projects / mech_eap.orig / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
[mech_eap.orig] / util_krb.c
1 /*
2  * Copyright (c) 2010, JANET(UK)
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * 3. Neither the name of JANET(UK) nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32
33 /*
34  * Kerberos 5 helpers.
35  */
36
37 #include "gssapiP_eap.h"
38
39 static GSSEAP_THREAD_ONCE krbContextKeyOnce = GSSEAP_ONCE_INITIALIZER;
40 static GSSEAP_THREAD_KEY krbContextKey;
41
42 static void
43 destroyKrbContext(void *arg)
44 {
45     krb5_context context = (krb5_context)arg;
46
47     if (context != NULL)
48         krb5_free_context(context);
49 }
50
51 static void
52 createKrbContextKey(void)
53 {
54     GSSEAP_KEY_CREATE(&krbContextKey, destroyKrbContext);
55 }
56
57 OM_uint32
58 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
59 {
60     *minor = 0;
61
62     GSSEAP_ONCE(&krbContextKeyOnce, createKrbContextKey);
63
64     *context = GSSEAP_GETSPECIFIC(krbContextKey);
65     if (*context == NULL) {
66         *minor = krb5_init_context(context);
67         if (*minor == 0) {
68             if (GSSEAP_SETSPECIFIC(krbContextKey, *context) != 0) {
69                 *minor = errno;
70                 krb5_free_context(*context);
71                 *context = NULL;
72             }
73         }
74     }
75
76     return *minor == 0 ? GSS_S_COMPLETE : GSS_S_FAILURE;
77 }
78
79 /*
80  * Derive a key K for RFC 4121 use by using the following
81  * derivation function (based on RFC 4402);
82  *
83  * KMSK = random-to-key(MSK)
84  * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
85  * L = output key size
86  * K = truncate(L, T1 || T2 || .. || Tn)
87  */
88 OM_uint32
89 gssEapDeriveRfc3961Key(OM_uint32 *minor,
90                        const unsigned char *inputKey,
91                        size_t inputKeyLength,
92                        krb5_enctype encryptionType,
93                        krb5_keyblock *pKey)
94 {
95     krb5_context krbContext;
96 #ifndef HAVE_HEIMDAL_VERSION
97     krb5_data data;
98 #endif
99     krb5_data ns, t, prfOut;
100     krb5_keyblock kd;
101     krb5_error_code code;
102     size_t randomLength, keyLength, prfLength;
103     unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p;
104     ssize_t i, remain;
105
106     assert(encryptionType != ENCTYPE_NULL);
107
108     memset(pKey, 0, sizeof(*pKey));
109
110     GSSEAP_KRB_INIT(&krbContext);
111
112     KRB_KEY_INIT(&kd);
113     KRB_KEY_TYPE(&kd) = encryptionType;
114
115     t.data = NULL;
116     t.length = 0;
117
118     prfOut.data = NULL;
119     prfOut.length = 0;
120
121     code = krb5_c_keylengths(krbContext, encryptionType,
122                              &randomLength, &keyLength);
123     if (code != 0)
124         goto cleanup;
125
126     KRB_KEY_DATA(&kd) = GSSEAP_MALLOC(keyLength);
127     if (KRB_KEY_DATA(&kd) == NULL) {
128         code = ENOMEM;
129         goto cleanup;
130     }
131     KRB_KEY_LENGTH(&kd) = keyLength;
132
133     /* Convert MSK into a Kerberos key */
134 #ifdef HAVE_HEIMDAL_VERSION
135     code = krb5_random_to_key(krbContext, encryptionType, inputKey,
136                               MIN(inputKeyLength, randomLength), &kd);
137 #else
138     data.length = MIN(inputKeyLength, randomLength);
139     data.data = (char *)inputKey;
140
141     code = krb5_c_random_to_key(krbContext, encryptionType, &data, &kd);
142 #endif
143     if (code != 0)
144         goto cleanup;
145
146     memset(&constant[0], 0, 4);
147     memcpy(&constant[4], "rfc4121-gss-eap", sizeof("rfc4121-gss-eap") - 1);
148
149     ns.length = sizeof(constant);
150     ns.data = (char *)constant;
151
152     /* Plug derivation constant and key into PRF */
153     code = krb5_c_prf_length(krbContext, encryptionType, &prfLength);
154     if (code != 0)
155         goto cleanup;
156
157     t.length = prfLength;
158     t.data = GSSEAP_MALLOC(t.length);
159     if (t.data == NULL) {
160         code = ENOMEM;
161         goto cleanup;
162     }
163
164     prfOut.length = randomLength;
165     prfOut.data = GSSEAP_MALLOC(prfOut.length);
166     if (prfOut.data == NULL) {
167         code = ENOMEM;
168         goto cleanup;
169     }
170
171     for (i = 0, p = (unsigned char *)prfOut.data, remain = randomLength;
172          remain > 0;
173          p += t.length, remain -= t.length, i++)
174     {
175         store_uint32_be(i, ns.data);
176
177         code = krb5_c_prf(krbContext, &kd, &ns, &t);
178         if (code != 0)
179             goto cleanup;
180
181         memcpy(p, t.data, MIN(t.length, remain));
182      }
183
184     /* Finally, convert PRF output into a new key which we will return */
185 #ifdef HAVE_HEIMDAL_VERSION
186     code = krb5_random_to_key(krbContext, encryptionType,
187                               prfOut.data, prfOut.length, &kd);
188 #else
189     code = krb5_c_random_to_key(krbContext, encryptionType, &prfOut, &kd);
190 #endif
191     if (code != 0)
192         goto cleanup;
193
194     *pKey = kd;
195     KRB_KEY_DATA(&kd) = NULL;
196
197 cleanup:
198     if (KRB_KEY_DATA(&kd) != NULL) {
199         memset(KRB_KEY_DATA(&kd), 0, KRB_KEY_LENGTH(&kd));
200         GSSEAP_FREE(KRB_KEY_DATA(&kd));
201     }
202     if (t.data != NULL) {
203         memset(t.data, 0, t.length);
204         GSSEAP_FREE(t.data);
205     }
206     if (prfOut.data != NULL) {
207         memset(prfOut.data, 0, prfOut.length);
208         GSSEAP_FREE(prfOut.data);
209     }
210     *minor = code;
211     return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
212 }
213
214 #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
215 extern krb5_error_code
216 krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
217 #endif
218
219 OM_uint32
220 rfc3961ChecksumTypeForKey(OM_uint32 *minor,
221                           krb5_keyblock *key,
222                           krb5_cksumtype *cksumtype)
223 {
224     krb5_context krbContext;
225 #ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
226     krb5_data data;
227     krb5_checksum cksum;
228 #endif
229
230     GSSEAP_KRB_INIT(&krbContext);
231
232 #ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
233     *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key),
234                                            cksumtype);
235     if (*minor != 0)
236         return GSS_S_FAILURE;
237 #else
238     data.length = 0;
239     data.data = NULL;
240
241     memset(&cksum, 0, sizeof(cksum));
242
243     /*
244      * This is a complete hack but it's the only way to work with
245      * MIT Kerberos pre-1.9 without using private API, as it does
246      * not support passing in zero as the checksum type.
247      */
248     *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum);
249     if (*minor != 0)
250         return GSS_S_FAILURE;
251
252 #ifdef HAVE_HEIMDAL_VERSION
253     *cksumtype = cksum.cksumtype;
254 #else
255     *cksumtype = cksum.checksum_type;
256 #endif
257
258     krb5_free_checksum_contents(krbContext, &cksum);
259 #endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
260
261     if (!krb5_c_is_keyed_cksum(*cksumtype)) {
262         *minor = KRB5KRB_AP_ERR_INAPP_CKSUM;
263         return GSS_S_FAILURE;
264     }
265
266     return GSS_S_COMPLETE;
267 }
268
269 #ifdef HAVE_HEIMDAL_VERSION
270 static heim_general_string krbAnonymousPrincipalComponents[] =
271     { KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME };
272
273 static const Principal krbAnonymousPrincipalData = {
274     { KRB5_NT_WELLKNOWN, { 2, krbAnonymousPrincipalComponents } },
275     "WELLKNOWN:ANONYMOUS"
276 };
277 #endif
278
279 krb5_const_principal
280 krbAnonymousPrincipal(void)
281 {
282 #ifdef HAVE_HEIMDAL_VERSION
283     return &krbAnonymousPrincipalData;
284 #else
285     return krb5_anonymous_principal();
286 #endif
287 }
288
289 krb5_error_code
290 krbCryptoLength(krb5_context krbContext,
291 #ifdef HAVE_HEIMDAL_VERSION
292                 krb5_crypto krbCrypto,
293 #else
294                 krb5_keyblock *key,
295 #endif
296                 int type,
297                 size_t *length)
298 {
299 #ifdef HAVE_HEIMDAL_VERSION
300     return krb5_crypto_length(krbContext, krbCrypto, type, length);
301 #else
302     unsigned int len;
303     krb5_error_code code;
304
305     code = krb5_c_crypto_length(krbContext, KRB_KEY_TYPE(key), type, &len);
306     if (code == 0)
307         *length = (size_t)len;
308
309     return code;
310 #endif
311 }
312
313 krb5_error_code
314 krbPaddingLength(krb5_context krbContext,
315 #ifdef HAVE_HEIMDAL_VERSION
316                  krb5_crypto krbCrypto,
317 #else
318                  krb5_keyblock *key,
319 #endif
320                  size_t dataLength,
321                  size_t *padLength)
322 {
323     krb5_error_code code;
324 #ifdef HAVE_HEIMDAL_VERSION
325     size_t headerLength, paddingLength;
326
327     code = krbCryptoLength(krbContext, krbCrypto,
328                            KRB5_CRYPTO_TYPE_HEADER, &headerLength);
329     if (code != 0)
330         return code;
331
332     dataLength += headerLength;
333
334     code = krb5_crypto_length(krbContext, krbCrypto,
335                               KRB5_CRYPTO_TYPE_PADDING, &paddingLength);
336     if (code != 0)
337         return code;
338
339     if (paddingLength != 0 && (dataLength % paddingLength) != 0)
340         *padLength = paddingLength - (dataLength % paddingLength);
341     else
342         *padLength = 0;
343
344     return 0;
345 #else
346     unsigned int pad;
347
348     code = krb5_c_padding_length(krbContext, KRB_KEY_TYPE(key), dataLength, &pad);
349     if (code == 0)
350         *padLength = (size_t)pad;
351
352     return code;
353 #endif /* HAVE_HEIMDAL_VERSION */
354 }
355
356 krb5_error_code
357 krbBlockSize(krb5_context krbContext,
358 #ifdef HAVE_HEIMDAL_VERSION
359                  krb5_crypto krbCrypto,
360 #else
361                  krb5_keyblock *key,
362 #endif
363                  size_t *blockSize)
364 {
365 #ifdef HAVE_HEIMDAL_VERSION
366     return krb5_crypto_getblocksize(krbContext, krbCrypto, blockSize);
367 #else
368     return krb5_c_block_size(krbContext, KRB_KEY_TYPE(key), blockSize);
369 #endif
370 }
371
372 krb5_error_code
373 krbEnctypeToString(krb5_context krbContext,
374                    krb5_enctype enctype,
375                    const char *prefix,
376                    gss_buffer_t string)
377 {
378     krb5_error_code code;
379 #ifdef HAVE_HEIMDAL_VERSION
380     char *enctypeBuf = NULL;
381 #else
382     char enctypeBuf[128];
383 #endif
384     size_t prefixLength, enctypeLength;
385
386 #ifdef HAVE_HEIMDAL_VERSION
387     code = krb5_enctype_to_string(krbContext, enctype, &enctypeBuf);
388 #else
389     code = krb5_enctype_to_name(enctype, 0, enctypeBuf, sizeof(enctypeBuf));
390 #endif
391     if (code != 0)
392         return code;
393
394     prefixLength = (prefix != NULL) ? strlen(prefix) : 0;
395     enctypeLength = strlen(enctypeBuf);
396
397     string->value = GSSEAP_MALLOC(prefixLength + enctypeLength + 1);
398     if (string->value == NULL) {
399 #ifdef HAVE_HEIMDAL_VERSION
400         krb5_xfree(enctypeBuf);
401 #endif
402         return ENOMEM;
403     }
404
405     if (prefixLength != 0)
406         memcpy(string->value, prefix, prefixLength);
407     memcpy((char *)string->value + prefixLength, enctypeBuf, enctypeLength);
408
409     string->length = prefixLength + enctypeLength;
410     ((char *)string->value)[string->length] = '\0';
411
412 #ifdef HAVE_HEIMDAL_VERSION
413     krb5_xfree(enctypeBuf);
414 #endif
415
416     return 0;
417 }
418
419 krb5_error_code
420 krbMakeAuthDataKdcIssued(krb5_context context,
421                          const krb5_keyblock *key,
422                          krb5_const_principal issuer,
423 #ifdef HAVE_HEIMDAL_VERSION
424                          const AuthorizationData *authdata,
425                          AuthorizationData *adKdcIssued
426 #else
427                          krb5_authdata *const *authdata,
428                          krb5_authdata ***adKdcIssued
429 #endif
430                          )
431 {
432 #ifdef HAVE_HEIMDAL_VERSION
433     krb5_error_code code;
434     AD_KDCIssued kdcIssued;
435     AuthorizationDataElement adDatum;
436     unsigned char *buf;
437     size_t buf_size, len;
438     krb5_crypto crypto = NULL;
439
440     memset(&kdcIssued, 0, sizeof(kdcIssued));
441     memset(adKdcIssued, 0, sizeof(*adKdcIssued));
442
443     kdcIssued.i_realm = issuer->realm != NULL ? (Realm *)&issuer->realm : NULL;
444     kdcIssued.i_sname = (PrincipalName *)&issuer->name;
445     kdcIssued.elements = *authdata;
446
447     ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata, &len, code);
448     if (code != 0)
449         goto cleanup;
450
451     code = krb5_crypto_init(context, key, 0, &crypto);
452     if (code != 0)
453         goto cleanup;
454
455     code = krb5_create_checksum(context, crypto, KRB5_KU_AD_KDC_ISSUED,
456                                 0, buf, buf_size, &kdcIssued.ad_checksum);
457     if (code != 0)
458         goto cleanup;
459
460     GSSEAP_FREE(buf);
461     buf = NULL;
462
463     ASN1_MALLOC_ENCODE(AD_KDCIssued, buf, buf_size, &kdcIssued, &len, code);
464     if (code != 0)
465         goto cleanup;
466
467     adDatum.ad_type = KRB5_AUTHDATA_KDC_ISSUED;
468     adDatum.ad_data.length = buf_size;
469     adDatum.ad_data.data = buf;
470
471     code = add_AuthorizationData(adKdcIssued, &adDatum);
472     if (code != 0)
473         goto cleanup;
474
475 cleanup:
476     if (buf != NULL)
477         GSSEAP_FREE(buf);
478     if (crypto != NULL)
479         krb5_crypto_destroy(context, crypto);
480     free_Checksum(&kdcIssued.ad_checksum);
481
482     return code;
483 #else
484     return krb5_make_authdata_kdc_issued(context, key, issuer, authdata,
485                                          adKdcIssued);
486 #endif /* HAVE_HEIMDAL_VERSION */
487 }
488
489 krb5_error_code
490 krbMakeCred(krb5_context krbContext,
491             krb5_auth_context authContext,
492             krb5_creds *creds,
493             krb5_data *data)
494 {
495     krb5_error_code code;
496 #ifdef HAVE_HEIMDAL_VERSION
497     KRB_CRED krbCred;
498     KrbCredInfo krbCredInfo;
499     krb5_keyblock *key;
500     krb5_crypto krbCrypto = NULL;
501     krb5_data credInfoData = { 0 };
502     size_t len;
503 #else
504     krb5_data *d = NULL;
505 #endif
506
507     memset(data, 0, sizeof(*data));
508 #ifdef HAVE_HEIMDAL_VERSION
509     memset(&krbCred, 0, sizeof(krbCred));
510     memset(&krbCredInfo, 0, sizeof(krbCredInfo));
511
512     key = (authContext->local_subkey != NULL)
513           ? authContext->local_subkey
514           : authContext->keyblock;
515
516     krbCred.pvno = 5;
517     krbCred.msg_type = krb_cred;
518     krbCred.tickets.val = (Ticket *)GSSEAP_CALLOC(1, sizeof(Ticket));
519     if (krbCred.tickets.val == NULL) {
520         code = ENOMEM;
521         goto cleanup;
522     }
523     krbCred.tickets.len = 1;
524
525     code = decode_Ticket(creds->ticket.data,
526                          creds->ticket.length,
527                          krbCred.tickets.val, &len);
528     if (code != 0)
529         goto cleanup;
530
531     krbCredInfo.key         = creds->session;
532     krbCredInfo.prealm      = &creds->client->realm;
533     krbCredInfo.pname       = &creds->client->name;
534     krbCredInfo.flags       = &creds->flags.b;
535     krbCredInfo.authtime    = &creds->times.authtime;
536     krbCredInfo.starttime   = &creds->times.starttime;
537     krbCredInfo.endtime     = &creds->times.endtime;
538     krbCredInfo.renew_till  = &creds->times.renew_till;
539     krbCredInfo.srealm      = &creds->server->realm;
540     krbCredInfo.sname       = &creds->server->name;
541     krbCredInfo.caddr       = creds->addresses.len ? &creds->addresses : NULL;
542
543     ASN1_MALLOC_ENCODE(KrbCredInfo, credInfoData.data, credInfoData.length,
544                        &krbCredInfo, &len, code);
545     if (code != 0)
546         goto cleanup;
547
548     code = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
549     if (code != 0)
550         goto cleanup;
551
552     code = krb5_encrypt_EncryptedData(krbContext,
553                                       krbCrypto,
554                                       KRB5_KU_KRB_CRED,
555                                       credInfoData.data,
556                                       credInfoData.length,
557                                       0,
558                                       &krbCred.enc_part);
559     if (code != 0)
560         goto cleanup;
561
562     ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length,
563                        &krbCred, &len, code);
564     if (code != 0)
565         goto cleanup;
566
567 cleanup:
568     if (krbCrypto != NULL)
569         krb5_crypto_destroy(krbContext, krbCrypto);
570     free_KRB_CRED(&krbCred);
571     krb5_data_free(&credInfoData);
572
573     return code;
574 #else
575     code = krb5_mk_1cred(krbContext, authContext, creds, &d, NULL);
576     if (code == 0) {
577         *data = *d;
578         GSSEAP_FREE(d);
579     }
580
581     return code;
582 #endif /* HAVE_HEIMDAL_VERSION */
583 }
Moonshot GSS-API mechanism