/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- _gsskrb5i_get_initiator_subkey
- _gsskrb5i_get_acceptor_subkey
- _gsskrb5i_get_token_key
- sub_wrap_size
- _gsskrb5_wrap_size_limit
1 /*
2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5/gsskrb5_locl.h"
35
36 RCSID("$Id$");
37
38 /*
39 * Return initiator subkey, or if that doesn't exists, the subkey.
40 */
41
42 krb5_error_code
43 _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
/* [<][>][^][v][top][bottom][index][help] */
44 krb5_context context,
45 krb5_keyblock **key)
46 {
47 krb5_error_code ret;
48 *key = NULL;
49
50 if (ctx->more_flags & LOCAL) {
51 ret = krb5_auth_con_getlocalsubkey(context,
52 ctx->auth_context,
53 key);
54 } else {
55 ret = krb5_auth_con_getremotesubkey(context,
56 ctx->auth_context,
57 key);
58 }
59 if (ret == 0 && *key == NULL)
60 ret = krb5_auth_con_getkey(context,
61 ctx->auth_context,
62 key);
63 if (ret == 0 && *key == NULL) {
64 krb5_set_error_message(context, 0, "No initiator subkey available");
65 return GSS_KRB5_S_KG_NO_SUBKEY;
66 }
67 return ret;
68 }
69
70 krb5_error_code
71 _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
/* [<][>][^][v][top][bottom][index][help] */
72 krb5_context context,
73 krb5_keyblock **key)
74 {
75 krb5_error_code ret;
76 *key = NULL;
77
78 if (ctx->more_flags & LOCAL) {
79 ret = krb5_auth_con_getremotesubkey(context,
80 ctx->auth_context,
81 key);
82 } else {
83 ret = krb5_auth_con_getlocalsubkey(context,
84 ctx->auth_context,
85 key);
86 }
87 if (ret == 0 && *key == NULL) {
88 krb5_set_error_message(context, 0, "No acceptor subkey available");
89 return GSS_KRB5_S_KG_NO_SUBKEY;
90 }
91 return ret;
92 }
93
94 OM_uint32
95 _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
/* [<][>][^][v][top][bottom][index][help] */
96 krb5_context context,
97 krb5_keyblock **key)
98 {
99 _gsskrb5i_get_acceptor_subkey(ctx, context, key);
100 if(*key == NULL) {
101 /*
102 * Only use the initiator subkey or ticket session key if an
103 * acceptor subkey was not required.
104 */
105 if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
106 _gsskrb5i_get_initiator_subkey(ctx, context, key);
107 }
108 if (*key == NULL) {
109 krb5_set_error_message(context, 0, "No token key available");
110 return GSS_KRB5_S_KG_NO_SUBKEY;
111 }
112 return 0;
113 }
114
115 static OM_uint32
116 sub_wrap_size (
/* [<][>][^][v][top][bottom][index][help] */
117 OM_uint32 req_output_size,
118 OM_uint32 * max_input_size,
119 int blocksize,
120 int extrasize
121 )
122 {
123 size_t len, total_len;
124
125 len = 8 + req_output_size + blocksize + extrasize;
126
127 _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
128
129 total_len -= req_output_size; /* token length */
130 if (total_len < req_output_size) {
131 *max_input_size = (req_output_size - total_len);
132 (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
133 } else {
134 *max_input_size = 0;
135 }
136 return GSS_S_COMPLETE;
137 }
138
139 OM_uint32
140 _gsskrb5_wrap_size_limit (
/* [<][>][^][v][top][bottom][index][help] */
141 OM_uint32 * minor_status,
142 const gss_ctx_id_t context_handle,
143 int conf_req_flag,
144 gss_qop_t qop_req,
145 OM_uint32 req_output_size,
146 OM_uint32 * max_input_size
147 )
148 {
149 krb5_context context;
150 krb5_keyblock *key;
151 OM_uint32 ret;
152 krb5_keytype keytype;
153 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
154
155 GSSAPI_KRB5_INIT (&context);
156
157 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
158 ret = _gsskrb5i_get_token_key(ctx, context, &key);
159 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
160 if (ret) {
161 *minor_status = ret;
162 return GSS_S_FAILURE;
163 }
164 krb5_enctype_to_keytype (context, key->keytype, &keytype);
165
166 switch (keytype) {
167 case KEYTYPE_DES :
168 ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
169 break;
170 case KEYTYPE_ARCFOUR:
171 case KEYTYPE_ARCFOUR_56:
172 ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
173 conf_req_flag, qop_req,
174 req_output_size, max_input_size, key);
175 break;
176 case KEYTYPE_DES3 :
177 ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
178 break;
179 default :
180 ret = _gssapi_wrap_size_cfx(minor_status, ctx, context,
181 conf_req_flag, qop_req,
182 req_output_size, max_input_size, key);
183 break;
184 }
185 krb5_free_keyblock (context, key);
186 *minor_status = 0;
187 return ret;
188 }
189
190 static OM_uint32
191 wrap_des
192 (OM_uint32 * minor_status,
193 const gsskrb5_ctx ctx,
194 krb5_context context,
195 int conf_req_flag,
196 gss_qop_t qop_req,
197 const gss_buffer_t input_message_buffer,
198 int * conf_state,
199 gss_buffer_t output_message_buffer,
200 krb5_keyblock *key
201 )
202 {
203 u_char *p;
204 MD5_CTX md5;
205 u_char hash[16];
206 DES_key_schedule schedule;
207 DES_cblock deskey;
208 DES_cblock zero;
209 int i;
210 int32_t seq_number;
211 size_t len, total_len, padlength, datalen;
212
213 if (IS_DCE_STYLE(ctx)) {
214 padlength = 0;
215 datalen = input_message_buffer->length;
216 len = 22 + 8;
217 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
218 total_len += datalen;
219 datalen += 8;
220 } else {
221 padlength = 8 - (input_message_buffer->length % 8);
222 datalen = input_message_buffer->length + padlength + 8;
223 len = datalen + 22;
224 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
225 }
226
227 output_message_buffer->length = total_len;
228 output_message_buffer->value = malloc (total_len);
229 if (output_message_buffer->value == NULL) {
230 output_message_buffer->length = 0;
231 *minor_status = ENOMEM;
232 return GSS_S_FAILURE;
233 }
234
235 p = _gsskrb5_make_header(output_message_buffer->value,
236 len,
237 "\x02\x01", /* TOK_ID */
238 GSS_KRB5_MECHANISM);
239
240 /* SGN_ALG */
241 memcpy (p, "\x00\x00", 2);
242 p += 2;
243 /* SEAL_ALG */
244 if(conf_req_flag)
245 memcpy (p, "\x00\x00", 2);
246 else
247 memcpy (p, "\xff\xff", 2);
248 p += 2;
249 /* Filler */
250 memcpy (p, "\xff\xff", 2);
251 p += 2;
252
253 /* fill in later */
254 memset (p, 0, 16);
255 p += 16;
256
257 /* confounder + data + pad */
258 krb5_generate_random_block(p, 8);
259 memcpy (p + 8, input_message_buffer->value,
260 input_message_buffer->length);
261 memset (p + 8 + input_message_buffer->length, padlength, padlength);
262
263 /* checksum */
264 MD5_Init (&md5);
265 MD5_Update (&md5, p - 24, 8);
266 MD5_Update (&md5, p, datalen);
267 MD5_Final (hash, &md5);
268
269 memset (&zero, 0, sizeof(zero));
270 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
271 DES_set_key_unchecked (&deskey, &schedule);
272 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
273 &schedule, &zero);
274 memcpy (p - 8, hash, 8);
275
276 /* sequence number */
277 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
278 krb5_auth_con_getlocalseqnumber (context,
279 ctx->auth_context,
280 &seq_number);
281
282 p -= 16;
283 p[0] = (seq_number >> 0) & 0xFF;
284 p[1] = (seq_number >> 8) & 0xFF;
285 p[2] = (seq_number >> 16) & 0xFF;
286 p[3] = (seq_number >> 24) & 0xFF;
287 memset (p + 4,
288 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
289 4);
290
291 DES_set_key_unchecked (&deskey, &schedule);
292 DES_cbc_encrypt ((void *)p, (void *)p, 8,
293 &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
294
295 krb5_auth_con_setlocalseqnumber (context,
296 ctx->auth_context,
297 ++seq_number);
298 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
299
300 /* encrypt the data */
301 p += 16;
302
303 if(conf_req_flag) {
304 memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
305
306 for (i = 0; i < sizeof(deskey); ++i)
307 deskey[i] ^= 0xf0;
308 DES_set_key_unchecked (&deskey, &schedule);
309 memset (&zero, 0, sizeof(zero));
310 DES_cbc_encrypt ((void *)p,
311 (void *)p,
312 datalen,
313 &schedule,
314 &zero,
315 DES_ENCRYPT);
316 }
317 memset (deskey, 0, sizeof(deskey));
318 memset (&schedule, 0, sizeof(schedule));
319
320 if(conf_state != NULL)
321 *conf_state = conf_req_flag;
322 *minor_status = 0;
323 return GSS_S_COMPLETE;
324 }
325
326 static OM_uint32
327 wrap_des3
328 (OM_uint32 * minor_status,
329 const gsskrb5_ctx ctx,
330 krb5_context context,
331 int conf_req_flag,
332 gss_qop_t qop_req,
333 const gss_buffer_t input_message_buffer,
334 int * conf_state,
335 gss_buffer_t output_message_buffer,
336 krb5_keyblock *key
337 )
338 {
339 u_char *p;
340 u_char seq[8];
341 int32_t seq_number;
342 size_t len, total_len, padlength, datalen;
343 uint32_t ret;
344 krb5_crypto crypto;
345 Checksum cksum;
346 krb5_data encdata;
347
348 if (IS_DCE_STYLE(ctx)) {
349 padlength = 0;
350 datalen = input_message_buffer->length;
351 len = 34 + 8;
352 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
353 total_len += datalen;
354 datalen += 8;
355 } else {
356 padlength = 8 - (input_message_buffer->length % 8);
357 datalen = input_message_buffer->length + padlength + 8;
358 len = datalen + 34;
359 _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
360 }
361
362 output_message_buffer->length = total_len;
363 output_message_buffer->value = malloc (total_len);
364 if (output_message_buffer->value == NULL) {
365 output_message_buffer->length = 0;
366 *minor_status = ENOMEM;
367 return GSS_S_FAILURE;
368 }
369
370 p = _gsskrb5_make_header(output_message_buffer->value,
371 len,
372 "\x02\x01", /* TOK_ID */
373 GSS_KRB5_MECHANISM);
374
375 /* SGN_ALG */
376 memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
377 p += 2;
378 /* SEAL_ALG */
379 if(conf_req_flag)
380 memcpy (p, "\x02\x00", 2); /* DES3-KD */
381 else
382 memcpy (p, "\xff\xff", 2);
383 p += 2;
384 /* Filler */
385 memcpy (p, "\xff\xff", 2);
386 p += 2;
387
388 /* calculate checksum (the above + confounder + data + pad) */
389
390 memcpy (p + 20, p - 8, 8);
391 krb5_generate_random_block(p + 28, 8);
392 memcpy (p + 28 + 8, input_message_buffer->value,
393 input_message_buffer->length);
394 memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
395
396 ret = krb5_crypto_init(context, key, 0, &crypto);
397 if (ret) {
398 free (output_message_buffer->value);
399 output_message_buffer->length = 0;
400 output_message_buffer->value = NULL;
401 *minor_status = ret;
402 return GSS_S_FAILURE;
403 }
404
405 ret = krb5_create_checksum (context,
406 crypto,
407 KRB5_KU_USAGE_SIGN,
408 0,
409 p + 20,
410 datalen + 8,
411 &cksum);
412 krb5_crypto_destroy (context, crypto);
413 if (ret) {
414 free (output_message_buffer->value);
415 output_message_buffer->length = 0;
416 output_message_buffer->value = NULL;
417 *minor_status = ret;
418 return GSS_S_FAILURE;
419 }
420
421 /* zero out SND_SEQ + SGN_CKSUM in case */
422 memset (p, 0, 28);
423
424 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
425 free_Checksum (&cksum);
426
427 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
428 /* sequence number */
429 krb5_auth_con_getlocalseqnumber (context,
430 ctx->auth_context,
431 &seq_number);
432
433 seq[0] = (seq_number >> 0) & 0xFF;
434 seq[1] = (seq_number >> 8) & 0xFF;
435 seq[2] = (seq_number >> 16) & 0xFF;
436 seq[3] = (seq_number >> 24) & 0xFF;
437 memset (seq + 4,
438 (ctx->more_flags & LOCAL) ? 0 : 0xFF,
439 4);
440
441
442 ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
443 &crypto);
444 if (ret) {
445 free (output_message_buffer->value);
446 output_message_buffer->length = 0;
447 output_message_buffer->value = NULL;
448 *minor_status = ret;
449 return GSS_S_FAILURE;
450 }
451
452 {
453 DES_cblock ivec;
454
455 memcpy (&ivec, p + 8, 8);
456 ret = krb5_encrypt_ivec (context,
457 crypto,
458 KRB5_KU_USAGE_SEQ,
459 seq, 8, &encdata,
460 &ivec);
461 }
462 krb5_crypto_destroy (context, crypto);
463 if (ret) {
464 free (output_message_buffer->value);
465 output_message_buffer->length = 0;
466 output_message_buffer->value = NULL;
467 *minor_status = ret;
468 return GSS_S_FAILURE;
469 }
470
471 assert (encdata.length == 8);
472
473 memcpy (p, encdata.data, encdata.length);
474 krb5_data_free (&encdata);
475
476 krb5_auth_con_setlocalseqnumber (context,
477 ctx->auth_context,
478 ++seq_number);
479 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
480
481 /* encrypt the data */
482 p += 28;
483
484 if(conf_req_flag) {
485 krb5_data tmp;
486
487 ret = krb5_crypto_init(context, key,
488 ETYPE_DES3_CBC_NONE, &crypto);
489 if (ret) {
490 free (output_message_buffer->value);
491 output_message_buffer->length = 0;
492 output_message_buffer->value = NULL;
493 *minor_status = ret;
494 return GSS_S_FAILURE;
495 }
496 ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
497 p, datalen, &tmp);
498 krb5_crypto_destroy(context, crypto);
499 if (ret) {
500 free (output_message_buffer->value);
501 output_message_buffer->length = 0;
502 output_message_buffer->value = NULL;
503 *minor_status = ret;
504 return GSS_S_FAILURE;
505 }
506 assert (tmp.length == datalen);
507
508 memcpy (p, tmp.data, datalen);
509 krb5_data_free(&tmp);
510 }
511 if(conf_state != NULL)
512 *conf_state = conf_req_flag;
513 *minor_status = 0;
514 return GSS_S_COMPLETE;
515 }
516
517 OM_uint32 _gsskrb5_wrap
518 (OM_uint32 * minor_status,
519 const gss_ctx_id_t context_handle,
520 int conf_req_flag,
521 gss_qop_t qop_req,
522 const gss_buffer_t input_message_buffer,
523 int * conf_state,
524 gss_buffer_t output_message_buffer
525 )
526 {
527 krb5_context context;
528 krb5_keyblock *key;
529 OM_uint32 ret;
530 krb5_keytype keytype;
531 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
532
533 GSSAPI_KRB5_INIT (&context);
534
535 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
536 ret = _gsskrb5i_get_token_key(ctx, context, &key);
537 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
538 if (ret) {
539 *minor_status = ret;
540 return GSS_S_FAILURE;
541 }
542 krb5_enctype_to_keytype (context, key->keytype, &keytype);
543
544 switch (keytype) {
545 case KEYTYPE_DES :
546 ret = wrap_des (minor_status, ctx, context, conf_req_flag,
547 qop_req, input_message_buffer, conf_state,
548 output_message_buffer, key);
549 break;
550 case KEYTYPE_DES3 :
551 ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
552 qop_req, input_message_buffer, conf_state,
553 output_message_buffer, key);
554 break;
555 case KEYTYPE_ARCFOUR:
556 case KEYTYPE_ARCFOUR_56:
557 ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
558 qop_req, input_message_buffer, conf_state,
559 output_message_buffer, key);
560 break;
561 default :
562 ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
563 qop_req, input_message_buffer, conf_state,
564 output_message_buffer, key);
565 break;
566 }
567 krb5_free_keyblock (context, key);
568 return ret;
569 }