2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gssapi_locl.h"
36 RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $");
39 gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
44 krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
45 context_handle->auth_context,
48 krb5_auth_con_getremotesubkey(gssapi_krb5_context,
49 context_handle->auth_context,
52 krb5_auth_con_getkey(gssapi_krb5_context,
53 context_handle->auth_context,
63 OM_uint32 req_output_size,
64 OM_uint32 * max_input_size,
69 size_t len, total_len, padlength;
70 padlength = blocksize - (req_output_size % blocksize);
71 len = req_output_size + 8 + padlength + extrasize;
72 gssapi_krb5_encap_length(len, &len, &total_len);
73 *max_input_size = (OM_uint32)total_len;
74 return GSS_S_COMPLETE;
79 OM_uint32 * minor_status,
80 const gss_ctx_id_t context_handle,
83 OM_uint32 req_output_size,
84 OM_uint32 * max_input_size
91 ret = gss_krb5_get_localkey(context_handle, &key);
93 gssapi_krb5_set_error_string ();
97 krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
101 case KEYTYPE_ARCFOUR:
102 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
105 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
108 *minor_status = KRB5_PROG_ETYPE_NOSUPP;
112 krb5_free_keyblock (gssapi_krb5_context, key);
119 (OM_uint32 * minor_status,
120 const gss_ctx_id_t context_handle,
123 const gss_buffer_t input_message_buffer,
125 gss_buffer_t output_message_buffer,
132 des_key_schedule schedule;
137 size_t len, total_len, padlength, datalen;
139 padlength = 8 - (input_message_buffer->length % 8);
140 datalen = input_message_buffer->length + padlength + 8;
142 gssapi_krb5_encap_length (len, &len, &total_len);
144 output_message_buffer->length = total_len;
145 output_message_buffer->value = malloc (total_len);
146 if (output_message_buffer->value == NULL) {
147 *minor_status = ENOMEM;
148 return GSS_S_FAILURE;
151 p = gssapi_krb5_make_header(output_message_buffer->value,
153 "\x02\x01"); /* TOK_ID */
156 memcpy (p, "\x00\x00", 2);
160 memcpy (p, "\x00\x00", 2);
162 memcpy (p, "\xff\xff", 2);
165 memcpy (p, "\xff\xff", 2);
172 /* confounder + data + pad */
173 krb5_generate_random_block(p, 8);
174 memcpy (p + 8, input_message_buffer->value,
175 input_message_buffer->length);
176 memset (p + 8 + input_message_buffer->length, padlength, padlength);
180 MD5_Update (&md5, p - 24, 8);
181 MD5_Update (&md5, p, datalen);
182 MD5_Final (hash, &md5);
184 memset (&zero, 0, sizeof(zero));
185 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
186 des_set_key (&deskey, schedule);
187 des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
189 memcpy (p - 8, hash, 8);
191 /* sequence number */
192 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
193 context_handle->auth_context,
197 p[0] = (seq_number >> 0) & 0xFF;
198 p[1] = (seq_number >> 8) & 0xFF;
199 p[2] = (seq_number >> 16) & 0xFF;
200 p[3] = (seq_number >> 24) & 0xFF;
202 (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
205 des_set_key (&deskey, schedule);
206 des_cbc_encrypt ((void *)p, (void *)p, 8,
207 schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
209 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
210 context_handle->auth_context,
213 /* encrypt the data */
217 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
219 for (i = 0; i < sizeof(deskey); ++i)
221 des_set_key (&deskey, schedule);
222 memset (&zero, 0, sizeof(zero));
223 des_cbc_encrypt ((void *)p,
230 memset (deskey, 0, sizeof(deskey));
231 memset (schedule, 0, sizeof(schedule));
233 if(conf_state != NULL)
234 *conf_state = conf_req_flag;
236 return GSS_S_COMPLETE;
241 (OM_uint32 * minor_status,
242 const gss_ctx_id_t context_handle,
245 const gss_buffer_t input_message_buffer,
247 gss_buffer_t output_message_buffer,
254 size_t len, total_len, padlength, datalen;
260 padlength = 8 - (input_message_buffer->length % 8);
261 datalen = input_message_buffer->length + padlength + 8;
263 gssapi_krb5_encap_length (len, &len, &total_len);
265 output_message_buffer->length = total_len;
266 output_message_buffer->value = malloc (total_len);
267 if (output_message_buffer->value == NULL) {
268 *minor_status = ENOMEM;
269 return GSS_S_FAILURE;
272 p = gssapi_krb5_make_header(output_message_buffer->value,
274 "\x02\x01"); /* TOK_ID */
277 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
281 memcpy (p, "\x02\x00", 2); /* DES3-KD */
283 memcpy (p, "\xff\xff", 2);
286 memcpy (p, "\xff\xff", 2);
289 /* calculate checksum (the above + confounder + data + pad) */
291 memcpy (p + 20, p - 8, 8);
292 krb5_generate_random_block(p + 28, 8);
293 memcpy (p + 28 + 8, input_message_buffer->value,
294 input_message_buffer->length);
295 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
297 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
299 gssapi_krb5_set_error_string ();
300 free (output_message_buffer->value);
302 return GSS_S_FAILURE;
305 ret = krb5_create_checksum (gssapi_krb5_context,
312 krb5_crypto_destroy (gssapi_krb5_context, crypto);
314 gssapi_krb5_set_error_string ();
315 free (output_message_buffer->value);
317 return GSS_S_FAILURE;
320 /* zero out SND_SEQ + SGN_CKSUM in case */
323 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
324 free_Checksum (&cksum);
326 /* sequence number */
327 krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
328 context_handle->auth_context,
331 seq[0] = (seq_number >> 0) & 0xFF;
332 seq[1] = (seq_number >> 8) & 0xFF;
333 seq[2] = (seq_number >> 16) & 0xFF;
334 seq[3] = (seq_number >> 24) & 0xFF;
336 (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
340 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
343 free (output_message_buffer->value);
345 return GSS_S_FAILURE;
351 memcpy (&ivec, p + 8, 8);
352 ret = krb5_encrypt_ivec (gssapi_krb5_context,
358 krb5_crypto_destroy (gssapi_krb5_context, crypto);
360 gssapi_krb5_set_error_string ();
361 free (output_message_buffer->value);
363 return GSS_S_FAILURE;
366 assert (encdata.length == 8);
368 memcpy (p, encdata.data, encdata.length);
369 krb5_data_free (&encdata);
371 krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
372 context_handle->auth_context,
375 /* encrypt the data */
381 ret = krb5_crypto_init(gssapi_krb5_context, key,
382 ETYPE_DES3_CBC_NONE, &crypto);
384 gssapi_krb5_set_error_string ();
385 free (output_message_buffer->value);
387 return GSS_S_FAILURE;
389 ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
391 krb5_crypto_destroy(gssapi_krb5_context, crypto);
393 gssapi_krb5_set_error_string ();
394 free (output_message_buffer->value);
396 return GSS_S_FAILURE;
398 assert (tmp.length == datalen);
400 memcpy (p, tmp.data, datalen);
401 krb5_data_free(&tmp);
403 if(conf_state != NULL)
404 *conf_state = conf_req_flag;
406 return GSS_S_COMPLETE;
410 (OM_uint32 * minor_status,
411 const gss_ctx_id_t context_handle,
414 const gss_buffer_t input_message_buffer,
416 gss_buffer_t output_message_buffer
421 krb5_keytype keytype;
423 ret = gss_krb5_get_localkey(context_handle, &key);
425 gssapi_krb5_set_error_string ();
427 return GSS_S_FAILURE;
429 krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
433 ret = wrap_des (minor_status, context_handle, conf_req_flag,
434 qop_req, input_message_buffer, conf_state,
435 output_message_buffer, key);
438 ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
439 qop_req, input_message_buffer, conf_state,
440 output_message_buffer, key);
442 case KEYTYPE_ARCFOUR:
443 ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag,
444 qop_req, input_message_buffer, conf_state,
445 output_message_buffer, key);
448 *minor_status = KRB5_PROG_ETYPE_NOSUPP;
452 krb5_free_keyblock (gssapi_krb5_context, key);