1/* 2 * Copyright (c) 1997 - 2003 Kungliga Tekniska H��gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "gsskrb5_locl.h" 35 36#ifdef HEIM_WEAK_CRYPTO 37 38static OM_uint32 39mic_des 40 (OM_uint32 * minor_status, 41 const gsskrb5_ctx ctx, 42 krb5_context context, 43 gss_qop_t qop_req, 44 const gss_buffer_t message_buffer, 45 gss_buffer_t message_token, 46 krb5_keyblock *key 47 ) 48{ 49 u_char *p; 50 EVP_MD_CTX *md5; 51 u_char hash[16]; 52 DES_key_schedule schedule; 53 EVP_CIPHER_CTX *des_ctx; 54 DES_cblock deskey; 55 DES_cblock zero; 56 int32_t seq_number; 57 size_t len, total_len; 58 59 _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); 60 61 message_token->length = total_len; 62 message_token->value = malloc (total_len); 63 if (message_token->value == NULL) { 64 message_token->length = 0; 65 *minor_status = ENOMEM; 66 return GSS_S_FAILURE; 67 } 68 69 p = _gsskrb5_make_header(message_token->value, 70 len, 71 "\x01\x01", /* TOK_ID */ 72 GSS_KRB5_MECHANISM); 73 74 memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ 75 p += 2; 76 77 memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */ 78 p += 4; 79 80 /* Fill in later (SND-SEQ) */ 81 memset (p, 0, 16); 82 p += 16; 83 84 /* checksum */ 85 md5 = EVP_MD_CTX_create(); 86 EVP_DigestInit_ex(md5, EVP_md5(), NULL); 87 EVP_DigestUpdate(md5, p - 24, 8); 88 EVP_DigestUpdate(md5, message_buffer->value, message_buffer->length); 89 EVP_DigestFinal_ex(md5, hash, NULL); 90 EVP_MD_CTX_destroy(md5); 91 92 memset (&zero, 0, sizeof(zero)); 93 memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); 94 DES_set_key_unchecked (&deskey, &schedule); 95 DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), 96 &schedule, &zero); 97 memcpy (p - 8, hash, 8); /* SGN_CKSUM */ 98 99 des_ctx = EVP_CIPHER_CTX_new(); 100 if (des_ctx == NULL) { 101 memset (deskey, 0, sizeof(deskey)); 102 memset (&schedule, 0, sizeof(schedule)); 103 free (message_token->value); 104 message_token->value = NULL; 105 message_token->length = 0; 106 *minor_status = ENOMEM; 107 return GSS_S_FAILURE; 108 } 109 110 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); 111 /* sequence number */ 112 krb5_auth_con_getlocalseqnumber (context, 113 ctx->auth_context, 114 &seq_number); 115 116 p -= 16; /* SND_SEQ */ 117 p[0] = (seq_number >> 0) & 0xFF; 118 p[1] = (seq_number >> 8) & 0xFF; 119 p[2] = (seq_number >> 16) & 0xFF; 120 p[3] = (seq_number >> 24) & 0xFF; 121 memset (p + 4, 122 (ctx->more_flags & LOCAL) ? 0 : 0xFF, 123 4); 124 125 EVP_CipherInit_ex(des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); 126 EVP_Cipher(des_ctx, p, p, 8); 127 EVP_CIPHER_CTX_free(des_ctx); 128 129 krb5_auth_con_setlocalseqnumber (context, 130 ctx->auth_context, 131 ++seq_number); 132 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); 133 134 memset (deskey, 0, sizeof(deskey)); 135 memset (&schedule, 0, sizeof(schedule)); 136 137 *minor_status = 0; 138 return GSS_S_COMPLETE; 139} 140#endif 141 142static OM_uint32 143mic_des3 144 (OM_uint32 * minor_status, 145 const gsskrb5_ctx ctx, 146 krb5_context context, 147 gss_qop_t qop_req, 148 const gss_buffer_t message_buffer, 149 gss_buffer_t message_token, 150 krb5_keyblock *key 151 ) 152{ 153 u_char *p; 154 Checksum cksum; 155 u_char seq[8]; 156 157 int32_t seq_number; 158 size_t len, total_len; 159 160 krb5_crypto crypto; 161 krb5_error_code kret; 162 krb5_data encdata; 163 char *tmp; 164 char ivec[8]; 165 166 _gsskrb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM); 167 168 message_token->length = total_len; 169 message_token->value = malloc (total_len); 170 if (message_token->value == NULL) { 171 message_token->length = 0; 172 *minor_status = ENOMEM; 173 return GSS_S_FAILURE; 174 } 175 176 p = _gsskrb5_make_header(message_token->value, 177 len, 178 "\x01\x01", /* TOK-ID */ 179 GSS_KRB5_MECHANISM); 180 181 memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ 182 p += 2; 183 184 memcpy (p, "\xff\xff\xff\xff", 4); /* filler */ 185 p += 4; 186 187 /* this should be done in parts */ 188 189 tmp = malloc (message_buffer->length + 8); 190 if (tmp == NULL) { 191 free (message_token->value); 192 message_token->value = NULL; 193 message_token->length = 0; 194 *minor_status = ENOMEM; 195 return GSS_S_FAILURE; 196 } 197 memcpy (tmp, p - 8, 8); 198 memcpy (tmp + 8, message_buffer->value, message_buffer->length); 199 200 kret = krb5_crypto_init(context, key, 0, &crypto); 201 if (kret) { 202 free (message_token->value); 203 message_token->value = NULL; 204 message_token->length = 0; 205 free (tmp); 206 *minor_status = kret; 207 return GSS_S_FAILURE; 208 } 209 210 kret = krb5_create_checksum (context, 211 crypto, 212 KRB5_KU_USAGE_SIGN, 213 0, 214 tmp, 215 message_buffer->length + 8, 216 &cksum); 217 free (tmp); 218 krb5_crypto_destroy (context, crypto); 219 if (kret) { 220 free (message_token->value); 221 message_token->value = NULL; 222 message_token->length = 0; 223 *minor_status = kret; 224 return GSS_S_FAILURE; 225 } 226 227 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); 228 229 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); 230 /* sequence number */ 231 krb5_auth_con_getlocalseqnumber (context, 232 ctx->auth_context, 233 &seq_number); 234 235 seq[0] = (seq_number >> 0) & 0xFF; 236 seq[1] = (seq_number >> 8) & 0xFF; 237 seq[2] = (seq_number >> 16) & 0xFF; 238 seq[3] = (seq_number >> 24) & 0xFF; 239 memset (seq + 4, 240 (ctx->more_flags & LOCAL) ? 0 : 0xFF, 241 4); 242 243 kret = krb5_crypto_init(context, key, 244 ETYPE_DES3_CBC_NONE, &crypto); 245 if (kret) { 246 free (message_token->value); 247 message_token->value = NULL; 248 message_token->length = 0; 249 *minor_status = kret; 250 return GSS_S_FAILURE; 251 } 252 253 if (ctx->more_flags & COMPAT_OLD_DES3) 254 memset(ivec, 0, 8); 255 else 256 memcpy(ivec, p + 8, 8); 257 258 kret = krb5_encrypt_ivec (context, 259 crypto, 260 KRB5_KU_USAGE_SEQ, 261 seq, 8, &encdata, ivec); 262 krb5_crypto_destroy (context, crypto); 263 if (kret) { 264 free (message_token->value); 265 message_token->value = NULL; 266 message_token->length = 0; 267 *minor_status = kret; 268 return GSS_S_FAILURE; 269 } 270 271 assert (encdata.length == 8); 272 273 memcpy (p, encdata.data, encdata.length); 274 krb5_data_free (&encdata); 275 276 krb5_auth_con_setlocalseqnumber (context, 277 ctx->auth_context, 278 ++seq_number); 279 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); 280 281 free_Checksum (&cksum); 282 *minor_status = 0; 283 return GSS_S_COMPLETE; 284} 285 286OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic 287 (OM_uint32 * minor_status, 288 const gss_ctx_id_t context_handle, 289 gss_qop_t qop_req, 290 const gss_buffer_t message_buffer, 291 gss_buffer_t message_token 292 ) 293{ 294 krb5_context context; 295 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; 296 krb5_keyblock *key; 297 OM_uint32 ret; 298 krb5_keytype keytype; 299 300 GSSAPI_KRB5_INIT (&context); 301 302 if (ctx->more_flags & IS_CFX) 303 return _gssapi_mic_cfx (minor_status, ctx, context, qop_req, 304 message_buffer, message_token); 305 306 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); 307 ret = _gsskrb5i_get_token_key(ctx, context, &key); 308 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); 309 if (ret) { 310 *minor_status = ret; 311 return GSS_S_FAILURE; 312 } 313 krb5_enctype_to_keytype (context, key->keytype, &keytype); 314 315 switch (keytype) { 316 case KEYTYPE_DES : 317#ifdef HEIM_WEAK_CRYPTO 318 ret = mic_des (minor_status, ctx, context, qop_req, 319 message_buffer, message_token, key); 320#else 321 ret = GSS_S_FAILURE; 322#endif 323 break; 324 case KEYTYPE_DES3 : 325 ret = mic_des3 (minor_status, ctx, context, qop_req, 326 message_buffer, message_token, key); 327 break; 328 case KEYTYPE_ARCFOUR: 329 case KEYTYPE_ARCFOUR_56: 330 ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req, 331 message_buffer, message_token, key); 332 break; 333 default : 334 abort(); 335 break; 336 } 337 krb5_free_keyblock (context, key); 338 return ret; 339} 340