Initial Revision

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2099 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 120 insertions, 0 deletions

diff --git a/src/lib/gssapi/unseal.c b/src/lib/gssapi/unseal.c
new file mode 100644
index 000000000..fc51e551b
--- /dev/null
+++ b/src/lib/gssapi/unseal.c
@@ -0,0 +1,120 @@
+/*
+ * seal.c --- seal message
+ * 
+ * $Source$
+ * $Author$
+ * $Header$
+ * 
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <gssapi.h>
+
+OM_uint32 gss_unseal(minor_status, context, input_message_buffer,
+		     output_message_buffer, conf_state, qop_state)
+	OM_uint32	*minor_status;
+	gss_ctx_id_t	context;
+	gss_buffer_t	input_message_buffer;
+	gss_buffer_t	output_message_buffer;
+	int		*conf_state;
+	int		*qop_state;
+{
+	OM_uint32	retval;
+	krb5_data	inbuf, outbuf;
+	int		token_type;
+
+	*minor_status = 0;
+
+	if (retval = gss_check_token(minor_status, input_message_buffer,
+				     GSS_API_KRB5_TYPE, 0))
+		return(retval);
+	token_type = ((char *) input_message_buffer->value)[4];
+	if ((token_type != GSS_API_KRB5_SAFE) &&
+	    (token_type != GSS_API_KRB5_PRIV))
+		return(gss_make_re(GSS_RE_DEFECTIVE_TOKEN));
+	inbuf.length = input_message_buffer->length-4;
+	inbuf.data = ( (char *) input_message_buffer->value)+4;
+	if (token_type == GSS_API_KRB5_PRIV) {
+		int	priv_flags = 0;
+		int		eblock_size;
+		char		*i_vector;
+
+		if (context->flags & GSS_C_SEQUENCE_FLAG)
+			priv_flags = KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME;
+		/*
+		 * Initialize the initial vector.
+		 */
+		eblock_size =
+			krb5_keytype_array[context->session_key->keytype]->
+				system->block_length;
+		if (!(i_vector=malloc(eblock_size))) {
+			return(gss_make_re(GSS_RE_FAILURE));
+		}
+		memset(i_vector, 0, eblock_size);
+		if (*minor_status = krb5_rd_priv(&inbuf, 
+						 context->session_key,
+						 &context->his_address,
+						 &context->my_address,
+						 context->his_seq_num,
+						 priv_flags,
+						 i_vector,
+						 0, /* no rcache */
+						 &outbuf))
+			return(gss_make_re(GSS_RE_FAILURE));
+		if (conf_state)
+			*conf_state = 1;
+	} else {
+		int	safe_flags = 0;
+
+		if (context->flags & GSS_C_SEQUENCE_FLAG)
+			safe_flags = KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME;
+		if (*minor_status = krb5_rd_safe(&inbuf,
+						 context->session_key,
+						 &context->his_address,
+						 &context->my_address,
+						 context->his_seq_num,
+						 safe_flags,
+						 0, /* no rcache */
+						 &outbuf))
+			return(gss_make_re(GSS_RE_FAILURE));
+		if (conf_state)
+			*conf_state = 0;
+	}
+	if (qop_state)
+		*qop_state = 0;
+	output_message_buffer->length = outbuf.length;
+	output_message_buffer->value = outbuf.data;
+	return(GSS_S_COMPLETE);
+}
+	
+OM_uint32 gss_verify(minor_status, context, message_buffer,  
+		   token_buffer, qop_state)
+	OM_uint32	*minor_status;
+	gss_ctx_id_t	context;
+	gss_buffer_t	message_buffer;
+	gss_buffer_t	token_buffer;
+	int		*qop_state;
+{
+	OM_uint32 retval, ret;
+	gss_buffer_desc	buf;
+	gss_buffer_t	output_message_buffer = &buf;
+	
+	
+	if (retval = gss_unseal(minor_status, context, message_buffer,
+		     output_message_buffer, NULL, qop_state))
+		return(retval);
+	if (token_buffer->length != output_message_buffer->length)
+		ret = gss_make_re(GSS_RE_BAD_SIG);
+	else if (!memcmp(token_buffer->value, output_message_buffer->value,
+			 token_buffer->length))
+		ret = gss_make_re(GSS_RE_BAD_SIG);
+	if (retval = gss_release_buffer(minor_status, output_message_buffer))
+		return(retval);
+	return(ret);
+}
+