Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 :
36 : /*
37 : * return the length of the mechanism in token or -1
38 : * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
39 : */
40 :
41 : ssize_t
42 115442 : _gsskrb5_get_mech (const u_char *ptr,
43 : size_t total_len,
44 : const u_char **mech_ret)
45 : {
46 : size_t len, len_len, mech_len, foo;
47 115442 : const u_char *p = ptr;
48 : int e;
49 :
50 115442 : if (total_len < 1)
51 0 : return -1;
52 115442 : if (*p++ != 0x60)
53 28025 : return -1;
54 87321 : e = der_get_length (p, total_len - 1, &len, &len_len);
55 87321 : if (e || 1 + len_len + len != total_len)
56 0 : return -1;
57 87321 : p += len_len;
58 87321 : if (*p++ != 0x06)
59 0 : return -1;
60 87321 : e = der_get_length (p, total_len - 1 - len_len - 1,
61 : &mech_len, &foo);
62 87321 : if (e)
63 0 : return -1;
64 87321 : p += foo;
65 87321 : *mech_ret = p;
66 87321 : return mech_len;
67 : }
68 :
69 : OM_uint32
70 115442 : _gssapi_verify_mech_header(u_char **str,
71 : size_t total_len,
72 : gss_OID mech)
73 : {
74 : const u_char *p;
75 : ssize_t mech_len;
76 :
77 115442 : mech_len = _gsskrb5_get_mech (*str, total_len, &p);
78 115442 : if (mech_len < 0)
79 28025 : return GSS_S_DEFECTIVE_TOKEN;
80 :
81 87321 : if (mech_len != mech->length)
82 0 : return GSS_S_BAD_MECH;
83 174642 : if (ct_memcmp(p,
84 87321 : mech->elements,
85 86037 : mech->length) != 0)
86 0 : return GSS_S_BAD_MECH;
87 87321 : p += mech_len;
88 87321 : *str = rk_UNCONST(p);
89 87321 : return GSS_S_COMPLETE;
90 : }
91 :
92 : OM_uint32
93 68772 : _gsskrb5_verify_header(u_char **str,
94 : size_t total_len,
95 : const void *type,
96 : gss_OID oid)
97 : {
98 : OM_uint32 ret;
99 : size_t len;
100 68772 : u_char *p = *str;
101 :
102 68772 : ret = _gssapi_verify_mech_header(str, total_len, oid);
103 68772 : if (ret)
104 28025 : return ret;
105 :
106 40651 : len = total_len - (*str - p);
107 :
108 40651 : if (len < 2)
109 0 : return GSS_S_DEFECTIVE_TOKEN;
110 :
111 40651 : if (ct_memcmp (*str, type, 2) != 0)
112 0 : return GSS_S_DEFECTIVE_TOKEN;
113 40651 : *str += 2;
114 :
115 40651 : return 0;
116 : }
117 :
118 : /*
119 : * Remove the GSS-API wrapping from `in_token' giving `out_data.
120 : * Does not copy data, so just free `in_token'.
121 : */
122 :
123 : OM_uint32
124 0 : _gssapi_decapsulate(
125 : OM_uint32 *minor_status,
126 : gss_buffer_t input_token_buffer,
127 : krb5_data *out_data,
128 : const gss_OID mech
129 : )
130 : {
131 : u_char *p;
132 : OM_uint32 ret;
133 :
134 0 : p = input_token_buffer->value;
135 0 : ret = _gssapi_verify_mech_header(&p,
136 : input_token_buffer->length,
137 : mech);
138 0 : if (ret) {
139 0 : *minor_status = 0;
140 0 : return ret;
141 : }
142 :
143 0 : out_data->length = input_token_buffer->length -
144 0 : (p - (u_char *)input_token_buffer->value);
145 0 : out_data->data = p;
146 0 : return GSS_S_COMPLETE;
147 : }
148 :
149 : /*
150 : * Remove the GSS-API wrapping from `in_token' giving `out_data.
151 : * Does not copy data, so just free `in_token'.
152 : */
153 :
154 : OM_uint32
155 61628 : _gsskrb5_decapsulate(OM_uint32 *minor_status,
156 : gss_buffer_t input_token_buffer,
157 : krb5_data *out_data,
158 : const void *type,
159 : gss_OID oid)
160 : {
161 : u_char *p;
162 : OM_uint32 ret;
163 :
164 61628 : p = input_token_buffer->value;
165 61628 : ret = _gsskrb5_verify_header(&p,
166 : input_token_buffer->length,
167 : type,
168 : oid);
169 61628 : if (ret) {
170 28121 : *minor_status = 0;
171 28121 : return ret;
172 : }
173 :
174 67014 : out_data->length = input_token_buffer->length -
175 33507 : (p - (u_char *)input_token_buffer->value);
176 33507 : out_data->data = p;
177 33507 : return GSS_S_COMPLETE;
178 : }
179 :
180 : /*
181 : * Verify padding of a gss wrapped message and return its length.
182 : */
183 :
184 : OM_uint32
185 37715 : _gssapi_verify_pad(gss_buffer_t wrapped_token,
186 : size_t datalen,
187 : size_t *padlen)
188 : {
189 : u_char *pad;
190 : size_t padlength;
191 : int i;
192 :
193 37715 : if (wrapped_token->length < 1)
194 0 : return GSS_S_BAD_MECH;
195 :
196 37715 : pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
197 37715 : padlength = *pad;
198 :
199 37715 : if (padlength > datalen)
200 0 : return GSS_S_BAD_MECH;
201 :
202 37715 : for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
203 : ;
204 37715 : if (i != 0)
205 0 : return GSS_S_BAD_MIC;
206 :
207 37715 : *padlen = padlength;
208 :
209 37715 : return 0;
210 : }
|