2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gsskrb5_locl.h"
37 * Return initiator subkey, or if that doesn't exists, the subkey.
41 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
48 if (ctx->more_flags & LOCAL) {
49 ret = krb5_auth_con_getlocalsubkey(context,
53 ret = krb5_auth_con_getremotesubkey(context,
57 if (ret == 0 && *key == NULL)
58 ret = krb5_auth_con_getkey(context,
61 if (ret == 0 && *key == NULL) {
62 krb5_set_error_message(context, 0, "No initiator subkey available");
63 return GSS_KRB5_S_KG_NO_SUBKEY;
69 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
76 if (ctx->more_flags & LOCAL) {
77 ret = krb5_auth_con_getremotesubkey(context,
81 ret = krb5_auth_con_getlocalsubkey(context,
85 if (ret == 0 && *key == NULL) {
86 krb5_set_error_message(context, 0, "No acceptor subkey available");
87 return GSS_KRB5_S_KG_NO_SUBKEY;
93 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
97 _gsskrb5i_get_acceptor_subkey(ctx, context, key);
100 * Only use the initiator subkey or ticket session key if an
101 * acceptor subkey was not required.
103 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
104 _gsskrb5i_get_initiator_subkey(ctx, context, key);
107 krb5_set_error_message(context, 0, "No token key available");
108 return GSS_KRB5_S_KG_NO_SUBKEY;
115 OM_uint32 req_output_size,
116 OM_uint32 * max_input_size,
121 size_t len, total_len;
123 len = 8 + req_output_size + blocksize + extrasize;
125 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
127 total_len -= req_output_size; /* token length */
128 if (total_len < req_output_size) {
129 *max_input_size = (req_output_size - total_len);
130 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
134 return GSS_S_COMPLETE;
137 OM_uint32 GSSAPI_CALLCONV
138 _gsskrb5_wrap_size_limit (
139 OM_uint32 * minor_status,
140 const gss_ctx_id_t context_handle,
143 OM_uint32 req_output_size,
144 OM_uint32 * max_input_size
147 krb5_context context;
150 krb5_keytype keytype;
151 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
153 GSSAPI_KRB5_INIT (&context);
155 if (ctx->more_flags & IS_CFX)
156 return _gssapi_wrap_size_cfx(minor_status, ctx, context,
157 conf_req_flag, qop_req,
158 req_output_size, max_input_size);
160 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
161 ret = _gsskrb5i_get_token_key(ctx, context, &key);
162 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
165 return GSS_S_FAILURE;
167 krb5_enctype_to_keytype (context, key->keytype, &keytype);
171 #ifdef HEIM_WEAK_CRYPTO
172 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
177 case ENCTYPE_ARCFOUR_HMAC_MD5:
178 case ENCTYPE_ARCFOUR_HMAC_MD5_56:
179 ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
180 conf_req_flag, qop_req,
181 req_output_size, max_input_size, key);
184 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
190 krb5_free_keyblock (context, key);
195 #ifdef HEIM_WEAK_CRYPTO
199 (OM_uint32 * minor_status,
200 const gsskrb5_ctx ctx,
201 krb5_context context,
204 const gss_buffer_t input_message_buffer,
206 gss_buffer_t output_message_buffer,
213 DES_key_schedule schedule;
214 EVP_CIPHER_CTX des_ctx;
219 size_t len, total_len, padlength, datalen;
221 if (IS_DCE_STYLE(ctx)) {
223 datalen = input_message_buffer->length;
225 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
226 total_len += datalen;
229 padlength = 8 - (input_message_buffer->length % 8);
230 datalen = input_message_buffer->length + padlength + 8;
232 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
235 output_message_buffer->length = total_len;
236 output_message_buffer->value = malloc (total_len);
237 if (output_message_buffer->value == NULL) {
238 output_message_buffer->length = 0;
239 *minor_status = ENOMEM;
240 return GSS_S_FAILURE;
243 p = _gsskrb5_make_header(output_message_buffer->value,
245 "\x02\x01", /* TOK_ID */
249 memcpy (p, "\x00\x00", 2);
253 memcpy (p, "\x00\x00", 2);
255 memcpy (p, "\xff\xff", 2);
258 memcpy (p, "\xff\xff", 2);
265 /* confounder + data + pad */
266 krb5_generate_random_block(p, 8);
267 memcpy (p + 8, input_message_buffer->value,
268 input_message_buffer->length);
269 memset (p + 8 + input_message_buffer->length, padlength, padlength);
272 md5 = EVP_MD_CTX_create();
273 EVP_DigestInit_ex(md5, EVP_md5(), NULL);
274 EVP_DigestUpdate(md5, p - 24, 8);
275 EVP_DigestUpdate(md5, p, datalen);
276 EVP_DigestFinal_ex(md5, hash, NULL);
277 EVP_MD_CTX_destroy(md5);
279 memset (&zero, 0, sizeof(zero));
280 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
281 DES_set_key_unchecked (&deskey, &schedule);
282 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
284 memcpy (p - 8, hash, 8);
286 /* sequence number */
287 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
288 krb5_auth_con_getlocalseqnumber (context,
293 p[0] = (seq_number >> 0) & 0xFF;
294 p[1] = (seq_number >> 8) & 0xFF;
295 p[2] = (seq_number >> 16) & 0xFF;
296 p[3] = (seq_number >> 24) & 0xFF;
298 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
301 EVP_CIPHER_CTX_init(&des_ctx);
302 EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
303 EVP_Cipher(&des_ctx, p, p, 8);
304 EVP_CIPHER_CTX_cleanup(&des_ctx);
306 krb5_auth_con_setlocalseqnumber (context,
309 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
311 /* encrypt the data */
315 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
317 for (i = 0; i < sizeof(deskey); ++i)
320 EVP_CIPHER_CTX_init(&des_ctx);
321 EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1);
322 EVP_Cipher(&des_ctx, p, p, datalen);
323 EVP_CIPHER_CTX_cleanup(&des_ctx);
325 memset (deskey, 0, sizeof(deskey));
326 memset (&schedule, 0, sizeof(schedule));
328 if(conf_state != NULL)
329 *conf_state = conf_req_flag;
331 return GSS_S_COMPLETE;
338 (OM_uint32 * minor_status,
339 const gsskrb5_ctx ctx,
340 krb5_context context,
343 const gss_buffer_t input_message_buffer,
345 gss_buffer_t output_message_buffer,
352 size_t len, total_len, padlength, datalen;
358 if (IS_DCE_STYLE(ctx)) {
360 datalen = input_message_buffer->length;
362 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
363 total_len += datalen;
366 padlength = 8 - (input_message_buffer->length % 8);
367 datalen = input_message_buffer->length + padlength + 8;
369 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
372 output_message_buffer->length = total_len;
373 output_message_buffer->value = malloc (total_len);
374 if (output_message_buffer->value == NULL) {
375 output_message_buffer->length = 0;
376 *minor_status = ENOMEM;
377 return GSS_S_FAILURE;
380 p = _gsskrb5_make_header(output_message_buffer->value,
382 "\x02\x01", /* TOK_ID */
386 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
390 memcpy (p, "\x02\x00", 2); /* DES3-KD */
392 memcpy (p, "\xff\xff", 2);
395 memcpy (p, "\xff\xff", 2);
398 /* calculate checksum (the above + confounder + data + pad) */
400 memcpy (p + 20, p - 8, 8);
401 krb5_generate_random_block(p + 28, 8);
402 memcpy (p + 28 + 8, input_message_buffer->value,
403 input_message_buffer->length);
404 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
406 ret = krb5_crypto_init(context, key, 0, &crypto);
408 free (output_message_buffer->value);
409 output_message_buffer->length = 0;
410 output_message_buffer->value = NULL;
412 return GSS_S_FAILURE;
415 ret = krb5_create_checksum (context,
422 krb5_crypto_destroy (context, crypto);
424 free (output_message_buffer->value);
425 output_message_buffer->length = 0;
426 output_message_buffer->value = NULL;
428 return GSS_S_FAILURE;
431 /* zero out SND_SEQ + SGN_CKSUM in case */
434 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
435 free_Checksum (&cksum);
437 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
438 /* sequence number */
439 krb5_auth_con_getlocalseqnumber (context,
443 seq[0] = (seq_number >> 0) & 0xFF;
444 seq[1] = (seq_number >> 8) & 0xFF;
445 seq[2] = (seq_number >> 16) & 0xFF;
446 seq[3] = (seq_number >> 24) & 0xFF;
448 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
452 ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
455 free (output_message_buffer->value);
456 output_message_buffer->length = 0;
457 output_message_buffer->value = NULL;
459 return GSS_S_FAILURE;
465 memcpy (&ivec, p + 8, 8);
466 ret = krb5_encrypt_ivec (context,
472 krb5_crypto_destroy (context, crypto);
474 free (output_message_buffer->value);
475 output_message_buffer->length = 0;
476 output_message_buffer->value = NULL;
478 return GSS_S_FAILURE;
481 assert (encdata.length == 8);
483 memcpy (p, encdata.data, encdata.length);
484 krb5_data_free (&encdata);
486 krb5_auth_con_setlocalseqnumber (context,
489 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
491 /* encrypt the data */
497 ret = krb5_crypto_init(context, key,
498 ETYPE_DES3_CBC_NONE, &crypto);
500 free (output_message_buffer->value);
501 output_message_buffer->length = 0;
502 output_message_buffer->value = NULL;
504 return GSS_S_FAILURE;
506 ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
508 krb5_crypto_destroy(context, crypto);
510 free (output_message_buffer->value);
511 output_message_buffer->length = 0;
512 output_message_buffer->value = NULL;
514 return GSS_S_FAILURE;
516 assert (tmp.length == datalen);
518 memcpy (p, tmp.data, datalen);
519 krb5_data_free(&tmp);
521 if(conf_state != NULL)
522 *conf_state = conf_req_flag;
524 return GSS_S_COMPLETE;
527 OM_uint32 GSSAPI_CALLCONV
529 (OM_uint32 * minor_status,
530 const gss_ctx_id_t context_handle,
533 const gss_buffer_t input_message_buffer,
535 gss_buffer_t output_message_buffer
538 krb5_context context;
541 krb5_keytype keytype;
542 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
544 output_message_buffer->value = NULL;
545 output_message_buffer->length = 0;
547 GSSAPI_KRB5_INIT (&context);
549 if (ctx->more_flags & IS_CFX)
550 return _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
551 input_message_buffer, conf_state,
552 output_message_buffer);
554 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
555 ret = _gsskrb5i_get_token_key(ctx, context, &key);
556 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
559 return GSS_S_FAILURE;
561 krb5_enctype_to_keytype (context, key->keytype, &keytype);
565 #ifdef HEIM_WEAK_CRYPTO
566 ret = wrap_des (minor_status, ctx, context, conf_req_flag,
567 qop_req, input_message_buffer, conf_state,
568 output_message_buffer, key);
574 ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
575 qop_req, input_message_buffer, conf_state,
576 output_message_buffer, key);
578 case KEYTYPE_ARCFOUR:
579 case KEYTYPE_ARCFOUR_56:
580 ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
581 qop_req, input_message_buffer, conf_state,
582 output_message_buffer, key);
588 krb5_free_keyblock (context, key);