xref: /freebsd/crypto/heimdal/lib/krb5/rd_safe.c (revision daf1cffce2e07931f27c6c6998652e90df6ba87e) 
1 /*
2  * Copyright (c) 1997 - 2000 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <krb5_locl.h>
35 
36 RCSID("$Id: rd_safe.c,v 1.19 2000/02/06 05:20:51 assar Exp $");
37 
38 static krb5_error_code
39 verify_checksum(krb5_context context,
40 		krb5_auth_context auth_context,
41 		KRB_SAFE *safe)
42 {
43     krb5_error_code ret;
44     u_char *buf;
45     size_t buf_size;
46     size_t len;
47     Checksum c;
48     krb5_crypto crypto;
49 
50     c = safe->cksum;
51     safe->cksum.cksumtype       = 0;
52     safe->cksum.checksum.data   = NULL;
53     safe->cksum.checksum.length = 0;
54 
55 
56     buf_size = length_KRB_SAFE(safe);
57     buf = malloc(buf_size);
58 
59     if (buf == NULL) {
60 	ret = ENOMEM;
61 	goto out;
62     }
63 
64     ret = encode_KRB_SAFE (buf + buf_size - 1,
65 			   buf_size,
66 			   safe,
67 			   &len);
68     krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
69     ret = krb5_verify_checksum (context,
70 				crypto,
71 				KRB5_KU_KRB_SAFE_CKSUM,
72 				buf + buf_size - len,
73 				len,
74 				&c);
75     krb5_crypto_destroy(context, crypto);
76 out:
77     safe->cksum = c;
78     free (buf);
79     return ret;
80 }
81 
82 krb5_error_code
83 krb5_rd_safe(krb5_context context,
84 	     krb5_auth_context auth_context,
85 	     const krb5_data *inbuf,
86 	     krb5_data *outbuf,
87 	     /*krb5_replay_data*/ void *outdata)
88 {
89   krb5_error_code ret;
90   KRB_SAFE safe;
91   size_t len;
92 
93   ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
94   if (ret)
95       return ret;
96   if (safe.pvno != 5) {
97       ret = KRB5KRB_AP_ERR_BADVERSION;
98       goto failure;
99   }
100   if (safe.msg_type != krb_safe) {
101       ret = KRB5KRB_AP_ERR_MSG_TYPE;
102       goto failure;
103   }
104   if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
105       || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
106       ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
107       goto failure;
108   }
109 
110   /* check sender address */
111 
112   if (safe.safe_body.s_address
113       && auth_context->remote_address
114       && !krb5_address_compare (context,
115 				auth_context->remote_address,
116 				safe.safe_body.s_address)) {
117       ret = KRB5KRB_AP_ERR_BADADDR;
118       goto failure;
119   }
120 
121   /* check receiver address */
122 
123   if (safe.safe_body.r_address
124       && auth_context->local_address
125       && !krb5_address_compare (context,
126 				auth_context->local_address,
127 				safe.safe_body.r_address)) {
128       ret = KRB5KRB_AP_ERR_BADADDR;
129       goto failure;
130   }
131 
132   /* check timestamp */
133   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
134       krb5_timestamp sec;
135 
136       krb5_timeofday (context, &sec);
137 
138       if (safe.safe_body.timestamp == NULL ||
139 	  safe.safe_body.usec      == NULL ||
140 	  abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
141 	  ret = KRB5KRB_AP_ERR_SKEW;
142 	  goto failure;
143       }
144   }
145   /* XXX - check replay cache */
146 
147   /* check sequence number */
148   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
149       if (safe.safe_body.seq_number == NULL ||
150 	  *safe.safe_body.seq_number != ++auth_context->remote_seqnumber) {
151 	  ret = KRB5KRB_AP_ERR_BADORDER;
152 	  goto failure;
153       }
154   }
155 
156   ret = verify_checksum (context, auth_context, &safe);
157   if (ret)
158       goto failure;
159 
160   outbuf->length = safe.safe_body.user_data.length;
161   outbuf->data   = malloc(outbuf->length);
162   if (outbuf->data == NULL) {
163       ret = ENOMEM;
164       goto failure;
165   }
166   memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
167   free_KRB_SAFE (&safe);
168   return 0;
169 failure:
170   free_KRB_SAFE (&safe);
171   return ret;
172 }
173