From 142e6cd68db0d083c4506d52a27ef555217b9620 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 23 May 2016 10:46:13 -0400
Subject: Add context extension to reset crypto state

This is need to account for the special handling described in MS-SPNG 3.3.5.1
It instructs sthat the NTLMSSP crypto state needs to be reset if MIC is
performed in the SPNEGO layer.

Optionally reset sequence numbers too.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 src/gss_sec_ctx.c    | 43 +++++++++++++++++++++++++++++++++++++++++++
 src/gssapi_ntlmssp.h |  9 +++++++++
 2 files changed, 52 insertions(+)

diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 2598389..d5b0bb0 100644
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -1114,6 +1114,47 @@ uint32_t gssntlm_set_seq_num(uint32_t *minor_status,
     return GSSERRS(0, GSS_S_COMPLETE);
 }
 
+gss_OID_desc reset_crypto_oid = {
+    GSS_NTLMSSP_RESET_CRYPTO_OID_LENGTH,
+    discard_const(GSS_NTLMSSP_RESET_CRYPTO_OID_STRING)
+};
+
+uint32_t gssntlm_reset_crypto(uint32_t *minor_status,
+                              struct gssntlm_ctx *ctx,
+                              const gss_buffer_t value)
+{
+    uint32_t retmin;
+    uint32_t retmaj;
+
+    if (value->length != 4) {
+        return GSSERRS(ERR_BADARG, GSS_S_FAILURE);
+    }
+
+    /* reset crypto state */
+    if (ctx->neg_flags & (NTLMSSP_NEGOTIATE_SIGN |
+                            NTLMSSP_NEGOTIATE_SEAL)) {
+        uint32_t val;
+
+        RC4_FREE(&ctx->crypto_state.send.seal_handle);
+        RC4_FREE(&ctx->crypto_state.recv.seal_handle);
+
+        retmin = ntlm_signseal_keys(ctx->neg_flags, false,
+                                    &ctx->exported_session_key,
+                                    &ctx->crypto_state);
+        if (retmin) {
+            return GSSERRS(retmin, GSS_S_FAILURE);
+        }
+
+        memcpy(&val, value->value, value->length);
+        if (val != 0) {
+            ctx->crypto_state.send.seq_num = 0;
+            ctx->crypto_state.recv.seq_num = 0;
+        }
+    }
+
+    return GSSERRS(0, GSS_S_COMPLETE);
+}
+
 uint32_t gssntlm_set_sec_context_option(uint32_t *minor_status,
                                         gss_ctx_id_t *context_handle,
                                         const gss_OID desired_object,
@@ -1135,6 +1176,8 @@ uint32_t gssntlm_set_sec_context_option(uint32_t *minor_status,
     /* set seq num */
     if (gss_oid_equal(desired_object, &set_seq_num_oid)) {
         return gssntlm_set_seq_num(minor_status, ctx, value);
+    } else if (gss_oid_equal(desired_object, &reset_crypto_oid)) {
+        return gssntlm_reset_crypto(minor_status, ctx, value);
     }
 
     return GSSERRS(ERR_BADARG, GSS_S_UNAVAILABLE);
diff --git a/src/gssapi_ntlmssp.h b/src/gssapi_ntlmssp.h
index 2aae434..04dd76c 100644
--- a/src/gssapi_ntlmssp.h
+++ b/src/gssapi_ntlmssp.h
@@ -59,6 +59,15 @@ extern "C" {
 #define GSS_SPNEGO_REQUIRE_MIC_OID_STRING GSS_NTLMSSP_BASE_OID_STRING "\x02"
 #define GSS_SPNEGO_REQUIRE_MIC_OID_LENGTH GSS_NTLMSSP_BASE_OID_LENGTH + 1
 
+/* SPNEGO Reset Crypto OID
+ * MS-SPNG 3.3.5.1 warns hat the NTLM mechanism requires to reset the
+ * crypto engine when the SPNEGO layer uses a MechListMIC.
+ * This OID is queried by the SPNEGO mechanism after a MIC processing to
+ * cause the crypto engine to be reset.
+ */
+#define GSS_NTLMSSP_RESET_CRYPTO_OID_STRING GSS_NTLMSSP_BASE_OID_STRING "\x03"
+#define GSS_NTLMSSP_RESET_CRYPTO_OID_LENGTH GSS_NTLMSSP_BASE_OID_LENGTH + 1
+
 #define GSS_NTLMSSP_CS_DOMAIN "ntlmssp_domain"
 #define GSS_NTLMSSP_CS_NTHASH "ntlmssp_nthash"
 #define GSS_NTLMSSP_CS_PASSWORD "ntlmssp_password"
-- 
cgit