1/* 2 * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the Kungliga Tekniska 20 * H�gskolan and its contributors. 21 * 22 * 4. Neither the name of the Institute nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39#include "sasl_mac_krb_locl.h" 40 41RCSID("$Id: rd_priv.c,v 1.4 2005/01/10 19:10:47 snsimon Exp $"); 42 43/* application include files */ 44#include "krb-archaeology.h" 45 46/* 47 * krb_rd_priv() decrypts and checks the integrity of an 48 * AUTH_MSG_PRIVATE message. Given the message received, "in", 49 * the length of that message, "in_length", the key "schedule" 50 * and "key", and the network addresses of the 51 * "sender" and "receiver" of the message, krb_rd_safe() returns 52 * RD_AP_OK if the message is okay, otherwise some error code. 53 * 54 * The message data retrieved from "in" are returned in the structure 55 * "m_data". The pointer to the application data 56 * (m_data->app_data) refers back to the appropriate place in "in". 57 * 58 * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE 59 * message. The structure containing the extracted message 60 * information, MSG_DAT, is defined in "krb.h". 61 */ 62 63int32_t 64krb_rd_priv(void *in, u_int32_t in_length, 65 struct des_ks_struct *schedule, des_cblock *key, 66 struct sockaddr_in *sender, struct sockaddr_in *receiver, 67 MSG_DAT *m_data) 68{ 69 unsigned char *p = (unsigned char*)in; 70 int little_endian; 71 u_int32_t clen; 72 struct timeval tv; 73 u_int32_t src_addr; 74 int delta_t; 75 76 unsigned char pvno, type; 77 78 pvno = *p++; 79 if(pvno != KRB_PROT_VERSION) 80 return RD_AP_VERSION; 81 82 type = *p++; 83 little_endian = type & 1; 84 type &= ~1; 85 86 p += krb_get_int(p, &clen, 4, little_endian); 87 88 if(clen + 2 > in_length) 89 return RD_AP_MODIFIED; 90 91 des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, 92 schedule, key, DES_DECRYPT); 93 94 p += krb_get_int(p, &m_data->app_length, 4, little_endian); 95 if(m_data->app_length + 17 > in_length) 96 return RD_AP_MODIFIED; 97 98 m_data->app_data = p; 99 p += m_data->app_length; 100 101 m_data->time_5ms = *p++; 102 103 p += krb_get_address(p, &src_addr); 104 105 if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) 106 return RD_AP_BADD; 107 108 p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); 109 110 m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); 111 112 gettimeofday(&tv, NULL); 113 114 /* check the time integrity of the msg */ 115 delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); 116 if (delta_t > CLOCK_SKEW) 117 return RD_AP_TIME; 118 if (krb_debug) 119 krb_warning("delta_t = %d\n", (int) delta_t); 120 121 /* 122 * caller must check timestamps for proper order and 123 * replays, since server might have multiple clients 124 * each with its own timestamps and we don't assume 125 * tightly synchronized clocks. 126 */ 127 128 return KSUCCESS; 129} 130