Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * linux/net/sunrpc/gss_krb5_unseal.c | |
3 | * | |
4 | * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/k5unseal.c | |
5 | * | |
6 | * Copyright (c) 2000 The Regents of the University of Michigan. | |
7 | * All rights reserved. | |
8 | * | |
9 | * Andy Adamson <andros@umich.edu> | |
10 | */ | |
11 | ||
12 | /* | |
13 | * Copyright 1993 by OpenVision Technologies, Inc. | |
14 | * | |
15 | * Permission to use, copy, modify, distribute, and sell this software | |
16 | * and its documentation for any purpose is hereby granted without fee, | |
17 | * provided that the above copyright notice appears in all copies and | |
18 | * that both that copyright notice and this permission notice appear in | |
19 | * supporting documentation, and that the name of OpenVision not be used | |
20 | * in advertising or publicity pertaining to distribution of the software | |
21 | * without specific, written prior permission. OpenVision makes no | |
22 | * representations about the suitability of this software for any | |
23 | * purpose. It is provided "as is" without express or implied warranty. | |
24 | * | |
25 | * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, | |
26 | * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO | |
27 | * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR | |
28 | * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF | |
29 | * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR | |
30 | * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | |
31 | * PERFORMANCE OF THIS SOFTWARE. | |
32 | */ | |
33 | ||
34 | /* | |
35 | * Copyright (C) 1998 by the FundsXpress, INC. | |
36 | * | |
37 | * All rights reserved. | |
38 | * | |
39 | * Export of this software from the United States of America may require | |
40 | * a specific license from the United States Government. It is the | |
41 | * responsibility of any person or organization contemplating export to | |
42 | * obtain such a license before exporting. | |
43 | * | |
44 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and | |
45 | * distribute this software and its documentation for any purpose and | |
46 | * without fee is hereby granted, provided that the above copyright | |
47 | * notice appear in all copies and that both that copyright notice and | |
48 | * this permission notice appear in supporting documentation, and that | |
49 | * the name of FundsXpress. not be used in advertising or publicity pertaining | |
50 | * to distribution of the software without specific, written prior | |
51 | * permission. FundsXpress makes no representations about the suitability of | |
52 | * this software for any purpose. It is provided "as is" without express | |
53 | * or implied warranty. | |
54 | * | |
55 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR | |
56 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED | |
57 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. | |
58 | */ | |
59 | ||
60 | #include <linux/types.h> | |
61 | #include <linux/slab.h> | |
62 | #include <linux/jiffies.h> | |
63 | #include <linux/sunrpc/gss_krb5.h> | |
64 | #include <linux/crypto.h> | |
65 | ||
66 | #ifdef RPC_DEBUG | |
67 | # define RPCDBG_FACILITY RPCDBG_AUTH | |
68 | #endif | |
69 | ||
70 | ||
71 | /* message_buffer is an input if toktype is MIC and an output if it is WRAP: | |
72 | * If toktype is MIC: read_token is a mic token, and message_buffer is the | |
73 | * data that the mic was supposedly taken over. | |
74 | * If toktype is WRAP: read_token is a wrap token, and message_buffer is used | |
75 | * to return the decrypted data. | |
76 | */ | |
77 | ||
78 | /* XXX will need to change prototype and/or just split into a separate function | |
79 | * when we add privacy (because read_token will be in pages too). */ | |
80 | u32 | |
81 | krb5_read_token(struct krb5_ctx *ctx, | |
82 | struct xdr_netobj *read_token, | |
83 | struct xdr_buf *message_buffer, | |
84 | int *qop_state, int toktype) | |
85 | { | |
86 | int signalg; | |
87 | int sealalg; | |
88 | s32 checksum_type; | |
89 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | |
90 | s32 now; | |
91 | int direction; | |
92 | s32 seqnum; | |
93 | unsigned char *ptr = (unsigned char *)read_token->data; | |
94 | int bodysize; | |
95 | u32 ret = GSS_S_DEFECTIVE_TOKEN; | |
96 | ||
97 | dprintk("RPC: krb5_read_token\n"); | |
98 | ||
99 | if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr, | |
100 | read_token->len)) | |
101 | goto out; | |
102 | ||
103 | if ((*ptr++ != ((toktype>>8)&0xff)) || (*ptr++ != (toktype&0xff))) | |
104 | goto out; | |
105 | ||
106 | /* XXX sanity-check bodysize?? */ | |
107 | ||
108 | if (toktype == KG_TOK_WRAP_MSG) { | |
109 | /* XXX gone */ | |
110 | goto out; | |
111 | } | |
112 | ||
113 | /* get the sign and seal algorithms */ | |
114 | ||
115 | signalg = ptr[0] + (ptr[1] << 8); | |
116 | sealalg = ptr[2] + (ptr[3] << 8); | |
117 | ||
118 | /* Sanity checks */ | |
119 | ||
120 | if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) | |
121 | goto out; | |
122 | ||
123 | if (((toktype != KG_TOK_WRAP_MSG) && (sealalg != 0xffff)) || | |
124 | ((toktype == KG_TOK_WRAP_MSG) && (sealalg == 0xffff))) | |
125 | goto out; | |
126 | ||
127 | /* in the current spec, there is only one valid seal algorithm per | |
128 | key type, so a simple comparison is ok */ | |
129 | ||
130 | if ((toktype == KG_TOK_WRAP_MSG) && !(sealalg == ctx->sealalg)) | |
131 | goto out; | |
132 | ||
133 | /* there are several mappings of seal algorithms to sign algorithms, | |
134 | but few enough that we can try them all. */ | |
135 | ||
136 | if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || | |
137 | (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) || | |
138 | (ctx->sealalg == SEAL_ALG_DES3KD && | |
139 | signalg != SGN_ALG_HMAC_SHA1_DES3_KD)) | |
140 | goto out; | |
141 | ||
142 | /* compute the checksum of the message */ | |
143 | ||
144 | /* initialize the the cksum */ | |
145 | switch (signalg) { | |
146 | case SGN_ALG_DES_MAC_MD5: | |
147 | checksum_type = CKSUMTYPE_RSA_MD5; | |
148 | break; | |
149 | default: | |
150 | ret = GSS_S_DEFECTIVE_TOKEN; | |
151 | goto out; | |
152 | } | |
153 | ||
154 | switch (signalg) { | |
155 | case SGN_ALG_DES_MAC_MD5: | |
156 | ret = make_checksum(checksum_type, ptr - 2, 8, | |
157 | message_buffer, &md5cksum); | |
158 | if (ret) | |
159 | goto out; | |
160 | ||
161 | ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data, | |
162 | md5cksum.data, 16); | |
163 | if (ret) | |
164 | goto out; | |
165 | ||
166 | if (memcmp(md5cksum.data + 8, ptr + 14, 8)) { | |
167 | ret = GSS_S_BAD_SIG; | |
168 | goto out; | |
169 | } | |
170 | break; | |
171 | default: | |
172 | ret = GSS_S_DEFECTIVE_TOKEN; | |
173 | goto out; | |
174 | } | |
175 | ||
176 | /* it got through unscathed. Make sure the context is unexpired */ | |
177 | ||
178 | if (qop_state) | |
179 | *qop_state = GSS_C_QOP_DEFAULT; | |
180 | ||
181 | now = get_seconds(); | |
182 | ||
183 | ret = GSS_S_CONTEXT_EXPIRED; | |
184 | if (now > ctx->endtime) | |
185 | goto out; | |
186 | ||
187 | /* do sequencing checks */ | |
188 | ||
189 | ret = GSS_S_BAD_SIG; | |
190 | if ((ret = krb5_get_seq_num(ctx->seq, ptr + 14, ptr + 6, &direction, | |
191 | &seqnum))) | |
192 | goto out; | |
193 | ||
194 | if ((ctx->initiate && direction != 0xff) || | |
195 | (!ctx->initiate && direction != 0)) | |
196 | goto out; | |
197 | ||
198 | ret = GSS_S_COMPLETE; | |
199 | out: | |
200 | if (md5cksum.data) kfree(md5cksum.data); | |
201 | return ret; | |
202 | } |