2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
36 * 1.3.6.1.4.1.5322(padl)
39 * eap-aes128-cts-hmac-sha1-96(17)
40 * eap-aes256-cts-hmac-sha1-96(18)
43 * inquireSecContextByOid(1)
45 * setSecContextOption(3)
50 static const gss_OID_desc gssEapMechPrefix = {
51 /* Note that alone this is not a valid DER encoded OID */
52 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x00"
55 static const gss_OID_desc gssEapConcreteMechs[] = {
56 /* 1.3.6.1.4.1.5322.21.1 */
57 { 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
58 /* 1.3.6.1.4.1.5322.21.1.17 */
59 { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
60 /* 1.3.6.1.4.1.5322.21.1.18 */
61 { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
64 gss_OID GSS_EAP_MECHANISM = &gssEapConcreteMechs[0];
65 gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[1];
66 gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[2];
69 gssEapIsMechanismOid(const gss_OID oid)
71 if (oid == GSS_C_NO_OID) {
73 } else if (oidEqual(oid, GSS_EAP_MECHANISM)) {
75 } else if (oid->length > gssEapMechPrefix.length &&
76 memcmp(oid->elements, gssEapMechPrefix.elements,
77 gssEapMechPrefix.length) == 0) {
85 gssEapOidToEnctype(OM_uint32 *minor,
87 krb5_enctype *enctype)
92 major = decomposeOid(minor,
93 gssEapMechPrefix.elements,
94 gssEapMechPrefix.length,
97 if (major == GSS_S_COMPLETE)
104 gssEapEnctypeToOid(OM_uint32 *minor,
105 krb5_enctype enctype,
113 oid = (gss_OID)GSSEAP_MALLOC(sizeof(*oid));
116 return GSS_S_FAILURE;
119 oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 1);
120 if (oid->elements == NULL) {
123 return GSS_S_FAILURE;
126 major = composeOid(minor,
127 gssEapMechPrefix.elements,
128 gssEapMechPrefix.length,
131 if (major == GSS_S_COMPLETE) {
132 gssEapInternalizeOid(oid, pOid);
143 gssEapIndicateMechs(OM_uint32 *minor,
146 krb5_context krbContext;
147 OM_uint32 major, tmpMinor;
148 krb5_enctype *etypes;
151 GSSEAP_KRB_INIT(&krbContext);
153 *minor = krb5_get_permitted_enctypes(krbContext, &etypes);
155 return GSS_S_FAILURE;
158 major = gss_create_empty_oid_set(minor, mechs);
159 if (GSS_ERROR(major)) {
160 GSSEAP_FREE(etypes); /* XXX */
164 for (i = 0; etypes[i] != ENCTYPE_NULL; i++) {
167 /* XXX currently we aren't equipped to encode these enctypes */
168 if (etypes[i] < 0 || etypes[i] > 127)
171 major = gssEapEnctypeToOid(minor, etypes[i], &mechOid);
172 if (GSS_ERROR(major))
175 major = gss_add_oid_set_member(minor, mechOid, mechs);
176 if (GSS_ERROR(major))
179 gss_release_oid(&tmpMinor, &mechOid);
182 GSSEAP_FREE(etypes); /* XXX */
188 gssEapDefaultMech(OM_uint32 *minor,
192 OM_uint32 major, tmpMinor;
194 major = gssEapIndicateMechs(minor, &mechs);
195 if (GSS_ERROR(major)) {
199 if (mechs->count == 0) {
200 gss_release_oid_set(&tmpMinor, &mechs);
201 return GSS_S_BAD_MECH;
204 gssEapInternalizeOid(&mechs->elements[0], oid);
205 if (*oid == &mechs->elements[0]) {
206 /* don't double-free if we didn't internalize it */
207 mechs->elements[0].length = 0;
208 mechs->elements[0].elements = NULL;
211 gss_release_oid_set(&tmpMinor, &mechs);
214 return GSS_S_COMPLETE;
218 gssEapInternalizeOid(const gss_OID oid,
219 gss_OID *const pInternalizedOid)
223 *pInternalizedOid = GSS_C_NO_OID;
226 i < sizeof(gssEapConcreteMechs) / sizeof(gssEapConcreteMechs[0]);
228 if (oidEqual(oid, &gssEapConcreteMechs[i])) {
229 *pInternalizedOid = (const gss_OID)&gssEapConcreteMechs[i];
234 if (*pInternalizedOid == GSS_C_NO_OID) {
235 if (oidEqual(oid, GSS_EAP_NT_PRINCIPAL_NAME))
236 *pInternalizedOid = (const gss_OID)GSS_EAP_NT_PRINCIPAL_NAME;
239 if (*pInternalizedOid == GSS_C_NO_OID) {
240 *pInternalizedOid = oid;