do encrypt and add sequence number
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1918 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -1,6 +1,4 @@
|
||||
#include "gssapi_locl.h"
|
||||
#include <des.h>
|
||||
#include <md5.h>
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
@@ -13,13 +11,16 @@ OM_uint32 gss_unwrap
|
||||
gss_qop_t * qop_state
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
u_char *p, *pad;
|
||||
size_t len;
|
||||
struct md5 md5;
|
||||
u_char hash[16];
|
||||
u_char hash[16], seq_data[8];
|
||||
des_key_schedule schedule;
|
||||
des_cblock key;
|
||||
des_cblock zero;
|
||||
int i;
|
||||
int32_t seq_number;
|
||||
size_t padlength;
|
||||
|
||||
p = input_message_buffer->value;
|
||||
len = GSS_KRB5_MECHANISM->length + 28;
|
||||
@@ -36,7 +37,7 @@ OM_uint32 gss_unwrap
|
||||
if (memcmp (p, "\x00\x00", 2) != 0)
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp (p, "\xff\xff", 2) != 0)
|
||||
if (memcmp (p, "\x0\x00", 2) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
p += 2;
|
||||
if (memcmp (p, "\xff\xff", 2) != 0)
|
||||
@@ -58,12 +59,73 @@ OM_uint32 gss_unwrap
|
||||
if (memcmp (p - 8, hash, 8) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
|
||||
output_message_buffer->length = input_message_buffer->length - len;
|
||||
/* verify sequence number */
|
||||
|
||||
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
seq_data[0] = (seq_number >> 0) & 0xFF;
|
||||
seq_data[1] = (seq_number >> 8) & 0xFF;
|
||||
seq_data[2] = (seq_number >> 16) & 0xFF;
|
||||
seq_data[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq_data + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
p -= 16;
|
||||
des_set_key (&key, schedule);
|
||||
des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT);
|
||||
|
||||
memset (key, 0, sizeof(key));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
|
||||
if (memcmp (p, seq_data, 8) != 0) {
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
/* decrypt data */
|
||||
|
||||
p += 16;
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
|
||||
sizeof(key));
|
||||
for (i = 0; i < sizeof(key); ++i)
|
||||
key[i] ^= 0xf0;
|
||||
des_set_key (&key, schedule);
|
||||
des_cbc_encrypt ((des_cblock *)p,
|
||||
(des_cblock *)p,
|
||||
input_message_buffer->length - len,
|
||||
schedule,
|
||||
&zero,
|
||||
DES_DECRYPT);
|
||||
|
||||
memset (key, 0, sizeof(key));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
|
||||
/* check pad */
|
||||
|
||||
pad = (char *)input_message_buffer->value + input_message_buffer->length - 1;
|
||||
padlength = *pad;
|
||||
|
||||
for (i = padlength; i >= 0 && *pad == padlength; i--, pad--)
|
||||
;
|
||||
if (i != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
|
||||
/* copy out data */
|
||||
|
||||
output_message_buffer->length = input_message_buffer->length
|
||||
- len - 8 - padlength;
|
||||
output_message_buffer->value = malloc(output_message_buffer->length);
|
||||
if(output_message_buffer->value == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
memcpy (output_message_buffer->value,
|
||||
p,
|
||||
p + 8,
|
||||
output_message_buffer->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user