1/*
2 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "krb5_locl.h"
35
36static krb5_error_code
37verify_checksum(krb5_context context,
38		krb5_auth_context auth_context,
39		KRB_SAFE *safe)
40{
41    krb5_error_code ret;
42    u_char *buf;
43    size_t buf_size;
44    size_t len = 0;
45    Checksum c;
46    krb5_crypto crypto;
47    krb5_keyblock *key;
48
49    c = safe->cksum;
50    safe->cksum.cksumtype       = 0;
51    safe->cksum.checksum.data   = NULL;
52    safe->cksum.checksum.length = 0;
53
54    ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
55    if(ret)
56	return ret;
57    if(buf_size != len)
58	krb5_abortx(context, "internal error in ASN.1 encoder");
59
60    if (auth_context->remote_subkey)
61	key = auth_context->remote_subkey;
62    else if (auth_context->local_subkey)
63	key = auth_context->local_subkey;
64    else
65	key = auth_context->keyblock;
66
67    ret = krb5_crypto_init(context, key, 0, &crypto);
68    if (ret)
69	goto out;
70    ret = krb5_verify_checksum (context,
71				crypto,
72				KRB5_KU_KRB_SAFE_CKSUM,
73				buf + buf_size - len,
74				len,
75				&c);
76    krb5_crypto_destroy(context, crypto);
77out:
78    safe->cksum = c;
79    free (buf);
80    return ret;
81}
82
83KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
84krb5_rd_safe(krb5_context context,
85	     krb5_auth_context auth_context,
86	     const krb5_data *inbuf,
87	     krb5_data *outbuf,
88	     krb5_replay_data *outdata)
89{
90    krb5_error_code ret;
91    KRB_SAFE safe;
92    size_t len;
93
94    krb5_data_zero(outbuf);
95
96    if ((auth_context->flags &
97	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)))
98    {
99	if (outdata == NULL) {
100	    krb5_set_error_message(context, KRB5_RC_REQUIRED,
101				   N_("rd_safe: need outdata "
102				      "to return data", ""));
103	    return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
104	}
105	/* if these fields are not present in the safe-part, silently
106           return zero */
107	memset(outdata, 0, sizeof(*outdata));
108    }
109
110    ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
111    if (ret)
112	return ret;
113    if (safe.pvno != 5) {
114	ret = KRB5KRB_AP_ERR_BADVERSION;
115	krb5_clear_error_message (context);
116	goto failure;
117    }
118    if (safe.msg_type != krb_safe) {
119	ret = KRB5KRB_AP_ERR_MSG_TYPE;
120	krb5_clear_error_message (context);
121	goto failure;
122    }
123    if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
124	|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
125	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
126	krb5_clear_error_message (context);
127	goto failure;
128    }
129
130    /* check sender address */
131
132    if (safe.safe_body.s_address
133	&& auth_context->remote_address
134	&& !krb5_address_compare (context,
135				  auth_context->remote_address,
136				  safe.safe_body.s_address)) {
137	ret = KRB5KRB_AP_ERR_BADADDR;
138	krb5_clear_error_message (context);
139	goto failure;
140    }
141
142    /* check receiver address */
143
144    if (safe.safe_body.r_address
145	&& auth_context->local_address
146	&& !krb5_address_compare (context,
147				  auth_context->local_address,
148				  safe.safe_body.r_address)) {
149	ret = KRB5KRB_AP_ERR_BADADDR;
150	krb5_clear_error_message (context);
151	goto failure;
152    }
153
154    /* check timestamp */
155    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
156	krb5_timestamp sec;
157
158	krb5_timeofday (context, &sec);
159
160	if (safe.safe_body.timestamp == NULL ||
161	    safe.safe_body.usec      == NULL ||
162	    krb5_time_abs(*safe.safe_body.timestamp, sec) > context->max_skew) {
163	    ret = KRB5KRB_AP_ERR_SKEW;
164	    krb5_clear_error_message (context);
165	    goto failure;
166	}
167    }
168    /* XXX - check replay cache */
169
170    /* check sequence number. since MIT krb5 cannot generate a sequence
171       number of zero but instead generates no sequence number, we accept that
172    */
173
174    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
175	if ((safe.safe_body.seq_number == NULL
176	     && auth_context->remote_seqnumber != 0)
177	    || (safe.safe_body.seq_number != NULL
178		&& *safe.safe_body.seq_number !=
179		auth_context->remote_seqnumber)) {
180	    ret = KRB5KRB_AP_ERR_BADORDER;
181	    krb5_clear_error_message (context);
182	    goto failure;
183	}
184	auth_context->remote_seqnumber++;
185    }
186
187    ret = verify_checksum (context, auth_context, &safe);
188    if (ret)
189	goto failure;
190
191    outbuf->length = safe.safe_body.user_data.length;
192    outbuf->data   = malloc(outbuf->length);
193    if (outbuf->data == NULL && outbuf->length != 0) {
194	ret = ENOMEM;
195	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
196	krb5_data_zero(outbuf);
197	goto failure;
198    }
199    memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
200
201    if ((auth_context->flags &
202	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
203
204	if(safe.safe_body.timestamp)
205	    outdata->timestamp = *safe.safe_body.timestamp;
206	if(safe.safe_body.usec)
207	    outdata->usec = *safe.safe_body.usec;
208	if(safe.safe_body.seq_number)
209	    outdata->seq = *safe.safe_body.seq_number;
210    }
211
212  failure:
213    free_KRB_SAFE (&safe);
214    return ret;
215}
216