2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Copyright 2008 by the Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
56 #include "gssapiP_eap.h"
59 gssEapWrapOrGetMIC(OM_uint32 *minor,
63 gss_iov_buffer_desc *iov,
65 enum gss_eap_token_type toktype)
67 krb5_error_code code = 0;
68 gss_iov_buffer_t header;
69 gss_iov_buffer_t padding;
70 gss_iov_buffer_t trailer;
71 unsigned char acceptorFlag;
72 unsigned char *outbuf = NULL;
73 unsigned char *tbuf = NULL;
76 unsigned int gssHeaderLen, gssTrailerLen;
77 size_t dataLen, assocDataLen;
79 if (!CTX_IS_ESTABLISHED(ctx))
80 return GSS_S_NO_CONTEXT;
82 acceptorFlag = CTX_IS_INITIATOR(ctx) ? 0 : TOK_FLAG_SENDER_IS_ACCEPTOR;
83 keyUsage = ((toktype == TOK_TYPE_WRAP)
84 ? (CTX_IS_INITIATOR(ctx)
85 ? KEY_USAGE_INITIATOR_SEAL
86 : KEY_USAGE_ACCEPTOR_SEAL)
87 : (CTX_IS_INITIATOR(ctx)
88 ? KEY_USAGE_INITIATOR_SIGN
89 : KEY_USAGE_ACCEPTOR_SIGN));
91 gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen);
93 header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
99 padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
101 padding->buffer.length = 0;
103 trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
105 if (toktype == TOK_TYPE_WRAP && conf_req_flag) {
106 unsigned int krbHeaderLen, krbTrailerLen, krbPadLen;
108 size_t confDataLen = dataLen - assocDataLen;
110 code = krb5_c_crypto_length(ctx->kerberosCtx, ctx->encryptionType,
111 KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
115 code = krb5_c_padding_length(ctx->kerberosCtx, ctx->encryptionType,
116 confDataLen + 16 /* E(Header) */,
121 if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
122 /* Windows rejects AEAD tokens with non-zero EC */
123 code = krb5_c_block_size(ctx->kerberosCtx, ctx->encryptionType, &ec);
129 code = krb5_c_crypto_length(ctx->kerberosCtx, ctx->encryptionType,
130 KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
134 gssHeaderLen = 16 /* Header */ + krbHeaderLen;
135 gssTrailerLen = ec + 16 /* E(Header) */ + krbTrailerLen;
137 if (trailer == NULL) {
139 /* Workaround for Windows bug where it rotates by EC + RRC */
140 if (ctx->gssFlags & GSS_C_DCE_STYLE)
142 gssHeaderLen += gssTrailerLen;
145 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
146 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
147 } else if (header->buffer.length < gssHeaderLen)
148 code = KRB5_BAD_MSIZE;
151 outbuf = (unsigned char *)header->buffer.value;
152 header->buffer.length = (size_t)gssHeaderLen;
154 if (trailer != NULL) {
155 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
156 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
157 else if (trailer->buffer.length < gssTrailerLen)
158 code = KRB5_BAD_MSIZE;
161 trailer->buffer.length = (size_t)gssTrailerLen;
165 store_uint16_be((uint16_t)toktype, outbuf);
167 outbuf[2] = (acceptorFlag
168 | (conf_req_flag ? TOK_FLAG_WRAP_CONFIDENTIAL : 0)
169 | (0 ? TOK_FLAG_ACCEPTOR_SUBKEY : 0));
173 store_uint16_be(ec, outbuf + 4);
175 store_uint16_be(0, outbuf + 6);
176 store_64_be(ctx->sendSeq, outbuf + 8);
179 * EC | copy of header to be encrypted, located in
180 * (possibly rotated) trailer
183 tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
185 tbuf = (unsigned char *)trailer->buffer.value;
187 memset(tbuf, 0xFF, ec);
188 memcpy(tbuf + ec, header->buffer.value, 16);
190 code = gssEapEncrypt(ctx->kerberosCtx,
191 ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
192 ec, rrc, ctx->rfc3961Key,
193 keyUsage, 0, iov, iov_count);
198 store_uint16_be(rrc, outbuf + 6);
201 } else if (toktype == TOK_TYPE_WRAP && !conf_req_flag) {
206 code = krb5_c_crypto_length(ctx->kerberosCtx, ctx->encryptionType,
207 KRB5_CRYPTO_TYPE_CHECKSUM,
212 assert(gssTrailerLen <= 0xFFFF);
214 if (trailer == NULL) {
216 gssHeaderLen += gssTrailerLen;
219 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
220 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
221 else if (header->buffer.length < gssHeaderLen)
222 code = KRB5_BAD_MSIZE;
225 outbuf = (unsigned char *)header->buffer.value;
226 header->buffer.length = (size_t)gssHeaderLen;
228 if (trailer != NULL) {
229 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
230 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
231 else if (trailer->buffer.length < gssTrailerLen)
232 code = KRB5_BAD_MSIZE;
235 trailer->buffer.length = (size_t)gssTrailerLen;
239 store_uint16_be((uint16_t)toktype, outbuf);
241 outbuf[2] = (acceptorFlag
242 | (0 ? TOK_FLAG_ACCEPTOR_SUBKEY : 0));
245 if (toktype == TOK_TYPE_WRAP) {
246 /* Use 0 for checksum calculation, substitute
247 * checksum length later.
250 store_uint16_be(0, outbuf + 4);
252 store_uint16_be(0, outbuf + 6);
254 /* MIC and DEL store 0xFF in EC and RRC */
255 store_uint16_be(0xFFFF, outbuf + 4);
256 store_uint16_be(0xFFFF, outbuf + 6);
258 store_64_be(ctx->sendSeq, outbuf + 8);
260 code = gssEapSign(ctx->kerberosCtx, ctx->checksumType,
261 rrc, ctx->rfc3961Key, keyUsage,
268 if (toktype == TOK_TYPE_WRAP) {
269 /* Fix up EC field */
270 store_uint16_be(gssTrailerLen, outbuf + 4);
271 /* Fix up RRC field */
272 store_uint16_be(rrc, outbuf + 6);
274 } else if (toktype == TOK_TYPE_MIC) {
276 goto wrap_with_checksum;
277 } else if (toktype == TOK_TYPE_DELETE) {
278 goto wrap_with_checksum;
287 gssEapReleaseIov(iov, iov_count);
292 return GSS_S_FAILURE;
294 return GSS_S_COMPLETE;
298 gss_wrap_iov(OM_uint32 *minor,
303 gss_iov_buffer_desc *iov,
306 return gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
307 iov, iov_count, TOK_TYPE_WRAP);