2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Copyright 2008 by the Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
56 #include "gssapiP_eap.h"
59 rfc4121Flags(gss_ctx_id_t ctx, int receiving)
64 isAcceptor = !CTX_IS_INITIATOR(ctx);
66 isAcceptor = !isAcceptor;
70 flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
72 if ((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) &&
73 (ctx->gssFlags & GSS_C_MUTUAL_FLAG))
74 flags |= TOK_FLAG_ACCEPTOR_SUBKEY;
80 gssEapWrapOrGetMIC(OM_uint32 *minor,
84 gss_iov_buffer_desc *iov,
86 enum gss_eap_token_type toktype)
88 krb5_error_code code = 0;
89 gss_iov_buffer_t header;
90 gss_iov_buffer_t padding;
91 gss_iov_buffer_t trailer;
93 unsigned char *outbuf = NULL;
94 unsigned char *tbuf = NULL;
97 unsigned int gssHeaderLen, gssTrailerLen;
98 size_t dataLen, assocDataLen;
99 krb5_context krbContext;
101 if (ctx->encryptionType == ENCTYPE_NULL)
102 return GSS_S_UNAVAILABLE;
104 GSSEAP_KRB_INIT(&krbContext);
106 flags = rfc4121Flags(ctx, FALSE);
110 keyUsage = CTX_IS_INITIATOR(ctx)
111 ? KEY_USAGE_INITIATOR_SEAL
112 : KEY_USAGE_ACCEPTOR_SEAL;
114 case TOK_TYPE_GSS_CB:
115 keyUsage = KEY_USAGE_CHANNEL_BINDINGS;
119 keyUsage = CTX_IS_INITIATOR(ctx)
120 ? KEY_USAGE_INITIATOR_SIGN
121 : KEY_USAGE_ACCEPTOR_SIGN;
125 gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen);
127 header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
128 if (header == NULL) {
130 return GSS_S_FAILURE;
133 padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
135 padding->buffer.length = 0;
137 trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
139 if (toktype == TOK_TYPE_WRAP && conf_req_flag) {
140 unsigned int krbHeaderLen, krbTrailerLen, krbPadLen;
142 size_t confDataLen = dataLen - assocDataLen;
144 code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
145 KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
149 code = krb5_c_padding_length(krbContext, ctx->encryptionType,
150 confDataLen + 16 /* E(Header) */,
155 if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
156 /* Windows rejects AEAD tokens with non-zero EC */
157 code = krb5_c_block_size(krbContext, ctx->encryptionType, &ec);
163 code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
164 KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
168 gssHeaderLen = 16 /* Header */ + krbHeaderLen;
169 gssTrailerLen = ec + 16 /* E(Header) */ + krbTrailerLen;
171 if (trailer == NULL) {
173 /* Workaround for Windows bug where it rotates by EC + RRC */
174 if (ctx->gssFlags & GSS_C_DCE_STYLE)
176 gssHeaderLen += gssTrailerLen;
179 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
180 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
181 } else if (header->buffer.length < gssHeaderLen)
182 code = KRB5_BAD_MSIZE;
185 outbuf = (unsigned char *)header->buffer.value;
186 header->buffer.length = (size_t)gssHeaderLen;
188 if (trailer != NULL) {
189 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
190 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
191 else if (trailer->buffer.length < gssTrailerLen)
192 code = KRB5_BAD_MSIZE;
195 trailer->buffer.length = (size_t)gssTrailerLen;
199 store_uint16_be((uint16_t)toktype, outbuf);
202 | (conf_req_flag ? TOK_FLAG_WRAP_CONFIDENTIAL : 0);
206 store_uint16_be(ec, outbuf + 4);
208 store_uint16_be(0, outbuf + 6);
209 store_uint64_be(ctx->sendSeq, outbuf + 8);
212 * EC | copy of header to be encrypted, located in
213 * (possibly rotated) trailer
216 tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
218 tbuf = (unsigned char *)trailer->buffer.value;
220 memset(tbuf, 0xFF, ec);
221 memcpy(tbuf + ec, header->buffer.value, 16);
223 code = gssEapEncrypt(krbContext,
224 ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
225 ec, rrc, &ctx->rfc3961Key,
226 keyUsage, 0, iov, iov_count);
231 store_uint16_be(rrc, outbuf + 6);
234 } else if (toktype == TOK_TYPE_WRAP && !conf_req_flag) {
239 code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
240 KRB5_CRYPTO_TYPE_CHECKSUM,
245 assert(gssTrailerLen <= 0xFFFF);
247 if (trailer == NULL) {
249 gssHeaderLen += gssTrailerLen;
252 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
253 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
254 else if (header->buffer.length < gssHeaderLen)
255 code = KRB5_BAD_MSIZE;
258 outbuf = (unsigned char *)header->buffer.value;
259 header->buffer.length = (size_t)gssHeaderLen;
261 if (trailer != NULL) {
262 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
263 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
264 else if (trailer->buffer.length < gssTrailerLen)
265 code = KRB5_BAD_MSIZE;
268 trailer->buffer.length = (size_t)gssTrailerLen;
272 store_uint16_be((uint16_t)toktype, outbuf);
277 if (toktype == TOK_TYPE_WRAP) {
278 /* Use 0 for checksum calculation, substitute
279 * checksum length later.
282 store_uint16_be(0, outbuf + 4);
284 store_uint16_be(0, outbuf + 6);
286 /* MIC and DEL store 0xFF in EC and RRC */
287 store_uint16_be(0xFFFF, outbuf + 4);
288 store_uint16_be(0xFFFF, outbuf + 6);
290 store_uint64_be(ctx->sendSeq, outbuf + 8);
292 code = gssEapSign(krbContext, ctx->checksumType,
293 rrc, &ctx->rfc3961Key, keyUsage,
298 if (toktype != TOK_TYPE_GSS_CB)
301 if (toktype == TOK_TYPE_WRAP) {
302 /* Fix up EC field */
303 store_uint16_be(gssTrailerLen, outbuf + 4);
304 /* Fix up RRC field */
305 store_uint16_be(rrc, outbuf + 6);
307 } else if (toktype == TOK_TYPE_MIC || toktype == TOK_TYPE_GSS_CB) {
309 goto wrap_with_checksum;
310 } else if (toktype == TOK_TYPE_DELETE_CONTEXT) {
312 goto wrap_with_checksum;
321 gssEapReleaseIov(iov, iov_count);
325 return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
329 gss_wrap_iov(OM_uint32 *minor,
334 gss_iov_buffer_desc *iov,
337 if (!CTX_IS_ESTABLISHED(ctx))
338 return GSS_S_NO_CONTEXT;
340 return gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
341 iov, iov_count, TOK_TYPE_WRAP);