2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
40 (OM_uint32
* minor_status
,
41 const gss_ctx_id_t context_handle
,
42 const gss_buffer_t input_message_buffer
,
43 gss_buffer_t output_message_buffer
,
45 gss_qop_t
* qop_state
,
53 DES_key_schedule schedule
;
63 p
= input_message_buffer
->value
;
64 ret
= gssapi_krb5_verify_header (&p
,
65 input_message_buffer
->length
,
71 if (memcmp (p
, "\x00\x00", 2) != 0)
74 if (memcmp (p
, "\x00\x00", 2) == 0) {
76 } else if (memcmp (p
, "\xFF\xFF", 2) == 0) {
81 if(conf_state
!= NULL
)
83 if (memcmp (p
, "\xff\xff", 2) != 0)
84 return GSS_S_DEFECTIVE_TOKEN
;
88 len
= p
- (u_char
*)input_message_buffer
->value
;
92 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
94 for (i
= 0; i
< sizeof(deskey
); ++i
)
96 DES_set_key (&deskey
, &schedule
);
97 memset (&zero
, 0, sizeof(zero
));
98 DES_cbc_encrypt ((void *)p
,
100 input_message_buffer
->length
- len
,
105 memset (deskey
, 0, sizeof(deskey
));
106 memset (&schedule
, 0, sizeof(schedule
));
109 ret
= _gssapi_verify_pad(input_message_buffer
,
110 input_message_buffer
->length
- len
,
116 MD5_Update (&md5
, p
- 24, 8);
117 MD5_Update (&md5
, p
, input_message_buffer
->length
- len
);
118 MD5_Final (hash
, &md5
);
120 memset (&zero
, 0, sizeof(zero
));
121 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
122 DES_set_key (&deskey
, &schedule
);
123 DES_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
125 if (memcmp (p
- 8, hash
, 8) != 0)
126 return GSS_S_BAD_MIC
;
128 /* verify sequence number */
130 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
133 DES_set_key (&deskey
, &schedule
);
134 DES_cbc_encrypt ((void *)p
, (void *)p
, 8,
135 &schedule
, (DES_cblock
*)hash
, DES_DECRYPT
);
137 memset (deskey
, 0, sizeof(deskey
));
138 memset (&schedule
, 0, sizeof(schedule
));
141 gssapi_decode_om_uint32(seq
, &seq_number
);
143 if (context_handle
->more_flags
& LOCAL
)
144 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
146 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
149 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
150 return GSS_S_BAD_MIC
;
153 ret
= gssapi_msg_order_check(context_handle
->order
, seq_number
);
155 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
159 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
163 output_message_buffer
->length
= input_message_buffer
->length
164 - len
- padlength
- 8;
165 output_message_buffer
->value
= malloc(output_message_buffer
->length
);
166 if(output_message_buffer
->length
!= 0 && output_message_buffer
->value
== NULL
)
167 return GSS_S_FAILURE
;
168 memcpy (output_message_buffer
->value
,
170 output_message_buffer
->length
);
171 return GSS_S_COMPLETE
;
176 (OM_uint32
* minor_status
,
177 const gss_ctx_id_t context_handle
,
178 const gss_buffer_t input_message_buffer
,
179 gss_buffer_t output_message_buffer
,
181 gss_qop_t
* qop_state
,
198 p
= input_message_buffer
->value
;
199 ret
= gssapi_krb5_verify_header (&p
,
200 input_message_buffer
->length
,
206 if (memcmp (p
, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
207 return GSS_S_BAD_SIG
;
209 if (memcmp (p
, "\x02\x00", 2) == 0) {
211 } else if (memcmp (p
, "\xff\xff", 2) == 0) {
214 return GSS_S_BAD_MIC
;
216 if(conf_state
!= NULL
)
217 *conf_state
= cstate
;
218 if (memcmp (p
, "\xff\xff", 2) != 0)
219 return GSS_S_DEFECTIVE_TOKEN
;
223 len
= p
- (u_char
*)input_message_buffer
->value
;
229 ret
= krb5_crypto_init(gssapi_krb5_context
, key
,
230 ETYPE_DES3_CBC_NONE
, &crypto
);
232 gssapi_krb5_set_error_string ();
234 return GSS_S_FAILURE
;
236 ret
= krb5_decrypt(gssapi_krb5_context
, crypto
, KRB5_KU_USAGE_SEAL
,
237 p
, input_message_buffer
->length
- len
, &tmp
);
238 krb5_crypto_destroy(gssapi_krb5_context
, crypto
);
240 gssapi_krb5_set_error_string ();
242 return GSS_S_FAILURE
;
244 assert (tmp
.length
== input_message_buffer
->length
- len
);
246 memcpy (p
, tmp
.data
, tmp
.length
);
247 krb5_data_free(&tmp
);
250 ret
= _gssapi_verify_pad(input_message_buffer
,
251 input_message_buffer
->length
- len
,
256 /* verify sequence number */
258 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
262 ret
= krb5_crypto_init(gssapi_krb5_context
, key
,
263 ETYPE_DES3_CBC_NONE
, &crypto
);
265 gssapi_krb5_set_error_string ();
267 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
268 return GSS_S_FAILURE
;
273 memcpy(&ivec
, p
+ 8, 8);
274 ret
= krb5_decrypt_ivec (gssapi_krb5_context
,
280 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
282 gssapi_krb5_set_error_string ();
284 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
285 return GSS_S_FAILURE
;
287 if (seq_data
.length
!= 8) {
288 krb5_data_free (&seq_data
);
290 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
291 return GSS_S_BAD_MIC
;
295 gssapi_decode_om_uint32(seq
, &seq_number
);
297 if (context_handle
->more_flags
& LOCAL
)
298 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
300 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
302 krb5_data_free (&seq_data
);
305 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
306 return GSS_S_BAD_MIC
;
309 ret
= gssapi_msg_order_check(context_handle
->order
, seq_number
);
312 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
316 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
318 /* verify checksum */
320 memcpy (cksum
, p
+ 8, 20);
322 memcpy (p
+ 20, p
- 8, 8);
324 csum
.cksumtype
= CKSUMTYPE_HMAC_SHA1_DES3
;
325 csum
.checksum
.length
= 20;
326 csum
.checksum
.data
= cksum
;
328 ret
= krb5_crypto_init(gssapi_krb5_context
, key
, 0, &crypto
);
330 gssapi_krb5_set_error_string ();
332 return GSS_S_FAILURE
;
335 ret
= krb5_verify_checksum (gssapi_krb5_context
, crypto
,
338 input_message_buffer
->length
- len
+ 8,
340 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
342 gssapi_krb5_set_error_string ();
344 return GSS_S_FAILURE
;
349 output_message_buffer
->length
= input_message_buffer
->length
350 - len
- padlength
- 8;
351 output_message_buffer
->value
= malloc(output_message_buffer
->length
);
352 if(output_message_buffer
->length
!= 0 && output_message_buffer
->value
== NULL
)
353 return GSS_S_FAILURE
;
354 memcpy (output_message_buffer
->value
,
356 output_message_buffer
->length
);
357 return GSS_S_COMPLETE
;
361 (OM_uint32
* minor_status
,
362 const gss_ctx_id_t context_handle
,
363 const gss_buffer_t input_message_buffer
,
364 gss_buffer_t output_message_buffer
,
366 gss_qop_t
* qop_state
371 krb5_keytype keytype
;
373 output_message_buffer
->value
= NULL
;
374 output_message_buffer
->length
= 0;
376 if (qop_state
!= NULL
)
377 *qop_state
= GSS_C_QOP_DEFAULT
;
378 ret
= gss_krb5_get_subkey(context_handle
, &key
);
380 gssapi_krb5_set_error_string ();
382 return GSS_S_FAILURE
;
384 krb5_enctype_to_keytype (gssapi_krb5_context
, key
->keytype
, &keytype
);
390 ret
= unwrap_des (minor_status
, context_handle
,
391 input_message_buffer
, output_message_buffer
,
392 conf_state
, qop_state
, key
);
395 ret
= unwrap_des3 (minor_status
, context_handle
,
396 input_message_buffer
, output_message_buffer
,
397 conf_state
, qop_state
, key
);
399 case KEYTYPE_ARCFOUR
:
400 ret
= _gssapi_unwrap_arcfour (minor_status
, context_handle
,
401 input_message_buffer
, output_message_buffer
,
402 conf_state
, qop_state
, key
);
405 ret
= _gssapi_unwrap_cfx (minor_status
, context_handle
,
406 input_message_buffer
, output_message_buffer
,
407 conf_state
, qop_state
, key
);
410 krb5_free_keyblock (gssapi_krb5_context
, key
);