xref: /freebsd/crypto/heimdal/lib/krb5/rd_safe.c (revision 271c3a9060f2ee55607ebe146523f888e1db2654)
1 /*
2  * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <krb5_locl.h>
35 
36 RCSID("$Id: rd_safe.c 19827 2007-01-11 02:54:59Z lha $");
37 
38 static krb5_error_code
39 verify_checksum(krb5_context context,
40 		krb5_auth_context auth_context,
41 		KRB_SAFE *safe)
42 {
43     krb5_error_code ret;
44     u_char *buf;
45     size_t buf_size;
46     size_t len;
47     Checksum c;
48     krb5_crypto crypto;
49     krb5_keyblock *key;
50 
51     c = safe->cksum;
52     safe->cksum.cksumtype       = 0;
53     safe->cksum.checksum.data   = NULL;
54     safe->cksum.checksum.length = 0;
55 
56     ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
57     if(ret)
58 	return ret;
59     if(buf_size != len)
60 	krb5_abortx(context, "internal error in ASN.1 encoder");
61 
62     if (auth_context->remote_subkey)
63 	key = auth_context->remote_subkey;
64     else if (auth_context->local_subkey)
65 	key = auth_context->local_subkey;
66     else
67 	key = auth_context->keyblock;
68 
69     ret = krb5_crypto_init(context, key, 0, &crypto);
70     if (ret)
71 	goto out;
72     ret = krb5_verify_checksum (context,
73 				crypto,
74 				KRB5_KU_KRB_SAFE_CKSUM,
75 				buf + buf_size - len,
76 				len,
77 				&c);
78     krb5_crypto_destroy(context, crypto);
79 out:
80     safe->cksum = c;
81     free (buf);
82     return ret;
83 }
84 
85 krb5_error_code KRB5_LIB_FUNCTION
86 krb5_rd_safe(krb5_context context,
87 	     krb5_auth_context auth_context,
88 	     const krb5_data *inbuf,
89 	     krb5_data *outbuf,
90 	     krb5_replay_data *outdata)
91 {
92     krb5_error_code ret;
93     KRB_SAFE safe;
94     size_t len;
95 
96     if (outbuf)
97 	krb5_data_zero(outbuf);
98 
99     if ((auth_context->flags &
100 	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
101 	outdata == NULL) {
102 	krb5_set_error_string(context, "rd_safe: need outdata to return data");
103 	return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
104     }
105 
106     ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
107     if (ret)
108 	return ret;
109     if (safe.pvno != 5) {
110 	ret = KRB5KRB_AP_ERR_BADVERSION;
111 	krb5_clear_error_string (context);
112 	goto failure;
113     }
114     if (safe.msg_type != krb_safe) {
115 	ret = KRB5KRB_AP_ERR_MSG_TYPE;
116 	krb5_clear_error_string (context);
117 	goto failure;
118     }
119     if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
120 	|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
121 	ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
122 	krb5_clear_error_string (context);
123 	goto failure;
124     }
125 
126     /* check sender address */
127 
128     if (safe.safe_body.s_address
129 	&& auth_context->remote_address
130 	&& !krb5_address_compare (context,
131 				  auth_context->remote_address,
132 				  safe.safe_body.s_address)) {
133 	ret = KRB5KRB_AP_ERR_BADADDR;
134 	krb5_clear_error_string (context);
135 	goto failure;
136     }
137 
138     /* check receiver address */
139 
140     if (safe.safe_body.r_address
141 	&& auth_context->local_address
142 	&& !krb5_address_compare (context,
143 				  auth_context->local_address,
144 				  safe.safe_body.r_address)) {
145 	ret = KRB5KRB_AP_ERR_BADADDR;
146 	krb5_clear_error_string (context);
147 	goto failure;
148     }
149 
150     /* check timestamp */
151     if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
152 	krb5_timestamp sec;
153 
154 	krb5_timeofday (context, &sec);
155 
156 	if (safe.safe_body.timestamp == NULL ||
157 	    safe.safe_body.usec      == NULL ||
158 	    abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
159 	    ret = KRB5KRB_AP_ERR_SKEW;
160 	    krb5_clear_error_string (context);
161 	    goto failure;
162 	}
163     }
164     /* XXX - check replay cache */
165 
166     /* check sequence number. since MIT krb5 cannot generate a sequence
167        number of zero but instead generates no sequence number, we accept that
168     */
169 
170     if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
171 	if ((safe.safe_body.seq_number == NULL
172 	     && auth_context->remote_seqnumber != 0)
173 	    || (safe.safe_body.seq_number != NULL
174 		&& *safe.safe_body.seq_number !=
175 		auth_context->remote_seqnumber)) {
176 	    ret = KRB5KRB_AP_ERR_BADORDER;
177 	    krb5_clear_error_string (context);
178 	    goto failure;
179 	}
180 	auth_context->remote_seqnumber++;
181     }
182 
183     ret = verify_checksum (context, auth_context, &safe);
184     if (ret)
185 	goto failure;
186 
187     outbuf->length = safe.safe_body.user_data.length;
188     outbuf->data   = malloc(outbuf->length);
189     if (outbuf->data == NULL && outbuf->length != 0) {
190 	ret = ENOMEM;
191 	krb5_set_error_string (context, "malloc: out of memory");
192 	krb5_data_zero(outbuf);
193 	goto failure;
194     }
195     memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
196 
197     if ((auth_context->flags &
198 	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
199 	/* if these fields are not present in the safe-part, silently
200            return zero */
201 	memset(outdata, 0, sizeof(*outdata));
202 	if(safe.safe_body.timestamp)
203 	    outdata->timestamp = *safe.safe_body.timestamp;
204 	if(safe.safe_body.usec)
205 	    outdata->usec = *safe.safe_body.usec;
206 	if(safe.safe_body.seq_number)
207 	    outdata->seq = *safe.safe_body.seq_number;
208     }
209 
210   failure:
211     free_KRB_SAFE (&safe);
212     return ret;
213 }
214