2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * "Lucid" security context export routine (called by MIT Kerberos mechanism).
37 #include "gssapiP_eap.h"
40 gssEapExportLucidSecContext(OM_uint32 *minor,
42 const gss_OID desiredObject,
43 gss_buffer_set_t *data_set)
45 OM_uint32 major = GSS_S_COMPLETE;
46 int haveAcceptorSubkey =
47 ((rfc4121Flags(ctx, 0) & TOK_FLAG_ACCEPTOR_SUBKEY) != 0);
49 #ifdef HAVE_HEIMDAL_VERSION
52 krb5_data data = { 0 };
54 sp = krb5_storage_emem();
60 code = krb5_store_int32(sp, 1); /* version */
64 code = krb5_store_int32(sp, CTX_IS_INITIATOR(ctx));
68 code = krb5_store_int32(sp, ctx->expiryTime);
72 code = krb5_store_int32(sp, 0);
76 code = krb5_store_int32(sp, ctx->sendSeq);
80 code = krb5_store_int32(sp, 0);
84 code = krb5_store_int32(sp, ctx->recvSeq);
88 code = krb5_store_int32(sp, 1); /* is_cfx */
92 code = krb5_store_int32(sp, haveAcceptorSubkey);
96 code = krb5_store_keyblock(sp, ctx->rfc3961Key);
100 if (haveAcceptorSubkey) {
101 code = krb5_store_keyblock(sp, ctx->rfc3961Key);
106 code = krb5_storage_to_data(sp, &data);
110 rep.length = data.length;
111 rep.value = data.data;
113 major = gss_add_buffer_set_member(minor, &rep, data_set);
114 if (GSS_ERROR(major))
118 krb5_data_free(&data);
120 if (major == GSS_S_COMPLETE) {
122 major = (code != 0) ? GSS_S_FAILURE : GSS_S_COMPLETE;
127 gss_krb5_lucid_context_v1_t *lctx;
128 gss_krb5_lucid_key_t *lkey = NULL;
130 lctx = (gss_krb5_lucid_context_v1_t *)GSSEAP_CALLOC(1, sizeof(*lctx));
132 major = GSS_S_FAILURE;
138 lctx->initiate = CTX_IS_INITIATOR(ctx);
139 lctx->endtime = ctx->expiryTime;
140 lctx->send_seq = ctx->sendSeq;
141 lctx->recv_seq = ctx->recvSeq;
144 lctx->cfx_kd.have_acceptor_subkey = haveAcceptorSubkey;
146 lkey = haveAcceptorSubkey
147 ? &lctx->cfx_kd.ctx_key
148 : &lctx->cfx_kd.acceptor_subkey;
150 lkey->type = KRB_KEY_TYPE(&ctx->rfc3961Key);
151 lkey->data = GSSEAP_MALLOC(KRB_KEY_LENGTH(&ctx->rfc3961Key));
152 if (lkey->data == NULL) {
153 major = GSS_S_FAILURE;
157 lkey->length = KRB_KEY_LENGTH(&ctx->rfc3961Key);
158 memcpy(lkey->data, KRB_KEY_DATA(&ctx->rfc3961Key), lkey->length);
161 rep.length = sizeof(void *);
163 major = gss_add_buffer_set_member(minor, &rep, data_set);
164 if (GSS_ERROR(major))
168 if (GSS_ERROR(major)) {
170 if (lkey != NULL && lkey->data != NULL) {
171 memset(lkey->data, 0, lkey->length);
172 GSSEAP_FREE(lkey->data);
179 #endif /* HAVE_HEIMDAL_VERSION */