mech_eap/init_sec_context.c

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Establish a security context on the initiator (client). These functions
  35  * wrap around libeap.
  36  */
  37
  38 #include "gssapiP_eap.h"
  39
  40 static OM_uint32
  41 policyVariableToFlag(enum eapol_bool_var variable)
  42 {
  43     OM_uint32 flag = 0;
  44
  45     switch (variable) {
  46     case EAPOL_eapSuccess:
  47         flag = CTX_FLAG_EAP_SUCCESS;
  48         break;
  49     case EAPOL_eapRestart:
  50         flag = CTX_FLAG_EAP_RESTART;
  51         break;
  52     case EAPOL_eapFail:
  53         flag = CTX_FLAG_EAP_FAIL;
  54         break;
  55     case EAPOL_eapResp:
  56         flag = CTX_FLAG_EAP_RESP;
  57         break;
  58     case EAPOL_eapNoResp:
  59         flag = CTX_FLAG_EAP_NO_RESP;
  60         break;
  61     case EAPOL_eapReq:
  62         flag = CTX_FLAG_EAP_REQ;
  63         break;
  64     case EAPOL_portEnabled:
  65         flag = CTX_FLAG_EAP_PORT_ENABLED;
  66         break;
  67     case EAPOL_altAccept:
  68         flag = CTX_FLAG_EAP_ALT_ACCEPT;
  69         break;
  70     case EAPOL_altReject:
  71         flag = CTX_FLAG_EAP_ALT_REJECT;
  72         break;
  73     }
  74
  75     return flag;
  76 }
  77
  78 static struct eap_peer_config *
  79 peerGetConfig(void *ctx)
  80 {
  81     gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx;
  82
  83     return &gssCtx->initiatorCtx.eapPeerConfig;
  84 }
  85
  86 static Boolean
  87 peerGetBool(void *data, enum eapol_bool_var variable)
  88 {
  89     gss_ctx_id_t ctx = data;
  90     OM_uint32 flag;
  91
  92     if (ctx == GSS_C_NO_CONTEXT)
  93         return FALSE;
  94
  95     flag = policyVariableToFlag(variable);
  96
  97     return ((ctx->flags & flag) != 0);
  98 }
  99
 100 static void
 101 peerSetBool(void *data, enum eapol_bool_var variable,
 102             Boolean value)
 103 {
 104     gss_ctx_id_t ctx = data;
 105     OM_uint32 flag;
 106
 107     if (ctx == GSS_C_NO_CONTEXT)
 108         return;
 109
 110     flag = policyVariableToFlag(variable);
 111
 112     if (value)
 113         ctx->flags |= flag;
 114     else
 115         ctx->flags &= ~(flag);
 116 }
 117
 118 static unsigned int
 119 peerGetInt(void *data, enum eapol_int_var variable)
 120 {
 121     gss_ctx_id_t ctx = data;
 122
 123     if (ctx == GSS_C_NO_CONTEXT)
 124         return FALSE;
 125
 126     GSSEAP_ASSERT(CTX_IS_INITIATOR(ctx));
 127
 128     switch (variable) {
 129     case EAPOL_idleWhile:
 130         return ctx->initiatorCtx.idleWhile;
 131         break;
 132     }
 133
 134     return 0;
 135 }
 136
 137 static void
 138 peerSetInt(void *data, enum eapol_int_var variable,
 139            unsigned int value)
 140 {
 141     gss_ctx_id_t ctx = data;
 142
 143     if (ctx == GSS_C_NO_CONTEXT)
 144         return;
 145
 146     GSSEAP_ASSERT(CTX_IS_INITIATOR(ctx));
 147
 148     switch (variable) {
 149     case EAPOL_idleWhile:
 150         ctx->initiatorCtx.idleWhile = value;
 151         break;
 152     }
 153 }
 154
 155 static struct wpabuf *
 156 peerGetEapReqData(void *ctx)
 157 {
 158     gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx;
 159
 160     return &gssCtx->initiatorCtx.reqData;
 161 }
 162
 163 static void
 164 peerSetConfigBlob(void *ctx GSSEAP_UNUSED,
 165                   struct wpa_config_blob *blob GSSEAP_UNUSED)
 166 {
 167 }
 168
 169 static const struct wpa_config_blob *
 170 peerGetConfigBlob(void *ctx GSSEAP_UNUSED,
 171                   const char *name GSSEAP_UNUSED)
 172 {
 173     return NULL;
 174 }
 175
 176 static void
 177 peerNotifyPending(void *ctx GSSEAP_UNUSED)
 178 {
 179 }
 180
 181 static struct eapol_callbacks gssEapPolicyCallbacks = {
 182     peerGetConfig,
 183     peerGetBool,
 184     peerSetBool,
 185     peerGetInt,
 186     peerSetInt,
 187     peerGetEapReqData,
 188     peerSetConfigBlob,
 189     peerGetConfigBlob,
 190     peerNotifyPending,
 191 };
 192
 193 #ifdef GSSEAP_DEBUG
 194 extern int wpa_debug_level;
 195 #endif
 196
 197 static OM_uint32
 198 peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
 199 {
 200     OM_uint32 major;
 201     krb5_context krbContext;
 202     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
 203     gss_buffer_desc identity = GSS_C_EMPTY_BUFFER;
 204     gss_buffer_desc realm = GSS_C_EMPTY_BUFFER;
 205     gss_cred_id_t cred = ctx->cred;
 206
 207     eapPeerConfig->identity = NULL;
 208     eapPeerConfig->identity_len = 0;
 209     eapPeerConfig->anonymous_identity = NULL;
 210     eapPeerConfig->anonymous_identity_len = 0;
 211     eapPeerConfig->password = NULL;
 212     eapPeerConfig->password_len = 0;
 213
 214     GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
 215
 216     GSSEAP_KRB_INIT(&krbContext);
 217
 218     eapPeerConfig->fragment_size = 1024;
 219 #ifdef GSSEAP_DEBUG
 220     wpa_debug_level = 0;
 221 #endif
 222
 223     GSSEAP_ASSERT(cred->name != GSS_C_NO_NAME);
 224
 225     if ((cred->name->flags & (NAME_FLAG_NAI | NAME_FLAG_SERVICE)) == 0) {
 226         *minor = GSSEAP_BAD_INITIATOR_NAME;
 227         return GSS_S_BAD_NAME;
 228     }
 229
 230     /* identity */
 231     major = gssEapDisplayName(minor, cred->name, &identity, NULL);
 232     if (GSS_ERROR(major))
 233         return major;
 234
 235     eapPeerConfig->identity = (unsigned char *)identity.value;
 236     eapPeerConfig->identity_len = identity.length;
 237
 238     krbPrincRealmToGssBuffer(cred->name->krbPrincipal, &realm);
 239
 240     /* anonymous_identity */
 241     eapPeerConfig->anonymous_identity = GSSEAP_MALLOC(realm.length + 2);
 242     if (eapPeerConfig->anonymous_identity == NULL) {
 243         *minor = ENOMEM;
 244         return GSS_S_FAILURE;
 245     }
 246
 247     eapPeerConfig->anonymous_identity[0] = '@';
 248     memcpy(eapPeerConfig->anonymous_identity + 1, realm.value, realm.length);
 249     eapPeerConfig->anonymous_identity[1 + realm.length] = '\0';
 250     eapPeerConfig->anonymous_identity_len = 1 + realm.length;
 251
 252     /* password */
 253     eapPeerConfig->password = (unsigned char *)cred->password.value;
 254     eapPeerConfig->password_len = cred->password.length;
 255
 256     /* certs */
 257     eapPeerConfig->ca_cert = (unsigned char *)cred->caCertificate.value;
 258     eapPeerConfig->subject_match = (unsigned char *)cred->subjectNameConstraint.value;
 259     eapPeerConfig->altsubject_match = (unsigned char *)cred->subjectAltNameConstraint.value;
 260
 261     *minor = 0;
 262     return GSS_S_COMPLETE;
 263 }
 264
 265 static OM_uint32
 266 peerConfigFree(OM_uint32 *minor,
 267                gss_ctx_id_t ctx)
 268 {
 269     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
 270
 271     if (eapPeerConfig->identity != NULL) {
 272         GSSEAP_FREE(eapPeerConfig->identity);
 273         eapPeerConfig->identity = NULL;
 274         eapPeerConfig->identity_len = 0;
 275     }
 276
 277     if (eapPeerConfig->anonymous_identity != NULL) {
 278         GSSEAP_FREE(eapPeerConfig->anonymous_identity);
 279         eapPeerConfig->anonymous_identity = NULL;
 280         eapPeerConfig->anonymous_identity_len = 0;
 281     }
 282
 283     *minor = 0;
 284     return GSS_S_COMPLETE;
 285 }
 286
 287 /*
 288  * Mark an initiator context as ready for cryptographic operations
 289  */
 290 static OM_uint32
 291 initReady(OM_uint32 *minor, gss_ctx_id_t ctx, OM_uint32 reqFlags)
 292 {
 293     OM_uint32 major;
 294     const unsigned char *key;
 295     size_t keyLength;
 296
 297 #if 1
 298     /* XXX actually check for mutual auth */
 299     if (reqFlags & GSS_C_MUTUAL_FLAG)
 300         ctx->gssFlags |= GSS_C_MUTUAL_FLAG;
 301 #endif
 302
 303     /* Cache encryption type derived from selected mechanism OID */
 304     major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType);
 305     if (GSS_ERROR(major))
 306         return major;
 307
 308     if (!eap_key_available(ctx->initiatorCtx.eap)) {
 309         *minor = GSSEAP_KEY_UNAVAILABLE;
 310         return GSS_S_UNAVAILABLE;
 311     }
 312
 313     key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength);
 314
 315     if (keyLength < EAP_EMSK_LEN) {
 316         *minor = GSSEAP_KEY_TOO_SHORT;
 317         return GSS_S_UNAVAILABLE;
 318     }
 319
 320     major = gssEapDeriveRfc3961Key(minor,
 321                                    &key[EAP_EMSK_LEN / 2],
 322                                    EAP_EMSK_LEN / 2,
 323                                    ctx->encryptionType,
 324                                    &ctx->rfc3961Key);
 325        if (GSS_ERROR(major))
 326            return major;
 327
 328     major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
 329                                       &ctx->checksumType);
 330     if (GSS_ERROR(major))
 331         return major;
 332
 333     major = sequenceInit(minor,
 334                          &ctx->seqState,
 335                          ctx->recvSeq,
 336                          ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
 337                          ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
 338                          TRUE);
 339     if (GSS_ERROR(major))
 340         return major;
 341
 342     *minor = 0;
 343     return GSS_S_COMPLETE;
 344 }
 345
 346 static OM_uint32
 347 initBegin(OM_uint32 *minor,
 348           gss_ctx_id_t ctx,
 349           gss_name_t target,
 350           gss_OID mech,
 351           OM_uint32 reqFlags GSSEAP_UNUSED,
 352           OM_uint32 timeReq,
 353           gss_channel_bindings_t chanBindings GSSEAP_UNUSED)
 354 {
 355     OM_uint32 major;
 356     gss_cred_id_t cred = ctx->cred;
 357
 358     GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
 359
 360     if (cred->expiryTime)
 361         ctx->expiryTime = cred->expiryTime;
 362     else if (timeReq == 0 || timeReq == GSS_C_INDEFINITE)
 363         ctx->expiryTime = 0;
 364     else
 365         ctx->expiryTime = time(NULL) + timeReq;
 366
 367     /*
 368      * The credential mutex protects its name, however we need to
 369      * explicitly lock the acceptor name (unlikely as it may be
 370      * that it has attributes set on it).
 371      */
 372     major = gssEapDuplicateName(minor, cred->name, &ctx->initiatorName);
 373     if (GSS_ERROR(major))
 374         return major;
 375
 376     if (target != GSS_C_NO_NAME) {
 377         GSSEAP_MUTEX_LOCK(&target->mutex);
 378
 379         major = gssEapDuplicateName(minor, target, &ctx->acceptorName);
 380         if (GSS_ERROR(major)) {
 381             GSSEAP_MUTEX_UNLOCK(&target->mutex);
 382             return major;
 383         }
 384
 385         GSSEAP_MUTEX_UNLOCK(&target->mutex);
 386     }
 387
 388     major = gssEapCanonicalizeOid(minor,
 389                                   mech,
 390                                   OID_FLAG_NULL_VALID | OID_FLAG_MAP_NULL_TO_DEFAULT_MECH,
 391                                   &ctx->mechanismUsed);
 392     if (GSS_ERROR(major))
 393         return major;
 394
 395     /* If credentials were provided, check they're usable with this mech */
 396     if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
 397         *minor = GSSEAP_CRED_MECH_MISMATCH;
 398         return GSS_S_BAD_MECH;
 399     }
 400
 401     *minor = 0;
 402     return GSS_S_COMPLETE;
 403 }
 404
 405 static OM_uint32
 406 eapGssSmInitError(OM_uint32 *minor,
 407                   gss_cred_id_t cred GSSEAP_UNUSED,
 408                   gss_ctx_id_t ctx GSSEAP_UNUSED,
 409                   gss_name_t target GSSEAP_UNUSED,
 410                   gss_OID mech GSSEAP_UNUSED,
 411                   OM_uint32 reqFlags GSSEAP_UNUSED,
 412                   OM_uint32 timeReq GSSEAP_UNUSED,
 413                   gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 414                   gss_buffer_t inputToken,
 415                   gss_buffer_t outputToken GSSEAP_UNUSED,
 416                   OM_uint32 *smFlags GSSEAP_UNUSED)
 417 {
 418     OM_uint32 major;
 419     unsigned char *p;
 420
 421     if (inputToken->length < 8) {
 422         *minor = GSSEAP_TOK_TRUNC;
 423         return GSS_S_DEFECTIVE_TOKEN;
 424     }
 425
 426     p = (unsigned char *)inputToken->value;
 427
 428     major = load_uint32_be(&p[0]);
 429     *minor = ERROR_TABLE_BASE_eapg + load_uint32_be(&p[4]);
 430
 431     if (!GSS_ERROR(major) || !IS_WIRE_ERROR(*minor)) {
 432         major = GSS_S_FAILURE;
 433         *minor = GSSEAP_BAD_ERROR_TOKEN;
 434     }
 435
 436     GSSEAP_ASSERT(GSS_ERROR(major));
 437
 438     return major;
 439 }
 440
 441 #ifdef GSSEAP_ENABLE_REAUTH
 442 static OM_uint32
 443 eapGssSmInitGssReauth(OM_uint32 *minor,
 444                       gss_cred_id_t cred,
 445                       gss_ctx_id_t ctx,
 446                       gss_name_t target,
 447                       gss_OID mech GSSEAP_UNUSED,
 448                       OM_uint32 reqFlags,
 449                       OM_uint32 timeReq,
 450                       gss_channel_bindings_t chanBindings,
 451                       gss_buffer_t inputToken,
 452                       gss_buffer_t outputToken,
 453                       OM_uint32 *smFlags GSSEAP_UNUSED)
 454 {
 455     OM_uint32 major, tmpMinor;
 456     gss_name_t mechTarget = GSS_C_NO_NAME;
 457     gss_OID actualMech = GSS_C_NO_OID;
 458     OM_uint32 gssFlags, timeRec;
 459
 460     /*
 461      * Here we use the passed in credential handle because the resolved
 462      * context credential does not currently have the reauth creds.
 463      */
 464     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) {
 465         if (!gssEapCanReauthP(cred, target, timeReq))
 466             return GSS_S_CONTINUE_NEEDED;
 467
 468         ctx->flags |= CTX_FLAG_KRB_REAUTH;
 469     } else if ((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0) {
 470         major = GSS_S_DEFECTIVE_TOKEN;
 471         *minor = GSSEAP_WRONG_ITOK;
 472         goto cleanup;
 473     }
 474
 475     GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
 476
 477     major = gssEapMechToGlueName(minor, target, &mechTarget);
 478     if (GSS_ERROR(major))
 479         goto cleanup;
 480
 481     major = gssInitSecContext(minor,
 482                               cred->reauthCred,
 483                               &ctx->reauthCtx,
 484                               mechTarget,
 485                               (gss_OID)gss_mech_krb5,
 486                               reqFlags | GSS_C_MUTUAL_FLAG,
 487                               timeReq,
 488                               chanBindings,
 489                               inputToken,
 490                               &actualMech,
 491                               outputToken,
 492                               &gssFlags,
 493                               &timeRec);
 494     if (GSS_ERROR(major))
 495         goto cleanup;
 496
 497     ctx->gssFlags = gssFlags;
 498
 499     if (major == GSS_S_COMPLETE) {
 500         GSSEAP_ASSERT(GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE);
 501
 502         major = gssEapReauthComplete(minor, ctx, cred, actualMech, timeRec);
 503         if (GSS_ERROR(major))
 504             goto cleanup;
 505         GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
 506     } else {
 507         GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_REAUTHENTICATE);
 508     }
 509
 510 cleanup:
 511     gssReleaseName(&tmpMinor, &mechTarget);
 512
 513     return major;
 514 }
 515 #endif /* GSSEAP_ENABLE_REAUTH */
 516
 517 #ifdef GSSEAP_DEBUG
 518 static OM_uint32
 519 eapGssSmInitVendorInfo(OM_uint32 *minor,
 520                        gss_cred_id_t cred GSSEAP_UNUSED,
 521                        gss_ctx_id_t ctx GSSEAP_UNUSED,
 522                        gss_name_t target GSSEAP_UNUSED,
 523                        gss_OID mech GSSEAP_UNUSED,
 524                        OM_uint32 reqFlags GSSEAP_UNUSED,
 525                        OM_uint32 timeReq GSSEAP_UNUSED,
 526                        gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 527                        gss_buffer_t inputToken GSSEAP_UNUSED,
 528                        gss_buffer_t outputToken,
 529                        OM_uint32 *smFlags GSSEAP_UNUSED)
 530 {
 531     OM_uint32 major;
 532
 533     major = makeStringBuffer(minor, "JANET(UK)", outputToken);
 534     if (GSS_ERROR(major))
 535         return major;
 536
 537     return GSS_S_CONTINUE_NEEDED;
 538 }
 539 #endif
 540
 541 static OM_uint32
 542 eapGssSmInitAcceptorName(OM_uint32 *minor,
 543                          gss_cred_id_t cred GSSEAP_UNUSED,
 544                          gss_ctx_id_t ctx,
 545                          gss_name_t target GSSEAP_UNUSED,
 546                          gss_OID mech GSSEAP_UNUSED,
 547                          OM_uint32 reqFlags GSSEAP_UNUSED,
 548                          OM_uint32 timeReq GSSEAP_UNUSED,
 549                          gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 550                          gss_buffer_t inputToken GSSEAP_UNUSED,
 551                          gss_buffer_t outputToken,
 552                          OM_uint32 *smFlags GSSEAP_UNUSED)
 553 {
 554     OM_uint32 major;
 555
 556     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL &&
 557         ctx->acceptorName != GSS_C_NO_NAME) {
 558
 559         /* Send desired target name to acceptor */
 560         major = gssEapDisplayName(minor, ctx->acceptorName,
 561                                   outputToken, NULL);
 562         if (GSS_ERROR(major))
 563             return major;
 564     } else if (inputToken != GSS_C_NO_BUFFER) {
 565         /* Accept target name hint from acceptor or verify acceptor*/
 566         gss_name_t importedName;
 567         major = gssEapImportName(minor, inputToken,
 568                                  GSS_C_NT_USER_NAME,
 569                                  ctx->mechanismUsed,
 570                                  &importedName);
 571         if (GSS_ERROR(major))
 572             return major;
 573         if (ctx->acceptorName) {
 574             /* verify name */
 575             int equal = 0;
 576             OM_uint32 ignoredMinor = 0;
 577             major = gss_compare_name(minor, importedName,
 578                                      ctx->acceptorName, &equal);
 579             gss_release_name(&ignoredMinor, &importedName);
 580             if (GSS_ERROR(major))
 581                 return major;
 582             if (!equal) {
 583                 *minor = GSSEAP_BAD_CONTEXT_TOKEN;
 584                 return GSS_S_DEFECTIVE_TOKEN;
 585             }
 586         } else {
 587             /* accept acceptor name hint */
 588             ctx->acceptorName = importedName;
 589             importedName = NULL;
 590         }
 591     }
 592
 593
 594     /*
 595      * Currently, other parts of the code assume that the acceptor name
 596      * is available, hence this check.
 597      */
 598     if (ctx->acceptorName == GSS_C_NO_NAME) {
 599         *minor = GSSEAP_NO_ACCEPTOR_NAME;
 600         return GSS_S_FAILURE;
 601     }
 602
 603     return GSS_S_CONTINUE_NEEDED;
 604 }
 605
 606 static OM_uint32
 607 eapGssSmInitIdentity(OM_uint32 *minor,
 608                      gss_cred_id_t cred GSSEAP_UNUSED,
 609                      gss_ctx_id_t ctx,
 610                      gss_name_t target GSSEAP_UNUSED,
 611                      gss_OID mech GSSEAP_UNUSED,
 612                      OM_uint32 reqFlags GSSEAP_UNUSED,
 613                      OM_uint32 timeReq GSSEAP_UNUSED,
 614                      gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 615                      gss_buffer_t inputToken GSSEAP_UNUSED,
 616                      gss_buffer_t outputToken GSSEAP_UNUSED,
 617                      OM_uint32 *smFlags)
 618 {
 619     struct eap_config eapConfig;
 620
 621 #ifdef GSSEAP_ENABLE_REAUTH
 622     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE) {
 623         OM_uint32 tmpMinor;
 624
 625         /* server didn't support reauthentication, sent EAP request */
 626         gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER);
 627         ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
 628         GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
 629     } else
 630 #endif
 631         *smFlags |= SM_FLAG_FORCE_SEND_TOKEN;
 632
 633     GSSEAP_ASSERT((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
 634     GSSEAP_ASSERT(inputToken == GSS_C_NO_BUFFER);
 635
 636     memset(&eapConfig, 0, sizeof(eapConfig));
 637
 638     ctx->initiatorCtx.eap = eap_peer_sm_init(ctx,
 639                                              &gssEapPolicyCallbacks,
 640                                              ctx,
 641                                              &eapConfig);
 642     if (ctx->initiatorCtx.eap == NULL) {
 643         *minor = GSSEAP_PEER_SM_INIT_FAILURE;
 644         return GSS_S_FAILURE;
 645     }
 646
 647     ctx->flags |= CTX_FLAG_EAP_RESTART | CTX_FLAG_EAP_PORT_ENABLED;
 648
 649     /* poke EAP state machine */
 650     if (eap_peer_sm_step(ctx->initiatorCtx.eap) != 0) {
 651         *minor = GSSEAP_PEER_SM_STEP_FAILURE;
 652         return GSS_S_FAILURE;
 653     }
 654
 655     GSSEAP_SM_TRANSITION_NEXT(ctx);
 656
 657     *minor = 0;
 658
 659     return GSS_S_CONTINUE_NEEDED;
 660 }
 661
 662 static OM_uint32
 663 eapGssSmInitAuthenticate(OM_uint32 *minor,
 664                          gss_cred_id_t cred GSSEAP_UNUSED,
 665                          gss_ctx_id_t ctx,
 666                          gss_name_t target GSSEAP_UNUSED,
 667                          gss_OID mech GSSEAP_UNUSED,
 668                          OM_uint32 reqFlags GSSEAP_UNUSED,
 669                          OM_uint32 timeReq GSSEAP_UNUSED,
 670                          gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 671                          gss_buffer_t inputToken GSSEAP_UNUSED,
 672                          gss_buffer_t outputToken,
 673                          OM_uint32 *smFlags)
 674 {
 675     OM_uint32 major;
 676     OM_uint32 tmpMinor;
 677     struct wpabuf *resp = NULL;
 678
 679     *minor = 0;
 680
 681     GSSEAP_ASSERT(inputToken != GSS_C_NO_BUFFER);
 682
 683     major = peerConfigInit(minor, ctx);
 684     if (GSS_ERROR(major))
 685         goto cleanup;
 686
 687     GSSEAP_ASSERT(ctx->initiatorCtx.eap != NULL);
 688     GSSEAP_ASSERT(ctx->flags & CTX_FLAG_EAP_PORT_ENABLED);
 689
 690     ctx->flags |= CTX_FLAG_EAP_REQ; /* we have a Request from the acceptor */
 691
 692     wpabuf_set(&ctx->initiatorCtx.reqData,
 693                inputToken->value, inputToken->length);
 694
 695     major = GSS_S_CONTINUE_NEEDED;
 696
 697     eap_peer_sm_step(ctx->initiatorCtx.eap);
 698     if (ctx->flags & CTX_FLAG_EAP_RESP) {
 699         ctx->flags &= ~(CTX_FLAG_EAP_RESP);
 700
 701         resp = eap_get_eapRespData(ctx->initiatorCtx.eap);
 702     } else if (ctx->flags & CTX_FLAG_EAP_SUCCESS) {
 703         major = initReady(minor, ctx, reqFlags);
 704         if (GSS_ERROR(major))
 705             goto cleanup;
 706
 707         ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS);
 708         major = GSS_S_CONTINUE_NEEDED;
 709         GSSEAP_SM_TRANSITION_NEXT(ctx);
 710     } else if (ctx->flags & CTX_FLAG_EAP_FAIL) {
 711         major = GSS_S_DEFECTIVE_CREDENTIAL;
 712         *minor = GSSEAP_PEER_AUTH_FAILURE;
 713     } else {
 714         major = GSS_S_DEFECTIVE_TOKEN;
 715         *minor = GSSEAP_PEER_BAD_MESSAGE;
 716     }
 717
 718 cleanup:
 719     if (resp != NULL) {
 720         OM_uint32 tmpMajor;
 721         gss_buffer_desc respBuf;
 722
 723         GSSEAP_ASSERT(major == GSS_S_CONTINUE_NEEDED);
 724
 725         respBuf.length = wpabuf_len(resp);
 726         respBuf.value = (void *)wpabuf_head(resp);
 727
 728         tmpMajor = duplicateBuffer(&tmpMinor, &respBuf, outputToken);
 729         if (GSS_ERROR(tmpMajor)) {
 730             major = tmpMajor;
 731             *minor = tmpMinor;
 732         }
 733
 734         *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
 735     }
 736
 737     wpabuf_set(&ctx->initiatorCtx.reqData, NULL, 0);
 738     peerConfigFree(&tmpMinor, ctx);
 739
 740     return major;
 741 }
 742
 743 static OM_uint32
 744 eapGssSmInitGssFlags(OM_uint32 *minor,
 745                      gss_cred_id_t cred GSSEAP_UNUSED,
 746                      gss_ctx_id_t ctx,
 747                      gss_name_t target GSSEAP_UNUSED,
 748                      gss_OID mech GSSEAP_UNUSED,
 749                      OM_uint32 reqFlags GSSEAP_UNUSED,
 750                      OM_uint32 timeReq GSSEAP_UNUSED,
 751                      gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 752                      gss_buffer_t inputToken GSSEAP_UNUSED,
 753                      gss_buffer_t outputToken,
 754                      OM_uint32 *smFlags GSSEAP_UNUSED)
 755 {
 756     unsigned char wireFlags[4];
 757     gss_buffer_desc flagsBuf;
 758
 759     store_uint32_be(ctx->gssFlags & GSSEAP_WIRE_FLAGS_MASK, wireFlags);
 760
 761     flagsBuf.length = sizeof(wireFlags);
 762     flagsBuf.value = wireFlags;
 763
 764     return duplicateBuffer(minor, &flagsBuf, outputToken);
 765 }
 766
 767 static OM_uint32
 768 eapGssSmInitGssChannelBindings(OM_uint32 *minor,
 769                                gss_cred_id_t cred GSSEAP_UNUSED,
 770                                gss_ctx_id_t ctx,
 771                                gss_name_t target GSSEAP_UNUSED,
 772                                gss_OID mech GSSEAP_UNUSED,
 773                                OM_uint32 reqFlags GSSEAP_UNUSED,
 774                                OM_uint32 timeReq GSSEAP_UNUSED,
 775                                gss_channel_bindings_t chanBindings,
 776                                gss_buffer_t inputToken GSSEAP_UNUSED,
 777                                gss_buffer_t outputToken,
 778                                OM_uint32 *smFlags)
 779 {
 780     OM_uint32 major;
 781     krb5_error_code code;
 782     krb5_context krbContext;
 783     krb5_data data;
 784     krb5_checksum cksum;
 785     gss_buffer_desc cksumBuffer;
 786
 787     if (chanBindings == GSS_C_NO_CHANNEL_BINDINGS ||
 788         chanBindings->application_data.length == 0)
 789         return GSS_S_CONTINUE_NEEDED;
 790
 791     GSSEAP_KRB_INIT(&krbContext);
 792
 793     KRB_DATA_INIT(&data);
 794
 795     gssBufferToKrbData(&chanBindings->application_data, &data);
 796
 797     code = krb5_c_make_checksum(krbContext, ctx->checksumType,
 798                                 &ctx->rfc3961Key,
 799                                 KEY_USAGE_GSSEAP_CHBIND_MIC,
 800                                 &data, &cksum);
 801     if (code != 0) {
 802         *minor = code;
 803         return GSS_S_FAILURE;
 804     }
 805
 806     cksumBuffer.length = KRB_CHECKSUM_LENGTH(&cksum);
 807     cksumBuffer.value  = KRB_CHECKSUM_DATA(&cksum);
 808
 809     major = duplicateBuffer(minor, &cksumBuffer, outputToken);
 810     if (GSS_ERROR(major)) {
 811         krb5_free_checksum_contents(krbContext, &cksum);
 812         return major;
 813     }
 814
 815     *minor = 0;
 816     *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
 817
 818     krb5_free_checksum_contents(krbContext, &cksum);
 819
 820     return GSS_S_CONTINUE_NEEDED;
 821 }
 822
 823 static OM_uint32
 824 eapGssSmInitInitiatorMIC(OM_uint32 *minor,
 825                          gss_cred_id_t cred GSSEAP_UNUSED,
 826                          gss_ctx_id_t ctx,
 827                          gss_name_t target GSSEAP_UNUSED,
 828                          gss_OID mech GSSEAP_UNUSED,
 829                          OM_uint32 reqFlags GSSEAP_UNUSED,
 830                          OM_uint32 timeReq GSSEAP_UNUSED,
 831                          gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 832                          gss_buffer_t inputToken GSSEAP_UNUSED,
 833                          gss_buffer_t outputToken,
 834                          OM_uint32 *smFlags)
 835 {
 836     OM_uint32 major;
 837
 838     major = gssEapMakeTokenMIC(minor, ctx, outputToken);
 839     if (GSS_ERROR(major))
 840         return major;
 841
 842     GSSEAP_SM_TRANSITION_NEXT(ctx);
 843
 844     *minor = 0;
 845     *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
 846
 847     return GSS_S_CONTINUE_NEEDED;
 848 }
 849
 850 #ifdef GSSEAP_ENABLE_REAUTH
 851 static OM_uint32
 852 eapGssSmInitReauthCreds(OM_uint32 *minor,
 853                         gss_cred_id_t cred,
 854                         gss_ctx_id_t ctx,
 855                         gss_name_t target GSSEAP_UNUSED,
 856                         gss_OID mech GSSEAP_UNUSED,
 857                         OM_uint32 reqFlags GSSEAP_UNUSED,
 858                         OM_uint32 timeReq GSSEAP_UNUSED,
 859                         gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 860                         gss_buffer_t inputToken,
 861                         gss_buffer_t outputToken GSSEAP_UNUSED,
 862                         OM_uint32 *smFlags GSSEAP_UNUSED)
 863 {
 864     OM_uint32 major;
 865
 866     if (ctx->gssFlags & GSS_C_MUTUAL_FLAG) {
 867         major = gssEapStoreReauthCreds(minor, ctx, cred, inputToken);
 868         if (GSS_ERROR(major))
 869             return major;
 870     }
 871
 872     *minor = 0;
 873     return GSS_S_CONTINUE_NEEDED;
 874 }
 875 #endif /* GSSEAP_ENABLE_REAUTH */
 876
 877 static OM_uint32
 878 eapGssSmInitAcceptorMIC(OM_uint32 *minor,
 879                         gss_cred_id_t cred GSSEAP_UNUSED,
 880                         gss_ctx_id_t ctx,
 881                         gss_name_t target GSSEAP_UNUSED,
 882                         gss_OID mech GSSEAP_UNUSED,
 883                         OM_uint32 reqFlags GSSEAP_UNUSED,
 884                         OM_uint32 timeReq GSSEAP_UNUSED,
 885                         gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 886                         gss_buffer_t inputToken,
 887                         gss_buffer_t outputToken GSSEAP_UNUSED,
 888                         OM_uint32 *smFlags GSSEAP_UNUSED)
 889 {
 890     OM_uint32 major;
 891
 892     major = gssEapVerifyTokenMIC(minor, ctx, inputToken);
 893     if (GSS_ERROR(major))
 894         return major;
 895
 896     GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
 897
 898     *minor = 0;
 899
 900     return GSS_S_COMPLETE;
 901 }
 902
 903 static struct gss_eap_sm eapGssInitiatorSm[] = {
 904     {
 905         ITOK_TYPE_CONTEXT_ERR,
 906         ITOK_TYPE_NONE,
 907         GSSEAP_STATE_ALL & ~(GSSEAP_STATE_INITIAL),
 908         0,
 909         eapGssSmInitError
 910     },
 911     {
 912         ITOK_TYPE_ACCEPTOR_NAME_RESP,
 913         ITOK_TYPE_ACCEPTOR_NAME_REQ,
 914         GSSEAP_STATE_INITIAL | GSSEAP_STATE_AUTHENTICATE
 915         | GSSEAP_STATE_ACCEPTOR_EXTS ,
 916         0,
 917         eapGssSmInitAcceptorName
 918     },
 919 #ifdef GSSEAP_DEBUG
 920     {
 921         ITOK_TYPE_NONE,
 922         ITOK_TYPE_VENDOR_INFO,
 923         GSSEAP_STATE_INITIAL,
 924         0,
 925         eapGssSmInitVendorInfo
 926     },
 927 #endif
 928 #ifdef GSSEAP_ENABLE_REAUTH
 929     {
 930         ITOK_TYPE_REAUTH_RESP,
 931         ITOK_TYPE_REAUTH_REQ,
 932         GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE,
 933         0,
 934         eapGssSmInitGssReauth
 935     },
 936 #endif
 937     {
 938         ITOK_TYPE_NONE,
 939         ITOK_TYPE_NONE,
 940 #ifdef GSSEAP_ENABLE_REAUTH
 941         GSSEAP_STATE_REAUTHENTICATE |
 942 #endif
 943         GSSEAP_STATE_INITIAL,
 944         SM_ITOK_FLAG_REQUIRED,
 945         eapGssSmInitIdentity
 946     },
 947     {
 948         ITOK_TYPE_EAP_REQ,
 949         ITOK_TYPE_EAP_RESP,
 950         GSSEAP_STATE_AUTHENTICATE,
 951         SM_ITOK_FLAG_REQUIRED,
 952         eapGssSmInitAuthenticate
 953     },
 954     {
 955         ITOK_TYPE_NONE,
 956         ITOK_TYPE_GSS_FLAGS,
 957         GSSEAP_STATE_INITIATOR_EXTS,
 958         0,
 959         eapGssSmInitGssFlags
 960     },
 961     {
 962         ITOK_TYPE_NONE,
 963         ITOK_TYPE_GSS_CHANNEL_BINDINGS,
 964         GSSEAP_STATE_INITIATOR_EXTS,
 965         0,
 966         eapGssSmInitGssChannelBindings
 967     },
 968     {
 969         ITOK_TYPE_NONE,
 970         ITOK_TYPE_INITIATOR_MIC,
 971         GSSEAP_STATE_INITIATOR_EXTS,
 972         SM_ITOK_FLAG_REQUIRED,
 973         eapGssSmInitInitiatorMIC
 974     },
 975 #ifdef GSSEAP_ENABLE_REAUTH
 976     {
 977         ITOK_TYPE_REAUTH_CREDS,
 978         ITOK_TYPE_NONE,
 979         GSSEAP_STATE_ACCEPTOR_EXTS,
 980         0,
 981         eapGssSmInitReauthCreds
 982     },
 983 #endif
 984     /* other extensions go here */
 985     {
 986         ITOK_TYPE_ACCEPTOR_MIC,
 987         ITOK_TYPE_NONE,
 988         GSSEAP_STATE_ACCEPTOR_EXTS,
 989         SM_ITOK_FLAG_REQUIRED,
 990         eapGssSmInitAcceptorMIC
 991     }
 992 };
 993
 994 OM_uint32
 995 gssEapInitSecContext(OM_uint32 *minor,
 996                      gss_cred_id_t cred,
 997                      gss_ctx_id_t ctx,
 998                      gss_name_t target_name,
 999                      gss_OID mech_type,
1000                      OM_uint32 req_flags,
1001                      OM_uint32 time_req,
1002                      gss_channel_bindings_t input_chan_bindings,
1003                      gss_buffer_t input_token,
1004                      gss_OID *actual_mech_type,
1005                      gss_buffer_t output_token,
1006                      OM_uint32 *ret_flags,
1007                      OM_uint32 *time_rec)
1008 {
1009     OM_uint32 major, tmpMinor;
1010     int initialContextToken = (ctx->mechanismUsed == GSS_C_NO_OID);
1011
1012     /*
1013      * XXX is acquiring the credential lock here necessary? The password is
1014      * mutable but the contract could specify that this is not updated whilst
1015      * a context is being initialized.
1016      */
1017     if (cred != GSS_C_NO_CREDENTIAL)
1018         GSSEAP_MUTEX_LOCK(&cred->mutex);
1019
1020     if (ctx->cred == GSS_C_NO_CREDENTIAL) {
1021         major = gssEapResolveInitiatorCred(minor, cred, target_name, &ctx->cred);
1022         if (GSS_ERROR(major))
1023             goto cleanup;
1024
1025         GSSEAP_ASSERT(ctx->cred != GSS_C_NO_CREDENTIAL);
1026     }
1027
1028     GSSEAP_MUTEX_LOCK(&ctx->cred->mutex);
1029
1030     GSSEAP_ASSERT(ctx->cred->flags & CRED_FLAG_RESOLVED);
1031     GSSEAP_ASSERT(ctx->cred->flags & CRED_FLAG_INITIATE);
1032
1033     if (initialContextToken) {
1034         major = initBegin(minor, ctx, target_name, mech_type,
1035                           req_flags, time_req, input_chan_bindings);
1036         if (GSS_ERROR(major))
1037             goto cleanup;
1038     }
1039
1040     major = gssEapSmStep(minor,
1041                          cred,
1042                          ctx,
1043                          target_name,
1044                          mech_type,
1045                          req_flags,
1046                          time_req,
1047                          input_chan_bindings,
1048                          input_token,
1049                          output_token,
1050                          eapGssInitiatorSm,
1051                          sizeof(eapGssInitiatorSm) / sizeof(eapGssInitiatorSm[0]));
1052     if (GSS_ERROR(major))
1053         goto cleanup;
1054
1055     if (actual_mech_type != NULL) {
1056         OM_uint32 tmpMajor;
1057
1058         tmpMajor = gssEapCanonicalizeOid(&tmpMinor, ctx->mechanismUsed, 0, actual_mech_type);
1059         if (GSS_ERROR(tmpMajor)) {
1060             major = tmpMajor;
1061             *minor = tmpMinor;
1062             goto cleanup;
1063         }
1064     }
1065     if (ret_flags != NULL)
1066         *ret_flags = ctx->gssFlags;
1067     if (time_rec != NULL)
1068         gssEapContextTime(&tmpMinor, ctx, time_rec);
1069
1070     GSSEAP_ASSERT(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED);
1071
1072 cleanup:
1073     if (cred != GSS_C_NO_CREDENTIAL)
1074         GSSEAP_MUTEX_UNLOCK(&cred->mutex);
1075     if (ctx->cred != GSS_C_NO_CREDENTIAL)
1076         GSSEAP_MUTEX_UNLOCK(&ctx->cred->mutex);
1077
1078     return major;
1079 }
1080
1081 OM_uint32 GSSAPI_CALLCONV
1082 gss_init_sec_context(OM_uint32 *minor,
1083                      gss_cred_id_t cred,
1084                      gss_ctx_id_t *context_handle,
1085                      gss_name_t target_name,
1086                      gss_OID mech_type,
1087                      OM_uint32 req_flags,
1088                      OM_uint32 time_req,
1089                      gss_channel_bindings_t input_chan_bindings,
1090                      gss_buffer_t input_token,
1091                      gss_OID *actual_mech_type,
1092                      gss_buffer_t output_token,
1093                      OM_uint32 *ret_flags,
1094                      OM_uint32 *time_rec)
1095 {
1096     OM_uint32 major, tmpMinor;
1097     gss_ctx_id_t ctx = *context_handle;
1098
1099     *minor = 0;
1100
1101     output_token->length = 0;
1102     output_token->value = NULL;
1103
1104     if (ctx == GSS_C_NO_CONTEXT) {
1105         if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
1106             *minor = GSSEAP_WRONG_SIZE;
1107             return GSS_S_DEFECTIVE_TOKEN;
1108         }
1109
1110         major = gssEapAllocContext(minor, &ctx);
1111         if (GSS_ERROR(major))
1112             return major;
1113
1114         ctx->flags |= CTX_FLAG_INITIATOR;
1115
1116         *context_handle = ctx;
1117     }
1118
1119     GSSEAP_MUTEX_LOCK(&ctx->mutex);
1120
1121     major = gssEapInitSecContext(minor,
1122                                  cred,
1123                                  ctx,
1124                                  target_name,
1125                                  mech_type,
1126                                  req_flags,
1127                                  time_req,
1128                                  input_chan_bindings,
1129                                  input_token,
1130                                  actual_mech_type,
1131                                  output_token,
1132                                  ret_flags,
1133                                  time_rec);
1134
1135     GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
1136
1137     if (GSS_ERROR(major))
1138         gssEapReleaseContext(&tmpMinor, context_handle);
1139
1140     return major;
1141 }