1 /* 2 * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "krb5_locl.h" 37 38 struct krb5_dh_moduli { 39 char *name; 40 unsigned long bits; 41 heim_integer p; 42 heim_integer g; 43 heim_integer q; 44 }; 45 46 #ifdef PKINIT 47 48 #include <cms_asn1.h> 49 #include <pkcs8_asn1.h> 50 #include <pkcs9_asn1.h> 51 #include <pkcs12_asn1.h> 52 #include <pkinit_asn1.h> 53 #include <asn1_err.h> 54 55 #include <der.h> 56 57 struct krb5_pk_cert { 58 hx509_cert cert; 59 }; 60 61 struct krb5_pk_init_ctx_data { 62 struct krb5_pk_identity *id; 63 enum { USE_RSA, USE_DH, USE_ECDH } keyex; 64 union { 65 DH *dh; 66 #ifdef HAVE_OPENSSL 67 EC_KEY *eckey; 68 #endif 69 } u; 70 krb5_data *clientDHNonce; 71 struct krb5_dh_moduli **m; 72 hx509_peer_info peer; 73 enum krb5_pk_type type; 74 unsigned int require_binding:1; 75 unsigned int require_eku:1; 76 unsigned int require_krbtgt_otherName:1; 77 unsigned int require_hostname_match:1; 78 unsigned int trustedCertifiers:1; 79 unsigned int anonymous:1; 80 }; 81 82 static void 83 pk_copy_error(krb5_context context, 84 hx509_context hx509ctx, 85 int hxret, 86 const char *fmt, 87 ...) 88 __attribute__ ((format (printf, 4, 5))); 89 90 /* 91 * 92 */ 93 94 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 95 _krb5_pk_cert_free(struct krb5_pk_cert *cert) 96 { 97 if (cert->cert) { 98 hx509_cert_free(cert->cert); 99 } 100 free(cert); 101 } 102 103 static krb5_error_code 104 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) 105 { 106 integer->length = BN_num_bytes(bn); 107 integer->data = malloc(integer->length); 108 if (integer->data == NULL) { 109 krb5_clear_error_message(context); 110 return ENOMEM; 111 } 112 BN_bn2bin(bn, integer->data); 113 integer->negative = BN_is_negative(bn); 114 return 0; 115 } 116 117 static BIGNUM * 118 integer_to_BN(krb5_context context, const char *field, const heim_integer *f) 119 { 120 BIGNUM *bn; 121 122 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); 123 if (bn == NULL) { 124 krb5_set_error_message(context, ENOMEM, 125 N_("PKINIT: parsing BN failed %s", ""), field); 126 return NULL; 127 } 128 BN_set_negative(bn, f->negative); 129 return bn; 130 } 131 132 static krb5_error_code 133 select_dh_group(krb5_context context, DH *dh, unsigned long bits, 134 struct krb5_dh_moduli **moduli) 135 { 136 const struct krb5_dh_moduli *m; 137 138 if (bits == 0) { 139 m = moduli[1]; /* XXX */ 140 if (m == NULL) 141 m = moduli[0]; /* XXX */ 142 } else { 143 int i; 144 for (i = 0; moduli[i] != NULL; i++) { 145 if (bits < moduli[i]->bits) 146 break; 147 } 148 if (moduli[i] == NULL) { 149 krb5_set_error_message(context, EINVAL, 150 N_("Did not find a DH group parameter " 151 "matching requirement of %lu bits", ""), 152 bits); 153 return EINVAL; 154 } 155 m = moduli[i]; 156 } 157 158 dh->p = integer_to_BN(context, "p", &m->p); 159 if (dh->p == NULL) 160 return ENOMEM; 161 dh->g = integer_to_BN(context, "g", &m->g); 162 if (dh->g == NULL) 163 return ENOMEM; 164 dh->q = integer_to_BN(context, "q", &m->q); 165 if (dh->q == NULL) 166 return ENOMEM; 167 168 return 0; 169 } 170 171 struct certfind { 172 const char *type; 173 const heim_oid *oid; 174 }; 175 176 /* 177 * Try searchin the key by to use by first looking for for PK-INIT 178 * EKU, then the Microsoft smart card EKU and last, no special EKU at all. 179 */ 180 181 static krb5_error_code 182 find_cert(krb5_context context, struct krb5_pk_identity *id, 183 hx509_query *q, hx509_cert *cert) 184 { 185 struct certfind cf[4] = { 186 { "MobileMe EKU" }, 187 { "PKINIT EKU" }, 188 { "MS EKU" }, 189 { "any (or no)" } 190 }; 191 int ret = HX509_CERT_NOT_FOUND; 192 size_t i, start = 1; 193 unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 }; 194 const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids }; 195 196 197 if (id->flags & PKINIT_BTMM) 198 start = 0; 199 200 cf[0].oid = &mobileMe; 201 cf[1].oid = &asn1_oid_id_pkekuoid; 202 cf[2].oid = &asn1_oid_id_pkinit_ms_eku; 203 cf[3].oid = NULL; 204 205 for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) { 206 ret = hx509_query_match_eku(q, cf[i].oid); 207 if (ret) { 208 pk_copy_error(context, context->hx509ctx, ret, 209 "Failed setting %s OID", cf[i].type); 210 return ret; 211 } 212 213 ret = hx509_certs_find(context->hx509ctx, id->certs, q, cert); 214 if (ret == 0) 215 break; 216 pk_copy_error(context, context->hx509ctx, ret, 217 "Failed finding certificate with %s OID", cf[i].type); 218 } 219 return ret; 220 } 221 222 223 static krb5_error_code 224 create_signature(krb5_context context, 225 const heim_oid *eContentType, 226 krb5_data *eContent, 227 struct krb5_pk_identity *id, 228 hx509_peer_info peer, 229 krb5_data *sd_data) 230 { 231 int ret, flags = 0; 232 233 if (id->cert == NULL) 234 flags |= HX509_CMS_SIGNATURE_NO_SIGNER; 235 236 ret = hx509_cms_create_signed_1(context->hx509ctx, 237 flags, 238 eContentType, 239 eContent->data, 240 eContent->length, 241 NULL, 242 id->cert, 243 peer, 244 NULL, 245 id->certs, 246 sd_data); 247 if (ret) { 248 pk_copy_error(context, context->hx509ctx, ret, 249 "Create CMS signedData"); 250 return ret; 251 } 252 253 return 0; 254 } 255 256 static int 257 cert2epi(hx509_context context, void *ctx, hx509_cert c) 258 { 259 ExternalPrincipalIdentifiers *ids = ctx; 260 ExternalPrincipalIdentifier id; 261 hx509_name subject = NULL; 262 void *p; 263 int ret; 264 265 if (ids->len > 10) 266 return 0; 267 268 memset(&id, 0, sizeof(id)); 269 270 ret = hx509_cert_get_subject(c, &subject); 271 if (ret) 272 return ret; 273 274 if (hx509_name_is_null_p(subject) != 0) { 275 276 id.subjectName = calloc(1, sizeof(*id.subjectName)); 277 if (id.subjectName == NULL) { 278 hx509_name_free(&subject); 279 free_ExternalPrincipalIdentifier(&id); 280 return ENOMEM; 281 } 282 283 ret = hx509_name_binary(subject, id.subjectName); 284 if (ret) { 285 hx509_name_free(&subject); 286 free_ExternalPrincipalIdentifier(&id); 287 return ret; 288 } 289 } 290 hx509_name_free(&subject); 291 292 293 id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber)); 294 if (id.issuerAndSerialNumber == NULL) { 295 free_ExternalPrincipalIdentifier(&id); 296 return ENOMEM; 297 } 298 299 { 300 IssuerAndSerialNumber iasn; 301 hx509_name issuer; 302 size_t size = 0; 303 304 memset(&iasn, 0, sizeof(iasn)); 305 306 ret = hx509_cert_get_issuer(c, &issuer); 307 if (ret) { 308 free_ExternalPrincipalIdentifier(&id); 309 return ret; 310 } 311 312 ret = hx509_name_to_Name(issuer, &iasn.issuer); 313 hx509_name_free(&issuer); 314 if (ret) { 315 free_ExternalPrincipalIdentifier(&id); 316 return ret; 317 } 318 319 ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber); 320 if (ret) { 321 free_IssuerAndSerialNumber(&iasn); 322 free_ExternalPrincipalIdentifier(&id); 323 return ret; 324 } 325 326 ASN1_MALLOC_ENCODE(IssuerAndSerialNumber, 327 id.issuerAndSerialNumber->data, 328 id.issuerAndSerialNumber->length, 329 &iasn, &size, ret); 330 free_IssuerAndSerialNumber(&iasn); 331 if (ret) 332 return ret; 333 if (id.issuerAndSerialNumber->length != size) 334 abort(); 335 } 336 337 id.subjectKeyIdentifier = NULL; 338 339 p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); 340 if (p == NULL) { 341 free_ExternalPrincipalIdentifier(&id); 342 return ENOMEM; 343 } 344 345 ids->val = p; 346 ids->val[ids->len] = id; 347 ids->len++; 348 349 return 0; 350 } 351 352 static krb5_error_code 353 build_edi(krb5_context context, 354 hx509_context hx509ctx, 355 hx509_certs certs, 356 ExternalPrincipalIdentifiers *ids) 357 { 358 return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids); 359 } 360 361 static krb5_error_code 362 build_auth_pack(krb5_context context, 363 unsigned nonce, 364 krb5_pk_init_ctx ctx, 365 const KDC_REQ_BODY *body, 366 AuthPack *a) 367 { 368 size_t buf_size, len = 0; 369 krb5_error_code ret; 370 void *buf; 371 krb5_timestamp sec; 372 int32_t usec; 373 Checksum checksum; 374 375 krb5_clear_error_message(context); 376 377 memset(&checksum, 0, sizeof(checksum)); 378 379 krb5_us_timeofday(context, &sec, &usec); 380 a->pkAuthenticator.ctime = sec; 381 a->pkAuthenticator.nonce = nonce; 382 383 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); 384 if (ret) 385 return ret; 386 if (buf_size != len) 387 krb5_abortx(context, "internal error in ASN.1 encoder"); 388 389 ret = krb5_create_checksum(context, 390 NULL, 391 0, 392 CKSUMTYPE_SHA1, 393 buf, 394 len, 395 &checksum); 396 free(buf); 397 if (ret) 398 return ret; 399 400 ALLOC(a->pkAuthenticator.paChecksum, 1); 401 if (a->pkAuthenticator.paChecksum == NULL) { 402 krb5_set_error_message(context, ENOMEM, 403 N_("malloc: out of memory", "")); 404 return ENOMEM; 405 } 406 407 ret = krb5_data_copy(a->pkAuthenticator.paChecksum, 408 checksum.checksum.data, checksum.checksum.length); 409 free_Checksum(&checksum); 410 if (ret) 411 return ret; 412 413 if (ctx->keyex == USE_DH || ctx->keyex == USE_ECDH) { 414 const char *moduli_file; 415 unsigned long dh_min_bits; 416 krb5_data dhbuf; 417 size_t size = 0; 418 419 krb5_data_zero(&dhbuf); 420 421 422 423 moduli_file = krb5_config_get_string(context, NULL, 424 "libdefaults", 425 "moduli", 426 NULL); 427 428 dh_min_bits = 429 krb5_config_get_int_default(context, NULL, 0, 430 "libdefaults", 431 "pkinit_dh_min_bits", 432 NULL); 433 434 ret = _krb5_parse_moduli(context, moduli_file, &ctx->m); 435 if (ret) 436 return ret; 437 438 ctx->u.dh = DH_new(); 439 if (ctx->u.dh == NULL) { 440 krb5_set_error_message(context, ENOMEM, 441 N_("malloc: out of memory", "")); 442 return ENOMEM; 443 } 444 445 ret = select_dh_group(context, ctx->u.dh, dh_min_bits, ctx->m); 446 if (ret) 447 return ret; 448 449 if (DH_generate_key(ctx->u.dh) != 1) { 450 krb5_set_error_message(context, ENOMEM, 451 N_("pkinit: failed to generate DH key", "")); 452 return ENOMEM; 453 } 454 455 456 if (1 /* support_cached_dh */) { 457 ALLOC(a->clientDHNonce, 1); 458 if (a->clientDHNonce == NULL) { 459 krb5_clear_error_message(context); 460 return ENOMEM; 461 } 462 ret = krb5_data_alloc(a->clientDHNonce, 40); 463 if (a->clientDHNonce == NULL) { 464 krb5_clear_error_message(context); 465 return ret; 466 } 467 RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length); 468 ret = krb5_copy_data(context, a->clientDHNonce, 469 &ctx->clientDHNonce); 470 if (ret) 471 return ret; 472 } 473 474 ALLOC(a->clientPublicValue, 1); 475 if (a->clientPublicValue == NULL) 476 return ENOMEM; 477 478 if (ctx->keyex == USE_DH) { 479 DH *dh = ctx->u.dh; 480 DomainParameters dp; 481 heim_integer dh_pub_key; 482 483 ret = der_copy_oid(&asn1_oid_id_dhpublicnumber, 484 &a->clientPublicValue->algorithm.algorithm); 485 if (ret) 486 return ret; 487 488 memset(&dp, 0, sizeof(dp)); 489 490 ret = BN_to_integer(context, dh->p, &dp.p); 491 if (ret) { 492 free_DomainParameters(&dp); 493 return ret; 494 } 495 ret = BN_to_integer(context, dh->g, &dp.g); 496 if (ret) { 497 free_DomainParameters(&dp); 498 return ret; 499 } 500 ret = BN_to_integer(context, dh->q, &dp.q); 501 if (ret) { 502 free_DomainParameters(&dp); 503 return ret; 504 } 505 dp.j = NULL; 506 dp.validationParms = NULL; 507 508 a->clientPublicValue->algorithm.parameters = 509 malloc(sizeof(*a->clientPublicValue->algorithm.parameters)); 510 if (a->clientPublicValue->algorithm.parameters == NULL) { 511 free_DomainParameters(&dp); 512 return ret; 513 } 514 515 ASN1_MALLOC_ENCODE(DomainParameters, 516 a->clientPublicValue->algorithm.parameters->data, 517 a->clientPublicValue->algorithm.parameters->length, 518 &dp, &size, ret); 519 free_DomainParameters(&dp); 520 if (ret) 521 return ret; 522 if (size != a->clientPublicValue->algorithm.parameters->length) 523 krb5_abortx(context, "Internal ASN1 encoder error"); 524 525 ret = BN_to_integer(context, dh->pub_key, &dh_pub_key); 526 if (ret) 527 return ret; 528 529 ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length, 530 &dh_pub_key, &size, ret); 531 der_free_heim_integer(&dh_pub_key); 532 if (ret) 533 return ret; 534 if (size != dhbuf.length) 535 krb5_abortx(context, "asn1 internal error"); 536 } else if (ctx->keyex == USE_ECDH) { 537 #ifdef HAVE_OPENSSL 538 ECParameters ecp; 539 unsigned char *p; 540 int xlen; 541 542 /* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */ 543 544 ecp.element = choice_ECParameters_namedCurve; 545 ret = der_copy_oid(&asn1_oid_id_ec_group_secp256r1, 546 &ecp.u.namedCurve); 547 if (ret) 548 return ret; 549 550 ALLOC(a->clientPublicValue->algorithm.parameters, 1); 551 if (a->clientPublicValue->algorithm.parameters == NULL) { 552 free_ECParameters(&ecp); 553 return ENOMEM; 554 } 555 ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret); 556 free_ECParameters(&ecp); 557 if (ret) 558 return ret; 559 if ((int)size != xlen) 560 krb5_abortx(context, "asn1 internal error"); 561 562 a->clientPublicValue->algorithm.parameters->data = p; 563 a->clientPublicValue->algorithm.parameters->length = size; 564 565 /* copy in public key */ 566 567 ret = der_copy_oid(&asn1_oid_id_ecPublicKey, 568 &a->clientPublicValue->algorithm.algorithm); 569 if (ret) 570 return ret; 571 572 ctx->u.eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 573 if (ctx->u.eckey == NULL) 574 return ENOMEM; 575 576 ret = EC_KEY_generate_key(ctx->u.eckey); 577 if (ret != 1) 578 return EINVAL; 579 580 /* encode onto dhkey */ 581 582 xlen = i2o_ECPublicKey(ctx->u.eckey, NULL); 583 if (xlen <= 0) 584 abort(); 585 586 dhbuf.data = malloc(xlen); 587 if (dhbuf.data == NULL) 588 abort(); 589 dhbuf.length = xlen; 590 p = dhbuf.data; 591 592 xlen = i2o_ECPublicKey(ctx->u.eckey, &p); 593 if (xlen <= 0) 594 abort(); 595 596 /* XXX verify that this is right with RFC3279 */ 597 #else 598 return EINVAL; 599 #endif 600 } else 601 krb5_abortx(context, "internal error"); 602 a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8; 603 a->clientPublicValue->subjectPublicKey.data = dhbuf.data; 604 } 605 606 { 607 a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes)); 608 if (a->supportedCMSTypes == NULL) 609 return ENOMEM; 610 611 ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, 612 ctx->id->cert, 613 &a->supportedCMSTypes->val, 614 &a->supportedCMSTypes->len); 615 if (ret) 616 return ret; 617 } 618 619 return ret; 620 } 621 622 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 623 _krb5_pk_mk_ContentInfo(krb5_context context, 624 const krb5_data *buf, 625 const heim_oid *oid, 626 struct ContentInfo *content_info) 627 { 628 krb5_error_code ret; 629 630 ret = der_copy_oid(oid, &content_info->contentType); 631 if (ret) 632 return ret; 633 ALLOC(content_info->content, 1); 634 if (content_info->content == NULL) 635 return ENOMEM; 636 content_info->content->data = malloc(buf->length); 637 if (content_info->content->data == NULL) 638 return ENOMEM; 639 memcpy(content_info->content->data, buf->data, buf->length); 640 content_info->content->length = buf->length; 641 return 0; 642 } 643 644 static krb5_error_code 645 pk_mk_padata(krb5_context context, 646 krb5_pk_init_ctx ctx, 647 const KDC_REQ_BODY *req_body, 648 unsigned nonce, 649 METHOD_DATA *md) 650 { 651 struct ContentInfo content_info; 652 krb5_error_code ret; 653 const heim_oid *oid = NULL; 654 size_t size = 0; 655 krb5_data buf, sd_buf; 656 int pa_type = -1; 657 658 krb5_data_zero(&buf); 659 krb5_data_zero(&sd_buf); 660 memset(&content_info, 0, sizeof(content_info)); 661 662 if (ctx->type == PKINIT_WIN2K) { 663 AuthPack_Win2k ap; 664 krb5_timestamp sec; 665 int32_t usec; 666 667 memset(&ap, 0, sizeof(ap)); 668 669 /* fill in PKAuthenticator */ 670 ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName); 671 if (ret) { 672 free_AuthPack_Win2k(&ap); 673 krb5_clear_error_message(context); 674 goto out; 675 } 676 ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm); 677 if (ret) { 678 free_AuthPack_Win2k(&ap); 679 krb5_clear_error_message(context); 680 goto out; 681 } 682 683 krb5_us_timeofday(context, &sec, &usec); 684 ap.pkAuthenticator.ctime = sec; 685 ap.pkAuthenticator.cusec = usec; 686 ap.pkAuthenticator.nonce = nonce; 687 688 ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length, 689 &ap, &size, ret); 690 free_AuthPack_Win2k(&ap); 691 if (ret) { 692 krb5_set_error_message(context, ret, 693 N_("Failed encoding AuthPackWin: %d", ""), 694 (int)ret); 695 goto out; 696 } 697 if (buf.length != size) 698 krb5_abortx(context, "internal ASN1 encoder error"); 699 700 oid = &asn1_oid_id_pkcs7_data; 701 } else if (ctx->type == PKINIT_27) { 702 AuthPack ap; 703 704 memset(&ap, 0, sizeof(ap)); 705 706 ret = build_auth_pack(context, nonce, ctx, req_body, &ap); 707 if (ret) { 708 free_AuthPack(&ap); 709 goto out; 710 } 711 712 ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); 713 free_AuthPack(&ap); 714 if (ret) { 715 krb5_set_error_message(context, ret, 716 N_("Failed encoding AuthPack: %d", ""), 717 (int)ret); 718 goto out; 719 } 720 if (buf.length != size) 721 krb5_abortx(context, "internal ASN1 encoder error"); 722 723 oid = &asn1_oid_id_pkauthdata; 724 } else 725 krb5_abortx(context, "internal pkinit error"); 726 727 ret = create_signature(context, oid, &buf, ctx->id, 728 ctx->peer, &sd_buf); 729 krb5_data_free(&buf); 730 if (ret) 731 goto out; 732 733 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &sd_buf, &buf); 734 krb5_data_free(&sd_buf); 735 if (ret) { 736 krb5_set_error_message(context, ret, 737 N_("ContentInfo wrapping of signedData failed","")); 738 goto out; 739 } 740 741 if (ctx->type == PKINIT_WIN2K) { 742 PA_PK_AS_REQ_Win2k winreq; 743 744 pa_type = KRB5_PADATA_PK_AS_REQ_WIN; 745 746 memset(&winreq, 0, sizeof(winreq)); 747 748 winreq.signed_auth_pack = buf; 749 750 ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length, 751 &winreq, &size, ret); 752 free_PA_PK_AS_REQ_Win2k(&winreq); 753 754 } else if (ctx->type == PKINIT_27) { 755 PA_PK_AS_REQ req; 756 757 pa_type = KRB5_PADATA_PK_AS_REQ; 758 759 memset(&req, 0, sizeof(req)); 760 req.signedAuthPack = buf; 761 762 if (ctx->trustedCertifiers) { 763 764 req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); 765 if (req.trustedCertifiers == NULL) { 766 ret = ENOMEM; 767 krb5_set_error_message(context, ret, 768 N_("malloc: out of memory", "")); 769 free_PA_PK_AS_REQ(&req); 770 goto out; 771 } 772 ret = build_edi(context, context->hx509ctx, 773 ctx->id->anchors, req.trustedCertifiers); 774 if (ret) { 775 krb5_set_error_message(context, ret, 776 N_("pk-init: failed to build " 777 "trustedCertifiers", "")); 778 free_PA_PK_AS_REQ(&req); 779 goto out; 780 } 781 } 782 req.kdcPkId = NULL; 783 784 ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length, 785 &req, &size, ret); 786 787 free_PA_PK_AS_REQ(&req); 788 789 } else 790 krb5_abortx(context, "internal pkinit error"); 791 if (ret) { 792 krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret); 793 goto out; 794 } 795 if (buf.length != size) 796 krb5_abortx(context, "Internal ASN1 encoder error"); 797 798 ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length); 799 if (ret) 800 free(buf.data); 801 802 if (ret == 0) 803 krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); 804 805 out: 806 free_ContentInfo(&content_info); 807 808 return ret; 809 } 810 811 812 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 813 _krb5_pk_mk_padata(krb5_context context, 814 void *c, 815 int ic_flags, 816 int win2k, 817 const KDC_REQ_BODY *req_body, 818 unsigned nonce, 819 METHOD_DATA *md) 820 { 821 krb5_pk_init_ctx ctx = c; 822 int win2k_compat; 823 824 if (ctx->id->certs == NULL && ctx->anonymous == 0) { 825 krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY, 826 N_("PKINIT: No user certificate given", "")); 827 return HEIM_PKINIT_NO_PRIVATE_KEY; 828 } 829 830 win2k_compat = krb5_config_get_bool_default(context, NULL, 831 win2k, 832 "realms", 833 req_body->realm, 834 "pkinit_win2k", 835 NULL); 836 837 if (win2k_compat) { 838 ctx->require_binding = 839 krb5_config_get_bool_default(context, NULL, 840 TRUE, 841 "realms", 842 req_body->realm, 843 "pkinit_win2k_require_binding", 844 NULL); 845 ctx->type = PKINIT_WIN2K; 846 } else 847 ctx->type = PKINIT_27; 848 849 ctx->require_eku = 850 krb5_config_get_bool_default(context, NULL, 851 TRUE, 852 "realms", 853 req_body->realm, 854 "pkinit_require_eku", 855 NULL); 856 if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK) 857 ctx->require_eku = 0; 858 if (ctx->id->flags & PKINIT_BTMM) 859 ctx->require_eku = 0; 860 861 ctx->require_krbtgt_otherName = 862 krb5_config_get_bool_default(context, NULL, 863 TRUE, 864 "realms", 865 req_body->realm, 866 "pkinit_require_krbtgt_otherName", 867 NULL); 868 869 ctx->require_hostname_match = 870 krb5_config_get_bool_default(context, NULL, 871 FALSE, 872 "realms", 873 req_body->realm, 874 "pkinit_require_hostname_match", 875 NULL); 876 877 ctx->trustedCertifiers = 878 krb5_config_get_bool_default(context, NULL, 879 TRUE, 880 "realms", 881 req_body->realm, 882 "pkinit_trustedCertifiers", 883 NULL); 884 885 return pk_mk_padata(context, ctx, req_body, nonce, md); 886 } 887 888 static krb5_error_code 889 pk_verify_sign(krb5_context context, 890 const void *data, 891 size_t length, 892 struct krb5_pk_identity *id, 893 heim_oid *contentType, 894 krb5_data *content, 895 struct krb5_pk_cert **signer) 896 { 897 hx509_certs signer_certs; 898 int ret, flags = 0; 899 900 /* BTMM is broken in Leo and SnowLeo */ 901 if (id->flags & PKINIT_BTMM) { 902 flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; 903 flags |= HX509_CMS_VS_NO_KU_CHECK; 904 flags |= HX509_CMS_VS_NO_VALIDATE; 905 } 906 907 *signer = NULL; 908 909 ret = hx509_cms_verify_signed(context->hx509ctx, 910 id->verify_ctx, 911 flags, 912 data, 913 length, 914 NULL, 915 id->certpool, 916 contentType, 917 content, 918 &signer_certs); 919 if (ret) { 920 pk_copy_error(context, context->hx509ctx, ret, 921 "CMS verify signed failed"); 922 return ret; 923 } 924 925 *signer = calloc(1, sizeof(**signer)); 926 if (*signer == NULL) { 927 krb5_clear_error_message(context); 928 ret = ENOMEM; 929 goto out; 930 } 931 932 ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert); 933 if (ret) { 934 pk_copy_error(context, context->hx509ctx, ret, 935 "Failed to get on of the signer certs"); 936 goto out; 937 } 938 939 out: 940 hx509_certs_free(&signer_certs); 941 if (ret) { 942 if (*signer) { 943 hx509_cert_free((*signer)->cert); 944 free(*signer); 945 *signer = NULL; 946 } 947 } 948 949 return ret; 950 } 951 952 static krb5_error_code 953 get_reply_key_win(krb5_context context, 954 const krb5_data *content, 955 unsigned nonce, 956 krb5_keyblock **key) 957 { 958 ReplyKeyPack_Win2k key_pack; 959 krb5_error_code ret; 960 size_t size; 961 962 ret = decode_ReplyKeyPack_Win2k(content->data, 963 content->length, 964 &key_pack, 965 &size); 966 if (ret) { 967 krb5_set_error_message(context, ret, 968 N_("PKINIT decoding reply key failed", "")); 969 free_ReplyKeyPack_Win2k(&key_pack); 970 return ret; 971 } 972 973 if ((unsigned)key_pack.nonce != nonce) { 974 krb5_set_error_message(context, ret, 975 N_("PKINIT enckey nonce is wrong", "")); 976 free_ReplyKeyPack_Win2k(&key_pack); 977 return KRB5KRB_AP_ERR_MODIFIED; 978 } 979 980 *key = malloc (sizeof (**key)); 981 if (*key == NULL) { 982 free_ReplyKeyPack_Win2k(&key_pack); 983 krb5_set_error_message(context, ENOMEM, 984 N_("malloc: out of memory", "")); 985 return ENOMEM; 986 } 987 988 ret = copy_EncryptionKey(&key_pack.replyKey, *key); 989 free_ReplyKeyPack_Win2k(&key_pack); 990 if (ret) { 991 krb5_set_error_message(context, ret, 992 N_("PKINIT failed copying reply key", "")); 993 free(*key); 994 *key = NULL; 995 } 996 997 return ret; 998 } 999 1000 static krb5_error_code 1001 get_reply_key(krb5_context context, 1002 const krb5_data *content, 1003 const krb5_data *req_buffer, 1004 krb5_keyblock **key) 1005 { 1006 ReplyKeyPack key_pack; 1007 krb5_error_code ret; 1008 size_t size; 1009 1010 ret = decode_ReplyKeyPack(content->data, 1011 content->length, 1012 &key_pack, 1013 &size); 1014 if (ret) { 1015 krb5_set_error_message(context, ret, 1016 N_("PKINIT decoding reply key failed", "")); 1017 free_ReplyKeyPack(&key_pack); 1018 return ret; 1019 } 1020 1021 { 1022 krb5_crypto crypto; 1023 1024 /* 1025 * XXX Verify kp.replyKey is a allowed enctype in the 1026 * configuration file 1027 */ 1028 1029 ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto); 1030 if (ret) { 1031 free_ReplyKeyPack(&key_pack); 1032 return ret; 1033 } 1034 1035 ret = krb5_verify_checksum(context, crypto, 6, 1036 req_buffer->data, req_buffer->length, 1037 &key_pack.asChecksum); 1038 krb5_crypto_destroy(context, crypto); 1039 if (ret) { 1040 free_ReplyKeyPack(&key_pack); 1041 return ret; 1042 } 1043 } 1044 1045 *key = malloc (sizeof (**key)); 1046 if (*key == NULL) { 1047 free_ReplyKeyPack(&key_pack); 1048 krb5_set_error_message(context, ENOMEM, 1049 N_("malloc: out of memory", "")); 1050 return ENOMEM; 1051 } 1052 1053 ret = copy_EncryptionKey(&key_pack.replyKey, *key); 1054 free_ReplyKeyPack(&key_pack); 1055 if (ret) { 1056 krb5_set_error_message(context, ret, 1057 N_("PKINIT failed copying reply key", "")); 1058 free(*key); 1059 *key = NULL; 1060 } 1061 1062 return ret; 1063 } 1064 1065 1066 static krb5_error_code 1067 pk_verify_host(krb5_context context, 1068 const char *realm, 1069 const krb5_krbhst_info *hi, 1070 struct krb5_pk_init_ctx_data *ctx, 1071 struct krb5_pk_cert *host) 1072 { 1073 krb5_error_code ret = 0; 1074 1075 if (ctx->require_eku) { 1076 ret = hx509_cert_check_eku(context->hx509ctx, host->cert, 1077 &asn1_oid_id_pkkdcekuoid, 0); 1078 if (ret) { 1079 krb5_set_error_message(context, ret, 1080 N_("No PK-INIT KDC EKU in kdc certificate", "")); 1081 return ret; 1082 } 1083 } 1084 if (ctx->require_krbtgt_otherName) { 1085 hx509_octet_string_list list; 1086 size_t i; 1087 1088 ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx, 1089 host->cert, 1090 &asn1_oid_id_pkinit_san, 1091 &list); 1092 if (ret) { 1093 krb5_set_error_message(context, ret, 1094 N_("Failed to find the PK-INIT " 1095 "subjectAltName in the KDC " 1096 "certificate", "")); 1097 1098 return ret; 1099 } 1100 1101 for (i = 0; i < list.len; i++) { 1102 KRB5PrincipalName r; 1103 1104 ret = decode_KRB5PrincipalName(list.val[i].data, 1105 list.val[i].length, 1106 &r, 1107 NULL); 1108 if (ret) { 1109 krb5_set_error_message(context, ret, 1110 N_("Failed to decode the PK-INIT " 1111 "subjectAltName in the " 1112 "KDC certificate", "")); 1113 1114 break; 1115 } 1116 1117 if (r.principalName.name_string.len != 2 || 1118 strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 || 1119 strcmp(r.principalName.name_string.val[1], realm) != 0 || 1120 strcmp(r.realm, realm) != 0) 1121 { 1122 ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; 1123 krb5_set_error_message(context, ret, 1124 N_("KDC have wrong realm name in " 1125 "the certificate", "")); 1126 } 1127 1128 free_KRB5PrincipalName(&r); 1129 if (ret) 1130 break; 1131 } 1132 hx509_free_octet_string_list(&list); 1133 } 1134 if (ret) 1135 return ret; 1136 1137 if (hi) { 1138 ret = hx509_verify_hostname(context->hx509ctx, host->cert, 1139 ctx->require_hostname_match, 1140 HX509_HN_HOSTNAME, 1141 hi->hostname, 1142 hi->ai->ai_addr, hi->ai->ai_addrlen); 1143 1144 if (ret) 1145 krb5_set_error_message(context, ret, 1146 N_("Address mismatch in " 1147 "the KDC certificate", "")); 1148 } 1149 return ret; 1150 } 1151 1152 static krb5_error_code 1153 pk_rd_pa_reply_enckey(krb5_context context, 1154 int type, 1155 const heim_octet_string *indata, 1156 const heim_oid *dataType, 1157 const char *realm, 1158 krb5_pk_init_ctx ctx, 1159 krb5_enctype etype, 1160 const krb5_krbhst_info *hi, 1161 unsigned nonce, 1162 const krb5_data *req_buffer, 1163 PA_DATA *pa, 1164 krb5_keyblock **key) 1165 { 1166 krb5_error_code ret; 1167 struct krb5_pk_cert *host = NULL; 1168 krb5_data content; 1169 heim_oid contentType = { 0, NULL }; 1170 int flags = HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT; 1171 1172 if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_envelopedData, dataType)) { 1173 krb5_set_error_message(context, EINVAL, 1174 N_("PKINIT: Invalid content type", "")); 1175 return EINVAL; 1176 } 1177 1178 if (ctx->type == PKINIT_WIN2K) 1179 flags |= HX509_CMS_UE_ALLOW_WEAK; 1180 1181 ret = hx509_cms_unenvelope(context->hx509ctx, 1182 ctx->id->certs, 1183 flags, 1184 indata->data, 1185 indata->length, 1186 NULL, 1187 0, 1188 &contentType, 1189 &content); 1190 if (ret) { 1191 pk_copy_error(context, context->hx509ctx, ret, 1192 "Failed to unenvelope CMS data in PK-INIT reply"); 1193 return ret; 1194 } 1195 der_free_oid(&contentType); 1196 1197 /* win2k uses ContentInfo */ 1198 if (type == PKINIT_WIN2K) { 1199 heim_oid type2; 1200 heim_octet_string out; 1201 1202 ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); 1203 if (ret) { 1204 /* windows LH with interesting CMS packets */ 1205 size_t ph = 1 + der_length_len(content.length); 1206 unsigned char *ptr = malloc(content.length + ph); 1207 size_t l; 1208 1209 memcpy(ptr + ph, content.data, content.length); 1210 1211 ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length, 1212 ASN1_C_UNIV, CONS, UT_Sequence, &l); 1213 if (ret) 1214 return ret; 1215 free(content.data); 1216 content.data = ptr; 1217 content.length += ph; 1218 1219 ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); 1220 if (ret) 1221 goto out; 1222 } 1223 if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) { 1224 ret = EINVAL; /* XXX */ 1225 krb5_set_error_message(context, ret, 1226 N_("PKINIT: Invalid content type", "")); 1227 der_free_oid(&type2); 1228 der_free_octet_string(&out); 1229 goto out; 1230 } 1231 der_free_oid(&type2); 1232 krb5_data_free(&content); 1233 ret = krb5_data_copy(&content, out.data, out.length); 1234 der_free_octet_string(&out); 1235 if (ret) { 1236 krb5_set_error_message(context, ret, 1237 N_("malloc: out of memory", "")); 1238 goto out; 1239 } 1240 } 1241 1242 ret = pk_verify_sign(context, 1243 content.data, 1244 content.length, 1245 ctx->id, 1246 &contentType, 1247 &content, 1248 &host); 1249 if (ret) 1250 goto out; 1251 1252 /* make sure that it is the kdc's certificate */ 1253 ret = pk_verify_host(context, realm, hi, ctx, host); 1254 if (ret) { 1255 goto out; 1256 } 1257 1258 #if 0 1259 if (type == PKINIT_WIN2K) { 1260 if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkcs7_data) != 0) { 1261 ret = KRB5KRB_AP_ERR_MSG_TYPE; 1262 krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); 1263 goto out; 1264 } 1265 } else { 1266 if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkrkeydata) != 0) { 1267 ret = KRB5KRB_AP_ERR_MSG_TYPE; 1268 krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); 1269 goto out; 1270 } 1271 } 1272 #endif 1273 1274 switch(type) { 1275 case PKINIT_WIN2K: 1276 ret = get_reply_key(context, &content, req_buffer, key); 1277 if (ret != 0 && ctx->require_binding == 0) 1278 ret = get_reply_key_win(context, &content, nonce, key); 1279 break; 1280 case PKINIT_27: 1281 ret = get_reply_key(context, &content, req_buffer, key); 1282 break; 1283 } 1284 if (ret) 1285 goto out; 1286 1287 /* XXX compare given etype with key->etype */ 1288 1289 out: 1290 if (host) 1291 _krb5_pk_cert_free(host); 1292 der_free_oid(&contentType); 1293 krb5_data_free(&content); 1294 1295 return ret; 1296 } 1297 1298 static krb5_error_code 1299 pk_rd_pa_reply_dh(krb5_context context, 1300 const heim_octet_string *indata, 1301 const heim_oid *dataType, 1302 const char *realm, 1303 krb5_pk_init_ctx ctx, 1304 krb5_enctype etype, 1305 const krb5_krbhst_info *hi, 1306 const DHNonce *c_n, 1307 const DHNonce *k_n, 1308 unsigned nonce, 1309 PA_DATA *pa, 1310 krb5_keyblock **key) 1311 { 1312 const unsigned char *p; 1313 unsigned char *dh_gen_key = NULL; 1314 struct krb5_pk_cert *host = NULL; 1315 BIGNUM *kdc_dh_pubkey = NULL; 1316 KDCDHKeyInfo kdc_dh_info; 1317 heim_oid contentType = { 0, NULL }; 1318 krb5_data content; 1319 krb5_error_code ret; 1320 int dh_gen_keylen = 0; 1321 size_t size; 1322 1323 krb5_data_zero(&content); 1324 memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); 1325 1326 if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_signedData, dataType)) { 1327 krb5_set_error_message(context, EINVAL, 1328 N_("PKINIT: Invalid content type", "")); 1329 return EINVAL; 1330 } 1331 1332 ret = pk_verify_sign(context, 1333 indata->data, 1334 indata->length, 1335 ctx->id, 1336 &contentType, 1337 &content, 1338 &host); 1339 if (ret) 1340 goto out; 1341 1342 /* make sure that it is the kdc's certificate */ 1343 ret = pk_verify_host(context, realm, hi, ctx, host); 1344 if (ret) 1345 goto out; 1346 1347 if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkdhkeydata)) { 1348 ret = KRB5KRB_AP_ERR_MSG_TYPE; 1349 krb5_set_error_message(context, ret, 1350 N_("pkinit - dh reply contains wrong oid", "")); 1351 goto out; 1352 } 1353 1354 ret = decode_KDCDHKeyInfo(content.data, 1355 content.length, 1356 &kdc_dh_info, 1357 &size); 1358 1359 if (ret) { 1360 krb5_set_error_message(context, ret, 1361 N_("pkinit - failed to decode " 1362 "KDC DH Key Info", "")); 1363 goto out; 1364 } 1365 1366 if (kdc_dh_info.nonce != nonce) { 1367 ret = KRB5KRB_AP_ERR_MODIFIED; 1368 krb5_set_error_message(context, ret, 1369 N_("PKINIT: DH nonce is wrong", "")); 1370 goto out; 1371 } 1372 1373 if (kdc_dh_info.dhKeyExpiration) { 1374 if (k_n == NULL) { 1375 ret = KRB5KRB_ERR_GENERIC; 1376 krb5_set_error_message(context, ret, 1377 N_("pkinit; got key expiration " 1378 "without server nonce", "")); 1379 goto out; 1380 } 1381 if (c_n == NULL) { 1382 ret = KRB5KRB_ERR_GENERIC; 1383 krb5_set_error_message(context, ret, 1384 N_("pkinit; got DH reuse but no " 1385 "client nonce", "")); 1386 goto out; 1387 } 1388 } else { 1389 if (k_n) { 1390 ret = KRB5KRB_ERR_GENERIC; 1391 krb5_set_error_message(context, ret, 1392 N_("pkinit: got server nonce " 1393 "without key expiration", "")); 1394 goto out; 1395 } 1396 c_n = NULL; 1397 } 1398 1399 1400 p = kdc_dh_info.subjectPublicKey.data; 1401 size = (kdc_dh_info.subjectPublicKey.length + 7) / 8; 1402 1403 if (ctx->keyex == USE_DH) { 1404 DHPublicKey k; 1405 ret = decode_DHPublicKey(p, size, &k, NULL); 1406 if (ret) { 1407 krb5_set_error_message(context, ret, 1408 N_("pkinit: can't decode " 1409 "without key expiration", "")); 1410 goto out; 1411 } 1412 1413 kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); 1414 free_DHPublicKey(&k); 1415 if (kdc_dh_pubkey == NULL) { 1416 ret = ENOMEM; 1417 goto out; 1418 } 1419 1420 1421 size = DH_size(ctx->u.dh); 1422 1423 dh_gen_key = malloc(size); 1424 if (dh_gen_key == NULL) { 1425 ret = ENOMEM; 1426 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 1427 goto out; 1428 } 1429 1430 dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh); 1431 if (dh_gen_keylen == -1) { 1432 ret = KRB5KRB_ERR_GENERIC; 1433 dh_gen_keylen = 0; 1434 krb5_set_error_message(context, ret, 1435 N_("PKINIT: Can't compute Diffie-Hellman key", "")); 1436 goto out; 1437 } 1438 if (dh_gen_keylen < (int)size) { 1439 size -= dh_gen_keylen; 1440 memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen); 1441 memset(dh_gen_key, 0, size); 1442 } 1443 1444 } else { 1445 #ifdef HAVE_OPENSSL 1446 const EC_GROUP *group; 1447 EC_KEY *public = NULL; 1448 1449 group = EC_KEY_get0_group(ctx->u.eckey); 1450 1451 public = EC_KEY_new(); 1452 if (public == NULL) { 1453 ret = ENOMEM; 1454 goto out; 1455 } 1456 if (EC_KEY_set_group(public, group) != 1) { 1457 EC_KEY_free(public); 1458 ret = ENOMEM; 1459 goto out; 1460 } 1461 1462 if (o2i_ECPublicKey(&public, &p, size) == NULL) { 1463 EC_KEY_free(public); 1464 ret = KRB5KRB_ERR_GENERIC; 1465 krb5_set_error_message(context, ret, 1466 N_("PKINIT: Can't parse ECDH public key", "")); 1467 goto out; 1468 } 1469 1470 size = (EC_GROUP_get_degree(group) + 7) / 8; 1471 dh_gen_key = malloc(size); 1472 if (dh_gen_key == NULL) { 1473 EC_KEY_free(public); 1474 ret = ENOMEM; 1475 krb5_set_error_message(context, ret, 1476 N_("malloc: out of memory", "")); 1477 goto out; 1478 } 1479 dh_gen_keylen = ECDH_compute_key(dh_gen_key, size, 1480 EC_KEY_get0_public_key(public), ctx->u.eckey, NULL); 1481 EC_KEY_free(public); 1482 if (dh_gen_keylen == -1) { 1483 ret = KRB5KRB_ERR_GENERIC; 1484 dh_gen_keylen = 0; 1485 krb5_set_error_message(context, ret, 1486 N_("PKINIT: Can't compute ECDH public key", "")); 1487 goto out; 1488 } 1489 #else 1490 ret = EINVAL; 1491 #endif 1492 } 1493 1494 if (dh_gen_keylen <= 0) { 1495 ret = EINVAL; 1496 krb5_set_error_message(context, ret, 1497 N_("PKINIT: resulting DH key <= 0", "")); 1498 dh_gen_keylen = 0; 1499 goto out; 1500 } 1501 1502 *key = malloc (sizeof (**key)); 1503 if (*key == NULL) { 1504 ret = ENOMEM; 1505 krb5_set_error_message(context, ret, 1506 N_("malloc: out of memory", "")); 1507 goto out; 1508 } 1509 1510 ret = _krb5_pk_octetstring2key(context, 1511 etype, 1512 dh_gen_key, dh_gen_keylen, 1513 c_n, k_n, 1514 *key); 1515 if (ret) { 1516 krb5_set_error_message(context, ret, 1517 N_("PKINIT: can't create key from DH key", "")); 1518 free(*key); 1519 *key = NULL; 1520 goto out; 1521 } 1522 1523 out: 1524 if (kdc_dh_pubkey) 1525 BN_free(kdc_dh_pubkey); 1526 if (dh_gen_key) { 1527 memset(dh_gen_key, 0, dh_gen_keylen); 1528 free(dh_gen_key); 1529 } 1530 if (host) 1531 _krb5_pk_cert_free(host); 1532 if (content.data) 1533 krb5_data_free(&content); 1534 der_free_oid(&contentType); 1535 free_KDCDHKeyInfo(&kdc_dh_info); 1536 1537 return ret; 1538 } 1539 1540 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1541 _krb5_pk_rd_pa_reply(krb5_context context, 1542 const char *realm, 1543 void *c, 1544 krb5_enctype etype, 1545 const krb5_krbhst_info *hi, 1546 unsigned nonce, 1547 const krb5_data *req_buffer, 1548 PA_DATA *pa, 1549 krb5_keyblock **key) 1550 { 1551 krb5_pk_init_ctx ctx = c; 1552 krb5_error_code ret; 1553 size_t size; 1554 1555 /* Check for IETF PK-INIT first */ 1556 if (ctx->type == PKINIT_27) { 1557 PA_PK_AS_REP rep; 1558 heim_octet_string os, data; 1559 heim_oid oid; 1560 1561 if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { 1562 krb5_set_error_message(context, EINVAL, 1563 N_("PKINIT: wrong padata recv", "")); 1564 return EINVAL; 1565 } 1566 1567 ret = decode_PA_PK_AS_REP(pa->padata_value.data, 1568 pa->padata_value.length, 1569 &rep, 1570 &size); 1571 if (ret) { 1572 krb5_set_error_message(context, ret, 1573 N_("Failed to decode pkinit AS rep", "")); 1574 return ret; 1575 } 1576 1577 switch (rep.element) { 1578 case choice_PA_PK_AS_REP_dhInfo: 1579 _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh"); 1580 os = rep.u.dhInfo.dhSignedData; 1581 break; 1582 case choice_PA_PK_AS_REP_encKeyPack: 1583 _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key"); 1584 os = rep.u.encKeyPack; 1585 break; 1586 default: { 1587 PA_PK_AS_REP_BTMM btmm; 1588 free_PA_PK_AS_REP(&rep); 1589 memset(&rep, 0, sizeof(rep)); 1590 1591 _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key"); 1592 1593 ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data, 1594 pa->padata_value.length, 1595 &btmm, 1596 &size); 1597 if (ret) { 1598 krb5_set_error_message(context, EINVAL, 1599 N_("PKINIT: -27 reply " 1600 "invalid content type", "")); 1601 return EINVAL; 1602 } 1603 1604 if (btmm.dhSignedData || btmm.encKeyPack == NULL) { 1605 free_PA_PK_AS_REP_BTMM(&btmm); 1606 ret = EINVAL; 1607 krb5_set_error_message(context, ret, 1608 N_("DH mode not supported for BTMM mode", "")); 1609 return ret; 1610 } 1611 1612 /* 1613 * Transform to IETF style PK-INIT reply so that free works below 1614 */ 1615 1616 rep.element = choice_PA_PK_AS_REP_encKeyPack; 1617 rep.u.encKeyPack.data = btmm.encKeyPack->data; 1618 rep.u.encKeyPack.length = btmm.encKeyPack->length; 1619 btmm.encKeyPack->data = NULL; 1620 btmm.encKeyPack->length = 0; 1621 free_PA_PK_AS_REP_BTMM(&btmm); 1622 os = rep.u.encKeyPack; 1623 } 1624 } 1625 1626 ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); 1627 if (ret) { 1628 free_PA_PK_AS_REP(&rep); 1629 krb5_set_error_message(context, ret, 1630 N_("PKINIT: failed to unwrap CI", "")); 1631 return ret; 1632 } 1633 1634 switch (rep.element) { 1635 case choice_PA_PK_AS_REP_dhInfo: 1636 ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi, 1637 ctx->clientDHNonce, 1638 rep.u.dhInfo.serverDHNonce, 1639 nonce, pa, key); 1640 break; 1641 case choice_PA_PK_AS_REP_encKeyPack: 1642 ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm, 1643 ctx, etype, hi, nonce, req_buffer, pa, key); 1644 break; 1645 default: 1646 krb5_abortx(context, "pk-init as-rep case not possible to happen"); 1647 } 1648 der_free_octet_string(&data); 1649 der_free_oid(&oid); 1650 free_PA_PK_AS_REP(&rep); 1651 1652 } else if (ctx->type == PKINIT_WIN2K) { 1653 PA_PK_AS_REP_Win2k w2krep; 1654 1655 /* Check for Windows encoding of the AS-REP pa data */ 1656 1657 #if 0 /* should this be ? */ 1658 if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { 1659 krb5_set_error_message(context, EINVAL, 1660 "PKINIT: wrong padata recv"); 1661 return EINVAL; 1662 } 1663 #endif 1664 1665 memset(&w2krep, 0, sizeof(w2krep)); 1666 1667 ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data, 1668 pa->padata_value.length, 1669 &w2krep, 1670 &size); 1671 if (ret) { 1672 krb5_set_error_message(context, ret, 1673 N_("PKINIT: Failed decoding windows " 1674 "pkinit reply %d", ""), (int)ret); 1675 return ret; 1676 } 1677 1678 krb5_clear_error_message(context); 1679 1680 switch (w2krep.element) { 1681 case choice_PA_PK_AS_REP_Win2k_encKeyPack: { 1682 heim_octet_string data; 1683 heim_oid oid; 1684 1685 ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, 1686 &oid, &data, NULL); 1687 free_PA_PK_AS_REP_Win2k(&w2krep); 1688 if (ret) { 1689 krb5_set_error_message(context, ret, 1690 N_("PKINIT: failed to unwrap CI", "")); 1691 return ret; 1692 } 1693 1694 ret = pk_rd_pa_reply_enckey(context, PKINIT_WIN2K, &data, &oid, realm, 1695 ctx, etype, hi, nonce, req_buffer, pa, key); 1696 der_free_octet_string(&data); 1697 der_free_oid(&oid); 1698 1699 break; 1700 } 1701 default: 1702 free_PA_PK_AS_REP_Win2k(&w2krep); 1703 ret = EINVAL; 1704 krb5_set_error_message(context, ret, 1705 N_("PKINIT: win2k reply invalid " 1706 "content type", "")); 1707 break; 1708 } 1709 1710 } else { 1711 ret = EINVAL; 1712 krb5_set_error_message(context, ret, 1713 N_("PKINIT: unknown reply type", "")); 1714 } 1715 1716 return ret; 1717 } 1718 1719 struct prompter { 1720 krb5_context context; 1721 krb5_prompter_fct prompter; 1722 void *prompter_data; 1723 }; 1724 1725 static int 1726 hx_pass_prompter(void *data, const hx509_prompt *prompter) 1727 { 1728 krb5_error_code ret; 1729 krb5_prompt prompt; 1730 krb5_data password_data; 1731 struct prompter *p = data; 1732 1733 password_data.data = prompter->reply.data; 1734 password_data.length = prompter->reply.length; 1735 1736 prompt.prompt = prompter->prompt; 1737 prompt.hidden = hx509_prompt_hidden(prompter->type); 1738 prompt.reply = &password_data; 1739 1740 switch (prompter->type) { 1741 case HX509_PROMPT_TYPE_INFO: 1742 prompt.type = KRB5_PROMPT_TYPE_INFO; 1743 break; 1744 case HX509_PROMPT_TYPE_PASSWORD: 1745 case HX509_PROMPT_TYPE_QUESTION: 1746 default: 1747 prompt.type = KRB5_PROMPT_TYPE_PASSWORD; 1748 break; 1749 } 1750 1751 ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); 1752 if (ret) { 1753 memset (prompter->reply.data, 0, prompter->reply.length); 1754 return 1; 1755 } 1756 return 0; 1757 } 1758 1759 static krb5_error_code 1760 _krb5_pk_set_user_id(krb5_context context, 1761 krb5_principal principal, 1762 krb5_pk_init_ctx ctx, 1763 struct hx509_certs_data *certs) 1764 { 1765 hx509_certs c = hx509_certs_ref(certs); 1766 hx509_query *q = NULL; 1767 int ret; 1768 1769 if (ctx->id->certs) 1770 hx509_certs_free(&ctx->id->certs); 1771 if (ctx->id->cert) { 1772 hx509_cert_free(ctx->id->cert); 1773 ctx->id->cert = NULL; 1774 } 1775 1776 ctx->id->certs = c; 1777 ctx->anonymous = 0; 1778 1779 ret = hx509_query_alloc(context->hx509ctx, &q); 1780 if (ret) { 1781 pk_copy_error(context, context->hx509ctx, ret, 1782 "Allocate query to find signing certificate"); 1783 return ret; 1784 } 1785 1786 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); 1787 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); 1788 1789 if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) { 1790 ctx->id->flags |= PKINIT_BTMM; 1791 } 1792 1793 ret = find_cert(context, ctx->id, q, &ctx->id->cert); 1794 hx509_query_free(context->hx509ctx, q); 1795 1796 if (ret == 0 && _krb5_have_debug(context, 2)) { 1797 hx509_name name; 1798 char *str, *sn; 1799 heim_integer i; 1800 1801 ret = hx509_cert_get_subject(ctx->id->cert, &name); 1802 if (ret) 1803 goto out; 1804 1805 ret = hx509_name_to_string(name, &str); 1806 hx509_name_free(&name); 1807 if (ret) 1808 goto out; 1809 1810 ret = hx509_cert_get_serialnumber(ctx->id->cert, &i); 1811 if (ret) { 1812 free(str); 1813 goto out; 1814 } 1815 1816 ret = der_print_hex_heim_integer(&i, &sn); 1817 der_free_heim_integer(&i); 1818 if (ret) { 1819 free(name); 1820 goto out; 1821 } 1822 1823 _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn); 1824 free(str); 1825 free(sn); 1826 } 1827 out: 1828 1829 return ret; 1830 } 1831 1832 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 1833 _krb5_pk_load_id(krb5_context context, 1834 struct krb5_pk_identity **ret_id, 1835 const char *user_id, 1836 const char *anchor_id, 1837 char * const *chain_list, 1838 char * const *revoke_list, 1839 krb5_prompter_fct prompter, 1840 void *prompter_data, 1841 char *password) 1842 { 1843 struct krb5_pk_identity *id = NULL; 1844 struct prompter p; 1845 int ret; 1846 1847 *ret_id = NULL; 1848 1849 if (anchor_id == NULL) { 1850 krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA, 1851 N_("PKINIT: No anchor given", "")); 1852 return HEIM_PKINIT_NO_VALID_CA; 1853 } 1854 1855 /* load cert */ 1856 1857 id = calloc(1, sizeof(*id)); 1858 if (id == NULL) { 1859 krb5_set_error_message(context, ENOMEM, 1860 N_("malloc: out of memory", "")); 1861 return ENOMEM; 1862 } 1863 1864 if (user_id) { 1865 hx509_lock lock; 1866 1867 ret = hx509_lock_init(context->hx509ctx, &lock); 1868 if (ret) { 1869 pk_copy_error(context, context->hx509ctx, ret, "Failed init lock"); 1870 goto out; 1871 } 1872 1873 if (password && password[0]) 1874 hx509_lock_add_password(lock, password); 1875 1876 if (prompter) { 1877 p.context = context; 1878 p.prompter = prompter; 1879 p.prompter_data = prompter_data; 1880 1881 ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p); 1882 if (ret) { 1883 hx509_lock_free(lock); 1884 goto out; 1885 } 1886 } 1887 1888 ret = hx509_certs_init(context->hx509ctx, user_id, 0, lock, &id->certs); 1889 hx509_lock_free(lock); 1890 if (ret) { 1891 pk_copy_error(context, context->hx509ctx, ret, 1892 "Failed to init cert certs"); 1893 goto out; 1894 } 1895 } else { 1896 id->certs = NULL; 1897 } 1898 1899 ret = hx509_certs_init(context->hx509ctx, anchor_id, 0, NULL, &id->anchors); 1900 if (ret) { 1901 pk_copy_error(context, context->hx509ctx, ret, 1902 "Failed to init anchors"); 1903 goto out; 1904 } 1905 1906 ret = hx509_certs_init(context->hx509ctx, "MEMORY:pkinit-cert-chain", 1907 0, NULL, &id->certpool); 1908 if (ret) { 1909 pk_copy_error(context, context->hx509ctx, ret, 1910 "Failed to init chain"); 1911 goto out; 1912 } 1913 1914 while (chain_list && *chain_list) { 1915 ret = hx509_certs_append(context->hx509ctx, id->certpool, 1916 NULL, *chain_list); 1917 if (ret) { 1918 pk_copy_error(context, context->hx509ctx, ret, 1919 "Failed to laod chain %s", 1920 *chain_list); 1921 goto out; 1922 } 1923 chain_list++; 1924 } 1925 1926 if (revoke_list) { 1927 ret = hx509_revoke_init(context->hx509ctx, &id->revokectx); 1928 if (ret) { 1929 pk_copy_error(context, context->hx509ctx, ret, 1930 "Failed init revoke list"); 1931 goto out; 1932 } 1933 1934 while (*revoke_list) { 1935 ret = hx509_revoke_add_crl(context->hx509ctx, 1936 id->revokectx, 1937 *revoke_list); 1938 if (ret) { 1939 pk_copy_error(context, context->hx509ctx, ret, 1940 "Failed load revoke list"); 1941 goto out; 1942 } 1943 revoke_list++; 1944 } 1945 } else 1946 hx509_context_set_missing_revoke(context->hx509ctx, 1); 1947 1948 ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx); 1949 if (ret) { 1950 pk_copy_error(context, context->hx509ctx, ret, 1951 "Failed init verify context"); 1952 goto out; 1953 } 1954 1955 hx509_verify_attach_anchors(id->verify_ctx, id->anchors); 1956 hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); 1957 1958 out: 1959 if (ret) { 1960 hx509_verify_destroy_ctx(id->verify_ctx); 1961 hx509_certs_free(&id->certs); 1962 hx509_certs_free(&id->anchors); 1963 hx509_certs_free(&id->certpool); 1964 hx509_revoke_free(&id->revokectx); 1965 free(id); 1966 } else 1967 *ret_id = id; 1968 1969 return ret; 1970 } 1971 1972 /* 1973 * 1974 */ 1975 1976 static void 1977 pk_copy_error(krb5_context context, 1978 hx509_context hx509ctx, 1979 int hxret, 1980 const char *fmt, 1981 ...) 1982 { 1983 va_list va; 1984 char *s, *f; 1985 int ret; 1986 1987 va_start(va, fmt); 1988 ret = vasprintf(&f, fmt, va); 1989 va_end(va); 1990 if (ret == -1 || f == NULL) { 1991 krb5_clear_error_message(context); 1992 return; 1993 } 1994 1995 s = hx509_get_error_string(hx509ctx, hxret); 1996 if (s == NULL) { 1997 krb5_clear_error_message(context); 1998 free(f); 1999 return; 2000 } 2001 krb5_set_error_message(context, hxret, "%s: %s", f, s); 2002 free(s); 2003 free(f); 2004 } 2005 2006 static int 2007 parse_integer(krb5_context context, char **p, const char *file, int lineno, 2008 const char *name, heim_integer *integer) 2009 { 2010 int ret; 2011 char *p1; 2012 p1 = strsep(p, " \t"); 2013 if (p1 == NULL) { 2014 krb5_set_error_message(context, EINVAL, 2015 N_("moduli file %s missing %s on line %d", ""), 2016 file, name, lineno); 2017 return EINVAL; 2018 } 2019 ret = der_parse_hex_heim_integer(p1, integer); 2020 if (ret) { 2021 krb5_set_error_message(context, ret, 2022 N_("moduli file %s failed parsing %s " 2023 "on line %d", ""), 2024 file, name, lineno); 2025 return ret; 2026 } 2027 2028 return 0; 2029 } 2030 2031 krb5_error_code 2032 _krb5_parse_moduli_line(krb5_context context, 2033 const char *file, 2034 int lineno, 2035 char *p, 2036 struct krb5_dh_moduli **m) 2037 { 2038 struct krb5_dh_moduli *m1; 2039 char *p1; 2040 int ret; 2041 2042 *m = NULL; 2043 2044 m1 = calloc(1, sizeof(*m1)); 2045 if (m1 == NULL) { 2046 krb5_set_error_message(context, ENOMEM, 2047 N_("malloc: out of memory", "")); 2048 return ENOMEM; 2049 } 2050 2051 while (isspace((unsigned char)*p)) 2052 p++; 2053 if (*p == '#') { 2054 free(m1); 2055 return 0; 2056 } 2057 ret = EINVAL; 2058 2059 p1 = strsep(&p, " \t"); 2060 if (p1 == NULL) { 2061 krb5_set_error_message(context, ret, 2062 N_("moduli file %s missing name on line %d", ""), 2063 file, lineno); 2064 goto out; 2065 } 2066 m1->name = strdup(p1); 2067 if (m1->name == NULL) { 2068 ret = ENOMEM; 2069 krb5_set_error_message(context, ret, N_("malloc: out of memeory", "")); 2070 goto out; 2071 } 2072 2073 p1 = strsep(&p, " \t"); 2074 if (p1 == NULL) { 2075 krb5_set_error_message(context, ret, 2076 N_("moduli file %s missing bits on line %d", ""), 2077 file, lineno); 2078 goto out; 2079 } 2080 2081 m1->bits = atoi(p1); 2082 if (m1->bits == 0) { 2083 krb5_set_error_message(context, ret, 2084 N_("moduli file %s have un-parsable " 2085 "bits on line %d", ""), file, lineno); 2086 goto out; 2087 } 2088 2089 ret = parse_integer(context, &p, file, lineno, "p", &m1->p); 2090 if (ret) 2091 goto out; 2092 ret = parse_integer(context, &p, file, lineno, "g", &m1->g); 2093 if (ret) 2094 goto out; 2095 ret = parse_integer(context, &p, file, lineno, "q", &m1->q); 2096 if (ret) 2097 goto out; 2098 2099 *m = m1; 2100 2101 return 0; 2102 out: 2103 free(m1->name); 2104 der_free_heim_integer(&m1->p); 2105 der_free_heim_integer(&m1->g); 2106 der_free_heim_integer(&m1->q); 2107 free(m1); 2108 return ret; 2109 } 2110 2111 void 2112 _krb5_free_moduli(struct krb5_dh_moduli **moduli) 2113 { 2114 int i; 2115 for (i = 0; moduli[i] != NULL; i++) { 2116 free(moduli[i]->name); 2117 der_free_heim_integer(&moduli[i]->p); 2118 der_free_heim_integer(&moduli[i]->g); 2119 der_free_heim_integer(&moduli[i]->q); 2120 free(moduli[i]); 2121 } 2122 free(moduli); 2123 } 2124 2125 static const char *default_moduli_RFC2412_MODP_group2 = 2126 /* name */ 2127 "RFC2412-MODP-group2 " 2128 /* bits */ 2129 "1024 " 2130 /* p */ 2131 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" 2132 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" 2133 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" 2134 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" 2135 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" 2136 "FFFFFFFF" "FFFFFFFF " 2137 /* g */ 2138 "02 " 2139 /* q */ 2140 "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68" 2141 "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E" 2142 "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122" 2143 "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6" 2144 "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0" 2145 "FFFFFFFF" "FFFFFFFF"; 2146 2147 static const char *default_moduli_rfc3526_MODP_group14 = 2148 /* name */ 2149 "rfc3526-MODP-group14 " 2150 /* bits */ 2151 "1760 " 2152 /* p */ 2153 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" 2154 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" 2155 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" 2156 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" 2157 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" 2158 "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" 2159 "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" 2160 "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" 2161 "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" 2162 "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" 2163 "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF " 2164 /* g */ 2165 "02 " 2166 /* q */ 2167 "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68" 2168 "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E" 2169 "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122" 2170 "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6" 2171 "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E" 2172 "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF" 2173 "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36" 2174 "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D" 2175 "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964" 2176 "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288" 2177 "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF"; 2178 2179 krb5_error_code 2180 _krb5_parse_moduli(krb5_context context, const char *file, 2181 struct krb5_dh_moduli ***moduli) 2182 { 2183 /* name bits P G Q */ 2184 krb5_error_code ret; 2185 struct krb5_dh_moduli **m = NULL, **m2; 2186 char buf[4096]; 2187 FILE *f; 2188 int lineno = 0, n = 0; 2189 2190 *moduli = NULL; 2191 2192 m = calloc(1, sizeof(m[0]) * 3); 2193 if (m == NULL) { 2194 krb5_set_error_message(context, ENOMEM, 2195 N_("malloc: out of memory", "")); 2196 return ENOMEM; 2197 } 2198 2199 strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf)); 2200 ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]); 2201 if (ret) { 2202 _krb5_free_moduli(m); 2203 return ret; 2204 } 2205 n++; 2206 2207 strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf)); 2208 ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]); 2209 if (ret) { 2210 _krb5_free_moduli(m); 2211 return ret; 2212 } 2213 n++; 2214 2215 2216 if (file == NULL) 2217 file = MODULI_FILE; 2218 2219 #ifdef KRB5_USE_PATH_TOKENS 2220 { 2221 char * exp_file; 2222 2223 if (_krb5_expand_path_tokens(context, file, &exp_file) == 0) { 2224 f = fopen(exp_file, "r"); 2225 krb5_xfree(exp_file); 2226 } else { 2227 f = NULL; 2228 } 2229 } 2230 #else 2231 f = fopen(file, "r"); 2232 #endif 2233 2234 if (f == NULL) { 2235 *moduli = m; 2236 return 0; 2237 } 2238 rk_cloexec_file(f); 2239 2240 while(fgets(buf, sizeof(buf), f) != NULL) { 2241 struct krb5_dh_moduli *element; 2242 2243 buf[strcspn(buf, "\n")] = '\0'; 2244 lineno++; 2245 2246 m2 = realloc(m, (n + 2) * sizeof(m[0])); 2247 if (m2 == NULL) { 2248 _krb5_free_moduli(m); 2249 krb5_set_error_message(context, ENOMEM, 2250 N_("malloc: out of memory", "")); 2251 return ENOMEM; 2252 } 2253 m = m2; 2254 2255 m[n] = NULL; 2256 2257 ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element); 2258 if (ret) { 2259 _krb5_free_moduli(m); 2260 return ret; 2261 } 2262 if (element == NULL) 2263 continue; 2264 2265 m[n] = element; 2266 m[n + 1] = NULL; 2267 n++; 2268 } 2269 *moduli = m; 2270 return 0; 2271 } 2272 2273 krb5_error_code 2274 _krb5_dh_group_ok(krb5_context context, unsigned long bits, 2275 heim_integer *p, heim_integer *g, heim_integer *q, 2276 struct krb5_dh_moduli **moduli, 2277 char **name) 2278 { 2279 int i; 2280 2281 if (name) 2282 *name = NULL; 2283 2284 for (i = 0; moduli[i] != NULL; i++) { 2285 if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 && 2286 der_heim_integer_cmp(&moduli[i]->p, p) == 0 && 2287 (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) 2288 { 2289 if (bits && bits > moduli[i]->bits) { 2290 krb5_set_error_message(context, 2291 KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, 2292 N_("PKINIT: DH group parameter %s " 2293 "no accepted, not enough bits " 2294 "generated", ""), 2295 moduli[i]->name); 2296 return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; 2297 } 2298 if (name) 2299 *name = strdup(moduli[i]->name); 2300 return 0; 2301 } 2302 } 2303 krb5_set_error_message(context, 2304 KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, 2305 N_("PKINIT: DH group parameter no ok", "")); 2306 return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; 2307 } 2308 #endif /* PKINIT */ 2309 2310 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 2311 _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) 2312 { 2313 #ifdef PKINIT 2314 krb5_pk_init_ctx ctx; 2315 2316 if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL) 2317 return; 2318 ctx = opt->opt_private->pk_init_ctx; 2319 switch (ctx->keyex) { 2320 case USE_DH: 2321 if (ctx->u.dh) 2322 DH_free(ctx->u.dh); 2323 break; 2324 case USE_RSA: 2325 break; 2326 case USE_ECDH: 2327 #ifdef HAVE_OPENSSL 2328 if (ctx->u.eckey) 2329 EC_KEY_free(ctx->u.eckey); 2330 #endif 2331 break; 2332 } 2333 if (ctx->id) { 2334 hx509_verify_destroy_ctx(ctx->id->verify_ctx); 2335 hx509_certs_free(&ctx->id->certs); 2336 hx509_cert_free(ctx->id->cert); 2337 hx509_certs_free(&ctx->id->anchors); 2338 hx509_certs_free(&ctx->id->certpool); 2339 2340 if (ctx->clientDHNonce) { 2341 krb5_free_data(NULL, ctx->clientDHNonce); 2342 ctx->clientDHNonce = NULL; 2343 } 2344 if (ctx->m) 2345 _krb5_free_moduli(ctx->m); 2346 free(ctx->id); 2347 ctx->id = NULL; 2348 } 2349 free(opt->opt_private->pk_init_ctx); 2350 opt->opt_private->pk_init_ctx = NULL; 2351 #endif 2352 } 2353 2354 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2355 krb5_get_init_creds_opt_set_pkinit(krb5_context context, 2356 krb5_get_init_creds_opt *opt, 2357 krb5_principal principal, 2358 const char *user_id, 2359 const char *x509_anchors, 2360 char * const * pool, 2361 char * const * pki_revoke, 2362 int flags, 2363 krb5_prompter_fct prompter, 2364 void *prompter_data, 2365 char *password) 2366 { 2367 #ifdef PKINIT 2368 krb5_error_code ret; 2369 char *anchors = NULL; 2370 2371 if (opt->opt_private == NULL) { 2372 krb5_set_error_message(context, EINVAL, 2373 N_("PKINIT: on non extendable opt", "")); 2374 return EINVAL; 2375 } 2376 2377 opt->opt_private->pk_init_ctx = 2378 calloc(1, sizeof(*opt->opt_private->pk_init_ctx)); 2379 if (opt->opt_private->pk_init_ctx == NULL) { 2380 krb5_set_error_message(context, ENOMEM, 2381 N_("malloc: out of memory", "")); 2382 return ENOMEM; 2383 } 2384 opt->opt_private->pk_init_ctx->require_binding = 0; 2385 opt->opt_private->pk_init_ctx->require_eku = 1; 2386 opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1; 2387 opt->opt_private->pk_init_ctx->peer = NULL; 2388 2389 /* XXX implement krb5_appdefault_strings */ 2390 if (pool == NULL) 2391 pool = krb5_config_get_strings(context, NULL, 2392 "appdefaults", 2393 "pkinit_pool", 2394 NULL); 2395 2396 if (pki_revoke == NULL) 2397 pki_revoke = krb5_config_get_strings(context, NULL, 2398 "appdefaults", 2399 "pkinit_revoke", 2400 NULL); 2401 2402 if (x509_anchors == NULL) { 2403 krb5_appdefault_string(context, "kinit", 2404 krb5_principal_get_realm(context, principal), 2405 "pkinit_anchors", NULL, &anchors); 2406 x509_anchors = anchors; 2407 } 2408 2409 if (flags & 4) 2410 opt->opt_private->pk_init_ctx->anonymous = 1; 2411 2412 ret = _krb5_pk_load_id(context, 2413 &opt->opt_private->pk_init_ctx->id, 2414 user_id, 2415 x509_anchors, 2416 pool, 2417 pki_revoke, 2418 prompter, 2419 prompter_data, 2420 password); 2421 if (ret) { 2422 free(opt->opt_private->pk_init_ctx); 2423 opt->opt_private->pk_init_ctx = NULL; 2424 return ret; 2425 } 2426 2427 if (opt->opt_private->pk_init_ctx->id->certs) { 2428 _krb5_pk_set_user_id(context, 2429 principal, 2430 opt->opt_private->pk_init_ctx, 2431 opt->opt_private->pk_init_ctx->id->certs); 2432 } else 2433 opt->opt_private->pk_init_ctx->id->cert = NULL; 2434 2435 if ((flags & 2) == 0) { 2436 hx509_context hx509ctx = context->hx509ctx; 2437 hx509_cert cert = opt->opt_private->pk_init_ctx->id->cert; 2438 2439 opt->opt_private->pk_init_ctx->keyex = USE_DH; 2440 2441 /* 2442 * If its a ECDSA certs, lets select ECDSA as the keyex algorithm. 2443 */ 2444 if (cert) { 2445 AlgorithmIdentifier alg; 2446 2447 ret = hx509_cert_get_SPKI_AlgorithmIdentifier(hx509ctx, cert, &alg); 2448 if (ret == 0) { 2449 if (der_heim_oid_cmp(&alg.algorithm, &asn1_oid_id_ecPublicKey) == 0) 2450 opt->opt_private->pk_init_ctx->keyex = USE_ECDH; 2451 free_AlgorithmIdentifier(&alg); 2452 } 2453 } 2454 2455 } else { 2456 opt->opt_private->pk_init_ctx->keyex = USE_RSA; 2457 2458 if (opt->opt_private->pk_init_ctx->id->certs == NULL) { 2459 krb5_set_error_message(context, EINVAL, 2460 N_("No anonymous pkinit support in RSA mode", "")); 2461 return EINVAL; 2462 } 2463 } 2464 2465 return 0; 2466 #else 2467 krb5_set_error_message(context, EINVAL, 2468 N_("no support for PKINIT compiled in", "")); 2469 return EINVAL; 2470 #endif 2471 } 2472 2473 krb5_error_code KRB5_LIB_FUNCTION 2474 krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, 2475 krb5_get_init_creds_opt *opt, 2476 struct hx509_certs_data *certs) 2477 { 2478 #ifdef PKINIT 2479 if (opt->opt_private == NULL) { 2480 krb5_set_error_message(context, EINVAL, 2481 N_("PKINIT: on non extendable opt", "")); 2482 return EINVAL; 2483 } 2484 if (opt->opt_private->pk_init_ctx == NULL) { 2485 krb5_set_error_message(context, EINVAL, 2486 N_("PKINIT: on pkinit context", "")); 2487 return EINVAL; 2488 } 2489 2490 _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs); 2491 2492 return 0; 2493 #else 2494 krb5_set_error_message(context, EINVAL, 2495 N_("no support for PKINIT compiled in", "")); 2496 return EINVAL; 2497 #endif 2498 } 2499 2500 #ifdef PKINIT 2501 2502 static int 2503 get_ms_san(hx509_context context, hx509_cert cert, char **upn) 2504 { 2505 hx509_octet_string_list list; 2506 int ret; 2507 2508 *upn = NULL; 2509 2510 ret = hx509_cert_find_subjectAltName_otherName(context, 2511 cert, 2512 &asn1_oid_id_pkinit_ms_san, 2513 &list); 2514 if (ret) 2515 return 0; 2516 2517 if (list.len > 0 && list.val[0].length > 0) 2518 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, 2519 upn, NULL); 2520 else 2521 ret = 1; 2522 hx509_free_octet_string_list(&list); 2523 2524 return ret; 2525 } 2526 2527 static int 2528 find_ms_san(hx509_context context, hx509_cert cert, void *ctx) 2529 { 2530 char *upn; 2531 int ret; 2532 2533 ret = get_ms_san(context, cert, &upn); 2534 if (ret == 0) 2535 free(upn); 2536 return ret; 2537 } 2538 2539 2540 2541 #endif 2542 2543 /* 2544 * Private since it need to be redesigned using krb5_get_init_creds() 2545 */ 2546 2547 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 2548 krb5_pk_enterprise_cert(krb5_context context, 2549 const char *user_id, 2550 krb5_const_realm realm, 2551 krb5_principal *principal, 2552 struct hx509_certs_data **res) 2553 { 2554 #ifdef PKINIT 2555 krb5_error_code ret; 2556 hx509_certs certs, result; 2557 hx509_cert cert = NULL; 2558 hx509_query *q; 2559 char *name; 2560 2561 *principal = NULL; 2562 if (res) 2563 *res = NULL; 2564 2565 if (user_id == NULL) { 2566 krb5_set_error_message(context, ENOENT, "no user id"); 2567 return ENOENT; 2568 } 2569 2570 ret = hx509_certs_init(context->hx509ctx, user_id, 0, NULL, &certs); 2571 if (ret) { 2572 pk_copy_error(context, context->hx509ctx, ret, 2573 "Failed to init cert certs"); 2574 goto out; 2575 } 2576 2577 ret = hx509_query_alloc(context->hx509ctx, &q); 2578 if (ret) { 2579 krb5_set_error_message(context, ret, "out of memory"); 2580 hx509_certs_free(&certs); 2581 goto out; 2582 } 2583 2584 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); 2585 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); 2586 hx509_query_match_eku(q, &asn1_oid_id_pkinit_ms_eku); 2587 hx509_query_match_cmp_func(q, find_ms_san, NULL); 2588 2589 ret = hx509_certs_filter(context->hx509ctx, certs, q, &result); 2590 hx509_query_free(context->hx509ctx, q); 2591 hx509_certs_free(&certs); 2592 if (ret) { 2593 pk_copy_error(context, context->hx509ctx, ret, 2594 "Failed to find PKINIT certificate"); 2595 return ret; 2596 } 2597 2598 ret = hx509_get_one_cert(context->hx509ctx, result, &cert); 2599 hx509_certs_free(&result); 2600 if (ret) { 2601 pk_copy_error(context, context->hx509ctx, ret, 2602 "Failed to get one cert"); 2603 goto out; 2604 } 2605 2606 ret = get_ms_san(context->hx509ctx, cert, &name); 2607 if (ret) { 2608 pk_copy_error(context, context->hx509ctx, ret, 2609 "Failed to get MS SAN"); 2610 goto out; 2611 } 2612 2613 ret = krb5_make_principal(context, principal, realm, name, NULL); 2614 free(name); 2615 if (ret) 2616 goto out; 2617 2618 krb5_principal_set_type(context, *principal, KRB5_NT_ENTERPRISE_PRINCIPAL); 2619 2620 if (res) { 2621 ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res); 2622 if (ret) 2623 goto out; 2624 2625 ret = hx509_certs_add(context->hx509ctx, *res, cert); 2626 if (ret) { 2627 hx509_certs_free(res); 2628 goto out; 2629 } 2630 } 2631 2632 out: 2633 hx509_cert_free(cert); 2634 2635 return ret; 2636 #else 2637 krb5_set_error_message(context, EINVAL, 2638 N_("no support for PKINIT compiled in", "")); 2639 return EINVAL; 2640 #endif 2641 } 2642