From 417d3481f7d1e6ed56c21fa912c36de434f36bd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 27 Aug 2003 03:53:25 +0000 Subject: [PATCH] arcfour gss-api mech, get_mic/verify_mic working git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12655 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/arcfour.c | 555 ++++++++++++++++++++++++++++++++++++++ lib/gssapi/arcfour.h | 89 ++++++ lib/gssapi/krb5/arcfour.c | 555 ++++++++++++++++++++++++++++++++++++++ lib/gssapi/krb5/arcfour.h | 89 ++++++ 4 files changed, 1288 insertions(+) create mode 100644 lib/gssapi/arcfour.c create mode 100644 lib/gssapi/arcfour.h create mode 100644 lib/gssapi/krb5/arcfour.c create mode 100644 lib/gssapi/krb5/arcfour.h diff --git a/lib/gssapi/arcfour.c b/lib/gssapi/arcfour.c new file mode 100644 index 000000000..c3ec4a4b3 --- /dev/null +++ b/lib/gssapi/arcfour.c @@ -0,0 +1,555 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +#if 0 +static const char arcfour_sk[] = "signaturekey"; + +static krb5_error_code +get_arcfour_sk(krb5_context context, krb5_keyblock *key, + void *sk_key_data, size_t sk_key_size) +{ + Checksum cksum_k4; + + cksum_k4.checksum.data = sk_key_data; + cksum_k4.checksum.length = sk_key_size; + return krb5_hmac(context, CKSUMTYPE_RSA_MD5, + arcfour_sk, sizeof(arcfour_sk), 13, /* XXX usage */ + key, &cksum_k4); + +} +#endif + +static krb5_error_code +arcfour_mic_key(krb5_context context, krb5_keyblock *key, + const void *header, size_t header_size, + const void *message, size_t message_size, + void *cksum_data, size_t cksum_size, + void *key6_data, size_t key6_size) +{ + krb5_error_code ret; + + Checksum cksum_k5; + krb5_keyblock key5; + char k5_data[16]; + + Checksum cksum_k6; + + char T[4]; + + /* draft: T = 0; */ + memset(T, 0, 4); + /* draft: HMAC (K, &T, 4, K5); */ + cksum_k5.checksum.data = k5_data; + cksum_k5.checksum.length = sizeof(k5_data); + + ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, + T, 4, 0, key, &cksum_k5); + if (ret) + return ret; + + key5.keytype = KEYTYPE_ARCFOUR; + key5.keyvalue = cksum_k5.checksum; + + /* HMAC(K5, MIC_checksum, 8, K6); */ + cksum_k6.checksum.data = key6_data; + cksum_k6.checksum.length = key6_size; + + return krb5_hmac(context, CKSUMTYPE_RSA_MD5, + cksum_data, cksum_size, 0, &key5, &cksum_k6); +} + +static krb5_error_code +arcfour_mic_cksum(const char *p, size_t p_sz, + const gss_buffer_t message_buffer, + krb5_keyblock *key, + u_char *sgn_cksum, size_t sgn_cksum_sz) + +{ + Checksum CKSUM; + u_char *ptr = emalloc(p_sz + message_buffer->length); + krb5_crypto crypto; + krb5_error_code ret; + + assert(sgn_cksum_sz == 8); + + memcpy(ptr, p, p_sz); + memcpy(ptr + p_sz, message_buffer->value, message_buffer->length); + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret) { + free(ptr); + return ret; + } + + ret = krb5_create_checksum(gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SIGN, + 0, + ptr, + p_sz + message_buffer->length, + &CKSUM); + free(ptr); + if (ret == 0) { + memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); + krb5_free_checksum_contents(gssapi_krb5_context, &CKSUM); + } + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + return ret; +} + + +OM_uint32 +_gssapi_get_mic_arcfour + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key + ) +{ + gss_arcfour_mic_token *token; + krb5_error_code kret; + + u_char *p; + + int32_t seq_number; + size_t len, total_len; + + char k6_data[16]; + + gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gssapi_make_mech_header(message_token->value, + len, + GSS_KRB5_MECHANISM); + token = (gss_arcfour_mic_token *)p; + + token->TOK_ID[0] = 0x01; + token->TOK_ID[1] = 0x01; + token->SGN_ALG[0] = 0x11; + token->SGN_ALG[1] = 0x00; + token->Filler[0] = 0xff; + token->Filler[1] = 0xff; + token->Filler[2] = 0xff; + token->Filler[3] = 0xff; + + kret = arcfour_mic_cksum(p, 8, message_buffer, key, token->SGN_CKSUM, 8); + if (kret) { + *minor_status = kret; + gss_release_buffer(minor_status, message_token); + return GSS_S_FAILURE; + } + kret = arcfour_mic_key(gssapi_krb5_context, key, + p, 8, + message_buffer->value,message_buffer->length, + token->SGN_CKSUM, 8, + k6_data, sizeof(k6_data)); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + p += 8; + + /* draft: copy_seq_num_in_big_endian(seq_num, seq_plus_direction); */ + /* draft: copy_direction_flag (direction_flag, seq_plus_direction + 4); */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p[0] = (seq_number >> 24) & 0xFF; + p[1] = (seq_number >> 16) & 0xFF; + p[2] = (seq_number >> 8) & 0xFF; + p[3] = (seq_number >> 0) & 0xFF; + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p + 4, + (context_handle->more_flags & LOCAL) ? 0xFF : 0, + 4); + + /* draft: RC4(K6, seq_plus_direction, 8, MIC_seq); */ + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + return GSS_S_COMPLETE; +} + + +OM_uint32 +_gssapi_verify_mic_arcfour + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char *type, + krb5_keyblock *key + ) +{ + krb5_error_code kret; + int32_t seq_number; + OM_uint32 ret; + char cksum_data[8], k6_data[16]; + u_char *p; + int cmp; + + p = token_buffer->value; + ret = gssapi_krb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + + /* draft: memcpy (T_plus_hdr_plus_msg + 04, MIC_hdr, 8); */ + /* draft: memcpy (T_plus_hdr_plus_msg + 12, msg, msg_len); */ + + kret = arcfour_mic_cksum(p, 8, message_buffer, key, + cksum_data, sizeof(cksum_data)); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = arcfour_mic_key(gssapi_krb5_context, key, + p - 8, 8, + message_buffer->value, + message_buffer->length, + cksum_data, sizeof(cksum_data), + k6_data, sizeof(k6_data)); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + cmp = memcmp(cksum_data, p + 8, 8); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + /* XXX don't modify p */ + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + gssapi_decode_om_uint32(p, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&p[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&p[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = gssapi_msg_order_check(context_handle->order, seq_number); + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (ret) + return ret; + + return 0; +} + +OM_uint32 +_gssapi_wrap_arcfour + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key + ) +{ +#if 0 + u_char *p; + OM_uint32 ret; + int32_t seq_number; + size_t len, total_len, datalen; + gss_arcfour_wrap_token *token; + + krb5_keyblock key7; + char k7_data[16]; + + Checksum cksum_k8; + krb5_keyblock key8; + char k8_data[16]; + + Checksum cksum_k9; + krb5_keyblock key9; + char k9_data[16]; + + krb5_keyblock key10; + char k10_data[16]; + + Checksum cksum_k11; + char k11_data[16]; + + Checksum CKSUM; + char cksum_data[16]; + + datalen = input_message_buffer->length; + len = datalen + 30; + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header(output_message_buffer->value, + len, + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + token = (gss_arcfour_wrap_token *)p; + + token->SGN_ALG[0] = 0x11; + token->SGN_ALG[1] = 0x00; + if (conf_req_flag) { + token->SEAL_ALG[0] = 0x00; + token->SEAL_ALG[1] = 0x00; + } else { + token->SEAL_ALG[0] = 0xff; + token->SEAL_ALG[1] = 0xff; + } + token->Filler[0] = 0xff; + token->Filler[1] = 0xff; + + memset(p + 8, 0, 16); /* XXX SND_SEQ, SGN_CKSUM */ + /* Confounder */ + krb5_generate_random_block(p + 16, 8); + + ret = get_arcfour_sk(gssapi_krb5_context, key, k7_data, sizeof(k7_data)); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + + key7.keytype = KEYTYPE_ARCFOUR; + key7.keyvalue.length = sizeof(k7_data); + key7.keyvalue.data = k7_data; + + { + u_char T[4]; + MD5_CTX md5; + u_char hash[16]; + + T[0] = 13; + T[1] = 0; + T[2] = 0; + T[3] = 0; + + MD5_Init(&md5); + MD5_Update(&md5, T, 4); /* T */ + MD5_Update(&md5, p - 8, 8); /* Token.Header */ + MD5_Update(&md5, p + 16, 8); /* Confounder */ + MD5_Update(&md5, + input_message_buffer->value, input_message_buffer->length); + MD5_Final(hash, &md5); + + CKSUM.checksum.data = cksum_data; + CKSUM.checksum.length = sizeof(cksum_data); + + /* draft: HMAC (K7, MD5_of_T_hdr_msg, CHKSUM); */ + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + hash, sizeof(hash), + 0 /* XXX */, &key7, &CKSUM); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + } + + { + u_char T[4]; + + memset(T, 0, sizeof(T)); + cksum_k8.checksum.data = k8_data; + cksum_k8.checksum.length = sizeof(k8_data); + + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + T, sizeof(T), 4 /* XXX */, key, &cksum_k8); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + } + + cksum_k9.checksum.data = k9_data; + cksum_k9.checksum.length = sizeof(k9_data); + + key8.keytype = KEYTYPE_ARCFOUR; + key8.keyvalue.length = sizeof(k8_data); + key8.keyvalue.data = k8_data; + + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + cksum_data, sizeof(cksum_data), + 8 /* XXX */, &key8, &cksum_k9); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + + key9.keytype = KEYTYPE_ARCFOUR; + key9.keyvalue.length = sizeof(k9_data); + key9.keyvalue.data = k9_data; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xFF, 4); + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k9_data), k9_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + p += 8; + memcpy(p, cksum_data, 8); + + key10.keytype = KEYTYPE_ARCFOUR; + key10.keyvalue.length = sizeof(k10_data); + key10.keyvalue.data = k10_data; + + assert(key->keyvalue.length == 16); + { + int i; + memcpy(k10_data, key->keyvalue.data, sizeof(k10_data)); + for (i = 0; i < sizeof(k10_data); i++) + k10_data[i] ^= 0xF0; + } + + { + u_char T[4]; + + memset(T, 0, sizeof(T)); + cksum_k11.checksum.data = k11_data; + cksum_k11.checksum.length = sizeof(k11_data); + + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + T, sizeof(T), 4 /* XXX */, &key10, &cksum_k11); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + } + + memcpy(p + 8, input_message_buffer->value, + input_message_buffer->length); + p[8 + input_message_buffer->length] = 1; + + if (conf_req_flag) { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k11_data), k11_data); + + RC4 (&rc4_key, 8 + input_message_buffer->length, p, p); + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + *minor_status = 0; + return GSS_S_COMPLETE; +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + return GSS_S_FAILURE; +#endif +} + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + return GSS_S_FAILURE; +} diff --git a/lib/gssapi/arcfour.h b/lib/gssapi/arcfour.h new file mode 100644 index 000000000..3e10c1c6c --- /dev/null +++ b/lib/gssapi/arcfour.h @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef GSSAPI_ARCFOUR_H_ +#define GSSAPI_ARCFOUR_H_ 1 + +typedef struct gss_arcfour_mic_token { + u_char TOK_ID[2]; /* 01 01 */ + u_char SGN_ALG[2]; /* 11 00 */ + u_char Filler[4]; + u_char SND_SEQ[8]; + u_char SGN_CKSUM[8]; +} gss_arcfour_mic_token; + +typedef struct gss_arcfour_wrap_token { + u_char TOK_ID[2]; /* 02 01 */ + u_char SGN_ALG[2]; + u_char SEAL_ALG[2]; + u_char Filler[2]; + u_char SND_SEQ[8]; + u_char SGN_CKSUM[8]; + u_char Confounder[8]; +} gss_arcfour_wrap_token; + +OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key); + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key); + +OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key); + +OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state, + char *type, + krb5_keyblock *key); + +#endif /* GSSAPI_ARCFOUR_H_ */ diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c new file mode 100644 index 000000000..c3ec4a4b3 --- /dev/null +++ b/lib/gssapi/krb5/arcfour.c @@ -0,0 +1,555 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +#if 0 +static const char arcfour_sk[] = "signaturekey"; + +static krb5_error_code +get_arcfour_sk(krb5_context context, krb5_keyblock *key, + void *sk_key_data, size_t sk_key_size) +{ + Checksum cksum_k4; + + cksum_k4.checksum.data = sk_key_data; + cksum_k4.checksum.length = sk_key_size; + return krb5_hmac(context, CKSUMTYPE_RSA_MD5, + arcfour_sk, sizeof(arcfour_sk), 13, /* XXX usage */ + key, &cksum_k4); + +} +#endif + +static krb5_error_code +arcfour_mic_key(krb5_context context, krb5_keyblock *key, + const void *header, size_t header_size, + const void *message, size_t message_size, + void *cksum_data, size_t cksum_size, + void *key6_data, size_t key6_size) +{ + krb5_error_code ret; + + Checksum cksum_k5; + krb5_keyblock key5; + char k5_data[16]; + + Checksum cksum_k6; + + char T[4]; + + /* draft: T = 0; */ + memset(T, 0, 4); + /* draft: HMAC (K, &T, 4, K5); */ + cksum_k5.checksum.data = k5_data; + cksum_k5.checksum.length = sizeof(k5_data); + + ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, + T, 4, 0, key, &cksum_k5); + if (ret) + return ret; + + key5.keytype = KEYTYPE_ARCFOUR; + key5.keyvalue = cksum_k5.checksum; + + /* HMAC(K5, MIC_checksum, 8, K6); */ + cksum_k6.checksum.data = key6_data; + cksum_k6.checksum.length = key6_size; + + return krb5_hmac(context, CKSUMTYPE_RSA_MD5, + cksum_data, cksum_size, 0, &key5, &cksum_k6); +} + +static krb5_error_code +arcfour_mic_cksum(const char *p, size_t p_sz, + const gss_buffer_t message_buffer, + krb5_keyblock *key, + u_char *sgn_cksum, size_t sgn_cksum_sz) + +{ + Checksum CKSUM; + u_char *ptr = emalloc(p_sz + message_buffer->length); + krb5_crypto crypto; + krb5_error_code ret; + + assert(sgn_cksum_sz == 8); + + memcpy(ptr, p, p_sz); + memcpy(ptr + p_sz, message_buffer->value, message_buffer->length); + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret) { + free(ptr); + return ret; + } + + ret = krb5_create_checksum(gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SIGN, + 0, + ptr, + p_sz + message_buffer->length, + &CKSUM); + free(ptr); + if (ret == 0) { + memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); + krb5_free_checksum_contents(gssapi_krb5_context, &CKSUM); + } + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + return ret; +} + + +OM_uint32 +_gssapi_get_mic_arcfour + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key + ) +{ + gss_arcfour_mic_token *token; + krb5_error_code kret; + + u_char *p; + + int32_t seq_number; + size_t len, total_len; + + char k6_data[16]; + + gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gssapi_make_mech_header(message_token->value, + len, + GSS_KRB5_MECHANISM); + token = (gss_arcfour_mic_token *)p; + + token->TOK_ID[0] = 0x01; + token->TOK_ID[1] = 0x01; + token->SGN_ALG[0] = 0x11; + token->SGN_ALG[1] = 0x00; + token->Filler[0] = 0xff; + token->Filler[1] = 0xff; + token->Filler[2] = 0xff; + token->Filler[3] = 0xff; + + kret = arcfour_mic_cksum(p, 8, message_buffer, key, token->SGN_CKSUM, 8); + if (kret) { + *minor_status = kret; + gss_release_buffer(minor_status, message_token); + return GSS_S_FAILURE; + } + kret = arcfour_mic_key(gssapi_krb5_context, key, + p, 8, + message_buffer->value,message_buffer->length, + token->SGN_CKSUM, 8, + k6_data, sizeof(k6_data)); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + p += 8; + + /* draft: copy_seq_num_in_big_endian(seq_num, seq_plus_direction); */ + /* draft: copy_direction_flag (direction_flag, seq_plus_direction + 4); */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p[0] = (seq_number >> 24) & 0xFF; + p[1] = (seq_number >> 16) & 0xFF; + p[2] = (seq_number >> 8) & 0xFF; + p[3] = (seq_number >> 0) & 0xFF; + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p + 4, + (context_handle->more_flags & LOCAL) ? 0xFF : 0, + 4); + + /* draft: RC4(K6, seq_plus_direction, 8, MIC_seq); */ + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + return GSS_S_COMPLETE; +} + + +OM_uint32 +_gssapi_verify_mic_arcfour + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char *type, + krb5_keyblock *key + ) +{ + krb5_error_code kret; + int32_t seq_number; + OM_uint32 ret; + char cksum_data[8], k6_data[16]; + u_char *p; + int cmp; + + p = token_buffer->value; + ret = gssapi_krb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + + /* draft: memcpy (T_plus_hdr_plus_msg + 04, MIC_hdr, 8); */ + /* draft: memcpy (T_plus_hdr_plus_msg + 12, msg, msg_len); */ + + kret = arcfour_mic_cksum(p, 8, message_buffer, key, + cksum_data, sizeof(cksum_data)); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = arcfour_mic_key(gssapi_krb5_context, key, + p - 8, 8, + message_buffer->value, + message_buffer->length, + cksum_data, sizeof(cksum_data), + k6_data, sizeof(k6_data)); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + cmp = memcmp(cksum_data, p + 8, 8); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + /* XXX don't modify p */ + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + gssapi_decode_om_uint32(p, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&p[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&p[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = gssapi_msg_order_check(context_handle->order, seq_number); + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (ret) + return ret; + + return 0; +} + +OM_uint32 +_gssapi_wrap_arcfour + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key + ) +{ +#if 0 + u_char *p; + OM_uint32 ret; + int32_t seq_number; + size_t len, total_len, datalen; + gss_arcfour_wrap_token *token; + + krb5_keyblock key7; + char k7_data[16]; + + Checksum cksum_k8; + krb5_keyblock key8; + char k8_data[16]; + + Checksum cksum_k9; + krb5_keyblock key9; + char k9_data[16]; + + krb5_keyblock key10; + char k10_data[16]; + + Checksum cksum_k11; + char k11_data[16]; + + Checksum CKSUM; + char cksum_data[16]; + + datalen = input_message_buffer->length; + len = datalen + 30; + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header(output_message_buffer->value, + len, + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + token = (gss_arcfour_wrap_token *)p; + + token->SGN_ALG[0] = 0x11; + token->SGN_ALG[1] = 0x00; + if (conf_req_flag) { + token->SEAL_ALG[0] = 0x00; + token->SEAL_ALG[1] = 0x00; + } else { + token->SEAL_ALG[0] = 0xff; + token->SEAL_ALG[1] = 0xff; + } + token->Filler[0] = 0xff; + token->Filler[1] = 0xff; + + memset(p + 8, 0, 16); /* XXX SND_SEQ, SGN_CKSUM */ + /* Confounder */ + krb5_generate_random_block(p + 16, 8); + + ret = get_arcfour_sk(gssapi_krb5_context, key, k7_data, sizeof(k7_data)); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + + key7.keytype = KEYTYPE_ARCFOUR; + key7.keyvalue.length = sizeof(k7_data); + key7.keyvalue.data = k7_data; + + { + u_char T[4]; + MD5_CTX md5; + u_char hash[16]; + + T[0] = 13; + T[1] = 0; + T[2] = 0; + T[3] = 0; + + MD5_Init(&md5); + MD5_Update(&md5, T, 4); /* T */ + MD5_Update(&md5, p - 8, 8); /* Token.Header */ + MD5_Update(&md5, p + 16, 8); /* Confounder */ + MD5_Update(&md5, + input_message_buffer->value, input_message_buffer->length); + MD5_Final(hash, &md5); + + CKSUM.checksum.data = cksum_data; + CKSUM.checksum.length = sizeof(cksum_data); + + /* draft: HMAC (K7, MD5_of_T_hdr_msg, CHKSUM); */ + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + hash, sizeof(hash), + 0 /* XXX */, &key7, &CKSUM); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + } + + { + u_char T[4]; + + memset(T, 0, sizeof(T)); + cksum_k8.checksum.data = k8_data; + cksum_k8.checksum.length = sizeof(k8_data); + + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + T, sizeof(T), 4 /* XXX */, key, &cksum_k8); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + } + + cksum_k9.checksum.data = k9_data; + cksum_k9.checksum.length = sizeof(k9_data); + + key8.keytype = KEYTYPE_ARCFOUR; + key8.keyvalue.length = sizeof(k8_data); + key8.keyvalue.data = k8_data; + + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + cksum_data, sizeof(cksum_data), + 8 /* XXX */, &key8, &cksum_k9); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + + key9.keytype = KEYTYPE_ARCFOUR; + key9.keyvalue.length = sizeof(k9_data); + key9.keyvalue.data = k9_data; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xFF, 4); + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k9_data), k9_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + p += 8; + memcpy(p, cksum_data, 8); + + key10.keytype = KEYTYPE_ARCFOUR; + key10.keyvalue.length = sizeof(k10_data); + key10.keyvalue.data = k10_data; + + assert(key->keyvalue.length == 16); + { + int i; + memcpy(k10_data, key->keyvalue.data, sizeof(k10_data)); + for (i = 0; i < sizeof(k10_data); i++) + k10_data[i] ^= 0xF0; + } + + { + u_char T[4]; + + memset(T, 0, sizeof(T)); + cksum_k11.checksum.data = k11_data; + cksum_k11.checksum.length = sizeof(k11_data); + + ret = krb5_hmac(gssapi_krb5_context, CKSUMTYPE_RSA_MD5, + T, sizeof(T), 4 /* XXX */, &key10, &cksum_k11); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + } + + memcpy(p + 8, input_message_buffer->value, + input_message_buffer->length); + p[8 + input_message_buffer->length] = 1; + + if (conf_req_flag) { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k11_data), k11_data); + + RC4 (&rc4_key, 8 + input_message_buffer->length, p, p); + memset(&rc4_key, 0, sizeof(rc4_key)); + } + + *minor_status = 0; + return GSS_S_COMPLETE; +#else + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + return GSS_S_FAILURE; +#endif +} + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + *minor_status = (OM_uint32)KRB5_PROG_ETYPE_NOSUPP; + return GSS_S_FAILURE; +} diff --git a/lib/gssapi/krb5/arcfour.h b/lib/gssapi/krb5/arcfour.h new file mode 100644 index 000000000..3e10c1c6c --- /dev/null +++ b/lib/gssapi/krb5/arcfour.h @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef GSSAPI_ARCFOUR_H_ +#define GSSAPI_ARCFOUR_H_ 1 + +typedef struct gss_arcfour_mic_token { + u_char TOK_ID[2]; /* 01 01 */ + u_char SGN_ALG[2]; /* 11 00 */ + u_char Filler[4]; + u_char SND_SEQ[8]; + u_char SGN_CKSUM[8]; +} gss_arcfour_mic_token; + +typedef struct gss_arcfour_wrap_token { + u_char TOK_ID[2]; /* 02 01 */ + u_char SGN_ALG[2]; + u_char SEAL_ALG[2]; + u_char Filler[2]; + u_char SND_SEQ[8]; + u_char SGN_CKSUM[8]; + u_char Confounder[8]; +} gss_arcfour_wrap_token; + +OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key); + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key); + +OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key); + +OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state, + char *type, + krb5_keyblock *key); + +#endif /* GSSAPI_ARCFOUR_H_ */