moonshot/mech_eap/init_sec_context.c

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Establish a security context on the initiator (client). These functions
  35  * wrap around libeap.
  36  */
  37
  38 #include "gssapiP_eap.h"
  39
  40 static OM_uint32
  41 policyVariableToFlag(enum eapol_bool_var variable)
  42 {
  43     OM_uint32 flag = 0;
  44
  45     switch (variable) {
  46     case EAPOL_eapSuccess:
  47         flag = CTX_FLAG_EAP_SUCCESS;
  48         break;
  49     case EAPOL_eapRestart:
  50         flag = CTX_FLAG_EAP_RESTART;
  51         break;
  52     case EAPOL_eapFail:
  53         flag = CTX_FLAG_EAP_FAIL;
  54         break;
  55     case EAPOL_eapResp:
  56         flag = CTX_FLAG_EAP_RESP;
  57         break;
  58     case EAPOL_eapNoResp:
  59         flag = CTX_FLAG_EAP_NO_RESP;
  60         break;
  61     case EAPOL_eapReq:
  62         flag = CTX_FLAG_EAP_REQ;
  63         break;
  64     case EAPOL_portEnabled:
  65         flag = CTX_FLAG_EAP_PORT_ENABLED;
  66         break;
  67     case EAPOL_altAccept:
  68         flag = CTX_FLAG_EAP_ALT_ACCEPT;
  69         break;
  70     case EAPOL_altReject:
  71         flag = CTX_FLAG_EAP_ALT_REJECT;
  72         break;
  73     }
  74
  75     return flag;
  76 }
  77
  78 static struct eap_peer_config *
  79 peerGetConfig(void *ctx)
  80 {
  81     gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx;
  82
  83     return &gssCtx->initiatorCtx.eapPeerConfig;
  84 }
  85
  86 static Boolean
  87 peerGetBool(void *data, enum eapol_bool_var variable)
  88 {
  89     gss_ctx_id_t ctx = data;
  90     OM_uint32 flag;
  91
  92     if (ctx == GSS_C_NO_CONTEXT)
  93         return FALSE;
  94
  95     flag = policyVariableToFlag(variable);
  96
  97     return ((ctx->flags & flag) != 0);
  98 }
  99
 100 static void
 101 peerSetBool(void *data, enum eapol_bool_var variable,
 102             Boolean value)
 103 {
 104     gss_ctx_id_t ctx = data;
 105     OM_uint32 flag;
 106
 107     if (ctx == GSS_C_NO_CONTEXT)
 108         return;
 109
 110     flag = policyVariableToFlag(variable);
 111
 112     if (value)
 113         ctx->flags |= flag;
 114     else
 115         ctx->flags &= ~(flag);
 116 }
 117
 118 static unsigned int
 119 peerGetInt(void *data, enum eapol_int_var variable)
 120 {
 121     gss_ctx_id_t ctx = data;
 122
 123     if (ctx == GSS_C_NO_CONTEXT)
 124         return FALSE;
 125
 126     GSSEAP_ASSERT(CTX_IS_INITIATOR(ctx));
 127
 128     switch (variable) {
 129     case EAPOL_idleWhile:
 130         return ctx->initiatorCtx.idleWhile;
 131         break;
 132     }
 133
 134     return 0;
 135 }
 136
 137 static void
 138 peerSetInt(void *data, enum eapol_int_var variable,
 139            unsigned int value)
 140 {
 141     gss_ctx_id_t ctx = data;
 142
 143     if (ctx == GSS_C_NO_CONTEXT)
 144         return;
 145
 146     GSSEAP_ASSERT(CTX_IS_INITIATOR(ctx));
 147
 148     switch (variable) {
 149     case EAPOL_idleWhile:
 150         ctx->initiatorCtx.idleWhile = value;
 151         break;
 152     }
 153 }
 154
 155 static struct wpabuf *
 156 peerGetEapReqData(void *ctx)
 157 {
 158     gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx;
 159
 160     return &gssCtx->initiatorCtx.reqData;
 161 }
 162
 163 static void
 164 peerSetConfigBlob(void *ctx GSSEAP_UNUSED,
 165                   struct wpa_config_blob *blob GSSEAP_UNUSED)
 166 {
 167 }
 168
 169 static const struct wpa_config_blob *
 170 peerGetConfigBlob(void *ctx GSSEAP_UNUSED,
 171                   const char *name GSSEAP_UNUSED)
 172 {
 173     return NULL;
 174 }
 175
 176 static void
 177 peerNotifyPending(void *ctx GSSEAP_UNUSED)
 178 {
 179 }
 180
 181 static struct eapol_callbacks gssEapPolicyCallbacks = {
 182     peerGetConfig,
 183     peerGetBool,
 184     peerSetBool,
 185     peerGetInt,
 186     peerSetInt,
 187     peerGetEapReqData,
 188     peerSetConfigBlob,
 189     peerGetConfigBlob,
 190     peerNotifyPending,
 191 };
 192
 193 #ifdef GSSEAP_DEBUG
 194 extern int wpa_debug_level;
 195 #endif
 196
 197 static OM_uint32
 198 peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
 199 {
 200     OM_uint32 major;
 201     krb5_context krbContext;
 202     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
 203     gss_buffer_desc identity = GSS_C_EMPTY_BUFFER;
 204     gss_buffer_desc realm = GSS_C_EMPTY_BUFFER;
 205     gss_cred_id_t cred = ctx->cred;
 206
 207     eapPeerConfig->identity = NULL;
 208     eapPeerConfig->identity_len = 0;
 209     eapPeerConfig->anonymous_identity = NULL;
 210     eapPeerConfig->anonymous_identity_len = 0;
 211     eapPeerConfig->password = NULL;
 212     eapPeerConfig->password_len = 0;
 213
 214     GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
 215
 216     GSSEAP_KRB_INIT(&krbContext);
 217
 218     eapPeerConfig->fragment_size = 1024;
 219 #ifdef GSSEAP_DEBUG
 220     wpa_debug_level = 0;
 221 #endif
 222
 223     GSSEAP_ASSERT(cred->name != GSS_C_NO_NAME);
 224
 225     if ((cred->name->flags & (NAME_FLAG_NAI | NAME_FLAG_SERVICE)) == 0) {
 226         *minor = GSSEAP_BAD_INITIATOR_NAME;
 227         return GSS_S_BAD_NAME;
 228     }
 229
 230     /* identity */
 231     major = gssEapDisplayName(minor, cred->name, &identity, NULL);
 232     if (GSS_ERROR(major))
 233         return major;
 234
 235     eapPeerConfig->identity = (unsigned char *)identity.value;
 236     eapPeerConfig->identity_len = identity.length;
 237
 238     krbPrincRealmToGssBuffer(cred->name->krbPrincipal, &realm);
 239
 240     /* anonymous_identity */
 241     eapPeerConfig->anonymous_identity = GSSEAP_MALLOC(realm.length + 2);
 242     if (eapPeerConfig->anonymous_identity == NULL) {
 243         *minor = ENOMEM;
 244         return GSS_S_FAILURE;
 245     }
 246
 247     eapPeerConfig->anonymous_identity[0] = '@';
 248     memcpy(eapPeerConfig->anonymous_identity + 1, realm.value, realm.length);
 249     eapPeerConfig->anonymous_identity[1 + realm.length] = '\0';
 250     eapPeerConfig->anonymous_identity_len = 1 + realm.length;
 251
 252     /* password */
 253     eapPeerConfig->password = (unsigned char *)cred->password.value;
 254     eapPeerConfig->password_len = cred->password.length;
 255
 256     /* certs */
 257     eapPeerConfig->ca_cert = (unsigned char *)cred->caCertificate.value;
 258     eapPeerConfig->subject_match = (unsigned char *)cred->subjectNameConstraint.value;
 259     eapPeerConfig->altsubject_match = (unsigned char *)cred->subjectAltNameConstraint.value;
 260
 261     *minor = 0;
 262     return GSS_S_COMPLETE;
 263 }
 264
 265 static OM_uint32
 266 peerConfigFree(OM_uint32 *minor,
 267                gss_ctx_id_t ctx)
 268 {
 269     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
 270
 271     if (eapPeerConfig->identity != NULL) {
 272         GSSEAP_FREE(eapPeerConfig->identity);
 273         eapPeerConfig->identity = NULL;
 274         eapPeerConfig->identity_len = 0;
 275     }
 276
 277     if (eapPeerConfig->anonymous_identity != NULL) {
 278         GSSEAP_FREE(eapPeerConfig->anonymous_identity);
 279         eapPeerConfig->anonymous_identity = NULL;
 280         eapPeerConfig->anonymous_identity_len = 0;
 281     }
 282
 283     *minor = 0;
 284     return GSS_S_COMPLETE;
 285 }
 286
 287 /*
 288  * Mark an initiator context as ready for cryptographic operations
 289  */
 290 static OM_uint32
 291 initReady(OM_uint32 *minor, gss_ctx_id_t ctx, OM_uint32 reqFlags)
 292 {
 293     OM_uint32 major;
 294     const unsigned char *key;
 295     size_t keyLength;
 296
 297 #if 1
 298     /* XXX actually check for mutual auth */
 299     if (reqFlags & GSS_C_MUTUAL_FLAG)
 300         ctx->gssFlags |= GSS_C_MUTUAL_FLAG;
 301 #endif
 302
 303     /* Cache encryption type derived from selected mechanism OID */
 304     major = gssEapOidToEnctype(minor, ctx->mechanismUsed, &ctx->encryptionType);
 305     if (GSS_ERROR(major))
 306         return major;
 307
 308     if (!eap_key_available(ctx->initiatorCtx.eap)) {
 309         *minor = GSSEAP_KEY_UNAVAILABLE;
 310         return GSS_S_UNAVAILABLE;
 311     }
 312
 313     key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength);
 314
 315     if (keyLength < EAP_EMSK_LEN) {
 316         *minor = GSSEAP_KEY_TOO_SHORT;
 317         return GSS_S_UNAVAILABLE;
 318     }
 319
 320     major = gssEapDeriveRfc3961Key(minor,
 321                                    &key[EAP_EMSK_LEN / 2],
 322                                    EAP_EMSK_LEN / 2,
 323                                    ctx->encryptionType,
 324                                    &ctx->rfc3961Key);
 325        if (GSS_ERROR(major))
 326            return major;
 327
 328     major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
 329                                       &ctx->checksumType);
 330     if (GSS_ERROR(major))
 331         return major;
 332
 333     major = sequenceInit(minor,
 334                          &ctx->seqState,
 335                          ctx->recvSeq,
 336                          ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
 337                          ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
 338                          TRUE);
 339     if (GSS_ERROR(major))
 340         return major;
 341
 342     *minor = 0;
 343     return GSS_S_COMPLETE;
 344 }
 345
 346 static OM_uint32
 347 initBegin(OM_uint32 *minor,
 348           gss_ctx_id_t ctx,
 349           gss_name_t target,
 350           gss_OID mech,
 351           OM_uint32 reqFlags GSSEAP_UNUSED,
 352           OM_uint32 timeReq,
 353           gss_channel_bindings_t chanBindings GSSEAP_UNUSED)
 354 {
 355     OM_uint32 major;
 356     gss_cred_id_t cred = ctx->cred;
 357
 358     GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
 359
 360     if (cred->expiryTime)
 361         ctx->expiryTime = cred->expiryTime;
 362     else if (timeReq == 0 || timeReq == GSS_C_INDEFINITE)
 363         ctx->expiryTime = 0;
 364     else
 365         ctx->expiryTime = time(NULL) + timeReq;
 366
 367     /*
 368      * The credential mutex protects its name, however we need to
 369      * explicitly lock the acceptor name (unlikely as it may be
 370      * that it has attributes set on it).
 371      */
 372     major = gssEapDuplicateName(minor, cred->name, &ctx->initiatorName);
 373     if (GSS_ERROR(major))
 374         return major;
 375
 376     if (target != GSS_C_NO_NAME) {
 377         GSSEAP_MUTEX_LOCK(&target->mutex);
 378
 379         major = gssEapDuplicateName(minor, target, &ctx->acceptorName);
 380         if (GSS_ERROR(major)) {
 381             GSSEAP_MUTEX_UNLOCK(&target->mutex);
 382             return major;
 383         }
 384
 385         GSSEAP_MUTEX_UNLOCK(&target->mutex);
 386     }
 387
 388     major = gssEapCanonicalizeOid(minor,
 389                                   mech,
 390                                   OID_FLAG_NULL_VALID | OID_FLAG_MAP_NULL_TO_DEFAULT_MECH,
 391                                   &ctx->mechanismUsed);
 392     if (GSS_ERROR(major))
 393         return major;
 394
 395     /* If credentials were provided, check they're usable with this mech */
 396     if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
 397         *minor = GSSEAP_CRED_MECH_MISMATCH;
 398         return GSS_S_BAD_MECH;
 399     }
 400
 401     *minor = 0;
 402     return GSS_S_COMPLETE;
 403 }
 404
 405 static OM_uint32
 406 eapGssSmInitError(OM_uint32 *minor,
 407                   gss_cred_id_t cred GSSEAP_UNUSED,
 408                   gss_ctx_id_t ctx GSSEAP_UNUSED,
 409                   gss_name_t target GSSEAP_UNUSED,
 410                   gss_OID mech GSSEAP_UNUSED,
 411                   OM_uint32 reqFlags GSSEAP_UNUSED,
 412                   OM_uint32 timeReq GSSEAP_UNUSED,
 413                   gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 414                   gss_buffer_t inputToken,
 415                   gss_buffer_t outputToken GSSEAP_UNUSED,
 416                   OM_uint32 *smFlags GSSEAP_UNUSED)
 417 {
 418     OM_uint32 major;
 419     unsigned char *p;
 420
 421     if (inputToken->length < 8) {
 422         *minor = GSSEAP_TOK_TRUNC;
 423         return GSS_S_DEFECTIVE_TOKEN;
 424     }
 425
 426     p = (unsigned char *)inputToken->value;
 427
 428     major = load_uint32_be(&p[0]);
 429     *minor = ERROR_TABLE_BASE_eapg + load_uint32_be(&p[4]);
 430
 431     if (!GSS_ERROR(major) || !IS_WIRE_ERROR(*minor)) {
 432         major = GSS_S_FAILURE;
 433         *minor = GSSEAP_BAD_ERROR_TOKEN;
 434     }
 435
 436     GSSEAP_ASSERT(GSS_ERROR(major));
 437
 438     return major;
 439 }
 440
 441 #ifdef GSSEAP_ENABLE_REAUTH
 442 static OM_uint32
 443 eapGssSmInitGssReauth(OM_uint32 *minor,
 444                       gss_cred_id_t cred,
 445                       gss_ctx_id_t ctx,
 446                       gss_name_t target,
 447                       gss_OID mech GSSEAP_UNUSED,
 448                       OM_uint32 reqFlags,
 449                       OM_uint32 timeReq,
 450                       gss_channel_bindings_t chanBindings,
 451                       gss_buffer_t inputToken,
 452                       gss_buffer_t outputToken,
 453                       OM_uint32 *smFlags GSSEAP_UNUSED)
 454 {
 455     OM_uint32 major, tmpMinor;
 456     gss_name_t mechTarget = GSS_C_NO_NAME;
 457     gss_OID actualMech = GSS_C_NO_OID;
 458     OM_uint32 gssFlags, timeRec;
 459
 460     /*
 461      * Here we use the passed in credential handle because the resolved
 462      * context credential does not currently have the reauth creds.
 463      */
 464     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) {
 465         if (!gssEapCanReauthP(cred, target, timeReq))
 466             return GSS_S_CONTINUE_NEEDED;
 467
 468         ctx->flags |= CTX_FLAG_KRB_REAUTH;
 469     } else if ((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0) {
 470         major = GSS_S_DEFECTIVE_TOKEN;
 471         *minor = GSSEAP_WRONG_ITOK;
 472         goto cleanup;
 473     }
 474
 475     GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
 476
 477     major = gssEapMechToGlueName(minor, target, &mechTarget);
 478     if (GSS_ERROR(major))
 479         goto cleanup;
 480
 481     major = gssInitSecContext(minor,
 482                               cred->reauthCred,
 483                               &ctx->reauthCtx,
 484                               mechTarget,
 485                               (gss_OID)gss_mech_krb5,
 486                               reqFlags | GSS_C_MUTUAL_FLAG,
 487                               timeReq,
 488                               chanBindings,
 489                               inputToken,
 490                               &actualMech,
 491                               outputToken,
 492                               &gssFlags,
 493                               &timeRec);
 494     if (GSS_ERROR(major))
 495         goto cleanup;
 496
 497     ctx->gssFlags = gssFlags;
 498
 499     if (major == GSS_S_COMPLETE) {
 500         GSSEAP_ASSERT(GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE);
 501
 502         major = gssEapReauthComplete(minor, ctx, cred, actualMech, timeRec);
 503         if (GSS_ERROR(major))
 504             goto cleanup;
 505         GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
 506     } else {
 507         GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_REAUTHENTICATE);
 508     }
 509
 510 cleanup:
 511     gssReleaseName(&tmpMinor, &mechTarget);
 512
 513     return major;
 514 }
 515 #endif /* GSSEAP_ENABLE_REAUTH */
 516
 517 #ifdef GSSEAP_DEBUG
 518 static OM_uint32
 519 eapGssSmInitVendorInfo(OM_uint32 *minor,
 520                        gss_cred_id_t cred GSSEAP_UNUSED,
 521                        gss_ctx_id_t ctx GSSEAP_UNUSED,
 522                        gss_name_t target GSSEAP_UNUSED,
 523                        gss_OID mech GSSEAP_UNUSED,
 524                        OM_uint32 reqFlags GSSEAP_UNUSED,
 525                        OM_uint32 timeReq GSSEAP_UNUSED,
 526                        gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 527                        gss_buffer_t inputToken GSSEAP_UNUSED,
 528                        gss_buffer_t outputToken,
 529                        OM_uint32 *smFlags GSSEAP_UNUSED)
 530 {
 531     OM_uint32 major;
 532
 533     major = makeStringBuffer(minor, "JANET(UK)", outputToken);
 534     if (GSS_ERROR(major))
 535         return major;
 536
 537     return GSS_S_CONTINUE_NEEDED;
 538 }
 539 #endif
 540
 541 static OM_uint32
 542 eapGssSmInitAcceptorName(OM_uint32 *minor,
 543                          gss_cred_id_t cred GSSEAP_UNUSED,
 544                          gss_ctx_id_t ctx,
 545                          gss_name_t target GSSEAP_UNUSED,
 546                          gss_OID mech GSSEAP_UNUSED,
 547                          OM_uint32 reqFlags GSSEAP_UNUSED,
 548                          OM_uint32 timeReq GSSEAP_UNUSED,
 549                          gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 550                          gss_buffer_t inputToken GSSEAP_UNUSED,
 551                          gss_buffer_t outputToken,
 552                          OM_uint32 *smFlags GSSEAP_UNUSED)
 553 {
 554     OM_uint32 major;
 555
 556     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL &&
 557         ctx->acceptorName != GSS_C_NO_NAME) {
 558
 559         /* Send desired target name to acceptor */
 560         major = gssEapDisplayName(minor, ctx->acceptorName,
 561                                   outputToken, NULL);
 562         if (GSS_ERROR(major))
 563             return major;
 564     } else if (inputToken != GSS_C_NO_BUFFER &&
 565                ctx->acceptorName == GSS_C_NO_NAME) {
 566         /* Accept target name hint from acceptor */
 567         major = gssEapImportName(minor, inputToken,
 568                                  GSS_C_NT_USER_NAME,
 569                                  ctx->mechanismUsed,
 570                                  &ctx->acceptorName);
 571         if (GSS_ERROR(major))
 572             return major;
 573     }
 574
 575     /*
 576      * Currently, other parts of the code assume that the acceptor name
 577      * is available, hence this check.
 578      */
 579     if (ctx->acceptorName == GSS_C_NO_NAME) {
 580         *minor = GSSEAP_NO_ACCEPTOR_NAME;
 581         return GSS_S_FAILURE;
 582     }
 583
 584     return GSS_S_CONTINUE_NEEDED;
 585 }
 586
 587 static OM_uint32
 588 eapGssSmInitIdentity(OM_uint32 *minor,
 589                      gss_cred_id_t cred GSSEAP_UNUSED,
 590                      gss_ctx_id_t ctx,
 591                      gss_name_t target GSSEAP_UNUSED,
 592                      gss_OID mech GSSEAP_UNUSED,
 593                      OM_uint32 reqFlags GSSEAP_UNUSED,
 594                      OM_uint32 timeReq GSSEAP_UNUSED,
 595                      gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 596                      gss_buffer_t inputToken GSSEAP_UNUSED,
 597                      gss_buffer_t outputToken GSSEAP_UNUSED,
 598                      OM_uint32 *smFlags)
 599 {
 600     struct eap_config eapConfig;
 601
 602 #ifdef GSSEAP_ENABLE_REAUTH
 603     if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_REAUTHENTICATE) {
 604         OM_uint32 tmpMinor;
 605
 606         /* server didn't support reauthentication, sent EAP request */
 607         gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER);
 608         ctx->flags &= ~(CTX_FLAG_KRB_REAUTH);
 609         GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_INITIAL);
 610     } else
 611 #endif
 612         *smFlags |= SM_FLAG_FORCE_SEND_TOKEN;
 613
 614     GSSEAP_ASSERT((ctx->flags & CTX_FLAG_KRB_REAUTH) == 0);
 615     GSSEAP_ASSERT(inputToken == GSS_C_NO_BUFFER);
 616
 617     memset(&eapConfig, 0, sizeof(eapConfig));
 618
 619     ctx->initiatorCtx.eap = eap_peer_sm_init(ctx,
 620                                              &gssEapPolicyCallbacks,
 621                                              ctx,
 622                                              &eapConfig);
 623     if (ctx->initiatorCtx.eap == NULL) {
 624         *minor = GSSEAP_PEER_SM_INIT_FAILURE;
 625         return GSS_S_FAILURE;
 626     }
 627
 628     ctx->flags |= CTX_FLAG_EAP_RESTART | CTX_FLAG_EAP_PORT_ENABLED;
 629
 630     /* poke EAP state machine */
 631     if (eap_peer_sm_step(ctx->initiatorCtx.eap) != 0) {
 632         *minor = GSSEAP_PEER_SM_STEP_FAILURE;
 633         return GSS_S_FAILURE;
 634     }
 635
 636     GSSEAP_SM_TRANSITION_NEXT(ctx);
 637
 638     *minor = 0;
 639
 640     return GSS_S_CONTINUE_NEEDED;
 641 }
 642
 643 static OM_uint32
 644 eapGssSmInitAuthenticate(OM_uint32 *minor,
 645                          gss_cred_id_t cred GSSEAP_UNUSED,
 646                          gss_ctx_id_t ctx,
 647                          gss_name_t target GSSEAP_UNUSED,
 648                          gss_OID mech GSSEAP_UNUSED,
 649                          OM_uint32 reqFlags GSSEAP_UNUSED,
 650                          OM_uint32 timeReq GSSEAP_UNUSED,
 651                          gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 652                          gss_buffer_t inputToken GSSEAP_UNUSED,
 653                          gss_buffer_t outputToken,
 654                          OM_uint32 *smFlags)
 655 {
 656     OM_uint32 major;
 657     OM_uint32 tmpMinor;
 658     struct wpabuf *resp = NULL;
 659
 660     *minor = 0;
 661
 662     GSSEAP_ASSERT(inputToken != GSS_C_NO_BUFFER);
 663
 664     major = peerConfigInit(minor, ctx);
 665     if (GSS_ERROR(major))
 666         goto cleanup;
 667
 668     GSSEAP_ASSERT(ctx->initiatorCtx.eap != NULL);
 669     GSSEAP_ASSERT(ctx->flags & CTX_FLAG_EAP_PORT_ENABLED);
 670
 671     ctx->flags |= CTX_FLAG_EAP_REQ; /* we have a Request from the acceptor */
 672
 673     wpabuf_set(&ctx->initiatorCtx.reqData,
 674                inputToken->value, inputToken->length);
 675
 676     major = GSS_S_CONTINUE_NEEDED;
 677
 678     eap_peer_sm_step(ctx->initiatorCtx.eap);
 679     if (ctx->flags & CTX_FLAG_EAP_RESP) {
 680         ctx->flags &= ~(CTX_FLAG_EAP_RESP);
 681
 682         resp = eap_get_eapRespData(ctx->initiatorCtx.eap);
 683     } else if (ctx->flags & CTX_FLAG_EAP_SUCCESS) {
 684         major = initReady(minor, ctx, reqFlags);
 685         if (GSS_ERROR(major))
 686             goto cleanup;
 687
 688         ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS);
 689         major = GSS_S_CONTINUE_NEEDED;
 690         GSSEAP_SM_TRANSITION_NEXT(ctx);
 691     } else if (ctx->flags & CTX_FLAG_EAP_FAIL) {
 692         major = GSS_S_DEFECTIVE_CREDENTIAL;
 693         *minor = GSSEAP_PEER_AUTH_FAILURE;
 694     } else {
 695         major = GSS_S_DEFECTIVE_TOKEN;
 696         *minor = GSSEAP_PEER_BAD_MESSAGE;
 697     }
 698
 699 cleanup:
 700     if (resp != NULL) {
 701         OM_uint32 tmpMajor;
 702         gss_buffer_desc respBuf;
 703
 704         GSSEAP_ASSERT(major == GSS_S_CONTINUE_NEEDED);
 705
 706         respBuf.length = wpabuf_len(resp);
 707         respBuf.value = (void *)wpabuf_head(resp);
 708
 709         tmpMajor = duplicateBuffer(&tmpMinor, &respBuf, outputToken);
 710         if (GSS_ERROR(tmpMajor)) {
 711             major = tmpMajor;
 712             *minor = tmpMinor;
 713         }
 714
 715         *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
 716     }
 717
 718     wpabuf_set(&ctx->initiatorCtx.reqData, NULL, 0);
 719     peerConfigFree(&tmpMinor, ctx);
 720
 721     return major;
 722 }
 723
 724 static OM_uint32
 725 eapGssSmInitGssFlags(OM_uint32 *minor,
 726                      gss_cred_id_t cred GSSEAP_UNUSED,
 727                      gss_ctx_id_t ctx,
 728                      gss_name_t target GSSEAP_UNUSED,
 729                      gss_OID mech GSSEAP_UNUSED,
 730                      OM_uint32 reqFlags GSSEAP_UNUSED,
 731                      OM_uint32 timeReq GSSEAP_UNUSED,
 732                      gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 733                      gss_buffer_t inputToken GSSEAP_UNUSED,
 734                      gss_buffer_t outputToken,
 735                      OM_uint32 *smFlags GSSEAP_UNUSED)
 736 {
 737     unsigned char wireFlags[4];
 738     gss_buffer_desc flagsBuf;
 739
 740     store_uint32_be(ctx->gssFlags & GSSEAP_WIRE_FLAGS_MASK, wireFlags);
 741
 742     flagsBuf.length = sizeof(wireFlags);
 743     flagsBuf.value = wireFlags;
 744
 745     return duplicateBuffer(minor, &flagsBuf, outputToken);
 746 }
 747
 748 static OM_uint32
 749 eapGssSmInitGssChannelBindings(OM_uint32 *minor,
 750                                gss_cred_id_t cred GSSEAP_UNUSED,
 751                                gss_ctx_id_t ctx,
 752                                gss_name_t target GSSEAP_UNUSED,
 753                                gss_OID mech GSSEAP_UNUSED,
 754                                OM_uint32 reqFlags GSSEAP_UNUSED,
 755                                OM_uint32 timeReq GSSEAP_UNUSED,
 756                                gss_channel_bindings_t chanBindings,
 757                                gss_buffer_t inputToken GSSEAP_UNUSED,
 758                                gss_buffer_t outputToken,
 759                                OM_uint32 *smFlags)
 760 {
 761     OM_uint32 major;
 762     krb5_error_code code;
 763     krb5_context krbContext;
 764     krb5_data data;
 765     krb5_checksum cksum;
 766     gss_buffer_desc cksumBuffer;
 767
 768     if (chanBindings == GSS_C_NO_CHANNEL_BINDINGS ||
 769         chanBindings->application_data.length == 0)
 770         return GSS_S_CONTINUE_NEEDED;
 771
 772     GSSEAP_KRB_INIT(&krbContext);
 773
 774     KRB_DATA_INIT(&data);
 775
 776     gssBufferToKrbData(&chanBindings->application_data, &data);
 777
 778     code = krb5_c_make_checksum(krbContext, ctx->checksumType,
 779                                 &ctx->rfc3961Key,
 780                                 KEY_USAGE_GSSEAP_CHBIND_MIC,
 781                                 &data, &cksum);
 782     if (code != 0) {
 783         *minor = code;
 784         return GSS_S_FAILURE;
 785     }
 786
 787     cksumBuffer.length = KRB_CHECKSUM_LENGTH(&cksum);
 788     cksumBuffer.value  = KRB_CHECKSUM_DATA(&cksum);
 789
 790     major = duplicateBuffer(minor, &cksumBuffer, outputToken);
 791     if (GSS_ERROR(major)) {
 792         krb5_free_checksum_contents(krbContext, &cksum);
 793         return major;
 794     }
 795
 796     *minor = 0;
 797     *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
 798
 799     krb5_free_checksum_contents(krbContext, &cksum);
 800
 801     return GSS_S_CONTINUE_NEEDED;
 802 }
 803
 804 static OM_uint32
 805 eapGssSmInitInitiatorMIC(OM_uint32 *minor,
 806                          gss_cred_id_t cred GSSEAP_UNUSED,
 807                          gss_ctx_id_t ctx,
 808                          gss_name_t target GSSEAP_UNUSED,
 809                          gss_OID mech GSSEAP_UNUSED,
 810                          OM_uint32 reqFlags GSSEAP_UNUSED,
 811                          OM_uint32 timeReq GSSEAP_UNUSED,
 812                          gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 813                          gss_buffer_t inputToken GSSEAP_UNUSED,
 814                          gss_buffer_t outputToken,
 815                          OM_uint32 *smFlags)
 816 {
 817     OM_uint32 major;
 818
 819     major = gssEapMakeTokenMIC(minor, ctx, outputToken);
 820     if (GSS_ERROR(major))
 821         return major;
 822
 823     GSSEAP_SM_TRANSITION_NEXT(ctx);
 824
 825     *minor = 0;
 826     *smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
 827
 828     return GSS_S_CONTINUE_NEEDED;
 829 }
 830
 831 #ifdef GSSEAP_ENABLE_REAUTH
 832 static OM_uint32
 833 eapGssSmInitReauthCreds(OM_uint32 *minor,
 834                         gss_cred_id_t cred,
 835                         gss_ctx_id_t ctx,
 836                         gss_name_t target GSSEAP_UNUSED,
 837                         gss_OID mech GSSEAP_UNUSED,
 838                         OM_uint32 reqFlags GSSEAP_UNUSED,
 839                         OM_uint32 timeReq GSSEAP_UNUSED,
 840                         gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 841                         gss_buffer_t inputToken,
 842                         gss_buffer_t outputToken GSSEAP_UNUSED,
 843                         OM_uint32 *smFlags GSSEAP_UNUSED)
 844 {
 845     OM_uint32 major;
 846
 847     if (ctx->gssFlags & GSS_C_MUTUAL_FLAG) {
 848         major = gssEapStoreReauthCreds(minor, ctx, cred, inputToken);
 849         if (GSS_ERROR(major))
 850             return major;
 851     }
 852
 853     *minor = 0;
 854     return GSS_S_CONTINUE_NEEDED;
 855 }
 856 #endif /* GSSEAP_ENABLE_REAUTH */
 857
 858 static OM_uint32
 859 eapGssSmInitAcceptorMIC(OM_uint32 *minor,
 860                         gss_cred_id_t cred GSSEAP_UNUSED,
 861                         gss_ctx_id_t ctx,
 862                         gss_name_t target GSSEAP_UNUSED,
 863                         gss_OID mech GSSEAP_UNUSED,
 864                         OM_uint32 reqFlags GSSEAP_UNUSED,
 865                         OM_uint32 timeReq GSSEAP_UNUSED,
 866                         gss_channel_bindings_t chanBindings GSSEAP_UNUSED,
 867                         gss_buffer_t inputToken,
 868                         gss_buffer_t outputToken GSSEAP_UNUSED,
 869                         OM_uint32 *smFlags GSSEAP_UNUSED)
 870 {
 871     OM_uint32 major;
 872
 873     major = gssEapVerifyTokenMIC(minor, ctx, inputToken);
 874     if (GSS_ERROR(major))
 875         return major;
 876
 877     GSSEAP_SM_TRANSITION(ctx, GSSEAP_STATE_ESTABLISHED);
 878
 879     *minor = 0;
 880
 881     return GSS_S_COMPLETE;
 882 }
 883
 884 static struct gss_eap_sm eapGssInitiatorSm[] = {
 885     {
 886         ITOK_TYPE_CONTEXT_ERR,
 887         ITOK_TYPE_NONE,
 888         GSSEAP_STATE_ALL & ~(GSSEAP_STATE_INITIAL),
 889         0,
 890         eapGssSmInitError
 891     },
 892     {
 893         ITOK_TYPE_ACCEPTOR_NAME_RESP,
 894         ITOK_TYPE_ACCEPTOR_NAME_REQ,
 895         GSSEAP_STATE_INITIAL | GSSEAP_STATE_AUTHENTICATE,
 896         0,
 897         eapGssSmInitAcceptorName
 898     },
 899 #ifdef GSSEAP_DEBUG
 900     {
 901         ITOK_TYPE_NONE,
 902         ITOK_TYPE_VENDOR_INFO,
 903         GSSEAP_STATE_INITIAL,
 904         0,
 905         eapGssSmInitVendorInfo
 906     },
 907 #endif
 908 #ifdef GSSEAP_ENABLE_REAUTH
 909     {
 910         ITOK_TYPE_REAUTH_RESP,
 911         ITOK_TYPE_REAUTH_REQ,
 912         GSSEAP_STATE_INITIAL | GSSEAP_STATE_REAUTHENTICATE,
 913         0,
 914         eapGssSmInitGssReauth
 915     },
 916 #endif
 917     {
 918         ITOK_TYPE_NONE,
 919         ITOK_TYPE_NONE,
 920 #ifdef GSSEAP_ENABLE_REAUTH
 921         GSSEAP_STATE_REAUTHENTICATE |
 922 #endif
 923         GSSEAP_STATE_INITIAL,
 924         SM_ITOK_FLAG_REQUIRED,
 925         eapGssSmInitIdentity
 926     },
 927     {
 928         ITOK_TYPE_EAP_REQ,
 929         ITOK_TYPE_EAP_RESP,
 930         GSSEAP_STATE_AUTHENTICATE,
 931         SM_ITOK_FLAG_REQUIRED,
 932         eapGssSmInitAuthenticate
 933     },
 934     {
 935         ITOK_TYPE_NONE,
 936         ITOK_TYPE_GSS_FLAGS,
 937         GSSEAP_STATE_INITIATOR_EXTS,
 938         0,
 939         eapGssSmInitGssFlags
 940     },
 941     {
 942         ITOK_TYPE_NONE,
 943         ITOK_TYPE_GSS_CHANNEL_BINDINGS,
 944         GSSEAP_STATE_INITIATOR_EXTS,
 945         0,
 946         eapGssSmInitGssChannelBindings
 947     },
 948     {
 949         ITOK_TYPE_NONE,
 950         ITOK_TYPE_INITIATOR_MIC,
 951         GSSEAP_STATE_INITIATOR_EXTS,
 952         SM_ITOK_FLAG_REQUIRED,
 953         eapGssSmInitInitiatorMIC
 954     },
 955 #ifdef GSSEAP_ENABLE_REAUTH
 956     {
 957         ITOK_TYPE_REAUTH_CREDS,
 958         ITOK_TYPE_NONE,
 959         GSSEAP_STATE_ACCEPTOR_EXTS,
 960         0,
 961         eapGssSmInitReauthCreds
 962     },
 963 #endif
 964     /* other extensions go here */
 965     {
 966         ITOK_TYPE_ACCEPTOR_MIC,
 967         ITOK_TYPE_NONE,
 968         GSSEAP_STATE_ACCEPTOR_EXTS,
 969         SM_ITOK_FLAG_REQUIRED,
 970         eapGssSmInitAcceptorMIC
 971     }
 972 };
 973
 974 OM_uint32
 975 gssEapInitSecContext(OM_uint32 *minor,
 976                      gss_cred_id_t cred,
 977                      gss_ctx_id_t ctx,
 978                      gss_name_t target_name,
 979                      gss_OID mech_type,
 980                      OM_uint32 req_flags,
 981                      OM_uint32 time_req,
 982                      gss_channel_bindings_t input_chan_bindings,
 983                      gss_buffer_t input_token,
 984                      gss_OID *actual_mech_type,
 985                      gss_buffer_t output_token,
 986                      OM_uint32 *ret_flags,
 987                      OM_uint32 *time_rec)
 988 {
 989     OM_uint32 major, tmpMinor;
 990     int initialContextToken = (ctx->mechanismUsed == GSS_C_NO_OID);
 991
 992     /*
 993      * XXX is acquiring the credential lock here necessary? The password is
 994      * mutable but the contract could specify that this is not updated whilst
 995      * a context is being initialized.
 996      */
 997     if (cred != GSS_C_NO_CREDENTIAL)
 998         GSSEAP_MUTEX_LOCK(&cred->mutex);
 999
1000     if (ctx->cred == GSS_C_NO_CREDENTIAL) {
1001         major = gssEapResolveInitiatorCred(minor, cred, target_name, &ctx->cred);
1002         if (GSS_ERROR(major))
1003             goto cleanup;
1004
1005         GSSEAP_ASSERT(ctx->cred != GSS_C_NO_CREDENTIAL);
1006     }
1007
1008     GSSEAP_MUTEX_LOCK(&ctx->cred->mutex);
1009
1010     GSSEAP_ASSERT(ctx->cred->flags & CRED_FLAG_RESOLVED);
1011     GSSEAP_ASSERT(ctx->cred->flags & CRED_FLAG_INITIATE);
1012
1013     if (initialContextToken) {
1014         major = initBegin(minor, ctx, target_name, mech_type,
1015                           req_flags, time_req, input_chan_bindings);
1016         if (GSS_ERROR(major))
1017             goto cleanup;
1018     }
1019
1020     major = gssEapSmStep(minor,
1021                          cred,
1022                          ctx,
1023                          target_name,
1024                          mech_type,
1025                          req_flags,
1026                          time_req,
1027                          input_chan_bindings,
1028                          input_token,
1029                          output_token,
1030                          eapGssInitiatorSm,
1031                          sizeof(eapGssInitiatorSm) / sizeof(eapGssInitiatorSm[0]));
1032     if (GSS_ERROR(major))
1033         goto cleanup;
1034
1035     if (actual_mech_type != NULL) {
1036         OM_uint32 tmpMajor;
1037
1038         tmpMajor = gssEapCanonicalizeOid(&tmpMinor, ctx->mechanismUsed, 0, actual_mech_type);
1039         if (GSS_ERROR(tmpMajor)) {
1040             major = tmpMajor;
1041             *minor = tmpMinor;
1042             goto cleanup;
1043         }
1044     }
1045     if (ret_flags != NULL)
1046         *ret_flags = ctx->gssFlags;
1047     if (time_rec != NULL)
1048         gssEapContextTime(&tmpMinor, ctx, time_rec);
1049
1050     GSSEAP_ASSERT(CTX_IS_ESTABLISHED(ctx) || major == GSS_S_CONTINUE_NEEDED);
1051
1052 cleanup:
1053     if (cred != GSS_C_NO_CREDENTIAL)
1054         GSSEAP_MUTEX_UNLOCK(&cred->mutex);
1055     if (ctx->cred != GSS_C_NO_CREDENTIAL)
1056         GSSEAP_MUTEX_UNLOCK(&ctx->cred->mutex);
1057
1058     return major;
1059 }
1060
1061 OM_uint32 GSSAPI_CALLCONV
1062 gss_init_sec_context(OM_uint32 *minor,
1063                      gss_cred_id_t cred,
1064                      gss_ctx_id_t *context_handle,
1065                      gss_name_t target_name,
1066                      gss_OID mech_type,
1067                      OM_uint32 req_flags,
1068                      OM_uint32 time_req,
1069                      gss_channel_bindings_t input_chan_bindings,
1070                      gss_buffer_t input_token,
1071                      gss_OID *actual_mech_type,
1072                      gss_buffer_t output_token,
1073                      OM_uint32 *ret_flags,
1074                      OM_uint32 *time_rec)
1075 {
1076     OM_uint32 major, tmpMinor;
1077     gss_ctx_id_t ctx = *context_handle;
1078
1079     *minor = 0;
1080
1081     output_token->length = 0;
1082     output_token->value = NULL;
1083
1084     if (ctx == GSS_C_NO_CONTEXT) {
1085         if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
1086             *minor = GSSEAP_WRONG_SIZE;
1087             return GSS_S_DEFECTIVE_TOKEN;
1088         }
1089
1090         major = gssEapAllocContext(minor, &ctx);
1091         if (GSS_ERROR(major))
1092             return major;
1093
1094         ctx->flags |= CTX_FLAG_INITIATOR;
1095
1096         *context_handle = ctx;
1097     }
1098
1099     GSSEAP_MUTEX_LOCK(&ctx->mutex);
1100
1101     major = gssEapInitSecContext(minor,
1102                                  cred,
1103                                  ctx,
1104                                  target_name,
1105                                  mech_type,
1106                                  req_flags,
1107                                  time_req,
1108                                  input_chan_bindings,
1109                                  input_token,
1110                                  actual_mech_type,
1111                                  output_token,
1112                                  ret_flags,
1113                                  time_rec);
1114
1115     GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
1116
1117     if (GSS_ERROR(major))
1118         gssEapReleaseContext(&tmpMinor, context_handle);
1119
1120     return major;
1121 }