/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* SUCH DAMAGE.
*/
+/*
+ * Kerberos 5 helpers.
+ */
+
#include "gssapiP_eap.h"
static GSSEAP_THREAD_ONCE krbContextKeyOnce = GSSEAP_ONCE_INITIALIZER;
GSSEAP_KEY_CREATE(&krbContextKey, destroyKrbContext);
}
+static krb5_error_code
+initKrbContext(krb5_context *pKrbContext)
+{
+ krb5_context krbContext;
+ krb5_error_code code;
+ char *defaultRealm = NULL;
+
+ *pKrbContext = NULL;
+
+ code = krb5_init_context(&krbContext);
+ if (code != 0)
+ goto cleanup;
+
+ krb5_appdefault_string(krbContext, "eap_gss",
+ NULL, "default_realm", "", &defaultRealm);
+
+ if (defaultRealm != NULL && defaultRealm[0] != '\0') {
+ code = krb5_set_default_realm(krbContext, defaultRealm);
+ if (code != 0)
+ goto cleanup;
+ }
+
+ *pKrbContext = krbContext;
+
+cleanup:
+ if (code != 0 && krbContext != NULL)
+ krb5_free_context(krbContext);
+
+ if (defaultRealm != NULL)
+ GSSEAP_FREE(defaultRealm);
+
+ return code;
+}
+
OM_uint32
gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
{
*context = GSSEAP_GETSPECIFIC(krbContextKey);
if (*context == NULL) {
- *minor = krb5_init_context(context);
+ *minor = initKrbContext(context);
if (*minor == 0) {
if (GSSEAP_SETSPECIFIC(krbContextKey, *context) != 0) {
*minor = errno;
}
/*
- * Derive a key for RFC 4121 use by using the following
- * derivation function:
+ * Derive a key K for RFC 4121 use by using the following
+ * derivation function (based on RFC 4402);
*
- * random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap"))
- *
- * where random-to-key and prf are defined in RFC 3961.
+ * KMSK = random-to-key(MSK)
+ * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
+ * L = output key size
+ * K = truncate(L, T1 || T2 || .. || Tn)
*/
OM_uint32
-gssEapDeriveRFC3961Key(OM_uint32 *minor,
- const unsigned char *key,
- size_t keyLength,
- krb5_enctype enctype,
+gssEapDeriveRfc3961Key(OM_uint32 *minor,
+ const unsigned char *inputKey,
+ size_t inputKeyLength,
+ krb5_enctype encryptionType,
krb5_keyblock *pKey)
{
- krb5_context context;
- krb5_data data, prf;
+ krb5_context krbContext;
+#ifndef HAVE_HEIMDAL_VERSION
+ krb5_data data;
+#endif
+ krb5_data ns, t, prfOut;
krb5_keyblock kd;
krb5_error_code code;
- size_t keybytes, keylength, prflength;
+ size_t randomLength, keyLength, prfLength;
+ unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p;
+ ssize_t i, remain;
+
+ assert(encryptionType != ENCTYPE_NULL);
memset(pKey, 0, sizeof(*pKey));
- GSSEAP_KRB_INIT(&context);
+ GSSEAP_KRB_INIT(&krbContext);
- kd.contents = NULL;
- kd.length = 0;
- KRB_KEYTYPE(&kd) = enctype;
+ KRB_KEY_INIT(&kd);
+ KRB_KEY_TYPE(&kd) = encryptionType;
- prf.data = NULL;
- prf.length = 0;
+ t.data = NULL;
+ t.length = 0;
- code = krb5_c_keylengths(context, enctype, &keybytes, &keylength);
- if (code != 0)
- goto cleanup;
+ prfOut.data = NULL;
+ prfOut.length = 0;
- if (keyLength < keybytes) {
- code = KRB5_BAD_MSIZE;
+ code = krb5_c_keylengths(krbContext, encryptionType,
+ &randomLength, &keyLength);
+ if (code != 0)
goto cleanup;
- }
-
- data.length = keybytes;
- data.data = (char *)key;
- kd.contents = GSSEAP_MALLOC(keylength);
- if (kd.contents == NULL) {
+ KRB_KEY_DATA(&kd) = GSSEAP_MALLOC(keyLength);
+ if (KRB_KEY_DATA(&kd) == NULL) {
code = ENOMEM;
goto cleanup;
}
- kd.length = keylength;
+ KRB_KEY_LENGTH(&kd) = keyLength;
/* Convert MSK into a Kerberos key */
- code = krb5_c_random_to_key(context, enctype, &data, &kd);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_random_to_key(krbContext, encryptionType, inputKey,
+ MIN(inputKeyLength, randomLength), &kd);
+#else
+ data.length = MIN(inputKeyLength, randomLength);
+ data.data = (char *)inputKey;
+
+ code = krb5_c_random_to_key(krbContext, encryptionType, &data, &kd);
+#endif
if (code != 0)
goto cleanup;
- data.length = sizeof("rfc4121-gss-eap") - 1;
- data.data = "rfc4121-gss-eap";
+ memset(&constant[0], 0, 4);
+ memcpy(&constant[4], "rfc4121-gss-eap", sizeof("rfc4121-gss-eap") - 1);
+
+ ns.length = sizeof(constant);
+ ns.data = (char *)constant;
/* Plug derivation constant and key into PRF */
- code = krb5_c_prf_length(context, enctype, &prflength);
+ code = krb5_c_prf_length(krbContext, encryptionType, &prfLength);
if (code != 0)
goto cleanup;
- if (prflength < keybytes) {
- code = KRB5_CRYPTO_INTERNAL;
+ t.length = prfLength;
+ t.data = GSSEAP_MALLOC(t.length);
+ if (t.data == NULL) {
+ code = ENOMEM;
goto cleanup;
}
- prf.length = keybytes;
- prf.data = GSSEAP_MALLOC(prflength);
- if (data.data == NULL) {
+
+ prfOut.length = randomLength;
+ prfOut.data = GSSEAP_MALLOC(prfOut.length);
+ if (prfOut.data == NULL) {
code = ENOMEM;
goto cleanup;
}
- code = krb5_c_prf(context, &kd, &data, &prf);
- if (code != 0)
- goto cleanup;
+ for (i = 0, p = (unsigned char *)prfOut.data, remain = randomLength;
+ remain > 0;
+ p += t.length, remain -= t.length, i++)
+ {
+ store_uint32_be(i, ns.data);
+
+ code = krb5_c_prf(krbContext, &kd, &ns, &t);
+ if (code != 0)
+ goto cleanup;
+
+ memcpy(p, t.data, MIN(t.length, remain));
+ }
/* Finally, convert PRF output into a new key which we will return */
- code = krb5_c_random_to_key(context, enctype, &prf, &kd);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_random_to_key(krbContext, encryptionType,
+ prfOut.data, prfOut.length, &kd);
+#else
+ code = krb5_c_random_to_key(krbContext, encryptionType, &prfOut, &kd);
+#endif
if (code != 0)
goto cleanup;
*pKey = kd;
- kd.contents = NULL;
+ KRB_KEY_DATA(&kd) = NULL;
cleanup:
- if (kd.contents != NULL) {
- memset(kd.contents, 0, kd.length);
- GSSEAP_FREE(kd.contents);
+ if (KRB_KEY_DATA(&kd) != NULL) {
+ memset(KRB_KEY_DATA(&kd), 0, KRB_KEY_LENGTH(&kd));
+ GSSEAP_FREE(KRB_KEY_DATA(&kd));
}
- if (prf.data != NULL) {
- memset(prf.data, 0, prf.length);
- GSSEAP_FREE(prf.data);
+ if (t.data != NULL) {
+ memset(t.data, 0, t.length);
+ GSSEAP_FREE(t.data);
+ }
+ if (prfOut.data != NULL) {
+ memset(prfOut.data, 0, prfOut.length);
+ GSSEAP_FREE(prfOut.data);
}
-
*minor = code;
return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
}
+
+#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+extern krb5_error_code
+krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
+#endif
+
+OM_uint32
+rfc3961ChecksumTypeForKey(OM_uint32 *minor,
+ krb5_keyblock *key,
+ krb5_cksumtype *cksumtype)
+{
+ krb5_context krbContext;
+#ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+ krb5_data data;
+ krb5_checksum cksum;
+#endif
+
+ GSSEAP_KRB_INIT(&krbContext);
+
+#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+ *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key),
+ cksumtype);
+ if (*minor != 0)
+ return GSS_S_FAILURE;
+#else
+ data.length = 0;
+ data.data = NULL;
+
+ memset(&cksum, 0, sizeof(cksum));
+
+ /*
+ * This is a complete hack but it's the only way to work with
+ * MIT Kerberos pre-1.9 without using private API, as it does
+ * not support passing in zero as the checksum type.
+ */
+ *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum);
+ if (*minor != 0)
+ return GSS_S_FAILURE;
+
+#ifdef HAVE_HEIMDAL_VERSION
+ *cksumtype = cksum.cksumtype;
+#else
+ *cksumtype = cksum.checksum_type;
+#endif
+
+ krb5_free_checksum_contents(krbContext, &cksum);
+#endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
+
+ if (!krb5_c_is_keyed_cksum(*cksumtype)) {
+ *minor = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ return GSS_S_FAILURE;
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+#ifdef HAVE_HEIMDAL_VERSION
+static heim_general_string krbAnonymousPrincipalComponents[] =
+ { KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME };
+
+static const Principal krbAnonymousPrincipalData = {
+ { KRB5_NT_WELLKNOWN, { 2, krbAnonymousPrincipalComponents } },
+ "WELLKNOWN:ANONYMOUS"
+};
+#endif
+
+krb5_const_principal
+krbAnonymousPrincipal(void)
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ return &krbAnonymousPrincipalData;
+#else
+ return krb5_anonymous_principal();
+#endif
+}
+
+krb5_error_code
+krbCryptoLength(krb5_context krbContext,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto,
+#else
+ krb5_keyblock *key,
+#endif
+ int type,
+ size_t *length)
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ return krb5_crypto_length(krbContext, krbCrypto, type, length);
+#else
+ unsigned int len;
+ krb5_error_code code;
+
+ code = krb5_c_crypto_length(krbContext, KRB_KEY_TYPE(key), type, &len);
+ if (code == 0)
+ *length = (size_t)len;
+
+ return code;
+#endif
+}
+
+krb5_error_code
+krbPaddingLength(krb5_context krbContext,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto,
+#else
+ krb5_keyblock *key,
+#endif
+ size_t dataLength,
+ size_t *padLength)
+{
+ krb5_error_code code;
+#ifdef HAVE_HEIMDAL_VERSION
+ size_t headerLength, paddingLength;
+
+ code = krbCryptoLength(krbContext, krbCrypto,
+ KRB5_CRYPTO_TYPE_HEADER, &headerLength);
+ if (code != 0)
+ return code;
+
+ dataLength += headerLength;
+
+ code = krb5_crypto_length(krbContext, krbCrypto,
+ KRB5_CRYPTO_TYPE_PADDING, &paddingLength);
+ if (code != 0)
+ return code;
+
+ if (paddingLength != 0 && (dataLength % paddingLength) != 0)
+ *padLength = paddingLength - (dataLength % paddingLength);
+ else
+ *padLength = 0;
+
+ return 0;
+#else
+ unsigned int pad;
+
+ code = krb5_c_padding_length(krbContext, KRB_KEY_TYPE(key), dataLength, &pad);
+ if (code == 0)
+ *padLength = (size_t)pad;
+
+ return code;
+#endif /* HAVE_HEIMDAL_VERSION */
+}
+
+krb5_error_code
+krbBlockSize(krb5_context krbContext,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto,
+#else
+ krb5_keyblock *key,
+#endif
+ size_t *blockSize)
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ return krb5_crypto_getblocksize(krbContext, krbCrypto, blockSize);
+#else
+ return krb5_c_block_size(krbContext, KRB_KEY_TYPE(key), blockSize);
+#endif
+}
+
+krb5_error_code
+krbEnctypeToString(
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_context krbContext,
+#else
+ krb5_context krbContext GSSEAP_UNUSED,
+#endif
+ krb5_enctype enctype,
+ const char *prefix,
+ gss_buffer_t string)
+{
+ krb5_error_code code;
+#ifdef HAVE_HEIMDAL_VERSION
+ char *enctypeBuf = NULL;
+#else
+ char enctypeBuf[128];
+#endif
+ size_t prefixLength, enctypeLength;
+
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_enctype_to_string(krbContext, enctype, &enctypeBuf);
+#else
+ code = krb5_enctype_to_name(enctype, 0, enctypeBuf, sizeof(enctypeBuf));
+#endif
+ if (code != 0)
+ return code;
+
+ prefixLength = (prefix != NULL) ? strlen(prefix) : 0;
+ enctypeLength = strlen(enctypeBuf);
+
+ string->value = GSSEAP_MALLOC(prefixLength + enctypeLength + 1);
+ if (string->value == NULL) {
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_xfree(enctypeBuf);
+#endif
+ return ENOMEM;
+ }
+
+ if (prefixLength != 0)
+ memcpy(string->value, prefix, prefixLength);
+ memcpy((char *)string->value + prefixLength, enctypeBuf, enctypeLength);
+
+ string->length = prefixLength + enctypeLength;
+ ((char *)string->value)[string->length] = '\0';
+
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_xfree(enctypeBuf);
+#endif
+
+ return 0;
+}
+
+krb5_error_code
+krbMakeAuthDataKdcIssued(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_const_principal issuer,
+#ifdef HAVE_HEIMDAL_VERSION
+ const AuthorizationData *authdata,
+ AuthorizationData *adKdcIssued
+#else
+ krb5_authdata *const *authdata,
+ krb5_authdata ***adKdcIssued
+#endif
+ )
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_error_code code;
+ AD_KDCIssued kdcIssued;
+ AuthorizationDataElement adDatum;
+ unsigned char *buf;
+ size_t buf_size, len;
+ krb5_crypto crypto = NULL;
+
+ memset(&kdcIssued, 0, sizeof(kdcIssued));
+ memset(adKdcIssued, 0, sizeof(*adKdcIssued));
+
+ kdcIssued.i_realm = issuer->realm != NULL ? (Realm *)&issuer->realm : NULL;
+ kdcIssued.i_sname = (PrincipalName *)&issuer->name;
+ kdcIssued.elements = *authdata;
+
+ ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata, &len, code);
+ if (code != 0)
+ goto cleanup;
+
+ code = krb5_crypto_init(context, key, 0, &crypto);
+ if (code != 0)
+ goto cleanup;
+
+ code = krb5_create_checksum(context, crypto, KRB5_KU_AD_KDC_ISSUED,
+ 0, buf, buf_size, &kdcIssued.ad_checksum);
+ if (code != 0)
+ goto cleanup;
+
+ GSSEAP_FREE(buf);
+ buf = NULL;
+
+ ASN1_MALLOC_ENCODE(AD_KDCIssued, buf, buf_size, &kdcIssued, &len, code);
+ if (code != 0)
+ goto cleanup;
+
+ adDatum.ad_type = KRB5_AUTHDATA_KDC_ISSUED;
+ adDatum.ad_data.length = buf_size;
+ adDatum.ad_data.data = buf;
+
+ code = add_AuthorizationData(adKdcIssued, &adDatum);
+ if (code != 0)
+ goto cleanup;
+
+cleanup:
+ if (buf != NULL)
+ GSSEAP_FREE(buf);
+ if (crypto != NULL)
+ krb5_crypto_destroy(context, crypto);
+ free_Checksum(&kdcIssued.ad_checksum);
+
+ return code;
+#else
+ return krb5_make_authdata_kdc_issued(context, key, issuer, authdata,
+ adKdcIssued);
+#endif /* HAVE_HEIMDAL_VERSION */
+}
+
+krb5_error_code
+krbMakeCred(krb5_context krbContext,
+ krb5_auth_context authContext,
+ krb5_creds *creds,
+ krb5_data *data)
+{
+ krb5_error_code code;
+#ifdef HAVE_HEIMDAL_VERSION
+ KRB_CRED krbCred;
+ KrbCredInfo krbCredInfo;
+ EncKrbCredPart encKrbCredPart;
+ krb5_keyblock *key;
+ krb5_crypto krbCrypto = NULL;
+ krb5_data encKrbCredPartData;
+ krb5_replay_data rdata;
+ size_t len;
+#else
+ krb5_data *d = NULL;
+#endif
+
+ memset(data, 0, sizeof(*data));
+#ifdef HAVE_HEIMDAL_VERSION
+ memset(&krbCred, 0, sizeof(krbCred));
+ memset(&krbCredInfo, 0, sizeof(krbCredInfo));
+ memset(&encKrbCredPart, 0, sizeof(encKrbCredPart));
+ memset(&rdata, 0, sizeof(rdata));
+
+ if (authContext->local_subkey)
+ key = authContext->local_subkey;
+ else if (authContext->remote_subkey)
+ key = authContext->remote_subkey;
+ else
+ key = authContext->keyblock;
+
+ krbCred.pvno = 5;
+ krbCred.msg_type = krb_cred;
+ krbCred.tickets.val = (Ticket *)GSSEAP_CALLOC(1, sizeof(Ticket));
+ if (krbCred.tickets.val == NULL) {
+ code = ENOMEM;
+ goto cleanup;
+ }
+ krbCred.tickets.len = 1;
+
+ code = decode_Ticket(creds->ticket.data,
+ creds->ticket.length,
+ krbCred.tickets.val, &len);
+ if (code != 0)
+ goto cleanup;
+
+ krbCredInfo.key = creds->session;
+ krbCredInfo.prealm = &creds->client->realm;
+ krbCredInfo.pname = &creds->client->name;
+ krbCredInfo.flags = &creds->flags.b;
+ krbCredInfo.authtime = &creds->times.authtime;
+ krbCredInfo.starttime = &creds->times.starttime;
+ krbCredInfo.endtime = &creds->times.endtime;
+ krbCredInfo.renew_till = &creds->times.renew_till;
+ krbCredInfo.srealm = &creds->server->realm;
+ krbCredInfo.sname = &creds->server->name;
+ krbCredInfo.caddr = creds->addresses.len ? &creds->addresses : NULL;
+
+ encKrbCredPart.ticket_info.len = 1;
+ encKrbCredPart.ticket_info.val = &krbCredInfo;
+ if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ rdata.seq = authContext->local_seqnumber;
+ encKrbCredPart.nonce = (int32_t *)&rdata.seq;
+ } else {
+ encKrbCredPart.nonce = NULL;
+ }
+ if (authContext->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ krb5_us_timeofday(krbContext, &rdata.timestamp, &rdata.usec);
+ encKrbCredPart.timestamp = &rdata.timestamp;
+ encKrbCredPart.usec = &rdata.usec;
+ } else {
+ encKrbCredPart.timestamp = NULL;
+ encKrbCredPart.usec = NULL;
+ }
+ encKrbCredPart.s_address = authContext->local_address;
+ encKrbCredPart.r_address = authContext->remote_address;
+
+ ASN1_MALLOC_ENCODE(EncKrbCredPart, encKrbCredPartData.data,
+ encKrbCredPartData.length, &encKrbCredPart,
+ &len, code);
+ if (code != 0)
+ goto cleanup;
+
+ code = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
+ if (code != 0)
+ goto cleanup;
+
+ code = krb5_encrypt_EncryptedData(krbContext,
+ krbCrypto,
+ KRB5_KU_KRB_CRED,
+ encKrbCredPartData.data,
+ encKrbCredPartData.length,
+ 0,
+ &krbCred.enc_part);
+ if (code != 0)
+ goto cleanup;
+
+ ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length,
+ &krbCred, &len, code);
+ if (code != 0)
+ goto cleanup;
+
+ if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ authContext->local_seqnumber++;
+
+cleanup:
+ if (krbCrypto != NULL)
+ krb5_crypto_destroy(krbContext, krbCrypto);
+ free_KRB_CRED(&krbCred);
+ krb5_data_free(&encKrbCredPartData);
+
+ return code;
+#else
+ code = krb5_mk_1cred(krbContext, authContext, creds, &d, NULL);
+ if (code == 0) {
+ *data = *d;
+ GSSEAP_FREE(d);
+ }
+
+ return code;
+#endif /* HAVE_HEIMDAL_VERSION */
+}