lib/gssapi/verify_mic.c

   1 /*
   2  * Copyright (c) 1997 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. All advertising materials mentioning features or use of this software
  18  *    must display the following acknowledgement:
  19  *      This product includes software developed by Kungliga Tekniska
  20  *      Högskolan and its contributors.
  21  *
  22  * 4. Neither the name of the Institute nor the names of its contributors
  23  *    may be used to endorse or promote products derived from this software
  24  *    without specific prior written permission.
  25  *
  26  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  36  * SUCH DAMAGE.
  37  */
  38
  39 #include "gssapi_locl.h"
  40
  41 RCSID("$Id$");
  42
  43 OM_uint32 gss_verify_mic
  44            (OM_uint32 * minor_status,
  45             const gss_ctx_id_t context_handle,
  46             const gss_buffer_t message_buffer,
  47             const gss_buffer_t token_buffer,
  48             gss_qop_t * qop_state
  49             )
  50 {
  51   u_char *p;
  52   struct md5 md5;
  53   u_char hash[16], seq_data[8];
  54   des_key_schedule schedule;
  55   des_cblock key;
  56   des_cblock zero;
  57   int32_t seq_number;
  58   OM_uint32 ret;
  59
  60   p = token_buffer->value;
  61   ret = gssapi_krb5_verify_header (&p,
  62                                    token_buffer->length,
  63                                    "\x01\x01");
  64   if (ret)
  65       return ret;
  66
  67   if (memcmp(p, "\x00\x00", 2) != 0)
  68       return GSS_S_BAD_SIG;
  69   p += 2;
  70   if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
  71     return GSS_S_BAD_MIC;
  72   p += 4;
  73   p += 16;
  74
  75   /* verify checksum */
  76   md5_init (&md5);
  77   md5_update (&md5, p - 24, 8);
  78   md5_update (&md5, message_buffer->value,
  79               message_buffer->length);
  80   md5_finito (&md5, hash);
  81
  82   memset (&zero, 0, sizeof(zero));
  83 #if 0
  84   memcpy (&key, context_handle->auth_context->key.keyvalue.data,
  85           sizeof(key));
  86 #endif
  87   memcpy (&key, context_handle->auth_context->remote_subkey->keyvalue.data,
  88           sizeof(key));
  89
  90   des_set_key (&key, schedule);
  91   des_cbc_cksum ((des_cblock *)hash,
  92                  (des_cblock *)hash, sizeof(hash), schedule, &zero);
  93   if (memcmp (p - 8, hash, 8) != 0) {
  94     memset (key, 0, sizeof(key));
  95     memset (schedule, 0, sizeof(schedule));
  96     return GSS_S_BAD_MIC;
  97   }
  98
  99   /* verify sequence number */
 100
 101   krb5_auth_getremoteseqnumber (gssapi_krb5_context,
 102                                 context_handle->auth_context,
 103                                 &seq_number);
 104   seq_data[0] = (seq_number >> 0)  & 0xFF;
 105   seq_data[1] = (seq_number >> 8)  & 0xFF;
 106   seq_data[2] = (seq_number >> 16) & 0xFF;
 107   seq_data[3] = (seq_number >> 24) & 0xFF;
 108   memset (seq_data + 4,
 109           (context_handle->more_flags & LOCAL) ? 0xFF : 0,
 110           4);
 111
 112   p -= 16;
 113   des_set_key (&key, schedule);
 114   des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
 115                    schedule, (des_cblock *)hash, DES_DECRYPT);
 116
 117   memset (key, 0, sizeof(key));
 118   memset (schedule, 0, sizeof(schedule));
 119
 120   if (memcmp (p, seq_data, 8) != 0) {
 121     return GSS_S_BAD_MIC;
 122   }
 123
 124   krb5_auth_setremoteseqnumber (gssapi_krb5_context,
 125                                 context_handle->auth_context,
 126                                 ++seq_number);
 127
 128   return GSS_S_COMPLETE;
 129 }