xref: /freebsd/crypto/krb5/src/lib/krb5/krb/rd_safe.c (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/krb/rd_safe.c - krb5_rd_safe() */
3 /*
4  * Copyright 1990,1991,2007,2008,2019 by the Massachusetts Institute of
5  * Technology.  All Rights Reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  *
14  * * Redistributions in binary form must reproduce the above copyright
15  *   notice, this list of conditions and the following disclaimer in
16  *   the documentation and/or other materials provided with the
17  *   distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30  * OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #include "k5-int.h"
34 #include "int-proto.h"
35 #include "auth_con.h"
36 
37 /*
38  * Unmarshal a KRB-SAFE message from der_krbsafe, placing the
39  * integrity-protected user data in *userdata_out, replay data in *rdata_out,
40  * and checksum in *cksum_out.  The caller should free *userdata_out and
41  * *cksum_out when finished.
42  */
43 static krb5_error_code
read_krbsafe(krb5_context context,krb5_auth_context ac,const krb5_data * der_krbsafe,krb5_key key,krb5_replay_data * rdata_out,krb5_data * userdata_out,krb5_checksum ** cksum_out)44 read_krbsafe(krb5_context context, krb5_auth_context ac,
45              const krb5_data *der_krbsafe, krb5_key key,
46              krb5_replay_data *rdata_out, krb5_data *userdata_out,
47              krb5_checksum **cksum_out)
48 {
49     krb5_error_code ret;
50     krb5_safe *krbsafe;
51     krb5_data *safe_body = NULL, *der_zerosafe = NULL;
52     krb5_checksum zero_cksum, *safe_cksum = NULL;
53     krb5_octet zero_octet = 0;
54     krb5_boolean valid;
55     struct krb5_safe_with_body swb;
56 
57     *userdata_out = empty_data();
58     *cksum_out = NULL;
59     if (!krb5_is_krb_safe(der_krbsafe))
60         return KRB5KRB_AP_ERR_MSG_TYPE;
61 
62     ret = decode_krb5_safe_with_body(der_krbsafe, &krbsafe, &safe_body);
63     if (ret)
64         return ret;
65 
66     if (!krb5_c_valid_cksumtype(krbsafe->checksum->checksum_type)) {
67         ret = KRB5_PROG_SUMTYPE_NOSUPP;
68         goto cleanup;
69     }
70     if (!krb5_c_is_coll_proof_cksum(krbsafe->checksum->checksum_type) ||
71         !krb5_c_is_keyed_cksum(krbsafe->checksum->checksum_type)) {
72         ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
73         goto cleanup;
74     }
75 
76     ret = k5_privsafe_check_addrs(context, ac, krbsafe->s_address,
77                                   krbsafe->r_address);
78     if (ret)
79         goto cleanup;
80 
81     /* Regenerate the KRB-SAFE message without the checksum.  Save the message
82      * checksum to verify. */
83     safe_cksum = krbsafe->checksum;
84     zero_cksum.length = 0;
85     zero_cksum.checksum_type = 0;
86     zero_cksum.contents = &zero_octet;
87     krbsafe->checksum = &zero_cksum;
88     swb.body = safe_body;
89     swb.safe = krbsafe;
90     ret = encode_krb5_safe_with_body(&swb, &der_zerosafe);
91     krbsafe->checksum = NULL;
92     if (ret)
93         goto cleanup;
94 
95     /* Verify the checksum over the re-encoded message. */
96     ret = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
97                                  der_zerosafe, safe_cksum, &valid);
98     if (!valid) {
99         /* Checksum over only the KRB-SAFE-BODY as specified in RFC 1510. */
100         ret = krb5_k_verify_checksum(context, key,
101                                      KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
102                                      safe_body, safe_cksum, &valid);
103         if (!valid) {
104             ret = KRB5KRB_AP_ERR_MODIFIED;
105             goto cleanup;
106         }
107     }
108 
109     rdata_out->timestamp = krbsafe->timestamp;
110     rdata_out->usec = krbsafe->usec;
111     rdata_out->seq = krbsafe->seq_number;
112 
113     *userdata_out = krbsafe->user_data;
114     krbsafe->user_data.data = NULL;
115 
116     *cksum_out = safe_cksum;
117     safe_cksum = NULL;
118 
119 cleanup:
120     zapfreedata(der_zerosafe);
121     krb5_free_data(context, safe_body);
122     krb5_free_safe(context, krbsafe);
123     krb5_free_checksum(context, safe_cksum);
124     return ret;
125 }
126 
127 krb5_error_code KRB5_CALLCONV
krb5_rd_safe(krb5_context context,krb5_auth_context authcon,const krb5_data * inbuf,krb5_data * userdata_out,krb5_replay_data * rdata_out)128 krb5_rd_safe(krb5_context context, krb5_auth_context authcon,
129              const krb5_data *inbuf, krb5_data *userdata_out,
130              krb5_replay_data *rdata_out)
131 {
132     krb5_error_code ret;
133     krb5_key key;
134     krb5_replay_data rdata;
135     krb5_data userdata = empty_data();
136     krb5_checksum *cksum;
137     const krb5_int32 flags = authcon->auth_context_flags;
138 
139     *userdata_out = empty_data();
140 
141     if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
142          (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && rdata_out == NULL)
143         return KRB5_RC_REQUIRED;
144 
145     key = (authcon->recv_subkey != NULL) ? authcon->recv_subkey : authcon->key;
146     memset(&rdata, 0, sizeof(rdata));
147     ret = read_krbsafe(context, authcon, inbuf, key, &rdata, &userdata,
148                        &cksum);
149     if (ret)
150         goto cleanup;
151 
152     ret = k5_privsafe_check_replay(context, authcon, &rdata, NULL, cksum);
153     if (ret)
154         goto cleanup;
155 
156     if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
157         if (!k5_privsafe_check_seqnum(context, authcon, rdata.seq)) {
158             ret = KRB5KRB_AP_ERR_BADORDER;
159             goto cleanup;
160         }
161         authcon->remote_seq_number++;
162     }
163 
164     if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
165         (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
166         rdata_out->timestamp = rdata.timestamp;
167         rdata_out->usec = rdata.usec;
168         rdata_out->seq = rdata.seq;
169     }
170 
171     *userdata_out = userdata;
172     userdata = empty_data();
173 
174 cleanup:
175     krb5_free_data_contents(context, &userdata);
176     krb5_free_checksum(context, cksum);
177     return ret;
178 }
179