From 18d72f2bd9f8e19e1c3373f1b07e1404f66f4a8e Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Mon, 16 Jun 1997 03:45:10 +0000
Subject: [PATCH] Add sequence number.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1916 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/gssapi/get_mic.c         | 32 ++++++++++++++++++++++++++---
 lib/gssapi/krb5/get_mic.c    | 32 ++++++++++++++++++++++++++---
 lib/gssapi/krb5/verify_mic.c | 39 ++++++++++++++++++++++++++++++++----
 lib/gssapi/verify_mic.c      | 39 ++++++++++++++++++++++++++++++++----
 4 files changed, 128 insertions(+), 14 deletions(-)

diff --git a/lib/gssapi/get_mic.c b/lib/gssapi/get_mic.c
index bce53295f..8d9287b85 100644
--- a/lib/gssapi/get_mic.c
+++ b/lib/gssapi/get_mic.c
@@ -1,6 +1,4 @@
 #include "gssapi_locl.h"
-#include <des.h>
-#include <md5.h>
 
 RCSID("$Id$");
 
@@ -19,6 +17,7 @@ OM_uint32 gss_get_mic
   des_key_schedule schedule;
   des_cblock key;
   des_cblock zero;
+  int32_t seq_number;
 
   len = 28 + GSS_KRB5_MECHANISM->length;
   message_token->length = len;
@@ -38,9 +37,11 @@ OM_uint32 gss_get_mic
   memcpy (p, "\xff\xff\xff\xff", 4);
   p += 4;
 
+  /* Fill in later */
   memset (p, 0, 16);
   p += 16;
-  
+
+  /* checksum */
   md5_init (&md5);
   md5_update (&md5, p - 24, 8);
   md5_update (&md5, message_buffer->value,
@@ -54,5 +55,30 @@ OM_uint32 gss_get_mic
   des_cbc_cksum ((des_cblock *)hash,
 		 (des_cblock *)hash, sizeof(hash), schedule, &zero);
   memcpy (p - 8, hash, 8);
+
+  /* sequence number */
+  krb5_auth_getlocalseqnumber (gssapi_krb5_context,
+			       context_handle->auth_context,
+			       &seq_number);
+
+  p -= 16;
+  p[0] = (seq_number >> 0)  & 0xFF;
+  p[1] = (seq_number >> 8)  & 0xFF;
+  p[2] = (seq_number >> 16) & 0xFF;
+  p[3] = (seq_number >> 24) & 0xFF;
+  memset (p + 4,
+	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
+	  4);
+
+  des_set_key (&key, schedule);
+  des_cbc_encrypt (p, p, 8, schedule, p + 16, DES_ENCRYPT);
+
+  krb5_auth_setlocalseqnumber (gssapi_krb5_context,
+			       context_handle->auth_context,
+			       ++seq_number);
+  
+  memset (key, 0, sizeof(key));
+  memset (schedule, 0, sizeof(schedule));
+  
   return GSS_S_COMPLETE;
 }
diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c
index bce53295f..8d9287b85 100644
--- a/lib/gssapi/krb5/get_mic.c
+++ b/lib/gssapi/krb5/get_mic.c
@@ -1,6 +1,4 @@
 #include "gssapi_locl.h"
-#include <des.h>
-#include <md5.h>
 
 RCSID("$Id$");
 
@@ -19,6 +17,7 @@ OM_uint32 gss_get_mic
   des_key_schedule schedule;
   des_cblock key;
   des_cblock zero;
+  int32_t seq_number;
 
   len = 28 + GSS_KRB5_MECHANISM->length;
   message_token->length = len;
@@ -38,9 +37,11 @@ OM_uint32 gss_get_mic
   memcpy (p, "\xff\xff\xff\xff", 4);
   p += 4;
 
+  /* Fill in later */
   memset (p, 0, 16);
   p += 16;
-  
+
+  /* checksum */
   md5_init (&md5);
   md5_update (&md5, p - 24, 8);
   md5_update (&md5, message_buffer->value,
@@ -54,5 +55,30 @@ OM_uint32 gss_get_mic
   des_cbc_cksum ((des_cblock *)hash,
 		 (des_cblock *)hash, sizeof(hash), schedule, &zero);
   memcpy (p - 8, hash, 8);
+
+  /* sequence number */
+  krb5_auth_getlocalseqnumber (gssapi_krb5_context,
+			       context_handle->auth_context,
+			       &seq_number);
+
+  p -= 16;
+  p[0] = (seq_number >> 0)  & 0xFF;
+  p[1] = (seq_number >> 8)  & 0xFF;
+  p[2] = (seq_number >> 16) & 0xFF;
+  p[3] = (seq_number >> 24) & 0xFF;
+  memset (p + 4,
+	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
+	  4);
+
+  des_set_key (&key, schedule);
+  des_cbc_encrypt (p, p, 8, schedule, p + 16, DES_ENCRYPT);
+
+  krb5_auth_setlocalseqnumber (gssapi_krb5_context,
+			       context_handle->auth_context,
+			       ++seq_number);
+  
+  memset (key, 0, sizeof(key));
+  memset (schedule, 0, sizeof(schedule));
+  
   return GSS_S_COMPLETE;
 }
diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c
index 1d38511ae..5a840eb8c 100644
--- a/lib/gssapi/krb5/verify_mic.c
+++ b/lib/gssapi/krb5/verify_mic.c
@@ -1,6 +1,4 @@
 #include "gssapi_locl.h"
-#include <des.h>
-#include <md5.h>
 
 RCSID("$Id$");
 
@@ -15,10 +13,11 @@ OM_uint32 gss_verify_mic
   u_char *p;
   size_t len;
   struct md5 md5;
-  u_char hash[16];
+  u_char hash[16], seq_data[8];
   des_key_schedule schedule;
   des_cblock key;
   des_cblock zero;
+  int32_t seq_number;
 
   p = token_buffer->value;
   len = GSS_KRB5_MECHANISM->length + 28;
@@ -40,6 +39,7 @@ OM_uint32 gss_verify_mic
   p += 4;
   p += 16;
 
+  /* verify checksum */
   md5_init (&md5);
   md5_update (&md5, p - 24, 8);
   md5_update (&md5, message_buffer->value,
@@ -52,8 +52,39 @@ OM_uint32 gss_verify_mic
   des_set_key (&key, schedule);
   des_cbc_cksum ((des_cblock *)hash,
 		 (des_cblock *)hash, sizeof(hash), schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
+  if (memcmp (p - 8, hash, 8) != 0) {
+    memset (key, 0, sizeof(key));
+    memset (schedule, 0, sizeof(schedule));
     return GSS_S_BAD_MIC;
+  }
+
+  /* verify sequence number */
+  
+  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
+				context_handle->auth_context,
+				&seq_number);
+  seq_data[0] = (seq_number >> 0)  & 0xFF;
+  seq_data[1] = (seq_number >> 8)  & 0xFF;
+  seq_data[2] = (seq_number >> 16) & 0xFF;
+  seq_data[3] = (seq_number >> 24) & 0xFF;
+  memset (seq_data + 4,
+	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
+	  4);
+
+  p -= 16;
+  des_set_key (&key, schedule);
+  des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT);
+
+  memset (key, 0, sizeof(key));
+  memset (schedule, 0, sizeof(schedule));
+
+  if (memcmp (p, seq_data, 8) != 0) {
+    return GSS_S_BAD_MIC;
+  }
+
+  krb5_auth_setremoteseqnumber (gssapi_krb5_context,
+				context_handle->auth_context,
+				++seq_number);
 
   return GSS_S_COMPLETE;
 }
diff --git a/lib/gssapi/verify_mic.c b/lib/gssapi/verify_mic.c
index 1d38511ae..5a840eb8c 100644
--- a/lib/gssapi/verify_mic.c
+++ b/lib/gssapi/verify_mic.c
@@ -1,6 +1,4 @@
 #include "gssapi_locl.h"
-#include <des.h>
-#include <md5.h>
 
 RCSID("$Id$");
 
@@ -15,10 +13,11 @@ OM_uint32 gss_verify_mic
   u_char *p;
   size_t len;
   struct md5 md5;
-  u_char hash[16];
+  u_char hash[16], seq_data[8];
   des_key_schedule schedule;
   des_cblock key;
   des_cblock zero;
+  int32_t seq_number;
 
   p = token_buffer->value;
   len = GSS_KRB5_MECHANISM->length + 28;
@@ -40,6 +39,7 @@ OM_uint32 gss_verify_mic
   p += 4;
   p += 16;
 
+  /* verify checksum */
   md5_init (&md5);
   md5_update (&md5, p - 24, 8);
   md5_update (&md5, message_buffer->value,
@@ -52,8 +52,39 @@ OM_uint32 gss_verify_mic
   des_set_key (&key, schedule);
   des_cbc_cksum ((des_cblock *)hash,
 		 (des_cblock *)hash, sizeof(hash), schedule, &zero);
-  if (memcmp (p - 8, hash, 8) != 0)
+  if (memcmp (p - 8, hash, 8) != 0) {
+    memset (key, 0, sizeof(key));
+    memset (schedule, 0, sizeof(schedule));
     return GSS_S_BAD_MIC;
+  }
+
+  /* verify sequence number */
+  
+  krb5_auth_getremoteseqnumber (gssapi_krb5_context,
+				context_handle->auth_context,
+				&seq_number);
+  seq_data[0] = (seq_number >> 0)  & 0xFF;
+  seq_data[1] = (seq_number >> 8)  & 0xFF;
+  seq_data[2] = (seq_number >> 16) & 0xFF;
+  seq_data[3] = (seq_number >> 24) & 0xFF;
+  memset (seq_data + 4,
+	  (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
+	  4);
+
+  p -= 16;
+  des_set_key (&key, schedule);
+  des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT);
+
+  memset (key, 0, sizeof(key));
+  memset (schedule, 0, sizeof(schedule));
+
+  if (memcmp (p, seq_data, 8) != 0) {
+    return GSS_S_BAD_MIC;
+  }
+
+  krb5_auth_setremoteseqnumber (gssapi_krb5_context,
+				context_handle->auth_context,
+				++seq_number);
 
   return GSS_S_COMPLETE;
 }