| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * linux/net/sunrpc/gss_krb5_unseal.c |
| 3 | * |
| 4 | * Adapted from MIT Kerberos 5-1.2.1 lib/gssapi/krb5/k5unseal.c |
| 5 | * |
| 6 | * Copyright (c) 2000 The Regents of the University of Michigan. |
| 7 | * All rights reserved. |
| 8 | * |
| 9 | * Andy Adamson <andros@umich.edu> |
| 10 | */ |
| 11 | |
| 12 | /* |
| 13 | * Copyright 1993 by OpenVision Technologies, Inc. |
| 14 | * |
| 15 | * Permission to use, copy, modify, distribute, and sell this software |
| 16 | * and its documentation for any purpose is hereby granted without fee, |
| 17 | * provided that the above copyright notice appears in all copies and |
| 18 | * that both that copyright notice and this permission notice appear in |
| 19 | * supporting documentation, and that the name of OpenVision not be used |
| 20 | * in advertising or publicity pertaining to distribution of the software |
| 21 | * without specific, written prior permission. OpenVision makes no |
| 22 | * representations about the suitability of this software for any |
| 23 | * purpose. It is provided "as is" without express or implied warranty. |
| 24 | * |
| 25 | * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, |
| 26 | * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO |
| 27 | * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR |
| 28 | * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF |
| 29 | * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR |
| 30 | * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR |
| 31 | * PERFORMANCE OF THIS SOFTWARE. |
| 32 | */ |
| 33 | |
| 34 | /* |
| 35 | * Copyright (C) 1998 by the FundsXpress, INC. |
| 36 | * |
| 37 | * All rights reserved. |
| 38 | * |
| 39 | * Export of this software from the United States of America may require |
| 40 | * a specific license from the United States Government. It is the |
| 41 | * responsibility of any person or organization contemplating export to |
| 42 | * obtain such a license before exporting. |
| 43 | * |
| 44 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and |
| 45 | * distribute this software and its documentation for any purpose and |
| 46 | * without fee is hereby granted, provided that the above copyright |
| 47 | * notice appear in all copies and that both that copyright notice and |
| 48 | * this permission notice appear in supporting documentation, and that |
| 49 | * the name of FundsXpress. not be used in advertising or publicity pertaining |
| 50 | * to distribution of the software without specific, written prior |
| 51 | * permission. FundsXpress makes no representations about the suitability of |
| 52 | * this software for any purpose. It is provided "as is" without express |
| 53 | * or implied warranty. |
| 54 | * |
| 55 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
| 56 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
| 57 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 58 | */ |
| 59 | |
| 60 | #include <linux/types.h> |
| 61 | #include <linux/slab.h> |
| 62 | #include <linux/jiffies.h> |
| 63 | #include <linux/sunrpc/gss_krb5.h> |
| 64 | #include <linux/crypto.h> |
| 65 | |
| 66 | #ifdef RPC_DEBUG |
| 67 | # define RPCDBG_FACILITY RPCDBG_AUTH |
| 68 | #endif |
| 69 | |
| 70 | |
| 71 | /* message_buffer is an input if toktype is MIC and an output if it is WRAP: |
| 72 | * If toktype is MIC: read_token is a mic token, and message_buffer is the |
| 73 | * data that the mic was supposedly taken over. |
| 74 | * If toktype is WRAP: read_token is a wrap token, and message_buffer is used |
| 75 | * to return the decrypted data. |
| 76 | */ |
| 77 | |
| 78 | /* XXX will need to change prototype and/or just split into a separate function |
| 79 | * when we add privacy (because read_token will be in pages too). */ |
| 80 | u32 |
| 81 | krb5_read_token(struct krb5_ctx *ctx, |
| 82 | struct xdr_netobj *read_token, |
| 83 | struct xdr_buf *message_buffer, |
| 84 | int *qop_state, int toktype) |
| 85 | { |
| 86 | int signalg; |
| 87 | int sealalg; |
| 88 | s32 checksum_type; |
| 89 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; |
| 90 | s32 now; |
| 91 | int direction; |
| 92 | s32 seqnum; |
| 93 | unsigned char *ptr = (unsigned char *)read_token->data; |
| 94 | int bodysize; |
| 95 | u32 ret = GSS_S_DEFECTIVE_TOKEN; |
| 96 | |
| 97 | dprintk("RPC: krb5_read_token\n"); |
| 98 | |
| 99 | if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr, |
| 100 | read_token->len)) |
| 101 | goto out; |
| 102 | |
| 103 | if ((*ptr++ != ((toktype>>8)&0xff)) || (*ptr++ != (toktype&0xff))) |
| 104 | goto out; |
| 105 | |
| 106 | /* XXX sanity-check bodysize?? */ |
| 107 | |
| 108 | if (toktype == KG_TOK_WRAP_MSG) { |
| 109 | /* XXX gone */ |
| 110 | goto out; |
| 111 | } |
| 112 | |
| 113 | /* get the sign and seal algorithms */ |
| 114 | |
| 115 | signalg = ptr[0] + (ptr[1] << 8); |
| 116 | sealalg = ptr[2] + (ptr[3] << 8); |
| 117 | |
| 118 | /* Sanity checks */ |
| 119 | |
| 120 | if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) |
| 121 | goto out; |
| 122 | |
| 123 | if (((toktype != KG_TOK_WRAP_MSG) && (sealalg != 0xffff)) || |
| 124 | ((toktype == KG_TOK_WRAP_MSG) && (sealalg == 0xffff))) |
| 125 | goto out; |
| 126 | |
| 127 | /* in the current spec, there is only one valid seal algorithm per |
| 128 | key type, so a simple comparison is ok */ |
| 129 | |
| 130 | if ((toktype == KG_TOK_WRAP_MSG) && !(sealalg == ctx->sealalg)) |
| 131 | goto out; |
| 132 | |
| 133 | /* there are several mappings of seal algorithms to sign algorithms, |
| 134 | but few enough that we can try them all. */ |
| 135 | |
| 136 | if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || |
| 137 | (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) || |
| 138 | (ctx->sealalg == SEAL_ALG_DES3KD && |
| 139 | signalg != SGN_ALG_HMAC_SHA1_DES3_KD)) |
| 140 | goto out; |
| 141 | |
| 142 | /* compute the checksum of the message */ |
| 143 | |
| 144 | /* initialize the the cksum */ |
| 145 | switch (signalg) { |
| 146 | case SGN_ALG_DES_MAC_MD5: |
| 147 | checksum_type = CKSUMTYPE_RSA_MD5; |
| 148 | break; |
| 149 | default: |
| 150 | ret = GSS_S_DEFECTIVE_TOKEN; |
| 151 | goto out; |
| 152 | } |
| 153 | |
| 154 | switch (signalg) { |
| 155 | case SGN_ALG_DES_MAC_MD5: |
| 156 | ret = make_checksum(checksum_type, ptr - 2, 8, |
| 157 | message_buffer, &md5cksum); |
| 158 | if (ret) |
| 159 | goto out; |
| 160 | |
| 161 | ret = krb5_encrypt(ctx->seq, NULL, md5cksum.data, |
| 162 | md5cksum.data, 16); |
| 163 | if (ret) |
| 164 | goto out; |
| 165 | |
| 166 | if (memcmp(md5cksum.data + 8, ptr + 14, 8)) { |
| 167 | ret = GSS_S_BAD_SIG; |
| 168 | goto out; |
| 169 | } |
| 170 | break; |
| 171 | default: |
| 172 | ret = GSS_S_DEFECTIVE_TOKEN; |
| 173 | goto out; |
| 174 | } |
| 175 | |
| 176 | /* it got through unscathed. Make sure the context is unexpired */ |
| 177 | |
| 178 | if (qop_state) |
| 179 | *qop_state = GSS_C_QOP_DEFAULT; |
| 180 | |
| 181 | now = get_seconds(); |
| 182 | |
| 183 | ret = GSS_S_CONTEXT_EXPIRED; |
| 184 | if (now > ctx->endtime) |
| 185 | goto out; |
| 186 | |
| 187 | /* do sequencing checks */ |
| 188 | |
| 189 | ret = GSS_S_BAD_SIG; |
| 190 | if ((ret = krb5_get_seq_num(ctx->seq, ptr + 14, ptr + 6, &direction, |
| 191 | &seqnum))) |
| 192 | goto out; |
| 193 | |
| 194 | if ((ctx->initiate && direction != 0xff) || |
| 195 | (!ctx->initiate && direction != 0)) |
| 196 | goto out; |
| 197 | |
| 198 | ret = GSS_S_COMPLETE; |
| 199 | out: |
| 200 | if (md5cksum.data) kfree(md5cksum.data); |
| 201 | return ret; |
| 202 | } |