/* parses a KRB_SAFE message from inbuf, placing the integrity-protected user data in *outbuf. key specifies the key to be used for decryption of the message. outbuf points to allocated storage which the caller should free when finished. returns system errors, integrity errors */ static krb5_error_code rd_safe_basic(krb5_context context, krb5_auth_context ac, const krb5_data *inbuf, krb5_key key, krb5_replay_data *replaydata, krb5_data *outbuf) { krb5_error_code retval; krb5_safe * message; krb5_data safe_body; krb5_checksum our_cksum, *his_cksum; krb5_octet zero_octet = 0; krb5_data *scratch; krb5_boolean valid; struct krb5_safe_with_body swb; if (!krb5_is_krb_safe(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body))) return retval; if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) { retval = KRB5_PROG_SUMTYPE_NOSUPP; goto cleanup; } if (!krb5_c_is_coll_proof_cksum(message->checksum->checksum_type) || !krb5_c_is_keyed_cksum(message->checksum->checksum_type)) { retval = KRB5KRB_AP_ERR_INAPP_CKSUM; goto cleanup; } retval = k5_privsafe_check_addrs(context, ac, message->s_address, message->r_address); if (retval) goto cleanup; /* verify the checksum */ /* * In order to recreate what was checksummed, we regenerate the message * without checksum and then have the cryptographic subsystem verify * the checksum for us. This is because some checksum methods have * a confounder encrypted as part of the checksum. */ his_cksum = message->checksum; our_cksum.length = 0; our_cksum.checksum_type = 0; our_cksum.contents = &zero_octet; message->checksum = &our_cksum; swb.body = &safe_body; swb.safe = message; retval = encode_krb5_safe_with_body(&swb, &scratch); message->checksum = his_cksum; if (retval) goto cleanup; retval = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_KRB_SAFE_CKSUM, scratch, his_cksum, &valid); (void) memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); if (!valid) { /* * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in * case someone actually implements it correctly. */ retval = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_KRB_SAFE_CKSUM, &safe_body, his_cksum, &valid); if (!valid) { retval = KRB5KRB_AP_ERR_MODIFIED; goto cleanup; } } replaydata->timestamp = message->timestamp; replaydata->usec = message->usec; replaydata->seq = message->seq_number; *outbuf = message->user_data; message->user_data.data = NULL; retval = 0; cleanup: krb5_free_safe(context, message); return retval; }
static krb5_error_code rd_priv_basic(krb5_context context, krb5_auth_context ac, const krb5_data *inbuf, const krb5_key key, krb5_replay_data *replaydata, krb5_data *outbuf) { krb5_error_code retval; krb5_priv * privmsg; krb5_data scratch; krb5_priv_enc_part * privmsg_enc_part; krb5_data *iv = NULL; if (!krb5_is_krb_priv(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; /* decode private message */ if ((retval = decode_krb5_priv(inbuf, &privmsg))) return retval; if (ac->cstate.length > 0) iv = &ac->cstate; scratch.length = privmsg->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { retval = ENOMEM; goto cleanup_privmsg; } if ((retval = krb5_k_decrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART, iv, &privmsg->enc_part, &scratch))) goto cleanup_scratch; /* now decode the decrypted stuff */ if ((retval = decode_krb5_enc_priv_part(&scratch, &privmsg_enc_part))) goto cleanup_scratch; retval = k5_privsafe_check_addrs(context, ac, privmsg_enc_part->s_address, privmsg_enc_part->r_address); if (retval) goto cleanup_data; replaydata->timestamp = privmsg_enc_part->timestamp; replaydata->usec = privmsg_enc_part->usec; replaydata->seq = privmsg_enc_part->seq_number; /* everything is ok - return data to the user */ *outbuf = privmsg_enc_part->user_data; retval = 0; cleanup_data:; if (retval == 0) privmsg_enc_part->user_data.data = 0; krb5_free_priv_enc_part(context, privmsg_enc_part); cleanup_scratch:; memset(scratch.data, 0, scratch.length); free(scratch.data); cleanup_privmsg:; free(privmsg->enc_part.ciphertext.data); free(privmsg); return retval; }