2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gsskrb5_locl.h"
38 (OM_uint32
* minor_status
,
39 const gsskrb5_ctx context_handle
,
40 const gss_buffer_t input_message_buffer
,
41 gss_buffer_t output_message_buffer
,
43 gss_qop_t
* qop_state
,
51 DES_key_schedule schedule
;
61 p
= input_message_buffer
->value
;
62 ret
= _gsskrb5_verify_header (&p
,
63 input_message_buffer
->length
,
69 if (memcmp (p
, "\x00\x00", 2) != 0)
72 if (memcmp (p
, "\x00\x00", 2) == 0) {
74 } else if (memcmp (p
, "\xFF\xFF", 2) == 0) {
79 if(conf_state
!= NULL
)
81 if (memcmp (p
, "\xff\xff", 2) != 0)
82 return GSS_S_DEFECTIVE_TOKEN
;
86 len
= p
- (u_char
*)input_message_buffer
->value
;
90 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
92 for (i
= 0; i
< sizeof(deskey
); ++i
)
94 DES_set_key_unchecked (&deskey
, &schedule
);
95 memset (&zero
, 0, sizeof(zero
));
96 DES_cbc_encrypt ((void *)p
,
98 input_message_buffer
->length
- len
,
103 memset (deskey
, 0, sizeof(deskey
));
104 memset (&schedule
, 0, sizeof(schedule
));
107 ret
= _gssapi_verify_pad(input_message_buffer
,
108 input_message_buffer
->length
- len
,
114 MD5_Update (&md5
, p
- 24, 8);
115 MD5_Update (&md5
, p
, input_message_buffer
->length
- len
);
116 MD5_Final (hash
, &md5
);
118 memset (&zero
, 0, sizeof(zero
));
119 memcpy (&deskey
, key
->keyvalue
.data
, sizeof(deskey
));
120 DES_set_key_unchecked (&deskey
, &schedule
);
121 DES_cbc_cksum ((void *)hash
, (void *)hash
, sizeof(hash
),
123 if (memcmp (p
- 8, hash
, 8) != 0)
124 return GSS_S_BAD_MIC
;
126 /* verify sequence number */
128 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
131 DES_set_key_unchecked (&deskey
, &schedule
);
132 DES_cbc_encrypt ((void *)p
, (void *)p
, 8,
133 &schedule
, (DES_cblock
*)hash
, DES_DECRYPT
);
135 memset (deskey
, 0, sizeof(deskey
));
136 memset (&schedule
, 0, sizeof(schedule
));
139 _gsskrb5_decode_om_uint32(seq
, &seq_number
);
141 if (context_handle
->more_flags
& LOCAL
)
142 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
144 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
147 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
148 return GSS_S_BAD_MIC
;
151 ret
= _gssapi_msg_order_check(context_handle
->order
, seq_number
);
153 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
157 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
161 output_message_buffer
->length
= input_message_buffer
->length
162 - len
- padlength
- 8;
163 output_message_buffer
->value
= malloc(output_message_buffer
->length
);
164 if(output_message_buffer
->length
!= 0 && output_message_buffer
->value
== NULL
)
165 return GSS_S_FAILURE
;
166 memcpy (output_message_buffer
->value
,
168 output_message_buffer
->length
);
169 return GSS_S_COMPLETE
;
174 (OM_uint32
* minor_status
,
175 const gsskrb5_ctx context_handle
,
176 krb5_context context
,
177 const gss_buffer_t input_message_buffer
,
178 gss_buffer_t output_message_buffer
,
180 gss_qop_t
* qop_state
,
197 p
= input_message_buffer
->value
;
198 ret
= _gsskrb5_verify_header (&p
,
199 input_message_buffer
->length
,
205 if (memcmp (p
, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
206 return GSS_S_BAD_SIG
;
208 if (memcmp (p
, "\x02\x00", 2) == 0) {
210 } else if (memcmp (p
, "\xff\xff", 2) == 0) {
213 return GSS_S_BAD_MIC
;
215 if(conf_state
!= NULL
)
216 *conf_state
= cstate
;
217 if (memcmp (p
, "\xff\xff", 2) != 0)
218 return GSS_S_DEFECTIVE_TOKEN
;
222 len
= p
- (u_char
*)input_message_buffer
->value
;
228 ret
= krb5_crypto_init(context
, key
,
229 ETYPE_DES3_CBC_NONE
, &crypto
);
232 return GSS_S_FAILURE
;
234 ret
= krb5_decrypt(context
, crypto
, KRB5_KU_USAGE_SEAL
,
235 p
, input_message_buffer
->length
- len
, &tmp
);
236 krb5_crypto_destroy(context
, crypto
);
239 return GSS_S_FAILURE
;
241 assert (tmp
.length
== input_message_buffer
->length
- len
);
243 memcpy (p
, tmp
.data
, tmp
.length
);
244 krb5_data_free(&tmp
);
247 ret
= _gssapi_verify_pad(input_message_buffer
,
248 input_message_buffer
->length
- len
,
253 /* verify sequence number */
255 HEIMDAL_MUTEX_lock(&context_handle
->ctx_id_mutex
);
259 ret
= krb5_crypto_init(context
, key
,
260 ETYPE_DES3_CBC_NONE
, &crypto
);
263 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
264 return GSS_S_FAILURE
;
269 memcpy(&ivec
, p
+ 8, 8);
270 ret
= krb5_decrypt_ivec (context
,
276 krb5_crypto_destroy (context
, crypto
);
279 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
280 return GSS_S_FAILURE
;
282 if (seq_data
.length
!= 8) {
283 krb5_data_free (&seq_data
);
285 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
286 return GSS_S_BAD_MIC
;
290 _gsskrb5_decode_om_uint32(seq
, &seq_number
);
292 if (context_handle
->more_flags
& LOCAL
)
293 cmp
= memcmp(&seq
[4], "\xff\xff\xff\xff", 4);
295 cmp
= memcmp(&seq
[4], "\x00\x00\x00\x00", 4);
297 krb5_data_free (&seq_data
);
300 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
301 return GSS_S_BAD_MIC
;
304 ret
= _gssapi_msg_order_check(context_handle
->order
, seq_number
);
307 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
311 HEIMDAL_MUTEX_unlock(&context_handle
->ctx_id_mutex
);
313 /* verify checksum */
315 memcpy (cksum
, p
+ 8, 20);
317 memcpy (p
+ 20, p
- 8, 8);
319 csum
.cksumtype
= CKSUMTYPE_HMAC_SHA1_DES3
;
320 csum
.checksum
.length
= 20;
321 csum
.checksum
.data
= cksum
;
323 ret
= krb5_crypto_init(context
, key
, 0, &crypto
);
326 return GSS_S_FAILURE
;
329 ret
= krb5_verify_checksum (context
, crypto
,
332 input_message_buffer
->length
- len
+ 8,
334 krb5_crypto_destroy (context
, crypto
);
337 return GSS_S_FAILURE
;
342 output_message_buffer
->length
= input_message_buffer
->length
343 - len
- padlength
- 8;
344 output_message_buffer
->value
= malloc(output_message_buffer
->length
);
345 if(output_message_buffer
->length
!= 0 && output_message_buffer
->value
== NULL
)
346 return GSS_S_FAILURE
;
347 memcpy (output_message_buffer
->value
,
349 output_message_buffer
->length
);
350 return GSS_S_COMPLETE
;
353 OM_uint32 _gsskrb5_unwrap
354 (OM_uint32
* minor_status
,
355 const gss_ctx_id_t context_handle
,
356 const gss_buffer_t input_message_buffer
,
357 gss_buffer_t output_message_buffer
,
359 gss_qop_t
* qop_state
363 krb5_context context
;
365 krb5_keytype keytype
;
366 gsskrb5_ctx ctx
= (gsskrb5_ctx
) context_handle
;
368 output_message_buffer
->value
= NULL
;
369 output_message_buffer
->length
= 0;
370 if (qop_state
!= NULL
)
371 *qop_state
= GSS_C_QOP_DEFAULT
;
373 GSSAPI_KRB5_INIT (&context
);
375 if (ctx
->more_flags
& IS_CFX
)
376 return _gssapi_unwrap_cfx (minor_status
, ctx
, context
,
377 input_message_buffer
, output_message_buffer
,
378 conf_state
, qop_state
);
380 HEIMDAL_MUTEX_lock(&ctx
->ctx_id_mutex
);
381 ret
= _gsskrb5i_get_token_key(ctx
, context
, &key
);
382 HEIMDAL_MUTEX_unlock(&ctx
->ctx_id_mutex
);
385 return GSS_S_FAILURE
;
387 krb5_enctype_to_keytype (context
, key
->keytype
, &keytype
);
393 ret
= unwrap_des (minor_status
, ctx
,
394 input_message_buffer
, output_message_buffer
,
395 conf_state
, qop_state
, key
);
398 ret
= unwrap_des3 (minor_status
, ctx
, context
,
399 input_message_buffer
, output_message_buffer
,
400 conf_state
, qop_state
, key
);
402 case KEYTYPE_ARCFOUR
:
403 case KEYTYPE_ARCFOUR_56
:
404 ret
= _gssapi_unwrap_arcfour (minor_status
, ctx
, context
,
405 input_message_buffer
, output_message_buffer
,
406 conf_state
, qop_state
, key
);
412 krb5_free_keyblock (context
, key
);