1/*
2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "gsskrb5_locl.h"
35
36#ifdef HEIM_WEAK_CRYPTO
37
38static OM_uint32
39mic_des
40           (OM_uint32 * minor_status,
41            const gsskrb5_ctx ctx,
42	    krb5_context context,
43            gss_qop_t qop_req,
44            const gss_buffer_t message_buffer,
45            gss_buffer_t message_token,
46	    krb5_keyblock *key
47           )
48{
49  u_char *p;
50  EVP_MD_CTX *md5;
51  u_char hash[16];
52  DES_key_schedule schedule;
53  EVP_CIPHER_CTX des_ctx;
54  DES_cblock deskey;
55  DES_cblock zero;
56  int32_t seq_number;
57  size_t len, total_len;
58
59  _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
60
61  message_token->length = total_len;
62  message_token->value  = malloc (total_len);
63  if (message_token->value == NULL) {
64    message_token->length = 0;
65    *minor_status = ENOMEM;
66    return GSS_S_FAILURE;
67  }
68
69  p = _gsskrb5_make_header(message_token->value,
70			      len,
71			      "\x01\x01", /* TOK_ID */
72			      GSS_KRB5_MECHANISM);
73
74  memcpy (p, "\x00\x00", 2);	/* SGN_ALG = DES MAC MD5 */
75  p += 2;
76
77  memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
78  p += 4;
79
80  /* Fill in later (SND-SEQ) */
81  memset (p, 0, 16);
82  p += 16;
83
84  /* checksum */
85  md5 = EVP_MD_CTX_create();
86  EVP_DigestInit_ex(md5, EVP_md5(), NULL);
87  EVP_DigestUpdate(md5, p - 24, 8);
88  EVP_DigestUpdate(md5, message_buffer->value, message_buffer->length);
89  EVP_DigestFinal_ex(md5, hash, NULL);
90  EVP_MD_CTX_destroy(md5);
91
92  memset (&zero, 0, sizeof(zero));
93  memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
94  DES_set_key_unchecked (&deskey, &schedule);
95  DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
96		 &schedule, &zero);
97  memcpy (p - 8, hash, 8);	/* SGN_CKSUM */
98
99  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
100  /* sequence number */
101  krb5_auth_con_getlocalseqnumber (context,
102				   ctx->auth_context,
103				   &seq_number);
104
105  p -= 16;			/* SND_SEQ */
106  p[0] = (seq_number >> 0)  & 0xFF;
107  p[1] = (seq_number >> 8)  & 0xFF;
108  p[2] = (seq_number >> 16) & 0xFF;
109  p[3] = (seq_number >> 24) & 0xFF;
110  memset (p + 4,
111	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
112	  4);
113
114  EVP_CIPHER_CTX_init(&des_ctx);
115  EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1);
116  EVP_Cipher(&des_ctx, p, p, 8);
117  EVP_CIPHER_CTX_cleanup(&des_ctx);
118
119  krb5_auth_con_setlocalseqnumber (context,
120			       ctx->auth_context,
121			       ++seq_number);
122  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
123
124  memset (deskey, 0, sizeof(deskey));
125  memset (&schedule, 0, sizeof(schedule));
126
127  *minor_status = 0;
128  return GSS_S_COMPLETE;
129}
130#endif
131
132static OM_uint32
133mic_des3
134           (OM_uint32 * minor_status,
135            const gsskrb5_ctx ctx,
136	    krb5_context context,
137            gss_qop_t qop_req,
138            const gss_buffer_t message_buffer,
139            gss_buffer_t message_token,
140	    krb5_keyblock *key
141           )
142{
143  u_char *p;
144  Checksum cksum;
145  u_char seq[8];
146
147  int32_t seq_number;
148  size_t len, total_len;
149
150  krb5_crypto crypto;
151  krb5_error_code kret;
152  krb5_data encdata;
153  char *tmp;
154  char ivec[8];
155
156  _gsskrb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM);
157
158  message_token->length = total_len;
159  message_token->value  = malloc (total_len);
160  if (message_token->value == NULL) {
161      message_token->length = 0;
162      *minor_status = ENOMEM;
163      return GSS_S_FAILURE;
164  }
165
166  p = _gsskrb5_make_header(message_token->value,
167			      len,
168			      "\x01\x01", /* TOK-ID */
169			      GSS_KRB5_MECHANISM);
170
171  memcpy (p, "\x04\x00", 2);	/* SGN_ALG = HMAC SHA1 DES3-KD */
172  p += 2;
173
174  memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
175  p += 4;
176
177  /* this should be done in parts */
178
179  tmp = malloc (message_buffer->length + 8);
180  if (tmp == NULL) {
181      free (message_token->value);
182      message_token->value = NULL;
183      message_token->length = 0;
184      *minor_status = ENOMEM;
185      return GSS_S_FAILURE;
186  }
187  memcpy (tmp, p - 8, 8);
188  memcpy (tmp + 8, message_buffer->value, message_buffer->length);
189
190  kret = krb5_crypto_init(context, key, 0, &crypto);
191  if (kret) {
192      free (message_token->value);
193      message_token->value = NULL;
194      message_token->length = 0;
195      free (tmp);
196      *minor_status = kret;
197      return GSS_S_FAILURE;
198  }
199
200  kret = krb5_create_checksum (context,
201			       crypto,
202			       KRB5_KU_USAGE_SIGN,
203			       0,
204			       tmp,
205			       message_buffer->length + 8,
206			       &cksum);
207  free (tmp);
208  krb5_crypto_destroy (context, crypto);
209  if (kret) {
210      free (message_token->value);
211      message_token->value = NULL;
212      message_token->length = 0;
213      *minor_status = kret;
214      return GSS_S_FAILURE;
215  }
216
217  memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
218
219  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
220  /* sequence number */
221  krb5_auth_con_getlocalseqnumber (context,
222			       ctx->auth_context,
223			       &seq_number);
224
225  seq[0] = (seq_number >> 0)  & 0xFF;
226  seq[1] = (seq_number >> 8)  & 0xFF;
227  seq[2] = (seq_number >> 16) & 0xFF;
228  seq[3] = (seq_number >> 24) & 0xFF;
229  memset (seq + 4,
230	  (ctx->more_flags & LOCAL) ? 0 : 0xFF,
231	  4);
232
233  kret = krb5_crypto_init(context, key,
234			  ETYPE_DES3_CBC_NONE, &crypto);
235  if (kret) {
236      free (message_token->value);
237      message_token->value = NULL;
238      message_token->length = 0;
239      *minor_status = kret;
240      return GSS_S_FAILURE;
241  }
242
243  if (ctx->more_flags & COMPAT_OLD_DES3)
244      memset(ivec, 0, 8);
245  else
246      memcpy(ivec, p + 8, 8);
247
248  kret = krb5_encrypt_ivec (context,
249			    crypto,
250			    KRB5_KU_USAGE_SEQ,
251			    seq, 8, &encdata, ivec);
252  krb5_crypto_destroy (context, crypto);
253  if (kret) {
254      free (message_token->value);
255      message_token->value = NULL;
256      message_token->length = 0;
257      *minor_status = kret;
258      return GSS_S_FAILURE;
259  }
260
261  assert (encdata.length == 8);
262
263  memcpy (p, encdata.data, encdata.length);
264  krb5_data_free (&encdata);
265
266  krb5_auth_con_setlocalseqnumber (context,
267			       ctx->auth_context,
268			       ++seq_number);
269  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
270
271  free_Checksum (&cksum);
272  *minor_status = 0;
273  return GSS_S_COMPLETE;
274}
275
276OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
277           (OM_uint32 * minor_status,
278            const gss_ctx_id_t context_handle,
279            gss_qop_t qop_req,
280            const gss_buffer_t message_buffer,
281            gss_buffer_t message_token
282           )
283{
284  krb5_context context;
285  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
286  krb5_keyblock *key;
287  OM_uint32 ret;
288  krb5_keytype keytype;
289
290  GSSAPI_KRB5_INIT (&context);
291
292  if (ctx->more_flags & IS_CFX)
293      return _gssapi_mic_cfx (minor_status, ctx, context, qop_req,
294			      message_buffer, message_token);
295
296  HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
297  ret = _gsskrb5i_get_token_key(ctx, context, &key);
298  HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
299  if (ret) {
300      *minor_status = ret;
301      return GSS_S_FAILURE;
302  }
303  krb5_enctype_to_keytype (context, key->keytype, &keytype);
304
305  switch (keytype) {
306  case KEYTYPE_DES :
307#ifdef HEIM_WEAK_CRYPTO
308      ret = mic_des (minor_status, ctx, context, qop_req,
309		     message_buffer, message_token, key);
310#else
311      ret = GSS_S_FAILURE;
312#endif
313      break;
314  case KEYTYPE_DES3 :
315      ret = mic_des3 (minor_status, ctx, context, qop_req,
316		      message_buffer, message_token, key);
317      break;
318  case KEYTYPE_ARCFOUR:
319  case KEYTYPE_ARCFOUR_56:
320      ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req,
321				     message_buffer, message_token, key);
322      break;
323  default :
324      abort();
325      break;
326  }
327  krb5_free_keyblock (context, key);
328  return ret;
329}
330