2 * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
36 RCSID("$Id: get_mic.c,v 1.19 2001/10/31 13:37:39 nectar Exp $");
40 (OM_uint32 * minor_status,
41 const gss_ctx_id_t context_handle,
43 const gss_buffer_t message_buffer,
44 gss_buffer_t message_token,
51 des_key_schedule schedule;
55 size_t len, total_len;
57 gssapi_krb5_encap_length (22, &len, &total_len);
59 message_token->length = total_len;
60 message_token->value = malloc (total_len);
61 if (message_token->value == NULL) {
62 *minor_status = ENOMEM;
66 p = gssapi_krb5_make_header(message_token->value,
68 "\x01\x01"); /* TOK_ID */
70 memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */
73 memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
76 /* Fill in later (SND-SEQ) */
82 MD5_Update (&md5, p - 24, 8);
83 MD5_Update (&md5, message_buffer->value, message_buffer->length);
84 MD5_Final (hash, &md5);
86 memset (&zero, 0, sizeof(zero));
87 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
88 des_set_key (&deskey, schedule);
89 des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
91 memcpy (p - 8, hash, 8); /* SGN_CKSUM */
94 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
95 context_handle->auth_context,
98 p -= 16; /* SND_SEQ */
99 p[0] = (seq_number >> 0) & 0xFF;
100 p[1] = (seq_number >> 8) & 0xFF;
101 p[2] = (seq_number >> 16) & 0xFF;
102 p[3] = (seq_number >> 24) & 0xFF;
104 (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
107 des_set_key (&deskey, schedule);
108 des_cbc_encrypt ((void *)p, (void *)p, 8,
109 schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
111 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
112 context_handle->auth_context,
115 memset (deskey, 0, sizeof(deskey));
116 memset (schedule, 0, sizeof(schedule));
118 return GSS_S_COMPLETE;
123 (OM_uint32 * minor_status,
124 const gss_ctx_id_t context_handle,
126 const gss_buffer_t message_buffer,
127 gss_buffer_t message_token,
136 size_t len, total_len;
139 krb5_error_code kret;
143 gssapi_krb5_encap_length (36, &len, &total_len);
145 message_token->length = total_len;
146 message_token->value = malloc (total_len);
147 if (message_token->value == NULL) {
148 *minor_status = ENOMEM;
149 return GSS_S_FAILURE;
152 p = gssapi_krb5_make_header(message_token->value,
154 "\x01\x01"); /* TOK-ID */
156 memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */
159 memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
162 /* this should be done in parts */
164 tmp = malloc (message_buffer->length + 8);
166 free (message_token->value);
167 *minor_status = ENOMEM;
168 return GSS_S_FAILURE;
170 memcpy (tmp, p - 8, 8);
171 memcpy (tmp + 8, message_buffer->value, message_buffer->length);
173 kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
175 free (message_token->value);
177 gssapi_krb5_set_error_string ();
178 *minor_status = kret;
179 return GSS_S_FAILURE;
182 kret = krb5_create_checksum (gssapi_krb5_context,
187 message_buffer->length + 8,
190 krb5_crypto_destroy (gssapi_krb5_context, crypto);
192 free (message_token->value);
193 gssapi_krb5_set_error_string ();
194 *minor_status = kret;
195 return GSS_S_FAILURE;
198 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
200 /* sequence number */
201 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
202 context_handle->auth_context,
205 seq[0] = (seq_number >> 0) & 0xFF;
206 seq[1] = (seq_number >> 8) & 0xFF;
207 seq[2] = (seq_number >> 16) & 0xFF;
208 seq[3] = (seq_number >> 24) & 0xFF;
210 (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
213 kret = krb5_crypto_init(gssapi_krb5_context, key,
214 ETYPE_DES3_CBC_NONE, &crypto);
216 free (message_token->value);
217 gssapi_krb5_set_error_string ();
218 *minor_status = kret;
219 return GSS_S_FAILURE;
222 kret = krb5_encrypt (gssapi_krb5_context,
226 krb5_crypto_destroy (gssapi_krb5_context, crypto);
228 free (message_token->value);
229 gssapi_krb5_set_error_string ();
230 *minor_status = kret;
231 return GSS_S_FAILURE;
234 assert (encdata.length == 8);
236 memcpy (p, encdata.data, encdata.length);
237 krb5_data_free (&encdata);
239 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
240 context_handle->auth_context,
243 free_Checksum (&cksum);
244 return GSS_S_COMPLETE;
247 OM_uint32 gss_get_mic
248 (OM_uint32 * minor_status,
249 const gss_ctx_id_t context_handle,
251 const gss_buffer_t message_buffer,
252 gss_buffer_t message_token
257 krb5_keytype keytype;
259 ret = gss_krb5_get_localkey(context_handle, &key);
261 gssapi_krb5_set_error_string ();
263 return GSS_S_FAILURE;
265 krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
269 ret = mic_des (minor_status, context_handle, qop_req,
270 message_buffer, message_token, key);
273 ret = mic_des3 (minor_status, context_handle, qop_req,
274 message_buffer, message_token, key);
277 *minor_status = KRB5_PROG_ETYPE_NOSUPP;
281 krb5_free_keyblock (gssapi_krb5_context, key);