2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Copyright 2008 by the Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
56 #include "gssapiP_eap.h"
59 rfc4121Flags(gss_ctx_id_t ctx, int receiving)
64 isAcceptor = !CTX_IS_INITIATOR(ctx);
66 isAcceptor = !isAcceptor;
70 flags |= TOK_FLAG_SENDER_IS_ACCEPTOR;
72 if ((ctx->flags & CTX_FLAG_KRB_REAUTH_GSS) &&
73 (ctx->gssFlags & GSS_C_MUTUAL_FLAG))
74 flags |= TOK_FLAG_ACCEPTOR_SUBKEY;
80 gssEapWrapOrGetMIC(OM_uint32 *minor,
84 gss_iov_buffer_desc *iov,
86 enum gss_eap_token_type toktype)
88 krb5_error_code code = 0;
89 gss_iov_buffer_t header;
90 gss_iov_buffer_t padding;
91 gss_iov_buffer_t trailer;
93 unsigned char *outbuf = NULL;
94 unsigned char *tbuf = NULL;
97 unsigned int gssHeaderLen, gssTrailerLen;
98 size_t dataLen, assocDataLen;
99 krb5_context krbContext;
101 if (ctx->encryptionType == ENCTYPE_NULL) {
102 *minor = GSSEAP_KEY_UNAVAILABLE;
103 return GSS_S_UNAVAILABLE;
106 GSSEAP_KRB_INIT(&krbContext);
108 flags = rfc4121Flags(ctx, FALSE);
110 if (toktype == TOK_TYPE_WRAP) {
111 keyUsage = CTX_IS_INITIATOR(ctx)
112 ? KEY_USAGE_INITIATOR_SEAL
113 : KEY_USAGE_ACCEPTOR_SEAL;
115 keyUsage = CTX_IS_INITIATOR(ctx)
116 ? KEY_USAGE_INITIATOR_SIGN
117 : KEY_USAGE_ACCEPTOR_SIGN;
120 gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen);
122 header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
123 if (header == NULL) {
124 *minor = GSSEAP_MISSING_IOV;
125 return GSS_S_FAILURE;
128 padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
130 padding->buffer.length = 0;
132 trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
134 if (toktype == TOK_TYPE_WRAP && conf_req_flag) {
135 unsigned int krbHeaderLen, krbTrailerLen, krbPadLen;
137 size_t confDataLen = dataLen - assocDataLen;
139 code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
140 KRB5_CRYPTO_TYPE_HEADER, &krbHeaderLen);
144 code = krb5_c_padding_length(krbContext, ctx->encryptionType,
145 confDataLen + 16 /* E(Header) */,
150 if (krbPadLen == 0 && (ctx->gssFlags & GSS_C_DCE_STYLE)) {
151 /* Windows rejects AEAD tokens with non-zero EC */
152 code = krb5_c_block_size(krbContext, ctx->encryptionType, &ec);
158 code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
159 KRB5_CRYPTO_TYPE_TRAILER, &krbTrailerLen);
163 gssHeaderLen = 16 /* Header */ + krbHeaderLen;
164 gssTrailerLen = ec + 16 /* E(Header) */ + krbTrailerLen;
166 if (trailer == NULL) {
168 /* Workaround for Windows bug where it rotates by EC + RRC */
169 if (ctx->gssFlags & GSS_C_DCE_STYLE)
171 gssHeaderLen += gssTrailerLen;
174 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
175 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
176 } else if (header->buffer.length < gssHeaderLen)
177 code = GSSEAP_WRONG_SIZE;
180 outbuf = (unsigned char *)header->buffer.value;
181 header->buffer.length = (size_t)gssHeaderLen;
183 if (trailer != NULL) {
184 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
185 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
186 else if (trailer->buffer.length < gssTrailerLen)
187 code = GSSEAP_WRONG_SIZE;
190 trailer->buffer.length = (size_t)gssTrailerLen;
194 store_uint16_be((uint16_t)toktype, outbuf);
197 | (conf_req_flag ? TOK_FLAG_WRAP_CONFIDENTIAL : 0);
201 store_uint16_be(ec, outbuf + 4);
203 store_uint16_be(0, outbuf + 6);
204 store_uint64_be(ctx->sendSeq, outbuf + 8);
207 * EC | copy of header to be encrypted, located in
208 * (possibly rotated) trailer
211 tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
213 tbuf = (unsigned char *)trailer->buffer.value;
215 memset(tbuf, 0xFF, ec);
216 memcpy(tbuf + ec, header->buffer.value, 16);
218 code = gssEapEncrypt(krbContext,
219 ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0),
220 ec, rrc, &ctx->rfc3961Key,
221 keyUsage, 0, iov, iov_count);
226 store_uint16_be(rrc, outbuf + 6);
229 } else if (toktype == TOK_TYPE_WRAP && !conf_req_flag) {
234 code = krb5_c_crypto_length(krbContext, ctx->encryptionType,
235 KRB5_CRYPTO_TYPE_CHECKSUM,
240 assert(gssTrailerLen <= 0xFFFF);
242 if (trailer == NULL) {
244 gssHeaderLen += gssTrailerLen;
247 if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
248 code = gssEapAllocIov(header, (size_t)gssHeaderLen);
249 else if (header->buffer.length < gssHeaderLen)
250 code = GSSEAP_WRONG_SIZE;
253 outbuf = (unsigned char *)header->buffer.value;
254 header->buffer.length = (size_t)gssHeaderLen;
256 if (trailer != NULL) {
257 if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
258 code = gssEapAllocIov(trailer, (size_t)gssTrailerLen);
259 else if (trailer->buffer.length < gssTrailerLen)
260 code = GSSEAP_WRONG_SIZE;
263 trailer->buffer.length = (size_t)gssTrailerLen;
267 store_uint16_be((uint16_t)toktype, outbuf);
272 if (toktype == TOK_TYPE_WRAP) {
273 /* Use 0 for checksum calculation, substitute
274 * checksum length later.
277 store_uint16_be(0, outbuf + 4);
279 store_uint16_be(0, outbuf + 6);
281 /* MIC and DEL store 0xFF in EC and RRC */
282 store_uint16_be(0xFFFF, outbuf + 4);
283 store_uint16_be(0xFFFF, outbuf + 6);
285 store_uint64_be(ctx->sendSeq, outbuf + 8);
287 code = gssEapSign(krbContext, ctx->checksumType,
288 rrc, &ctx->rfc3961Key, keyUsage,
295 if (toktype == TOK_TYPE_WRAP) {
296 /* Fix up EC field */
297 store_uint16_be(gssTrailerLen, outbuf + 4);
298 /* Fix up RRC field */
299 store_uint16_be(rrc, outbuf + 6);
301 } else if (toktype == TOK_TYPE_MIC) {
303 goto wrap_with_checksum;
304 } else if (toktype == TOK_TYPE_DELETE_CONTEXT) {
306 goto wrap_with_checksum;
315 gssEapReleaseIov(iov, iov_count);
319 return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
323 gss_wrap_iov(OM_uint32 *minor,
328 gss_iov_buffer_desc *iov,
333 if (ctx == GSS_C_NO_CONTEXT) {
335 return GSS_S_NO_CONTEXT;
340 GSSEAP_MUTEX_LOCK(&ctx->mutex);
342 if (!CTX_IS_ESTABLISHED(ctx)) {
343 major = GSS_S_NO_CONTEXT;
344 *minor = GSSEAP_CONTEXT_INCOMPLETE;
348 major = gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
349 iov, iov_count, TOK_TYPE_WRAP);
350 if (GSS_ERROR(major))
354 GSSEAP_MUTEX_UNLOCK(&ctx->mutex);