2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5/gsskrb5_locl.h"
36 RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $");
39 * Return initiator subkey, or if that doesn't exists, the subkey.
43 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
50 if (ctx->more_flags & LOCAL) {
51 ret = krb5_auth_con_getlocalsubkey(context,
55 ret = krb5_auth_con_getremotesubkey(context,
59 if (ret == 0 && *key == NULL)
60 ret = krb5_auth_con_getkey(context,
63 if (ret == 0 && *key == NULL) {
64 krb5_set_error_string(context, "No initiator subkey available");
65 return GSS_KRB5_S_KG_NO_SUBKEY;
71 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
78 if (ctx->more_flags & LOCAL) {
79 ret = krb5_auth_con_getremotesubkey(context,
83 ret = krb5_auth_con_getlocalsubkey(context,
87 if (ret == 0 && *key == NULL) {
88 krb5_set_error_string(context, "No acceptor subkey available");
89 return GSS_KRB5_S_KG_NO_SUBKEY;
95 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
99 _gsskrb5i_get_acceptor_subkey(ctx, context, key);
102 * Only use the initiator subkey or ticket session key if an
103 * acceptor subkey was not required.
105 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
106 _gsskrb5i_get_initiator_subkey(ctx, context, key);
109 krb5_set_error_string(context, "No token key available");
110 return GSS_KRB5_S_KG_NO_SUBKEY;
117 OM_uint32 req_output_size,
118 OM_uint32 * max_input_size,
123 size_t len, total_len;
125 len = 8 + req_output_size + blocksize + extrasize;
127 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
129 total_len -= req_output_size; /* token length */
130 if (total_len < req_output_size) {
131 *max_input_size = (req_output_size - total_len);
132 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
136 return GSS_S_COMPLETE;
140 _gsskrb5_wrap_size_limit (
141 OM_uint32 * minor_status,
142 const gss_ctx_id_t context_handle,
145 OM_uint32 req_output_size,
146 OM_uint32 * max_input_size
149 krb5_context context;
152 krb5_keytype keytype;
153 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
155 GSSAPI_KRB5_INIT (&context);
157 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
158 ret = _gsskrb5i_get_token_key(ctx, context, &key);
159 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
162 return GSS_S_FAILURE;
164 krb5_enctype_to_keytype (context, key->keytype, &keytype);
168 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
170 case KEYTYPE_ARCFOUR:
171 case KEYTYPE_ARCFOUR_56:
172 ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
173 conf_req_flag, qop_req,
174 req_output_size, max_input_size, key);
177 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
180 ret = _gssapi_wrap_size_cfx(minor_status, ctx, context,
181 conf_req_flag, qop_req,
182 req_output_size, max_input_size, key);
185 krb5_free_keyblock (context, key);
192 (OM_uint32 * minor_status,
193 const gsskrb5_ctx ctx,
194 krb5_context context,
197 const gss_buffer_t input_message_buffer,
199 gss_buffer_t output_message_buffer,
206 DES_key_schedule schedule;
211 size_t len, total_len, padlength, datalen;
213 padlength = 8 - (input_message_buffer->length % 8);
214 datalen = input_message_buffer->length + padlength + 8;
216 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
218 output_message_buffer->length = total_len;
219 output_message_buffer->value = malloc (total_len);
220 if (output_message_buffer->value == NULL) {
221 output_message_buffer->length = 0;
222 *minor_status = ENOMEM;
223 return GSS_S_FAILURE;
226 p = _gsskrb5_make_header(output_message_buffer->value,
228 "\x02\x01", /* TOK_ID */
232 memcpy (p, "\x00\x00", 2);
236 memcpy (p, "\x00\x00", 2);
238 memcpy (p, "\xff\xff", 2);
241 memcpy (p, "\xff\xff", 2);
248 /* confounder + data + pad */
249 krb5_generate_random_block(p, 8);
250 memcpy (p + 8, input_message_buffer->value,
251 input_message_buffer->length);
252 memset (p + 8 + input_message_buffer->length, padlength, padlength);
256 MD5_Update (&md5, p - 24, 8);
257 MD5_Update (&md5, p, datalen);
258 MD5_Final (hash, &md5);
260 memset (&zero, 0, sizeof(zero));
261 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
262 DES_set_key (&deskey, &schedule);
263 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
265 memcpy (p - 8, hash, 8);
267 /* sequence number */
268 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
269 krb5_auth_con_getlocalseqnumber (context,
274 p[0] = (seq_number >> 0) & 0xFF;
275 p[1] = (seq_number >> 8) & 0xFF;
276 p[2] = (seq_number >> 16) & 0xFF;
277 p[3] = (seq_number >> 24) & 0xFF;
279 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
282 DES_set_key (&deskey, &schedule);
283 DES_cbc_encrypt ((void *)p, (void *)p, 8,
284 &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
286 krb5_auth_con_setlocalseqnumber (context,
289 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
291 /* encrypt the data */
295 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
297 for (i = 0; i < sizeof(deskey); ++i)
299 DES_set_key (&deskey, &schedule);
300 memset (&zero, 0, sizeof(zero));
301 DES_cbc_encrypt ((void *)p,
308 memset (deskey, 0, sizeof(deskey));
309 memset (&schedule, 0, sizeof(schedule));
311 if(conf_state != NULL)
312 *conf_state = conf_req_flag;
314 return GSS_S_COMPLETE;
319 (OM_uint32 * minor_status,
320 const gsskrb5_ctx ctx,
321 krb5_context context,
324 const gss_buffer_t input_message_buffer,
326 gss_buffer_t output_message_buffer,
333 size_t len, total_len, padlength, datalen;
339 padlength = 8 - (input_message_buffer->length % 8);
340 datalen = input_message_buffer->length + padlength + 8;
342 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
344 output_message_buffer->length = total_len;
345 output_message_buffer->value = malloc (total_len);
346 if (output_message_buffer->value == NULL) {
347 output_message_buffer->length = 0;
348 *minor_status = ENOMEM;
349 return GSS_S_FAILURE;
352 p = _gsskrb5_make_header(output_message_buffer->value,
354 "\x02\x01", /* TOK_ID */
358 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
362 memcpy (p, "\x02\x00", 2); /* DES3-KD */
364 memcpy (p, "\xff\xff", 2);
367 memcpy (p, "\xff\xff", 2);
370 /* calculate checksum (the above + confounder + data + pad) */
372 memcpy (p + 20, p - 8, 8);
373 krb5_generate_random_block(p + 28, 8);
374 memcpy (p + 28 + 8, input_message_buffer->value,
375 input_message_buffer->length);
376 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
378 ret = krb5_crypto_init(context, key, 0, &crypto);
380 free (output_message_buffer->value);
381 output_message_buffer->length = 0;
382 output_message_buffer->value = NULL;
384 return GSS_S_FAILURE;
387 ret = krb5_create_checksum (context,
394 krb5_crypto_destroy (context, crypto);
396 free (output_message_buffer->value);
397 output_message_buffer->length = 0;
398 output_message_buffer->value = NULL;
400 return GSS_S_FAILURE;
403 /* zero out SND_SEQ + SGN_CKSUM in case */
406 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
407 free_Checksum (&cksum);
409 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
410 /* sequence number */
411 krb5_auth_con_getlocalseqnumber (context,
415 seq[0] = (seq_number >> 0) & 0xFF;
416 seq[1] = (seq_number >> 8) & 0xFF;
417 seq[2] = (seq_number >> 16) & 0xFF;
418 seq[3] = (seq_number >> 24) & 0xFF;
420 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
424 ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
427 free (output_message_buffer->value);
428 output_message_buffer->length = 0;
429 output_message_buffer->value = NULL;
431 return GSS_S_FAILURE;
437 memcpy (&ivec, p + 8, 8);
438 ret = krb5_encrypt_ivec (context,
444 krb5_crypto_destroy (context, crypto);
446 free (output_message_buffer->value);
447 output_message_buffer->length = 0;
448 output_message_buffer->value = NULL;
450 return GSS_S_FAILURE;
453 assert (encdata.length == 8);
455 memcpy (p, encdata.data, encdata.length);
456 krb5_data_free (&encdata);
458 krb5_auth_con_setlocalseqnumber (context,
461 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
463 /* encrypt the data */
469 ret = krb5_crypto_init(context, key,
470 ETYPE_DES3_CBC_NONE, &crypto);
472 free (output_message_buffer->value);
473 output_message_buffer->length = 0;
474 output_message_buffer->value = NULL;
476 return GSS_S_FAILURE;
478 ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
480 krb5_crypto_destroy(context, crypto);
482 free (output_message_buffer->value);
483 output_message_buffer->length = 0;
484 output_message_buffer->value = NULL;
486 return GSS_S_FAILURE;
488 assert (tmp.length == datalen);
490 memcpy (p, tmp.data, datalen);
491 krb5_data_free(&tmp);
493 if(conf_state != NULL)
494 *conf_state = conf_req_flag;
496 return GSS_S_COMPLETE;
499 OM_uint32 _gsskrb5_wrap
500 (OM_uint32 * minor_status,
501 const gss_ctx_id_t context_handle,
504 const gss_buffer_t input_message_buffer,
506 gss_buffer_t output_message_buffer
509 krb5_context context;
512 krb5_keytype keytype;
513 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
515 GSSAPI_KRB5_INIT (&context);
517 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
518 ret = _gsskrb5i_get_token_key(ctx, context, &key);
519 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
522 return GSS_S_FAILURE;
524 krb5_enctype_to_keytype (context, key->keytype, &keytype);
528 ret = wrap_des (minor_status, ctx, context, conf_req_flag,
529 qop_req, input_message_buffer, conf_state,
530 output_message_buffer, key);
533 ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
534 qop_req, input_message_buffer, conf_state,
535 output_message_buffer, key);
537 case KEYTYPE_ARCFOUR:
538 case KEYTYPE_ARCFOUR_56:
539 ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
540 qop_req, input_message_buffer, conf_state,
541 output_message_buffer, key);
544 ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
545 qop_req, input_message_buffer, conf_state,
546 output_message_buffer, key);
549 krb5_free_keyblock (context, key);