oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Call `gssapi_krb5_verify_header'

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2282 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-07-14 11:44:38 +00:00
parent 6307cf23ae
commit 88e55002dc
4 changed files with 148 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
lib/gssapi/krb5/unwrap.c
View File

@@ -21,23 +21,19 @@ OM_uint32 gss_unwrap
int i; int i;
int32_t seq_number; int32_t seq_number;
size_t padlength; size_t padlength;
OM_uint32 ret;
p = input_message_buffer->value; p = input_message_buffer->value;
len = GSS_KRB5_MECHANISM->length + 28; ret = gssapi_krb5_verify_header (&p,
input_message_buffer->length,
"\x02\x01");
if (ret)
return ret;
if (
input_message_buffer->length < len
|| memcmp (p, "\x60\x07\x06\x05", 4) != 0
|| memcmp (p + 4, GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_MECH;
if (memcmp (p + 4 + GSS_KRB5_MECHANISM->length, "\x02\x01", 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 6 + GSS_KRB5_MECHANISM->length;
if (memcmp (p, "\x00\x00", 2) != 0) if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG; return GSS_S_BAD_SIG;
p += 2; p += 2;
if (memcmp (p, "\x0\x00", 2) != 0) if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
p += 2; p += 2;
if (memcmp (p, "\xff\xff", 2) != 0) if (memcmp (p, "\xff\xff", 2) != 0)
@@ -45,56 +41,17 @@ OM_uint32 gss_unwrap
p += 2; p += 2;
p += 16; p += 16;
md5_init (&md5); len = p - (u_char *)input_message_buffer->value;
md5_update (&md5, p - 24, 8);
md5_update (&md5, p, input_message_buffer->length - len);
md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero));
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
des_set_key (&key, schedule);
des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC;
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
p -= 16;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
schedule, (des_cblock *)hash, DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* decrypt data */ /* decrypt data */
p += 16;
memset (&zero, 0, sizeof(zero)); memset (&zero, 0, sizeof(zero));
#if 0
memcpy (&key, context_handle->auth_context->key.keyvalue.data, memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key)); sizeof(key));
#endif
memcpy (&key, context_handle->auth_context->remote_subkey.keyvalue.data,
sizeof(key));
for (i = 0; i < sizeof(key); ++i) for (i = 0; i < sizeof(key); ++i)
key[i] ^= 0xf0; key[i] ^= 0xf0;
des_set_key (&key, schedule); des_set_key (&key, schedule);
@@ -118,6 +75,53 @@ OM_uint32 gss_unwrap
if (i != 0) if (i != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
md5_init (&md5);
md5_update (&md5, p - 24, 8);
md5_update (&md5, p, input_message_buffer->length - len);
md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero));
#if 0
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
#endif
memcpy (&key, context_handle->auth_context->remote_subkey.keyvalue.data,
sizeof(key));
des_set_key (&key, schedule);
des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC;
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
4);
p -= 16;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
schedule, (des_cblock *)hash, DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* copy out data */ /* copy out data */
output_message_buffer->length = input_message_buffer->length output_message_buffer->length = input_message_buffer->length
@@ -126,7 +130,7 @@ OM_uint32 gss_unwrap
if(output_message_buffer->value == NULL) if(output_message_buffer->value == NULL)
return GSS_S_FAILURE; return GSS_S_FAILURE;
memcpy (output_message_buffer->value, memcpy (output_message_buffer->value,
p + 8, p + 24,
output_message_buffer->length); output_message_buffer->length);
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

28
lib/gssapi/krb5/verify_mic.c
View File

@@ -11,28 +11,23 @@ OM_uint32 gss_verify_mic
) )
{ {
u_char *p; u_char *p;
size_t len;
struct md5 md5; struct md5 md5;
u_char hash[16], seq_data[8]; u_char hash[16], seq_data[8];
des_key_schedule schedule; des_key_schedule schedule;
des_cblock key; des_cblock key;
des_cblock zero; des_cblock zero;
int32_t seq_number; int32_t seq_number;
OM_uint32 ret;
p = token_buffer->value; p = token_buffer->value;
len = GSS_KRB5_MECHANISM->length + 28; ret = gssapi_krb5_verify_header (&p,
token_buffer->length,
"\x01\x01");
if (ret)
return ret;
if ( if (memcmp(p, "\x00\x00", 2) != 0)
token_buffer->length < len return GSS_S_BAD_SIG;
|| memcmp (p, "\x60\x07\x06\x05", 4) != 0
|| memcmp (p + 4, GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_MECH;
if (memcmp (p + 4 + GSS_KRB5_MECHANISM->length, "\x01\x01", 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 6 + GSS_KRB5_MECHANISM->length;
if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG;
p += 2; p += 2;
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
@@ -47,8 +42,13 @@ OM_uint32 gss_verify_mic
md5_finito (&md5, hash); md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero)); memset (&zero, 0, sizeof(zero));
#if 0
memcpy (&key, context_handle->auth_context->key.keyvalue.data, memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key)); sizeof(key));
#endif
memcpy (&key, context_handle->auth_context->remote_subkey.keyvalue.data,
sizeof(key));
des_set_key (&key, schedule); des_set_key (&key, schedule);
des_cbc_cksum ((des_cblock *)hash, des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero); (des_cblock *)hash, sizeof(hash), schedule, &zero);
@@ -68,7 +68,7 @@ OM_uint32 gss_verify_mic
seq_data[2] = (seq_number >> 16) & 0xFF; seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF; seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4, memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF, (context_handle->more_flags & LOCAL) ? 0xFF : 0,
4); 4);
p -= 16; p -= 16;

116
lib/gssapi/unwrap.c
View File

@@ -21,23 +21,19 @@ OM_uint32 gss_unwrap
int i; int i;
int32_t seq_number; int32_t seq_number;
size_t padlength; size_t padlength;
OM_uint32 ret;
p = input_message_buffer->value; p = input_message_buffer->value;
len = GSS_KRB5_MECHANISM->length + 28; ret = gssapi_krb5_verify_header (&p,
input_message_buffer->length,
"\x02\x01");
if (ret)
return ret;
if (
input_message_buffer->length < len
|| memcmp (p, "\x60\x07\x06\x05", 4) != 0
|| memcmp (p + 4, GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_MECH;
if (memcmp (p + 4 + GSS_KRB5_MECHANISM->length, "\x02\x01", 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 6 + GSS_KRB5_MECHANISM->length;
if (memcmp (p, "\x00\x00", 2) != 0) if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG; return GSS_S_BAD_SIG;
p += 2; p += 2;
if (memcmp (p, "\x0\x00", 2) != 0) if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
p += 2; p += 2;
if (memcmp (p, "\xff\xff", 2) != 0) if (memcmp (p, "\xff\xff", 2) != 0)
@@ -45,56 +41,17 @@ OM_uint32 gss_unwrap
p += 2; p += 2;
p += 16; p += 16;
md5_init (&md5); len = p - (u_char *)input_message_buffer->value;
md5_update (&md5, p - 24, 8);
md5_update (&md5, p, input_message_buffer->length - len);
md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero));
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
des_set_key (&key, schedule);
des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC;
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
p -= 16;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
schedule, (des_cblock *)hash, DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* decrypt data */ /* decrypt data */
p += 16;
memset (&zero, 0, sizeof(zero)); memset (&zero, 0, sizeof(zero));
#if 0
memcpy (&key, context_handle->auth_context->key.keyvalue.data, memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key)); sizeof(key));
#endif
memcpy (&key, context_handle->auth_context->remote_subkey.keyvalue.data,
sizeof(key));
for (i = 0; i < sizeof(key); ++i) for (i = 0; i < sizeof(key); ++i)
key[i] ^= 0xf0; key[i] ^= 0xf0;
des_set_key (&key, schedule); des_set_key (&key, schedule);
@@ -118,6 +75,53 @@ OM_uint32 gss_unwrap
if (i != 0) if (i != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
md5_init (&md5);
md5_update (&md5, p - 24, 8);
md5_update (&md5, p, input_message_buffer->length - len);
md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero));
#if 0
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
#endif
memcpy (&key, context_handle->auth_context->remote_subkey.keyvalue.data,
sizeof(key));
des_set_key (&key, schedule);
des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC;
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
4);
p -= 16;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p, (des_cblock *)p, 8,
schedule, (des_cblock *)hash, DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* copy out data */ /* copy out data */
output_message_buffer->length = input_message_buffer->length output_message_buffer->length = input_message_buffer->length
@@ -126,7 +130,7 @@ OM_uint32 gss_unwrap
if(output_message_buffer->value == NULL) if(output_message_buffer->value == NULL)
return GSS_S_FAILURE; return GSS_S_FAILURE;
memcpy (output_message_buffer->value, memcpy (output_message_buffer->value,
p + 8, p + 24,
output_message_buffer->length); output_message_buffer->length);
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

28
lib/gssapi/verify_mic.c
View File

@@ -11,28 +11,23 @@ OM_uint32 gss_verify_mic
) )
{ {
u_char *p; u_char *p;
size_t len;
struct md5 md5; struct md5 md5;
u_char hash[16], seq_data[8]; u_char hash[16], seq_data[8];
des_key_schedule schedule; des_key_schedule schedule;
des_cblock key; des_cblock key;
des_cblock zero; des_cblock zero;
int32_t seq_number; int32_t seq_number;
OM_uint32 ret;
p = token_buffer->value; p = token_buffer->value;
len = GSS_KRB5_MECHANISM->length + 28; ret = gssapi_krb5_verify_header (&p,
token_buffer->length,
"\x01\x01");
if (ret)
return ret;
if ( if (memcmp(p, "\x00\x00", 2) != 0)
token_buffer->length < len return GSS_S_BAD_SIG;
|| memcmp (p, "\x60\x07\x06\x05", 4) != 0
|| memcmp (p + 4, GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_MECH;
if (memcmp (p + 4 + GSS_KRB5_MECHANISM->length, "\x01\x01", 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 6 + GSS_KRB5_MECHANISM->length;
if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG;
p += 2; p += 2;
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
@@ -47,8 +42,13 @@ OM_uint32 gss_verify_mic
md5_finito (&md5, hash); md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero)); memset (&zero, 0, sizeof(zero));
#if 0
memcpy (&key, context_handle->auth_context->key.keyvalue.data, memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key)); sizeof(key));
#endif
memcpy (&key, context_handle->auth_context->remote_subkey.keyvalue.data,
sizeof(key));
des_set_key (&key, schedule); des_set_key (&key, schedule);
des_cbc_cksum ((des_cblock *)hash, des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero); (des_cblock *)hash, sizeof(hash), schedule, &zero);
@@ -68,7 +68,7 @@ OM_uint32 gss_verify_mic
seq_data[2] = (seq_number >> 16) & 0xFF; seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF; seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4, memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF, (context_handle->more_flags & LOCAL) ? 0xFF : 0,
4); 4);
p -= 16; p -= 16;