search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use OID variable instead of function.
[heimdal.git] / kdc / pkinit.c
bloba26dfe4ba8da8f78f2838500fff6beed630df30d
1 /*
2 * Copyright (c) 2003 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 RCSID("$Id$");
37
38 #ifdef PKINIT
39
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
42 #include <cms_asn1.h>
43 #include <pkinit_asn1.h>
44
45 #include <hx509.h>
46 #include "crypto-headers.h"
47
48 struct pk_client_params {
49 enum krb5_pk_type type;
50 enum { USE_RSA, USE_DH, USE_ECDH } keyex;
51 union {
52 struct {
53 BIGNUM *public_key;
54 DH *key;
55 } dh;
56 #ifdef HAVE_OPENSSL
57 struct {
58 EC_KEY *public_key;
59 EC_KEY *key;
60 } ecdh;
61 #endif
62 } u;
63 hx509_cert cert;
64 unsigned nonce;
65 EncryptionKey reply_key;
66 char *dh_group_name;
67 hx509_peer_info peer;
68 hx509_certs client_anchors;
69 hx509_verify_ctx verify_ctx;
70 };
71
72 struct pk_principal_mapping {
73 unsigned int len;
74 struct pk_allowed_princ {
75 krb5_principal principal;
76 char *subject;
77 } *val;
78 };
79
80 static struct krb5_pk_identity *kdc_identity;
81 static struct pk_principal_mapping principal_mappings;
82 static struct krb5_dh_moduli **moduli;
83
84 static struct {
85 krb5_data data;
86 time_t expire;
87 time_t next_update;
88 } ocsp;
89
90 /*
91 *
92 */
93
94 static krb5_error_code
95 pk_check_pkauthenticator_win2k(krb5_context context,
96 PKAuthenticator_Win2k *a,
97 const KDC_REQ *req)
98 {
99 krb5_timestamp now;
100
101 krb5_timeofday (context, &now);
102
103 /* XXX cusec */
104 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
105 krb5_clear_error_message(context);
106 return KRB5KRB_AP_ERR_SKEW;
107 }
108 return 0;
109 }
110
111 static krb5_error_code
112 pk_check_pkauthenticator(krb5_context context,
113 PKAuthenticator *a,
114 const KDC_REQ *req)
115 {
116 u_char *buf = NULL;
117 size_t buf_size;
118 krb5_error_code ret;
119 size_t len;
120 krb5_timestamp now;
121 Checksum checksum;
122
123 krb5_timeofday (context, &now);
124
125 /* XXX cusec */
126 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
127 krb5_clear_error_message(context);
128 return KRB5KRB_AP_ERR_SKEW;
129 }
130
131 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
132 if (ret) {
133 krb5_clear_error_message(context);
134 return ret;
135 }
136 if (buf_size != len)
137 krb5_abortx(context, "Internal error in ASN.1 encoder");
138
139 ret = krb5_create_checksum(context,
140 NULL,
141 0,
142 CKSUMTYPE_SHA1,
143 buf,
144 len,
145 &checksum);
146 free(buf);
147 if (ret) {
148 krb5_clear_error_message(context);
149 return ret;
150 }
151
152 if (a->paChecksum == NULL) {
153 krb5_clear_error_message(context);
154 ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
155 goto out;
156 }
157
158 if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
159 krb5_clear_error_message(context);
160 ret = KRB5KRB_ERR_GENERIC;
161 }
162
163 out:
164 free_Checksum(&checksum);
165
166 return ret;
167 }
168
169 void
170 _kdc_pk_free_client_param(krb5_context context, pk_client_params *cp)
171 {
172 if (cp == NULL)
173 return;
174 if (cp->cert)
175 hx509_cert_free(cp->cert);
176 if (cp->verify_ctx)
177 hx509_verify_destroy_ctx(cp->verify_ctx);
178 if (cp->keyex == USE_DH) {
179 if (cp->u.dh.key)
180 DH_free(cp->u.dh.key);
181 if (cp->u.dh.public_key)
182 BN_free(cp->u.dh.public_key);
183 }
184 #ifdef HAVE_OPENSSL
185 if (cp->keyex == USE_ECDH) {
186 if (cp->u.ecdh.key)
187 EC_KEY_free(cp->u.ecdh.key);
188 if (cp->u.ecdh.public_key)
189 EC_KEY_free(cp->u.ecdh.public_key);
190 }
191 #endif
192 krb5_free_keyblock_contents(context, &cp->reply_key);
193 if (cp->dh_group_name)
194 free(cp->dh_group_name);
195 if (cp->peer)
196 hx509_peer_info_free(cp->peer);
197 if (cp->client_anchors)
198 hx509_certs_free(&cp->client_anchors);
199 memset(cp, 0, sizeof(*cp));
200 free(cp);
201 }
202
203 static krb5_error_code
204 generate_dh_keyblock(krb5_context context,
205 pk_client_params *client_params,
206 krb5_enctype enctype)
207 {
208 unsigned char *dh_gen_key = NULL;
209 krb5_keyblock key;
210 krb5_error_code ret;
211 size_t dh_gen_keylen, size;
212
213 memset(&key, 0, sizeof(key));
214
215 if (client_params->keyex == USE_DH) {
216
217 if (client_params->u.dh.public_key == NULL) {
218 ret = KRB5KRB_ERR_GENERIC;
219 krb5_set_error_message(context, ret, "public_key");
220 goto out;
221 }
222
223 if (!DH_generate_key(client_params->u.dh.key)) {
224 ret = KRB5KRB_ERR_GENERIC;
225 krb5_set_error_message(context, ret,
226 "Can't generate Diffie-Hellman keys");
227 goto out;
228 }
229
230 dh_gen_keylen = DH_size(client_params->u.dh.key);
231 size = BN_num_bytes(client_params->u.dh.key->p);
232 if (size < dh_gen_keylen)
233 size = dh_gen_keylen;
234
235 dh_gen_key = malloc(size);
236 if (dh_gen_key == NULL) {
237 ret = ENOMEM;
238 krb5_set_error_message(context, ret, "malloc: out of memory");
239 goto out;
240 }
241 memset(dh_gen_key, 0, size - dh_gen_keylen);
242
243 dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
244 client_params->u.dh.public_key,
245 client_params->u.dh.key);
246 if (dh_gen_keylen == -1) {
247 ret = KRB5KRB_ERR_GENERIC;
248 krb5_set_error_message(context, ret,
249 "Can't compute Diffie-Hellman key");
250 goto out;
251 }
252 ret = 0;
253 #ifdef HAVE_OPENSSL
254 } else if (client_params->keyex == USE_ECDH) {
255
256 if (client_params->u.ecdh.public_key == NULL) {
257 ret = KRB5KRB_ERR_GENERIC;
258 krb5_set_error_message(context, ret, "public_key");
259 goto out;
260 }
261
262 client_params->u.ecdh.key = EC_KEY_new();
263 if (client_params->u.ecdh.key == NULL) {
264 ret = ENOMEM;
265 goto out;
266 }
267 EC_KEY_set_group(client_params->u.ecdh.key,
268 EC_KEY_get0_group(client_params->u.ecdh.public_key));
269
270 if (EC_KEY_generate_key(client_params->u.ecdh.key) != 1) {
271 ret = ENOMEM;
272 goto out;
273 }
274
275 size = (EC_GROUP_get_degree(EC_KEY_get0_group(client_params->u.ecdh.key)) + 7) / 8;
276 dh_gen_key = malloc(size);
277 if (dh_gen_key == NULL) {
278 ret = ENOMEM;
279 krb5_set_error_message(context, ret,
280 N_("malloc: out of memory", ""));
281 goto out;
282 }
283
284 dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
285 EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
286 client_params->u.ecdh.key, NULL);
287 ret = 0;
288 #endif /* HAVE_OPENSSL */
289 } else {
290 ret = KRB5KRB_ERR_GENERIC;
291 krb5_set_error_message(context, ret,
292 "Diffie-Hellman not selected keys");
293 goto out;
294 }
295
296 ret = _krb5_pk_octetstring2key(context,
297 enctype,
298 dh_gen_key, dh_gen_keylen,
299 NULL, NULL,
300 &client_params->reply_key);
301
302 out:
303 if (dh_gen_key)
304 free(dh_gen_key);
305 if (key.keyvalue.data)
306 krb5_free_keyblock_contents(context, &key);
307
308 return ret;
309 }
310
311 static BIGNUM *
312 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
313 {
314 BIGNUM *bn;
315
316 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
317 if (bn == NULL) {
318 krb5_set_error_message(context, KRB5_BADMSGTYPE,
319 "PKINIT: parsing BN failed %s", field);
320 return NULL;
321 }
322 BN_set_negative(bn, f->negative);
323 return bn;
324 }
325
326 static krb5_error_code
327 get_dh_param(krb5_context context,
328 krb5_kdc_configuration *config,
329 SubjectPublicKeyInfo *dh_key_info,
330 pk_client_params *client_params)
331 {
332 DomainParameters dhparam;
333 DH *dh = NULL;
334 krb5_error_code ret;
335
336 memset(&dhparam, 0, sizeof(dhparam));
337
338 if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
339 ret = KRB5_BADMSGTYPE;
340 krb5_set_error_message(context, ret,
341 "PKINIT: subjectPublicKey not aligned "
342 "to 8 bit boundary");
343 goto out;
344 }
345
346 if (dh_key_info->algorithm.parameters == NULL) {
347 krb5_set_error_message(context, KRB5_BADMSGTYPE,
348 "PKINIT missing algorithm parameter "
349 "in clientPublicValue");
350 return KRB5_BADMSGTYPE;
351 }
352
353 ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
354 dh_key_info->algorithm.parameters->length,
355 &dhparam,
356 NULL);
357 if (ret) {
358 krb5_set_error_message(context, ret, "Can't decode algorithm "
359 "parameters in clientPublicValue");
360 goto out;
361 }
362
363 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
364 &dhparam.p, &dhparam.g, &dhparam.q, moduli,
365 &client_params->dh_group_name);
366 if (ret) {
367 /* XXX send back proposal of better group */
368 goto out;
369 }
370
371 dh = DH_new();
372 if (dh == NULL) {
373 ret = ENOMEM;
374 krb5_set_error_message(context, ret, "Cannot create DH structure");
375 goto out;
376 }
377 ret = KRB5_BADMSGTYPE;
378 dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
379 if (dh->p == NULL)
380 goto out;
381 dh->g = integer_to_BN(context, "DH base", &dhparam.g);
382 if (dh->g == NULL)
383 goto out;
384 dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
385 if (dh->g == NULL)
386 goto out;
387
388 {
389 heim_integer glue;
390 size_t size;
391
392 ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
393 dh_key_info->subjectPublicKey.length / 8,
394 &glue,
395 &size);
396 if (ret) {
397 krb5_clear_error_message(context);
398 return ret;
399 }
400
401 client_params->u.dh.public_key = integer_to_BN(context,
402 "subjectPublicKey",
403 &glue);
404 der_free_heim_integer(&glue);
405 if (client_params->u.dh.public_key == NULL) {
406 ret = KRB5_BADMSGTYPE;
407 goto out;
408 }
409 }
410
411 client_params->u.dh.key = dh;
412 dh = NULL;
413 ret = 0;
414
415 out:
416 if (dh)
417 DH_free(dh);
418 free_DomainParameters(&dhparam);
419 return ret;
420 }
421
422 static krb5_error_code
423 get_ecdh_param(krb5_context context,
424 krb5_kdc_configuration *config,
425 SubjectPublicKeyInfo *dh_key_info,
426 pk_client_params *client_params)
427 {
428 ECParameters ecp;
429 EC_KEY *public = NULL;
430 krb5_error_code ret;
431 const unsigned char *p;
432 size_t len;
433 int nid;
434
435 if (dh_key_info->algorithm.parameters == NULL) {
436 krb5_set_error_message(context, KRB5_BADMSGTYPE,
437 "PKINIT missing algorithm parameter "
438 "in clientPublicValue");
439 return KRB5_BADMSGTYPE;
440 }
441
442 memset(&ecp, 0, sizeof(ecp));
443
444 ret = decode_ECParameters(dh_key_info->algorithm.parameters->data,
445 dh_key_info->algorithm.parameters->length, &ecp, &len);
446 if (ret)
447 goto out;
448
449 if (ecp.element != choice_ECParameters_namedCurve) {
450 ret = KRB5_BADMSGTYPE;
451 goto out;
452 }
453
454 if (der_heim_oid_cmp(&ecp.u.namedCurve, &asn1_oid_id_ec_group_secp256r1) == 0)
455 nid = NID_X9_62_prime256v1;
456 else {
457 ret = KRB5_BADMSGTYPE;
458 goto out;
459 }
460
461 /* XXX verify group is ok */
462
463 public = EC_KEY_new_by_curve_name(nid);
464
465 p = dh_key_info->subjectPublicKey.data;
466 len = dh_key_info->subjectPublicKey.length / 8;
467 if (o2i_ECPublicKey(&public, &p, len) == NULL) {
468 ret = KRB5_BADMSGTYPE;
469 krb5_set_error_message(context, ret,
470 "PKINIT failed to decode ECDH key");
471 goto out;
472 }
473 client_params->u.ecdh.public_key = public;
474 public = NULL;
475
476 out:
477 if (public)
478 EC_KEY_free(public);
479 free_ECParameters(&ecp);
480 return ret;
481 }
482
483 krb5_error_code
484 _kdc_pk_rd_padata(krb5_context context,
485 krb5_kdc_configuration *config,
486 const KDC_REQ *req,
487 const PA_DATA *pa,
488 hdb_entry_ex *client,
489 pk_client_params **ret_params)
490 {
491 pk_client_params *cp;
492 krb5_error_code ret;
493 heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
494 krb5_data eContent = { 0, NULL };
495 krb5_data signed_content = { 0, NULL };
496 const char *type = "unknown type";
497 hx509_certs trust_anchors;
498 int have_data = 0;
499 const HDB_Ext_PKINIT_cert *pc;
500
501 *ret_params = NULL;
502
503 if (!config->enable_pkinit) {
504 kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
505 krb5_clear_error_message(context);
506 return 0;
507 }
508
509 cp = calloc(1, sizeof(*cp));
510 if (cp == NULL) {
511 krb5_clear_error_message(context);
512 ret = ENOMEM;
513 goto out;
514 }
515
516 ret = hx509_certs_init(kdc_identity->hx509ctx,
517 "MEMORY:trust-anchors",
518 0, NULL, &trust_anchors);
519 if (ret) {
520 krb5_set_error_message(context, ret, "failed to create trust anchors");
521 goto out;
522 }
523
524 ret = hx509_certs_merge(kdc_identity->hx509ctx, trust_anchors,
525 kdc_identity->anchors);
526 if (ret) {
527 hx509_certs_free(&trust_anchors);
528 krb5_set_error_message(context, ret, "failed to create verify context");
529 goto out;
530 }
531
532 /* Add any registered certificates for this client as trust anchors */
533 ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
534 if (ret == 0 && pc != NULL) {
535 hx509_cert cert;
536 unsigned int i;
537
538 for (i = 0; i < pc->len; i++) {
539 ret = hx509_cert_init_data(kdc_identity->hx509ctx,
540 pc->val[i].cert.data,
541 pc->val[i].cert.length,
542 &cert);
543 if (ret)
544 continue;
545 hx509_certs_add(kdc_identity->hx509ctx, trust_anchors, cert);
546 hx509_cert_free(cert);
547 }
548 }
549
550 ret = hx509_verify_init_ctx(kdc_identity->hx509ctx, &cp->verify_ctx);
551 if (ret) {
552 hx509_certs_free(&trust_anchors);
553 krb5_set_error_message(context, ret, "failed to create verify context");
554 goto out;
555 }
556
557 hx509_verify_set_time(cp->verify_ctx, kdc_time);
558 hx509_verify_attach_anchors(cp->verify_ctx, trust_anchors);
559 hx509_certs_free(&trust_anchors);
560
561 if (config->pkinit_allow_proxy_certs)
562 hx509_verify_set_proxy_certificate(cp->verify_ctx, 1);
563
564 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
565 PA_PK_AS_REQ_Win2k r;
566
567 type = "PK-INIT-Win2k";
568
569 if (req->req_body.kdc_options.request_anonymous) {
570 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
571 krb5_set_error_message(context, ret,
572 "Anon not supported in RSA mode");
573 goto out;
574 }
575
576 ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
577 pa->padata_value.length,
578 &r,
579 NULL);
580 if (ret) {
581 krb5_set_error_message(context, ret, "Can't decode "
582 "PK-AS-REQ-Win2k: %d", ret);
583 goto out;
584 }
585
586 ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
587 &contentInfoOid,
588 &signed_content,
589 &have_data);
590 free_PA_PK_AS_REQ_Win2k(&r);
591 if (ret) {
592 krb5_set_error_message(context, ret,
593 "Can't unwrap ContentInfo(win): %d", ret);
594 goto out;
595 }
596
597 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
598 PA_PK_AS_REQ r;
599
600 type = "PK-INIT-IETF";
601
602 ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
603 pa->padata_value.length,
604 &r,
605 NULL);
606 if (ret) {
607 krb5_set_error_message(context, ret,
608 "Can't decode PK-AS-REQ: %d", ret);
609 goto out;
610 }
611
612 /* XXX look at r.kdcPkId */
613 if (r.trustedCertifiers) {
614 ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
615 unsigned int i, maxedi;
616
617 ret = hx509_certs_init(kdc_identity->hx509ctx,
618 "MEMORY:client-anchors",
619 0, NULL,
620 &cp->client_anchors);
621 if (ret) {
622 krb5_set_error_message(context, ret,
623 "Can't allocate client anchors: %d",
624 ret);
625 goto out;
626
627 }
628 /*
629 * If the client sent more then 10 EDI, don't bother
630 * looking more then 10 of performance reasons.
631 */
632 maxedi = edi->len;
633 if (maxedi > 10)
634 maxedi = 10;
635 for (i = 0; i < maxedi; i++) {
636 IssuerAndSerialNumber iasn;
637 hx509_query *q;
638 hx509_cert cert;
639 size_t size;
640
641 if (edi->val[i].issuerAndSerialNumber == NULL)
642 continue;
643
644 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
645 if (ret) {
646 krb5_set_error_message(context, ret,
647 "Failed to allocate hx509_query");
648 goto out;
649 }
650
651 ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
652 edi->val[i].issuerAndSerialNumber->length,
653 &iasn,
654 &size);
655 if (ret) {
656 hx509_query_free(kdc_identity->hx509ctx, q);
657 continue;
658 }
659 ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
660 free_IssuerAndSerialNumber(&iasn);
661 if (ret) {
662 hx509_query_free(kdc_identity->hx509ctx, q);
663 continue;
664 }
665
666 ret = hx509_certs_find(kdc_identity->hx509ctx,
667 kdc_identity->certs,
668 q,
669 &cert);
670 hx509_query_free(kdc_identity->hx509ctx, q);
671 if (ret)
672 continue;
673 hx509_certs_add(kdc_identity->hx509ctx,
674 cp->client_anchors, cert);
675 hx509_cert_free(cert);
676 }
677 }
678
679 ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
680 &contentInfoOid,
681 &signed_content,
682 &have_data);
683 free_PA_PK_AS_REQ(&r);
684 if (ret) {
685 krb5_set_error_message(context, ret,
686 "Can't unwrap ContentInfo: %d", ret);
687 goto out;
688 }
689
690 } else {
691 krb5_clear_error_message(context);
692 ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
693 goto out;
694 }
695
696 ret = der_heim_oid_cmp(&contentInfoOid, &asn1_oid_id_pkcs7_signedData);
697 if (ret != 0) {
698 ret = KRB5KRB_ERR_GENERIC;
699 krb5_set_error_message(context, ret,
700 "PK-AS-REQ-Win2k invalid content type oid");
701 goto out;
702 }
703
704 if (!have_data) {
705 ret = KRB5KRB_ERR_GENERIC;
706 krb5_set_error_message(context, ret,
707 "PK-AS-REQ-Win2k no signed auth pack");
708 goto out;
709 }
710
711 {
712 hx509_certs signer_certs;
713 int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */
714
715 if (req->req_body.kdc_options.request_anonymous)
716 flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER;
717
718 ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
719 cp->verify_ctx,
720 flags,
721 signed_content.data,
722 signed_content.length,
723 NULL,
724 kdc_identity->certpool,
725 &eContentType,
726 &eContent,
727 &signer_certs);
728 if (ret) {
729 char *s = hx509_get_error_string(kdc_identity->hx509ctx, ret);
730 krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
731 s, ret);
732 free(s);
733 goto out;
734 }
735
736 if (signer_certs) {
737 ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
738 &cp->cert);
739 hx509_certs_free(&signer_certs);
740 }
741 if (ret)
742 goto out;
743 }
744
745 /* Signature is correct, now verify the signed message */
746 if (der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkcs7_data) != 0 &&
747 der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkauthdata) != 0)
748 {
749 ret = KRB5_BADMSGTYPE;
750 krb5_set_error_message(context, ret, "got wrong oid for pkauthdata");
751 goto out;
752 }
753
754 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
755 AuthPack_Win2k ap;
756
757 ret = decode_AuthPack_Win2k(eContent.data,
758 eContent.length,
759 &ap,
760 NULL);
761 if (ret) {
762 krb5_set_error_message(context, ret,
763 "Can't decode AuthPack: %d", ret);
764 goto out;
765 }
766
767 ret = pk_check_pkauthenticator_win2k(context,
768 &ap.pkAuthenticator,
769 req);
770 if (ret) {
771 free_AuthPack_Win2k(&ap);
772 goto out;
773 }
774
775 cp->type = PKINIT_WIN2K;
776 cp->nonce = ap.pkAuthenticator.nonce;
777
778 if (ap.clientPublicValue) {
779 ret = KRB5KRB_ERR_GENERIC;
780 krb5_set_error_message(context, ret,
781 "DH not supported for windows");
782 goto out;
783 }
784 free_AuthPack_Win2k(&ap);
785
786 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
787 AuthPack ap;
788
789 ret = decode_AuthPack(eContent.data,
790 eContent.length,
791 &ap,
792 NULL);
793 if (ret) {
794 krb5_set_error_message(context, ret,
795 "Can't decode AuthPack: %d", ret);
796 free_AuthPack(&ap);
797 goto out;
798 }
799
800 if (req->req_body.kdc_options.request_anonymous &&
801 ap.clientPublicValue == NULL) {
802 free_AuthPack(&ap);
803 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
804 krb5_set_error_message(context, ret,
805 "Anon not supported in RSA mode");
806 goto out;
807 }
808
809 ret = pk_check_pkauthenticator(context,
810 &ap.pkAuthenticator,
811 req);
812 if (ret) {
813 free_AuthPack(&ap);
814 goto out;
815 }
816
817 cp->type = PKINIT_27;
818 cp->nonce = ap.pkAuthenticator.nonce;
819
820 if (ap.clientPublicValue) {
821 if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_dhpublicnumber) == 0) {
822 cp->keyex = USE_DH;
823 ret = get_dh_param(context, config,
824 ap.clientPublicValue, cp);
825 #ifdef HAVE_OPENSSL
826 } else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) {
827 cp->keyex = USE_ECDH;
828 ret = get_ecdh_param(context, config,
829 ap.clientPublicValue, cp);
830 #endif /* HAVE_OPENSSL */
831 } else {
832 ret = KRB5_BADMSGTYPE;
833 krb5_set_error_message(context, ret, "PKINIT unknown DH mechanism");
834 }
835 if (ret) {
836 free_AuthPack(&ap);
837 goto out;
838 }
839 } else
840 cp->keyex = USE_RSA;
841
842 ret = hx509_peer_info_alloc(kdc_identity->hx509ctx,
843 &cp->peer);
844 if (ret) {
845 free_AuthPack(&ap);
846 goto out;
847 }
848
849 if (ap.supportedCMSTypes) {
850 ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx,
851 cp->peer,
852 ap.supportedCMSTypes->val,
853 ap.supportedCMSTypes->len);
854 if (ret) {
855 free_AuthPack(&ap);
856 goto out;
857 }
858 } else {
859 /* assume old client */
860 hx509_peer_info_add_cms_alg(kdc_identity->hx509ctx, cp->peer,
861 hx509_crypto_des_rsdi_ede3_cbc());
862 hx509_peer_info_add_cms_alg(kdc_identity->hx509ctx, cp->peer,
863 hx509_signature_rsa_with_sha1());
864 hx509_peer_info_add_cms_alg(kdc_identity->hx509ctx, cp->peer,
865 hx509_signature_sha1());
866 }
867 free_AuthPack(&ap);
868 } else
869 krb5_abortx(context, "internal pkinit error");
870
871 kdc_log(context, config, 0, "PK-INIT request of type %s", type);
872
873 out:
874 if (ret)
875 krb5_warn(context, ret, "PKINIT");
876
877 if (signed_content.data)
878 free(signed_content.data);
879 krb5_data_free(&eContent);
880 der_free_oid(&eContentType);
881 der_free_oid(&contentInfoOid);
882 if (ret) {
883 _kdc_pk_free_client_param(context, cp);
884 } else
885 *ret_params = cp;
886 return ret;
887 }
888
889 /*
890 *
891 */
892
893 static krb5_error_code
894 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
895 {
896 integer->length = BN_num_bytes(bn);
897 integer->data = malloc(integer->length);
898 if (integer->data == NULL) {
899 krb5_clear_error_message(context);
900 return ENOMEM;
901 }
902 BN_bn2bin(bn, integer->data);
903 integer->negative = BN_is_negative(bn);
904 return 0;
905 }
906
907 static krb5_error_code
908 pk_mk_pa_reply_enckey(krb5_context context,
909 krb5_kdc_configuration *config,
910 pk_client_params *cp,
911 const KDC_REQ *req,
912 const krb5_data *req_buffer,
913 krb5_keyblock *reply_key,
914 ContentInfo *content_info,
915 hx509_cert *kdc_cert)
916 {
917 const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
918 krb5_error_code ret;
919 krb5_data buf, signed_data;
920 size_t size;
921 int do_win2k = 0;
922
923 krb5_data_zero(&buf);
924 krb5_data_zero(&signed_data);
925
926 *kdc_cert = NULL;
927
928 /*
929 * If the message client is a win2k-type but it send pa data
930 * 09-binding it expects a IETF (checksum) reply so there can be
931 * no replay attacks.
932 */
933
934 switch (cp->type) {
935 case PKINIT_WIN2K: {
936 int i = 0;
937 if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
938 && config->pkinit_require_binding == 0)
939 {
940 do_win2k = 1;
941 }
942 sdAlg = &asn1_oid_id_pkcs7_data;
943 evAlg = &asn1_oid_id_pkcs7_data;
944 envelopedAlg = &asn1_oid_id_rsadsi_des_ede3_cbc;
945 break;
946 }
947 case PKINIT_27:
948 sdAlg = &asn1_oid_id_pkrkeydata;
949 evAlg = &asn1_oid_id_pkcs7_signedData;
950 break;
951 default:
952 krb5_abortx(context, "internal pkinit error");
953 }
954
955 if (do_win2k) {
956 ReplyKeyPack_Win2k kp;
957 memset(&kp, 0, sizeof(kp));
958
959 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
960 if (ret) {
961 krb5_clear_error_message(context);
962 goto out;
963 }
964 kp.nonce = cp->nonce;
965
966 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
967 buf.data, buf.length,
968 &kp, &size,ret);
969 free_ReplyKeyPack_Win2k(&kp);
970 } else {
971 krb5_crypto ascrypto;
972 ReplyKeyPack kp;
973 memset(&kp, 0, sizeof(kp));
974
975 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
976 if (ret) {
977 krb5_clear_error_message(context);
978 goto out;
979 }
980
981 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
982 if (ret) {
983 krb5_clear_error_message(context);
984 goto out;
985 }
986
987 ret = krb5_create_checksum(context, ascrypto, 6, 0,
988 req_buffer->data, req_buffer->length,
989 &kp.asChecksum);
990 if (ret) {
991 krb5_clear_error_message(context);
992 goto out;
993 }
994
995 ret = krb5_crypto_destroy(context, ascrypto);
996 if (ret) {
997 krb5_clear_error_message(context);
998 goto out;
999 }
1000 ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
1001 free_ReplyKeyPack(&kp);
1002 }
1003 if (ret) {
1004 krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
1005 "failed (%d)", ret);
1006 goto out;
1007 }
1008 if (buf.length != size)
1009 krb5_abortx(context, "Internal ASN.1 encoder error");
1010
1011 {
1012 hx509_query *q;
1013 hx509_cert cert;
1014
1015 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
1016 if (ret)
1017 goto out;
1018
1019 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1020 if (config->pkinit_kdc_friendly_name)
1021 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1022
1023 ret = hx509_certs_find(kdc_identity->hx509ctx,
1024 kdc_identity->certs,
1025 q,
1026 &cert);
1027 hx509_query_free(kdc_identity->hx509ctx, q);
1028 if (ret)
1029 goto out;
1030
1031 ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
1032 0,
1033 sdAlg,
1034 buf.data,
1035 buf.length,
1036 NULL,
1037 cert,
1038 cp->peer,
1039 cp->client_anchors,
1040 kdc_identity->certpool,
1041 &signed_data);
1042 *kdc_cert = cert;
1043 }
1044
1045 krb5_data_free(&buf);
1046 if (ret)
1047 goto out;
1048
1049 if (cp->type == PKINIT_WIN2K) {
1050 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData,
1051 &signed_data,
1052 &buf);
1053 if (ret)
1054 goto out;
1055 krb5_data_free(&signed_data);
1056 signed_data = buf;
1057 }
1058
1059 ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
1060 HX509_CMS_EV_NO_KU_CHECK,
1061 cp->cert,
1062 signed_data.data, signed_data.length,
1063 envelopedAlg,
1064 evAlg, &buf);
1065 if (ret)
1066 goto out;
1067
1068 ret = _krb5_pk_mk_ContentInfo(context,
1069 &buf,
1070 &asn1_oid_id_pkcs7_envelopedData,
1071 content_info);
1072 out:
1073 if (ret && *kdc_cert) {
1074 hx509_cert_free(*kdc_cert);
1075 *kdc_cert = NULL;
1076 }
1077
1078 krb5_data_free(&buf);
1079 krb5_data_free(&signed_data);
1080 return ret;
1081 }
1082
1083 /*
1084 *
1085 */
1086
1087 static krb5_error_code
1088 pk_mk_pa_reply_dh(krb5_context context,
1089 krb5_kdc_configuration *config,
1090 pk_client_params *cp,
1091 ContentInfo *content_info,
1092 hx509_cert *kdc_cert)
1093 {
1094 KDCDHKeyInfo dh_info;
1095 krb5_data signed_data, buf;
1096 ContentInfo contentinfo;
1097 krb5_error_code ret;
1098 hx509_cert cert;
1099 hx509_query *q;
1100 size_t size;
1101
1102 memset(&contentinfo, 0, sizeof(contentinfo));
1103 memset(&dh_info, 0, sizeof(dh_info));
1104 krb5_data_zero(&signed_data);
1105 krb5_data_zero(&buf);
1106
1107 *kdc_cert = NULL;
1108
1109 if (cp->keyex == USE_DH) {
1110 DH *kdc_dh = cp->u.dh.key;
1111 heim_integer i;
1112
1113 ret = BN_to_integer(context, kdc_dh->pub_key, &i);
1114 if (ret)
1115 return ret;
1116
1117 ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
1118 der_free_heim_integer(&i);
1119 if (ret) {
1120 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1121 "DHPublicKey failed (%d)", ret);
1122 return ret;
1123 }
1124 if (buf.length != size)
1125 krb5_abortx(context, "Internal ASN.1 encoder error");
1126
1127 dh_info.subjectPublicKey.length = buf.length * 8;
1128 dh_info.subjectPublicKey.data = buf.data;
1129 krb5_data_zero(&buf);
1130 #ifdef HAVE_OPENSSL
1131 } else if (cp->keyex == USE_ECDH) {
1132 unsigned char *p;
1133 int len;
1134
1135 len = i2o_ECPublicKey(cp->u.ecdh.key, NULL);
1136 if (len <= 0)
1137 abort();
1138
1139 p = malloc(len);
1140 if (p == NULL)
1141 abort();
1142
1143 dh_info.subjectPublicKey.length = len * 8;
1144 dh_info.subjectPublicKey.data = p;
1145
1146 len = i2o_ECPublicKey(cp->u.ecdh.key, &p);
1147 if (len <= 0)
1148 abort();
1149 #endif
1150 } else
1151 krb5_abortx(context, "no keyex selected ?");
1152
1153
1154 dh_info.nonce = cp->nonce;
1155
1156 ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
1157 ret);
1158 if (ret) {
1159 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1160 "KdcDHKeyInfo failed (%d)", ret);
1161 goto out;
1162 }
1163 if (buf.length != size)
1164 krb5_abortx(context, "Internal ASN.1 encoder error");
1165
1166 /*
1167 * Create the SignedData structure and sign the KdcDHKeyInfo
1168 * filled in above
1169 */
1170
1171 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
1172 if (ret)
1173 goto out;
1174
1175 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1176 if (config->pkinit_kdc_friendly_name)
1177 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1178
1179 ret = hx509_certs_find(kdc_identity->hx509ctx,
1180 kdc_identity->certs,
1181 q,
1182 &cert);
1183 hx509_query_free(kdc_identity->hx509ctx, q);
1184 if (ret)
1185 goto out;
1186
1187 ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
1188 0,
1189 &asn1_oid_id_pkdhkeydata,
1190 buf.data,
1191 buf.length,
1192 NULL,
1193 cert,
1194 cp->peer,
1195 cp->client_anchors,
1196 kdc_identity->certpool,
1197 &signed_data);
1198 if (ret) {
1199 kdc_log(context, config, 0, "Failed signing the DH* reply: %d", ret);
1200 goto out;
1201 }
1202 *kdc_cert = cert;
1203
1204 ret = _krb5_pk_mk_ContentInfo(context,
1205 &signed_data,
1206 &asn1_oid_id_pkcs7_signedData,
1207 content_info);
1208 if (ret)
1209 goto out;
1210
1211 out:
1212 if (ret && *kdc_cert) {
1213 hx509_cert_free(*kdc_cert);
1214 *kdc_cert = NULL;
1215 }
1216
1217 krb5_data_free(&buf);
1218 krb5_data_free(&signed_data);
1219 free_KDCDHKeyInfo(&dh_info);
1220
1221 return ret;
1222 }
1223
1224 /*
1225 *
1226 */
1227
1228 krb5_error_code
1229 _kdc_pk_mk_pa_reply(krb5_context context,
1230 krb5_kdc_configuration *config,
1231 pk_client_params *cp,
1232 const hdb_entry_ex *client,
1233 krb5_enctype sessionetype,
1234 const KDC_REQ *req,
1235 const krb5_data *req_buffer,
1236 krb5_keyblock **reply_key,
1237 krb5_keyblock *sessionkey,
1238 METHOD_DATA *md)
1239 {
1240 krb5_error_code ret;
1241 void *buf;
1242 size_t len, size;
1243 krb5_enctype enctype;
1244 int pa_type;
1245 hx509_cert kdc_cert = NULL;
1246 int i;
1247
1248 if (!config->enable_pkinit) {
1249 krb5_clear_error_message(context);
1250 return 0;
1251 }
1252
1253 if (req->req_body.etype.len > 0) {
1254 for (i = 0; i < req->req_body.etype.len; i++)
1255 if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
1256 break;
1257 if (req->req_body.etype.len <= i) {
1258 ret = KRB5KRB_ERR_GENERIC;
1259 krb5_set_error_message(context, ret,
1260 "No valid enctype available from client");
1261 goto out;
1262 }
1263 enctype = req->req_body.etype.val[i];
1264 } else
1265 enctype = ETYPE_DES3_CBC_SHA1;
1266
1267 if (cp->type == PKINIT_27) {
1268 PA_PK_AS_REP rep;
1269 const char *type, *other = "";
1270
1271 memset(&rep, 0, sizeof(rep));
1272
1273 pa_type = KRB5_PADATA_PK_AS_REP;
1274
1275 if (cp->keyex == USE_RSA) {
1276 ContentInfo info;
1277
1278 type = "enckey";
1279
1280 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1281
1282 ret = krb5_generate_random_keyblock(context, enctype,
1283 &cp->reply_key);
1284 if (ret) {
1285 free_PA_PK_AS_REP(&rep);
1286 goto out;
1287 }
1288 ret = pk_mk_pa_reply_enckey(context,
1289 config,
1290 cp,
1291 req,
1292 req_buffer,
1293 &cp->reply_key,
1294 &info,
1295 &kdc_cert);
1296 if (ret) {
1297 free_PA_PK_AS_REP(&rep);
1298 goto out;
1299 }
1300 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1301 rep.u.encKeyPack.length, &info, &size,
1302 ret);
1303 free_ContentInfo(&info);
1304 if (ret) {
1305 krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
1306 "failed %d", ret);
1307 free_PA_PK_AS_REP(&rep);
1308 goto out;
1309 }
1310 if (rep.u.encKeyPack.length != size)
1311 krb5_abortx(context, "Internal ASN.1 encoder error");
1312
1313 ret = krb5_generate_random_keyblock(context, sessionetype,
1314 sessionkey);
1315 if (ret) {
1316 free_PA_PK_AS_REP(&rep);
1317 goto out;
1318 }
1319
1320 } else {
1321 ContentInfo info;
1322
1323 switch (cp->keyex) {
1324 case USE_DH: type = "dh"; break;
1325 #ifdef HAVE_OPENSSL
1326 case USE_ECDH: type = "ecdh"; break;
1327 #endif
1328 default: krb5_abortx(context, "unknown keyex"); break;
1329 }
1330
1331 if (cp->dh_group_name)
1332 other = cp->dh_group_name;
1333
1334 rep.element = choice_PA_PK_AS_REP_dhInfo;
1335
1336 ret = generate_dh_keyblock(context, cp, enctype);
1337 if (ret)
1338 return ret;
1339
1340 ret = pk_mk_pa_reply_dh(context, config,
1341 cp,
1342 &info,
1343 &kdc_cert);
1344 if (ret) {
1345 free_PA_PK_AS_REP(&rep);
1346 krb5_set_error_message(context, ret,
1347 "create pa-reply-dh "
1348 "failed %d", ret);
1349 goto out;
1350 }
1351
1352 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
1353 rep.u.dhInfo.dhSignedData.length, &info, &size,
1354 ret);
1355 free_ContentInfo(&info);
1356 if (ret) {
1357 krb5_set_error_message(context, ret,
1358 "encoding of Key ContentInfo "
1359 "failed %d", ret);
1360 free_PA_PK_AS_REP(&rep);
1361 goto out;
1362 }
1363 if (rep.u.encKeyPack.length != size)
1364 krb5_abortx(context, "Internal ASN.1 encoder error");
1365
1366 /* XXX KRB-FX-CF2 */
1367 ret = krb5_generate_random_keyblock(context, sessionetype,
1368 sessionkey);
1369 if (ret) {
1370 free_PA_PK_AS_REP(&rep);
1371 goto out;
1372 }
1373
1374 /* XXX Add PA-PKINIT-KX */
1375
1376 }
1377
1378 ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
1379 free_PA_PK_AS_REP(&rep);
1380 if (ret) {
1381 krb5_set_error_message(context, ret,
1382 "encode PA-PK-AS-REP failed %d", ret);
1383 goto out;
1384 }
1385 if (len != size)
1386 krb5_abortx(context, "Internal ASN.1 encoder error");
1387
1388 kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
1389
1390 } else if (cp->type == PKINIT_WIN2K) {
1391 PA_PK_AS_REP_Win2k rep;
1392 ContentInfo info;
1393
1394 if (cp->keyex != USE_RSA) {
1395 ret = KRB5KRB_ERR_GENERIC;
1396 krb5_set_error_message(context, ret,
1397 "Windows PK-INIT doesn't support DH");
1398 goto out;
1399 }
1400
1401 memset(&rep, 0, sizeof(rep));
1402
1403 pa_type = KRB5_PADATA_PK_AS_REP_19;
1404 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1405
1406 ret = krb5_generate_random_keyblock(context, enctype,
1407 &cp->reply_key);
1408 if (ret) {
1409 free_PA_PK_AS_REP_Win2k(&rep);
1410 goto out;
1411 }
1412 ret = pk_mk_pa_reply_enckey(context,
1413 config,
1414 cp,
1415 req,
1416 req_buffer,
1417 &cp->reply_key,
1418 &info,
1419 &kdc_cert);
1420 if (ret) {
1421 free_PA_PK_AS_REP_Win2k(&rep);
1422 goto out;
1423 }
1424 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1425 rep.u.encKeyPack.length, &info, &size,
1426 ret);
1427 free_ContentInfo(&info);
1428 if (ret) {
1429 krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
1430 "failed %d", ret);
1431 free_PA_PK_AS_REP_Win2k(&rep);
1432 goto out;
1433 }
1434 if (rep.u.encKeyPack.length != size)
1435 krb5_abortx(context, "Internal ASN.1 encoder error");
1436
1437 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
1438 free_PA_PK_AS_REP_Win2k(&rep);
1439 if (ret) {
1440 krb5_set_error_message(context, ret,
1441 "encode PA-PK-AS-REP-Win2k failed %d", ret);
1442 goto out;
1443 }
1444 if (len != size)
1445 krb5_abortx(context, "Internal ASN.1 encoder error");
1446
1447 ret = krb5_generate_random_keyblock(context, sessionetype,
1448 sessionkey);
1449 if (ret)
1450 goto out;
1451
1452 } else
1453 krb5_abortx(context, "PK-INIT internal error");
1454
1455
1456 ret = krb5_padata_add(context, md, pa_type, buf, len);
1457 if (ret) {
1458 krb5_set_error_message(context, ret,
1459 "Failed adding PA-PK-AS-REP %d", ret);
1460 free(buf);
1461 goto out;
1462 }
1463
1464 if (config->pkinit_kdc_ocsp_file) {
1465
1466 if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
1467 struct stat sb;
1468 int fd;
1469
1470 krb5_data_free(&ocsp.data);
1471
1472 ocsp.expire = 0;
1473 ocsp.next_update = kdc_time + 60 * 5;
1474
1475 fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
1476 if (fd < 0) {
1477 kdc_log(context, config, 0,
1478 "PK-INIT failed to open ocsp data file %d", errno);
1479 goto out_ocsp;
1480 }
1481 ret = fstat(fd, &sb);
1482 if (ret) {
1483 ret = errno;
1484 close(fd);
1485 kdc_log(context, config, 0,
1486 "PK-INIT failed to stat ocsp data %d", ret);
1487 goto out_ocsp;
1488 }
1489
1490 ret = krb5_data_alloc(&ocsp.data, sb.st_size);
1491 if (ret) {
1492 close(fd);
1493 kdc_log(context, config, 0,
1494 "PK-INIT failed to stat ocsp data %d", ret);
1495 goto out_ocsp;
1496 }
1497 ocsp.data.length = sb.st_size;
1498 ret = read(fd, ocsp.data.data, sb.st_size);
1499 close(fd);
1500 if (ret != sb.st_size) {
1501 kdc_log(context, config, 0,
1502 "PK-INIT failed to read ocsp data %d", errno);
1503 goto out_ocsp;
1504 }
1505
1506 ret = hx509_ocsp_verify(kdc_identity->hx509ctx,
1507 kdc_time,
1508 kdc_cert,
1509 0,
1510 ocsp.data.data, ocsp.data.length,
1511 &ocsp.expire);
1512 if (ret) {
1513 kdc_log(context, config, 0,
1514 "PK-INIT failed to verify ocsp data %d", ret);
1515 krb5_data_free(&ocsp.data);
1516 ocsp.expire = 0;
1517 } else if (ocsp.expire > 180) {
1518 ocsp.expire -= 180; /* refetch the ocsp before it expire */
1519 ocsp.next_update = ocsp.expire;
1520 } else {
1521 ocsp.next_update = kdc_time;
1522 }
1523 out_ocsp:
1524 ret = 0;
1525 }
1526
1527 if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
1528
1529 ret = krb5_padata_add(context, md,
1530 KRB5_PADATA_PA_PK_OCSP_RESPONSE,
1531 ocsp.data.data, ocsp.data.length);
1532 if (ret) {
1533 krb5_set_error_message(context, ret,
1534 "Failed adding OCSP response %d", ret);
1535 goto out;
1536 }
1537 }
1538 }
1539
1540 out:
1541 if (kdc_cert)
1542 hx509_cert_free(kdc_cert);
1543
1544 if (ret == 0)
1545 *reply_key = &cp->reply_key;
1546 return ret;
1547 }
1548
1549 static int
1550 match_rfc_san(krb5_context context,
1551 krb5_kdc_configuration *config,
1552 hx509_context hx509ctx,
1553 hx509_cert client_cert,
1554 krb5_const_principal match)
1555 {
1556 hx509_octet_string_list list;
1557 int ret, i, found = 0;
1558
1559 memset(&list, 0 , sizeof(list));
1560
1561 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1562 client_cert,
1563 &asn1_oid_id_pkinit_san,
1564 &list);
1565 if (ret)
1566 goto out;
1567
1568 for (i = 0; !found && i < list.len; i++) {
1569 krb5_principal_data principal;
1570 KRB5PrincipalName kn;
1571 size_t size;
1572
1573 ret = decode_KRB5PrincipalName(list.val[i].data,
1574 list.val[i].length,
1575 &kn, &size);
1576 if (ret) {
1577 kdc_log(context, config, 0,
1578 "Decoding kerberos name in certificate failed: %s",
1579 krb5_get_err_text(context, ret));
1580 break;
1581 }
1582 if (size != list.val[i].length) {
1583 kdc_log(context, config, 0,
1584 "Decoding kerberos name have extra bits on the end");
1585 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1586 }
1587
1588 principal.name = kn.principalName;
1589 principal.realm = kn.realm;
1590
1591 if (krb5_principal_compare(context, &principal, match) == TRUE)
1592 found = 1;
1593 free_KRB5PrincipalName(&kn);
1594 }
1595
1596 out:
1597 hx509_free_octet_string_list(&list);
1598 if (ret)
1599 return ret;
1600
1601 if (!found)
1602 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1603
1604 return 0;
1605 }
1606
1607 static int
1608 match_ms_upn_san(krb5_context context,
1609 krb5_kdc_configuration *config,
1610 hx509_context hx509ctx,
1611 hx509_cert client_cert,
1612 krb5_const_principal match)
1613 {
1614 hx509_octet_string_list list;
1615 krb5_principal principal = NULL;
1616 int ret, found = 0;
1617 MS_UPN_SAN upn;
1618 size_t size;
1619
1620 memset(&list, 0 , sizeof(list));
1621
1622 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1623 client_cert,
1624 &asn1_oid_id_pkinit_ms_san,
1625 &list);
1626 if (ret)
1627 goto out;
1628
1629 if (list.len != 1) {
1630 kdc_log(context, config, 0,
1631 "More then one PK-INIT MS UPN SAN");
1632 goto out;
1633 }
1634
1635 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
1636 if (ret) {
1637 kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
1638 goto out;
1639 }
1640
1641 kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
1642
1643 ret = krb5_parse_name(context, upn, &principal);
1644 free_MS_UPN_SAN(&upn);
1645 if (ret) {
1646 kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
1647 goto out;
1648 }
1649
1650 /*
1651 * This is very wrong, but will do for now, should really and a
1652 * plugin to the windc layer to very this ACL.
1653 */
1654 strupr(principal->realm);
1655
1656 if (krb5_principal_compare(context, principal, match) == TRUE)
1657 found = 1;
1658
1659 out:
1660 if (principal)
1661 krb5_free_principal(context, principal);
1662 hx509_free_octet_string_list(&list);
1663 if (ret)
1664 return ret;
1665
1666 if (!found)
1667 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1668
1669 return 0;
1670 }
1671
1672 krb5_error_code
1673 _kdc_pk_check_client(krb5_context context,
1674 krb5_kdc_configuration *config,
1675 const hdb_entry_ex *client,
1676 pk_client_params *cp,
1677 char **subject_name)
1678 {
1679 const HDB_Ext_PKINIT_acl *acl;
1680 const HDB_Ext_PKINIT_cert *pc;
1681 krb5_error_code ret;
1682 hx509_name name;
1683 int i;
1684
1685 if (cp->cert == NULL) {
1686
1687 *subject_name = strdup("anonymous client client");
1688 if (*subject_name == NULL)
1689 return ENOMEM;
1690 return 0;
1691 }
1692
1693 ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
1694 cp->cert,
1695 &name);
1696 if (ret)
1697 return ret;
1698
1699 ret = hx509_name_to_string(name, subject_name);
1700 hx509_name_free(&name);
1701 if (ret)
1702 return ret;
1703
1704 kdc_log(context, config, 0,
1705 "Trying to authorize PK-INIT subject DN %s",
1706 *subject_name);
1707
1708 ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
1709 if (ret == 0 && pc) {
1710 hx509_cert cert;
1711 unsigned int i;
1712
1713 for (i = 0; i < pc->len; i++) {
1714 ret = hx509_cert_init_data(kdc_identity->hx509ctx,
1715 pc->val[i].cert.data,
1716 pc->val[i].cert.length,
1717 &cert);
1718 if (ret)
1719 continue;
1720 ret = hx509_cert_cmp(cert, cp->cert);
1721 hx509_cert_free(cert);
1722 if (ret == 0) {
1723 kdc_log(context, config, 5,
1724 "Found matching PK-INIT cert in hdb");
1725 return 0;
1726 }
1727 }
1728 }
1729
1730
1731 if (config->pkinit_princ_in_cert) {
1732 ret = match_rfc_san(context, config,
1733 kdc_identity->hx509ctx,
1734 cp->cert,
1735 client->entry.principal);
1736 if (ret == 0) {
1737 kdc_log(context, config, 5,
1738 "Found matching PK-INIT SAN in certificate");
1739 return 0;
1740 }
1741 ret = match_ms_upn_san(context, config,
1742 kdc_identity->hx509ctx,
1743 cp->cert,
1744 client->entry.principal);
1745 if (ret == 0) {
1746 kdc_log(context, config, 5,
1747 "Found matching MS UPN SAN in certificate");
1748 return 0;
1749 }
1750 }
1751
1752 ret = hdb_entry_get_pkinit_acl(&client->entry, &acl);
1753 if (ret == 0 && acl != NULL) {
1754 /*
1755 * Cheat here and compare the generated name with the string
1756 * and not the reverse.
1757 */
1758 for (i = 0; i < acl->len; i++) {
1759 if (strcmp(*subject_name, acl->val[0].subject) != 0)
1760 continue;
1761
1762 /* Don't support isser and anchor checking right now */
1763 if (acl->val[0].issuer)
1764 continue;
1765 if (acl->val[0].anchor)
1766 continue;
1767
1768 kdc_log(context, config, 5,
1769 "Found matching PK-INIT database ACL");
1770 return 0;
1771 }
1772 }
1773
1774 for (i = 0; i < principal_mappings.len; i++) {
1775 krb5_boolean b;
1776
1777 b = krb5_principal_compare(context,
1778 client->entry.principal,
1779 principal_mappings.val[i].principal);
1780 if (b == FALSE)
1781 continue;
1782 if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
1783 continue;
1784 kdc_log(context, config, 5,
1785 "Found matching PK-INIT FILE ACL");
1786 return 0;
1787 }
1788
1789 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1790 krb5_set_error_message(context, ret,
1791 "PKINIT no matching principals for %s",
1792 *subject_name);
1793
1794 kdc_log(context, config, 5,
1795 "PKINIT no matching principals for %s",
1796 *subject_name);
1797
1798 free(*subject_name);
1799 *subject_name = NULL;
1800
1801 return ret;
1802 }
1803
1804 static krb5_error_code
1805 add_principal_mapping(krb5_context context,
1806 const char *principal_name,
1807 const char * subject)
1808 {
1809 struct pk_allowed_princ *tmp;
1810 krb5_principal principal;
1811 krb5_error_code ret;
1812
1813 tmp = realloc(principal_mappings.val,
1814 (principal_mappings.len + 1) * sizeof(*tmp));
1815 if (tmp == NULL)
1816 return ENOMEM;
1817 principal_mappings.val = tmp;
1818
1819 ret = krb5_parse_name(context, principal_name, &principal);
1820 if (ret)
1821 return ret;
1822
1823 principal_mappings.val[principal_mappings.len].principal = principal;
1824
1825 principal_mappings.val[principal_mappings.len].subject = strdup(subject);
1826 if (principal_mappings.val[principal_mappings.len].subject == NULL) {
1827 krb5_free_principal(context, principal);
1828 return ENOMEM;
1829 }
1830 principal_mappings.len++;
1831
1832 return 0;
1833 }
1834
1835 krb5_error_code
1836 _kdc_add_inital_verified_cas(krb5_context context,
1837 krb5_kdc_configuration *config,
1838 pk_client_params *cp,
1839 EncTicketPart *tkt)
1840 {
1841 AD_INITIAL_VERIFIED_CAS cas;
1842 krb5_error_code ret;
1843 krb5_data data;
1844 size_t size;
1845
1846 memset(&cas, 0, sizeof(cas));
1847
1848 /* XXX add CAs to cas here */
1849
1850 ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
1851 &cas, &size, ret);
1852 if (ret)
1853 return ret;
1854 if (data.length != size)
1855 krb5_abortx(context, "internal asn.1 encoder error");
1856
1857 ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
1858 KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
1859 &data);
1860 krb5_data_free(&data);
1861 return ret;
1862 }
1863
1864 /*
1865 *
1866 */
1867
1868 static void
1869 load_mappings(krb5_context context, const char *fn)
1870 {
1871 krb5_error_code ret;
1872 char buf[1024];
1873 unsigned long lineno = 0;
1874 FILE *f;
1875
1876 f = fopen(fn, "r");
1877 if (f == NULL)
1878 return;
1879
1880 while (fgets(buf, sizeof(buf), f) != NULL) {
1881 char *subject_name, *p;
1882
1883 buf[strcspn(buf, "\n")] = '\0';
1884 lineno++;
1885
1886 p = buf + strspn(buf, " \t");
1887
1888 if (*p == '#' || *p == '\0')
1889 continue;
1890
1891 subject_name = strchr(p, ':');
1892 if (subject_name == NULL) {
1893 krb5_warnx(context, "pkinit mapping file line %lu "
1894 "missing \":\" :%s",
1895 lineno, buf);
1896 continue;
1897 }
1898 *subject_name++ = '\0';
1899
1900 ret = add_principal_mapping(context, p, subject_name);
1901 if (ret) {
1902 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
1903 lineno, buf);
1904 continue;
1905 }
1906 }
1907
1908 fclose(f);
1909 }
1910
1911 /*
1912 *
1913 */
1914
1915 krb5_error_code
1916 _kdc_pk_initialize(krb5_context context,
1917 krb5_kdc_configuration *config,
1918 const char *user_id,
1919 const char *anchors,
1920 char **pool,
1921 char **revoke_list)
1922 {
1923 const char *file;
1924 char *fn = NULL;
1925 krb5_error_code ret;
1926
1927 file = krb5_config_get_string(context, NULL,
1928 "libdefaults", "moduli", NULL);
1929
1930 ret = _krb5_parse_moduli(context, file, &moduli);
1931 if (ret)
1932 krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
1933
1934 principal_mappings.len = 0;
1935 principal_mappings.val = NULL;
1936
1937 ret = _krb5_pk_load_id(context,
1938 &kdc_identity,
1939 0,
1940 user_id,
1941 anchors,
1942 pool,
1943 revoke_list,
1944 NULL,
1945 NULL,
1946 NULL);
1947 if (ret) {
1948 krb5_warn(context, ret, "PKINIT: ");
1949 config->enable_pkinit = 0;
1950 return ret;
1951 }
1952
1953 {
1954 hx509_query *q;
1955 hx509_cert cert;
1956
1957 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
1958 if (ret) {
1959 krb5_warnx(context, "PKINIT: out of memory");
1960 return ENOMEM;
1961 }
1962
1963 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1964 if (config->pkinit_kdc_friendly_name)
1965 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1966
1967 ret = hx509_certs_find(kdc_identity->hx509ctx,
1968 kdc_identity->certs,
1969 q,
1970 &cert);
1971 hx509_query_free(kdc_identity->hx509ctx, q);
1972 if (ret == 0) {
1973 if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert,
1974 &asn1_oid_id_pkkdcekuoid, 0)) {
1975 hx509_name name;
1976 char *str;
1977 ret = hx509_cert_get_subject(cert, &name);
1978 hx509_name_to_string(name, &str);
1979 krb5_warnx(context, "WARNING Found KDC certificate (%s)"
1980 "is missing the PK-INIT KDC EKU, this is bad for "
1981 "interoperability.", str);
1982 hx509_name_free(&name);
1983 free(str);
1984 }
1985 hx509_cert_free(cert);
1986 } else
1987 krb5_warnx(context, "PKINIT: failed to find a signing "
1988 "certifiate with a public key");
1989 }
1990
1991 if (krb5_config_get_bool_default(context,
1992 NULL,
1993 FALSE,
1994 "kdc",
1995 "pkinit_allow_proxy_certificate",
1996 NULL))
1997 config->pkinit_allow_proxy_certs = 1;
1998
1999 file = krb5_config_get_string(context,
2000 NULL,
2001 "kdc",
2002 "pkinit_mappings_file",
2003 NULL);
2004 if (file == NULL) {
2005 asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
2006 file = fn;
2007 }
2008
2009 load_mappings(context, file);
2010 if (fn)
2011 free(fn);
2012
2013 return 0;
2014 }
2015
2016 #endif /* PKINIT */
Heimdal