X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_krb.c;h=82d6c500488253856c87674b2a66571e0fddae1a;hb=163856b1a70d7773c46d4ea5495b85c4dce0f089;hp=02aa92bde4434f2b14cd236005a66a8efc22acc0;hpb=07abfd2c1b6158d8e7fb8519c2145b31c01a106b;p=mech_eap.orig diff --git a/util_krb.c b/util_krb.c index 02aa92b..82d6c50 100644 --- a/util_krb.c +++ b/util_krb.c @@ -30,6 +30,10 @@ * SUCH DAMAGE. */ +/* + * Kerberos 5 helpers. + */ + #include "gssapiP_eap.h" static GSSEAP_THREAD_ONCE krbContextKeyOnce = GSSEAP_ONCE_INITIALIZER; @@ -73,92 +77,341 @@ gssEapKerberosInit(OM_uint32 *minor, krb5_context *context) } /* - * Derive a key for RFC 4121 use by using the following - * derivation function: + * Derive a key K for RFC 4121 use by using the following + * derivation function (based on RFC 4402); * - * random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap")) - * - * where random-to-key and prf are defined in RFC 3961. + * KMSK = random-to-key(MSK) + * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap") + * L = output key size + * K = truncate(L, T1 || T2 || .. || Tn) */ OM_uint32 -gssEapDeriveRFC3961Key(OM_uint32 *minor, - gss_buffer_t msk, - krb5_enctype enctype, +gssEapDeriveRfc3961Key(OM_uint32 *minor, + const unsigned char *inputKey, + size_t inputKeyLength, + krb5_enctype encryptionType, krb5_keyblock *pKey) { - krb5_context context; - krb5_data data, prf; + krb5_context krbContext; +#ifndef HAVE_HEIMDAL_VERSION + krb5_data data; +#endif + krb5_data ns, t, prfOut; krb5_keyblock kd; krb5_error_code code; - size_t keybytes, keylength, prflength; + size_t randomLength, keyLength, prfLength; + unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p; + ssize_t i, remain; + + assert(encryptionType != ENCTYPE_NULL); memset(pKey, 0, sizeof(*pKey)); - GSSEAP_KRB_INIT(&context); + GSSEAP_KRB_INIT(&krbContext); - kd.contents = NULL; - kd.length = 0; - KRB_KEYTYPE(&kd) = enctype; + KRB_KEY_INIT(&kd); + KRB_KEY_TYPE(&kd) = encryptionType; - prf.data = NULL; - prf.length = 0; + t.data = NULL; + t.length = 0; - code = krb5_c_keylengths(context, enctype, &keybytes, &keylength); + prfOut.data = NULL; + prfOut.length = 0; + + code = krb5_c_keylengths(krbContext, encryptionType, + &randomLength, &keyLength); if (code != 0) goto cleanup; - data.length = msk->length; - data.data = (char *)msk->value; - - kd.contents = GSSEAP_MALLOC(keylength); - if (kd.contents == NULL) { + KRB_KEY_DATA(&kd) = GSSEAP_MALLOC(keyLength); + if (KRB_KEY_DATA(&kd) == NULL) { code = ENOMEM; goto cleanup; } - kd.length = keylength; + KRB_KEY_LENGTH(&kd) = keyLength; /* Convert MSK into a Kerberos key */ - code = krb5_c_random_to_key(context, enctype, &data, &kd); +#ifdef HAVE_HEIMDAL_VERSION + code = krb5_random_to_key(krbContext, encryptionType, inputKey, + MIN(inputKeyLength, randomLength), &kd); +#else + data.length = MIN(inputKeyLength, randomLength); + data.data = (char *)inputKey; + + code = krb5_c_random_to_key(krbContext, encryptionType, &data, &kd); +#endif if (code != 0) goto cleanup; - data.length = sizeof("rfc4121-gss-eap") - 1; - data.data = "rfc4121-gss-eap"; + memset(&constant[0], 0, 4); + memcpy(&constant[4], "rfc4121-gss-eap", sizeof("rfc4121-gss-eap") - 1); + + ns.length = sizeof(constant); + ns.data = (char *)constant; /* Plug derivation constant and key into PRF */ - code = krb5_c_prf_length(context, enctype, &prflength); + code = krb5_c_prf_length(krbContext, encryptionType, &prfLength); if (code != 0) goto cleanup; - prf.length = prflength; - prf.data = GSSEAP_MALLOC(prflength); - if (data.data == NULL) { + t.length = prfLength; + t.data = GSSEAP_MALLOC(t.length); + if (t.data == NULL) { code = ENOMEM; goto cleanup; } - code = krb5_c_prf(context, &kd, &data, &prf); - if (code != 0) + prfOut.length = randomLength; + prfOut.data = GSSEAP_MALLOC(prfOut.length); + if (prfOut.data == NULL) { + code = ENOMEM; goto cleanup; + } + + for (i = 0, p = (unsigned char *)prfOut.data, remain = randomLength; + remain > 0; + p += t.length, remain -= t.length, i++) + { + store_uint32_be(i, ns.data); + + code = krb5_c_prf(krbContext, &kd, &ns, &t); + if (code != 0) + goto cleanup; + + memcpy(p, t.data, MIN(t.length, remain)); + } /* Finally, convert PRF output into a new key which we will return */ - code = krb5_c_random_to_key(context, enctype, &prf, &kd); +#ifdef HAVE_HEIMDAL_VERSION + code = krb5_random_to_key(krbContext, encryptionType, + prfOut.data, prfOut.length, &kd); +#else + code = krb5_c_random_to_key(krbContext, encryptionType, &prfOut, &kd); +#endif if (code != 0) goto cleanup; *pKey = kd; - kd.contents = NULL; + KRB_KEY_DATA(&kd) = NULL; cleanup: - if (kd.contents != NULL) { - memset(kd.contents, 0, kd.length); - GSSEAP_FREE(kd.contents); + if (KRB_KEY_DATA(&kd) != NULL) { + memset(KRB_KEY_DATA(&kd), 0, KRB_KEY_LENGTH(&kd)); + GSSEAP_FREE(KRB_KEY_DATA(&kd)); } - if (prf.data != NULL) { - memset(prf.data, 0, prf.length); - GSSEAP_FREE(prf.data); + if (t.data != NULL) { + memset(t.data, 0, t.length); + GSSEAP_FREE(t.data); + } + if (prfOut.data != NULL) { + memset(prfOut.data, 0, prfOut.length); + GSSEAP_FREE(prfOut.data); } - *minor = code; return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } + +#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE +extern krb5_error_code +krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); +#endif + +OM_uint32 +rfc3961ChecksumTypeForKey(OM_uint32 *minor, + krb5_keyblock *key, + krb5_cksumtype *cksumtype) +{ + krb5_context krbContext; +#ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE + krb5_data data; + krb5_checksum cksum; +#endif + + GSSEAP_KRB_INIT(&krbContext); + +#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE + *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key), + cksumtype); + if (*minor != 0) + return GSS_S_FAILURE; +#else + data.length = 0; + data.data = NULL; + + memset(&cksum, 0, sizeof(cksum)); + + /* + * This is a complete hack but it's the only way to work with + * MIT Kerberos pre-1.9 without using private API, as it does + * not support passing in zero as the checksum type. + */ + *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum); + if (*minor != 0) + return GSS_S_FAILURE; + +#ifdef HAVE_HEIMDAL_VERSION + *cksumtype = cksum.cksumtype; +#else + *cksumtype = cksum.checksum_type; +#endif + + krb5_free_checksum_contents(krbContext, &cksum); +#endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */ + + if (!krb5_c_is_keyed_cksum(*cksumtype)) { + *minor = KRB5KRB_AP_ERR_INAPP_CKSUM; + return GSS_S_FAILURE; + } + + return GSS_S_COMPLETE; +} + +#ifdef HAVE_HEIMDAL_VERSION +static heim_general_string krbAnonymousPrincipalComponents[] = + { KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME }; + +static const Principal krbAnonymousPrincipalData = { + { KRB5_NT_WELLKNOWN, { 2, krbAnonymousPrincipalComponents } }, + "WELLKNOWN:ANONYMOUS" +}; +#endif + +krb5_const_principal +krbAnonymousPrincipal(void) +{ +#ifdef HAVE_HEIMDAL_VERSION + return &krbAnonymousPrincipalData; +#else + return krb5_anonymous_principal(); +#endif +} + +krb5_error_code +krbCryptoLength(krb5_context krbContext, +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto krbCrypto, +#else + krb5_keyblock *key, +#endif + int type, + size_t *length) +{ +#ifdef HAVE_HEIMDAL_VERSION + return krb5_crypto_length(krbContext, krbCrypto, type, length); +#else + unsigned int len; + krb5_error_code code; + + code = krb5_c_crypto_length(krbContext, KRB_KEY_TYPE(key), type, &len); + if (code == 0) + *length = (size_t)len; + + return code; +#endif +} + +krb5_error_code +krbPaddingLength(krb5_context krbContext, +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto krbCrypto, +#else + krb5_keyblock *key, +#endif + size_t dataLength, + size_t *padLength) +{ + krb5_error_code code; +#ifdef HAVE_HEIMDAL_VERSION + size_t headerLength, paddingLength; + + code = krbCryptoLength(krbContext, krbCrypto, + KRB5_CRYPTO_TYPE_HEADER, &headerLength); + if (code != 0) + return code; + + dataLength += headerLength; + + code = krb5_crypto_length(krbContext, krbCrypto, + KRB5_CRYPTO_TYPE_PADDING, &paddingLength); + if (code != 0) + return code; + + if (paddingLength != 0 && (dataLength % paddingLength) != 0) + *padLength = paddingLength - (dataLength % paddingLength); + else + *padLength = 0; + + return 0; +#else + unsigned int pad; + + code = krb5_c_padding_length(krbContext, KRB_KEY_TYPE(key), dataLength, &pad); + if (code == 0) + *padLength = (size_t)pad; + + return code; +#endif /* HAVE_HEIMDAL_VERSION */ +} + +krb5_error_code +krbBlockSize(krb5_context krbContext, +#ifdef HAVE_HEIMDAL_VERSION + krb5_crypto krbCrypto, +#else + krb5_keyblock *key, +#endif + size_t *blockSize) +{ +#ifdef HAVE_HEIMDAL_VERSION + return krb5_crypto_getblocksize(krbContext, krbCrypto, blockSize); +#else + return krb5_c_block_size(krbContext, KRB_KEY_TYPE(key), blockSize); +#endif +} + +krb5_error_code +krbEnctypeToString(krb5_context krbContext, + krb5_enctype enctype, + const char *prefix, + gss_buffer_t string) +{ + krb5_error_code code; +#ifdef HAVE_HEIMDAL_VERSION + char *enctypeBuf = NULL; +#else + char enctypeBuf[128]; +#endif + size_t prefixLength, enctypeLength; + +#ifdef HAVE_HEIMDAL_VERSION + code = krb5_enctype_to_string(krbContext, enctype, &enctypeBuf); +#else + code = krb5_enctype_to_name(enctype, 0, enctypeBuf, sizeof(enctypeBuf)); +#endif + if (code != 0) + return code; + + prefixLength = (prefix != NULL) ? strlen(prefix) : 0; + enctypeLength = strlen(enctypeBuf); + + string->value = GSSEAP_MALLOC(prefixLength + enctypeLength + 1); + if (string->value == NULL) { +#ifdef HAVE_HEIMDAL_VERSION + krb5_xfree(enctypeBuf); +#endif + return ENOMEM; + } + + if (prefixLength != 0) + memcpy(string->value, prefix, prefixLength); + memcpy((char *)string->value + prefixLength, enctypeBuf, enctypeLength); + + string->length = prefixLength + enctypeLength; + ((char *)string->value)[string->length] = '\0'; + +#ifdef HAVE_HEIMDAL_VERSION + krb5_xfree(enctypeBuf); +#endif + + return 0; +}