17c478bd9Sstevel@tonic-gate /*
25e01956fSGlenn Barry  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
37c478bd9Sstevel@tonic-gate  */
47c478bd9Sstevel@tonic-gate /*
5159d09a2SMark Phalan  * Copyright 2001 by the Massachusetts Institute of Technology.
67c478bd9Sstevel@tonic-gate  * Copyright 1993 by OpenVision Technologies, Inc.
7159d09a2SMark Phalan  *
87c478bd9Sstevel@tonic-gate  * Permission to use, copy, modify, distribute, and sell this software
97c478bd9Sstevel@tonic-gate  * and its documentation for any purpose is hereby granted without fee,
107c478bd9Sstevel@tonic-gate  * provided that the above copyright notice appears in all copies and
117c478bd9Sstevel@tonic-gate  * that both that copyright notice and this permission notice appear in
127c478bd9Sstevel@tonic-gate  * supporting documentation, and that the name of OpenVision not be used
137c478bd9Sstevel@tonic-gate  * in advertising or publicity pertaining to distribution of the software
147c478bd9Sstevel@tonic-gate  * without specific, written prior permission. OpenVision makes no
157c478bd9Sstevel@tonic-gate  * representations about the suitability of this software for any
167c478bd9Sstevel@tonic-gate  * purpose.  It is provided "as is" without express or implied warranty.
17159d09a2SMark Phalan  *
187c478bd9Sstevel@tonic-gate  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
197c478bd9Sstevel@tonic-gate  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
207c478bd9Sstevel@tonic-gate  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
217c478bd9Sstevel@tonic-gate  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
227c478bd9Sstevel@tonic-gate  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
237c478bd9Sstevel@tonic-gate  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
247c478bd9Sstevel@tonic-gate  * PERFORMANCE OF THIS SOFTWARE.
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
277c478bd9Sstevel@tonic-gate /*
287c478bd9Sstevel@tonic-gate  * Copyright (C) 1998 by the FundsXpress, INC.
297c478bd9Sstevel@tonic-gate  *
307c478bd9Sstevel@tonic-gate  * All rights reserved.
317c478bd9Sstevel@tonic-gate  *
327c478bd9Sstevel@tonic-gate  * Export of this software from the United States of America may require
337c478bd9Sstevel@tonic-gate  * a specific license from the United States Government.  It is the
347c478bd9Sstevel@tonic-gate  * responsibility of any person or organization contemplating export to
357c478bd9Sstevel@tonic-gate  * obtain such a license before exporting.
367c478bd9Sstevel@tonic-gate  *
377c478bd9Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
387c478bd9Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
397c478bd9Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
407c478bd9Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
417c478bd9Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
427c478bd9Sstevel@tonic-gate  * the name of FundsXpress. not be used in advertising or publicity pertaining
437c478bd9Sstevel@tonic-gate  * to distribution of the software without specific, written prior
447c478bd9Sstevel@tonic-gate  * permission.  FundsXpress makes no representations about the suitability of
457c478bd9Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
467c478bd9Sstevel@tonic-gate  * or implied warranty.
477c478bd9Sstevel@tonic-gate  *
487c478bd9Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
497c478bd9Sstevel@tonic-gate  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
507c478bd9Sstevel@tonic-gate  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
517c478bd9Sstevel@tonic-gate  */
527c478bd9Sstevel@tonic-gate 
53159d09a2SMark Phalan #include "gssapiP_krb5.h"
54159d09a2SMark Phalan #include "k5-int.h"
557c478bd9Sstevel@tonic-gate 
567c478bd9Sstevel@tonic-gate /* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
57159d09a2SMark Phalan    conf_state is only valid if SEAL. */
587c478bd9Sstevel@tonic-gate 
59159d09a2SMark Phalan static OM_uint32
607c478bd9Sstevel@tonic-gate kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
617c478bd9Sstevel@tonic-gate 	     conf_state, qop_state, toktype)
627c478bd9Sstevel@tonic-gate     krb5_context context;
637c478bd9Sstevel@tonic-gate     OM_uint32 *minor_status;
647c478bd9Sstevel@tonic-gate     krb5_gss_ctx_id_rec *ctx;
657c478bd9Sstevel@tonic-gate     unsigned char *ptr;
667c478bd9Sstevel@tonic-gate     int bodysize;
677c478bd9Sstevel@tonic-gate     gss_buffer_t message_buffer;
687c478bd9Sstevel@tonic-gate     int *conf_state;
697c478bd9Sstevel@tonic-gate     int *qop_state;
707c478bd9Sstevel@tonic-gate     int toktype;
717c478bd9Sstevel@tonic-gate {
727c478bd9Sstevel@tonic-gate     krb5_error_code code;
737c478bd9Sstevel@tonic-gate     int conflen = 0;
747c478bd9Sstevel@tonic-gate     int signalg;
757c478bd9Sstevel@tonic-gate     int sealalg;
767c478bd9Sstevel@tonic-gate     gss_buffer_desc token;
777c478bd9Sstevel@tonic-gate     krb5_checksum cksum;
787c478bd9Sstevel@tonic-gate     krb5_checksum md5cksum;
797c478bd9Sstevel@tonic-gate     krb5_data plaind;
807c478bd9Sstevel@tonic-gate     char *data_ptr;
817c478bd9Sstevel@tonic-gate     krb5_timestamp now;
827c478bd9Sstevel@tonic-gate     unsigned char *plain;
83159d09a2SMark Phalan     unsigned int cksum_len = 0;
84159d09a2SMark Phalan     size_t plainlen;
857c478bd9Sstevel@tonic-gate     int direction;
867c478bd9Sstevel@tonic-gate     krb5_ui_4 seqnum;
877c478bd9Sstevel@tonic-gate     OM_uint32 retval;
88ae5b046dSsemery     size_t sumlen, blocksize;
897c478bd9Sstevel@tonic-gate     int tmsglen;
907c478bd9Sstevel@tonic-gate     krb5_keyusage sign_usage = KG_USAGE_SIGN;
917c478bd9Sstevel@tonic-gate 
927c478bd9Sstevel@tonic-gate     KRB5_LOG0(KRB5_INFO, "kg_unseal_v1() start\n");
937c478bd9Sstevel@tonic-gate 
947c478bd9Sstevel@tonic-gate     /* Solaris Kerberos:  make sure this is initialized */
957c478bd9Sstevel@tonic-gate     *minor_status = 0;
967c478bd9Sstevel@tonic-gate 
977c478bd9Sstevel@tonic-gate     if (toktype == KG_TOK_SEAL_MSG) {
987c478bd9Sstevel@tonic-gate 	message_buffer->length = 0;
997c478bd9Sstevel@tonic-gate 	message_buffer->value = NULL;
1007c478bd9Sstevel@tonic-gate     }
1017c478bd9Sstevel@tonic-gate 
1027c478bd9Sstevel@tonic-gate     /* get the sign and seal algorithms */
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate     signalg = ptr[0] + (ptr[1]<<8);
1057c478bd9Sstevel@tonic-gate     sealalg = ptr[2] + (ptr[3]<<8);
1067c478bd9Sstevel@tonic-gate 
1077c478bd9Sstevel@tonic-gate     /* Sanity checks */
1087c478bd9Sstevel@tonic-gate 
1097c478bd9Sstevel@tonic-gate     if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) {
1107c478bd9Sstevel@tonic-gate 	*minor_status = 0;
1117c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error GSS_S_DEFECTIVE_TOKEN\n");
1127c478bd9Sstevel@tonic-gate 	return GSS_S_DEFECTIVE_TOKEN;
1137c478bd9Sstevel@tonic-gate     }
1147c478bd9Sstevel@tonic-gate 
1157c478bd9Sstevel@tonic-gate     if ((toktype != KG_TOK_SEAL_MSG) &&
1167c478bd9Sstevel@tonic-gate 	(sealalg != 0xffff)) {
1177c478bd9Sstevel@tonic-gate 	*minor_status = 0;
1187c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error2 GSS_S_DEFECTIVE_TOKEN\n");
1197c478bd9Sstevel@tonic-gate 	return GSS_S_DEFECTIVE_TOKEN;
1207c478bd9Sstevel@tonic-gate     }
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate     /* in the current spec, there is only one valid seal algorithm per
1237c478bd9Sstevel@tonic-gate        key type, so a simple comparison is ok */
1247c478bd9Sstevel@tonic-gate 
1257c478bd9Sstevel@tonic-gate     if ((toktype == KG_TOK_SEAL_MSG) &&
1267c478bd9Sstevel@tonic-gate 	!((sealalg == 0xffff) ||
1277c478bd9Sstevel@tonic-gate 	  (sealalg == ctx->sealalg))) {
1287c478bd9Sstevel@tonic-gate 	*minor_status = 0;
1297c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error3 GSS_S_DEFECTIVE_TOKEN\n");
1307c478bd9Sstevel@tonic-gate 	return GSS_S_DEFECTIVE_TOKEN;
1317c478bd9Sstevel@tonic-gate     }
1327c478bd9Sstevel@tonic-gate 
1337c478bd9Sstevel@tonic-gate     /* there are several mappings of seal algorithms to sign algorithms,
1347c478bd9Sstevel@tonic-gate        but few enough that we can try them all. */
1357c478bd9Sstevel@tonic-gate 
1367c478bd9Sstevel@tonic-gate     if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
137159d09a2SMark Phalan 	(ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
1387c478bd9Sstevel@tonic-gate 	(ctx->sealalg == SEAL_ALG_DES3KD &&
139159d09a2SMark Phalan 	 signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
1407c478bd9Sstevel@tonic-gate 	(ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
141159d09a2SMark Phalan 	signalg != SGN_ALG_HMAC_MD5)) {
1427c478bd9Sstevel@tonic-gate 	*minor_status = 0;
1437c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error4 GSS_S_DEFECTIVE_TOKEN\n");
1447c478bd9Sstevel@tonic-gate 	return GSS_S_DEFECTIVE_TOKEN;
1457c478bd9Sstevel@tonic-gate     }
1467c478bd9Sstevel@tonic-gate 
1477c478bd9Sstevel@tonic-gate     KRB5_LOG(KRB5_INFO, "kg_unseal_v1() signalg = %d\n", signalg);
1487c478bd9Sstevel@tonic-gate 
1497c478bd9Sstevel@tonic-gate     switch (signalg) {
1507c478bd9Sstevel@tonic-gate     case SGN_ALG_DES_MAC_MD5:
1517c478bd9Sstevel@tonic-gate     case SGN_ALG_MD2_5:
1527c478bd9Sstevel@tonic-gate     case SGN_ALG_HMAC_MD5:
1537c478bd9Sstevel@tonic-gate 	cksum_len = 8;
1547c478bd9Sstevel@tonic-gate 	if (toktype != KG_TOK_SEAL_MSG)
1557c478bd9Sstevel@tonic-gate 	  sign_usage = 15;
156159d09a2SMark Phalan 	    break;
1577c478bd9Sstevel@tonic-gate     case SGN_ALG_3:
1587c478bd9Sstevel@tonic-gate 	cksum_len = 16;
1597c478bd9Sstevel@tonic-gate 	break;
1607c478bd9Sstevel@tonic-gate     case SGN_ALG_HMAC_SHA1_DES3_KD:
1617c478bd9Sstevel@tonic-gate 	cksum_len = 20;
1627c478bd9Sstevel@tonic-gate 	break;
1637c478bd9Sstevel@tonic-gate     default:
1647c478bd9Sstevel@tonic-gate 	*minor_status = 0;
1657c478bd9Sstevel@tonic-gate 	KRB5_LOG(KRB5_ERR, "kg_unseal_v1() end, error signalg=%d\n", signalg);
1667c478bd9Sstevel@tonic-gate 	return GSS_S_DEFECTIVE_TOKEN;
1677c478bd9Sstevel@tonic-gate     }
1687c478bd9Sstevel@tonic-gate 
1697c478bd9Sstevel@tonic-gate #ifdef _KERNEL
1707c478bd9Sstevel@tonic-gate 	/*
1717c478bd9Sstevel@tonic-gate 	 * Because the ARCFOUR code bypasses the standard
1727c478bd9Sstevel@tonic-gate 	 * crypto interfaces, we must make sure the kernel
1737c478bd9Sstevel@tonic-gate 	 * crypto framework mechanism types are properly
1747c478bd9Sstevel@tonic-gate 	 * initialized here.
1757c478bd9Sstevel@tonic-gate 	 */
1767c478bd9Sstevel@tonic-gate 	context->kef_cipher_mt = get_cipher_mech_type(context,
1777c478bd9Sstevel@tonic-gate 					ctx->seq);
1787c478bd9Sstevel@tonic-gate 	context->kef_hash_mt = get_hash_mech_type(context,
1797c478bd9Sstevel@tonic-gate 					ctx->seq);
1807c478bd9Sstevel@tonic-gate 	if ((code = init_key_kef(context->kef_cipher_mt,
1817c478bd9Sstevel@tonic-gate 				ctx->seq))) {
1827c478bd9Sstevel@tonic-gate 		*minor_status = code;
1837c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
1847c478bd9Sstevel@tonic-gate 	}
1857c478bd9Sstevel@tonic-gate 	if ((code = init_key_kef(context->kef_cipher_mt,
1867c478bd9Sstevel@tonic-gate 			ctx->enc))) {
1877c478bd9Sstevel@tonic-gate 		*minor_status = code;
1887c478bd9Sstevel@tonic-gate 		return (GSS_S_FAILURE);
1897c478bd9Sstevel@tonic-gate 	}
1907c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
1917c478bd9Sstevel@tonic-gate 
1927c478bd9Sstevel@tonic-gate     /* get the token parameters */
193159d09a2SMark Phalan 
1947c478bd9Sstevel@tonic-gate     if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
195159d09a2SMark Phalan 			       &seqnum))) {
1967c478bd9Sstevel@tonic-gate 	*minor_status = code;
1977c478bd9Sstevel@tonic-gate 	return(GSS_S_BAD_SIG);
1987c478bd9Sstevel@tonic-gate     }
1997c478bd9Sstevel@tonic-gate 
2007c478bd9Sstevel@tonic-gate     /* decode the message, if SEAL */
2017c478bd9Sstevel@tonic-gate 
2027c478bd9Sstevel@tonic-gate     if (toktype == KG_TOK_SEAL_MSG) {
2037c478bd9Sstevel@tonic-gate 	tmsglen = bodysize-(14+cksum_len);
2047c478bd9Sstevel@tonic-gate 	KRB5_LOG1(KRB5_INFO, "kg_unseal_v1() tmsglen = %d cksum_len = %d",
2057c478bd9Sstevel@tonic-gate 		tmsglen, cksum_len);
2067c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_INFO, "kg_unseal_v1() toktype == KG_TOK_SEAL_MSG\n");
2077c478bd9Sstevel@tonic-gate 
2087c478bd9Sstevel@tonic-gate 	if (sealalg != 0xffff) {
2097c478bd9Sstevel@tonic-gate 	    if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
2107c478bd9Sstevel@tonic-gate 		*minor_status = ENOMEM;
2117c478bd9Sstevel@tonic-gate 		KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error ENOMEM\n");
2127c478bd9Sstevel@tonic-gate 		return(GSS_S_FAILURE);
2137c478bd9Sstevel@tonic-gate 	    }
214159d09a2SMark Phalan 	    if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
215159d09a2SMark Phalan 	      unsigned char bigend_seqnum[4];
216159d09a2SMark Phalan 	      krb5_keyblock *enc_key;
217159d09a2SMark Phalan 	      int i;
218159d09a2SMark Phalan 	      bigend_seqnum[0] = (seqnum>>24) & 0xff;
219159d09a2SMark Phalan 	      bigend_seqnum[1] = (seqnum>>16) & 0xff;
220159d09a2SMark Phalan 	      bigend_seqnum[2] = (seqnum>>8) & 0xff;
221159d09a2SMark Phalan 	      bigend_seqnum[3] = seqnum & 0xff;
222159d09a2SMark Phalan 	      code = krb5_copy_keyblock (context, ctx->enc, &enc_key);
223159d09a2SMark Phalan 	      if (code)
2247c478bd9Sstevel@tonic-gate 		{
225159d09a2SMark Phalan 		  xfree_wrap(plain, tmsglen);
2267c478bd9Sstevel@tonic-gate 		  *minor_status = code;
2277c478bd9Sstevel@tonic-gate 		  return(GSS_S_FAILURE);
2287c478bd9Sstevel@tonic-gate 		}
2297c478bd9Sstevel@tonic-gate 
230159d09a2SMark Phalan 	      for (i = 0; i <= 15; i++)
231159d09a2SMark Phalan 		((char *) enc_key->contents)[i] ^=0xf0;
2327c478bd9Sstevel@tonic-gate 
2337c478bd9Sstevel@tonic-gate #ifndef _KERNEL
2347c478bd9Sstevel@tonic-gate 		/*
2357c478bd9Sstevel@tonic-gate 		 * The enc_key contents were modified, delete the
2367c478bd9Sstevel@tonic-gate 		 * key object so it doesn't get used later.
2377c478bd9Sstevel@tonic-gate 		 */
2387c478bd9Sstevel@tonic-gate 		if (enc_key->hKey != CK_INVALID_HANDLE) {
2397c478bd9Sstevel@tonic-gate 			(void)C_DestroyObject(krb_ctx_hSession(context),
2407c478bd9Sstevel@tonic-gate 				enc_key->hKey);
2417c478bd9Sstevel@tonic-gate 			enc_key->hKey = CK_INVALID_HANDLE;
2427c478bd9Sstevel@tonic-gate 		}
2437c478bd9Sstevel@tonic-gate #endif
2447c478bd9Sstevel@tonic-gate 		KRB5_LOG(KRB5_INFO, "kg_unseal_v1() enc_key->enctype = %d",
2457c478bd9Sstevel@tonic-gate 			enc_key->enctype);
2467c478bd9Sstevel@tonic-gate 
2477c478bd9Sstevel@tonic-gate 		code = kg_arcfour_docrypt (context,
2487c478bd9Sstevel@tonic-gate 				enc_key, 0,
2497c478bd9Sstevel@tonic-gate 				&bigend_seqnum[0], 4,
2507c478bd9Sstevel@tonic-gate 				ptr+14+cksum_len, tmsglen,
2517c478bd9Sstevel@tonic-gate 				plain);
2527c478bd9Sstevel@tonic-gate 		krb5_free_keyblock (context, enc_key);
2537c478bd9Sstevel@tonic-gate             } else {
2547c478bd9Sstevel@tonic-gate 		code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
2557c478bd9Sstevel@tonic-gate 			ptr+14+cksum_len, plain, tmsglen);
2567c478bd9Sstevel@tonic-gate 	    }
2577c478bd9Sstevel@tonic-gate             if (code) {
2587c478bd9Sstevel@tonic-gate                 xfree_wrap(plain, tmsglen);
2597c478bd9Sstevel@tonic-gate 		*minor_status = code;
2607c478bd9Sstevel@tonic-gate 		return(GSS_S_FAILURE);
261159d09a2SMark Phalan 	    }
2627c478bd9Sstevel@tonic-gate 	} else {
2637c478bd9Sstevel@tonic-gate 	    plain = ptr+14+cksum_len;
2647c478bd9Sstevel@tonic-gate 	}
2657c478bd9Sstevel@tonic-gate 
2667c478bd9Sstevel@tonic-gate 	plainlen = tmsglen;
2677c478bd9Sstevel@tonic-gate 
2687c478bd9Sstevel@tonic-gate 	if ((sealalg == 0xffff) && ctx->big_endian) {
2697c478bd9Sstevel@tonic-gate 	    token.length = tmsglen;
2707c478bd9Sstevel@tonic-gate 	} else {
2717c478bd9Sstevel@tonic-gate 	    conflen = kg_confounder_size(context, ctx->enc);
272ae5b046dSsemery 	    /*
273ae5b046dSsemery 	     * Solaris Kerberos: we want to perform a sanity check on the
274ae5b046dSsemery 	     * pad length, so we know it can not be more than the blocksize.
275ae5b046dSsemery 	     */
276ae5b046dSsemery 	    code = krb5_c_block_size(context, ctx->enc->enctype, &blocksize);
277ae5b046dSsemery 	    if (code != 0) {
278ae5b046dSsemery 		if (sealalg != 0xffff)
279ae5b046dSsemery 		    xfree_wrap(plain, tmsglen);
280ae5b046dSsemery 		*minor_status = code;
281ae5b046dSsemery 		return(GSS_S_FAILURE);
282ae5b046dSsemery 	    }
283ae5b046dSsemery 	    if (plain[tmsglen-1] > blocksize) {
284ae5b046dSsemery 		if (sealalg != 0xffff)
285ae5b046dSsemery 		    xfree_wrap(plain, tmsglen);
286ae5b046dSsemery 		*minor_status = KG_BAD_LENGTH;
287ae5b046dSsemery 		return(GSS_S_FAILURE);
288ae5b046dSsemery 	    }
2897c478bd9Sstevel@tonic-gate 	    token.length = tmsglen - conflen - plain[tmsglen-1];
2907c478bd9Sstevel@tonic-gate 	}
2917c478bd9Sstevel@tonic-gate 
2927c478bd9Sstevel@tonic-gate 	if (token.length) {
2937c478bd9Sstevel@tonic-gate 	    if ((token.value = (void *) xmalloc(token.length)) == NULL) {
2947c478bd9Sstevel@tonic-gate 		if (sealalg != 0xffff)
2957c478bd9Sstevel@tonic-gate 		    xfree_wrap(plain, tmsglen);
2967c478bd9Sstevel@tonic-gate 		*minor_status = ENOMEM;
2977c478bd9Sstevel@tonic-gate 		KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error2 ENOMEM\n");
2987c478bd9Sstevel@tonic-gate 		return(GSS_S_FAILURE);
2997c478bd9Sstevel@tonic-gate 	    }
3007c478bd9Sstevel@tonic-gate 	    (void) memcpy(token.value, plain+conflen, token.length);
3017c478bd9Sstevel@tonic-gate 	} else {
3027c478bd9Sstevel@tonic-gate 	    token.value = NULL;
3037c478bd9Sstevel@tonic-gate 	}
3047c478bd9Sstevel@tonic-gate     } else if (toktype == KG_TOK_SIGN_MSG) {
3057c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_INFO, "kg_unseal_v1() toktype == KG_TOK_SIGN_MSG\n");
3067c478bd9Sstevel@tonic-gate 	token = *message_buffer;
3077c478bd9Sstevel@tonic-gate 	plain = token.value;
3087c478bd9Sstevel@tonic-gate 	plainlen = token.length;
3097c478bd9Sstevel@tonic-gate     } else {
3107c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_INFO, "kg_unseal_v1() toktype == NULL\n");
3117c478bd9Sstevel@tonic-gate 	token.length = 0;
3127c478bd9Sstevel@tonic-gate 	token.value = NULL;
3137c478bd9Sstevel@tonic-gate 	plain = token.value;
3147c478bd9Sstevel@tonic-gate 	plainlen = token.length;
3157c478bd9Sstevel@tonic-gate     }
3167c478bd9Sstevel@tonic-gate 
3177c478bd9Sstevel@tonic-gate     /* compute the checksum of the message */
3187c478bd9Sstevel@tonic-gate 
3197c478bd9Sstevel@tonic-gate     /* initialize the the cksum */
3207c478bd9Sstevel@tonic-gate     switch (signalg) {
3217c478bd9Sstevel@tonic-gate     case SGN_ALG_DES_MAC_MD5:
3227c478bd9Sstevel@tonic-gate     case SGN_ALG_MD2_5:
3237c478bd9Sstevel@tonic-gate     case SGN_ALG_DES_MAC:
3247c478bd9Sstevel@tonic-gate     case SGN_ALG_3:
3257c478bd9Sstevel@tonic-gate 	md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
3267c478bd9Sstevel@tonic-gate 	break;
327159d09a2SMark Phalan     case SGN_ALG_HMAC_MD5:
328159d09a2SMark Phalan       md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
329159d09a2SMark Phalan       break;
3307c478bd9Sstevel@tonic-gate     case SGN_ALG_HMAC_SHA1_DES3_KD:
3317c478bd9Sstevel@tonic-gate 	md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
3327c478bd9Sstevel@tonic-gate 	break;
3337c478bd9Sstevel@tonic-gate     default:
3347c478bd9Sstevel@tonic-gate 	KRB5_LOG(KRB5_ERR, "kg_unseal_v1() end, error2 signalg=%d\n", signalg);
3357c478bd9Sstevel@tonic-gate #ifndef	_KERNEL
3367c478bd9Sstevel@tonic-gate 	abort ();
3377c478bd9Sstevel@tonic-gate #else
3387c478bd9Sstevel@tonic-gate 	*minor_status = 0;
3397c478bd9Sstevel@tonic-gate 	return(GSS_S_DEFECTIVE_TOKEN);
3407c478bd9Sstevel@tonic-gate #endif /* _KERNEL */
3417c478bd9Sstevel@tonic-gate     }
3427c478bd9Sstevel@tonic-gate 
343159d09a2SMark Phalan     code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
344159d09a2SMark Phalan     if (code)
3457c478bd9Sstevel@tonic-gate     {
3467c478bd9Sstevel@tonic-gate 	KRB5_LOG(KRB5_ERR, "kg_unseal_v1() end, krb5_c_checksum_length() error "
3477c478bd9Sstevel@tonic-gate 		"code=%d\n", code);
3487c478bd9Sstevel@tonic-gate 	return(code);
3497c478bd9Sstevel@tonic-gate     }
3507c478bd9Sstevel@tonic-gate     md5cksum.length = (size_t)sumlen;
3517c478bd9Sstevel@tonic-gate 
3527c478bd9Sstevel@tonic-gate     switch (signalg) {
3537c478bd9Sstevel@tonic-gate     case SGN_ALG_DES_MAC_MD5:
3547c478bd9Sstevel@tonic-gate     case SGN_ALG_3:
3557c478bd9Sstevel@tonic-gate 	/* compute the checksum of the message */
3567c478bd9Sstevel@tonic-gate 
3577c478bd9Sstevel@tonic-gate 	/* 8 = bytes of token body to be checksummed according to spec */
3587c478bd9Sstevel@tonic-gate 
3597c478bd9Sstevel@tonic-gate 	if (! (data_ptr = (void *)
3607c478bd9Sstevel@tonic-gate 	       xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
3617c478bd9Sstevel@tonic-gate 	    if (sealalg != 0xffff)
3627c478bd9Sstevel@tonic-gate 		xfree_wrap(plain, tmsglen);
3637c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
3647c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
3657c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
3667c478bd9Sstevel@tonic-gate 		 * output parameter.
3677c478bd9Sstevel@tonic-gate 		 */
3687c478bd9Sstevel@tonic-gate 		token.value = NULL;
3697c478bd9Sstevel@tonic-gate 		token.length = 0;
3707c478bd9Sstevel@tonic-gate 	    }
3717c478bd9Sstevel@tonic-gate 	    *minor_status = ENOMEM;
3727c478bd9Sstevel@tonic-gate 	    KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error3 ENOMEM\n");
3737c478bd9Sstevel@tonic-gate 	    return(GSS_S_FAILURE);
3747c478bd9Sstevel@tonic-gate 	}
3757c478bd9Sstevel@tonic-gate 
3767c478bd9Sstevel@tonic-gate 	(void) memcpy(data_ptr, ptr-2, 8);
3777c478bd9Sstevel@tonic-gate 
3787c478bd9Sstevel@tonic-gate 	if (ctx->big_endian)
3797c478bd9Sstevel@tonic-gate 	    (void) memcpy(data_ptr+8, token.value, token.length);
3807c478bd9Sstevel@tonic-gate 	else
3817c478bd9Sstevel@tonic-gate 	    (void) memcpy(data_ptr+8, plain, plainlen);
3827c478bd9Sstevel@tonic-gate 
3837c478bd9Sstevel@tonic-gate 	plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
3847c478bd9Sstevel@tonic-gate 	plaind.data = data_ptr;
3857c478bd9Sstevel@tonic-gate 	code = krb5_c_make_checksum(context, md5cksum.checksum_type,
3867c478bd9Sstevel@tonic-gate 				    ctx->seq, sign_usage,
3877c478bd9Sstevel@tonic-gate 				    &plaind, &md5cksum);
3887c478bd9Sstevel@tonic-gate 	xfree_wrap(data_ptr, 8 + (ctx->big_endian ? token.length : plainlen));
3897c478bd9Sstevel@tonic-gate 
3907c478bd9Sstevel@tonic-gate 	if (code) {
3917c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
3927c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
3937c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
3947c478bd9Sstevel@tonic-gate 		 * output parameter.
3957c478bd9Sstevel@tonic-gate 		 */
3967c478bd9Sstevel@tonic-gate 		token.value = NULL;
3977c478bd9Sstevel@tonic-gate 		token.length = 0;
3987c478bd9Sstevel@tonic-gate 	    }
3997c478bd9Sstevel@tonic-gate 	    *minor_status = code;
4007c478bd9Sstevel@tonic-gate 	    KRB5_LOG(KRB5_ERR, "kg_unseal_v1() end, krb5_c_make_checksum() "
4017c478bd9Sstevel@tonic-gate 		    "error code = %d\n", code);
4027c478bd9Sstevel@tonic-gate 	    return(GSS_S_FAILURE);
4037c478bd9Sstevel@tonic-gate 	}
4047c478bd9Sstevel@tonic-gate 
4057c478bd9Sstevel@tonic-gate 	if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
406ab9b2e15Sgtb 			       (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
4077c478bd9Sstevel@tonic-gate 				ctx->seq->contents : NULL),
4087c478bd9Sstevel@tonic-gate 			       md5cksum.contents, md5cksum.contents, 16))) {
4097c478bd9Sstevel@tonic-gate 	    xfree_wrap(md5cksum.contents, md5cksum.length);
4107c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
4117c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
4127c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
4137c478bd9Sstevel@tonic-gate 		 * output parameter.
4147c478bd9Sstevel@tonic-gate 		 */
4157c478bd9Sstevel@tonic-gate 		token.value = NULL;
4167c478bd9Sstevel@tonic-gate 		token.length = 0;
4177c478bd9Sstevel@tonic-gate 	    }
4187c478bd9Sstevel@tonic-gate 	    *minor_status = code;
4197c478bd9Sstevel@tonic-gate 	    KRB5_LOG(KRB5_ERR, "kg_unseal_v1() end, kg_encrypt() error"
4207c478bd9Sstevel@tonic-gate 		    "code = %d\n", code);
4217c478bd9Sstevel@tonic-gate 	    return GSS_S_FAILURE;
4227c478bd9Sstevel@tonic-gate 	}
4237c478bd9Sstevel@tonic-gate 
4247c478bd9Sstevel@tonic-gate 	if (signalg == 0)
4257c478bd9Sstevel@tonic-gate 	    cksum.length = 8;
4267c478bd9Sstevel@tonic-gate 	else
4277c478bd9Sstevel@tonic-gate 	    cksum.length = 16;
4287c478bd9Sstevel@tonic-gate 	cksum.contents = md5cksum.contents + 16 - cksum.length;
4297c478bd9Sstevel@tonic-gate 
4307c478bd9Sstevel@tonic-gate 	code = memcmp(cksum.contents, ptr+14, cksum.length);
4317c478bd9Sstevel@tonic-gate 	break;
4327c478bd9Sstevel@tonic-gate 
4337c478bd9Sstevel@tonic-gate     case SGN_ALG_MD2_5:
4347c478bd9Sstevel@tonic-gate 	if (!ctx->seed_init &&
4357c478bd9Sstevel@tonic-gate 	    (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
4367c478bd9Sstevel@tonic-gate 	    xfree_wrap(md5cksum.contents, md5cksum.length);
4377c478bd9Sstevel@tonic-gate 	    if (sealalg != 0xffff)
4387c478bd9Sstevel@tonic-gate 		xfree_wrap(plain, tmsglen);
4397c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
4407c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
4417c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
4427c478bd9Sstevel@tonic-gate 		 * output parameter.
4437c478bd9Sstevel@tonic-gate 		 */
4447c478bd9Sstevel@tonic-gate 		token.value = NULL;
4457c478bd9Sstevel@tonic-gate 		token.length = 0;
4467c478bd9Sstevel@tonic-gate 	    }
4477c478bd9Sstevel@tonic-gate 	    *minor_status = code;
4487c478bd9Sstevel@tonic-gate 	    return GSS_S_FAILURE;
4497c478bd9Sstevel@tonic-gate 	}
4507c478bd9Sstevel@tonic-gate 
4517c478bd9Sstevel@tonic-gate 	if (! (data_ptr = (void *)
4527c478bd9Sstevel@tonic-gate 	       xmalloc(sizeof(ctx->seed) + 8 +
4537c478bd9Sstevel@tonic-gate 		       (ctx->big_endian ? token.length : plainlen)))) {
4547c478bd9Sstevel@tonic-gate 	    xfree_wrap(md5cksum.contents, md5cksum.length);
4557c478bd9Sstevel@tonic-gate 	    if (sealalg == 0)
4567c478bd9Sstevel@tonic-gate 		xfree_wrap(plain, tmsglen);
4577c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
4587c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
4597c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
4607c478bd9Sstevel@tonic-gate 		 * output parameter.
4617c478bd9Sstevel@tonic-gate 		 */
4627c478bd9Sstevel@tonic-gate 		token.value = NULL;
4637c478bd9Sstevel@tonic-gate 		token.length = 0;
4647c478bd9Sstevel@tonic-gate 	    }
4657c478bd9Sstevel@tonic-gate 	    *minor_status = ENOMEM;
4667c478bd9Sstevel@tonic-gate 	    return(GSS_S_FAILURE);
4677c478bd9Sstevel@tonic-gate 	}
4687c478bd9Sstevel@tonic-gate 	(void) memcpy(data_ptr, ptr-2, 8);
4697c478bd9Sstevel@tonic-gate 	(void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
4707c478bd9Sstevel@tonic-gate 	if (ctx->big_endian)
4717c478bd9Sstevel@tonic-gate 	    (void) memcpy(data_ptr+8+sizeof(ctx->seed),
4727c478bd9Sstevel@tonic-gate 			  token.value, token.length);
4737c478bd9Sstevel@tonic-gate 	else
4747c478bd9Sstevel@tonic-gate 	    (void) memcpy(data_ptr+8+sizeof(ctx->seed),
4757c478bd9Sstevel@tonic-gate 			  plain, plainlen);
4767c478bd9Sstevel@tonic-gate 	plaind.length = 8 + sizeof(ctx->seed) +
4777c478bd9Sstevel@tonic-gate 	    (ctx->big_endian ? token.length : plainlen);
4787c478bd9Sstevel@tonic-gate 	plaind.data = data_ptr;
4797c478bd9Sstevel@tonic-gate 	xfree_wrap(md5cksum.contents, md5cksum.length);
4807c478bd9Sstevel@tonic-gate 	code = krb5_c_make_checksum(context, md5cksum.checksum_type,
4817c478bd9Sstevel@tonic-gate 				    ctx->seq, KG_USAGE_SIGN,
4827c478bd9Sstevel@tonic-gate 				    &plaind, &md5cksum);
4837c478bd9Sstevel@tonic-gate 	xfree_wrap(data_ptr, 8 + sizeof(ctx->seed) +
4847c478bd9Sstevel@tonic-gate             (ctx->big_endian ? token.length : plainlen));
4857c478bd9Sstevel@tonic-gate 
4867c478bd9Sstevel@tonic-gate 	if (code) {
4877c478bd9Sstevel@tonic-gate 	    if (sealalg == 0)
4887c478bd9Sstevel@tonic-gate 		xfree_wrap(plain, tmsglen);
4897c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
4907c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
4917c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
4927c478bd9Sstevel@tonic-gate 		 * output parameter.
4937c478bd9Sstevel@tonic-gate 		 */
4947c478bd9Sstevel@tonic-gate 		token.value = NULL;
4957c478bd9Sstevel@tonic-gate 		token.length = 0;
4967c478bd9Sstevel@tonic-gate 	    }
4977c478bd9Sstevel@tonic-gate 	    *minor_status = code;
4987c478bd9Sstevel@tonic-gate 	    return(GSS_S_FAILURE);
4997c478bd9Sstevel@tonic-gate 	}
5007c478bd9Sstevel@tonic-gate 
5017c478bd9Sstevel@tonic-gate 	code = memcmp(md5cksum.contents, ptr+14, 8);
5027c478bd9Sstevel@tonic-gate 	/* Falls through to defective-token??  */
503*06307114SToomas Soome 	/* FALLTHROUGH */
5047c478bd9Sstevel@tonic-gate 
5057c478bd9Sstevel@tonic-gate     default:
5067c478bd9Sstevel@tonic-gate 	*minor_status = 0;
5077c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error SGN_ALG_MD2_5 "
5087c478bd9Sstevel@tonic-gate 		"GSS_S_DEFECTIVE_TOKEN\n");
5097c478bd9Sstevel@tonic-gate 	return(GSS_S_DEFECTIVE_TOKEN);
5107c478bd9Sstevel@tonic-gate 
5117c478bd9Sstevel@tonic-gate     case SGN_ALG_HMAC_SHA1_DES3_KD:
5127c478bd9Sstevel@tonic-gate     case SGN_ALG_HMAC_MD5:
5137c478bd9Sstevel@tonic-gate 	/* compute the checksum of the message */
5147c478bd9Sstevel@tonic-gate 
5157c478bd9Sstevel@tonic-gate 	/* 8 = bytes of token body to be checksummed according to spec */
5167c478bd9Sstevel@tonic-gate 
5177c478bd9Sstevel@tonic-gate 	if (! (data_ptr = (void *)
5187c478bd9Sstevel@tonic-gate 	       xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
5197c478bd9Sstevel@tonic-gate 	    if (sealalg != 0xffff)
5207c478bd9Sstevel@tonic-gate 		xfree_wrap(plain, tmsglen);
5217c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
5227c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
5237c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
5247c478bd9Sstevel@tonic-gate 		 * output parameter.
5257c478bd9Sstevel@tonic-gate 		 */
5267c478bd9Sstevel@tonic-gate 		token.value = NULL;
5277c478bd9Sstevel@tonic-gate 		token.length = 0;
5287c478bd9Sstevel@tonic-gate 	    }
5297c478bd9Sstevel@tonic-gate 	    *minor_status = ENOMEM;
5307c478bd9Sstevel@tonic-gate 	    return(GSS_S_FAILURE);
5317c478bd9Sstevel@tonic-gate 	}
5327c478bd9Sstevel@tonic-gate 
5337c478bd9Sstevel@tonic-gate 	(void) memcpy(data_ptr, ptr-2, 8);
5347c478bd9Sstevel@tonic-gate 
5357c478bd9Sstevel@tonic-gate 	if (ctx->big_endian) {
5367c478bd9Sstevel@tonic-gate 	    KRB5_LOG0(KRB5_INFO, "kg_unseal_v1() ctx->big_endian = 1\n");
5377c478bd9Sstevel@tonic-gate 	    (void) memcpy(data_ptr+8, token.value, token.length);
5387c478bd9Sstevel@tonic-gate 	}
5397c478bd9Sstevel@tonic-gate 	else {
5407c478bd9Sstevel@tonic-gate 	    KRB5_LOG0(KRB5_INFO, "kg_unseal_v1() ctx->big_endian = 0\n");
5417c478bd9Sstevel@tonic-gate 	    (void) memcpy(data_ptr+8, plain, plainlen);
5427c478bd9Sstevel@tonic-gate 	}
5437c478bd9Sstevel@tonic-gate 
5447c478bd9Sstevel@tonic-gate 	plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
5457c478bd9Sstevel@tonic-gate 	plaind.data = data_ptr;
5467c478bd9Sstevel@tonic-gate 
5477c478bd9Sstevel@tonic-gate 	code = krb5_c_make_checksum(context, md5cksum.checksum_type,
5487c478bd9Sstevel@tonic-gate 				    ctx->seq, sign_usage,
5497c478bd9Sstevel@tonic-gate 				    &plaind, &md5cksum);
5507c478bd9Sstevel@tonic-gate 
5517c478bd9Sstevel@tonic-gate 	xfree_wrap(data_ptr, 8 + (ctx->big_endian ? token.length : plainlen));
5527c478bd9Sstevel@tonic-gate 
5537c478bd9Sstevel@tonic-gate 	if (code) {
5547c478bd9Sstevel@tonic-gate 	    if (toktype == KG_TOK_SEAL_MSG) {
5557c478bd9Sstevel@tonic-gate 		xfree_wrap(token.value, token.length);
5567c478bd9Sstevel@tonic-gate 		/* Solaris Kerberos: just to be safe since token.value is an
5577c478bd9Sstevel@tonic-gate 		 * output parameter.
5587c478bd9Sstevel@tonic-gate 		 */
5597c478bd9Sstevel@tonic-gate 		token.value = NULL;
5607c478bd9Sstevel@tonic-gate 		token.length = 0;
5617c478bd9Sstevel@tonic-gate 	    }
5627c478bd9Sstevel@tonic-gate 	    *minor_status = code;
5637c478bd9Sstevel@tonic-gate 	    KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error "
5647c478bd9Sstevel@tonic-gate 		    "SGN_ALG_HMAC_SHA1_DES3_KD GSS_S_FAILURE\n");
5657c478bd9Sstevel@tonic-gate 	    return(GSS_S_FAILURE);
5667c478bd9Sstevel@tonic-gate 	}
5677c478bd9Sstevel@tonic-gate 
5687c478bd9Sstevel@tonic-gate 	/* compare the computed checksum against the transmitted checksum */
5697c478bd9Sstevel@tonic-gate 	code = memcmp(md5cksum.contents, ptr+14, cksum_len);
5707c478bd9Sstevel@tonic-gate 	KRB5_LOG(KRB5_INFO, "kg_unseal_v1() memcmp %d bytes", cksum_len);
5717c478bd9Sstevel@tonic-gate 	break;
5727c478bd9Sstevel@tonic-gate     }
5737c478bd9Sstevel@tonic-gate 
5747c478bd9Sstevel@tonic-gate     xfree_wrap(md5cksum.contents, md5cksum.length);
5757c478bd9Sstevel@tonic-gate     if (sealalg != 0xffff)
5767c478bd9Sstevel@tonic-gate 	xfree_wrap(plain, tmsglen);
5777c478bd9Sstevel@tonic-gate 
5787c478bd9Sstevel@tonic-gate     if (code) {
5797c478bd9Sstevel@tonic-gate 	if (toktype == KG_TOK_SEAL_MSG) {
5807c478bd9Sstevel@tonic-gate 	    xfree_wrap(token.value, token.length);
5817c478bd9Sstevel@tonic-gate 	    /* Solaris Kerberos: just to be safe since token.value is an
5827c478bd9Sstevel@tonic-gate 	     * output parameter.
5837c478bd9Sstevel@tonic-gate 	     */
5847c478bd9Sstevel@tonic-gate 	    token.value = NULL;
5857c478bd9Sstevel@tonic-gate 	    token.length = 0;
5867c478bd9Sstevel@tonic-gate 	}
5877c478bd9Sstevel@tonic-gate 	*minor_status = 0;
5887c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal_v1() end, error GSS_S_BAD_SIG\n");
5897c478bd9Sstevel@tonic-gate 	return(GSS_S_BAD_SIG);
5907c478bd9Sstevel@tonic-gate     }
5917c478bd9Sstevel@tonic-gate 
5927c478bd9Sstevel@tonic-gate     if (conf_state)
5937c478bd9Sstevel@tonic-gate 	*conf_state = (sealalg != 0xffff);
5947c478bd9Sstevel@tonic-gate 
5957c478bd9Sstevel@tonic-gate     if (qop_state)
5967c478bd9Sstevel@tonic-gate 	*qop_state = GSS_C_QOP_DEFAULT;
5977c478bd9Sstevel@tonic-gate 
5987c478bd9Sstevel@tonic-gate     if ((code = krb5_timeofday(context, &now))) {
5997c478bd9Sstevel@tonic-gate 	*minor_status = code;
6007c478bd9Sstevel@tonic-gate 
6017c478bd9Sstevel@tonic-gate 	KRB5_LOG(KRB5_ERR, "kg_unseal_v1() end, krb5_timeofday()"
6027c478bd9Sstevel@tonic-gate 		"error code = %d\n", code);
6037c478bd9Sstevel@tonic-gate 
6047c478bd9Sstevel@tonic-gate 	return(GSS_S_FAILURE);
6057c478bd9Sstevel@tonic-gate     }
6067c478bd9Sstevel@tonic-gate 
6077c478bd9Sstevel@tonic-gate     if (now > ctx->endtime) {
6087c478bd9Sstevel@tonic-gate 	*minor_status = 0;
6097c478bd9Sstevel@tonic-gate 
6107c478bd9Sstevel@tonic-gate 	KRB5_LOG1(KRB5_ERR, "kg_unseal_v1() end, error "
6117c478bd9Sstevel@tonic-gate 		"now %d > ctx->endtime %d\n", now, ctx->endtime);
6127c478bd9Sstevel@tonic-gate 
6137c478bd9Sstevel@tonic-gate 	return(GSS_S_CONTEXT_EXPIRED);
6147c478bd9Sstevel@tonic-gate     }
6157c478bd9Sstevel@tonic-gate 
6167c478bd9Sstevel@tonic-gate     /* do sequencing checks */
6177c478bd9Sstevel@tonic-gate     if ((ctx->initiate && direction != 0xff) ||
6187c478bd9Sstevel@tonic-gate 	(!ctx->initiate && direction != 0)) {
6197c478bd9Sstevel@tonic-gate 	if (toktype == KG_TOK_SEAL_MSG) {
6207c478bd9Sstevel@tonic-gate 	    xfree_wrap(token.value, token.length);
6217c478bd9Sstevel@tonic-gate 	    /* Solaris Kerberos: just to be safe since token.value is an
6227c478bd9Sstevel@tonic-gate 	     * output parameter.
6237c478bd9Sstevel@tonic-gate 	     */
6247c478bd9Sstevel@tonic-gate 	    token.value = NULL;
6257c478bd9Sstevel@tonic-gate 	    token.length = 0;
6267c478bd9Sstevel@tonic-gate 	}
6277c478bd9Sstevel@tonic-gate 	*minor_status = (OM_uint32) G_BAD_DIRECTION;
6287c478bd9Sstevel@tonic-gate 
6297c478bd9Sstevel@tonic-gate 	KRB5_LOG1(KRB5_ERR, "kg_unseal_v1() end, error GSS_S_BAD_SIG "
6307c478bd9Sstevel@tonic-gate 		"G_BAD_DIRECTION ctx->initiate = %d "
6317c478bd9Sstevel@tonic-gate 		"direction = %d\n", ctx->initiate, direction);
6327c478bd9Sstevel@tonic-gate 
6337c478bd9Sstevel@tonic-gate 	return(GSS_S_BAD_SIG);
6347c478bd9Sstevel@tonic-gate     }
6357c478bd9Sstevel@tonic-gate 
6367c478bd9Sstevel@tonic-gate     retval = g_order_check(&(ctx->seqstate), (gssint_uint64)seqnum);
6377c478bd9Sstevel@tonic-gate 
6387c478bd9Sstevel@tonic-gate     /* It got through unscathed, adjust the output message buffer. */
6397c478bd9Sstevel@tonic-gate     if (retval == 0 && toktype == KG_TOK_SEAL_MSG)
6407c478bd9Sstevel@tonic-gate 	*message_buffer = token;
6417c478bd9Sstevel@tonic-gate 
6427c478bd9Sstevel@tonic-gate     *minor_status = 0;
6437c478bd9Sstevel@tonic-gate     KRB5_LOG(KRB5_INFO, "kg_unseal_v1() end, retval = %d\n", retval);
6447c478bd9Sstevel@tonic-gate     return(retval);
6457c478bd9Sstevel@tonic-gate }
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate /* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
6487c478bd9Sstevel@tonic-gate    conf_state is only valid if SEAL. */
6497c478bd9Sstevel@tonic-gate 
6507c478bd9Sstevel@tonic-gate OM_uint32
651ab9b2e15Sgtb kg_unseal(minor_status, context_handle, input_token_buffer,
6527c478bd9Sstevel@tonic-gate 	  message_buffer, conf_state, qop_state, toktype)
6537c478bd9Sstevel@tonic-gate     OM_uint32 *minor_status;
6547c478bd9Sstevel@tonic-gate     gss_ctx_id_t context_handle;
6557c478bd9Sstevel@tonic-gate     gss_buffer_t input_token_buffer;
6567c478bd9Sstevel@tonic-gate     gss_buffer_t message_buffer;
6577c478bd9Sstevel@tonic-gate     int *conf_state;
6587c478bd9Sstevel@tonic-gate     int *qop_state;
6597c478bd9Sstevel@tonic-gate     int toktype;
6607c478bd9Sstevel@tonic-gate {
6617c478bd9Sstevel@tonic-gate     krb5_gss_ctx_id_rec *ctx;
6627c478bd9Sstevel@tonic-gate     unsigned char *ptr;
6637c478bd9Sstevel@tonic-gate     int bodysize;
6647c478bd9Sstevel@tonic-gate     int err;
6657c478bd9Sstevel@tonic-gate     int toktype2;
6667c478bd9Sstevel@tonic-gate 
6677c478bd9Sstevel@tonic-gate     KRB5_LOG0(KRB5_INFO, "kg_unseal() start \n");
6687c478bd9Sstevel@tonic-gate 
6697c478bd9Sstevel@tonic-gate     /* validate the context handle */
6707c478bd9Sstevel@tonic-gate     if (! kg_validate_ctx_id(context_handle)) {
6717c478bd9Sstevel@tonic-gate 	*minor_status = (OM_uint32) G_VALIDATE_FAILED;
6727c478bd9Sstevel@tonic-gate 
6737c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal() end, kg_validate_ctx_id() error "
6747c478bd9Sstevel@tonic-gate 		"G_VALIDATE_FAILED \n");
6757c478bd9Sstevel@tonic-gate 
6767c478bd9Sstevel@tonic-gate 	return(GSS_S_NO_CONTEXT);
6777c478bd9Sstevel@tonic-gate     }
6787c478bd9Sstevel@tonic-gate 
6797c478bd9Sstevel@tonic-gate     ctx = (krb5_gss_ctx_id_rec *) context_handle;
6807c478bd9Sstevel@tonic-gate 
6817c478bd9Sstevel@tonic-gate     if (! ctx->established) {
6827c478bd9Sstevel@tonic-gate 	*minor_status = KG_CTX_INCOMPLETE;
6837c478bd9Sstevel@tonic-gate 	KRB5_LOG0(KRB5_ERR, "kg_unseal() end, error ! ctx->established \n");
6847c478bd9Sstevel@tonic-gate 	return(GSS_S_NO_CONTEXT);
6857c478bd9Sstevel@tonic-gate     }
6867c478bd9Sstevel@tonic-gate 
6877c478bd9Sstevel@tonic-gate     /* parse the token, leave the data in message_buffer, setting conf_state */
6887c478bd9Sstevel@tonic-gate 
6897c478bd9Sstevel@tonic-gate     /* verify the header */
6907c478bd9Sstevel@tonic-gate     ptr = (unsigned char *) input_token_buffer->value;
6917c478bd9Sstevel@tonic-gate     if (ctx->proto)
6927c478bd9Sstevel@tonic-gate 	switch (toktype) {
6937c478bd9Sstevel@tonic-gate 	case KG_TOK_SIGN_MSG:
694159d09a2SMark Phalan 	    toktype2 = 0x0404;
695159d09a2SMark Phalan 	    break;
6967c478bd9Sstevel@tonic-gate 	case KG_TOK_SEAL_MSG:
697159d09a2SMark Phalan 	    toktype2 = 0x0504;
698159d09a2SMark Phalan 	    break;
6997c478bd9Sstevel@tonic-gate 	case KG_TOK_DEL_CTX:
700159d09a2SMark Phalan 	    toktype2 = 0x0405;
701159d09a2SMark Phalan 	    break;
7027c478bd9Sstevel@tonic-gate 	default:
703159d09a2SMark Phalan 	    toktype2 = toktype;
704159d09a2SMark Phalan 	    break;
7057c478bd9Sstevel@tonic-gate 	}
7067c478bd9Sstevel@tonic-gate     else
707159d09a2SMark Phalan 	toktype2 = toktype;
708ab9b2e15Sgtb     err = g_verify_token_header(ctx->mech_used,
7097c478bd9Sstevel@tonic-gate 				(uint32_t *)&bodysize, &ptr, toktype2,
7107c478bd9Sstevel@tonic-gate 				input_token_buffer->length,
7117c478bd9Sstevel@tonic-gate 				!ctx->proto);
7127c478bd9Sstevel@tonic-gate     if (err) {
7137c478bd9Sstevel@tonic-gate 	*minor_status = err;
7147c478bd9Sstevel@tonic-gate 	return GSS_S_DEFECTIVE_TOKEN;
7157c478bd9Sstevel@tonic-gate     }
7167c478bd9Sstevel@tonic-gate 
7177c478bd9Sstevel@tonic-gate     if (ctx->proto == 0) {
718ab9b2e15Sgtb 	err = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
7197c478bd9Sstevel@tonic-gate 			    message_buffer, conf_state, qop_state,
7207c478bd9Sstevel@tonic-gate 			    toktype);
7217c478bd9Sstevel@tonic-gate 
7227c478bd9Sstevel@tonic-gate     } else {
723159d09a2SMark Phalan 	err = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
7247c478bd9Sstevel@tonic-gate                                            ptr, bodysize, message_buffer,
7257c478bd9Sstevel@tonic-gate                                            conf_state, qop_state, toktype);
7267c478bd9Sstevel@tonic-gate     }
7277c478bd9Sstevel@tonic-gate 
7287c478bd9Sstevel@tonic-gate     *minor_status = err;
7297c478bd9Sstevel@tonic-gate 
7305e01956fSGlenn Barry #ifndef _KERNEL
7315e01956fSGlenn Barry     if (err != 0)
7325e01956fSGlenn Barry 	save_error_info (*minor_status, ctx->k5_context);
7335e01956fSGlenn Barry #endif
7345e01956fSGlenn Barry 
7357c478bd9Sstevel@tonic-gate     KRB5_LOG(KRB5_INFO, "kg_unseal() end, err = %d", err);
7367c478bd9Sstevel@tonic-gate 
7377c478bd9Sstevel@tonic-gate     return(err);
7387c478bd9Sstevel@tonic-gate }
739