2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
36 * 1.3.6.1.4.1.5322(padl)
39 * eap-aes128-cts-hmac-sha1-96(17)
40 * eap-aes256-cts-hmac-sha1-96(18)
43 * inquireSecContextByOid(1)
45 * setSecContextOption(3)
50 static gss_OID_desc gssEapMechPrefix = {
51 /* Note that alone this is not a valid DER encoded OID */
52 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x00"
55 static gss_OID_desc gssEapConcreteMechs[] = {
56 /* 1.3.6.1.4.1.5322.21.1 */
57 { 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
58 /* 1.3.6.1.4.1.5322.21.1.17 */
59 { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
60 /* 1.3.6.1.4.1.5322.21.1.18 */
61 { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
64 gss_OID GSS_EAP_MECHANISM = &gssEapConcreteMechs[0];
65 gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[1];
66 gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapConcreteMechs[2];
69 gssEapIsConcreteMechanismOid(const gss_OID oid)
71 return oid->length > gssEapMechPrefix.length &&
72 memcmp(oid->elements, gssEapMechPrefix.elements,
73 gssEapMechPrefix.length) == 0;
77 gssEapIsMechanismOid(const gss_OID oid)
79 return oid == GSS_C_NO_OID ||
80 oidEqual(oid, GSS_EAP_MECHANISM) ||
81 gssEapIsConcreteMechanismOid(oid);
85 gssEapValidateMechs(OM_uint32 *minor,
86 const gss_OID_set mechs)
92 if (mechs == GSS_C_NO_OID_SET) {
93 return GSS_S_COMPLETE;
96 for (i = 0; i < mechs->count; i++) {
97 gss_OID oid = &mechs->elements[i];
99 if (!gssEapIsMechanismOid(oid))
100 return GSS_S_BAD_MECH;
103 return GSS_S_COMPLETE;
107 gssEapOidToEnctype(OM_uint32 *minor,
109 krb5_enctype *enctype)
114 major = decomposeOid(minor,
115 gssEapMechPrefix.elements,
116 gssEapMechPrefix.length,
119 if (major == GSS_S_COMPLETE)
126 gssEapEnctypeToOid(OM_uint32 *minor,
127 krb5_enctype enctype,
135 oid = (gss_OID)GSSEAP_MALLOC(sizeof(*oid));
138 return GSS_S_FAILURE;
141 oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 1);
142 if (oid->elements == NULL) {
145 return GSS_S_FAILURE;
148 major = composeOid(minor,
149 gssEapMechPrefix.elements,
150 gssEapMechPrefix.length,
153 if (major == GSS_S_COMPLETE) {
154 gssEapInternalizeOid(oid, pOid);
165 gssEapIndicateMechs(OM_uint32 *minor,
168 krb5_context krbContext;
169 OM_uint32 major, tmpMinor;
170 krb5_enctype *etypes;
173 GSSEAP_KRB_INIT(&krbContext);
175 *minor = krb5_get_permitted_enctypes(krbContext, &etypes);
177 return GSS_S_FAILURE;
180 major = gss_create_empty_oid_set(minor, mechs);
181 if (GSS_ERROR(major)) {
182 GSSEAP_FREE(etypes); /* XXX */
186 for (i = 0; etypes[i] != ENCTYPE_NULL; i++) {
189 /* XXX currently we aren't equipped to encode these enctypes */
190 if (etypes[i] < 0 || etypes[i] > 127)
193 major = gssEapEnctypeToOid(minor, etypes[i], &mechOid);
194 if (GSS_ERROR(major))
197 major = gss_add_oid_set_member(minor, mechOid, mechs);
198 if (GSS_ERROR(major))
201 gss_release_oid(&tmpMinor, &mechOid);
204 GSSEAP_FREE(etypes); /* XXX */
210 gssEapDefaultMech(OM_uint32 *minor,
214 OM_uint32 major, tmpMinor;
216 major = gssEapIndicateMechs(minor, &mechs);
217 if (GSS_ERROR(major)) {
221 if (mechs->count == 0) {
222 gss_release_oid_set(&tmpMinor, &mechs);
223 return GSS_S_BAD_MECH;
226 if (!gssEapInternalizeOid(&mechs->elements[0], oid)) {
227 /* don't double-free if we didn't internalize it */
228 mechs->elements[0].length = 0;
229 mechs->elements[0].elements = NULL;
232 gss_release_oid_set(&tmpMinor, &mechs);
235 return GSS_S_COMPLETE;
239 gssEapInternalizeOid(const gss_OID oid,
240 gss_OID *const pInternalizedOid)
244 *pInternalizedOid = GSS_C_NO_OID;
247 i < sizeof(gssEapConcreteMechs) / sizeof(gssEapConcreteMechs[0]);
249 if (oidEqual(oid, &gssEapConcreteMechs[i])) {
250 *pInternalizedOid = (const gss_OID)&gssEapConcreteMechs[i];
255 if (*pInternalizedOid == GSS_C_NO_OID) {
256 if (oidEqual(oid, GSS_EAP_NT_PRINCIPAL_NAME))
257 *pInternalizedOid = (const gss_OID)GSS_EAP_NT_PRINCIPAL_NAME;
260 if (*pInternalizedOid == GSS_C_NO_OID) {
261 *pInternalizedOid = oid;
projects / mech_eap.orig / blob