2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Copyright 2008 by the Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
57 * Message protection services: wrap with scatter-gather API.
60 #include "gssapiP_eap.h"
63 rfc4121Flags(gss_ctx_id_t ctx, int receiving)
68 isAcceptor = !CTX_IS_INITIATOR(ctx);
70 isAcceptor = !isAcceptor;
74 flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
76 if ((ctx->flags & CTX_FLAG_KRB_REAUTH) &&
77 (ctx->gssFlags & GSS_C_MUTUAL_FLAG))
78 flags |= TOK_FLAG_ACCEPTOR_SUBKEY;
84 gssEapWrapOrGetMIC(OM_uint32 *minor,
88 gss_iov_buffer_desc *iov,
90 enum gss_eap_token_type toktype)
92 krb5_error_code code = 0;
93 gss_iov_buffer_t header;
94 gss_iov_buffer_t padding;
95 gss_iov_buffer_t trailer;
97 unsigned char *outbuf = NULL;
98 unsigned char *tbuf = NULL;
101 size_t gssHeaderLen, gssTrailerLen;
102 size_t dataLen, assocDataLen;
103 krb5_context krbContext;
104 #ifdef HAVE_HEIMDAL_VERSION
105 krb5_crypto krbCrypto = NULL;
108 if (ctx->encryptionType == ENCTYPE_NULL) {
109 *minor = GSSEAP_KEY_UNAVAILABLE;
110 return GSS_S_UNAVAILABLE;
113 GSSEAP_KRB_INIT(&krbContext);
115 flags = rfc4121Flags(ctx, FALSE);
117 if (toktype == TOK_TYPE_WRAP) {
118 keyUsage = CTX_IS_INITIATOR(ctx)
119 ? KEY_USAGE_INITIATOR_SEAL
120 : KEY_USAGE_ACCEPTOR_SEAL;
122 keyUsage = CTX_IS_INITIATOR(ctx)
123 ? KEY_USAGE_INITIATOR_SIGN
124 : KEY_USAGE_ACCEPTOR_SIGN;
127 gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen);
129 header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
130 if (header == NULL) {
131 *minor = GSSEAP_MISSING_IOV;
132 return GSS_S_FAILURE;
135 padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
137 padding->buffer.length = 0;
139 trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
141 #ifdef HAVE_HEIMDAL_VERSION
142 code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, ETYPE_NULL, &krbCrypto);
147 if (toktype == TOK_TYPE_WRAP && conf_req_flag) {
148 size_t krbHeaderLen, krbTrailerLen, krbPadLen;
149 size_t ec = 0, confDataLen = dataLen - assocDataLen;
151 code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
152 KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
156 code = krbPaddingLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
157 confDataLen + 16 /* E(Header) */,
162 if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
163 /* Windows rejects AEAD tokens with non-zero EC */
164 code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec);
170 code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
171 KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
175 gssHeaderLen = 16 /* Header */ + krbHeaderLen;
176 gssTrailerLen = ec + 16 /* E(Header) */ + krbTrailerLen;
178 if (trailer == NULL) {
180 /* Workaround for Windows bug where it rotates by EC + RRC */
181 if (ctx->gssFlags & GSS_C_DCE_STYLE)
183 gssHeaderLen += gssTrailerLen;
186 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
187 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
188 } else if (header->buffer.length < gssHeaderLen)
189 code = GSSEAP_WRONG_SIZE;
192 outbuf = (unsigned char *)header->buffer.value;
193 header->buffer.length = (size_t)gssHeaderLen;
195 if (trailer != NULL) {
196 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
197 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
198 else if (trailer->buffer.length < gssTrailerLen)
199 code = GSSEAP_WRONG_SIZE;
202 trailer->buffer.length = (size_t)gssTrailerLen;
206 store_uint16_be((uint16_t)toktype, outbuf);
209 | (conf_req_flag ? TOK_FLAG_WRAP_CONFIDENTIAL : 0);
213 store_uint16_be(ec, outbuf + 4);
215 store_uint16_be(0, outbuf + 6);
216 store_uint64_be(ctx->sendSeq, outbuf + 8);
219 * EC | copy of header to be encrypted, located in
220 * (possibly rotated) trailer
223 tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
225 tbuf = (unsigned char *)trailer->buffer.value;
227 memset(tbuf, 0xFF, ec);
228 memcpy(tbuf + ec, header->buffer.value, 16);
230 code = gssEapEncrypt(krbContext,
231 ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
232 ec, rrc, KRB_CRYPTO_CONTEXT(ctx),
233 keyUsage, iov, iov_count);
238 store_uint16_be(rrc, outbuf + 6);
241 } else if (toktype == TOK_TYPE_WRAP && !conf_req_flag) {
246 code = krbCryptoLength(krbContext, KRB_CRYPTO_CONTEXT(ctx),
247 KRB5_CRYPTO_TYPE_CHECKSUM, &gssTrailerLen);
251 GSSEAP_ASSERT(gssTrailerLen <= 0xFFFF);
253 if (trailer == NULL) {
255 gssHeaderLen += gssTrailerLen;
258 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
259 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
260 else if (header->buffer.length < gssHeaderLen)
261 code = GSSEAP_WRONG_SIZE;
264 outbuf = (unsigned char *)header->buffer.value;
265 header->buffer.length = (size_t)gssHeaderLen;
267 if (trailer != NULL) {
268 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
269 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
270 else if (trailer->buffer.length < gssTrailerLen)
271 code = GSSEAP_WRONG_SIZE;
274 trailer->buffer.length = (size_t)gssTrailerLen;
278 store_uint16_be((uint16_t)toktype, outbuf);
283 if (toktype == TOK_TYPE_WRAP) {
284 /* Use 0 for checksum calculation, substitute
285 * checksum length later.
288 store_uint16_be(0, outbuf + 4);
290 store_uint16_be(0, outbuf + 6);
292 /* MIC and DEL store 0xFF in EC and RRC */
293 store_uint16_be(0xFFFF, outbuf + 4);
294 store_uint16_be(0xFFFF, outbuf + 6);
296 store_uint64_be(ctx->sendSeq, outbuf + 8);
298 code = gssEapSign(krbContext, ctx->checksumType, rrc,
299 KRB_CRYPTO_CONTEXT(ctx), keyUsage,
306 if (toktype == TOK_TYPE_WRAP) {
307 /* Fix up EC field */
308 store_uint16_be(gssTrailerLen, outbuf + 4);
309 /* Fix up RRC field */
310 store_uint16_be(rrc, outbuf + 6);
312 } else if (toktype == TOK_TYPE_MIC) {
314 goto wrap_with_checksum;
315 } else if (toktype == TOK_TYPE_DELETE_CONTEXT) {
317 goto wrap_with_checksum;
323 if (conf_state != NULL)
324 *conf_state = conf_req_flag;
328 gssEapReleaseIov(iov, iov_count);
329 #ifdef HAVE_HEIMDAL_VERSION
330 if (krbCrypto != NULL)
331 krb5_crypto_destroy(krbContext, krbCrypto);
336 return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
339 OM_uint32 GSSAPI_CALLCONV
340 gss_wrap_iov(OM_uint32 *minor,
345 gss_iov_buffer_desc *iov,
350 if (ctx == GSS_C_NO_CONTEXT) {
352 return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
355 if (qop_req != GSS_C_QOP_DEFAULT) {
356 *minor = GSSEAP_UNKNOWN_QOP;
357 return GSS_S_UNAVAILABLE;
362 GSSEAP_MUTEX_LOCK(&ctx->mutex);
364 if (!CTX_IS_ESTABLISHED(ctx)) {
365 major = GSS_S_NO_CONTEXT;
366 *minor = GSSEAP_CONTEXT_INCOMPLETE;
370 major = gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
371 iov, iov_count, TOK_TYPE_WRAP);
372 if (GSS_ERROR(major))
376 GSSEAP_MUTEX_UNLOCK(&ctx->mutex);