2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
36 RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $");
39 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
44 krb5_auth_con_getremotesubkey(gssapi_krb5_context,
45 context_handle->auth_context,
48 krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
49 context_handle->auth_context,
52 krb5_auth_con_getkey(gssapi_krb5_context,
53 context_handle->auth_context,
63 (OM_uint32 * minor_status,
64 const gss_ctx_id_t context_handle,
65 const gss_buffer_t input_message_buffer,
66 gss_buffer_t output_message_buffer,
68 gss_qop_t * qop_state,
75 u_char hash[16], seq_data[8];
76 des_key_schedule schedule;
85 p = input_message_buffer->value;
86 ret = gssapi_krb5_verify_header (&p,
87 input_message_buffer->length,
94 if (memcmp (p, "\x00\x00", 2) != 0)
97 if (memcmp (p, "\x00\x00", 2) == 0) {
99 } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
102 return GSS_S_BAD_MIC;
104 if(conf_state != NULL)
105 *conf_state = cstate;
106 if (memcmp (p, "\xff\xff", 2) != 0)
107 return GSS_S_DEFECTIVE_TOKEN;
111 len = p - (u_char *)input_message_buffer->value;
115 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
117 for (i = 0; i < sizeof(deskey); ++i)
119 des_set_key (&deskey, schedule);
120 memset (&zero, 0, sizeof(zero));
121 des_cbc_encrypt ((void *)p,
123 input_message_buffer->length - len,
128 memset (deskey, 0, sizeof(deskey));
129 memset (schedule, 0, sizeof(schedule));
133 pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
136 for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
139 return GSS_S_BAD_MIC;
142 MD5_Update (&md5, p - 24, 8);
143 MD5_Update (&md5, p, input_message_buffer->length - len);
144 MD5_Final (hash, &md5);
146 memset (&zero, 0, sizeof(zero));
147 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
148 des_set_key (&deskey, schedule);
149 des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
151 if (memcmp (p - 8, hash, 8) != 0)
152 return GSS_S_BAD_MIC;
154 /* verify sequence number */
156 krb5_auth_getremoteseqnumber (gssapi_krb5_context,
157 context_handle->auth_context,
159 seq_data[0] = (seq_number >> 0) & 0xFF;
160 seq_data[1] = (seq_number >> 8) & 0xFF;
161 seq_data[2] = (seq_number >> 16) & 0xFF;
162 seq_data[3] = (seq_number >> 24) & 0xFF;
163 memset (seq_data + 4,
164 (context_handle->more_flags & LOCAL) ? 0xFF : 0,
168 des_set_key (&deskey, schedule);
169 des_cbc_encrypt ((void *)p, (void *)p, 8,
170 schedule, (des_cblock *)hash, DES_DECRYPT);
172 memset (deskey, 0, sizeof(deskey));
173 memset (schedule, 0, sizeof(schedule));
175 if (memcmp (p, seq_data, 8) != 0) {
176 return GSS_S_BAD_MIC;
179 krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
180 context_handle->auth_context,
185 output_message_buffer->length = input_message_buffer->length
186 - len - padlength - 8;
187 output_message_buffer->value = malloc(output_message_buffer->length);
188 if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
189 return GSS_S_FAILURE;
190 memcpy (output_message_buffer->value,
192 output_message_buffer->length);
193 return GSS_S_COMPLETE;
198 (OM_uint32 * minor_status,
199 const gss_ctx_id_t context_handle,
200 const gss_buffer_t input_message_buffer,
201 gss_buffer_t output_message_buffer,
203 gss_qop_t * qop_state,
221 p = input_message_buffer->value;
222 ret = gssapi_krb5_verify_header (&p,
223 input_message_buffer->length,
230 if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
231 return GSS_S_BAD_SIG;
233 if (memcmp (p, "\x02\x00", 2) == 0) {
235 } else if (memcmp (p, "\xff\xff", 2) == 0) {
238 return GSS_S_BAD_MIC;
240 if(conf_state != NULL)
241 *conf_state = cstate;
242 if (memcmp (p, "\xff\xff", 2) != 0)
243 return GSS_S_DEFECTIVE_TOKEN;
247 len = p - (u_char *)input_message_buffer->value;
253 ret = krb5_crypto_init(gssapi_krb5_context, key,
254 ETYPE_DES3_CBC_NONE, &crypto);
256 gssapi_krb5_set_error_string ();
258 return GSS_S_FAILURE;
260 ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
261 p, input_message_buffer->length - len, &tmp);
262 krb5_crypto_destroy(gssapi_krb5_context, crypto);
264 gssapi_krb5_set_error_string ();
266 return GSS_S_FAILURE;
268 assert (tmp.length == input_message_buffer->length - len);
270 memcpy (p, tmp.data, tmp.length);
271 krb5_data_free(&tmp);
275 pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
278 for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
281 return GSS_S_BAD_MIC;
283 /* verify sequence number */
285 krb5_auth_getremoteseqnumber (gssapi_krb5_context,
286 context_handle->auth_context,
288 seq[0] = (seq_number >> 0) & 0xFF;
289 seq[1] = (seq_number >> 8) & 0xFF;
290 seq[2] = (seq_number >> 16) & 0xFF;
291 seq[3] = (seq_number >> 24) & 0xFF;
293 (context_handle->more_flags & LOCAL) ? 0xFF : 0,
298 ret = krb5_crypto_init(gssapi_krb5_context, key,
299 ETYPE_DES3_CBC_NONE, &crypto);
301 gssapi_krb5_set_error_string ();
303 return GSS_S_FAILURE;
308 memcpy(&ivec, p + 8, 8);
309 ret = krb5_decrypt_ivec (gssapi_krb5_context,
315 krb5_crypto_destroy (gssapi_krb5_context, crypto);
317 gssapi_krb5_set_error_string ();
319 return GSS_S_FAILURE;
321 if (seq_data.length != 8) {
322 krb5_data_free (&seq_data);
323 return GSS_S_BAD_MIC;
326 cmp = memcmp (seq, seq_data.data, seq_data.length);
327 krb5_data_free (&seq_data);
329 return GSS_S_BAD_MIC;
332 krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
333 context_handle->auth_context,
336 /* verify checksum */
338 memcpy (cksum, p + 8, 20);
340 memcpy (p + 20, p - 8, 8);
342 csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
343 csum.checksum.length = 20;
344 csum.checksum.data = cksum;
346 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
348 gssapi_krb5_set_error_string ();
350 return GSS_S_FAILURE;
353 ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
356 input_message_buffer->length - len + 8,
358 krb5_crypto_destroy (gssapi_krb5_context, crypto);
360 gssapi_krb5_set_error_string ();
362 return GSS_S_FAILURE;
367 output_message_buffer->length = input_message_buffer->length
368 - len - padlength - 8;
369 output_message_buffer->value = malloc(output_message_buffer->length);
370 if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
371 return GSS_S_FAILURE;
372 memcpy (output_message_buffer->value,
374 output_message_buffer->length);
375 return GSS_S_COMPLETE;
379 (OM_uint32 * minor_status,
380 const gss_ctx_id_t context_handle,
381 const gss_buffer_t input_message_buffer,
382 gss_buffer_t output_message_buffer,
384 gss_qop_t * qop_state
389 krb5_keytype keytype;
391 if (qop_state != NULL)
392 *qop_state = GSS_C_QOP_DEFAULT;
393 ret = gss_krb5_get_remotekey(context_handle, &key);
395 gssapi_krb5_set_error_string ();
397 return GSS_S_FAILURE;
399 krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
403 ret = unwrap_des (minor_status, context_handle,
404 input_message_buffer, output_message_buffer,
405 conf_state, qop_state, key);
408 ret = unwrap_des3 (minor_status, context_handle,
409 input_message_buffer, output_message_buffer,
410 conf_state, qop_state, key);
413 *minor_status = KRB5_PROG_ETYPE_NOSUPP;
417 krb5_free_keyblock (gssapi_krb5_context, key);