2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
36 gssEapAllocContext(OM_uint32 *minor,
42 assert(*pCtx == GSS_C_NO_CONTEXT);
44 ctx = (gss_ctx_id_t)GSSEAP_CALLOC(1, sizeof(*ctx));
50 if (GSSEAP_MUTEX_INIT(&ctx->mutex) != 0) {
52 gssEapReleaseContext(&tmpMinor, &ctx);
56 ctx->state = EAP_STATE_AUTHENTICATE;
59 * Integrity, confidentiality, sequencing and replay detection are
60 * always available. Regardless of what flags are requested in
61 * GSS_Init_sec_context, implementations MUST set the flag corresponding
62 * to these services in the output of GSS_Init_sec_context and
63 * GSS_Accept_sec_context.
65 ctx->gssFlags = GSS_C_INTEG_FLAG |
72 return GSS_S_COMPLETE;
76 releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx)
78 eap_peer_sm_deinit(ctx->eap);
79 wpabuf_free(ctx->eapReqData);
83 releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx)
88 gssEapReleaseContext(OM_uint32 *minor,
91 OM_uint32 major, tmpMinor;
92 gss_ctx_id_t ctx = *pCtx;
93 krb5_context krbContext = NULL;
95 if (ctx == GSS_C_NO_CONTEXT) {
96 return GSS_S_COMPLETE;
99 gssEapKerberosInit(&tmpMinor, &krbContext);
101 if (CTX_IS_INITIATOR(ctx)) {
102 releaseInitiatorContext(&ctx->initiatorCtx);
104 releaseAcceptorContext(&ctx->acceptorCtx);
107 krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key);
108 gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
109 gssEapReleaseName(&tmpMinor, &ctx->acceptorName);
110 gss_release_oid(&tmpMinor, &ctx->mechanismUsed);
111 sequenceFree(ctx->seqState);
113 GSSEAP_MUTEX_DESTROY(&ctx->mutex);
115 memset(ctx, 0, sizeof(*ctx));
117 *pCtx = GSS_C_NO_CONTEXT;
120 return GSS_S_COMPLETE;
124 gssEapMakeToken(OM_uint32 *minor,
126 const gss_buffer_t innerToken,
127 enum gss_eap_token_type tokenType,
128 gss_buffer_t outputToken)
133 outputToken->length = tokenSize(ctx->mechanismUsed, innerToken->length);
134 outputToken->value = GSSEAP_MALLOC(outputToken->length);
135 if (outputToken->value == NULL) {
137 return GSS_S_FAILURE;
140 p = (unsigned char *)outputToken->value;
141 makeTokenHeader(ctx->mechanismUsed, innerToken->length, &p, tokenType);
142 memcpy(p, innerToken->value, innerToken->length);
145 return GSS_S_COMPLETE;
149 gssEapVerifyToken(OM_uint32 *minor,
151 const gss_buffer_t inputToken,
152 enum gss_eap_token_type tokenType,
153 gss_buffer_t innerInputToken)
157 unsigned char *p = (unsigned char *)inputToken->value;
159 major = verifyTokenHeader(ctx->mechanismUsed, &bodySize, &p,
160 inputToken->length, tokenType);
161 if (GSS_ERROR(major))
164 innerInputToken->length = bodySize;
165 innerInputToken->value = p;
168 return GSS_S_COMPLETE;