1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/krb/rd_safe.c - krb5_rd_safe() */
4 * Copyright 1990,1991,2007,2008,2019 by the Massachusetts Institute of
5 * Technology. All Rights Reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30 * OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "int-proto.h"
38 * Unmarshal a KRB-SAFE message from der_krbsafe, placing the
39 * integrity-protected user data in *userdata_out, replay data in *rdata_out,
40 * and checksum in *cksum_out. The caller should free *userdata_out and
41 * *cksum_out when finished.
43 static krb5_error_code
44 read_krbsafe(krb5_context context, krb5_auth_context ac,
45 const krb5_data *der_krbsafe, krb5_key key,
46 krb5_replay_data *rdata_out, krb5_data *userdata_out,
47 krb5_checksum **cksum_out)
51 krb5_data *safe_body = NULL, *der_zerosafe = NULL;
52 krb5_checksum zero_cksum, *safe_cksum = NULL;
53 krb5_octet zero_octet = 0;
55 struct krb5_safe_with_body swb;
57 *userdata_out = empty_data();
59 if (!krb5_is_krb_safe(der_krbsafe))
60 return KRB5KRB_AP_ERR_MSG_TYPE;
62 ret = decode_krb5_safe_with_body(der_krbsafe, &krbsafe, &safe_body);
66 if (!krb5_c_valid_cksumtype(krbsafe->checksum->checksum_type)) {
67 ret = KRB5_PROG_SUMTYPE_NOSUPP;
70 if (!krb5_c_is_coll_proof_cksum(krbsafe->checksum->checksum_type) ||
71 !krb5_c_is_keyed_cksum(krbsafe->checksum->checksum_type)) {
72 ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
76 ret = k5_privsafe_check_addrs(context, ac, krbsafe->s_address,
81 /* Regenerate the KRB-SAFE message without the checksum. Save the message
82 * checksum to verify. */
83 safe_cksum = krbsafe->checksum;
84 zero_cksum.length = 0;
85 zero_cksum.checksum_type = 0;
86 zero_cksum.contents = &zero_octet;
87 krbsafe->checksum = &zero_cksum;
90 ret = encode_krb5_safe_with_body(&swb, &der_zerosafe);
91 krbsafe->checksum = NULL;
95 /* Verify the checksum over the re-encoded message. */
96 ret = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
97 der_zerosafe, safe_cksum, &valid);
99 /* Checksum over only the KRB-SAFE-BODY as specified in RFC 1510. */
100 ret = krb5_k_verify_checksum(context, key,
101 KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
102 safe_body, safe_cksum, &valid);
104 ret = KRB5KRB_AP_ERR_MODIFIED;
109 rdata_out->timestamp = krbsafe->timestamp;
110 rdata_out->usec = krbsafe->usec;
111 rdata_out->seq = krbsafe->seq_number;
113 *userdata_out = krbsafe->user_data;
114 krbsafe->user_data.data = NULL;
116 *cksum_out = safe_cksum;
120 zapfreedata(der_zerosafe);
121 krb5_free_data(context, safe_body);
122 krb5_free_safe(context, krbsafe);
123 krb5_free_checksum(context, safe_cksum);
127 krb5_error_code KRB5_CALLCONV
128 krb5_rd_safe(krb5_context context, krb5_auth_context authcon,
129 const krb5_data *inbuf, krb5_data *userdata_out,
130 krb5_replay_data *rdata_out)
134 krb5_replay_data rdata;
135 krb5_data userdata = empty_data();
136 krb5_checksum *cksum;
137 const krb5_int32 flags = authcon->auth_context_flags;
139 *userdata_out = empty_data();
141 if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
142 (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && rdata_out == NULL)
143 return KRB5_RC_REQUIRED;
145 key = (authcon->recv_subkey != NULL) ? authcon->recv_subkey : authcon->key;
146 memset(&rdata, 0, sizeof(rdata));
147 ret = read_krbsafe(context, authcon, inbuf, key, &rdata, &userdata,
152 ret = k5_privsafe_check_replay(context, authcon, &rdata, NULL, cksum);
156 if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
157 if (!k5_privsafe_check_seqnum(context, authcon, rdata.seq)) {
158 ret = KRB5KRB_AP_ERR_BADORDER;
161 authcon->remote_seq_number++;
164 if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
165 (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
166 rdata_out->timestamp = rdata.timestamp;
167 rdata_out->usec = rdata.usec;
168 rdata_out->seq = rdata.seq;
171 *userdata_out = userdata;
172 userdata = empty_data();
175 krb5_free_data_contents(context, &userdata);
176 krb5_free_checksum(context, cksum);