2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
36 RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $");
40 (OM_uint32 * minor_status,
41 const gss_ctx_id_t context_handle,
43 const gss_buffer_t message_buffer,
44 gss_buffer_t message_token,
51 des_key_schedule schedule;
55 size_t len, total_len;
57 gssapi_krb5_encap_length (22, &len, &total_len);
59 message_token->length = total_len;
60 message_token->value = malloc (total_len);
61 if (message_token->value == NULL) {
62 *minor_status = ENOMEM;
66 p = gssapi_krb5_make_header(message_token->value,
68 "\x01\x01"); /* TOK_ID */
70 memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */
73 memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
76 /* Fill in later (SND-SEQ) */
82 MD5_Update (&md5, p - 24, 8);
83 MD5_Update (&md5, message_buffer->value, message_buffer->length);
84 MD5_Final (hash, &md5);
86 memset (&zero, 0, sizeof(zero));
87 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
88 des_set_key (&deskey, schedule);
89 des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
91 memcpy (p - 8, hash, 8); /* SGN_CKSUM */
94 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
95 context_handle->auth_context,
98 p -= 16; /* SND_SEQ */
99 p[0] = (seq_number >> 0) & 0xFF;
100 p[1] = (seq_number >> 8) & 0xFF;
101 p[2] = (seq_number >> 16) & 0xFF;
102 p[3] = (seq_number >> 24) & 0xFF;
104 (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
107 des_set_key (&deskey, schedule);
108 des_cbc_encrypt ((void *)p, (void *)p, 8,
109 schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
111 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
112 context_handle->auth_context,
115 memset (deskey, 0, sizeof(deskey));
116 memset (schedule, 0, sizeof(schedule));
119 return GSS_S_COMPLETE;
124 (OM_uint32 * minor_status,
125 const gss_ctx_id_t context_handle,
127 const gss_buffer_t message_buffer,
128 gss_buffer_t message_token,
137 size_t len, total_len;
140 krb5_error_code kret;
145 gssapi_krb5_encap_length (36, &len, &total_len);
147 message_token->length = total_len;
148 message_token->value = malloc (total_len);
149 if (message_token->value == NULL) {
150 *minor_status = ENOMEM;
151 return GSS_S_FAILURE;
154 p = gssapi_krb5_make_header(message_token->value,
156 "\x01\x01"); /* TOK-ID */
158 memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */
161 memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
164 /* this should be done in parts */
166 tmp = malloc (message_buffer->length + 8);
168 free (message_token->value);
169 *minor_status = ENOMEM;
170 return GSS_S_FAILURE;
172 memcpy (tmp, p - 8, 8);
173 memcpy (tmp + 8, message_buffer->value, message_buffer->length);
175 kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
177 free (message_token->value);
179 gssapi_krb5_set_error_string ();
180 *minor_status = kret;
181 return GSS_S_FAILURE;
184 kret = krb5_create_checksum (gssapi_krb5_context,
189 message_buffer->length + 8,
192 krb5_crypto_destroy (gssapi_krb5_context, crypto);
194 free (message_token->value);
195 gssapi_krb5_set_error_string ();
196 *minor_status = kret;
197 return GSS_S_FAILURE;
200 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
202 /* sequence number */
203 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
204 context_handle->auth_context,
207 seq[0] = (seq_number >> 0) & 0xFF;
208 seq[1] = (seq_number >> 8) & 0xFF;
209 seq[2] = (seq_number >> 16) & 0xFF;
210 seq[3] = (seq_number >> 24) & 0xFF;
212 (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
215 kret = krb5_crypto_init(gssapi_krb5_context, key,
216 ETYPE_DES3_CBC_NONE, &crypto);
218 free (message_token->value);
219 gssapi_krb5_set_error_string ();
220 *minor_status = kret;
221 return GSS_S_FAILURE;
224 if (context_handle->more_flags & COMPAT_OLD_DES3)
227 memcpy(ivec, p + 8, 8);
229 kret = krb5_encrypt_ivec (gssapi_krb5_context,
232 seq, 8, &encdata, ivec);
233 krb5_crypto_destroy (gssapi_krb5_context, crypto);
235 free (message_token->value);
236 gssapi_krb5_set_error_string ();
237 *minor_status = kret;
238 return GSS_S_FAILURE;
241 assert (encdata.length == 8);
243 memcpy (p, encdata.data, encdata.length);
244 krb5_data_free (&encdata);
246 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
247 context_handle->auth_context,
250 free_Checksum (&cksum);
252 return GSS_S_COMPLETE;
255 OM_uint32 gss_get_mic
256 (OM_uint32 * minor_status,
257 const gss_ctx_id_t context_handle,
259 const gss_buffer_t message_buffer,
260 gss_buffer_t message_token
265 krb5_keytype keytype;
267 ret = gss_krb5_get_localkey(context_handle, &key);
269 gssapi_krb5_set_error_string ();
271 return GSS_S_FAILURE;
273 krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
277 ret = mic_des (minor_status, context_handle, qop_req,
278 message_buffer, message_token, key);
281 ret = mic_des3 (minor_status, context_handle, qop_req,
282 message_buffer, message_token, key);
284 case KEYTYPE_ARCFOUR:
285 ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req,
286 message_buffer, message_token, key);
289 *minor_status = KRB5_PROG_ETYPE_NOSUPP;
293 krb5_free_keyblock (gssapi_krb5_context, key);