xref: /freebsd/crypto/heimdal/lib/krb5/pkinit.c (revision b1d046441de9053152c7cf03d6b60d9882687e1b)
1 /*
2  * Copyright (c) 2003 - 2007 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 
36 RCSID("$Id: pkinit.c 22433 2008-01-13 14:11:46Z lha $");
37 
38 struct krb5_dh_moduli {
39     char *name;
40     unsigned long bits;
41     heim_integer p;
42     heim_integer g;
43     heim_integer q;
44 };
45 
46 #ifdef PKINIT
47 
48 #include <heim_asn1.h>
49 #include <rfc2459_asn1.h>
50 #include <cms_asn1.h>
51 #include <pkcs8_asn1.h>
52 #include <pkcs9_asn1.h>
53 #include <pkcs12_asn1.h>
54 #include <pkinit_asn1.h>
55 #include <asn1_err.h>
56 
57 #include <der.h>
58 
59 #include <hx509.h>
60 
61 enum {
62     COMPAT_WIN2K = 1,
63     COMPAT_IETF = 2
64 };
65 
66 struct krb5_pk_identity {
67     hx509_context hx509ctx;
68     hx509_verify_ctx verify_ctx;
69     hx509_certs certs;
70     hx509_certs anchors;
71     hx509_certs certpool;
72     hx509_revoke_ctx revokectx;
73 };
74 
75 struct krb5_pk_cert {
76     hx509_cert cert;
77 };
78 
79 struct krb5_pk_init_ctx_data {
80     struct krb5_pk_identity *id;
81     DH *dh;
82     krb5_data *clientDHNonce;
83     struct krb5_dh_moduli **m;
84     hx509_peer_info peer;
85     int type;
86     unsigned int require_binding:1;
87     unsigned int require_eku:1;
88     unsigned int require_krbtgt_otherName:1;
89     unsigned int require_hostname_match:1;
90     unsigned int trustedCertifiers:1;
91 };
92 
93 static void
94 _krb5_pk_copy_error(krb5_context context,
95 		    hx509_context hx509ctx,
96 		    int hxret,
97 		    const char *fmt,
98 		    ...)
99     __attribute__ ((format (printf, 4, 5)));
100 
101 /*
102  *
103  */
104 
105 void KRB5_LIB_FUNCTION
106 _krb5_pk_cert_free(struct krb5_pk_cert *cert)
107 {
108     if (cert->cert) {
109 	hx509_cert_free(cert->cert);
110     }
111     free(cert);
112 }
113 
114 static krb5_error_code
115 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
116 {
117     integer->length = BN_num_bytes(bn);
118     integer->data = malloc(integer->length);
119     if (integer->data == NULL) {
120 	krb5_clear_error_string(context);
121 	return ENOMEM;
122     }
123     BN_bn2bin(bn, integer->data);
124     integer->negative = BN_is_negative(bn);
125     return 0;
126 }
127 
128 static BIGNUM *
129 integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
130 {
131     BIGNUM *bn;
132 
133     bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
134     if (bn == NULL) {
135 	krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
136 	return NULL;
137     }
138     BN_set_negative(bn, f->negative);
139     return bn;
140 }
141 
142 
143 static krb5_error_code
144 _krb5_pk_create_sign(krb5_context context,
145 		     const heim_oid *eContentType,
146 		     krb5_data *eContent,
147 		     struct krb5_pk_identity *id,
148 		     hx509_peer_info peer,
149 		     krb5_data *sd_data)
150 {
151     hx509_cert cert;
152     hx509_query *q;
153     int ret;
154 
155     ret = hx509_query_alloc(id->hx509ctx, &q);
156     if (ret) {
157 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
158 			    "Allocate query to find signing certificate");
159 	return ret;
160     }
161 
162     hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
163     hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
164 
165     ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert);
166     hx509_query_free(id->hx509ctx, q);
167     if (ret) {
168 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
169 			    "Find certificate to signed CMS data");
170 	return ret;
171     }
172 
173     ret = hx509_cms_create_signed_1(id->hx509ctx,
174 				    0,
175 				    eContentType,
176 				    eContent->data,
177 				    eContent->length,
178 				    NULL,
179 				    cert,
180 				    peer,
181 				    NULL,
182 				    id->certs,
183 				    sd_data);
184     if (ret)
185 	_krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData");
186     hx509_cert_free(cert);
187 
188     return ret;
189 }
190 
191 static int
192 cert2epi(hx509_context context, void *ctx, hx509_cert c)
193 {
194     ExternalPrincipalIdentifiers *ids = ctx;
195     ExternalPrincipalIdentifier id;
196     hx509_name subject = NULL;
197     void *p;
198     int ret;
199 
200     memset(&id, 0, sizeof(id));
201 
202     ret = hx509_cert_get_subject(c, &subject);
203     if (ret)
204 	return ret;
205 
206     if (hx509_name_is_null_p(subject) != 0) {
207 
208 	id.subjectName = calloc(1, sizeof(*id.subjectName));
209 	if (id.subjectName == NULL) {
210 	    hx509_name_free(&subject);
211 	    free_ExternalPrincipalIdentifier(&id);
212 	    return ENOMEM;
213 	}
214 
215 	ret = hx509_name_binary(subject, id.subjectName);
216 	if (ret) {
217 	    hx509_name_free(&subject);
218 	    free_ExternalPrincipalIdentifier(&id);
219 	    return ret;
220 	}
221     }
222     hx509_name_free(&subject);
223 
224 
225     id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber));
226     if (id.issuerAndSerialNumber == NULL) {
227 	free_ExternalPrincipalIdentifier(&id);
228 	return ENOMEM;
229     }
230 
231     {
232 	IssuerAndSerialNumber iasn;
233 	hx509_name issuer;
234 	size_t size;
235 
236 	memset(&iasn, 0, sizeof(iasn));
237 
238 	ret = hx509_cert_get_issuer(c, &issuer);
239 	if (ret) {
240 	    free_ExternalPrincipalIdentifier(&id);
241 	    return ret;
242 	}
243 
244 	ret = hx509_name_to_Name(issuer, &iasn.issuer);
245 	hx509_name_free(&issuer);
246 	if (ret) {
247 	    free_ExternalPrincipalIdentifier(&id);
248 	    return ret;
249 	}
250 
251 	ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
252 	if (ret) {
253 	    free_IssuerAndSerialNumber(&iasn);
254 	    free_ExternalPrincipalIdentifier(&id);
255 	    return ret;
256 	}
257 
258 	ASN1_MALLOC_ENCODE(IssuerAndSerialNumber,
259 			   id.issuerAndSerialNumber->data,
260 			   id.issuerAndSerialNumber->length,
261 			   &iasn, &size, ret);
262 	free_IssuerAndSerialNumber(&iasn);
263 	if (ret)
264 	    return ret;
265 	if (id.issuerAndSerialNumber->length != size)
266 	    abort();
267     }
268 
269     id.subjectKeyIdentifier = NULL;
270 
271     p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1));
272     if (p == NULL) {
273 	free_ExternalPrincipalIdentifier(&id);
274 	return ENOMEM;
275     }
276 
277     ids->val = p;
278     ids->val[ids->len] = id;
279     ids->len++;
280 
281     return 0;
282 }
283 
284 static krb5_error_code
285 build_edi(krb5_context context,
286 	  hx509_context hx509ctx,
287 	  hx509_certs certs,
288 	  ExternalPrincipalIdentifiers *ids)
289 {
290     return hx509_certs_iter(hx509ctx, certs, cert2epi, ids);
291 }
292 
293 static krb5_error_code
294 build_auth_pack(krb5_context context,
295 		unsigned nonce,
296 		krb5_pk_init_ctx ctx,
297 		DH *dh,
298 		const KDC_REQ_BODY *body,
299 		AuthPack *a)
300 {
301     size_t buf_size, len;
302     krb5_error_code ret;
303     void *buf;
304     krb5_timestamp sec;
305     int32_t usec;
306     Checksum checksum;
307 
308     krb5_clear_error_string(context);
309 
310     memset(&checksum, 0, sizeof(checksum));
311 
312     krb5_us_timeofday(context, &sec, &usec);
313     a->pkAuthenticator.ctime = sec;
314     a->pkAuthenticator.nonce = nonce;
315 
316     ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
317     if (ret)
318 	return ret;
319     if (buf_size != len)
320 	krb5_abortx(context, "internal error in ASN.1 encoder");
321 
322     ret = krb5_create_checksum(context,
323 			       NULL,
324 			       0,
325 			       CKSUMTYPE_SHA1,
326 			       buf,
327 			       len,
328 			       &checksum);
329     free(buf);
330     if (ret)
331 	return ret;
332 
333     ALLOC(a->pkAuthenticator.paChecksum, 1);
334     if (a->pkAuthenticator.paChecksum == NULL) {
335 	krb5_set_error_string(context, "malloc: out of memory");
336 	return ENOMEM;
337     }
338 
339     ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
340 			 checksum.checksum.data, checksum.checksum.length);
341     free_Checksum(&checksum);
342     if (ret)
343 	return ret;
344 
345     if (dh) {
346 	DomainParameters dp;
347 	heim_integer dh_pub_key;
348 	krb5_data dhbuf;
349 	size_t size;
350 
351 	if (1 /* support_cached_dh */) {
352 	    ALLOC(a->clientDHNonce, 1);
353 	    if (a->clientDHNonce == NULL) {
354 		krb5_clear_error_string(context);
355 		return ENOMEM;
356 	    }
357 	    ret = krb5_data_alloc(a->clientDHNonce, 40);
358 	    if (a->clientDHNonce == NULL) {
359 		krb5_clear_error_string(context);
360 		return ENOMEM;
361 	    }
362 	    memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
363 	    ret = krb5_copy_data(context, a->clientDHNonce,
364 				 &ctx->clientDHNonce);
365 	    if (ret)
366 		return ret;
367 	}
368 
369 	ALLOC(a->clientPublicValue, 1);
370 	if (a->clientPublicValue == NULL)
371 	    return ENOMEM;
372 	ret = der_copy_oid(oid_id_dhpublicnumber(),
373 			   &a->clientPublicValue->algorithm.algorithm);
374 	if (ret)
375 	    return ret;
376 
377 	memset(&dp, 0, sizeof(dp));
378 
379 	ret = BN_to_integer(context, dh->p, &dp.p);
380 	if (ret) {
381 	    free_DomainParameters(&dp);
382 	    return ret;
383 	}
384 	ret = BN_to_integer(context, dh->g, &dp.g);
385 	if (ret) {
386 	    free_DomainParameters(&dp);
387 	    return ret;
388 	}
389 	ret = BN_to_integer(context, dh->q, &dp.q);
390 	if (ret) {
391 	    free_DomainParameters(&dp);
392 	    return ret;
393 	}
394 	dp.j = NULL;
395 	dp.validationParms = NULL;
396 
397 	a->clientPublicValue->algorithm.parameters =
398 	    malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
399 	if (a->clientPublicValue->algorithm.parameters == NULL) {
400 	    free_DomainParameters(&dp);
401 	    return ret;
402 	}
403 
404 	ASN1_MALLOC_ENCODE(DomainParameters,
405 			   a->clientPublicValue->algorithm.parameters->data,
406 			   a->clientPublicValue->algorithm.parameters->length,
407 			   &dp, &size, ret);
408 	free_DomainParameters(&dp);
409 	if (ret)
410 	    return ret;
411 	if (size != a->clientPublicValue->algorithm.parameters->length)
412 	    krb5_abortx(context, "Internal ASN1 encoder error");
413 
414 	ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
415 	if (ret)
416 	    return ret;
417 
418 	ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
419 			   &dh_pub_key, &size, ret);
420 	der_free_heim_integer(&dh_pub_key);
421 	if (ret)
422 	    return ret;
423 	if (size != dhbuf.length)
424 	    krb5_abortx(context, "asn1 internal error");
425 
426 	a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
427 	a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
428     }
429 
430     {
431 	a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
432 	if (a->supportedCMSTypes == NULL)
433 	    return ENOMEM;
434 
435 	ret = hx509_crypto_available(ctx->id->hx509ctx, HX509_SELECT_ALL, NULL,
436 				     &a->supportedCMSTypes->val,
437 				     &a->supportedCMSTypes->len);
438 	if (ret)
439 	    return ret;
440     }
441 
442     return ret;
443 }
444 
445 krb5_error_code KRB5_LIB_FUNCTION
446 _krb5_pk_mk_ContentInfo(krb5_context context,
447 			const krb5_data *buf,
448 			const heim_oid *oid,
449 			struct ContentInfo *content_info)
450 {
451     krb5_error_code ret;
452 
453     ret = der_copy_oid(oid, &content_info->contentType);
454     if (ret)
455 	return ret;
456     ALLOC(content_info->content, 1);
457     if (content_info->content == NULL)
458 	return ENOMEM;
459     content_info->content->data = malloc(buf->length);
460     if (content_info->content->data == NULL)
461 	return ENOMEM;
462     memcpy(content_info->content->data, buf->data, buf->length);
463     content_info->content->length = buf->length;
464     return 0;
465 }
466 
467 static krb5_error_code
468 pk_mk_padata(krb5_context context,
469 	     krb5_pk_init_ctx ctx,
470 	     const KDC_REQ_BODY *req_body,
471 	     unsigned nonce,
472 	     METHOD_DATA *md)
473 {
474     struct ContentInfo content_info;
475     krb5_error_code ret;
476     const heim_oid *oid;
477     size_t size;
478     krb5_data buf, sd_buf;
479     int pa_type;
480 
481     krb5_data_zero(&buf);
482     krb5_data_zero(&sd_buf);
483     memset(&content_info, 0, sizeof(content_info));
484 
485     if (ctx->type == COMPAT_WIN2K) {
486 	AuthPack_Win2k ap;
487 	krb5_timestamp sec;
488 	int32_t usec;
489 
490 	memset(&ap, 0, sizeof(ap));
491 
492 	/* fill in PKAuthenticator */
493 	ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName);
494 	if (ret) {
495 	    free_AuthPack_Win2k(&ap);
496 	    krb5_clear_error_string(context);
497 	    goto out;
498 	}
499 	ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm);
500 	if (ret) {
501 	    free_AuthPack_Win2k(&ap);
502 	    krb5_clear_error_string(context);
503 	    goto out;
504 	}
505 
506 	krb5_us_timeofday(context, &sec, &usec);
507 	ap.pkAuthenticator.ctime = sec;
508 	ap.pkAuthenticator.cusec = usec;
509 	ap.pkAuthenticator.nonce = nonce;
510 
511 	ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length,
512 			   &ap, &size, ret);
513 	free_AuthPack_Win2k(&ap);
514 	if (ret) {
515 	    krb5_set_error_string(context, "AuthPack_Win2k: %d", ret);
516 	    goto out;
517 	}
518 	if (buf.length != size)
519 	    krb5_abortx(context, "internal ASN1 encoder error");
520 
521 	oid = oid_id_pkcs7_data();
522     } else if (ctx->type == COMPAT_IETF) {
523 	AuthPack ap;
524 
525 	memset(&ap, 0, sizeof(ap));
526 
527 	ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap);
528 	if (ret) {
529 	    free_AuthPack(&ap);
530 	    goto out;
531 	}
532 
533 	ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
534 	free_AuthPack(&ap);
535 	if (ret) {
536 	    krb5_set_error_string(context, "AuthPack: %d", ret);
537 	    goto out;
538 	}
539 	if (buf.length != size)
540 	    krb5_abortx(context, "internal ASN1 encoder error");
541 
542 	oid = oid_id_pkauthdata();
543     } else
544 	krb5_abortx(context, "internal pkinit error");
545 
546     ret = _krb5_pk_create_sign(context,
547 			       oid,
548 			       &buf,
549 			       ctx->id,
550 			       ctx->peer,
551 			       &sd_buf);
552     krb5_data_free(&buf);
553     if (ret)
554 	goto out;
555 
556     ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf);
557     krb5_data_free(&sd_buf);
558     if (ret) {
559 	krb5_set_error_string(context,
560 			      "ContentInfo wrapping of signedData failed");
561 	goto out;
562     }
563 
564     if (ctx->type == COMPAT_WIN2K) {
565 	PA_PK_AS_REQ_Win2k winreq;
566 
567 	pa_type = KRB5_PADATA_PK_AS_REQ_WIN;
568 
569 	memset(&winreq, 0, sizeof(winreq));
570 
571 	winreq.signed_auth_pack = buf;
572 
573 	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length,
574 			   &winreq, &size, ret);
575 	free_PA_PK_AS_REQ_Win2k(&winreq);
576 
577     } else if (ctx->type == COMPAT_IETF) {
578 	PA_PK_AS_REQ req;
579 
580 	pa_type = KRB5_PADATA_PK_AS_REQ;
581 
582 	memset(&req, 0, sizeof(req));
583 	req.signedAuthPack = buf;
584 
585 	if (ctx->trustedCertifiers) {
586 
587 	    req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers));
588 	    if (req.trustedCertifiers == NULL) {
589 		krb5_set_error_string(context, "malloc: out of memory");
590 		free_PA_PK_AS_REQ(&req);
591 		goto out;
592 	    }
593 	    ret = build_edi(context, ctx->id->hx509ctx,
594 			    ctx->id->anchors, req.trustedCertifiers);
595 	    if (ret) {
596 		krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers");
597 		free_PA_PK_AS_REQ(&req);
598 		goto out;
599 	    }
600 	}
601 	req.kdcPkId = NULL;
602 
603 	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length,
604 			   &req, &size, ret);
605 
606 	free_PA_PK_AS_REQ(&req);
607 
608     } else
609 	krb5_abortx(context, "internal pkinit error");
610     if (ret) {
611 	krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret);
612 	goto out;
613     }
614     if (buf.length != size)
615 	krb5_abortx(context, "Internal ASN1 encoder error");
616 
617     ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
618     if (ret)
619 	free(buf.data);
620 
621     if (ret == 0 && ctx->type == COMPAT_WIN2K)
622 	krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
623 
624 out:
625     free_ContentInfo(&content_info);
626 
627     return ret;
628 }
629 
630 
631 krb5_error_code KRB5_LIB_FUNCTION
632 _krb5_pk_mk_padata(krb5_context context,
633 		   void *c,
634 		   const KDC_REQ_BODY *req_body,
635 		   unsigned nonce,
636 		   METHOD_DATA *md)
637 {
638     krb5_pk_init_ctx ctx = c;
639     int win2k_compat;
640 
641     win2k_compat = krb5_config_get_bool_default(context, NULL,
642 						FALSE,
643 						"realms",
644 						req_body->realm,
645 						"pkinit_win2k",
646 						NULL);
647 
648     if (win2k_compat) {
649 	ctx->require_binding =
650 	    krb5_config_get_bool_default(context, NULL,
651 					 FALSE,
652 					 "realms",
653 					 req_body->realm,
654 					 "pkinit_win2k_require_binding",
655 					 NULL);
656 	ctx->type = COMPAT_WIN2K;
657     } else
658 	ctx->type = COMPAT_IETF;
659 
660     ctx->require_eku =
661 	krb5_config_get_bool_default(context, NULL,
662 				     TRUE,
663 				     "realms",
664 				     req_body->realm,
665 				     "pkinit_require_eku",
666 				     NULL);
667     ctx->require_krbtgt_otherName =
668 	krb5_config_get_bool_default(context, NULL,
669 				     TRUE,
670 				     "realms",
671 				     req_body->realm,
672 				     "pkinit_require_krbtgt_otherName",
673 				     NULL);
674 
675     ctx->require_hostname_match =
676 	krb5_config_get_bool_default(context, NULL,
677 				     FALSE,
678 				     "realms",
679 				     req_body->realm,
680 				     "pkinit_require_hostname_match",
681 				     NULL);
682 
683     ctx->trustedCertifiers =
684 	krb5_config_get_bool_default(context, NULL,
685 				     TRUE,
686 				     "realms",
687 				     req_body->realm,
688 				     "pkinit_trustedCertifiers",
689 				     NULL);
690 
691     return pk_mk_padata(context, ctx, req_body, nonce, md);
692 }
693 
694 krb5_error_code KRB5_LIB_FUNCTION
695 _krb5_pk_verify_sign(krb5_context context,
696 		     const void *data,
697 		     size_t length,
698 		     struct krb5_pk_identity *id,
699 		     heim_oid *contentType,
700 		     krb5_data *content,
701 		     struct krb5_pk_cert **signer)
702 {
703     hx509_certs signer_certs;
704     int ret;
705 
706     *signer = NULL;
707 
708     ret = hx509_cms_verify_signed(id->hx509ctx,
709 				  id->verify_ctx,
710 				  data,
711 				  length,
712 				  NULL,
713 				  id->certpool,
714 				  contentType,
715 				  content,
716 				  &signer_certs);
717     if (ret) {
718 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
719 			    "CMS verify signed failed");
720 	return ret;
721     }
722 
723     *signer = calloc(1, sizeof(**signer));
724     if (*signer == NULL) {
725 	krb5_clear_error_string(context);
726 	ret = ENOMEM;
727 	goto out;
728     }
729 
730     ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert);
731     if (ret) {
732 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
733 			    "Failed to get on of the signer certs");
734 	goto out;
735     }
736 
737 out:
738     hx509_certs_free(&signer_certs);
739     if (ret) {
740 	if (*signer) {
741 	    hx509_cert_free((*signer)->cert);
742 	    free(*signer);
743 	    *signer = NULL;
744 	}
745     }
746 
747     return ret;
748 }
749 
750 static krb5_error_code
751 get_reply_key_win(krb5_context context,
752 		  const krb5_data *content,
753 		  unsigned nonce,
754 		  krb5_keyblock **key)
755 {
756     ReplyKeyPack_Win2k key_pack;
757     krb5_error_code ret;
758     size_t size;
759 
760     ret = decode_ReplyKeyPack_Win2k(content->data,
761 				    content->length,
762 				    &key_pack,
763 				    &size);
764     if (ret) {
765 	krb5_set_error_string(context, "PKINIT decoding reply key failed");
766 	free_ReplyKeyPack_Win2k(&key_pack);
767 	return ret;
768     }
769 
770     if (key_pack.nonce != nonce) {
771 	krb5_set_error_string(context, "PKINIT enckey nonce is wrong");
772 	free_ReplyKeyPack_Win2k(&key_pack);
773 	return KRB5KRB_AP_ERR_MODIFIED;
774     }
775 
776     *key = malloc (sizeof (**key));
777     if (*key == NULL) {
778 	krb5_set_error_string(context, "PKINIT failed allocating reply key");
779 	free_ReplyKeyPack_Win2k(&key_pack);
780 	krb5_set_error_string(context, "malloc: out of memory");
781 	return ENOMEM;
782     }
783 
784     ret = copy_EncryptionKey(&key_pack.replyKey, *key);
785     free_ReplyKeyPack_Win2k(&key_pack);
786     if (ret) {
787 	krb5_set_error_string(context, "PKINIT failed copying reply key");
788 	free(*key);
789 	*key = NULL;
790     }
791 
792     return ret;
793 }
794 
795 static krb5_error_code
796 get_reply_key(krb5_context context,
797 	      const krb5_data *content,
798 	      const krb5_data *req_buffer,
799 	      krb5_keyblock **key)
800 {
801     ReplyKeyPack key_pack;
802     krb5_error_code ret;
803     size_t size;
804 
805     ret = decode_ReplyKeyPack(content->data,
806 			      content->length,
807 			      &key_pack,
808 			      &size);
809     if (ret) {
810 	krb5_set_error_string(context, "PKINIT decoding reply key failed");
811 	free_ReplyKeyPack(&key_pack);
812 	return ret;
813     }
814 
815     {
816 	krb5_crypto crypto;
817 
818 	/*
819 	 * XXX Verify kp.replyKey is a allowed enctype in the
820 	 * configuration file
821 	 */
822 
823 	ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
824 	if (ret) {
825 	    free_ReplyKeyPack(&key_pack);
826 	    return ret;
827 	}
828 
829 	ret = krb5_verify_checksum(context, crypto, 6,
830 				   req_buffer->data, req_buffer->length,
831 				   &key_pack.asChecksum);
832 	krb5_crypto_destroy(context, crypto);
833 	if (ret) {
834 	    free_ReplyKeyPack(&key_pack);
835 	    return ret;
836 	}
837     }
838 
839     *key = malloc (sizeof (**key));
840     if (*key == NULL) {
841 	krb5_set_error_string(context, "PKINIT failed allocating reply key");
842 	free_ReplyKeyPack(&key_pack);
843 	krb5_set_error_string(context, "malloc: out of memory");
844 	return ENOMEM;
845     }
846 
847     ret = copy_EncryptionKey(&key_pack.replyKey, *key);
848     free_ReplyKeyPack(&key_pack);
849     if (ret) {
850 	krb5_set_error_string(context, "PKINIT failed copying reply key");
851 	free(*key);
852 	*key = NULL;
853     }
854 
855     return ret;
856 }
857 
858 
859 static krb5_error_code
860 pk_verify_host(krb5_context context,
861 	       const char *realm,
862 	       const krb5_krbhst_info *hi,
863 	       struct krb5_pk_init_ctx_data *ctx,
864 	       struct krb5_pk_cert *host)
865 {
866     krb5_error_code ret = 0;
867 
868     if (ctx->require_eku) {
869 	ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
870 				   oid_id_pkkdcekuoid(), 0);
871 	if (ret) {
872 	    krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate");
873 	    return ret;
874 	}
875     }
876     if (ctx->require_krbtgt_otherName) {
877 	hx509_octet_string_list list;
878 	int i;
879 
880 	ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx,
881 						       host->cert,
882 						       oid_id_pkinit_san(),
883 						       &list);
884 	if (ret) {
885 	    krb5_set_error_string(context, "Failed to find the PK-INIT "
886 				  "subjectAltName in the KDC certificate");
887 
888 	    return ret;
889 	}
890 
891 	for (i = 0; i < list.len; i++) {
892 	    KRB5PrincipalName r;
893 
894 	    ret = decode_KRB5PrincipalName(list.val[i].data,
895 					   list.val[i].length,
896 					   &r,
897 					   NULL);
898 	    if (ret) {
899 		krb5_set_error_string(context, "Failed to decode the PK-INIT "
900 				      "subjectAltName in the KDC certificate");
901 
902 		break;
903 	    }
904 
905 	    if (r.principalName.name_string.len != 2 ||
906 		strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 ||
907 		strcmp(r.principalName.name_string.val[1], realm) != 0 ||
908 		strcmp(r.realm, realm) != 0)
909 	    {
910 		krb5_set_error_string(context, "KDC have wrong realm name in "
911 				      "the certificate");
912 		ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
913 	    }
914 
915 	    free_KRB5PrincipalName(&r);
916 	    if (ret)
917 		break;
918 	}
919 	hx509_free_octet_string_list(&list);
920     }
921     if (ret)
922 	return ret;
923 
924     if (hi) {
925 	ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert,
926 				    ctx->require_hostname_match,
927 				    HX509_HN_HOSTNAME,
928 				    hi->hostname,
929 				    hi->ai->ai_addr, hi->ai->ai_addrlen);
930 
931 	if (ret)
932 	    krb5_set_error_string(context, "Address mismatch in "
933 				  "the KDC certificate");
934     }
935     return ret;
936 }
937 
938 static krb5_error_code
939 pk_rd_pa_reply_enckey(krb5_context context,
940 		      int type,
941 		      const heim_octet_string *indata,
942 		      const heim_oid *dataType,
943 		      const char *realm,
944 		      krb5_pk_init_ctx ctx,
945 		      krb5_enctype etype,
946 		      const krb5_krbhst_info *hi,
947 	       	      unsigned nonce,
948 		      const krb5_data *req_buffer,
949 	       	      PA_DATA *pa,
950 	       	      krb5_keyblock **key)
951 {
952     krb5_error_code ret;
953     struct krb5_pk_cert *host = NULL;
954     krb5_data content;
955     heim_oid contentType = { 0, NULL };
956 
957     if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) {
958 	krb5_set_error_string(context, "PKINIT: Invalid content type");
959 	return EINVAL;
960     }
961 
962     ret = hx509_cms_unenvelope(ctx->id->hx509ctx,
963 			       ctx->id->certs,
964 			       HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT,
965 			       indata->data,
966 			       indata->length,
967 			       NULL,
968 			       &contentType,
969 			       &content);
970     if (ret) {
971 	_krb5_pk_copy_error(context, ctx->id->hx509ctx, ret,
972 			    "Failed to unenvelope CMS data in PK-INIT reply");
973 	return ret;
974     }
975     der_free_oid(&contentType);
976 
977 #if 0 /* windows LH with interesting CMS packets, leaks memory */
978     {
979 	size_t ph = 1 + der_length_len (length);
980 	unsigned char *ptr = malloc(length + ph);
981 	size_t l;
982 
983 	memcpy(ptr + ph, p, length);
984 
985 	ret = der_put_length_and_tag (ptr + ph - 1, ph, length,
986 				      ASN1_C_UNIV, CONS, UT_Sequence, &l);
987 	if (ret)
988 	    return ret;
989 	ptr += ph - l;
990 	length += l;
991 	p = ptr;
992     }
993 #endif
994 
995     /* win2k uses ContentInfo */
996     if (type == COMPAT_WIN2K) {
997 	heim_oid type;
998 	heim_octet_string out;
999 
1000 	ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
1001 	if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) {
1002 	    ret = EINVAL; /* XXX */
1003 	    krb5_set_error_string(context, "PKINIT: Invalid content type");
1004 	    der_free_oid(&type);
1005 	    der_free_octet_string(&out);
1006 	    goto out;
1007 	}
1008 	der_free_oid(&type);
1009 	krb5_data_free(&content);
1010 	ret = krb5_data_copy(&content, out.data, out.length);
1011 	der_free_octet_string(&out);
1012 	if (ret) {
1013 	    krb5_set_error_string(context, "PKINIT: out of memory");
1014 	    goto out;
1015 	}
1016     }
1017 
1018     ret = _krb5_pk_verify_sign(context,
1019 			       content.data,
1020 			       content.length,
1021 			       ctx->id,
1022 			       &contentType,
1023 			       &content,
1024 			       &host);
1025     if (ret)
1026 	goto out;
1027 
1028     /* make sure that it is the kdc's certificate */
1029     ret = pk_verify_host(context, realm, hi, ctx, host);
1030     if (ret) {
1031 	goto out;
1032     }
1033 
1034 #if 0
1035     if (type == COMPAT_WIN2K) {
1036 	if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
1037 	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
1038 	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
1039 	    goto out;
1040 	}
1041     } else {
1042 	if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) {
1043 	    krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
1044 	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
1045 	    goto out;
1046 	}
1047     }
1048 #endif
1049 
1050     switch(type) {
1051     case COMPAT_WIN2K:
1052 	ret = get_reply_key(context, &content, req_buffer, key);
1053 	if (ret != 0 && ctx->require_binding == 0)
1054 	    ret = get_reply_key_win(context, &content, nonce, key);
1055 	break;
1056     case COMPAT_IETF:
1057 	ret = get_reply_key(context, &content, req_buffer, key);
1058 	break;
1059     }
1060     if (ret)
1061 	goto out;
1062 
1063     /* XXX compare given etype with key->etype */
1064 
1065  out:
1066     if (host)
1067 	_krb5_pk_cert_free(host);
1068     der_free_oid(&contentType);
1069     krb5_data_free(&content);
1070 
1071     return ret;
1072 }
1073 
1074 static krb5_error_code
1075 pk_rd_pa_reply_dh(krb5_context context,
1076 		  const heim_octet_string *indata,
1077 		  const heim_oid *dataType,
1078 		  const char *realm,
1079 		  krb5_pk_init_ctx ctx,
1080 		  krb5_enctype etype,
1081 		  const krb5_krbhst_info *hi,
1082 		  const DHNonce *c_n,
1083 		  const DHNonce *k_n,
1084                   unsigned nonce,
1085                   PA_DATA *pa,
1086                   krb5_keyblock **key)
1087 {
1088     unsigned char *p, *dh_gen_key = NULL;
1089     struct krb5_pk_cert *host = NULL;
1090     BIGNUM *kdc_dh_pubkey = NULL;
1091     KDCDHKeyInfo kdc_dh_info;
1092     heim_oid contentType = { 0, NULL };
1093     krb5_data content;
1094     krb5_error_code ret;
1095     int dh_gen_keylen;
1096     size_t size;
1097 
1098     krb5_data_zero(&content);
1099     memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
1100 
1101     if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) {
1102 	krb5_set_error_string(context, "PKINIT: Invalid content type");
1103 	return EINVAL;
1104     }
1105 
1106     ret = _krb5_pk_verify_sign(context,
1107 			       indata->data,
1108 			       indata->length,
1109 			       ctx->id,
1110 			       &contentType,
1111 			       &content,
1112 			       &host);
1113     if (ret)
1114 	goto out;
1115 
1116     /* make sure that it is the kdc's certificate */
1117     ret = pk_verify_host(context, realm, hi, ctx, host);
1118     if (ret)
1119 	goto out;
1120 
1121     if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
1122 	krb5_set_error_string(context, "pkinit - dh reply contains wrong oid");
1123 	ret = KRB5KRB_AP_ERR_MSG_TYPE;
1124 	goto out;
1125     }
1126 
1127     ret = decode_KDCDHKeyInfo(content.data,
1128 			      content.length,
1129 			      &kdc_dh_info,
1130 			      &size);
1131 
1132     if (ret) {
1133 	krb5_set_error_string(context, "pkinit - "
1134 			      "failed to decode KDC DH Key Info");
1135 	goto out;
1136     }
1137 
1138     if (kdc_dh_info.nonce != nonce) {
1139 	krb5_set_error_string(context, "PKINIT: DH nonce is wrong");
1140 	ret = KRB5KRB_AP_ERR_MODIFIED;
1141 	goto out;
1142     }
1143 
1144     if (kdc_dh_info.dhKeyExpiration) {
1145 	if (k_n == NULL) {
1146 	    krb5_set_error_string(context, "pkinit; got key expiration "
1147 				  "without server nonce");
1148 	    ret = KRB5KRB_ERR_GENERIC;
1149 	    goto out;
1150 	}
1151 	if (c_n == NULL) {
1152 	    krb5_set_error_string(context, "pkinit; got DH reuse but no "
1153 				  "client nonce");
1154 	    ret = KRB5KRB_ERR_GENERIC;
1155 	    goto out;
1156 	}
1157     } else {
1158 	if (k_n) {
1159 	    krb5_set_error_string(context, "pkinit: got server nonce "
1160 				  "without key expiration");
1161 	    ret = KRB5KRB_ERR_GENERIC;
1162 	    goto out;
1163 	}
1164 	c_n = NULL;
1165     }
1166 
1167 
1168     p = kdc_dh_info.subjectPublicKey.data;
1169     size = (kdc_dh_info.subjectPublicKey.length + 7) / 8;
1170 
1171     {
1172 	DHPublicKey k;
1173 	ret = decode_DHPublicKey(p, size, &k, NULL);
1174 	if (ret) {
1175 	    krb5_set_error_string(context, "pkinit: can't decode "
1176 				  "without key expiration");
1177 	    goto out;
1178 	}
1179 
1180 	kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
1181 	free_DHPublicKey(&k);
1182 	if (kdc_dh_pubkey == NULL) {
1183 	    ret = KRB5KRB_ERR_GENERIC;
1184 	    goto out;
1185 	}
1186     }
1187 
1188     dh_gen_keylen = DH_size(ctx->dh);
1189     size = BN_num_bytes(ctx->dh->p);
1190     if (size < dh_gen_keylen)
1191 	size = dh_gen_keylen;
1192 
1193     dh_gen_key = malloc(size);
1194     if (dh_gen_key == NULL) {
1195 	krb5_set_error_string(context, "malloc: out of memory");
1196 	ret = ENOMEM;
1197 	goto out;
1198     }
1199     memset(dh_gen_key, 0, size - dh_gen_keylen);
1200 
1201     dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
1202 				   kdc_dh_pubkey, ctx->dh);
1203     if (dh_gen_keylen == -1) {
1204 	krb5_set_error_string(context,
1205 			      "PKINIT: Can't compute Diffie-Hellman key");
1206 	ret = KRB5KRB_ERR_GENERIC;
1207 	goto out;
1208     }
1209 
1210     *key = malloc (sizeof (**key));
1211     if (*key == NULL) {
1212 	krb5_set_error_string(context, "malloc: out of memory");
1213 	ret = ENOMEM;
1214 	goto out;
1215     }
1216 
1217     ret = _krb5_pk_octetstring2key(context,
1218 				   etype,
1219 				   dh_gen_key, dh_gen_keylen,
1220 				   c_n, k_n,
1221 				   *key);
1222     if (ret) {
1223 	krb5_set_error_string(context,
1224 			      "PKINIT: can't create key from DH key");
1225 	free(*key);
1226 	*key = NULL;
1227 	goto out;
1228     }
1229 
1230  out:
1231     if (kdc_dh_pubkey)
1232 	BN_free(kdc_dh_pubkey);
1233     if (dh_gen_key) {
1234 	memset(dh_gen_key, 0, DH_size(ctx->dh));
1235 	free(dh_gen_key);
1236     }
1237     if (host)
1238 	_krb5_pk_cert_free(host);
1239     if (content.data)
1240 	krb5_data_free(&content);
1241     der_free_oid(&contentType);
1242     free_KDCDHKeyInfo(&kdc_dh_info);
1243 
1244     return ret;
1245 }
1246 
1247 krb5_error_code KRB5_LIB_FUNCTION
1248 _krb5_pk_rd_pa_reply(krb5_context context,
1249 		     const char *realm,
1250 		     void *c,
1251 		     krb5_enctype etype,
1252 		     const krb5_krbhst_info *hi,
1253 		     unsigned nonce,
1254 		     const krb5_data *req_buffer,
1255 		     PA_DATA *pa,
1256 		     krb5_keyblock **key)
1257 {
1258     krb5_pk_init_ctx ctx = c;
1259     krb5_error_code ret;
1260     size_t size;
1261 
1262     /* Check for IETF PK-INIT first */
1263     if (ctx->type == COMPAT_IETF) {
1264 	PA_PK_AS_REP rep;
1265 	heim_octet_string os, data;
1266 	heim_oid oid;
1267 
1268 	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
1269 	    krb5_set_error_string(context, "PKINIT: wrong padata recv");
1270 	    return EINVAL;
1271 	}
1272 
1273 	ret = decode_PA_PK_AS_REP(pa->padata_value.data,
1274 				  pa->padata_value.length,
1275 				  &rep,
1276 				  &size);
1277 	if (ret) {
1278 	    krb5_set_error_string(context, "Failed to decode pkinit AS rep");
1279 	    return ret;
1280 	}
1281 
1282 	switch (rep.element) {
1283 	case choice_PA_PK_AS_REP_dhInfo:
1284 	    os = rep.u.dhInfo.dhSignedData;
1285 	    break;
1286 	case choice_PA_PK_AS_REP_encKeyPack:
1287 	    os = rep.u.encKeyPack;
1288 	    break;
1289 	default:
1290 	    free_PA_PK_AS_REP(&rep);
1291 	    krb5_set_error_string(context, "PKINIT: -27 reply "
1292 				  "invalid content type");
1293 	    return EINVAL;
1294 	}
1295 
1296 	ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
1297 	if (ret) {
1298 	    free_PA_PK_AS_REP(&rep);
1299 	    krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
1300 	    return ret;
1301 	}
1302 
1303 	switch (rep.element) {
1304 	case choice_PA_PK_AS_REP_dhInfo:
1305 	    ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
1306 				    ctx->clientDHNonce,
1307 				    rep.u.dhInfo.serverDHNonce,
1308 				    nonce, pa, key);
1309 	    break;
1310 	case choice_PA_PK_AS_REP_encKeyPack:
1311 	    ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm,
1312 					ctx, etype, hi, nonce, req_buffer, pa, key);
1313 	    break;
1314 	default:
1315 	    krb5_abortx(context, "pk-init as-rep case not possible to happen");
1316 	}
1317 	der_free_octet_string(&data);
1318 	der_free_oid(&oid);
1319 	free_PA_PK_AS_REP(&rep);
1320 
1321     } else if (ctx->type == COMPAT_WIN2K) {
1322 	PA_PK_AS_REP_Win2k w2krep;
1323 
1324 	/* Check for Windows encoding of the AS-REP pa data */
1325 
1326 #if 0 /* should this be ? */
1327 	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
1328 	    krb5_set_error_string(context, "PKINIT: wrong padata recv");
1329 	    return EINVAL;
1330 	}
1331 #endif
1332 
1333 	memset(&w2krep, 0, sizeof(w2krep));
1334 
1335 	ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
1336 					pa->padata_value.length,
1337 					&w2krep,
1338 					&size);
1339 	if (ret) {
1340 	    krb5_set_error_string(context, "PKINIT: Failed decoding windows "
1341 				  "pkinit reply %d", ret);
1342 	    return ret;
1343 	}
1344 
1345 	krb5_clear_error_string(context);
1346 
1347 	switch (w2krep.element) {
1348 	case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
1349 	    heim_octet_string data;
1350 	    heim_oid oid;
1351 
1352 	    ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack,
1353 					       &oid, &data, NULL);
1354 	    free_PA_PK_AS_REP_Win2k(&w2krep);
1355 	    if (ret) {
1356 		krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
1357 		return ret;
1358 	    }
1359 
1360 	    ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm,
1361 					ctx, etype, hi, nonce, req_buffer, pa, key);
1362 	    der_free_octet_string(&data);
1363 	    der_free_oid(&oid);
1364 
1365 	    break;
1366 	}
1367 	default:
1368 	    free_PA_PK_AS_REP_Win2k(&w2krep);
1369 	    krb5_set_error_string(context, "PKINIT: win2k reply invalid "
1370 				  "content type");
1371 	    ret = EINVAL;
1372 	    break;
1373 	}
1374 
1375     } else {
1376 	krb5_set_error_string(context, "PKINIT: unknown reply type");
1377 	ret = EINVAL;
1378     }
1379 
1380     return ret;
1381 }
1382 
1383 struct prompter {
1384     krb5_context context;
1385     krb5_prompter_fct prompter;
1386     void *prompter_data;
1387 };
1388 
1389 static int
1390 hx_pass_prompter(void *data, const hx509_prompt *prompter)
1391 {
1392     krb5_error_code ret;
1393     krb5_prompt prompt;
1394     krb5_data password_data;
1395     struct prompter *p = data;
1396 
1397     password_data.data   = prompter->reply.data;
1398     password_data.length = prompter->reply.length;
1399 
1400     prompt.prompt = prompter->prompt;
1401     prompt.hidden = hx509_prompt_hidden(prompter->type);
1402     prompt.reply  = &password_data;
1403 
1404     switch (prompter->type) {
1405     case HX509_PROMPT_TYPE_INFO:
1406 	prompt.type   = KRB5_PROMPT_TYPE_INFO;
1407 	break;
1408     case HX509_PROMPT_TYPE_PASSWORD:
1409     case HX509_PROMPT_TYPE_QUESTION:
1410     default:
1411 	prompt.type   = KRB5_PROMPT_TYPE_PASSWORD;
1412 	break;
1413     }
1414 
1415     ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
1416     if (ret) {
1417 	memset (prompter->reply.data, 0, prompter->reply.length);
1418 	return 1;
1419     }
1420     return 0;
1421 }
1422 
1423 
1424 void KRB5_LIB_FUNCTION
1425 _krb5_pk_allow_proxy_certificate(struct krb5_pk_identity *id,
1426 				 int boolean)
1427 {
1428     hx509_verify_set_proxy_certificate(id->verify_ctx, boolean);
1429 }
1430 
1431 
1432 krb5_error_code KRB5_LIB_FUNCTION
1433 _krb5_pk_load_id(krb5_context context,
1434 		 struct krb5_pk_identity **ret_id,
1435 		 const char *user_id,
1436 		 const char *anchor_id,
1437 		 char * const *chain_list,
1438 		 char * const *revoke_list,
1439 		 krb5_prompter_fct prompter,
1440 		 void *prompter_data,
1441 		 char *password)
1442 {
1443     struct krb5_pk_identity *id = NULL;
1444     hx509_lock lock = NULL;
1445     struct prompter p;
1446     int ret;
1447 
1448     *ret_id = NULL;
1449 
1450     if (anchor_id == NULL) {
1451 	krb5_set_error_string(context, "PKINIT: No anchor given");
1452 	return HEIM_PKINIT_NO_VALID_CA;
1453     }
1454 
1455     if (user_id == NULL) {
1456 	krb5_set_error_string(context,
1457 			      "PKINIT: No user certificate given");
1458 	return HEIM_PKINIT_NO_PRIVATE_KEY;
1459     }
1460 
1461     /* load cert */
1462 
1463     id = calloc(1, sizeof(*id));
1464     if (id == NULL) {
1465 	krb5_set_error_string(context, "malloc: out of memory");
1466 	return ENOMEM;
1467     }
1468 
1469     ret = hx509_context_init(&id->hx509ctx);
1470     if (ret)
1471 	goto out;
1472 
1473     ret = hx509_lock_init(id->hx509ctx, &lock);
1474     if (password && password[0])
1475 	hx509_lock_add_password(lock, password);
1476 
1477     if (prompter) {
1478 	p.context = context;
1479 	p.prompter = prompter;
1480 	p.prompter_data = prompter_data;
1481 
1482 	ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
1483 	if (ret)
1484 	    goto out;
1485     }
1486 
1487     ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs);
1488     if (ret) {
1489 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
1490 			    "Failed to init cert certs");
1491 	goto out;
1492     }
1493 
1494     ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
1495     if (ret) {
1496 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
1497 			    "Failed to init anchors");
1498 	goto out;
1499     }
1500 
1501     ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain",
1502 			   0, NULL, &id->certpool);
1503     if (ret) {
1504 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
1505 			    "Failed to init chain");
1506 	goto out;
1507     }
1508 
1509     while (chain_list && *chain_list) {
1510 	ret = hx509_certs_append(id->hx509ctx, id->certpool,
1511 				 NULL, *chain_list);
1512 	if (ret) {
1513 	    _krb5_pk_copy_error(context, id->hx509ctx, ret,
1514 				"Failed to laod chain %s",
1515 				*chain_list);
1516 	    goto out;
1517 	}
1518 	chain_list++;
1519     }
1520 
1521     if (revoke_list) {
1522 	ret = hx509_revoke_init(id->hx509ctx, &id->revokectx);
1523 	if (ret) {
1524 	    _krb5_pk_copy_error(context, id->hx509ctx, ret,
1525 				"Failed init revoke list");
1526 	    goto out;
1527 	}
1528 
1529 	while (*revoke_list) {
1530 	    ret = hx509_revoke_add_crl(id->hx509ctx,
1531 				       id->revokectx,
1532 				       *revoke_list);
1533 	    if (ret) {
1534 		_krb5_pk_copy_error(context, id->hx509ctx, ret,
1535 				    "Failed load revoke list");
1536 		goto out;
1537 	    }
1538 	    revoke_list++;
1539 	}
1540     } else
1541 	hx509_context_set_missing_revoke(id->hx509ctx, 1);
1542 
1543     ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
1544     if (ret) {
1545 	_krb5_pk_copy_error(context, id->hx509ctx, ret,
1546 			    "Failed init verify context");
1547 	goto out;
1548     }
1549 
1550     hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
1551     hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
1552 
1553 out:
1554     if (ret) {
1555 	hx509_verify_destroy_ctx(id->verify_ctx);
1556 	hx509_certs_free(&id->certs);
1557 	hx509_certs_free(&id->anchors);
1558 	hx509_certs_free(&id->certpool);
1559 	hx509_revoke_free(&id->revokectx);
1560 	hx509_context_free(&id->hx509ctx);
1561 	free(id);
1562     } else
1563 	*ret_id = id;
1564 
1565     hx509_lock_free(lock);
1566 
1567     return ret;
1568 }
1569 
1570 static krb5_error_code
1571 select_dh_group(krb5_context context, DH *dh, unsigned long bits,
1572 		struct krb5_dh_moduli **moduli)
1573 {
1574     const struct krb5_dh_moduli *m;
1575 
1576     if (bits == 0) {
1577 	m = moduli[1]; /* XXX */
1578 	if (m == NULL)
1579 	    m = moduli[0]; /* XXX */
1580     } else {
1581 	int i;
1582 	for (i = 0; moduli[i] != NULL; i++) {
1583 	    if (bits < moduli[i]->bits)
1584 		break;
1585 	}
1586 	if (moduli[i] == NULL) {
1587 	    krb5_set_error_string(context,
1588 				  "Did not find a DH group parameter "
1589 				  "matching requirement of %lu bits",
1590 				  bits);
1591 	    return EINVAL;
1592 	}
1593 	m = moduli[i];
1594     }
1595 
1596     dh->p = integer_to_BN(context, "p", &m->p);
1597     if (dh->p == NULL)
1598 	return ENOMEM;
1599     dh->g = integer_to_BN(context, "g", &m->g);
1600     if (dh->g == NULL)
1601 	return ENOMEM;
1602     dh->q = integer_to_BN(context, "q", &m->q);
1603     if (dh->q == NULL)
1604 	return ENOMEM;
1605 
1606     return 0;
1607 }
1608 
1609 #endif /* PKINIT */
1610 
1611 static int
1612 parse_integer(krb5_context context, char **p, const char *file, int lineno,
1613 	      const char *name, heim_integer *integer)
1614 {
1615     int ret;
1616     char *p1;
1617     p1 = strsep(p, " \t");
1618     if (p1 == NULL) {
1619 	krb5_set_error_string(context, "moduli file %s missing %s on line %d",
1620 			      file, name, lineno);
1621 	return EINVAL;
1622     }
1623     ret = der_parse_hex_heim_integer(p1, integer);
1624     if (ret) {
1625 	krb5_set_error_string(context, "moduli file %s failed parsing %s "
1626 			      "on line %d",
1627 			      file, name, lineno);
1628 	return ret;
1629     }
1630 
1631     return 0;
1632 }
1633 
1634 krb5_error_code
1635 _krb5_parse_moduli_line(krb5_context context,
1636 			const char *file,
1637 			int lineno,
1638 			char *p,
1639 			struct krb5_dh_moduli **m)
1640 {
1641     struct krb5_dh_moduli *m1;
1642     char *p1;
1643     int ret;
1644 
1645     *m = NULL;
1646 
1647     m1 = calloc(1, sizeof(*m1));
1648     if (m1 == NULL) {
1649 	krb5_set_error_string(context, "malloc - out of memory");
1650 	return ENOMEM;
1651     }
1652 
1653     while (isspace((unsigned char)*p))
1654 	p++;
1655     if (*p  == '#')
1656 	return 0;
1657     ret = EINVAL;
1658 
1659     p1 = strsep(&p, " \t");
1660     if (p1 == NULL) {
1661 	krb5_set_error_string(context, "moduli file %s missing name "
1662 			      "on line %d", file, lineno);
1663 	goto out;
1664     }
1665     m1->name = strdup(p1);
1666     if (p1 == NULL) {
1667 	krb5_set_error_string(context, "malloc - out of memeory");
1668 	ret = ENOMEM;
1669 	goto out;
1670     }
1671 
1672     p1 = strsep(&p, " \t");
1673     if (p1 == NULL) {
1674 	krb5_set_error_string(context, "moduli file %s missing bits on line %d",
1675 			      file, lineno);
1676 	goto out;
1677     }
1678 
1679     m1->bits = atoi(p1);
1680     if (m1->bits == 0) {
1681 	krb5_set_error_string(context, "moduli file %s have un-parsable "
1682 			      "bits on line %d", file, lineno);
1683 	goto out;
1684     }
1685 
1686     ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
1687     if (ret)
1688 	goto out;
1689     ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
1690     if (ret)
1691 	goto out;
1692     ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
1693     if (ret)
1694 	goto out;
1695 
1696     *m = m1;
1697 
1698     return 0;
1699 out:
1700     free(m1->name);
1701     der_free_heim_integer(&m1->p);
1702     der_free_heim_integer(&m1->g);
1703     der_free_heim_integer(&m1->q);
1704     free(m1);
1705     return ret;
1706 }
1707 
1708 void
1709 _krb5_free_moduli(struct krb5_dh_moduli **moduli)
1710 {
1711     int i;
1712     for (i = 0; moduli[i] != NULL; i++) {
1713 	free(moduli[i]->name);
1714 	der_free_heim_integer(&moduli[i]->p);
1715 	der_free_heim_integer(&moduli[i]->g);
1716 	der_free_heim_integer(&moduli[i]->q);
1717 	free(moduli[i]);
1718     }
1719     free(moduli);
1720 }
1721 
1722 static const char *default_moduli_RFC2412_MODP_group2 =
1723     /* name */
1724     "RFC2412-MODP-group2 "
1725     /* bits */
1726     "1024 "
1727     /* p */
1728     "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
1729     "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
1730     "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
1731     "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
1732     "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
1733     "FFFFFFFF" "FFFFFFFF "
1734     /* g */
1735     "02 "
1736     /* q */
1737     "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
1738     "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
1739     "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
1740     "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
1741     "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
1742     "FFFFFFFF" "FFFFFFFF";
1743 
1744 static const char *default_moduli_rfc3526_MODP_group14 =
1745     /* name */
1746     "rfc3526-MODP-group14 "
1747     /* bits */
1748     "1760 "
1749     /* p */
1750     "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
1751     "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
1752     "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
1753     "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
1754     "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
1755     "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
1756     "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
1757     "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
1758     "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
1759     "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
1760     "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
1761     /* g */
1762     "02 "
1763     /* q */
1764     "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
1765     "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
1766     "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
1767     "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
1768     "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
1769     "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
1770     "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
1771     "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
1772     "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
1773     "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
1774     "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
1775 
1776 krb5_error_code
1777 _krb5_parse_moduli(krb5_context context, const char *file,
1778 		   struct krb5_dh_moduli ***moduli)
1779 {
1780     /* name bits P G Q */
1781     krb5_error_code ret;
1782     struct krb5_dh_moduli **m = NULL, **m2;
1783     char buf[4096];
1784     FILE *f;
1785     int lineno = 0, n = 0;
1786 
1787     *moduli = NULL;
1788 
1789     m = calloc(1, sizeof(m[0]) * 3);
1790     if (m == NULL) {
1791 	krb5_set_error_string(context, "malloc: out of memory");
1792 	return ENOMEM;
1793     }
1794 
1795     strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
1796     ret = _krb5_parse_moduli_line(context, "builtin", 1, buf,  &m[0]);
1797     if (ret) {
1798 	_krb5_free_moduli(m);
1799 	return ret;
1800     }
1801     n++;
1802 
1803     strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
1804     ret = _krb5_parse_moduli_line(context, "builtin", 1, buf,  &m[1]);
1805     if (ret) {
1806 	_krb5_free_moduli(m);
1807 	return ret;
1808     }
1809     n++;
1810 
1811 
1812     if (file == NULL)
1813 	file = MODULI_FILE;
1814 
1815     f = fopen(file, "r");
1816     if (f == NULL) {
1817 	*moduli = m;
1818 	return 0;
1819     }
1820 
1821     while(fgets(buf, sizeof(buf), f) != NULL) {
1822 	struct krb5_dh_moduli *element;
1823 
1824 	buf[strcspn(buf, "\n")] = '\0';
1825 	lineno++;
1826 
1827 	m2 = realloc(m, (n + 2) * sizeof(m[0]));
1828 	if (m2 == NULL) {
1829 	    krb5_set_error_string(context, "malloc: out of memory");
1830 	    _krb5_free_moduli(m);
1831 	    return ENOMEM;
1832 	}
1833 	m = m2;
1834 
1835 	m[n] = NULL;
1836 
1837 	ret = _krb5_parse_moduli_line(context, file, lineno, buf,  &element);
1838 	if (ret) {
1839 	    _krb5_free_moduli(m);
1840 	    return ret;
1841 	}
1842 	if (element == NULL)
1843 	    continue;
1844 
1845 	m[n] = element;
1846 	m[n + 1] = NULL;
1847 	n++;
1848     }
1849     *moduli = m;
1850     return 0;
1851 }
1852 
1853 krb5_error_code
1854 _krb5_dh_group_ok(krb5_context context, unsigned long bits,
1855 		  heim_integer *p, heim_integer *g, heim_integer *q,
1856 		  struct krb5_dh_moduli **moduli,
1857 		  char **name)
1858 {
1859     int i;
1860 
1861     if (name)
1862 	*name = NULL;
1863 
1864     for (i = 0; moduli[i] != NULL; i++) {
1865 	if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
1866 	    der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
1867 	    (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0))
1868 	{
1869 	    if (bits && bits > moduli[i]->bits) {
1870 		krb5_set_error_string(context, "PKINIT: DH group parameter %s "
1871 				      "no accepted, not enough bits generated",
1872 				      moduli[i]->name);
1873 		return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
1874 	    }
1875 	    if (name)
1876 		*name = strdup(moduli[i]->name);
1877 	    return 0;
1878 	}
1879     }
1880     krb5_set_error_string(context, "PKINIT: DH group parameter no ok");
1881     return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
1882 }
1883 
1884 void KRB5_LIB_FUNCTION
1885 _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
1886 {
1887 #ifdef PKINIT
1888     krb5_pk_init_ctx ctx;
1889 
1890     if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL)
1891 	return;
1892     ctx = opt->opt_private->pk_init_ctx;
1893     if (ctx->dh)
1894 	DH_free(ctx->dh);
1895 	ctx->dh = NULL;
1896     if (ctx->id) {
1897 	hx509_verify_destroy_ctx(ctx->id->verify_ctx);
1898 	hx509_certs_free(&ctx->id->certs);
1899 	hx509_certs_free(&ctx->id->anchors);
1900 	hx509_certs_free(&ctx->id->certpool);
1901 	hx509_context_free(&ctx->id->hx509ctx);
1902 
1903 	if (ctx->clientDHNonce) {
1904 	    krb5_free_data(NULL, ctx->clientDHNonce);
1905 	    ctx->clientDHNonce = NULL;
1906 	}
1907 	if (ctx->m)
1908 	    _krb5_free_moduli(ctx->m);
1909 	free(ctx->id);
1910 	ctx->id = NULL;
1911     }
1912     free(opt->opt_private->pk_init_ctx);
1913     opt->opt_private->pk_init_ctx = NULL;
1914 #endif
1915 }
1916 
1917 krb5_error_code KRB5_LIB_FUNCTION
1918 krb5_get_init_creds_opt_set_pkinit(krb5_context context,
1919 				   krb5_get_init_creds_opt *opt,
1920 				   krb5_principal principal,
1921 				   const char *user_id,
1922 				   const char *x509_anchors,
1923 				   char * const * pool,
1924 				   char * const * pki_revoke,
1925 				   int flags,
1926 				   krb5_prompter_fct prompter,
1927 				   void *prompter_data,
1928 				   char *password)
1929 {
1930 #ifdef PKINIT
1931     krb5_error_code ret;
1932     char *anchors = NULL;
1933 
1934     if (opt->opt_private == NULL) {
1935 	krb5_set_error_string(context, "PKINIT: on non extendable opt");
1936 	return EINVAL;
1937     }
1938 
1939     opt->opt_private->pk_init_ctx =
1940 	calloc(1, sizeof(*opt->opt_private->pk_init_ctx));
1941     if (opt->opt_private->pk_init_ctx == NULL) {
1942 	krb5_set_error_string(context, "malloc: out of memory");
1943 	return ENOMEM;
1944     }
1945     opt->opt_private->pk_init_ctx->dh = NULL;
1946     opt->opt_private->pk_init_ctx->id = NULL;
1947     opt->opt_private->pk_init_ctx->clientDHNonce = NULL;
1948     opt->opt_private->pk_init_ctx->require_binding = 0;
1949     opt->opt_private->pk_init_ctx->require_eku = 1;
1950     opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1;
1951     opt->opt_private->pk_init_ctx->peer = NULL;
1952 
1953     /* XXX implement krb5_appdefault_strings  */
1954     if (pool == NULL)
1955 	pool = krb5_config_get_strings(context, NULL,
1956 				       "appdefaults",
1957 				       "pkinit_pool",
1958 				       NULL);
1959 
1960     if (pki_revoke == NULL)
1961 	pki_revoke = krb5_config_get_strings(context, NULL,
1962 					     "appdefaults",
1963 					     "pkinit_revoke",
1964 					     NULL);
1965 
1966     if (x509_anchors == NULL) {
1967 	krb5_appdefault_string(context, "kinit",
1968 			       krb5_principal_get_realm(context, principal),
1969 			       "pkinit_anchors", NULL, &anchors);
1970 	x509_anchors = anchors;
1971     }
1972 
1973     ret = _krb5_pk_load_id(context,
1974 			   &opt->opt_private->pk_init_ctx->id,
1975 			   user_id,
1976 			   x509_anchors,
1977 			   pool,
1978 			   pki_revoke,
1979 			   prompter,
1980 			   prompter_data,
1981 			   password);
1982     if (ret) {
1983 	free(opt->opt_private->pk_init_ctx);
1984 	opt->opt_private->pk_init_ctx = NULL;
1985 	return ret;
1986     }
1987 
1988     if ((flags & 2) == 0) {
1989 	const char *moduli_file;
1990 	unsigned long dh_min_bits;
1991 
1992 	moduli_file = krb5_config_get_string(context, NULL,
1993 					     "libdefaults",
1994 					     "moduli",
1995 					     NULL);
1996 
1997 	dh_min_bits =
1998 	    krb5_config_get_int_default(context, NULL, 0,
1999 					"libdefaults",
2000 					"pkinit_dh_min_bits",
2001 					NULL);
2002 
2003 	ret = _krb5_parse_moduli(context, moduli_file,
2004 				 &opt->opt_private->pk_init_ctx->m);
2005 	if (ret) {
2006 	    _krb5_get_init_creds_opt_free_pkinit(opt);
2007 	    return ret;
2008 	}
2009 
2010 	opt->opt_private->pk_init_ctx->dh = DH_new();
2011 	if (opt->opt_private->pk_init_ctx->dh == NULL) {
2012 	    krb5_set_error_string(context, "malloc: out of memory");
2013 	    _krb5_get_init_creds_opt_free_pkinit(opt);
2014 	    return ENOMEM;
2015 	}
2016 
2017 	ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh,
2018 			      dh_min_bits,
2019 			      opt->opt_private->pk_init_ctx->m);
2020 	if (ret) {
2021 	    _krb5_get_init_creds_opt_free_pkinit(opt);
2022 	    return ret;
2023 	}
2024 
2025 	if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) {
2026 	    krb5_set_error_string(context, "pkinit: failed to generate DH key");
2027 	    _krb5_get_init_creds_opt_free_pkinit(opt);
2028 	    return ENOMEM;
2029 	}
2030     }
2031 
2032     return 0;
2033 #else
2034     krb5_set_error_string(context, "no support for PKINIT compiled in");
2035     return EINVAL;
2036 #endif
2037 }
2038 
2039 /*
2040  *
2041  */
2042 
2043 static void
2044 _krb5_pk_copy_error(krb5_context context,
2045 		    hx509_context hx509ctx,
2046 		    int hxret,
2047 		    const char *fmt,
2048 		    ...)
2049 {
2050     va_list va;
2051     char *s, *f;
2052 
2053     va_start(va, fmt);
2054     vasprintf(&f, fmt, va);
2055     va_end(va);
2056     if (f == NULL) {
2057 	krb5_clear_error_string(context);
2058 	return;
2059     }
2060 
2061     s = hx509_get_error_string(hx509ctx, hxret);
2062     if (s == NULL) {
2063 	krb5_clear_error_string(context);
2064 	free(f);
2065 	return;
2066     }
2067     krb5_set_error_string(context, "%s: %s", f, s);
2068     free(s);
2069     free(f);
2070 }
2071