lib/gssapi/krb5/aeap.c

   1 /*
   2  * Copyright (c) 2008  Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "gsskrb5_locl.h"
  35
  36 #include <roken.h>
  37
  38 #if 0
  39 static OM_uint32
  40 iov_allocate(OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count)
  41 {
  42     unsigned int i;
  43
  44     for (i = 0; i < iov_count; i++) {
  45         if (GSS_IOV_BUFFER_FLAGS(iov[i].type) & GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE){
  46             void *ptr = malloc(iov[i].buffer.length);
  47             if (ptr == NULL)
  48                 abort();
  49             if (iov[i].buffer.value)
  50                 memcpy(ptr, iov[i].buffer.value, iov[i].buffer.length);
  51             iov[i].buffer.value = ptr;
  52             iov[i].type |= GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED;
  53         }
  54     }
  55     return GSS_S_COMPLETE;
  56 }
  57
  58 static OM_uint32
  59 iov_map(OM_uint32 *minor_status,
  60         const gss_iov_buffer_desc *iov,
  61         int iov_count,
  62         krb5_crypto_iov *data)
  63 {
  64     unsigned int i;
  65
  66     for (i = 0; i < iov_count; i++) {
  67         switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) {
  68         case GSS_IOV_BUFFER_TYPE_EMPTY:
  69             data[i].flags = KRB5_CRYPTO_TYPE_EMPTY;
  70             break;
  71         case GSS_IOV_BUFFER_TYPE_DATA:
  72             data[i].flags = KRB5_CRYPTO_TYPE_DATA;
  73             break;
  74         case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
  75             data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
  76             break;
  77         case GSS_IOV_BUFFER_TYPE_HEADER:
  78             data[i].flags = KRB5_CRYPTO_TYPE_HEADER;
  79             break;
  80         case GSS_IOV_BUFFER_TYPE_TRAILER:
  81             data[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
  82             break;
  83         case GSS_IOV_BUFFER_TYPE_PADDING:
  84             data[i].flags = KRB5_CRYPTO_TYPE_PADDING;
  85             break;
  86         case GSS_IOV_BUFFER_TYPE_STREAM:
  87             abort();
  88             break;
  89         default:
  90             *minor_status = EINVAL;
  91             return GSS_S_FAILURE;
  92         }
  93         data[i].data.data = iov[i].buffer.value;
  94         data[i].data.length = iov[i].buffer.length;
  95     }
  96     return GSS_S_COMPLETE;
  97 }
  98 #endif
  99
 100 OM_uint32 GSSAPI_LIB_FUNCTION
 101 _gk_wrap_iov(OM_uint32 * minor_status,
 102              gss_ctx_id_t  context_handle,
 103              int conf_req_flag,
 104              gss_qop_t qop_req,
 105              int * conf_state,
 106              gss_iov_buffer_desc *iov,
 107              int iov_count)
 108 {
 109 #if 1
 110     return GSS_S_FAILURE;
 111 #else
 112     gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
 113     krb5_context context;
 114     OM_uint32 major_status, junk;
 115     krb5_crypto_iov *data;
 116     krb5_error_code ret;
 117     unsigned usage;
 118
 119     GSSAPI_KRB5_INIT (&context);
 120
 121     major_status = iov_allocate(minor_status, iov, iov_count);
 122     if (major_status != GSS_S_COMPLETE)
 123         return major_status;
 124
 125     data = calloc(iov_count, sizeof(data[0]));
 126     if (data == NULL) {
 127         gss_release_iov_buffer(&junk, iov, iov_count);
 128         *minor_status = ENOMEM;
 129         return GSS_S_FAILURE;
 130     }
 131
 132     major_status = iov_map(minor_status, iov, iov_count, data);
 133     if (major_status != GSS_S_COMPLETE) {
 134         gss_release_iov_buffer(&junk, iov, iov_count);
 135         free(data);
 136         return major_status;
 137     }
 138
 139     if (ctx->more_flags & LOCAL) {
 140         usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
 141     } else {
 142         usage = KRB5_KU_USAGE_INITIATOR_SIGN;
 143     }
 144
 145     ret = krb5_encrypt_iov_ivec(context, ctx->crypto, usage,
 146                                 data, iov_count, NULL);
 147     free(data);
 148     if (ret) {
 149         gss_release_iov_buffer(&junk, iov, iov_count);
 150         *minor_status = ret;
 151         return GSS_S_FAILURE;
 152     }
 153
 154     *minor_status = 0;
 155     return GSS_S_COMPLETE;
 156 #endif
 157 }
 158
 159 OM_uint32 GSSAPI_LIB_FUNCTION
 160 _gk_unwrap_iov(OM_uint32 *minor_status,
 161                gss_ctx_id_t context_handle,
 162                int *conf_state,
 163                gss_qop_t *qop_state,
 164                gss_iov_buffer_desc *iov,
 165                int iov_count)
 166 {
 167 #if 1
 168     return GSS_S_FAILURE;
 169 #else
 170     gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
 171     krb5_context context;
 172     krb5_error_code ret;
 173     OM_uint32 major_status, junk;
 174     krb5_crypto_iov *data;
 175     unsigned usage;
 176
 177     GSSAPI_KRB5_INIT (&context);
 178
 179     major_status = iov_allocate(minor_status, iov, iov_count);
 180     if (major_status != GSS_S_COMPLETE)
 181         return major_status;
 182
 183     data = calloc(iov_count, sizeof(data[0]));
 184     if (data == NULL) {
 185         gss_release_iov_buffer(&junk, iov, iov_count);
 186         *minor_status = ENOMEM;
 187         return GSS_S_FAILURE;
 188     }
 189
 190     major_status = iov_map(minor_status, iov, iov_count, data);
 191     if (major_status != GSS_S_COMPLETE) {
 192         gss_release_iov_buffer(&junk, iov, iov_count);
 193         free(data);
 194         return major_status;
 195     }
 196
 197     if (ctx->more_flags & LOCAL) {
 198         usage = KRB5_KU_USAGE_INITIATOR_SIGN;
 199     } else {
 200         usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
 201     }
 202
 203     ret = krb5_decrypt_iov_ivec(context, ctx->crypto, usage,
 204                                 data, iov_count, NULL);
 205     free(data);
 206     if (ret) {
 207         *minor_status = ret;
 208         gss_release_iov_buffer(&junk, iov, iov_count);
 209         return GSS_S_FAILURE;
 210     }
 211
 212     *minor_status = 0;
 213     return GSS_S_COMPLETE;
 214 #endif
 215 }
 216
 217 OM_uint32  GSSAPI_LIB_FUNCTION
 218 _gk_wrap_iov_length(OM_uint32 * minor_status,
 219                     gss_ctx_id_t context_handle,
 220                     int conf_req_flag,
 221                     gss_qop_t qop_req,
 222                     int *conf_state,
 223                     gss_iov_buffer_desc *iov,
 224                     int iov_count)
 225 {
 226 #if 1
 227     return GSS_S_FAILURE;
 228 #else
 229     gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
 230     krb5_context context;
 231     unsigned int i;
 232     size_t size;
 233     size_t *padding = NULL;
 234
 235     GSSAPI_KRB5_INIT (&context);
 236     *minor_status = 0;
 237
 238     for (size = 0, i = 0; i < iov_count; i++) {
 239         switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) {
 240         case GSS_IOV_BUFFER_TYPE_EMPTY:
 241             break;
 242         case GSS_IOV_BUFFER_TYPE_DATA:
 243             size += iov[i].buffer.length;
 244             break;
 245         case GSS_IOV_BUFFER_TYPE_HEADER:
 246             iov[i].buffer.length =
 247               krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER);
 248             size += iov[i].buffer.length;
 249             break;
 250         case GSS_IOV_BUFFER_TYPE_TRAILER:
 251             iov[i].buffer.length =
 252               krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER);
 253             size += iov[i].buffer.length;
 254             break;
 255         case GSS_IOV_BUFFER_TYPE_PADDING:
 256             if (padding != NULL) {
 257                 *minor_status = 0;
 258                 return GSS_S_FAILURE;
 259             }
 260             padding = &iov[i].buffer.length;
 261             break;
 262         case GSS_IOV_BUFFER_TYPE_STREAM:
 263             size += iov[i].buffer.length;
 264             break;
 265         case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
 266             break;
 267         default:
 268             *minor_status = EINVAL;
 269             return GSS_S_FAILURE;
 270         }
 271     }
 272     if (padding) {
 273         size_t pad = krb5_crypto_length(context, ctx->crypto,
 274                                         KRB5_CRYPTO_TYPE_PADDING);
 275         if (pad > 1) {
 276             *padding = pad - (size % pad);
 277             if (*padding == pad)
 278                 *padding = 0;
 279         } else
 280             *padding = 0;
 281     }
 282
 283     return GSS_S_COMPLETE;
 284 #endif
 285 }