diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index c451c3843..363397068 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -1,6 +1,4 @@ #include "gssapi_locl.h" -#include -#include RCSID("$Id$"); @@ -13,13 +11,16 @@ OM_uint32 gss_unwrap gss_qop_t * qop_state ) { - u_char *p; + u_char *p, *pad; size_t len; struct md5 md5; - u_char hash[16]; + u_char hash[16], seq_data[8]; des_key_schedule schedule; des_cblock key; des_cblock zero; + int i; + int32_t seq_number; + size_t padlength; p = input_message_buffer->value; len = GSS_KRB5_MECHANISM->length + 28; @@ -36,7 +37,7 @@ OM_uint32 gss_unwrap if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; p += 2; - if (memcmp (p, "\xff\xff", 2) != 0) + if (memcmp (p, "\x0\x00", 2) != 0) return GSS_S_BAD_MIC; p += 2; if (memcmp (p, "\xff\xff", 2) != 0) @@ -58,12 +59,73 @@ OM_uint32 gss_unwrap if (memcmp (p - 8, hash, 8) != 0) return GSS_S_BAD_MIC; - output_message_buffer->length = input_message_buffer->length - len; + /* verify sequence number */ + + krb5_auth_getremoteseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + seq_data[0] = (seq_number >> 0) & 0xFF; + seq_data[1] = (seq_number >> 8) & 0xFF; + seq_data[2] = (seq_number >> 16) & 0xFF; + seq_data[3] = (seq_number >> 24) & 0xFF; + memset (seq_data + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + p -= 16; + des_set_key (&key, schedule); + des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT); + + memset (key, 0, sizeof(key)); + memset (schedule, 0, sizeof(schedule)); + + if (memcmp (p, seq_data, 8) != 0) { + return GSS_S_BAD_MIC; + } + + krb5_auth_setremoteseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + + /* decrypt data */ + + p += 16; + + memset (&zero, 0, sizeof(zero)); + memcpy (&key, context_handle->auth_context->key.keyvalue.data, + sizeof(key)); + for (i = 0; i < sizeof(key); ++i) + key[i] ^= 0xf0; + des_set_key (&key, schedule); + des_cbc_encrypt ((des_cblock *)p, + (des_cblock *)p, + input_message_buffer->length - len, + schedule, + &zero, + DES_DECRYPT); + + memset (key, 0, sizeof(key)); + memset (schedule, 0, sizeof(schedule)); + + /* check pad */ + + pad = (char *)input_message_buffer->value + input_message_buffer->length - 1; + padlength = *pad; + + for (i = padlength; i >= 0 && *pad == padlength; i--, pad--) + ; + if (i != 0) + return GSS_S_BAD_MIC; + + /* copy out data */ + + output_message_buffer->length = input_message_buffer->length + - len - 8 - padlength; output_message_buffer->value = malloc(output_message_buffer->length); if(output_message_buffer->value == NULL) return GSS_S_FAILURE; memcpy (output_message_buffer->value, - p, + p + 8, output_message_buffer->length); return GSS_S_COMPLETE; } diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index fc70204c7..bffc4288e 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -1,6 +1,4 @@ #include "gssapi_locl.h" -#include -#include RCSID("$Id$"); @@ -21,8 +19,14 @@ OM_uint32 gss_wrap des_key_schedule schedule; des_cblock key; des_cblock zero; + size_t padlength; + int i; + int32_t seq_number; - len = input_message_buffer->length + 28 + GSS_KRB5_MECHANISM->length; + padlength = 8 - (input_message_buffer->length % 8); + + len = input_message_buffer->length + 8 + padlength + 28 + + GSS_KRB5_MECHANISM->length; output_message_buffer->length = len; output_message_buffer->value = malloc (len); if (output_message_buffer->value == NULL) @@ -33,23 +37,33 @@ OM_uint32 gss_wrap p += 4; memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); p += GSS_KRB5_MECHANISM->length; + /* TOK_ID */ memcpy (p, "\x02\x01", 2); p += 2; + /* SGN_ALG */ memcpy (p, "\x00\x00", 2); p += 2; - memcpy (p, "\xff\xff", 2); + /* SEAL_ALG */ + memcpy (p, "\x00\x00", 2); p += 2; + /* Filler */ memcpy (p, "\xff\xff", 2); p += 2; + /* fill in later */ memset (p, 0, 16); p += 16; - memcpy (p, input_message_buffer->value, + + /* confounder + data + pad */ + des_new_random_key((des_cblock*)p); + memcpy (p + 8, input_message_buffer->value, input_message_buffer->length); - + memset (p + 8 + input_message_buffer->length, padlength, padlength); + + /* checksum */ md5_init (&md5); md5_update (&md5, p - 24, 8); - md5_update (&md5, p, input_message_buffer->length); + md5_update (&md5, p + 8, input_message_buffer->length + padlength); md5_finito (&md5, hash); memset (&zero, 0, sizeof(zero)); @@ -59,5 +73,46 @@ OM_uint32 gss_wrap des_cbc_cksum ((des_cblock *)hash, (des_cblock *)hash, sizeof(hash), schedule, &zero); memcpy (p - 8, hash, 8); + + /* sequence number */ + krb5_auth_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p -= 16; + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + memset (p + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + des_set_key (&key, schedule); + des_cbc_encrypt (p, p, 8, schedule, p + 16, DES_ENCRYPT); + + krb5_auth_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + + /* encrypt the data */ + p += 16; + + memset (&zero, 0, sizeof(zero)); + memcpy (&key, context_handle->auth_context->key.keyvalue.data, + sizeof(key)); + for (i = 0; i < sizeof(key); ++i) + key[i] ^= 0xf0; + des_set_key (&key, schedule); + des_cbc_encrypt ((des_cblock *)p, + (des_cblock *)p, + 8 + input_message_buffer->length + padlength, + schedule, + &zero, + DES_ENCRYPT); + + memset (key, 0, sizeof(key)); + memset (schedule, 0, sizeof(schedule)); + return GSS_S_COMPLETE; } diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index c451c3843..363397068 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -1,6 +1,4 @@ #include "gssapi_locl.h" -#include -#include RCSID("$Id$"); @@ -13,13 +11,16 @@ OM_uint32 gss_unwrap gss_qop_t * qop_state ) { - u_char *p; + u_char *p, *pad; size_t len; struct md5 md5; - u_char hash[16]; + u_char hash[16], seq_data[8]; des_key_schedule schedule; des_cblock key; des_cblock zero; + int i; + int32_t seq_number; + size_t padlength; p = input_message_buffer->value; len = GSS_KRB5_MECHANISM->length + 28; @@ -36,7 +37,7 @@ OM_uint32 gss_unwrap if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; p += 2; - if (memcmp (p, "\xff\xff", 2) != 0) + if (memcmp (p, "\x0\x00", 2) != 0) return GSS_S_BAD_MIC; p += 2; if (memcmp (p, "\xff\xff", 2) != 0) @@ -58,12 +59,73 @@ OM_uint32 gss_unwrap if (memcmp (p - 8, hash, 8) != 0) return GSS_S_BAD_MIC; - output_message_buffer->length = input_message_buffer->length - len; + /* verify sequence number */ + + krb5_auth_getremoteseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + seq_data[0] = (seq_number >> 0) & 0xFF; + seq_data[1] = (seq_number >> 8) & 0xFF; + seq_data[2] = (seq_number >> 16) & 0xFF; + seq_data[3] = (seq_number >> 24) & 0xFF; + memset (seq_data + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + p -= 16; + des_set_key (&key, schedule); + des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT); + + memset (key, 0, sizeof(key)); + memset (schedule, 0, sizeof(schedule)); + + if (memcmp (p, seq_data, 8) != 0) { + return GSS_S_BAD_MIC; + } + + krb5_auth_setremoteseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + + /* decrypt data */ + + p += 16; + + memset (&zero, 0, sizeof(zero)); + memcpy (&key, context_handle->auth_context->key.keyvalue.data, + sizeof(key)); + for (i = 0; i < sizeof(key); ++i) + key[i] ^= 0xf0; + des_set_key (&key, schedule); + des_cbc_encrypt ((des_cblock *)p, + (des_cblock *)p, + input_message_buffer->length - len, + schedule, + &zero, + DES_DECRYPT); + + memset (key, 0, sizeof(key)); + memset (schedule, 0, sizeof(schedule)); + + /* check pad */ + + pad = (char *)input_message_buffer->value + input_message_buffer->length - 1; + padlength = *pad; + + for (i = padlength; i >= 0 && *pad == padlength; i--, pad--) + ; + if (i != 0) + return GSS_S_BAD_MIC; + + /* copy out data */ + + output_message_buffer->length = input_message_buffer->length + - len - 8 - padlength; output_message_buffer->value = malloc(output_message_buffer->length); if(output_message_buffer->value == NULL) return GSS_S_FAILURE; memcpy (output_message_buffer->value, - p, + p + 8, output_message_buffer->length); return GSS_S_COMPLETE; } diff --git a/lib/gssapi/wrap.c b/lib/gssapi/wrap.c index fc70204c7..bffc4288e 100644 --- a/lib/gssapi/wrap.c +++ b/lib/gssapi/wrap.c @@ -1,6 +1,4 @@ #include "gssapi_locl.h" -#include -#include RCSID("$Id$"); @@ -21,8 +19,14 @@ OM_uint32 gss_wrap des_key_schedule schedule; des_cblock key; des_cblock zero; + size_t padlength; + int i; + int32_t seq_number; - len = input_message_buffer->length + 28 + GSS_KRB5_MECHANISM->length; + padlength = 8 - (input_message_buffer->length % 8); + + len = input_message_buffer->length + 8 + padlength + 28 + + GSS_KRB5_MECHANISM->length; output_message_buffer->length = len; output_message_buffer->value = malloc (len); if (output_message_buffer->value == NULL) @@ -33,23 +37,33 @@ OM_uint32 gss_wrap p += 4; memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); p += GSS_KRB5_MECHANISM->length; + /* TOK_ID */ memcpy (p, "\x02\x01", 2); p += 2; + /* SGN_ALG */ memcpy (p, "\x00\x00", 2); p += 2; - memcpy (p, "\xff\xff", 2); + /* SEAL_ALG */ + memcpy (p, "\x00\x00", 2); p += 2; + /* Filler */ memcpy (p, "\xff\xff", 2); p += 2; + /* fill in later */ memset (p, 0, 16); p += 16; - memcpy (p, input_message_buffer->value, + + /* confounder + data + pad */ + des_new_random_key((des_cblock*)p); + memcpy (p + 8, input_message_buffer->value, input_message_buffer->length); - + memset (p + 8 + input_message_buffer->length, padlength, padlength); + + /* checksum */ md5_init (&md5); md5_update (&md5, p - 24, 8); - md5_update (&md5, p, input_message_buffer->length); + md5_update (&md5, p + 8, input_message_buffer->length + padlength); md5_finito (&md5, hash); memset (&zero, 0, sizeof(zero)); @@ -59,5 +73,46 @@ OM_uint32 gss_wrap des_cbc_cksum ((des_cblock *)hash, (des_cblock *)hash, sizeof(hash), schedule, &zero); memcpy (p - 8, hash, 8); + + /* sequence number */ + krb5_auth_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p -= 16; + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + memset (p + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + des_set_key (&key, schedule); + des_cbc_encrypt (p, p, 8, schedule, p + 16, DES_ENCRYPT); + + krb5_auth_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + + /* encrypt the data */ + p += 16; + + memset (&zero, 0, sizeof(zero)); + memcpy (&key, context_handle->auth_context->key.keyvalue.data, + sizeof(key)); + for (i = 0; i < sizeof(key); ++i) + key[i] ^= 0xf0; + des_set_key (&key, schedule); + des_cbc_encrypt ((des_cblock *)p, + (des_cblock *)p, + 8 + input_message_buffer->length + padlength, + schedule, + &zero, + DES_ENCRYPT); + + memset (key, 0, sizeof(key)); + memset (schedule, 0, sizeof(schedule)); + return GSS_S_COMPLETE; }