oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

do encrypt and add sequence number

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1918 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-06-16 03:46:04 +00:00
parent 20bbef706b
commit d41212baa9
4 changed files with 262 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
lib/gssapi/krb5/unwrap.c
View File

@@ -1,6 +1,4 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
#include <des.h>
#include <md5.h>
RCSID("$Id$"); RCSID("$Id$");
@@ -13,13 +11,16 @@ OM_uint32 gss_unwrap
gss_qop_t * qop_state gss_qop_t * qop_state
) )
{ {
u_char *p; u_char *p, *pad;
size_t len; size_t len;
struct md5 md5; struct md5 md5;
u_char hash[16]; u_char hash[16], seq_data[8];
des_key_schedule schedule; des_key_schedule schedule;
des_cblock key; des_cblock key;
des_cblock zero; des_cblock zero;
int i;
int32_t seq_number;
size_t padlength;
p = input_message_buffer->value; p = input_message_buffer->value;
len = GSS_KRB5_MECHANISM->length + 28; len = GSS_KRB5_MECHANISM->length + 28;
@@ -36,7 +37,7 @@ OM_uint32 gss_unwrap
if (memcmp (p, "\x00\x00", 2) != 0) if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG; return GSS_S_BAD_SIG;
p += 2; p += 2;
if (memcmp (p, "\xff\xff", 2) != 0) if (memcmp (p, "\x0\x00", 2) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
p += 2; p += 2;
if (memcmp (p, "\xff\xff", 2) != 0) if (memcmp (p, "\xff\xff", 2) != 0)
@@ -58,12 +59,73 @@ OM_uint32 gss_unwrap
if (memcmp (p - 8, hash, 8) != 0) if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
output_message_buffer->length = input_message_buffer->length - len; /* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
p -= 16;
des_set_key (&key, schedule);
des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* decrypt data */
p += 16;
memset (&zero, 0, sizeof(zero));
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
for (i = 0; i < sizeof(key); ++i)
key[i] ^= 0xf0;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p,
(des_cblock *)p,
input_message_buffer->length - len,
schedule,
&zero,
DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
/* check pad */
pad = (char *)input_message_buffer->value + input_message_buffer->length - 1;
padlength = *pad;
for (i = padlength; i >= 0 && *pad == padlength; i--, pad--)
;
if (i != 0)
return GSS_S_BAD_MIC;
/* copy out data */
output_message_buffer->length = input_message_buffer->length
- len - 8 - padlength;
output_message_buffer->value = malloc(output_message_buffer->length); output_message_buffer->value = malloc(output_message_buffer->length);
if(output_message_buffer->value == NULL) if(output_message_buffer->value == NULL)
return GSS_S_FAILURE; return GSS_S_FAILURE;
memcpy (output_message_buffer->value, memcpy (output_message_buffer->value,
p, p + 8,
output_message_buffer->length); output_message_buffer->length);
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

69
lib/gssapi/krb5/wrap.c
View File

@@ -1,6 +1,4 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
#include <des.h>
#include <md5.h>
RCSID("$Id$"); RCSID("$Id$");
@@ -21,8 +19,14 @@ OM_uint32 gss_wrap
des_key_schedule schedule; des_key_schedule schedule;
des_cblock key; des_cblock key;
des_cblock zero; des_cblock zero;
size_t padlength;
int i;
int32_t seq_number;
len = input_message_buffer->length + 28 + GSS_KRB5_MECHANISM->length; padlength = 8 - (input_message_buffer->length % 8);
len = input_message_buffer->length + 8 + padlength + 28
+ GSS_KRB5_MECHANISM->length;
output_message_buffer->length = len; output_message_buffer->length = len;
output_message_buffer->value = malloc (len); output_message_buffer->value = malloc (len);
if (output_message_buffer->value == NULL) if (output_message_buffer->value == NULL)
@@ -33,23 +37,33 @@ OM_uint32 gss_wrap
p += 4; p += 4;
memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
p += GSS_KRB5_MECHANISM->length; p += GSS_KRB5_MECHANISM->length;
/* TOK_ID */
memcpy (p, "\x02\x01", 2); memcpy (p, "\x02\x01", 2);
p += 2; p += 2;
/* SGN_ALG */
memcpy (p, "\x00\x00", 2); memcpy (p, "\x00\x00", 2);
p += 2; p += 2;
memcpy (p, "\xff\xff", 2); /* SEAL_ALG */
memcpy (p, "\x00\x00", 2);
p += 2; p += 2;
/* Filler */
memcpy (p, "\xff\xff", 2); memcpy (p, "\xff\xff", 2);
p += 2; p += 2;
/* fill in later */
memset (p, 0, 16); memset (p, 0, 16);
p += 16; p += 16;
memcpy (p, input_message_buffer->value,
/* confounder + data + pad */
des_new_random_key((des_cblock*)p);
memcpy (p + 8, input_message_buffer->value,
input_message_buffer->length); input_message_buffer->length);
memset (p + 8 + input_message_buffer->length, padlength, padlength);
/* checksum */
md5_init (&md5); md5_init (&md5);
md5_update (&md5, p - 24, 8); md5_update (&md5, p - 24, 8);
md5_update (&md5, p, input_message_buffer->length); md5_update (&md5, p + 8, input_message_buffer->length + padlength);
md5_finito (&md5, hash); md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero)); memset (&zero, 0, sizeof(zero));
@@ -59,5 +73,46 @@ OM_uint32 gss_wrap
des_cbc_cksum ((des_cblock *)hash, des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero); (des_cblock *)hash, sizeof(hash), schedule, &zero);
memcpy (p - 8, hash, 8); memcpy (p - 8, hash, 8);
/* sequence number */
krb5_auth_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
p -= 16;
p[0] = (seq_number >> 0) & 0xFF;
p[1] = (seq_number >> 8) & 0xFF;
p[2] = (seq_number >> 16) & 0xFF;
p[3] = (seq_number >> 24) & 0xFF;
memset (p + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
des_set_key (&key, schedule);
des_cbc_encrypt (p, p, 8, schedule, p + 16, DES_ENCRYPT);
krb5_auth_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* encrypt the data */
p += 16;
memset (&zero, 0, sizeof(zero));
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
for (i = 0; i < sizeof(key); ++i)
key[i] ^= 0xf0;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p,
(des_cblock *)p,
8 + input_message_buffer->length + padlength,
schedule,
&zero,
DES_ENCRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

76
lib/gssapi/unwrap.c
View File

@@ -1,6 +1,4 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
#include <des.h>
#include <md5.h>
RCSID("$Id$"); RCSID("$Id$");
@@ -13,13 +11,16 @@ OM_uint32 gss_unwrap
gss_qop_t * qop_state gss_qop_t * qop_state
) )
{ {
u_char *p; u_char *p, *pad;
size_t len; size_t len;
struct md5 md5; struct md5 md5;
u_char hash[16]; u_char hash[16], seq_data[8];
des_key_schedule schedule; des_key_schedule schedule;
des_cblock key; des_cblock key;
des_cblock zero; des_cblock zero;
int i;
int32_t seq_number;
size_t padlength;
p = input_message_buffer->value; p = input_message_buffer->value;
len = GSS_KRB5_MECHANISM->length + 28; len = GSS_KRB5_MECHANISM->length + 28;
@@ -36,7 +37,7 @@ OM_uint32 gss_unwrap
if (memcmp (p, "\x00\x00", 2) != 0) if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG; return GSS_S_BAD_SIG;
p += 2; p += 2;
if (memcmp (p, "\xff\xff", 2) != 0) if (memcmp (p, "\x0\x00", 2) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
p += 2; p += 2;
if (memcmp (p, "\xff\xff", 2) != 0) if (memcmp (p, "\xff\xff", 2) != 0)
@@ -58,12 +59,73 @@ OM_uint32 gss_unwrap
if (memcmp (p - 8, hash, 8) != 0) if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC; return GSS_S_BAD_MIC;
output_message_buffer->length = input_message_buffer->length - len; /* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
p -= 16;
des_set_key (&key, schedule);
des_cbc_encrypt (p, p, 8, schedule, hash, DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* decrypt data */
p += 16;
memset (&zero, 0, sizeof(zero));
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
for (i = 0; i < sizeof(key); ++i)
key[i] ^= 0xf0;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p,
(des_cblock *)p,
input_message_buffer->length - len,
schedule,
&zero,
DES_DECRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
/* check pad */
pad = (char *)input_message_buffer->value + input_message_buffer->length - 1;
padlength = *pad;
for (i = padlength; i >= 0 && *pad == padlength; i--, pad--)
;
if (i != 0)
return GSS_S_BAD_MIC;
/* copy out data */
output_message_buffer->length = input_message_buffer->length
- len - 8 - padlength;
output_message_buffer->value = malloc(output_message_buffer->length); output_message_buffer->value = malloc(output_message_buffer->length);
if(output_message_buffer->value == NULL) if(output_message_buffer->value == NULL)
return GSS_S_FAILURE; return GSS_S_FAILURE;
memcpy (output_message_buffer->value, memcpy (output_message_buffer->value,
p, p + 8,
output_message_buffer->length); output_message_buffer->length);
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }

69
lib/gssapi/wrap.c
View File

@@ -1,6 +1,4 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
#include <des.h>
#include <md5.h>
RCSID("$Id$"); RCSID("$Id$");
@@ -21,8 +19,14 @@ OM_uint32 gss_wrap
des_key_schedule schedule; des_key_schedule schedule;
des_cblock key; des_cblock key;
des_cblock zero; des_cblock zero;
size_t padlength;
int i;
int32_t seq_number;
len = input_message_buffer->length + 28 + GSS_KRB5_MECHANISM->length; padlength = 8 - (input_message_buffer->length % 8);
len = input_message_buffer->length + 8 + padlength + 28
+ GSS_KRB5_MECHANISM->length;
output_message_buffer->length = len; output_message_buffer->length = len;
output_message_buffer->value = malloc (len); output_message_buffer->value = malloc (len);
if (output_message_buffer->value == NULL) if (output_message_buffer->value == NULL)
@@ -33,23 +37,33 @@ OM_uint32 gss_wrap
p += 4; p += 4;
memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
p += GSS_KRB5_MECHANISM->length; p += GSS_KRB5_MECHANISM->length;
/* TOK_ID */
memcpy (p, "\x02\x01", 2); memcpy (p, "\x02\x01", 2);
p += 2; p += 2;
/* SGN_ALG */
memcpy (p, "\x00\x00", 2); memcpy (p, "\x00\x00", 2);
p += 2; p += 2;
memcpy (p, "\xff\xff", 2); /* SEAL_ALG */
memcpy (p, "\x00\x00", 2);
p += 2; p += 2;
/* Filler */
memcpy (p, "\xff\xff", 2); memcpy (p, "\xff\xff", 2);
p += 2; p += 2;
/* fill in later */
memset (p, 0, 16); memset (p, 0, 16);
p += 16; p += 16;
memcpy (p, input_message_buffer->value,
/* confounder + data + pad */
des_new_random_key((des_cblock*)p);
memcpy (p + 8, input_message_buffer->value,
input_message_buffer->length); input_message_buffer->length);
memset (p + 8 + input_message_buffer->length, padlength, padlength);
/* checksum */
md5_init (&md5); md5_init (&md5);
md5_update (&md5, p - 24, 8); md5_update (&md5, p - 24, 8);
md5_update (&md5, p, input_message_buffer->length); md5_update (&md5, p + 8, input_message_buffer->length + padlength);
md5_finito (&md5, hash); md5_finito (&md5, hash);
memset (&zero, 0, sizeof(zero)); memset (&zero, 0, sizeof(zero));
@@ -59,5 +73,46 @@ OM_uint32 gss_wrap
des_cbc_cksum ((des_cblock *)hash, des_cbc_cksum ((des_cblock *)hash,
(des_cblock *)hash, sizeof(hash), schedule, &zero); (des_cblock *)hash, sizeof(hash), schedule, &zero);
memcpy (p - 8, hash, 8); memcpy (p - 8, hash, 8);
/* sequence number */
krb5_auth_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
p -= 16;
p[0] = (seq_number >> 0) & 0xFF;
p[1] = (seq_number >> 8) & 0xFF;
p[2] = (seq_number >> 16) & 0xFF;
p[3] = (seq_number >> 24) & 0xFF;
memset (p + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
des_set_key (&key, schedule);
des_cbc_encrypt (p, p, 8, schedule, p + 16, DES_ENCRYPT);
krb5_auth_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* encrypt the data */
p += 16;
memset (&zero, 0, sizeof(zero));
memcpy (&key, context_handle->auth_context->key.keyvalue.data,
sizeof(key));
for (i = 0; i < sizeof(key); ++i)
key[i] ^= 0xf0;
des_set_key (&key, schedule);
des_cbc_encrypt ((des_cblock *)p,
(des_cblock *)p,
8 + input_message_buffer->length + padlength,
schedule,
&zero,
DES_ENCRYPT);
memset (key, 0, sizeof(key));
memset (schedule, 0, sizeof(schedule));
return GSS_S_COMPLETE; return GSS_S_COMPLETE;
} }