = arcfour_mic_key(context, key,
475 p0 + 16, 8, /* SGN_CKSUM */
476 k6_data, sizeof(k6_data));
477 if (ret) {
478 _gsskrb5_release_buffer(minor_status, output_message_buffer);
479 *minor_status = ret;
480 return GSS_S_FAILURE;
481 }
482
483 {
484 EVP_CIPHER_CTX rc4_key;
485
486 EVP_CIPHER_CTX_init(&rc4_key);
487 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
488 EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8);
489 EVP_CIPHER_CTX_cleanup(&rc4_key);
490 memset(k6_data, 0, sizeof(k6_data));
491 }
492
493 if (conf_state)
494 *conf_state = conf_req_flag;
495
496 *minor_status = 0;
497 return GSS_S_COMPLETE;
498 }
499
500 OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
501 const gsskrb5_ctx context_handle,
502 krb5_context context,
503 const gss_buffer_t input_message_buffer,
504 gss_buffer_t output_message_buffer,
505 int *conf_state,
506 gss_qop_t *qop_state,
507 krb5_keyblock *key)
508 {
509 u_char Klocaldata[16];
510 krb5_keyblock Klocal;
511 krb5_error_code ret;
512 uint32_t seq_number;
513 size_t datalen;
514 OM_uint32 omret;
515 u_char k6_data[16], SND_SEQ[8], Confounder[8];
516 u_char cksum_data[8];
517 u_char *p, *p0;
518 int cmp;
519 int conf_flag;
520 size_t padlen = 0, len;
521
522 if (conf_state)
523 *conf_state = 0;
524 if (qop_state)
525 *qop_state = 0;
526
527 p0 = input_message_buffer->value;
528
529 if (IS_DCE_STYLE(context_handle)) {
530 len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
531 GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
532 if (input_message_buffer->length < len)
533 return GSS_S_BAD_MECH;
534 } else {
535 len = input_message_buffer->length;
536 }
537
538 omret = _gssapi_verify_mech_header(&p0,
539 len,
540 GSS_KRB5_MECHANISM);
541 if (omret)
542 return omret;
543
544 /* length of mech header */
545 len = (p0 - (u_char *)input_message_buffer->value) +
546 GSS_ARCFOUR_WRAP_TOKEN_SIZE;
547
548 if (len > input_message_buffer->length)
549 return GSS_S_BAD_MECH;
550
551 /* length of data */
552 datalen = input_message_buffer->length - len;
553
554 p = p0;
555
556 if (memcmp(p, "\x02\x01", 2) != 0)
557 return GSS_S_BAD_SIG;
558 p += 2;
559 if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
560 return GSS_S_BAD_SIG;
561 p += 2;
562
563 if (memcmp (p, "\x10\x00", 2) == 0)
564 conf_flag = 1;
565 else if (memcmp (p, "\xff\xff", 2) == 0)
566 conf_flag = 0;
567 else
568 return GSS_S_BAD_SIG;
569
570 p += 2;
571 if (memcmp (p, "\xff\xff", 2) != 0)
572 return GSS_S_BAD_MIC;
573 p = NULL;
574
575 ret = arcfour_mic_key(context, key,
576 p0 + 16, 8, /* SGN_CKSUM */
577 k6_data, sizeof(k6_data));
578 if (ret) {
579 *minor_status = ret;
580 return GSS_S_FAILURE;
581 }
582
583 {
584 EVP_CIPHER_CTX rc4_key;
585
586 EVP_CIPHER_CTX_init(&rc4_key);
587 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
588 EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8);
589 EVP_CIPHER_CTX_cleanup(&rc4_key);
590 memset(k6_data, 0, sizeof(k6_data));
591 }
592
593 _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
594
595 if (context_handle->more_flags & LOCAL)
596 cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
597 else
598 cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
599
600 if (cmp != 0) {
601 *minor_status = 0;
602 return GSS_S_BAD_MIC;
603 }
604
605 {
606 int i;
607
608 Klocal.keytype = key->keytype;
609 Klocal.keyvalue.data = Klocaldata;
610 Klocal.keyvalue.length = sizeof(Klocaldata);
611
612 for (i = 0; i < 16; i++)
613 Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
614 }
615 ret = arcfour_mic_key(context, &Klocal,
616 SND_SEQ, 4,
617 k6_data, sizeof(k6_data));
618 memset(Klocaldata, 0, sizeof(Klocaldata));
619 if (ret) {
620 *minor_status = ret;
621 return GSS_S_FAILURE;
622 }
623
624 output_message_buffer->value = malloc(datalen);
625 if (output_message_buffer->value == NULL) {
626 *minor_status = ENOMEM;
627 return GSS_S_FAILURE;
628 }
629 output_message_buffer->length = datalen;
630
631 if(conf_flag) {
632 EVP_CIPHER_CTX rc4_key;
633
634 EVP_CIPHER_CTX_init(&rc4_key);
635 EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1);
636 EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8);
637 EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen);
638 EVP_CIPHER_CTX_cleanup(&rc4_key);
639 } else {
640 memcpy(Confounder, p0 + 24, 8); /* Confounder */
641 memcpy(output_message_buffer->value,
642 p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
643 datalen);
644 }
645 memset(k6_data, 0, sizeof(k6_data));
646
647 if (!IS_DCE_STYLE(context_handle)) {
648 ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
649 if (ret) {
650 _gsskrb5_release_buffer(minor_status, output_message_buffer);
651 *minor_status = 0;
652 return ret;
653 }
654 output_message_buffer->length -= padlen;
655 }
656
657 ret = arcfour_mic_cksum(context,
658 key, KRB5_KU_USAGE_SEAL,
659 cksum_data, sizeof(cksum_data),
660 p0, 8,
661 Confounder, sizeof(Confounder),
662 output_message_buffer->value,
663 output_message_buffer->length + padlen);
664 if (ret) {
665 _gsskrb5_release_buffer(minor_status, output_message_buffer);
666 *minor_status = ret;
667 return GSS_S_FAILURE;
668 }
669
670 cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
671 if (cmp) {
672 _gsskrb5_release_buffer(minor_status, output_message_buffer);
673 *minor_status = 0;
674 return GSS_S_BAD_MIC;
675 }
676
677 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
678 omret = _gssapi_msg_order_check(context_handle->order, seq_number);
679 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
680 if (omret)
681 return omret;
682
683 if (conf_state)
684 *conf_state = conf_flag;
685
686 *minor_status = 0;
687 return GSS_S_COMPLETE;
688 }
689
690 static OM_uint32
691 max_wrap_length_arcfour(const gsskrb5_ctx ctx,
692 krb5_crypto crypto,
693 size_t input_length,
694 OM_uint32 *max_input_size)
695 {
696 /*
697 * if GSS_C_DCE_STYLE is in use:
698 * - we only need to encapsulate the WRAP token
699 * However, since this is a fixed since, we just
700 */
701 if (IS_DCE_STYLE(ctx)) {
702 size_t len, total_len;
703
704 len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
705 _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
706
707 if (input_length < len)
708 *max_input_size = 0;
709 else
710 *max_input_size = input_length - len;
711
712 } else {
713 size_t extrasize = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
714 size_t blocksize = 8;
715 size_t len, total_len;
716
717 len = 8 + input_length + blocksize + extrasize;
718
719 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
720
721 total_len -= input_length; /* token length */
722 if (total_len < input_length) {
723 *max_input_size = (input_length - total_len);
724 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
725 } else {
726 *max_input_size = 0;
727 }
728 }
729
730 return GSS_S_COMPLETE;
731 }
732
733 OM_uint32
734 _gssapi_wrap_size_arcfour(OM_uint32 *minor_status,
735 const gsskrb5_ctx ctx,
736 krb5_context context,
737 int conf_req_flag,
738 gss_qop_t qop_req,
739 OM_uint32 req_output_size,
740 OM_uint32 *max_input_size,
741 krb5_keyblock *key)
742 {
743 krb5_error_code ret;
744 krb5_crypto crypto;
745
746 ret = krb5_crypto_init(context, key, 0, &crypto);
747 if (ret != 0) {
748 *minor_status = ret;
749 return GSS_S_FAILURE;
750 }
751
752 ret = max_wrap_length_arcfour(ctx, crypto,
753 req_output_size, max_input_size);
754 if (ret != 0) {
755 *minor_status = ret;
756 krb5_crypto_destroy(context, crypto);
757 return GSS_S_FAILURE;
758 }
759
760 krb5_crypto_destroy(context, crypto);
761
762 return GSS_S_COMPLETE;
763 }
Heimdal