2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
40 (OM_uint32
* minor_status
,
41 const gss_ctx_id_t context_handle
,
42 const gss_buffer_t message_buffer
,
43 const gss_buffer_t token_buffer
,
44 gss_qop_t
* qop_state
,
51 u_char hash
[16], *seq
;
52 DES_key_schedule schedule
;
59 p
= token_buffer
->value
;
60 ret
= gssapi_krb5_verify_header (&p
,
67 if (memcmp(p
, "\x00\x00", 2) != 0)
70 if (memcmp (p
, "\xff\xff\xff\xff", 4) != 0)
77 MD5_Update (&md5
, p
- 24, 8);
78 MD5_Update (&md5
, message_buffer
->value
,
79 message_buffer
->length
);
80 MD5_Final (hash
, &md5
);
82 memset (&zero
, 0, sizeof(zero
));
83 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
85 DES_set_key (&deskey
, &schedule
);
86 DES_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
88 if (memcmp (p
- 8, hash
, 8) != 0) {
89 memset (deskey
, 0, sizeof(deskey
));
90 memset (&schedule
, 0, sizeof(schedule
));
94 /* verify sequence number */
96 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
99 DES_set_key (&deskey
, &schedule
);
100 DES_cbc_encrypt ((void *)p
, (void *)p
, 8,
101 &schedule
, (DES_cblock
*)hash
, DES_DECRYPT
);
103 memset (deskey
, 0, sizeof(deskey
));
104 memset (&schedule
, 0, sizeof(schedule
));
107 gssapi_decode_om_uint32(seq
, &seq_number
);
109 if (context_handle
->more_flags
& LOCAL
)
110 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
112 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
115 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
116 return GSS_S_BAD_MIC
;
119 ret
= gssapi_msg_order_check(context_handle
->order
, seq_number
);
121 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
125 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
127 return GSS_S_COMPLETE
;
132 (OM_uint32
* minor_status
,
133 const gss_ctx_id_t context_handle
,
134 const gss_buffer_t message_buffer
,
135 const gss_buffer_t token_buffer
,
136 gss_qop_t
* qop_state
,
152 p
= token_buffer
->value
;
153 ret
= gssapi_krb5_verify_header (&p
,
154 token_buffer
->length
,
160 if (memcmp(p
, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
161 return GSS_S_BAD_SIG
;
163 if (memcmp (p
, "\xff\xff\xff\xff", 4) != 0)
164 return GSS_S_BAD_MIC
;
167 ret
= krb5_crypto_init(gssapi_krb5_context
, key
,
168 ETYPE_DES3_CBC_NONE
, &crypto
);
170 gssapi_krb5_set_error_string ();
172 return GSS_S_FAILURE
;
175 /* verify sequence number */
181 memcpy(ivec
, p
+ 8, 8);
183 ret
= krb5_decrypt_ivec (gssapi_krb5_context
,
186 p
, 8, &seq_data
, ivec
);
189 gssapi_krb5_set_error_string ();
190 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
192 return GSS_S_FAILURE
;
197 if (seq_data
.length
!= 8) {
198 krb5_data_free (&seq_data
);
200 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
201 return GSS_S_BAD_MIC
;
206 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
209 gssapi_decode_om_uint32(seq
, &seq_number
);
211 if (context_handle
->more_flags
& LOCAL
)
212 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
214 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
216 krb5_data_free (&seq_data
);
218 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
220 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
221 return GSS_S_BAD_MIC
;
224 ret
= gssapi_msg_order_check(context_handle
->order
, seq_number
);
226 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
228 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
232 /* verify checksum */
234 tmp
= malloc (message_buffer
->length
+ 8);
236 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
237 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
238 *minor_status
= ENOMEM
;
239 return GSS_S_FAILURE
;
242 memcpy (tmp
, p
- 8, 8);
243 memcpy (tmp
+ 8, message_buffer
->value
, message_buffer
->length
);
245 csum
.cksumtype
= CKSUMTYPE_HMAC_SHA1_DES3
;
246 csum
.checksum
.length
= 20;
247 csum
.checksum
.data
= p
+ 8;
249 ret
= krb5_verify_checksum (gssapi_krb5_context
, crypto
,
251 tmp
, message_buffer
->length
+ 8,
255 gssapi_krb5_set_error_string ();
256 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
258 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
259 return GSS_S_BAD_MIC
;
261 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
263 krb5_crypto_destroy (gssapi_krb5_context
, crypto
);
264 return GSS_S_COMPLETE
;
268 gss_verify_mic_internal
269 (OM_uint32
* minor_status
,
270 const gss_ctx_id_t context_handle
,
271 const gss_buffer_t message_buffer
,
272 const gss_buffer_t token_buffer
,
273 gss_qop_t
* qop_state
,
279 krb5_keytype keytype
;
281 ret
= gss_krb5_get_subkey(context_handle
, &key
);
283 gssapi_krb5_set_error_string ();
285 return GSS_S_FAILURE
;
288 krb5_enctype_to_keytype (gssapi_krb5_context
, key
->keytype
, &keytype
);
291 ret
= verify_mic_des (minor_status
, context_handle
,
292 message_buffer
, token_buffer
, qop_state
, key
,
296 ret
= verify_mic_des3 (minor_status
, context_handle
,
297 message_buffer
, token_buffer
, qop_state
, key
,
300 case KEYTYPE_ARCFOUR
:
301 ret
= _gssapi_verify_mic_arcfour (minor_status
, context_handle
,
302 message_buffer
, token_buffer
,
303 qop_state
, key
, type
);
306 ret
= _gssapi_verify_mic_cfx (minor_status
, context_handle
,
307 message_buffer
, token_buffer
, qop_state
,
311 krb5_free_keyblock (gssapi_krb5_context
, key
);
318 (OM_uint32
* minor_status
,
319 const gss_ctx_id_t context_handle
,
320 const gss_buffer_t message_buffer
,
321 const gss_buffer_t token_buffer
,
322 gss_qop_t
* qop_state
327 if (qop_state
!= NULL
)
328 *qop_state
= GSS_C_QOP_DEFAULT
;
330 ret
= gss_verify_mic_internal(minor_status
, context_handle
,
331 message_buffer
, token_buffer
,
332 qop_state
, "\x01\x01");