2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5/gsskrb5_locl.h"
36 RCSID("$Id: unwrap.c,v 1.38 2006/10/18 15:59:28 lha Exp $");
40 (OM_uint32 * minor_status,
41 const gsskrb5_ctx context_handle,
42 const gss_buffer_t input_message_buffer,
43 gss_buffer_t output_message_buffer,
45 gss_qop_t * qop_state,
53 DES_key_schedule schedule;
63 p = input_message_buffer->value;
64 ret = _gsskrb5_verify_header (&p,
65 input_message_buffer->length,
71 if (memcmp (p, "\x00\x00", 2) != 0)
74 if (memcmp (p, "\x00\x00", 2) == 0) {
76 } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
81 if(conf_state != NULL)
83 if (memcmp (p, "\xff\xff", 2) != 0)
84 return GSS_S_DEFECTIVE_TOKEN;
88 len = p - (u_char *)input_message_buffer->value;
92 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
94 for (i = 0; i < sizeof(deskey); ++i)
96 DES_set_key (&deskey, &schedule);
97 memset (&zero, 0, sizeof(zero));
98 DES_cbc_encrypt ((void *)p,
100 input_message_buffer->length - len,
105 memset (deskey, 0, sizeof(deskey));
106 memset (&schedule, 0, sizeof(schedule));
109 ret = _gssapi_verify_pad(input_message_buffer,
110 input_message_buffer->length - len,
116 MD5_Update (&md5, p - 24, 8);
117 MD5_Update (&md5, p, input_message_buffer->length - len);
118 MD5_Final (hash, &md5);
120 memset (&zero, 0, sizeof(zero));
121 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
122 DES_set_key (&deskey, &schedule);
123 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
125 if (memcmp (p - 8, hash, 8) != 0)
126 return GSS_S_BAD_MIC;
128 /* verify sequence number */
130 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
133 DES_set_key (&deskey, &schedule);
134 DES_cbc_encrypt ((void *)p, (void *)p, 8,
135 &schedule, (DES_cblock *)hash, DES_DECRYPT);
137 memset (deskey, 0, sizeof(deskey));
138 memset (&schedule, 0, sizeof(schedule));
141 _gsskrb5_decode_om_uint32(seq, &seq_number);
143 if (context_handle->more_flags & LOCAL)
144 cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
146 cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
149 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
150 return GSS_S_BAD_MIC;
153 ret = _gssapi_msg_order_check(context_handle->order, seq_number);
155 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
159 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
163 output_message_buffer->length = input_message_buffer->length
164 - len - padlength - 8;
165 output_message_buffer->value = malloc(output_message_buffer->length);
166 if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
167 return GSS_S_FAILURE;
168 memcpy (output_message_buffer->value,
170 output_message_buffer->length);
171 return GSS_S_COMPLETE;
176 (OM_uint32 * minor_status,
177 const gsskrb5_ctx context_handle,
178 const gss_buffer_t input_message_buffer,
179 gss_buffer_t output_message_buffer,
181 gss_qop_t * qop_state,
198 p = input_message_buffer->value;
199 ret = _gsskrb5_verify_header (&p,
200 input_message_buffer->length,
206 if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
207 return GSS_S_BAD_SIG;
209 if (memcmp (p, "\x02\x00", 2) == 0) {
211 } else if (memcmp (p, "\xff\xff", 2) == 0) {
214 return GSS_S_BAD_MIC;
216 if(conf_state != NULL)
217 *conf_state = cstate;
218 if (memcmp (p, "\xff\xff", 2) != 0)
219 return GSS_S_DEFECTIVE_TOKEN;
223 len = p - (u_char *)input_message_buffer->value;
229 ret = krb5_crypto_init(_gsskrb5_context, key,
230 ETYPE_DES3_CBC_NONE, &crypto);
232 _gsskrb5_set_error_string ();
234 return GSS_S_FAILURE;
236 ret = krb5_decrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL,
237 p, input_message_buffer->length - len, &tmp);
238 krb5_crypto_destroy(_gsskrb5_context, crypto);
240 _gsskrb5_set_error_string ();
242 return GSS_S_FAILURE;
244 assert (tmp.length == input_message_buffer->length - len);
246 memcpy (p, tmp.data, tmp.length);
247 krb5_data_free(&tmp);
250 ret = _gssapi_verify_pad(input_message_buffer,
251 input_message_buffer->length - len,
256 /* verify sequence number */
258 HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
262 ret = krb5_crypto_init(_gsskrb5_context, key,
263 ETYPE_DES3_CBC_NONE, &crypto);
265 _gsskrb5_set_error_string ();
267 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
268 return GSS_S_FAILURE;
273 memcpy(&ivec, p + 8, 8);
274 ret = krb5_decrypt_ivec (_gsskrb5_context,
280 krb5_crypto_destroy (_gsskrb5_context, crypto);
282 _gsskrb5_set_error_string ();
284 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
285 return GSS_S_FAILURE;
287 if (seq_data.length != 8) {
288 krb5_data_free (&seq_data);
290 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
291 return GSS_S_BAD_MIC;
295 _gsskrb5_decode_om_uint32(seq, &seq_number);
297 if (context_handle->more_flags & LOCAL)
298 cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
300 cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
302 krb5_data_free (&seq_data);
305 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
306 return GSS_S_BAD_MIC;
309 ret = _gssapi_msg_order_check(context_handle->order, seq_number);
312 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
316 HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
318 /* verify checksum */
320 memcpy (cksum, p + 8, 20);
322 memcpy (p + 20, p - 8, 8);
324 csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
325 csum.checksum.length = 20;
326 csum.checksum.data = cksum;
328 ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto);
330 _gsskrb5_set_error_string ();
332 return GSS_S_FAILURE;
335 ret = krb5_verify_checksum (_gsskrb5_context, crypto,
338 input_message_buffer->length - len + 8,
340 krb5_crypto_destroy (_gsskrb5_context, crypto);
342 _gsskrb5_set_error_string ();
344 return GSS_S_FAILURE;
349 output_message_buffer->length = input_message_buffer->length
350 - len - padlength - 8;
351 output_message_buffer->value = malloc(output_message_buffer->length);
352 if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
353 return GSS_S_FAILURE;
354 memcpy (output_message_buffer->value,
356 output_message_buffer->length);
357 return GSS_S_COMPLETE;
360 OM_uint32 _gsskrb5_unwrap
361 (OM_uint32 * minor_status,
362 const gss_ctx_id_t context_handle,
363 const gss_buffer_t input_message_buffer,
364 gss_buffer_t output_message_buffer,
366 gss_qop_t * qop_state
371 krb5_keytype keytype;
372 gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
374 output_message_buffer->value = NULL;
375 output_message_buffer->length = 0;
377 if (qop_state != NULL)
378 *qop_state = GSS_C_QOP_DEFAULT;
379 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
380 ret = _gsskrb5i_get_token_key(ctx, &key);
381 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
383 _gsskrb5_set_error_string ();
385 return GSS_S_FAILURE;
387 krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype);
393 ret = unwrap_des (minor_status, ctx,
394 input_message_buffer, output_message_buffer,
395 conf_state, qop_state, key);
398 ret = unwrap_des3 (minor_status, ctx,
399 input_message_buffer, output_message_buffer,
400 conf_state, qop_state, key);
402 case KEYTYPE_ARCFOUR:
403 case KEYTYPE_ARCFOUR_56:
404 ret = _gssapi_unwrap_arcfour (minor_status, ctx,
405 input_message_buffer, output_message_buffer,
406 conf_state, qop_state, key);
409 ret = _gssapi_unwrap_cfx (minor_status, ctx,
410 input_message_buffer, output_message_buffer,
411 conf_state, qop_state, key);
414 krb5_free_keyblock (_gsskrb5_context, key);