155682Smarkm/*
2233294Sstas * Copyright (c) 1997 - 2003 Kungliga Tekniska H��gskolan
3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4233294Sstas * All rights reserved.
555682Smarkm *
6233294Sstas * Redistribution and use in source and binary forms, with or without
7233294Sstas * modification, are permitted provided that the following conditions
8233294Sstas * are met:
955682Smarkm *
10233294Sstas * 1. Redistributions of source code must retain the above copyright
11233294Sstas *    notice, this list of conditions and the following disclaimer.
1255682Smarkm *
13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright
14233294Sstas *    notice, this list of conditions and the following disclaimer in the
15233294Sstas *    documentation and/or other materials provided with the distribution.
1655682Smarkm *
17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors
18233294Sstas *    may be used to endorse or promote products derived from this software
19233294Sstas *    without specific prior written permission.
2055682Smarkm *
21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24233294Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31233294Sstas * SUCH DAMAGE.
3255682Smarkm */
3355682Smarkm
34233294Sstas#include "krb5_locl.h"
3555682Smarkm
3655682Smarkmstatic krb5_error_code
3755682Smarkmverify_checksum(krb5_context context,
3855682Smarkm		krb5_auth_context auth_context,
3955682Smarkm		KRB_SAFE *safe)
4055682Smarkm{
4155682Smarkm    krb5_error_code ret;
4255682Smarkm    u_char *buf;
4355682Smarkm    size_t buf_size;
44233294Sstas    size_t len = 0;
4555682Smarkm    Checksum c;
4655682Smarkm    krb5_crypto crypto;
4790926Snectar    krb5_keyblock *key;
4855682Smarkm
4955682Smarkm    c = safe->cksum;
5055682Smarkm    safe->cksum.cksumtype       = 0;
5155682Smarkm    safe->cksum.checksum.data   = NULL;
5255682Smarkm    safe->cksum.checksum.length = 0;
5355682Smarkm
54103423Snectar    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
55103423Snectar    if(ret)
56103423Snectar	return ret;
57103423Snectar    if(buf_size != len)
58103423Snectar	krb5_abortx(context, "internal error in ASN.1 encoder");
5955682Smarkm
6090926Snectar    if (auth_context->remote_subkey)
6190926Snectar	key = auth_context->remote_subkey;
6290926Snectar    else if (auth_context->local_subkey)
6390926Snectar	key = auth_context->local_subkey;
6490926Snectar    else
6590926Snectar	key = auth_context->keyblock;
6690926Snectar
6790926Snectar    ret = krb5_crypto_init(context, key, 0, &crypto);
6872445Sassar    if (ret)
6972445Sassar	goto out;
7055682Smarkm    ret = krb5_verify_checksum (context,
7155682Smarkm				crypto,
7255682Smarkm				KRB5_KU_KRB_SAFE_CKSUM,
7355682Smarkm				buf + buf_size - len,
7455682Smarkm				len,
7555682Smarkm				&c);
7655682Smarkm    krb5_crypto_destroy(context, crypto);
7755682Smarkmout:
7855682Smarkm    safe->cksum = c;
7955682Smarkm    free (buf);
8055682Smarkm    return ret;
8155682Smarkm}
8255682Smarkm
83233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
8455682Smarkmkrb5_rd_safe(krb5_context context,
8555682Smarkm	     krb5_auth_context auth_context,
8655682Smarkm	     const krb5_data *inbuf,
8755682Smarkm	     krb5_data *outbuf,
88178825Sdfr	     krb5_replay_data *outdata)
8955682Smarkm{
90178825Sdfr    krb5_error_code ret;
91178825Sdfr    KRB_SAFE safe;
92178825Sdfr    size_t len;
9355682Smarkm
94233294Sstas    krb5_data_zero(outbuf);
9555682Smarkm
96233294Sstas    if ((auth_context->flags &
97233294Sstas	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)))
98233294Sstas    {
99233294Sstas	if (outdata == NULL) {
100233294Sstas	    krb5_set_error_message(context, KRB5_RC_REQUIRED,
101233294Sstas				   N_("rd_safe: need outdata "
102233294Sstas				      "to return data", ""));
103233294Sstas	    return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
104233294Sstas	}
105233294Sstas	/* if these fields are not present in the safe-part, silently
106233294Sstas           return zero */
107233294Sstas	memset(outdata, 0, sizeof(*outdata));
108178825Sdfr    }
10955682Smarkm
110178825Sdfr    ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
111233294Sstas    if (ret)
112178825Sdfr	return ret;
113178825Sdfr    if (safe.pvno != 5) {
114178825Sdfr	ret = KRB5KRB_AP_ERR_BADVERSION;
115233294Sstas	krb5_clear_error_message (context);
116178825Sdfr	goto failure;
117178825Sdfr    }
118178825Sdfr    if (safe.msg_type != krb_safe) {
119178825Sdfr	ret = KRB5KRB_AP_ERR_MSG_TYPE;
120233294Sstas	krb5_clear_error_message (context);
121178825Sdfr	goto failure;
122178825Sdfr    }
123178825Sdfr    if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
124178825Sdfr	|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
125178825Sdfr	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
126233294Sstas	krb5_clear_error_message (context);
127178825Sdfr	goto failure;
128178825Sdfr    }
12955682Smarkm
130178825Sdfr    /* check sender address */
13155682Smarkm
132178825Sdfr    if (safe.safe_body.s_address
133178825Sdfr	&& auth_context->remote_address
134178825Sdfr	&& !krb5_address_compare (context,
135178825Sdfr				  auth_context->remote_address,
136178825Sdfr				  safe.safe_body.s_address)) {
137178825Sdfr	ret = KRB5KRB_AP_ERR_BADADDR;
138233294Sstas	krb5_clear_error_message (context);
139178825Sdfr	goto failure;
140178825Sdfr    }
14155682Smarkm
142178825Sdfr    /* check receiver address */
14355682Smarkm
144178825Sdfr    if (safe.safe_body.r_address
145178825Sdfr	&& auth_context->local_address
146178825Sdfr	&& !krb5_address_compare (context,
147178825Sdfr				  auth_context->local_address,
148178825Sdfr				  safe.safe_body.r_address)) {
149178825Sdfr	ret = KRB5KRB_AP_ERR_BADADDR;
150233294Sstas	krb5_clear_error_message (context);
151178825Sdfr	goto failure;
152178825Sdfr    }
15355682Smarkm
154178825Sdfr    /* check timestamp */
155178825Sdfr    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
156178825Sdfr	krb5_timestamp sec;
15755682Smarkm
158178825Sdfr	krb5_timeofday (context, &sec);
15972445Sassar
160178825Sdfr	if (safe.safe_body.timestamp == NULL ||
161178825Sdfr	    safe.safe_body.usec      == NULL ||
162178825Sdfr	    abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
163178825Sdfr	    ret = KRB5KRB_AP_ERR_SKEW;
164233294Sstas	    krb5_clear_error_message (context);
165178825Sdfr	    goto failure;
166178825Sdfr	}
167178825Sdfr    }
168178825Sdfr    /* XXX - check replay cache */
16955682Smarkm
170178825Sdfr    /* check sequence number. since MIT krb5 cannot generate a sequence
171178825Sdfr       number of zero but instead generates no sequence number, we accept that
172178825Sdfr    */
173178825Sdfr
174178825Sdfr    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
175178825Sdfr	if ((safe.safe_body.seq_number == NULL
176178825Sdfr	     && auth_context->remote_seqnumber != 0)
177178825Sdfr	    || (safe.safe_body.seq_number != NULL
178178825Sdfr		&& *safe.safe_body.seq_number !=
179178825Sdfr		auth_context->remote_seqnumber)) {
180178825Sdfr	    ret = KRB5KRB_AP_ERR_BADORDER;
181233294Sstas	    krb5_clear_error_message (context);
182178825Sdfr	    goto failure;
183178825Sdfr	}
184178825Sdfr	auth_context->remote_seqnumber++;
185178825Sdfr    }
186178825Sdfr
187178825Sdfr    ret = verify_checksum (context, auth_context, &safe);
188178825Sdfr    if (ret)
189178825Sdfr	goto failure;
190233294Sstas
191178825Sdfr    outbuf->length = safe.safe_body.user_data.length;
192178825Sdfr    outbuf->data   = malloc(outbuf->length);
193178825Sdfr    if (outbuf->data == NULL && outbuf->length != 0) {
194178825Sdfr	ret = ENOMEM;
195233294Sstas	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
196178825Sdfr	krb5_data_zero(outbuf);
197178825Sdfr	goto failure;
198178825Sdfr    }
199178825Sdfr    memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
200178825Sdfr
201233294Sstas    if ((auth_context->flags &
202178825Sdfr	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
203233294Sstas
204178825Sdfr	if(safe.safe_body.timestamp)
205178825Sdfr	    outdata->timestamp = *safe.safe_body.timestamp;
206178825Sdfr	if(safe.safe_body.usec)
207178825Sdfr	    outdata->usec = *safe.safe_body.usec;
208178825Sdfr	if(safe.safe_body.seq_number)
209178825Sdfr	    outdata->seq = *safe.safe_body.seq_number;
210178825Sdfr    }
211178825Sdfr
212178825Sdfr  failure:
213178825Sdfr    free_KRB_SAFE (&safe);
214178825Sdfr    return ret;
21555682Smarkm}
216