oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: use mechglue instead of gssntlm encoders

Browse Source 
Replace calls to {en,de}code...() with mechglue equivalents.
This commit is contained in:
Luke Howard
2023-01-16 19:11:03 +11:00
parent 363e7d1e0f
commit dc682769c4
2 changed files with 18 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
lib/gssapi/ntlm/crypto.c
View File

@@ -44,27 +44,6 @@ struct _krb5_encryption_type;
struct _krb5_key_type;
#include "krb5_locl.h"
/*
*
*/
static void
encode_le_uint32(uint32_t n, unsigned char *p)
{
p[0] = (n >> 0) & 0xFF;
p[1] = (n >> 8) & 0xFF;
p[2] = (n >> 16) & 0xFF;
p[3] = (n >> 24) & 0xFF;
}
static void
decode_le_uint32(const void *ptr, uint32_t *n)
{
const unsigned char *p = ptr;
*n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
}
/*
*
*/
@@ -168,11 +147,11 @@ v1_sign_message(gss_buffer_t in,
_krb5_crc_init_table();
crc = _krb5_crc_update(in->value, in->length, 0);
encode_le_uint32(0, &sigature[0]);
encode_le_uint32(crc, &sigature[4]);
encode_le_uint32(seq, &sigature[8]);
_gss_mg_encode_le_uint32(0, &sigature[0]);
_gss_mg_encode_le_uint32(crc, &sigature[4]);
_gss_mg_encode_le_uint32(seq, &sigature[8]);
encode_le_uint32(1, out); /* version */
_gss_mg_encode_le_uint32(1, out); /* version */
RC4(signkey, sizeof(sigature), sigature, out + 4);
if (RAND_bytes(out + 4, 4) != 1)
@@ -199,13 +178,13 @@ v2_sign_message(gss_buffer_t in,
return GSS_S_FAILURE;
}
encode_le_uint32(seq, hmac);
_gss_mg_encode_le_uint32(seq, hmac);
HMAC_Update(&c, hmac, 4);
HMAC_Update(&c, in->value, in->length);
HMAC_Final(&c, hmac, &hmaclen);
HMAC_CTX_cleanup(&c);
encode_le_uint32(1, &out[0]);
_gss_mg_encode_le_uint32(1, &out[0]);
if (sealkey)
RC4(sealkey, 8, hmac, &out[4]);
else
@@ -365,10 +344,10 @@ _gss_ntlm_get_mic
sigature = message_token->value;
encode_le_uint32(1, &sigature[0]); /* version */
encode_le_uint32(0, &sigature[4]);
encode_le_uint32(0, &sigature[8]);
encode_le_uint32(0, &sigature[12]);
_gss_mg_encode_le_uint32(1, &sigature[0]); /* version */
_gss_mg_encode_le_uint32(0, &sigature[4]);
_gss_mg_encode_le_uint32(0, &sigature[8]);
_gss_mg_encode_le_uint32(0, &sigature[12]);
return GSS_S_COMPLETE;
}
@@ -422,7 +401,7 @@ _gss_ntlm_verify_mic
if ((ctx->status & STATUS_SESSIONKEY) == 0)
return GSS_S_UNAVAILABLE;
decode_le_uint32(token_buffer->value, &num);
_gss_mg_decode_le_uint32(token_buffer->value, &num);
if (num != 1)
return GSS_S_BAD_MIC;
@@ -433,10 +412,10 @@ _gss_ntlm_verify_mic
crc = _krb5_crc_update(message_buffer->value,
message_buffer->length, 0);
/* skip first 4 bytes in the encrypted checksum */
decode_le_uint32(&sigature[4], &num);
_gss_mg_decode_le_uint32(&sigature[4], &num);
if (num != crc)
return GSS_S_BAD_MIC;
decode_le_uint32(&sigature[8], &num);
_gss_mg_decode_le_uint32(&sigature[8], &num);
if (ctx->u.v1.crypto_recv.seq != num)
return GSS_S_BAD_MIC;
ctx->u.v1.crypto_recv.seq++;
@@ -448,13 +427,13 @@ _gss_ntlm_verify_mic
p = (unsigned char*)(token_buffer->value);
decode_le_uint32(&p[0], &num); /* version */
_gss_mg_decode_le_uint32(&p[0], &num); /* version */
if (num != 1) return GSS_S_BAD_MIC;
decode_le_uint32(&p[4], &num);
_gss_mg_decode_le_uint32(&p[4], &num);
if (num != 0) return GSS_S_BAD_MIC;
decode_le_uint32(&p[8], &num);
_gss_mg_decode_le_uint32(&p[8], &num);
if (num != 0) return GSS_S_BAD_MIC;
decode_le_uint32(&p[12], &num);
_gss_mg_decode_le_uint32(&p[12], &num);
if (num != 0) return GSS_S_BAD_MIC;
return GSS_S_COMPLETE;

1
lib/gssapi/ntlm/ntlm.h
View File

@@ -50,6 +50,7 @@
#include <gssapi_ntlm.h>
#include <gssapi_mech.h>
#include <gssapi_oid.h>
#include <mech/utils.h>
#include <krb5.h>
#include <kcm.h>