2
* Copyright (c) 2011, JANET(UK)
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions
9
* 1. Redistributions of source code must retain the above copyright
10
* notice, this list of conditions and the following disclaimer.
12
* 2. Redistributions in binary form must reproduce the above copyright
13
* notice, this list of conditions and the following disclaimer in the
14
* documentation and/or other materials provided with the distribution.
16
* 3. Neither the name of JANET(UK) nor the names of its contributors
17
* may be used to endorse or promote products derived from this software
18
* without specific prior written permission.
20
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37
#include "gssapiP_eap.h"
40
gssEapDestroyKrbContext(krb5_context context)
43
krb5_free_context(context);
46
static krb5_error_code
47
initKrbContext(krb5_context *pKrbContext)
49
krb5_context krbContext;
51
char *defaultRealm = NULL;
55
code = krb5_init_context(&krbContext);
59
krb5_appdefault_string(krbContext, "eap_gss",
60
NULL, "default_realm", "", &defaultRealm);
62
if (defaultRealm != NULL && defaultRealm[0] != '\0') {
63
code = krb5_set_default_realm(krbContext, defaultRealm);
68
*pKrbContext = krbContext;
71
krb5_free_default_realm(krbContext, defaultRealm);
73
if (code != 0 && krbContext != NULL)
74
krb5_free_context(krbContext);
80
gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
82
struct gss_eap_thread_local_data *tld;
87
tld = gssEapGetThreadLocalData();
89
if (tld->krbContext == NULL) {
90
*minor = initKrbContext(&tld->krbContext);
92
tld->krbContext = NULL;
94
*context = tld->krbContext;
96
*minor = GSSEAP_GET_LAST_ERROR();
99
GSSEAP_ASSERT(*context != NULL || *minor != 0);
101
return (*minor == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
105
* Derive a key K for RFC 4121 use by using the following
106
* derivation function (based on RFC 4402);
108
* KMSK = random-to-key(MSK)
109
* Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
110
* L = output key size
111
* K = truncate(L, T1 || T2 || .. || Tn)
113
* The output must be freed by krb5_free_keyblock_contents(),
117
gssEapDeriveRfc3961Key(OM_uint32 *minor,
118
const unsigned char *inputKey,
119
size_t inputKeyLength,
120
krb5_enctype encryptionType,
123
krb5_context krbContext;
124
#ifndef HAVE_HEIMDAL_VERSION
127
krb5_data ns, t, derivedKeyData;
129
krb5_error_code code;
130
size_t randomLength, keyLength, prfLength;
131
unsigned char constant[4 + sizeof("rfc4121-gss-eap") - 1], *p;
134
GSSEAP_KRB_INIT(&krbContext);
135
GSSEAP_ASSERT(encryptionType != ENCTYPE_NULL);
139
KRB_KEY_TYPE(&kd) = encryptionType;
143
KRB_DATA_INIT(&derivedKeyData);
145
code = krb5_c_keylengths(krbContext, encryptionType,
146
&randomLength, &keyLength);
150
/* Convert EAP MSK into a Kerberos key */
152
#ifdef HAVE_HEIMDAL_VERSION
153
code = krb5_random_to_key(krbContext, encryptionType, inputKey,
154
MIN(inputKeyLength, randomLength), &kd);
156
data.length = MIN(inputKeyLength, randomLength);
157
data.data = (char *)inputKey;
159
KRB_KEY_DATA(&kd) = KRB_MALLOC(keyLength);
160
if (KRB_KEY_DATA(&kd) == NULL) {
164
KRB_KEY_LENGTH(&kd) = keyLength;
166
code = krb5_c_random_to_key(krbContext, encryptionType, &data, &kd);
167
#endif /* HAVE_HEIMDAL_VERSION */
171
memset(&constant[0], 0, 4);
172
memcpy(&constant[4], "rfc4121-gss-eap", sizeof("rfc4121-gss-eap") - 1);
174
ns.length = sizeof(constant);
175
ns.data = (char *)constant;
177
/* Plug derivation constant and key into PRF */
178
code = krb5_c_prf_length(krbContext, encryptionType, &prfLength);
182
#ifndef HAVE_HEIMDAL_VERSION
183
/* Same API, but different allocation rules, unfortunately. */
184
t.length = prfLength;
185
t.data = GSSEAP_MALLOC(t.length);
186
if (t.data == NULL) {
192
derivedKeyData.length = randomLength;
193
derivedKeyData.data = GSSEAP_MALLOC(derivedKeyData.length);
194
if (derivedKeyData.data == NULL) {
199
for (i = 0, p = (unsigned char *)derivedKeyData.data, remain = randomLength;
201
p += t.length, remain -= t.length, i++)
203
store_uint32_be(i, ns.data);
205
code = krb5_c_prf(krbContext, &kd, &ns, &t);
209
memcpy(p, t.data, MIN(t.length, remain));
212
/* Finally, convert PRF output into a new key which we will return */
213
#ifdef HAVE_HEIMDAL_VERSION
214
krb5_free_keyblock_contents(krbContext, &kd);
217
code = krb5_random_to_key(krbContext, encryptionType,
218
derivedKeyData.data, derivedKeyData.length, &kd);
220
code = krb5_c_random_to_key(krbContext, encryptionType,
221
&derivedKeyData, &kd);
230
krb5_free_keyblock_contents(krbContext, &kd);
231
#ifdef HAVE_HEIMDAL_VERSION
234
if (t.data != NULL) {
235
memset(t.data, 0, t.length);
239
if (derivedKeyData.data != NULL) {
240
memset(derivedKeyData.data, 0, derivedKeyData.length);
241
GSSEAP_FREE(derivedKeyData.data);
246
return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
249
#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
250
extern krb5_error_code
251
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
255
rfc3961ChecksumTypeForKey(OM_uint32 *minor,
257
krb5_cksumtype *cksumtype)
259
krb5_context krbContext;
260
#ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
265
GSSEAP_KRB_INIT(&krbContext);
267
#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
268
*minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key),
271
return GSS_S_FAILURE;
273
KRB_DATA_INIT(&data);
275
memset(&cksum, 0, sizeof(cksum));
278
* This is a complete hack but it's the only way to work with
279
* MIT Kerberos pre-1.9 without using private API, as it does
280
* not support passing in zero as the checksum type.
282
*minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum);
284
return GSS_S_FAILURE;
286
*cksumtype = KRB_CHECKSUM_TYPE(&cksum);
288
krb5_free_checksum_contents(krbContext, &cksum);
289
#endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
291
if (!krb5_c_is_keyed_cksum(*cksumtype)) {
292
*minor = (OM_uint32)KRB5KRB_AP_ERR_INAPP_CKSUM;
293
return GSS_S_FAILURE;
296
return GSS_S_COMPLETE;
300
krbCryptoLength(krb5_context krbContext,
301
#ifdef HAVE_HEIMDAL_VERSION
302
krb5_crypto krbCrypto,
309
#ifdef HAVE_HEIMDAL_VERSION
310
return krb5_crypto_length(krbContext, krbCrypto, type, length);
313
krb5_error_code code;
315
code = krb5_c_crypto_length(krbContext, KRB_KEY_TYPE(key), type, &len);
317
*length = (size_t)len;
324
krbPaddingLength(krb5_context krbContext,
325
#ifdef HAVE_HEIMDAL_VERSION
326
krb5_crypto krbCrypto,
333
krb5_error_code code;
334
#ifdef HAVE_HEIMDAL_VERSION
335
size_t headerLength, paddingLength;
337
code = krbCryptoLength(krbContext, krbCrypto,
338
KRB5_CRYPTO_TYPE_HEADER, &headerLength);
342
dataLength += headerLength;
344
code = krb5_crypto_length(krbContext, krbCrypto,
345
KRB5_CRYPTO_TYPE_PADDING, &paddingLength);
349
if (paddingLength != 0 && (dataLength % paddingLength) != 0)
350
*padLength = paddingLength - (dataLength % paddingLength);
358
code = krb5_c_padding_length(krbContext, KRB_KEY_TYPE(key), dataLength, &pad);
360
*padLength = (size_t)pad;
363
#endif /* HAVE_HEIMDAL_VERSION */
367
krbBlockSize(krb5_context krbContext,
368
#ifdef HAVE_HEIMDAL_VERSION
369
krb5_crypto krbCrypto,
375
#ifdef HAVE_HEIMDAL_VERSION
376
return krb5_crypto_getblocksize(krbContext, krbCrypto, blockSize);
378
return krb5_c_block_size(krbContext, KRB_KEY_TYPE(key), blockSize);
384
#ifdef HAVE_HEIMDAL_VERSION
385
krb5_context krbContext,
387
krb5_context krbContext GSSEAP_UNUSED,
389
krb5_enctype enctype,
393
krb5_error_code code;
394
#ifdef HAVE_HEIMDAL_VERSION
395
char *enctypeBuf = NULL;
397
char enctypeBuf[128];
399
size_t prefixLength, enctypeLength;
401
#ifdef HAVE_HEIMDAL_VERSION
402
code = krb5_enctype_to_string(krbContext, enctype, &enctypeBuf);
404
code = krb5_enctype_to_name(enctype, 0, enctypeBuf, sizeof(enctypeBuf));
409
prefixLength = (prefix != NULL) ? strlen(prefix) : 0;
410
enctypeLength = strlen(enctypeBuf);
412
string->value = GSSEAP_MALLOC(prefixLength + enctypeLength + 1);
413
if (string->value == NULL) {
414
#ifdef HAVE_HEIMDAL_VERSION
415
krb5_xfree(enctypeBuf);
420
if (prefixLength != 0)
421
memcpy(string->value, prefix, prefixLength);
422
memcpy((char *)string->value + prefixLength, enctypeBuf, enctypeLength);
424
string->length = prefixLength + enctypeLength;
425
((char *)string->value)[string->length] = '\0';
427
#ifdef HAVE_HEIMDAL_VERSION
428
krb5_xfree(enctypeBuf);
435
krbMakeAuthDataKdcIssued(krb5_context context,
436
const krb5_keyblock *key,
437
krb5_const_principal issuer,
438
#ifdef HAVE_HEIMDAL_VERSION
439
const AuthorizationData *authdata,
440
AuthorizationData *adKdcIssued
442
krb5_authdata *const *authdata,
443
krb5_authdata ***adKdcIssued
447
#ifdef HAVE_HEIMDAL_VERSION
448
krb5_error_code code;
449
AD_KDCIssued kdcIssued;
450
AuthorizationDataElement adDatum;
452
size_t buf_size, len;
453
krb5_crypto crypto = NULL;
455
memset(&kdcIssued, 0, sizeof(kdcIssued));
456
memset(adKdcIssued, 0, sizeof(*adKdcIssued));
458
kdcIssued.i_realm = issuer->realm != NULL ? (Realm *)&issuer->realm : NULL;
459
kdcIssued.i_sname = (PrincipalName *)&issuer->name;
460
kdcIssued.elements = *authdata;
462
ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata, &len, code);
466
code = krb5_crypto_init(context, key, 0, &crypto);
470
code = krb5_create_checksum(context, crypto, KRB5_KU_AD_KDC_ISSUED,
471
0, buf, buf_size, &kdcIssued.ad_checksum);
475
free(buf); /* match ASN1_MALLOC_ENCODE */
478
ASN1_MALLOC_ENCODE(AD_KDCIssued, buf, buf_size, &kdcIssued, &len, code);
482
adDatum.ad_type = KRB5_AUTHDATA_KDC_ISSUED;
483
adDatum.ad_data.length = buf_size;
484
adDatum.ad_data.data = buf;
486
code = add_AuthorizationData(adKdcIssued, &adDatum);
492
free(buf); /* match ASN1_MALLOC_ENCODE */
494
krb5_crypto_destroy(context, crypto);
495
free_Checksum(&kdcIssued.ad_checksum);
499
return krb5_make_authdata_kdc_issued(context, key, issuer, authdata,
501
#endif /* HAVE_HEIMDAL_VERSION */
505
krbMakeCred(krb5_context krbContext,
506
krb5_auth_context authContext,
510
krb5_error_code code;
511
#ifdef HAVE_HEIMDAL_VERSION
513
KrbCredInfo krbCredInfo;
514
EncKrbCredPart encKrbCredPart;
516
krb5_crypto krbCrypto = NULL;
517
krb5_data encKrbCredPartData;
518
krb5_replay_data rdata;
524
memset(data, 0, sizeof(*data));
525
#ifdef HAVE_HEIMDAL_VERSION
526
memset(&krbCred, 0, sizeof(krbCred));
527
memset(&krbCredInfo, 0, sizeof(krbCredInfo));
528
memset(&encKrbCredPart, 0, sizeof(encKrbCredPart));
529
memset(&rdata, 0, sizeof(rdata));
531
if (authContext->local_subkey)
532
key = authContext->local_subkey;
533
else if (authContext->remote_subkey)
534
key = authContext->remote_subkey;
536
key = authContext->keyblock;
539
krbCred.msg_type = krb_cred;
540
krbCred.tickets.val = (Ticket *)GSSEAP_CALLOC(1, sizeof(Ticket));
541
if (krbCred.tickets.val == NULL) {
545
krbCred.tickets.len = 1;
547
code = decode_Ticket(creds->ticket.data,
548
creds->ticket.length,
549
krbCred.tickets.val, &len);
553
krbCredInfo.key = creds->session;
554
krbCredInfo.prealm = &creds->client->realm;
555
krbCredInfo.pname = &creds->client->name;
556
krbCredInfo.flags = &creds->flags.b;
557
krbCredInfo.authtime = &creds->times.authtime;
558
krbCredInfo.starttime = &creds->times.starttime;
559
krbCredInfo.endtime = &creds->times.endtime;
560
krbCredInfo.renew_till = &creds->times.renew_till;
561
krbCredInfo.srealm = &creds->server->realm;
562
krbCredInfo.sname = &creds->server->name;
563
krbCredInfo.caddr = creds->addresses.len ? &creds->addresses : NULL;
565
encKrbCredPart.ticket_info.len = 1;
566
encKrbCredPart.ticket_info.val = &krbCredInfo;
567
if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
568
rdata.seq = authContext->local_seqnumber;
569
encKrbCredPart.nonce = (int32_t *)&rdata.seq;
571
encKrbCredPart.nonce = NULL;
573
if (authContext->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
574
krb5_us_timeofday(krbContext, &rdata.timestamp, &rdata.usec);
575
encKrbCredPart.timestamp = &rdata.timestamp;
576
encKrbCredPart.usec = &rdata.usec;
578
encKrbCredPart.timestamp = NULL;
579
encKrbCredPart.usec = NULL;
581
encKrbCredPart.s_address = authContext->local_address;
582
encKrbCredPart.r_address = authContext->remote_address;
584
ASN1_MALLOC_ENCODE(EncKrbCredPart, encKrbCredPartData.data,
585
encKrbCredPartData.length, &encKrbCredPart,
590
code = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
594
code = krb5_encrypt_EncryptedData(krbContext,
597
encKrbCredPartData.data,
598
encKrbCredPartData.length,
604
ASN1_MALLOC_ENCODE(KRB_CRED, data->data, data->length,
605
&krbCred, &len, code);
609
if (authContext->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
610
authContext->local_seqnumber++;
613
if (krbCrypto != NULL)
614
krb5_crypto_destroy(krbContext, krbCrypto);
615
free_KRB_CRED(&krbCred);
616
krb5_data_free(&encKrbCredPartData);
620
code = krb5_mk_1cred(krbContext, authContext, creds, &d, NULL);
627
#endif /* HAVE_HEIMDAL_VERSION */