2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 #include "gssapiP_eap.h"
40 gssEapDestroyKrbContext(krb5_context context)
43 krb5_free_context(context);
46 static krb5_error_code
47 initKrbContext(krb5_context *pKrbContext)
49 krb5_context krbContext;
51 char *defaultRealm = NULL;
55 code = krb5_init_context(&krbContext);
59 krb5_appdefault_string(krbContext, "eap_gss",
60 NULL, "default_realm", "", &defaultRealm);
62 if (defaultRealm != NULL && defaultRealm[0] != '\0') {
63 code = krb5_set_default_realm(krbContext, defaultRealm);
68 *pKrbContext = krbContext;
71 #ifdef HAVE_HEIMDAL_VERSION
72 krb5_xfree(defaultRealm);
74 krb5_free_default_realm(krbContext, defaultRealm);
77 if (code != 0 && krbContext != NULL)
78 krb5_free_context(krbContext);
84 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
86 struct gss_eap_thread_local_data *tld;
91 tld = gssEapGetThreadLocalData();
93 if (tld->krbContext == NULL) {
94 *minor = initKrbContext(&tld->krbContext);
96 tld->krbContext = NULL;
98 *context = tld->krbContext;
100 *minor = GSSEAP_GET_LAST_ERROR();
103 GSSEAP_ASSERT(*context != NULL || *minor != 0);
105 return (*minor == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
109 * Derive a key K for RFC 4121 use by using the following
110 * derivation function (based on RFC 4402);
112 * KMSK = random-to-key(MSK)
113 * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
114 * L = output key size
115 * K = truncate(L, T1 || T2 || .. || Tn)
117 * The output must be freed by krb5_free_keyblock_contents(),
121 gssEapDeriveRfc3961Key(OM_uint32 *minor,
122 const unsigned char *inputKey,
123 size_t inputKeyLength,
124 krb5_enctype encryptionType,
127 krb5_context krbContext;
128 #ifdef HAVE_HEIMDAL_VERSION
129 krb5_crypto krbCrypto = NULL;
133 krb5_data ns, t, derivedKeyData;
135 krb5_error_code code;
136 size_t randomLength, keyLength, prfLength;
137 unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p;
140 GSSEAP_KRB_INIT(&krbContext);
141 GSSEAP_ASSERT(encryptionType != ENCTYPE_NULL);
145 KRB_KEY_TYPE(&kd) = encryptionType;
149 KRB_DATA_INIT(&derivedKeyData);
151 #ifdef HAVE_HEIMDAL_VERSION
152 code = krb5_enctype_keybits(krbContext, encryptionType, &randomLength);
156 randomLength = (randomLength + 7) / 8; /* from mit_glue.c */
158 code = krb5_enctype_keysize(krbContext, encryptionType, &keyLength);
162 code = krb5_c_keylengths(krbContext, encryptionType,
163 &randomLength, &keyLength);
166 #endif /* HAVE_HEIMDAL_VERSION */
168 /* Convert EAP MSK into a Kerberos key */
170 #ifdef HAVE_HEIMDAL_VERSION
171 code = krb5_random_to_key(krbContext, encryptionType, inputKey,
172 MIN(inputKeyLength, randomLength), &kd);
174 data.length = MIN(inputKeyLength, randomLength);
175 data.data = (char *)inputKey;
177 KRB_KEY_DATA(&kd) = KRB_MALLOC(keyLength);
178 if (KRB_KEY_DATA(&kd) == NULL) {
182 KRB_KEY_LENGTH(&kd) = keyLength;
184 code = krb5_c_random_to_key(krbContext, encryptionType, &data, &kd);
185 #endif /* HAVE_HEIMDAL_VERSION */
189 memset(&constant[0], 0, 4);
190 memcpy(&constant[4], "rfc4121-gss-eap", sizeof("rfc4121-gss-eap") - 1);
192 ns.length = sizeof(constant);
193 ns.data = (char *)constant;
195 /* Plug derivation constant and key into PRF */
196 #ifdef HAVE_HEIMDAL_VERSION
197 code = krb5_crypto_prf_length(krbContext, encryptionType, &prfLength);
199 code = krb5_c_prf_length(krbContext, encryptionType, &prfLength);
204 #ifdef HAVE_HEIMDAL_VERSION
205 code = krb5_crypto_init(krbContext, &kd, 0, &krbCrypto);
209 t.length = prfLength;
210 t.data = GSSEAP_MALLOC(t.length);
211 if (t.data == NULL) {
217 derivedKeyData.length = randomLength;
218 derivedKeyData.data = GSSEAP_MALLOC(derivedKeyData.length);
219 if (derivedKeyData.data == NULL) {
224 for (i = 0, p = (unsigned char *)derivedKeyData.data, remain = randomLength;
226 p += t.length, remain -= t.length, i++)
228 store_uint32_be(i, ns.data);
230 #ifdef HAVE_HEIMDAL_VERSION
231 code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
233 code = krb5_c_prf(krbContext, &kd, &ns, &t);
238 memcpy(p, t.data, MIN(t.length, remain));
241 /* Finally, convert PRF output into a new key which we will return */
242 #ifdef HAVE_HEIMDAL_VERSION
243 krb5_free_keyblock_contents(krbContext, &kd);
246 code = krb5_random_to_key(krbContext, encryptionType,
247 derivedKeyData.data, derivedKeyData.length, &kd);
249 code = krb5_c_random_to_key(krbContext, encryptionType,
250 &derivedKeyData, &kd);
259 krb5_free_keyblock_contents(krbContext, &kd);
260 #ifdef HAVE_HEIMDAL_VERSION
261 krb5_crypto_destroy(krbContext, krbCrypto);
264 if (t.data != NULL) {
265 memset(t.data, 0, t.length);
269 if (derivedKeyData.data != NULL) {
270 memset(derivedKeyData.data, 0, derivedKeyData.length);
271 GSSEAP_FREE(derivedKeyData.data);
276 return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
279 #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
280 extern krb5_error_code
281 krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
285 rfc3961ChecksumTypeForKey(OM_uint32 *minor,
287 krb5_cksumtype *cksumtype)
289 krb5_context krbContext;
290 #if !defined(HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE) && !defined(HAVE_HEIMDAL_VERSION)
294 #ifdef HAVE_HEIMDAL_VERSION
295 krb5_crypto krbCrypto = NULL;
298 GSSEAP_KRB_INIT(&krbContext);
300 #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
301 *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key),
304 return GSS_S_FAILURE;
305 #elif defined(HAVE_HEIMDAL_VERSION)
306 *minor = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
308 return GSS_S_FAILURE;
310 *minor = krb5_crypto_get_checksum_type(krbContext, krbCrypto, cksumtype);
312 krb5_crypto_destroy(krbContext, krbCrypto);
315 return GSS_S_FAILURE;
317 KRB_DATA_INIT(&data);
319 memset(&cksum, 0, sizeof(cksum));
322 * This is a complete hack but it's the only way to work with
323 * MIT Kerberos pre-1.9 without using private API, as it does
324 * not support passing in zero as the checksum type.
326 *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum);
328 return GSS_S_FAILURE;
330 *cksumtype = KRB_CHECKSUM_TYPE(&cksum);
332 KRB_CHECKSUM_FREE(krbContext, &cksum);
333 #endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
335 #ifdef HAVE_HEIMDAL_VERSION
336 if (!krb5_checksum_is_keyed(krbContext, *cksumtype))
338 if (!krb5_c_is_keyed_cksum(*cksumtype))
341 *minor = (OM_uint32)KRB5KRB_AP_ERR_INAPP_CKSUM;
342 return GSS_S_FAILURE;
345 return GSS_S_COMPLETE;
349 krbCryptoLength(krb5_context krbContext,
350 #ifdef HAVE_HEIMDAL_VERSION
351 krb5_crypto krbCrypto,
353 const krb5_keyblock *key,
358 #ifdef HAVE_HEIMDAL_VERSION
359 return krb5_crypto_length(krbContext, krbCrypto, type, length);
362 krb5_error_code code;
364 code = krb5_c_crypto_length(krbContext, KRB_KEY_TYPE(key), type, &len);
366 *length = (size_t)len;
373 krbPaddingLength(krb5_context krbContext,
374 #ifdef HAVE_HEIMDAL_VERSION
375 krb5_crypto krbCrypto,
377 const krb5_keyblock *key,
382 krb5_error_code code;
383 #ifdef HAVE_HEIMDAL_VERSION
384 size_t headerLength, paddingLength;
386 code = krbCryptoLength(krbContext, krbCrypto,
387 KRB5_CRYPTO_TYPE_HEADER, &headerLength);
391 dataLength += headerLength;
393 code = krb5_crypto_length(krbContext, krbCrypto,
394 KRB5_CRYPTO_TYPE_PADDING, &paddingLength);
398 if (paddingLength != 0 && (dataLength % paddingLength) != 0)
399 *padLength = paddingLength - (dataLength % paddingLength);
407 code = krb5_c_padding_length(krbContext, KRB_KEY_TYPE(key), dataLength, &pad);
409 *padLength = (size_t)pad;
412 #endif /* HAVE_HEIMDAL_VERSION */
416 krbBlockSize(krb5_context krbContext,
417 #ifdef HAVE_HEIMDAL_VERSION
418 krb5_crypto krbCrypto,
420 const krb5_keyblock *key,
424 #ifdef HAVE_HEIMDAL_VERSION
425 return krb5_crypto_getblocksize(krbContext, krbCrypto, blockSize);
427 return krb5_c_block_size(krbContext, KRB_KEY_TYPE(key), blockSize);
433 #ifdef HAVE_HEIMDAL_VERSION
434 krb5_context krbContext,
436 krb5_context krbContext GSSEAP_UNUSED,
438 krb5_enctype enctype,
442 krb5_error_code code;
443 #ifdef HAVE_HEIMDAL_VERSION
444 char *enctypeBuf = NULL;
446 char enctypeBuf[128];
448 size_t prefixLength, enctypeLength;
450 #ifdef HAVE_HEIMDAL_VERSION
451 code = krb5_enctype_to_string(krbContext, enctype, &enctypeBuf);
453 code = krb5_enctype_to_name(enctype, 0, enctypeBuf, sizeof(enctypeBuf));
458 prefixLength = (prefix != NULL) ? strlen(prefix) : 0;
459 enctypeLength = strlen(enctypeBuf);
461 string->value = GSSEAP_MALLOC(prefixLength + enctypeLength + 1);
462 if (string->value == NULL) {
463 #ifdef HAVE_HEIMDAL_VERSION
464 krb5_xfree(enctypeBuf);
469 if (prefixLength != 0)
470 memcpy(string->value, prefix, prefixLength);
471 memcpy((char *)string->value + prefixLength, enctypeBuf, enctypeLength);
473 string->length = prefixLength + enctypeLength;
474 ((char *)string->value)[string->length] = '\0';
476 #ifdef HAVE_HEIMDAL_VERSION
477 krb5_xfree(enctypeBuf);
483 #ifdef GSSEAP_ENABLE_REAUTH
485 krbMakeAuthDataKdcIssued(krb5_context context,
486 const krb5_keyblock *key,
487 krb5_const_principal issuer,
488 #ifdef HAVE_HEIMDAL_VERSION
489 const AuthorizationData *authdata,
490 AuthorizationData *adKdcIssued
492 krb5_authdata *const *authdata,
493 krb5_authdata ***adKdcIssued
497 #ifdef HAVE_HEIMDAL_VERSION
498 krb5_error_code code;
499 AD_KDCIssued kdcIssued;
500 AuthorizationDataElement adDatum;
502 size_t buf_size, len;
503 krb5_crypto crypto = NULL;
505 memset(&kdcIssued, 0, sizeof(kdcIssued));
506 memset(adKdcIssued, 0, sizeof(*adKdcIssued));
508 kdcIssued.i_realm = issuer->realm != NULL ? (Realm *)&issuer->realm : NULL;
509 kdcIssued.i_sname = (PrincipalName *)&issuer->name;
510 kdcIssued.elements = *authdata;
512 ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata, &len, code);
516 code = krb5_crypto_init(context, key, 0, &crypto);
520 code = krb5_create_checksum(context, crypto, KRB5_KU_AD_KDC_ISSUED,
521 0, buf, buf_size, &kdcIssued.ad_checksum);
525 free(buf); /* match ASN1_MALLOC_ENCODE */
528 ASN1_MALLOC_ENCODE(AD_KDCIssued, buf, buf_size, &kdcIssued, &len, code);
532 adDatum.ad_type = KRB5_AUTHDATA_KDC_ISSUED;
533 adDatum.ad_data.length = buf_size;
534 adDatum.ad_data.data = buf;
536 code = add_AuthorizationData(adKdcIssued, &adDatum);
542 free(buf); /* match ASN1_MALLOC_ENCODE */
544 krb5_crypto_destroy(context, crypto);
545 free_Checksum(&kdcIssued.ad_checksum);
549 return krb5_make_authdata_kdc_issued(context, key, issuer, authdata,
551 #endif /* HAVE_HEIMDAL_VERSION */
555 krbMakeCred(krb5_context krbContext,
556 krb5_auth_context authContext,
560 krb5_error_code code;
561 #ifdef HAVE_HEIMDAL_VERSION
563 KrbCredInfo krbCredInfo;
564 EncKrbCredPart encKrbCredPart;
566 krb5_crypto krbCrypto = NULL;
567 krb5_data encKrbCredPartData;
568 krb5_replay_data rdata;
574 memset(data, 0, sizeof(*data));
575 #ifdef HAVE_HEIMDAL_VERSION
576 memset(&krbCred, 0, sizeof(krbCred));
577 memset(&krbCredInfo, 0, sizeof(krbCredInfo));
578 memset(&encKrbCredPart, 0, sizeof(encKrbCredPart));
579 memset(&rdata, 0, sizeof(rdata));
581 if (authContext->local_subkey)
582 key = authContext->local_subkey;
583 else if (authContext->remote_subkey)
584 key = authContext->remote_subkey;
586 key = authContext->keyblock;
589 krbCred.msg_type = krb_cred;
590 krbCred.tickets.val = (Ticket *)GSSEAP_CALLOC(1, sizeof(Ticket));
591 if (krbCred.tickets.val == NULL) {
595 krbCred.tickets.len = 1;
597 code = decode_Ticket(creds->ticket.data,
598 creds->ticket.length,
599 krbCred.tickets.val, &len);
603 krbCredInfo.key = creds->session;
604 krbCredInfo.prealm = &creds->client->realm;
605 krbCredInfo.pname = &creds->client->name;
606 krbCredInfo.flags = &creds->flags.b;
607 krbCredInfo.authtime = &creds->times.authtime;
608 krbCredInfo.starttime = &creds->times.starttime;
609 krbCredInfo.endtime = &creds->times.endtime;
610 krbCredInfo.renew_till = &creds->times.renew_till;
611 krbCredInfo.srealm = &creds->server->realm;
612 krbCredInfo.sname = &creds->server->name;
613 krbCredInfo.caddr = creds->addresses.len ? &creds->addresses : NULL;
615 encKrbCredPart.ticket_info.len = 1;
616 encKrbCredPart.ticket_info.val = &krbCredInfo;
617 if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
618 rdata.seq = authContext->local_seqnumber;
619 encKrbCredPart.nonce = (int32_t *)&rdata.seq;
621 encKrbCredPart.nonce = NULL;
623 if (authContext->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
624 krb5_us_timeofday(krbContext, &rdata.timestamp, &rdata.usec);
625 encKrbCredPart.timestamp = &rdata.timestamp;
626 encKrbCredPart.usec = &rdata.usec;
628 encKrbCredPart.timestamp = NULL;
629 encKrbCredPart.usec = NULL;
631 encKrbCredPart.s_address = authContext->local_address;
632 encKrbCredPart.r_address = authContext->remote_address;
634 ASN1_MALLOC_ENCODE(EncKrbCredPart, encKrbCredPartData.data,
635 encKrbCredPartData.length, &encKrbCredPart,
640 code = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
644 code = krb5_encrypt_EncryptedData(krbContext,
647 encKrbCredPartData.data,
648 encKrbCredPartData.length,
654 ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length,
655 &krbCred, &len, code);
659 if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
660 authContext->local_seqnumber++;
663 if (krbCrypto != NULL)
664 krb5_crypto_destroy(krbContext, krbCrypto);
665 free_KRB_CRED(&krbCred);
666 krb5_data_free(&encKrbCredPartData);
670 code = krb5_mk_1cred(krbContext, authContext, creds, &d, NULL);
677 #endif /* HAVE_HEIMDAL_VERSION */
679 #endif /* GSSEAP_ENABLE_REAUTH */