2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
35 static GSSEAP_THREAD_ONCE krbContextKeyOnce = GSSEAP_ONCE_INITIALIZER;
36 static GSSEAP_THREAD_KEY krbContextKey;
39 destroyKrbContext(void *arg)
41 krb5_context context = (krb5_context)arg;
44 krb5_free_context(context);
48 createKrbContextKey(void)
50 GSSEAP_KEY_CREATE(&krbContextKey, destroyKrbContext);
54 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
58 GSSEAP_ONCE(&krbContextKeyOnce, createKrbContextKey);
60 *context = GSSEAP_GETSPECIFIC(krbContextKey);
61 if (*context == NULL) {
62 *minor = krb5_init_context(context);
64 if (GSSEAP_SETSPECIFIC(krbContextKey, *context) != 0) {
66 krb5_free_context(*context);
72 return *minor == 0 ? GSS_S_COMPLETE : GSS_S_FAILURE;
76 * Derive a key for RFC 4121 use by using the following
77 * derivation function:
79 * random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap"))
81 * where random-to-key and prf are defined in RFC 3961.
84 gssEapDeriveRfc3961Key(OM_uint32 *minor,
85 const unsigned char *key,
94 size_t keybytes, keylength, prflength;
96 memset(pKey, 0, sizeof(*pKey));
98 GSSEAP_KRB_INIT(&context);
101 KRB_KEY_TYPE(&kd) = enctype;
106 code = krb5_c_keylengths(context, enctype, &keybytes, &keylength);
110 if (keyLength < keybytes) {
111 code = KRB5_BAD_MSIZE;
115 data.length = keybytes;
116 data.data = (char *)key;
118 KRB_KEY_DATA(&kd) = GSSEAP_MALLOC(keylength);
119 if (KRB_KEY_DATA(&kd) == NULL) {
123 KRB_KEY_LENGTH(&kd) = keylength;
125 /* Convert MSK into a Kerberos key */
126 code = krb5_c_random_to_key(context, enctype, &data, &kd);
130 data.length = sizeof("rfc4121-gss-eap") - 1;
131 data.data = "rfc4121-gss-eap";
133 /* Plug derivation constant and key into PRF */
134 code = krb5_c_prf_length(context, enctype, &prflength);
138 if (prflength < keybytes) {
139 code = KRB5_CRYPTO_INTERNAL;
142 prf.length = keybytes;
143 prf.data = GSSEAP_MALLOC(prflength);
144 if (data.data == NULL) {
149 code = krb5_c_prf(context, &kd, &data, &prf);
153 /* Finally, convert PRF output into a new key which we will return */
154 code = krb5_c_random_to_key(context, enctype, &prf, &kd);
159 KRB_KEY_DATA(&kd) = NULL;
162 if (KRB_KEY_DATA(&kd) != NULL) {
163 memset(KRB_KEY_DATA(&kd), 0, KRB_KEY_LENGTH(&kd));
164 GSSEAP_FREE(KRB_KEY_DATA(&kd));
166 if (prf.data != NULL) {
167 memset(prf.data, 0, prf.length);
168 GSSEAP_FREE(prf.data);
172 return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
175 #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
176 extern krb5_error_code
177 krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
181 rfc3961ChecksumTypeForKey(OM_uint32 *minor,
183 krb5_cksumtype *cksumtype)
185 krb5_context krbContext;
186 #ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
191 GSSEAP_KRB_INIT(&krbContext);
193 #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
194 *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key),
197 return GSS_S_FAILURE;
202 memset(&cksum, 0, sizeof(cksum));
205 * This is a complete hack but it's the only way to work with
206 * MIT Kerberos pre-1.9 without using private API, as it does
207 * not support passing in zero as the checksum type.
209 *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum);
211 return GSS_S_FAILURE;
213 *cksumtype = cksum.checksum_type;
215 krb5_free_checksum_contents(krbContext, &cksum);
216 #endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
218 return GSS_S_COMPLETE;