1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /*
3 * Copyright 2000 by the Massachusetts Institute of Technology.
4 * All Rights Reserved.
5 *
6 * Export of this software from the United States of America may
7 * require a specific license from the United States Government.
8 * It is the responsibility of any person or organization contemplating
9 * export to obtain such a license before exporting.
10 *
11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 * distribute this software and its documentation for any purpose and
13 * without fee is hereby granted, provided that the above copyright
14 * notice appear in all copies and that both that copyright notice and
15 * this permission notice appear in supporting documentation, and that
16 * the name of M.I.T. not be used in advertising or publicity pertaining
17 * to distribution of the software without specific, written prior
18 * permission. Furthermore if you modify this software you must label
19 * your software as modified software and not distribute it in such a
20 * fashion that it might be confused with the original M.I.T. software.
21 * M.I.T. makes no representations about the suitability of
22 * this software for any purpose. It is provided "as is" without express
23 * or implied warranty.
24 */
25 /*
26 * Copyright 1993 by OpenVision Technologies, Inc.
27 *
28 * Permission to use, copy, modify, distribute, and sell this software
29 * and its documentation for any purpose is hereby granted without fee,
30 * provided that the above copyright notice appears in all copies and
31 * that both that copyright notice and this permission notice appear in
32 * supporting documentation, and that the name of OpenVision not be used
33 * in advertising or publicity pertaining to distribution of the software
34 * without specific, written prior permission. OpenVision makes no
35 * representations about the suitability of this software for any
36 * purpose. It is provided "as is" without express or implied warranty.
37 *
38 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
39 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
40 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
41 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
42 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
43 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
44 * PERFORMANCE OF THIS SOFTWARE.
45 */
46
47 /*
48 * Copyright (C) 1998 by the FundsXpress, INC.
49 *
50 * All rights reserved.
51 *
52 * Export of this software from the United States of America may require
53 * a specific license from the United States Government. It is the
54 * responsibility of any person or organization contemplating export to
55 * obtain such a license before exporting.
56 *
57 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
58 * distribute this software and its documentation for any purpose and
59 * without fee is hereby granted, provided that the above copyright
60 * notice appear in all copies and that both that copyright notice and
61 * this permission notice appear in supporting documentation, and that
62 * the name of FundsXpress. not be used in advertising or publicity pertaining
63 * to distribution of the software without specific, written prior
64 * permission. FundsXpress makes no representations about the suitability of
65 * this software for any purpose. It is provided "as is" without express
66 * or implied warranty.
67 *
68 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
69 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
70 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
71 */
72
73 #include "gssapiP_krb5.h"
74
75 /* V2 interface */
76 OM_uint32 KRB5_CALLCONV
krb5_gss_wrap_size_limit(minor_status,context_handle,conf_req_flag,qop_req,req_output_size,max_input_size)77 krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
78 qop_req, req_output_size, max_input_size)
79 OM_uint32 *minor_status;
80 gss_ctx_id_t context_handle;
81 int conf_req_flag;
82 gss_qop_t qop_req;
83 OM_uint32 req_output_size;
84 OM_uint32 *max_input_size;
85 {
86 krb5_gss_ctx_id_rec *ctx;
87 OM_uint32 data_size, conflen;
88 OM_uint32 ohlen;
89 int overhead;
90
91 /* only default qop is allowed */
92 if (qop_req != GSS_C_QOP_DEFAULT) {
93 *minor_status = (OM_uint32) G_UNKNOWN_QOP;
94 return GSS_S_BAD_QOP;
95 }
96
97 ctx = (krb5_gss_ctx_id_rec *) context_handle;
98 if (ctx->terminated || !ctx->established) {
99 *minor_status = KG_CTX_INCOMPLETE;
100 return(GSS_S_NO_CONTEXT);
101 }
102
103 if (ctx->proto == 1) {
104 /* No pseudo-ASN.1 wrapper overhead, so no sequence length and
105 OID. */
106 OM_uint32 sz = req_output_size;
107
108 /* Token header: 16 octets. */
109 if (conf_req_flag) {
110 krb5_key key;
111 krb5_enctype enctype;
112
113 key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey
114 : ctx->subkey;
115 enctype = key->keyblock.enctype;
116
117 while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
118 sz--;
119 /* Allow for encrypted copy of header. */
120 if (sz > 16)
121 sz -= 16;
122 else
123 sz = 0;
124 #ifdef CFX_EXERCISE
125 /* Allow for EC padding. In the MIT implementation, only
126 added while testing. */
127 if (sz > 65535)
128 sz -= 65535;
129 else
130 sz = 0;
131 #endif
132 } else {
133 krb5_cksumtype cksumtype;
134 krb5_error_code err;
135 size_t cksumsize;
136
137 cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
138 : ctx->cksumtype;
139
140 err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
141 if (err) {
142 *minor_status = err;
143 return GSS_S_FAILURE;
144 }
145
146 /* Allow for token header and checksum. */
147 if (sz < 16 + cksumsize)
148 sz = 0;
149 else
150 sz -= (16 + cksumsize);
151 }
152
153 *max_input_size = sz;
154 *minor_status = 0;
155 return GSS_S_COMPLETE;
156 }
157
158 /* Calculate the token size and subtract that from the output size */
159 overhead = 7 + ctx->mech_used->length;
160 data_size = req_output_size;
161 conflen = kg_confounder_size(ctx->k5_context, ctx->enc->keyblock.enctype);
162 data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
163 ohlen = g_token_size(ctx->mech_used,
164 (unsigned int) (data_size + ctx->cksum_size + 14))
165 - req_output_size;
166
167 if (ohlen+overhead < req_output_size)
168 /*
169 * Cannot have trailer length that will cause us to pad over our
170 * length.
171 */
172 *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7);
173 else
174 *max_input_size = 0;
175
176 *minor_status = 0;
177 return(GSS_S_COMPLETE);
178 }
179