2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5/gsskrb5_locl.h"
39 * Return initiator subkey, or if that doesn't exists, the subkey.
43 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
50 if (ctx->more_flags & LOCAL) {
51 ret = krb5_auth_con_getlocalsubkey(context,
55 ret = krb5_auth_con_getremotesubkey(context,
59 if (ret == 0 && *key == NULL)
60 ret = krb5_auth_con_getkey(context,
63 if (ret == 0 && *key == NULL) {
64 krb5_set_error_message(context, 0, "No initiator subkey available");
65 return GSS_KRB5_S_KG_NO_SUBKEY;
71 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
78 if (ctx->more_flags & LOCAL) {
79 ret = krb5_auth_con_getremotesubkey(context,
83 ret = krb5_auth_con_getlocalsubkey(context,
87 if (ret == 0 && *key == NULL) {
88 krb5_set_error_message(context, 0, "No acceptor subkey available");
89 return GSS_KRB5_S_KG_NO_SUBKEY;
95 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
99 _gsskrb5i_get_acceptor_subkey(ctx, context, key);
102 * Only use the initiator subkey or ticket session key if an
103 * acceptor subkey was not required.
105 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
106 _gsskrb5i_get_initiator_subkey(ctx, context, key);
109 krb5_set_error_message(context, 0, "No token key available");
110 return GSS_KRB5_S_KG_NO_SUBKEY;
117 OM_uint32 req_output_size,
118 OM_uint32 * max_input_size,
123 size_t len, total_len;
125 len = 8 + req_output_size + blocksize + extrasize;
127 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
129 total_len -= req_output_size; /* token length */
130 if (total_len < req_output_size) {
131 *max_input_size = (req_output_size - total_len);
132 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
136 return GSS_S_COMPLETE;
140 _gsskrb5_wrap_size_limit (
141 OM_uint32 * minor_status,
142 const gss_ctx_id_t context_handle,
145 OM_uint32 req_output_size,
146 OM_uint32 * max_input_size
149 krb5_context context;
152 krb5_keytype keytype;
153 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
155 GSSAPI_KRB5_INIT (&context);
157 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
158 ret = _gsskrb5i_get_token_key(ctx, context, &key);
159 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
162 return GSS_S_FAILURE;
164 krb5_enctype_to_keytype (context, key->keytype, &keytype);
168 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
170 case KEYTYPE_ARCFOUR:
171 case KEYTYPE_ARCFOUR_56:
172 ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
173 conf_req_flag, qop_req,
174 req_output_size, max_input_size, key);
177 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
180 ret = _gssapi_wrap_size_cfx(minor_status, ctx, context,
181 conf_req_flag, qop_req,
182 req_output_size, max_input_size, key);
185 krb5_free_keyblock (context, key);
192 (OM_uint32 * minor_status,
193 const gsskrb5_ctx ctx,
194 krb5_context context,
197 const gss_buffer_t input_message_buffer,
199 gss_buffer_t output_message_buffer,
206 DES_key_schedule schedule;
211 size_t len, total_len, padlength, datalen;
213 if (IS_DCE_STYLE(ctx)) {
215 datalen = input_message_buffer->length;
217 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
218 total_len += datalen;
221 padlength = 8 - (input_message_buffer->length % 8);
222 datalen = input_message_buffer->length + padlength + 8;
224 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
227 output_message_buffer->length = total_len;
228 output_message_buffer->value = malloc (total_len);
229 if (output_message_buffer->value == NULL) {
230 output_message_buffer->length = 0;
231 *minor_status = ENOMEM;
232 return GSS_S_FAILURE;
235 p = _gsskrb5_make_header(output_message_buffer->value,
237 "\x02\x01", /* TOK_ID */
241 memcpy (p, "\x00\x00", 2);
245 memcpy (p, "\x00\x00", 2);
247 memcpy (p, "\xff\xff", 2);
250 memcpy (p, "\xff\xff", 2);
257 /* confounder + data + pad */
258 krb5_generate_random_block(p, 8);
259 memcpy (p + 8, input_message_buffer->value,
260 input_message_buffer->length);
261 memset (p + 8 + input_message_buffer->length, padlength, padlength);
265 MD5_Update (&md5, p - 24, 8);
266 MD5_Update (&md5, p, datalen);
267 MD5_Final (hash, &md5);
269 memset (&zero, 0, sizeof(zero));
270 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
271 DES_set_key_unchecked (&deskey, &schedule);
272 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
274 memcpy (p - 8, hash, 8);
276 /* sequence number */
277 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
278 krb5_auth_con_getlocalseqnumber (context,
283 p[0] = (seq_number >> 0) & 0xFF;
284 p[1] = (seq_number >> 8) & 0xFF;
285 p[2] = (seq_number >> 16) & 0xFF;
286 p[3] = (seq_number >> 24) & 0xFF;
288 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
291 DES_set_key_unchecked (&deskey, &schedule);
292 DES_cbc_encrypt ((void *)p, (void *)p, 8,
293 &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
295 krb5_auth_con_setlocalseqnumber (context,
298 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
300 /* encrypt the data */
304 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
306 for (i = 0; i < sizeof(deskey); ++i)
308 DES_set_key_unchecked (&deskey, &schedule);
309 memset (&zero, 0, sizeof(zero));
310 DES_cbc_encrypt ((void *)p,
317 memset (deskey, 0, sizeof(deskey));
318 memset (&schedule, 0, sizeof(schedule));
320 if(conf_state != NULL)
321 *conf_state = conf_req_flag;
323 return GSS_S_COMPLETE;
328 (OM_uint32 * minor_status,
329 const gsskrb5_ctx ctx,
330 krb5_context context,
333 const gss_buffer_t input_message_buffer,
335 gss_buffer_t output_message_buffer,
342 size_t len, total_len, padlength, datalen;
348 if (IS_DCE_STYLE(ctx)) {
350 datalen = input_message_buffer->length;
352 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
353 total_len += datalen;
356 padlength = 8 - (input_message_buffer->length % 8);
357 datalen = input_message_buffer->length + padlength + 8;
359 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
362 output_message_buffer->length = total_len;
363 output_message_buffer->value = malloc (total_len);
364 if (output_message_buffer->value == NULL) {
365 output_message_buffer->length = 0;
366 *minor_status = ENOMEM;
367 return GSS_S_FAILURE;
370 p = _gsskrb5_make_header(output_message_buffer->value,
372 "\x02\x01", /* TOK_ID */
376 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
380 memcpy (p, "\x02\x00", 2); /* DES3-KD */
382 memcpy (p, "\xff\xff", 2);
385 memcpy (p, "\xff\xff", 2);
388 /* calculate checksum (the above + confounder + data + pad) */
390 memcpy (p + 20, p - 8, 8);
391 krb5_generate_random_block(p + 28, 8);
392 memcpy (p + 28 + 8, input_message_buffer->value,
393 input_message_buffer->length);
394 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
396 ret = krb5_crypto_init(context, key, 0, &crypto);
398 free (output_message_buffer->value);
399 output_message_buffer->length = 0;
400 output_message_buffer->value = NULL;
402 return GSS_S_FAILURE;
405 ret = krb5_create_checksum (context,
412 krb5_crypto_destroy (context, crypto);
414 free (output_message_buffer->value);
415 output_message_buffer->length = 0;
416 output_message_buffer->value = NULL;
418 return GSS_S_FAILURE;
421 /* zero out SND_SEQ + SGN_CKSUM in case */
424 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
425 free_Checksum (&cksum);
427 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
428 /* sequence number */
429 krb5_auth_con_getlocalseqnumber (context,
433 seq[0] = (seq_number >> 0) & 0xFF;
434 seq[1] = (seq_number >> 8) & 0xFF;
435 seq[2] = (seq_number >> 16) & 0xFF;
436 seq[3] = (seq_number >> 24) & 0xFF;
438 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
442 ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
445 free (output_message_buffer->value);
446 output_message_buffer->length = 0;
447 output_message_buffer->value = NULL;
449 return GSS_S_FAILURE;
455 memcpy (&ivec, p + 8, 8);
456 ret = krb5_encrypt_ivec (context,
462 krb5_crypto_destroy (context, crypto);
464 free (output_message_buffer->value);
465 output_message_buffer->length = 0;
466 output_message_buffer->value = NULL;
468 return GSS_S_FAILURE;
471 assert (encdata.length == 8);
473 memcpy (p, encdata.data, encdata.length);
474 krb5_data_free (&encdata);
476 krb5_auth_con_setlocalseqnumber (context,
479 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
481 /* encrypt the data */
487 ret = krb5_crypto_init(context, key,
488 ETYPE_DES3_CBC_NONE, &crypto);
490 free (output_message_buffer->value);
491 output_message_buffer->length = 0;
492 output_message_buffer->value = NULL;
494 return GSS_S_FAILURE;
496 ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
498 krb5_crypto_destroy(context, crypto);
500 free (output_message_buffer->value);
501 output_message_buffer->length = 0;
502 output_message_buffer->value = NULL;
504 return GSS_S_FAILURE;
506 assert (tmp.length == datalen);
508 memcpy (p, tmp.data, datalen);
509 krb5_data_free(&tmp);
511 if(conf_state != NULL)
512 *conf_state = conf_req_flag;
514 return GSS_S_COMPLETE;
517 OM_uint32 _gsskrb5_wrap
518 (OM_uint32 * minor_status,
519 const gss_ctx_id_t context_handle,
522 const gss_buffer_t input_message_buffer,
524 gss_buffer_t output_message_buffer
527 krb5_context context;
530 krb5_keytype keytype;
531 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
533 GSSAPI_KRB5_INIT (&context);
535 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
536 ret = _gsskrb5i_get_token_key(ctx, context, &key);
537 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
540 return GSS_S_FAILURE;
542 krb5_enctype_to_keytype (context, key->keytype, &keytype);
546 ret = wrap_des (minor_status, ctx, context, conf_req_flag,
547 qop_req, input_message_buffer, conf_state,
548 output_message_buffer, key);
551 ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
552 qop_req, input_message_buffer, conf_state,
553 output_message_buffer, key);
555 case KEYTYPE_ARCFOUR:
556 case KEYTYPE_ARCFOUR_56:
557 ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
558 qop_req, input_message_buffer, conf_state,
559 output_message_buffer, key);
562 ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
563 qop_req, input_message_buffer, conf_state,
564 output_message_buffer, key);
567 krb5_free_keyblock (context, key);