1 /*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #include <pkinit_asn1.h>
37
38 krb5_error_code
_krb5_pk_octetstring2key(krb5_context context,krb5_enctype type,const void * dhdata,size_t dhsize,const heim_octet_string * c_n,const heim_octet_string * k_n,krb5_keyblock * key)39 _krb5_pk_octetstring2key(krb5_context context,
40 krb5_enctype type,
41 const void *dhdata,
42 size_t dhsize,
43 const heim_octet_string *c_n,
44 const heim_octet_string *k_n,
45 krb5_keyblock *key)
46 {
47 struct _krb5_encryption_type *et = _krb5_find_enctype(type);
48 krb5_error_code ret;
49 size_t keylen, offset;
50 void *keydata;
51 unsigned char counter;
52 unsigned char shaoutput[SHA_DIGEST_LENGTH];
53 EVP_MD_CTX *m;
54
55 if(et == NULL) {
56 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
57 N_("encryption type %d not supported", ""),
58 type);
59 return KRB5_PROG_ETYPE_NOSUPP;
60 }
61 keylen = (et->keytype->bits + 7) / 8;
62
63 keydata = malloc(keylen);
64 if (keydata == NULL) {
65 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
66 return ENOMEM;
67 }
68
69 m = EVP_MD_CTX_create();
70 if (m == NULL) {
71 free(keydata);
72 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
73 return ENOMEM;
74 }
75
76 counter = 0;
77 offset = 0;
78 do {
79
80 EVP_DigestInit_ex(m, EVP_sha1(), NULL);
81 EVP_DigestUpdate(m, &counter, 1);
82 EVP_DigestUpdate(m, dhdata, dhsize);
83
84 if (c_n)
85 EVP_DigestUpdate(m, c_n->data, c_n->length);
86 if (k_n)
87 EVP_DigestUpdate(m, k_n->data, k_n->length);
88
89 EVP_DigestFinal_ex(m, shaoutput, NULL);
90
91 memcpy((unsigned char *)keydata + offset,
92 shaoutput,
93 min(keylen - offset, sizeof(shaoutput)));
94
95 offset += sizeof(shaoutput);
96 counter++;
97 } while(offset < keylen);
98 memset(shaoutput, 0, sizeof(shaoutput));
99
100 EVP_MD_CTX_destroy(m);
101
102 ret = krb5_random_to_key(context, type, keydata, keylen, key);
103 memset(keydata, 0, sizeof(keylen));
104 free(keydata);
105 return ret;
106 }
107
108 static krb5_error_code
encode_uvinfo(krb5_context context,krb5_const_principal p,krb5_data * data)109 encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data)
110 {
111 KRB5PrincipalName pn;
112 krb5_error_code ret;
113 size_t size = 0;
114
115 pn.principalName = p->name;
116 pn.realm = p->realm;
117
118 ASN1_MALLOC_ENCODE(KRB5PrincipalName, data->data, data->length,
119 &pn, &size, ret);
120 if (ret) {
121 krb5_data_zero(data);
122 krb5_set_error_message(context, ret,
123 N_("Failed to encode KRB5PrincipalName", ""));
124 return ret;
125 }
126 if (data->length != size)
127 krb5_abortx(context, "asn1 compiler internal error");
128 return 0;
129 }
130
131 static krb5_error_code
encode_otherinfo(krb5_context context,const AlgorithmIdentifier * ai,krb5_const_principal client,krb5_const_principal server,krb5_enctype enctype,const krb5_data * as_req,const krb5_data * pk_as_rep,const Ticket * ticket,krb5_data * other)132 encode_otherinfo(krb5_context context,
133 const AlgorithmIdentifier *ai,
134 krb5_const_principal client,
135 krb5_const_principal server,
136 krb5_enctype enctype,
137 const krb5_data *as_req,
138 const krb5_data *pk_as_rep,
139 const Ticket *ticket,
140 krb5_data *other)
141 {
142 PkinitSP80056AOtherInfo otherinfo;
143 PkinitSuppPubInfo pubinfo;
144 krb5_error_code ret;
145 krb5_data pub;
146 size_t size = 0;
147
148 krb5_data_zero(other);
149 memset(&otherinfo, 0, sizeof(otherinfo));
150 memset(&pubinfo, 0, sizeof(pubinfo));
151
152 pubinfo.enctype = enctype;
153 pubinfo.as_REQ = *as_req;
154 pubinfo.pk_as_rep = *pk_as_rep;
155 pubinfo.ticket = *ticket;
156 ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length,
157 &pubinfo, &size, ret);
158 if (ret) {
159 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
160 return ret;
161 }
162 if (pub.length != size)
163 krb5_abortx(context, "asn1 compiler internal error");
164
165 ret = encode_uvinfo(context, client, &otherinfo.partyUInfo);
166 if (ret) {
167 free(pub.data);
168 return ret;
169 }
170 ret = encode_uvinfo(context, server, &otherinfo.partyVInfo);
171 if (ret) {
172 free(otherinfo.partyUInfo.data);
173 free(pub.data);
174 return ret;
175 }
176
177 otherinfo.algorithmID = *ai;
178 otherinfo.suppPubInfo = &pub;
179
180 ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length,
181 &otherinfo, &size, ret);
182 free(otherinfo.partyUInfo.data);
183 free(otherinfo.partyVInfo.data);
184 free(pub.data);
185 if (ret) {
186 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
187 return ret;
188 }
189 if (other->length != size)
190 krb5_abortx(context, "asn1 compiler internal error");
191
192 return 0;
193 }
194
195
196
197 krb5_error_code
_krb5_pk_kdf(krb5_context context,const struct AlgorithmIdentifier * ai,const void * dhdata,size_t dhsize,krb5_const_principal client,krb5_const_principal server,krb5_enctype enctype,const krb5_data * as_req,const krb5_data * pk_as_rep,const Ticket * ticket,krb5_keyblock * key)198 _krb5_pk_kdf(krb5_context context,
199 const struct AlgorithmIdentifier *ai,
200 const void *dhdata,
201 size_t dhsize,
202 krb5_const_principal client,
203 krb5_const_principal server,
204 krb5_enctype enctype,
205 const krb5_data *as_req,
206 const krb5_data *pk_as_rep,
207 const Ticket *ticket,
208 krb5_keyblock *key)
209 {
210 struct _krb5_encryption_type *et;
211 krb5_error_code ret;
212 krb5_data other;
213 size_t keylen, offset;
214 uint32_t counter;
215 unsigned char *keydata;
216 unsigned char shaoutput[SHA512_DIGEST_LENGTH];
217 const EVP_MD *md;
218 EVP_MD_CTX *m;
219
220 if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) {
221 md = EVP_sha1();
222 } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) {
223 md = EVP_sha256();
224 } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) {
225 md = EVP_sha512();
226 } else {
227 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
228 N_("KDF not supported", ""));
229 return KRB5_PROG_ETYPE_NOSUPP;
230 }
231 if (ai->parameters != NULL &&
232 (ai->parameters->length != 2 ||
233 memcmp(ai->parameters->data, "\x05\x00", 2) != 0))
234 {
235 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
236 N_("kdf params not NULL or the NULL-type",
237 ""));
238 return KRB5_PROG_ETYPE_NOSUPP;
239 }
240
241 et = _krb5_find_enctype(enctype);
242 if(et == NULL) {
243 krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
244 N_("encryption type %d not supported", ""),
245 enctype);
246 return KRB5_PROG_ETYPE_NOSUPP;
247 }
248 keylen = (et->keytype->bits + 7) / 8;
249
250 keydata = malloc(keylen);
251 if (keydata == NULL) {
252 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
253 return ENOMEM;
254 }
255
256 ret = encode_otherinfo(context, ai, client, server,
257 enctype, as_req, pk_as_rep, ticket, &other);
258 if (ret) {
259 free(keydata);
260 return ret;
261 }
262
263 m = EVP_MD_CTX_create();
264 if (m == NULL) {
265 free(keydata);
266 free(other.data);
267 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
268 return ENOMEM;
269 }
270
271 offset = 0;
272 counter = 1;
273 do {
274 unsigned char cdata[4];
275
276 EVP_DigestInit_ex(m, md, NULL);
277 _krb5_put_int(cdata, counter, 4);
278 EVP_DigestUpdate(m, cdata, 4);
279 EVP_DigestUpdate(m, dhdata, dhsize);
280 EVP_DigestUpdate(m, other.data, other.length);
281
282 EVP_DigestFinal_ex(m, shaoutput, NULL);
283
284 memcpy((unsigned char *)keydata + offset,
285 shaoutput,
286 min(keylen - offset, EVP_MD_CTX_size(m)));
287
288 offset += EVP_MD_CTX_size(m);
289 counter++;
290 } while(offset < keylen);
291 memset(shaoutput, 0, sizeof(shaoutput));
292
293 EVP_MD_CTX_destroy(m);
294 free(other.data);
295
296 ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
297 memset(keydata, 0, sizeof(keylen));
298 free(keydata);
299
300 return ret;
301 }
302