search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gssapi/mech: mech_locl.h roken.h must be included earlier
[heimdal.git] / kdc / pkinit.c
blobf01178983f3c826333c989b682ea4bbb2241268c
1 /*
2 * Copyright (c) 2003 - 2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kdc_locl.h"
37
38 #ifdef PKINIT
39
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
42 #include <cms_asn1.h>
43 #include <pkinit_asn1.h>
44
45 #include <hx509.h>
46 #include "crypto-headers.h"
47
48 struct pk_client_params {
49 enum krb5_pk_type type;
50 enum keyex_enum keyex;
51 union {
52 struct {
53 BIGNUM *public_key;
54 DH *key;
55 } dh;
56 struct {
57 void *public_key;
58 void *key;
59 } ecdh;
60 } u;
61 hx509_cert cert;
62 krb5_timestamp endtime;
63 krb5_timestamp max_life;
64 unsigned nonce;
65 EncryptionKey reply_key;
66 char *dh_group_name;
67 hx509_peer_info peer;
68 hx509_certs client_anchors;
69 hx509_verify_ctx verify_ctx;
70 };
71
72 struct pk_principal_mapping {
73 unsigned int len;
74 struct pk_allowed_princ {
75 krb5_principal principal;
76 char *subject;
77 } *val;
78 };
79
80 static struct krb5_pk_identity *kdc_identity;
81 static struct pk_principal_mapping principal_mappings;
82 static struct krb5_dh_moduli **moduli;
83
84 static struct {
85 krb5_data data;
86 time_t expire;
87 time_t next_update;
88 } ocsp;
89
90 /*
91 *
92 */
93
94 static krb5_error_code
95 pk_check_pkauthenticator_win2k(krb5_context context,
96 PKAuthenticator_Win2k *a,
97 const KDC_REQ *req)
98 {
99 krb5_timestamp now;
100
101 krb5_timeofday (context, &now);
102
103 /* XXX cusec */
104 if (a->ctime == 0 || labs(a->ctime - now) > context->max_skew) {
105 krb5_clear_error_message(context);
106 return KRB5KRB_AP_ERR_SKEW;
107 }
108 return 0;
109 }
110
111 static krb5_error_code
112 pk_check_pkauthenticator(krb5_context context,
113 PKAuthenticator *a,
114 const KDC_REQ *req)
115 {
116 krb5_error_code ret;
117 krb5_timestamp now;
118 Checksum checksum;
119
120 krb5_timeofday (context, &now);
121
122 /* XXX cusec */
123 if (a->ctime == 0 || labs(a->ctime - now) > context->max_skew) {
124 krb5_clear_error_message(context);
125 return KRB5KRB_AP_ERR_SKEW;
126 }
127
128 ret = krb5_create_checksum(context,
129 NULL,
130 0,
131 CKSUMTYPE_SHA1,
132 req->req_body._save.data,
133 req->req_body._save.length,
134 &checksum);
135 if (ret) {
136 krb5_clear_error_message(context);
137 return ret;
138 }
139
140 if (a->paChecksum == NULL) {
141 krb5_clear_error_message(context);
142 ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
143 goto out;
144 }
145
146 if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
147 krb5_clear_error_message(context);
148 ret = KRB5KRB_ERR_GENERIC;
149 }
150
151 out:
152 free_Checksum(&checksum);
153
154 return ret;
155 }
156
157 void
158 _kdc_pk_free_client_param(krb5_context context, pk_client_params *cp)
159 {
160 if (cp == NULL)
161 return;
162 if (cp->cert)
163 hx509_cert_free(cp->cert);
164 if (cp->verify_ctx)
165 hx509_verify_destroy_ctx(cp->verify_ctx);
166 if (cp->keyex == USE_DH) {
167 if (cp->u.dh.key)
168 DH_free(cp->u.dh.key);
169 if (cp->u.dh.public_key)
170 BN_free(cp->u.dh.public_key);
171 }
172 if (cp->keyex == USE_ECDH)
173 _kdc_pk_free_client_ec_param(context, cp->u.ecdh.key,
174 cp->u.ecdh.public_key);
175 krb5_free_keyblock_contents(context, &cp->reply_key);
176 if (cp->dh_group_name)
177 free(cp->dh_group_name);
178 if (cp->peer)
179 hx509_peer_info_free(cp->peer);
180 if (cp->client_anchors)
181 hx509_certs_free(&cp->client_anchors);
182 memset(cp, 0, sizeof(*cp));
183 free(cp);
184 }
185
186 static krb5_error_code
187 generate_dh_keyblock(krb5_context context,
188 pk_client_params *client_params,
189 krb5_enctype enctype)
190 {
191 unsigned char *dh_gen_key = NULL;
192 krb5_keyblock key;
193 krb5_error_code ret;
194 size_t dh_gen_keylen, size;
195
196 memset(&key, 0, sizeof(key));
197
198 if (client_params->keyex == USE_DH) {
199
200 if (client_params->u.dh.public_key == NULL) {
201 ret = KRB5KRB_ERR_GENERIC;
202 krb5_set_error_message(context, ret, "missing DH public_key");
203 goto out;
204 }
205
206 if (!DH_generate_key(client_params->u.dh.key)) {
207 ret = KRB5KRB_ERR_GENERIC;
208 krb5_set_error_message(context, ret,
209 "Can't generate Diffie-Hellman keys");
210 goto out;
211 }
212
213 size = DH_size(client_params->u.dh.key);
214
215 dh_gen_key = malloc(size);
216 if (dh_gen_key == NULL) {
217 ret = ENOMEM;
218 krb5_set_error_message(context, ret, "malloc: out of memory");
219 goto out;
220 }
221
222 dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
223 if (dh_gen_keylen == (size_t)-1) {
224 ret = KRB5KRB_ERR_GENERIC;
225 krb5_set_error_message(context, ret,
226 "Can't compute Diffie-Hellman key");
227 goto out;
228 }
229 if (dh_gen_keylen < size) {
230 size -= dh_gen_keylen;
231 memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
232 memset(dh_gen_key, 0, size);
233 }
234 } else if (client_params->keyex == USE_ECDH) {
235 if (client_params->u.ecdh.public_key == NULL) {
236 ret = KRB5KRB_ERR_GENERIC;
237 krb5_set_error_message(context, ret, "missing ECDH public_key");
238 goto out;
239 }
240 ret = _kdc_generate_ecdh_keyblock(context,
241 client_params->u.ecdh.public_key,
242 &client_params->u.ecdh.key,
243 &dh_gen_key, &dh_gen_keylen);
244 if (ret)
245 goto out;
246 } else {
247 ret = KRB5KRB_ERR_GENERIC;
248 krb5_set_error_message(context, ret,
249 "Diffie-Hellman not selected keys");
250 goto out;
251 }
252
253 ret = _krb5_pk_octetstring2key(context,
254 enctype,
255 dh_gen_key, dh_gen_keylen,
256 NULL, NULL,
257 &client_params->reply_key);
258
259 out:
260 if (dh_gen_key)
261 free(dh_gen_key);
262 if (key.keyvalue.data)
263 krb5_free_keyblock_contents(context, &key);
264
265 return ret;
266 }
267
268 static BIGNUM *
269 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
270 {
271 BIGNUM *bn;
272
273 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
274 if (bn == NULL) {
275 krb5_set_error_message(context, KRB5_BADMSGTYPE,
276 "PKINIT: parsing BN failed %s", field);
277 return NULL;
278 }
279 BN_set_negative(bn, f->negative);
280 return bn;
281 }
282
283 static krb5_error_code
284 get_dh_param(krb5_context context,
285 krb5_kdc_configuration *config,
286 SubjectPublicKeyInfo *dh_key_info,
287 pk_client_params *client_params)
288 {
289 DomainParameters dhparam;
290 DH *dh = NULL;
291 krb5_error_code ret;
292
293 memset(&dhparam, 0, sizeof(dhparam));
294
295 if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
296 ret = KRB5_BADMSGTYPE;
297 krb5_set_error_message(context, ret,
298 "PKINIT: subjectPublicKey not aligned "
299 "to 8 bit boundary");
300 goto out;
301 }
302
303 if (dh_key_info->algorithm.parameters == NULL) {
304 krb5_set_error_message(context, KRB5_BADMSGTYPE,
305 "PKINIT missing algorithm parameter "
306 "in clientPublicValue");
307 return KRB5_BADMSGTYPE;
308 }
309
310 ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
311 dh_key_info->algorithm.parameters->length,
312 &dhparam,
313 NULL);
314 if (ret) {
315 krb5_set_error_message(context, ret, "Can't decode algorithm "
316 "parameters in clientPublicValue");
317 goto out;
318 }
319
320 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
321 &dhparam.p, &dhparam.g, dhparam.q, moduli,
322 &client_params->dh_group_name);
323 if (ret) {
324 /* XXX send back proposal of better group */
325 goto out;
326 }
327
328 dh = DH_new();
329 if (dh == NULL) {
330 ret = ENOMEM;
331 krb5_set_error_message(context, ret, "Cannot create DH structure");
332 goto out;
333 }
334 ret = KRB5_BADMSGTYPE;
335 dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
336 if (dh->p == NULL)
337 goto out;
338 dh->g = integer_to_BN(context, "DH base", &dhparam.g);
339 if (dh->g == NULL)
340 goto out;
341
342 if (dhparam.q) {
343 dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
344 if (dh->q == NULL)
345 goto out;
346 }
347
348 {
349 heim_integer glue;
350 size_t size;
351
352 ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
353 dh_key_info->subjectPublicKey.length / 8,
354 &glue,
355 &size);
356 if (ret) {
357 krb5_clear_error_message(context);
358 return ret;
359 }
360
361 client_params->u.dh.public_key = integer_to_BN(context,
362 "subjectPublicKey",
363 &glue);
364 der_free_heim_integer(&glue);
365 if (client_params->u.dh.public_key == NULL) {
366 ret = KRB5_BADMSGTYPE;
367 goto out;
368 }
369 }
370
371 client_params->u.dh.key = dh;
372 dh = NULL;
373 ret = 0;
374
375 out:
376 if (dh)
377 DH_free(dh);
378 free_DomainParameters(&dhparam);
379 return ret;
380 }
381
382 krb5_error_code
383 _kdc_pk_rd_padata(astgs_request_t priv,
384 const PA_DATA *pa,
385 pk_client_params **ret_params)
386 {
387 /* XXXrcd: we use priv vs r due to a conflict */
388 krb5_context context = priv->context;
389 krb5_kdc_configuration *config = priv->config;
390 const KDC_REQ *req = &priv->req;
391 hdb_entry *client = priv->client;
392 pk_client_params *cp;
393 krb5_error_code ret;
394 heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
395 krb5_data eContent = { 0, NULL };
396 krb5_data signed_content = { 0, NULL };
397 const char *type = "unknown type";
398 hx509_certs trust_anchors;
399 int have_data = 0;
400 const HDB_Ext_PKINIT_cert *pc;
401
402 *ret_params = NULL;
403
404 if (!config->enable_pkinit) {
405 kdc_log(context, config, 0, "PKINIT request but PKINIT not enabled");
406 krb5_clear_error_message(context);
407 return 0;
408 }
409
410 cp = calloc(1, sizeof(*cp));
411 if (cp == NULL) {
412 krb5_clear_error_message(context);
413 ret = ENOMEM;
414 goto out;
415 }
416
417 ret = hx509_certs_init(context->hx509ctx,
418 "MEMORY:trust-anchors",
419 0, NULL, &trust_anchors);
420 if (ret) {
421 krb5_set_error_message(context, ret, "failed to create trust anchors");
422 goto out;
423 }
424
425 ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
426 kdc_identity->anchors);
427 if (ret) {
428 hx509_certs_free(&trust_anchors);
429 krb5_set_error_message(context, ret, "failed to create verify context");
430 goto out;
431 }
432
433 /* Add any registered certificates for this client as trust anchors */
434 ret = hdb_entry_get_pkinit_cert(client, &pc);
435 if (ret == 0 && pc != NULL) {
436 hx509_cert cert;
437 unsigned int i;
438
439 for (i = 0; i < pc->len; i++) {
440 cert = hx509_cert_init_data(context->hx509ctx,
441 pc->val[i].cert.data,
442 pc->val[i].cert.length,
443 NULL);
444 if (cert == NULL)
445 continue;
446 hx509_certs_add(context->hx509ctx, trust_anchors, cert);
447 hx509_cert_free(cert);
448 }
449 }
450
451 ret = hx509_verify_init_ctx(context->hx509ctx, &cp->verify_ctx);
452 if (ret) {
453 hx509_certs_free(&trust_anchors);
454 krb5_set_error_message(context, ret, "failed to create verify context");
455 goto out;
456 }
457
458 hx509_verify_set_time(cp->verify_ctx, kdc_time);
459 hx509_verify_attach_anchors(cp->verify_ctx, trust_anchors);
460 hx509_certs_free(&trust_anchors);
461
462 if (config->pkinit_allow_proxy_certs)
463 hx509_verify_set_proxy_certificate(cp->verify_ctx, 1);
464
465 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
466 PA_PK_AS_REQ_Win2k r;
467
468 type = "PK-INIT-Win2k";
469
470 if (_kdc_is_anonymous(context, client->principal)) {
471 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
472 krb5_set_error_message(context, ret,
473 "Anonymous client not supported in RSA mode");
474 goto out;
475 }
476
477 ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
478 pa->padata_value.length,
479 &r,
480 NULL);
481 if (ret) {
482 krb5_set_error_message(context, ret, "Can't decode "
483 "PK-AS-REQ-Win2k: %d", ret);
484 goto out;
485 }
486
487 ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
488 &contentInfoOid,
489 &signed_content,
490 &have_data);
491 free_PA_PK_AS_REQ_Win2k(&r);
492 if (ret) {
493 krb5_set_error_message(context, ret,
494 "Can't unwrap ContentInfo(win): %d", ret);
495 goto out;
496 }
497
498 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
499 PA_PK_AS_REQ r;
500
501 type = "PK-INIT-IETF";
502
503 ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
504 pa->padata_value.length,
505 &r,
506 NULL);
507 if (ret) {
508 krb5_set_error_message(context, ret,
509 "Can't decode PK-AS-REQ: %d", ret);
510 goto out;
511 }
512
513 /* XXX look at r.kdcPkId */
514 if (r.trustedCertifiers) {
515 ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
516 unsigned int i, maxedi;
517
518 ret = hx509_certs_init(context->hx509ctx,
519 "MEMORY:client-anchors",
520 0, NULL,
521 &cp->client_anchors);
522 if (ret) {
523 krb5_set_error_message(context, ret,
524 "Can't allocate client anchors: %d",
525 ret);
526 goto out;
527
528 }
529 /*
530 * If the client sent more then 10 EDI, don't bother
531 * looking more then 10 of performance reasons.
532 */
533 maxedi = edi->len;
534 if (maxedi > 10)
535 maxedi = 10;
536 for (i = 0; i < maxedi; i++) {
537 IssuerAndSerialNumber iasn;
538 hx509_query *q;
539 hx509_cert cert;
540 size_t size;
541
542 if (edi->val[i].issuerAndSerialNumber == NULL)
543 continue;
544
545 ret = hx509_query_alloc(context->hx509ctx, &q);
546 if (ret) {
547 krb5_set_error_message(context, ret,
548 "Failed to allocate hx509_query");
549 goto out;
550 }
551
552 ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
553 edi->val[i].issuerAndSerialNumber->length,
554 &iasn,
555 &size);
556 if (ret) {
557 hx509_query_free(context->hx509ctx, q);
558 continue;
559 }
560 ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
561 free_IssuerAndSerialNumber(&iasn);
562 if (ret) {
563 hx509_query_free(context->hx509ctx, q);
564 continue;
565 }
566
567 ret = hx509_certs_find(context->hx509ctx,
568 kdc_identity->certs,
569 q,
570 &cert);
571 hx509_query_free(context->hx509ctx, q);
572 if (ret)
573 continue;
574 hx509_certs_add(context->hx509ctx,
575 cp->client_anchors, cert);
576 hx509_cert_free(cert);
577 }
578 }
579
580 ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
581 &contentInfoOid,
582 &signed_content,
583 &have_data);
584 free_PA_PK_AS_REQ(&r);
585 if (ret) {
586 krb5_set_error_message(context, ret,
587 "Can't unwrap ContentInfo: %d", ret);
588 goto out;
589 }
590
591 } else {
592 krb5_clear_error_message(context);
593 ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
594 goto out;
595 }
596
597 ret = der_heim_oid_cmp(&contentInfoOid, &asn1_oid_id_pkcs7_signedData);
598 if (ret != 0) {
599 ret = KRB5KRB_ERR_GENERIC;
600 krb5_set_error_message(context, ret,
601 "PK-AS-REQ-Win2k invalid content type oid");
602 goto out;
603 }
604
605 if (!have_data) {
606 ret = KRB5KRB_ERR_GENERIC;
607 krb5_set_error_message(context, ret,
608 "PK-AS-REQ-Win2k no signed auth pack");
609 goto out;
610 }
611
612 {
613 hx509_certs signer_certs;
614 int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */
615
616 if (_kdc_is_anonymous(context, client->principal)
617 || (config->historical_anon_realm && _kdc_is_anon_request(req)))
618 flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER;
619
620 ret = hx509_cms_verify_signed(context->hx509ctx,
621 cp->verify_ctx,
622 flags,
623 signed_content.data,
624 signed_content.length,
625 NULL,
626 kdc_identity->certpool,
627 &eContentType,
628 &eContent,
629 &signer_certs);
630 if (ret) {
631 char *s = hx509_get_error_string(context->hx509ctx, ret);
632 krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
633 s, ret);
634 free(s);
635 goto out;
636 }
637
638 if (signer_certs) {
639 ret = hx509_get_one_cert(context->hx509ctx, signer_certs,
640 &cp->cert);
641 hx509_certs_free(&signer_certs);
642 }
643 if (ret)
644 goto out;
645 }
646
647 /* Signature is correct, now verify the signed message */
648 if (der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkcs7_data) != 0 &&
649 der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkauthdata) != 0)
650 {
651 ret = KRB5_BADMSGTYPE;
652 krb5_set_error_message(context, ret, "got wrong oid for PK AuthData");
653 goto out;
654 }
655
656 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
657 AuthPack_Win2k ap;
658
659 ret = decode_AuthPack_Win2k(eContent.data,
660 eContent.length,
661 &ap,
662 NULL);
663 if (ret) {
664 krb5_set_error_message(context, ret,
665 "Can't decode AuthPack: %d", ret);
666 goto out;
667 }
668
669 ret = pk_check_pkauthenticator_win2k(context,
670 &ap.pkAuthenticator,
671 req);
672 if (ret) {
673 free_AuthPack_Win2k(&ap);
674 goto out;
675 }
676
677 cp->type = PKINIT_WIN2K;
678 cp->nonce = ap.pkAuthenticator.nonce;
679
680 if (ap.clientPublicValue) {
681 ret = KRB5KRB_ERR_GENERIC;
682 krb5_set_error_message(context, ret,
683 "DH not supported for Win2k");
684 goto out;
685 }
686 free_AuthPack_Win2k(&ap);
687
688 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
689 AuthPack ap;
690
691 ret = decode_AuthPack(eContent.data,
692 eContent.length,
693 &ap,
694 NULL);
695 if (ret) {
696 krb5_set_error_message(context, ret,
697 "Can't decode AuthPack: %d", ret);
698 free_AuthPack(&ap);
699 goto out;
700 }
701
702 if (_kdc_is_anonymous(context, client->principal) &&
703 ap.clientPublicValue == NULL) {
704 free_AuthPack(&ap);
705 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
706 krb5_set_error_message(context, ret,
707 "Anonymous client not supported in RSA mode");
708 goto out;
709 }
710
711 ret = pk_check_pkauthenticator(context,
712 &ap.pkAuthenticator,
713 req);
714 if (ret) {
715 free_AuthPack(&ap);
716 goto out;
717 }
718
719 cp->type = PKINIT_27;
720 cp->nonce = ap.pkAuthenticator.nonce;
721
722 if (ap.clientPublicValue) {
723 if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_dhpublicnumber) == 0) {
724 cp->keyex = USE_DH;
725 ret = get_dh_param(context, config,
726 ap.clientPublicValue, cp);
727 } else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) {
728 cp->keyex = USE_ECDH;
729 ret = _kdc_get_ecdh_param(context, config,
730 ap.clientPublicValue,
731 &cp->u.ecdh.public_key);
732 } else {
733 ret = KRB5_BADMSGTYPE;
734 krb5_set_error_message(context, ret,
735 "PKINIT unknown DH mechanism");
736 }
737 if (ret) {
738 free_AuthPack(&ap);
739 goto out;
740 }
741 } else
742 cp->keyex = USE_RSA;
743
744 ret = hx509_peer_info_alloc(context->hx509ctx,
745 &cp->peer);
746 if (ret) {
747 free_AuthPack(&ap);
748 goto out;
749 }
750
751 if (ap.supportedCMSTypes) {
752 ret = hx509_peer_info_set_cms_algs(context->hx509ctx,
753 cp->peer,
754 ap.supportedCMSTypes->val,
755 ap.supportedCMSTypes->len);
756 if (ret) {
757 free_AuthPack(&ap);
758 goto out;
759 }
760 } else {
761 /* assume old client */
762 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
763 hx509_crypto_des_rsdi_ede3_cbc());
764 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
765 hx509_signature_rsa_with_sha1());
766 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
767 hx509_signature_sha1());
768 }
769 free_AuthPack(&ap);
770 } else
771 krb5_abortx(context, "internal pkinit error");
772
773 kdc_log(context, config, 0, "PKINIT request of type %s", type);
774
775 out:
776 if (ret)
777 krb5_warn(context, ret, "PKINIT");
778
779 if (signed_content.data)
780 free(signed_content.data);
781 krb5_data_free(&eContent);
782 der_free_oid(&eContentType);
783 der_free_oid(&contentInfoOid);
784 if (ret) {
785 _kdc_pk_free_client_param(context, cp);
786 } else
787 *ret_params = cp;
788 return ret;
789 }
790
791 krb5_timestamp
792 _kdc_pk_endtime(pk_client_params *pkp)
793 {
794 return pkp->endtime;
795 }
796
797 krb5_timestamp
798 _kdc_pk_max_life(pk_client_params *pkp)
799 {
800 return pkp->max_life;
801 }
802
803 /*
804 *
805 */
806
807 static krb5_error_code
808 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
809 {
810 integer->length = BN_num_bytes(bn);
811 integer->data = malloc(integer->length);
812 if (integer->data == NULL) {
813 krb5_clear_error_message(context);
814 return ENOMEM;
815 }
816 BN_bn2bin(bn, integer->data);
817 integer->negative = BN_is_negative(bn);
818 return 0;
819 }
820
821 static krb5_error_code
822 pk_mk_pa_reply_enckey(krb5_context context,
823 krb5_kdc_configuration *config,
824 pk_client_params *cp,
825 const KDC_REQ *req,
826 const krb5_data *req_buffer,
827 krb5_keyblock *reply_key,
828 ContentInfo *content_info,
829 hx509_cert *kdc_cert)
830 {
831 const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
832 krb5_error_code ret;
833 krb5_data buf, signed_data;
834 size_t size = 0;
835 int do_win2k = 0;
836
837 krb5_data_zero(&buf);
838 krb5_data_zero(&signed_data);
839
840 *kdc_cert = NULL;
841
842 /*
843 * If the message client is a win2k-type but it send pa data
844 * 09-binding it expects a IETF (checksum) reply so there can be
845 * no replay attacks.
846 */
847
848 switch (cp->type) {
849 case PKINIT_WIN2K: {
850 int i = 0;
851 if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
852 && config->pkinit_require_binding == 0)
853 {
854 do_win2k = 1;
855 }
856 sdAlg = &asn1_oid_id_pkcs7_data;
857 evAlg = &asn1_oid_id_pkcs7_data;
858 envelopedAlg = &asn1_oid_id_rsadsi_des_ede3_cbc;
859 break;
860 }
861 case PKINIT_27:
862 sdAlg = &asn1_oid_id_pkrkeydata;
863 evAlg = &asn1_oid_id_pkcs7_signedData;
864 break;
865 default:
866 krb5_abortx(context, "internal pkinit error");
867 }
868
869 if (do_win2k) {
870 ReplyKeyPack_Win2k kp;
871 memset(&kp, 0, sizeof(kp));
872
873 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
874 if (ret) {
875 krb5_clear_error_message(context);
876 goto out;
877 }
878 kp.nonce = cp->nonce;
879
880 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
881 buf.data, buf.length,
882 &kp, &size,ret);
883 free_ReplyKeyPack_Win2k(&kp);
884 } else {
885 krb5_crypto ascrypto;
886 ReplyKeyPack kp;
887 memset(&kp, 0, sizeof(kp));
888
889 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
890 if (ret) {
891 krb5_clear_error_message(context);
892 goto out;
893 }
894
895 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
896 if (ret) {
897 krb5_clear_error_message(context);
898 goto out;
899 }
900
901 ret = krb5_create_checksum(context, ascrypto, 6, 0,
902 req_buffer->data, req_buffer->length,
903 &kp.asChecksum);
904 if (ret) {
905 krb5_clear_error_message(context);
906 goto out;
907 }
908
909 ret = krb5_crypto_destroy(context, ascrypto);
910 if (ret) {
911 krb5_clear_error_message(context);
912 goto out;
913 }
914 ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
915 free_ReplyKeyPack(&kp);
916 }
917 if (ret) {
918 krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
919 "failed (%d)", ret);
920 goto out;
921 }
922 if (buf.length != size)
923 krb5_abortx(context, "Internal ASN.1 encoder error");
924
925 {
926 hx509_query *q;
927 hx509_cert cert;
928
929 ret = hx509_query_alloc(context->hx509ctx, &q);
930 if (ret)
931 goto out;
932
933 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
934 if (config->pkinit_kdc_friendly_name)
935 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
936
937 ret = hx509_certs_find(context->hx509ctx,
938 kdc_identity->certs,
939 q,
940 &cert);
941 hx509_query_free(context->hx509ctx, q);
942 if (ret)
943 goto out;
944
945 ret = hx509_cms_create_signed_1(context->hx509ctx,
946 0,
947 sdAlg,
948 buf.data,
949 buf.length,
950 NULL,
951 cert,
952 cp->peer,
953 cp->client_anchors,
954 kdc_identity->certpool,
955 &signed_data);
956 *kdc_cert = cert;
957 }
958
959 krb5_data_free(&buf);
960 if (ret)
961 goto out;
962
963 if (cp->type == PKINIT_WIN2K) {
964 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData,
965 &signed_data,
966 &buf);
967 if (ret)
968 goto out;
969 krb5_data_free(&signed_data);
970 signed_data = buf;
971 }
972
973 ret = hx509_cms_envelope_1(context->hx509ctx,
974 HX509_CMS_EV_NO_KU_CHECK,
975 cp->cert,
976 signed_data.data, signed_data.length,
977 envelopedAlg,
978 evAlg, &buf);
979 if (ret)
980 goto out;
981
982 ret = _krb5_pk_mk_ContentInfo(context,
983 &buf,
984 &asn1_oid_id_pkcs7_envelopedData,
985 content_info);
986 out:
987 if (ret && *kdc_cert) {
988 hx509_cert_free(*kdc_cert);
989 *kdc_cert = NULL;
990 }
991
992 krb5_data_free(&buf);
993 krb5_data_free(&signed_data);
994 return ret;
995 }
996
997 /*
998 *
999 */
1000
1001 static krb5_error_code
1002 pk_mk_pa_reply_dh(krb5_context context,
1003 krb5_kdc_configuration *config,
1004 pk_client_params *cp,
1005 ContentInfo *content_info,
1006 hx509_cert *kdc_cert)
1007 {
1008 KDCDHKeyInfo dh_info;
1009 krb5_data signed_data, buf;
1010 ContentInfo contentinfo;
1011 krb5_error_code ret;
1012 hx509_cert cert;
1013 hx509_query *q;
1014 size_t size = 0;
1015
1016 memset(&contentinfo, 0, sizeof(contentinfo));
1017 memset(&dh_info, 0, sizeof(dh_info));
1018 krb5_data_zero(&signed_data);
1019 krb5_data_zero(&buf);
1020
1021 *kdc_cert = NULL;
1022
1023 if (cp->keyex == USE_DH) {
1024 DH *kdc_dh = cp->u.dh.key;
1025 heim_integer i;
1026
1027 ret = BN_to_integer(context, kdc_dh->pub_key, &i);
1028 if (ret)
1029 return ret;
1030
1031 ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
1032 der_free_heim_integer(&i);
1033 if (ret) {
1034 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1035 "DHPublicKey failed (%d)", ret);
1036 return ret;
1037 }
1038 if (buf.length != size)
1039 krb5_abortx(context, "Internal ASN.1 encoder error");
1040
1041 dh_info.subjectPublicKey.length = buf.length * 8;
1042 dh_info.subjectPublicKey.data = buf.data;
1043 krb5_data_zero(&buf);
1044 } else if (cp->keyex == USE_ECDH) {
1045 unsigned char *p;
1046 ret = _kdc_serialize_ecdh_key(context, cp->u.ecdh.key, &p,
1047 &dh_info.subjectPublicKey.length);
1048 dh_info.subjectPublicKey.data = p;
1049 if (ret)
1050 goto out;
1051 } else
1052 krb5_abortx(context, "no keyex selected ?");
1053
1054
1055 dh_info.nonce = cp->nonce;
1056
1057 ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
1058 ret);
1059 if (ret) {
1060 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1061 "KdcDHKeyInfo failed (%d)", ret);
1062 goto out;
1063 }
1064 if (buf.length != size)
1065 krb5_abortx(context, "Internal ASN.1 encoder error");
1066
1067 /*
1068 * Create the SignedData structure and sign the KdcDHKeyInfo
1069 * filled in above
1070 */
1071
1072 ret = hx509_query_alloc(context->hx509ctx, &q);
1073 if (ret)
1074 goto out;
1075
1076 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1077 if (config->pkinit_kdc_friendly_name)
1078 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1079
1080 ret = hx509_certs_find(context->hx509ctx,
1081 kdc_identity->certs,
1082 q,
1083 &cert);
1084 hx509_query_free(context->hx509ctx, q);
1085 if (ret)
1086 goto out;
1087
1088 ret = hx509_cms_create_signed_1(context->hx509ctx,
1089 0,
1090 &asn1_oid_id_pkdhkeydata,
1091 buf.data,
1092 buf.length,
1093 NULL,
1094 cert,
1095 cp->peer,
1096 cp->client_anchors,
1097 kdc_identity->certpool,
1098 &signed_data);
1099 if (ret) {
1100 kdc_log(context, config, 0, "Failed signing the DH* reply: %d", ret);
1101 goto out;
1102 }
1103 *kdc_cert = cert;
1104
1105 ret = _krb5_pk_mk_ContentInfo(context,
1106 &signed_data,
1107 &asn1_oid_id_pkcs7_signedData,
1108 content_info);
1109 if (ret)
1110 goto out;
1111
1112 out:
1113 if (ret && *kdc_cert) {
1114 hx509_cert_free(*kdc_cert);
1115 *kdc_cert = NULL;
1116 }
1117
1118 krb5_data_free(&buf);
1119 krb5_data_free(&signed_data);
1120 free_KDCDHKeyInfo(&dh_info);
1121
1122 return ret;
1123 }
1124
1125 /*
1126 *
1127 */
1128
1129 krb5_error_code
1130 _kdc_pk_mk_pa_reply(astgs_request_t r, pk_client_params *cp)
1131 {
1132 krb5_kdc_configuration *config = r->config;
1133 krb5_enctype sessionetype = r->sessionetype;
1134 const KDC_REQ *req = &r->req;
1135 const krb5_data *req_buffer = &r->request;
1136 krb5_keyblock *reply_key = &r->reply_key;
1137 krb5_keyblock *sessionkey = &r->session_key;
1138 METHOD_DATA *md = r->rep.padata;
1139 krb5_error_code ret;
1140 void *buf = NULL;
1141 size_t len = 0, size = 0;
1142 krb5_enctype enctype;
1143 int pa_type;
1144 hx509_cert kdc_cert = NULL;
1145 size_t i;
1146
1147 if (!config->enable_pkinit) {
1148 krb5_clear_error_message(r->context);
1149 return 0;
1150 }
1151
1152 if (req->req_body.etype.len > 0) {
1153 for (i = 0; i < req->req_body.etype.len; i++)
1154 if (krb5_enctype_valid(r->context, req->req_body.etype.val[i]) == 0)
1155 break;
1156 if (req->req_body.etype.len <= i) {
1157 ret = KRB5KRB_ERR_GENERIC;
1158 krb5_set_error_message(r->context, ret,
1159 "No valid enctype available from client");
1160 goto out;
1161 }
1162 enctype = req->req_body.etype.val[i];
1163 } else
1164 enctype = ETYPE_DES3_CBC_SHA1;
1165
1166 if (cp->type == PKINIT_27) {
1167 PA_PK_AS_REP rep;
1168 const char *type, *other = "";
1169
1170 memset(&rep, 0, sizeof(rep));
1171
1172 pa_type = KRB5_PADATA_PK_AS_REP;
1173
1174 if (cp->keyex == USE_RSA) {
1175 ContentInfo info;
1176
1177 type = "enckey";
1178
1179 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1180
1181 ret = krb5_generate_random_keyblock(r->context, enctype,
1182 &cp->reply_key);
1183 if (ret) {
1184 free_PA_PK_AS_REP(&rep);
1185 goto out;
1186 }
1187 ret = pk_mk_pa_reply_enckey(r->context,
1188 config,
1189 cp,
1190 req,
1191 req_buffer,
1192 &cp->reply_key,
1193 &info,
1194 &kdc_cert);
1195 if (ret) {
1196 free_PA_PK_AS_REP(&rep);
1197 goto out;
1198 }
1199 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1200 rep.u.encKeyPack.length, &info, &size,
1201 ret);
1202 free_ContentInfo(&info);
1203 if (ret) {
1204 krb5_set_error_message(r->context, ret, "encoding of Key ContentInfo "
1205 "failed %d", ret);
1206 free_PA_PK_AS_REP(&rep);
1207 goto out;
1208 }
1209 if (rep.u.encKeyPack.length != size)
1210 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1211
1212 ret = krb5_generate_random_keyblock(r->context, sessionetype,
1213 sessionkey);
1214 if (ret) {
1215 free_PA_PK_AS_REP(&rep);
1216 goto out;
1217 }
1218
1219 } else {
1220 ContentInfo info;
1221
1222 switch (cp->keyex) {
1223 case USE_DH: type = "dh"; break;
1224 case USE_ECDH: type = "ecdh"; break;
1225 default: krb5_abortx(r->context, "unknown keyex"); break;
1226 }
1227
1228 if (cp->dh_group_name)
1229 other = cp->dh_group_name;
1230
1231 rep.element = choice_PA_PK_AS_REP_dhInfo;
1232
1233 ret = generate_dh_keyblock(r->context, cp, enctype);
1234 if (ret)
1235 return ret;
1236
1237 ret = pk_mk_pa_reply_dh(r->context, config,
1238 cp,
1239 &info,
1240 &kdc_cert);
1241 if (ret) {
1242 free_PA_PK_AS_REP(&rep);
1243 krb5_set_error_message(r->context, ret,
1244 "create pa-reply-dh "
1245 "failed %d", ret);
1246 goto out;
1247 }
1248
1249 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
1250 rep.u.dhInfo.dhSignedData.length, &info, &size,
1251 ret);
1252 free_ContentInfo(&info);
1253 if (ret) {
1254 krb5_set_error_message(r->context, ret,
1255 "encoding of Key ContentInfo "
1256 "failed %d", ret);
1257 free_PA_PK_AS_REP(&rep);
1258 goto out;
1259 }
1260 if (rep.u.encKeyPack.length != size)
1261 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1262
1263 /* generate the session key using the method from RFC6112 */
1264 {
1265 krb5_keyblock kdc_contribution_key;
1266 krb5_crypto reply_crypto;
1267 krb5_crypto kdccont_crypto;
1268 krb5_data p1 = { strlen("PKINIT"), "PKINIT"};
1269 krb5_data p2 = { strlen("KEYEXCHANGE"), "KEYEXCHANGE"};
1270 void *kckdata;
1271 size_t kcklen;
1272 EncryptedData kx;
1273 void *kxdata;
1274 size_t kxlen;
1275
1276 ret = krb5_generate_random_keyblock(r->context, sessionetype,
1277 &kdc_contribution_key);
1278 if (ret) {
1279 free_PA_PK_AS_REP(&rep);
1280 goto out;
1281 }
1282 ret = krb5_crypto_init(r->context, &cp->reply_key, enctype, &reply_crypto);
1283 if (ret) {
1284 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1285 free_PA_PK_AS_REP(&rep);
1286 goto out;
1287 }
1288 ret = krb5_crypto_init(r->context, &kdc_contribution_key, sessionetype, &kdccont_crypto);
1289 if (ret) {
1290 krb5_crypto_destroy(r->context, reply_crypto);
1291 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1292 free_PA_PK_AS_REP(&rep);
1293 goto out;
1294 }
1295 /* KRB-FX-CF2 */
1296 ret = krb5_crypto_fx_cf2(r->context, kdccont_crypto, reply_crypto,
1297 &p1, &p2, sessionetype, sessionkey);
1298 krb5_crypto_destroy(r->context, kdccont_crypto);
1299 if (ret) {
1300 krb5_crypto_destroy(r->context, reply_crypto);
1301 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1302 free_PA_PK_AS_REP(&rep);
1303 goto out;
1304 }
1305 ASN1_MALLOC_ENCODE(EncryptionKey, kckdata, kcklen,
1306 &kdc_contribution_key, &size, ret);
1307 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1308 if (ret) {
1309 krb5_set_error_message(r->context, ret, "encoding of PKINIT-KX Key failed %d", ret);
1310 krb5_crypto_destroy(r->context, reply_crypto);
1311 free_PA_PK_AS_REP(&rep);
1312 goto out;
1313 }
1314 if (kcklen != size)
1315 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1316 ret = krb5_encrypt_EncryptedData(r->context, reply_crypto, KRB5_KU_PA_PKINIT_KX,
1317 kckdata, kcklen, 0, &kx);
1318 krb5_crypto_destroy(r->context, reply_crypto);
1319 free(kckdata);
1320 if (ret) {
1321 free_PA_PK_AS_REP(&rep);
1322 goto out;
1323 }
1324 ASN1_MALLOC_ENCODE(EncryptedData, kxdata, kxlen,
1325 &kx, &size, ret);
1326 free_EncryptedData(&kx);
1327 if (ret) {
1328 krb5_set_error_message(r->context, ret,
1329 "encoding of PKINIT-KX failed %d", ret);
1330 free_PA_PK_AS_REP(&rep);
1331 goto out;
1332 }
1333 if (kxlen != size)
1334 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1335 /* Add PA-PKINIT-KX */
1336 ret = krb5_padata_add(r->context, md, KRB5_PADATA_PKINIT_KX, kxdata, kxlen);
1337 if (ret) {
1338 krb5_set_error_message(r->context, ret,
1339 "Failed adding PKINIT-KX %d", ret);
1340 free(buf);
1341 goto out;
1342 }
1343 }
1344 }
1345
1346 #define use_btmm_with_enckey 0
1347 if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
1348 PA_PK_AS_REP_BTMM btmm;
1349 heim_any any;
1350
1351 any.data = rep.u.encKeyPack.data;
1352 any.length = rep.u.encKeyPack.length;
1353
1354 btmm.dhSignedData = NULL;
1355 btmm.encKeyPack = &any;
1356
1357 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
1358 } else {
1359 ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
1360 }
1361
1362 free_PA_PK_AS_REP(&rep);
1363 if (ret) {
1364 krb5_set_error_message(r->context, ret,
1365 "encode PA-PK-AS-REP failed %d", ret);
1366 goto out;
1367 }
1368 if (len != size)
1369 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1370
1371 kdc_log(r->context, config, 0, "PKINIT using %s %s", type, other);
1372
1373 } else if (cp->type == PKINIT_WIN2K) {
1374 PA_PK_AS_REP_Win2k rep;
1375 ContentInfo info;
1376
1377 if (cp->keyex != USE_RSA) {
1378 ret = KRB5KRB_ERR_GENERIC;
1379 krb5_set_error_message(r->context, ret,
1380 "Win2k PKINIT doesn't support DH");
1381 goto out;
1382 }
1383
1384 memset(&rep, 0, sizeof(rep));
1385
1386 pa_type = KRB5_PADATA_PK_AS_REP_19;
1387 rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack;
1388
1389 ret = krb5_generate_random_keyblock(r->context, enctype,
1390 &cp->reply_key);
1391 if (ret) {
1392 free_PA_PK_AS_REP_Win2k(&rep);
1393 goto out;
1394 }
1395 ret = pk_mk_pa_reply_enckey(r->context,
1396 config,
1397 cp,
1398 req,
1399 req_buffer,
1400 &cp->reply_key,
1401 &info,
1402 &kdc_cert);
1403 if (ret) {
1404 free_PA_PK_AS_REP_Win2k(&rep);
1405 goto out;
1406 }
1407 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1408 rep.u.encKeyPack.length, &info, &size,
1409 ret);
1410 free_ContentInfo(&info);
1411 if (ret) {
1412 krb5_set_error_message(r->context, ret, "encoding of Key ContentInfo "
1413 "failed %d", ret);
1414 free_PA_PK_AS_REP_Win2k(&rep);
1415 goto out;
1416 }
1417 if (rep.u.encKeyPack.length != size)
1418 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1419
1420 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
1421 free_PA_PK_AS_REP_Win2k(&rep);
1422 if (ret) {
1423 krb5_set_error_message(r->context, ret,
1424 "encode PA-PK-AS-REP-Win2k failed %d", ret);
1425 goto out;
1426 }
1427 if (len != size)
1428 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1429
1430 ret = krb5_generate_random_keyblock(r->context, sessionetype,
1431 sessionkey);
1432 if (ret) {
1433 free(buf);
1434 goto out;
1435 }
1436
1437 } else
1438 krb5_abortx(r->context, "PKINIT internal error");
1439
1440
1441 ret = krb5_padata_add(r->context, md, pa_type, buf, len);
1442 if (ret) {
1443 krb5_set_error_message(r->context, ret,
1444 "Failed adding PA-PK-AS-REP %d", ret);
1445 free(buf);
1446 goto out;
1447 }
1448
1449 if (config->pkinit_kdc_ocsp_file) {
1450
1451 if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
1452 struct stat sb;
1453 int fd;
1454
1455 krb5_data_free(&ocsp.data);
1456
1457 ocsp.expire = 0;
1458 ocsp.next_update = kdc_time + 60 * 5;
1459
1460 fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
1461 if (fd < 0) {
1462 kdc_log(r->context, config, 0,
1463 "PKINIT failed to open ocsp data file %d", errno);
1464 goto out_ocsp;
1465 }
1466 ret = fstat(fd, &sb);
1467 if (ret) {
1468 ret = errno;
1469 close(fd);
1470 kdc_log(r->context, config, 0,
1471 "PKINIT failed to stat ocsp data %d", ret);
1472 goto out_ocsp;
1473 }
1474
1475 ret = krb5_data_alloc(&ocsp.data, sb.st_size);
1476 if (ret) {
1477 close(fd);
1478 kdc_log(r->context, config, 0,
1479 "PKINIT failed to stat ocsp data %d", ret);
1480 goto out_ocsp;
1481 }
1482 ocsp.data.length = sb.st_size;
1483 ret = read(fd, ocsp.data.data, sb.st_size);
1484 close(fd);
1485 if (ret != sb.st_size) {
1486 kdc_log(r->context, config, 0,
1487 "PKINIT failed to read ocsp data %d", errno);
1488 goto out_ocsp;
1489 }
1490
1491 ret = hx509_ocsp_verify(r->context->hx509ctx,
1492 kdc_time,
1493 kdc_cert,
1494 0,
1495 ocsp.data.data, ocsp.data.length,
1496 &ocsp.expire);
1497 if (ret) {
1498 kdc_log(r->context, config, 0,
1499 "PKINIT failed to verify ocsp data %d", ret);
1500 krb5_data_free(&ocsp.data);
1501 ocsp.expire = 0;
1502 } else if (ocsp.expire > 180) {
1503 ocsp.expire -= 180; /* refetch the ocsp before it expire */
1504 ocsp.next_update = ocsp.expire;
1505 } else {
1506 ocsp.next_update = kdc_time;
1507 }
1508 out_ocsp:
1509 ret = 0;
1510 }
1511
1512 if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
1513
1514 ret = krb5_padata_add(r->context, md,
1515 KRB5_PADATA_PA_PK_OCSP_RESPONSE,
1516 ocsp.data.data, ocsp.data.length);
1517 if (ret) {
1518 krb5_set_error_message(r->context, ret,
1519 "Failed adding OCSP response %d", ret);
1520 goto out;
1521 }
1522 }
1523 }
1524
1525 out:
1526 if (kdc_cert)
1527 hx509_cert_free(kdc_cert);
1528
1529 if (ret == 0)
1530 ret = krb5_copy_keyblock_contents(r->context, &cp->reply_key, reply_key);
1531 return ret;
1532 }
1533
1534 static int
1535 match_rfc_san(krb5_context context,
1536 krb5_kdc_configuration *config,
1537 hx509_context hx509ctx,
1538 hx509_cert client_cert,
1539 krb5_const_principal match)
1540 {
1541 hx509_octet_string_list list;
1542 int ret, found = 0;
1543 size_t i;
1544
1545 memset(&list, 0 , sizeof(list));
1546
1547 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1548 client_cert,
1549 &asn1_oid_id_pkinit_san,
1550 &list);
1551 if (ret)
1552 goto out;
1553
1554 for (i = 0; !found && i < list.len; i++) {
1555 krb5_principal_data principal;
1556 KRB5PrincipalName kn;
1557 size_t size;
1558
1559 ret = decode_KRB5PrincipalName(list.val[i].data,
1560 list.val[i].length,
1561 &kn, &size);
1562 if (ret) {
1563 const char *msg = krb5_get_error_message(context, ret);
1564 kdc_log(context, config, 0,
1565 "Decoding Kerberos principal name in certificate failed: %s", msg);
1566 krb5_free_error_message(context, msg);
1567 break;
1568 }
1569 if (size != list.val[i].length) {
1570 kdc_log(context, config, 0,
1571 "Decoded Kerberos principal name did not have expected length");
1572 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1573 }
1574
1575 memset(&principal, 0, sizeof (principal));
1576 principal.name = kn.principalName;
1577 principal.realm = kn.realm;
1578
1579 if (krb5_principal_compare(context, &principal, match) == TRUE)
1580 found = 1;
1581 free_KRB5PrincipalName(&kn);
1582 }
1583
1584 out:
1585 hx509_free_octet_string_list(&list);
1586 if (ret)
1587 return ret;
1588
1589 if (!found)
1590 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1591
1592 return 0;
1593 }
1594
1595 static int
1596 match_ms_upn_san(krb5_context context,
1597 krb5_kdc_configuration *config,
1598 hx509_context hx509ctx,
1599 hx509_cert client_cert,
1600 HDB *clientdb,
1601 hdb_entry *client)
1602 {
1603 hx509_octet_string_list list;
1604 krb5_principal principal = NULL;
1605 int ret;
1606 MS_UPN_SAN upn;
1607 size_t size;
1608
1609 memset(&list, 0 , sizeof(list));
1610
1611 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1612 client_cert,
1613 &asn1_oid_id_pkinit_ms_san,
1614 &list);
1615 if (ret)
1616 goto out;
1617
1618 if (list.len != 1) {
1619 kdc_log(context, config, 0,
1620 "More than one PKINIT MS UPN SAN");
1621 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1622 goto out;
1623 }
1624
1625 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
1626 if (ret) {
1627 kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
1628 goto out;
1629 }
1630 if (size != list.val[0].length) {
1631 free_MS_UPN_SAN(&upn);
1632 kdc_log(context, config, 0, "Trailing data in ");
1633 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1634 goto out;
1635 }
1636
1637 kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
1638
1639 ret = krb5_parse_name(context, upn, &principal);
1640 free_MS_UPN_SAN(&upn);
1641 if (ret) {
1642 kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
1643 goto out;
1644 }
1645
1646 if (clientdb->hdb_check_pkinit_ms_upn_match) {
1647 ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal);
1648 } else {
1649
1650 /*
1651 * This is very wrong, but will do for a fallback
1652 */
1653 strupr(principal->realm);
1654
1655 if (krb5_principal_compare(context, principal, client->principal) == FALSE)
1656 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1657 }
1658
1659 out:
1660 if (principal)
1661 krb5_free_principal(context, principal);
1662 hx509_free_octet_string_list(&list);
1663
1664 return ret;
1665 }
1666
1667 krb5_error_code
1668 _kdc_pk_check_client(astgs_request_t r,
1669 pk_client_params *cp,
1670 char **subject_name)
1671 {
1672 krb5_kdc_configuration *config = r->config;
1673 HDB *clientdb = r->clientdb;
1674 hdb_entry *client = r->client;
1675 const HDB_Ext_PKINIT_acl *acl;
1676 const HDB_Ext_PKINIT_cert *pc;
1677 krb5_error_code ret;
1678 hx509_name name;
1679 size_t i;
1680
1681 if (cp->cert == NULL) {
1682 if (!_kdc_is_anonymous(r->context, client->principal)
1683 && !config->historical_anon_realm)
1684 return KRB5KDC_ERR_BADOPTION;
1685
1686 *subject_name = strdup("<unauthenticated anonymous client>");
1687 if (*subject_name == NULL)
1688 return ENOMEM;
1689 return 0;
1690 }
1691
1692 cp->endtime = hx509_cert_get_notAfter(cp->cert);
1693 cp->max_life = 0;
1694 if (config->pkinit_max_life_from_cert_extension)
1695 cp->max_life =
1696 hx509_cert_get_pkinit_max_life(r->context->hx509ctx, cp->cert,
1697 config->pkinit_max_life_bound);
1698 if (cp->max_life == 0 && config->pkinit_max_life_from_cert > 0) {
1699 cp->max_life = cp->endtime - hx509_cert_get_notBefore(cp->cert);
1700 if (cp->max_life > config->pkinit_max_life_from_cert)
1701 cp->max_life = config->pkinit_max_life_from_cert;
1702 }
1703
1704 ret = hx509_cert_get_base_subject(r->context->hx509ctx,
1705 cp->cert,
1706 &name);
1707 if (ret)
1708 return ret;
1709
1710 ret = hx509_name_to_string(name, subject_name);
1711 hx509_name_free(&name);
1712 if (ret)
1713 return ret;
1714
1715 kdc_log(r->context, config, 0,
1716 "Trying to authorize PKINIT subject DN %s",
1717 *subject_name);
1718
1719 ret = hdb_entry_get_pkinit_cert(client, &pc);
1720 if (ret == 0 && pc) {
1721 hx509_cert cert;
1722 size_t j;
1723
1724 for (j = 0; j < pc->len; j++) {
1725 cert = hx509_cert_init_data(r->context->hx509ctx,
1726 pc->val[j].cert.data,
1727 pc->val[j].cert.length,
1728 NULL);
1729 if (cert == NULL)
1730 continue;
1731 ret = hx509_cert_cmp(cert, cp->cert);
1732 hx509_cert_free(cert);
1733 if (ret == 0) {
1734 kdc_log(r->context, config, 5,
1735 "Found matching PKINIT cert in hdb");
1736 return 0;
1737 }
1738 }
1739 }
1740
1741
1742 if (config->pkinit_princ_in_cert) {
1743 ret = match_rfc_san(r->context, config,
1744 r->context->hx509ctx,
1745 cp->cert,
1746 client->principal);
1747 if (ret == 0) {
1748 kdc_log(r->context, config, 5,
1749 "Found matching PKINIT SAN in certificate");
1750 return 0;
1751 }
1752 ret = match_ms_upn_san(r->context, config,
1753 r->context->hx509ctx,
1754 cp->cert,
1755 clientdb,
1756 client);
1757 if (ret == 0) {
1758 kdc_log(r->context, config, 5,
1759 "Found matching MS UPN SAN in certificate");
1760 return 0;
1761 }
1762 }
1763
1764 ret = hdb_entry_get_pkinit_acl(client, &acl);
1765 if (ret == 0 && acl != NULL) {
1766 /*
1767 * Cheat here and compare the generated name with the string
1768 * and not the reverse.
1769 */
1770 for (i = 0; i < acl->len; i++) {
1771 if (strcmp(*subject_name, acl->val[0].subject) != 0)
1772 continue;
1773
1774 /* Don't support isser and anchor checking right now */
1775 if (acl->val[0].issuer)
1776 continue;
1777 if (acl->val[0].anchor)
1778 continue;
1779
1780 kdc_log(r->context, config, 5,
1781 "Found matching PKINIT database ACL");
1782 return 0;
1783 }
1784 }
1785
1786 for (i = 0; i < principal_mappings.len; i++) {
1787 krb5_boolean b;
1788
1789 b = krb5_principal_compare(r->context,
1790 client->principal,
1791 principal_mappings.val[i].principal);
1792 if (b == FALSE)
1793 continue;
1794 if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
1795 continue;
1796 kdc_log(r->context, config, 5,
1797 "Found matching PKINIT FILE ACL");
1798 return 0;
1799 }
1800
1801 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1802 krb5_set_error_message(r->context, ret,
1803 "PKINIT no matching principals for %s",
1804 *subject_name);
1805
1806 kdc_log(r->context, config, 5,
1807 "PKINIT no matching principals for %s",
1808 *subject_name);
1809
1810 free(*subject_name);
1811 *subject_name = NULL;
1812
1813 return ret;
1814 }
1815
1816 static krb5_error_code
1817 add_principal_mapping(krb5_context context,
1818 const char *principal_name,
1819 const char * subject)
1820 {
1821 struct pk_allowed_princ *tmp;
1822 krb5_principal principal;
1823 krb5_error_code ret;
1824
1825 tmp = realloc(principal_mappings.val,
1826 (principal_mappings.len + 1) * sizeof(*tmp));
1827 if (tmp == NULL)
1828 return ENOMEM;
1829 principal_mappings.val = tmp;
1830
1831 ret = krb5_parse_name(context, principal_name, &principal);
1832 if (ret)
1833 return ret;
1834
1835 principal_mappings.val[principal_mappings.len].principal = principal;
1836
1837 principal_mappings.val[principal_mappings.len].subject = strdup(subject);
1838 if (principal_mappings.val[principal_mappings.len].subject == NULL) {
1839 krb5_free_principal(context, principal);
1840 return ENOMEM;
1841 }
1842 principal_mappings.len++;
1843
1844 return 0;
1845 }
1846
1847 krb5_error_code
1848 _kdc_add_initial_verified_cas(krb5_context context,
1849 krb5_kdc_configuration *config,
1850 pk_client_params *cp,
1851 EncTicketPart *tkt)
1852 {
1853 AD_INITIAL_VERIFIED_CAS cas;
1854 krb5_error_code ret;
1855 krb5_data data;
1856 size_t size = 0;
1857
1858 memset(&cas, 0, sizeof(cas));
1859
1860 /* XXX add CAs to cas here */
1861
1862 ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
1863 &cas, &size, ret);
1864 if (ret)
1865 return ret;
1866 if (data.length != size)
1867 krb5_abortx(context, "internal asn.1 encoder error");
1868
1869 ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
1870 KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
1871 &data);
1872 krb5_data_free(&data);
1873 return ret;
1874 }
1875
1876 /*
1877 *
1878 */
1879
1880 static void
1881 load_mappings(krb5_context context, const char *fn)
1882 {
1883 krb5_error_code ret;
1884 char buf[1024];
1885 unsigned long lineno = 0;
1886 FILE *f;
1887
1888 f = fopen(fn, "r");
1889 if (f == NULL)
1890 return;
1891
1892 while (fgets(buf, sizeof(buf), f) != NULL) {
1893 char *subject_name, *p;
1894
1895 buf[strcspn(buf, "\n")] = '\0';
1896 lineno++;
1897
1898 p = buf + strspn(buf, " \t");
1899
1900 if (*p == '#' || *p == '\0')
1901 continue;
1902
1903 subject_name = strchr(p, ':');
1904 if (subject_name == NULL) {
1905 krb5_warnx(context, "pkinit mapping file line %lu "
1906 "missing \":\" :%s",
1907 lineno, buf);
1908 continue;
1909 }
1910 *subject_name++ = '\0';
1911
1912 ret = add_principal_mapping(context, p, subject_name);
1913 if (ret) {
1914 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
1915 lineno, buf);
1916 continue;
1917 }
1918 }
1919
1920 fclose(f);
1921 }
1922
1923 /*
1924 *
1925 */
1926
1927 KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
1928 krb5_kdc_pk_initialize(krb5_context context,
1929 krb5_kdc_configuration *config,
1930 const char *user_id,
1931 const char *anchors,
1932 char **pool,
1933 char **revoke_list)
1934 {
1935 const char *file;
1936 char *fn = NULL;
1937 krb5_error_code ret;
1938
1939 file = krb5_config_get_string(context, NULL,
1940 "libdefaults", "moduli", NULL);
1941
1942 ret = _krb5_parse_moduli(context, file, &moduli);
1943 if (ret)
1944 krb5_err(context, 1, ret, "PKINIT: failed to load moduli file");
1945
1946 principal_mappings.len = 0;
1947 principal_mappings.val = NULL;
1948
1949 ret = _krb5_pk_load_id(context,
1950 &kdc_identity,
1951 user_id,
1952 anchors,
1953 pool,
1954 revoke_list,
1955 NULL,
1956 NULL,
1957 NULL);
1958 if (ret) {
1959 krb5_warn(context, ret, "PKINIT: ");
1960 config->enable_pkinit = 0;
1961 return ret;
1962 }
1963
1964 {
1965 hx509_query *q;
1966 hx509_cert cert;
1967
1968 ret = hx509_query_alloc(context->hx509ctx, &q);
1969 if (ret) {
1970 krb5_warnx(context, "PKINIT: out of memory");
1971 return ENOMEM;
1972 }
1973
1974 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1975 if (config->pkinit_kdc_friendly_name)
1976 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1977
1978 ret = hx509_certs_find(context->hx509ctx,
1979 kdc_identity->certs,
1980 q,
1981 &cert);
1982 hx509_query_free(context->hx509ctx, q);
1983 if (ret == 0) {
1984 if (hx509_cert_check_eku(context->hx509ctx, cert,
1985 &asn1_oid_id_pkkdcekuoid, 0)) {
1986 hx509_name name;
1987 char *str;
1988 ret = hx509_cert_get_subject(cert, &name);
1989 if (ret == 0) {
1990 hx509_name_to_string(name, &str);
1991 krb5_warnx(context, "WARNING Found KDC certificate (%s)"
1992 "is missing the PKINIT KDC EKU, this is bad for "
1993 "interoperability.", str);
1994 hx509_name_free(&name);
1995 free(str);
1996 }
1997 }
1998 hx509_cert_free(cert);
1999 } else
2000 krb5_warnx(context, "PKINIT: failed to find a signing "
2001 "certificate with a public key");
2002 }
2003
2004 if (krb5_config_get_bool_default(context,
2005 NULL,
2006 FALSE,
2007 "kdc",
2008 "pkinit_allow_proxy_certificate",
2009 NULL))
2010 config->pkinit_allow_proxy_certs = 1;
2011
2012 file = krb5_config_get_string(context,
2013 NULL,
2014 "kdc",
2015 "pkinit_mappings_file",
2016 NULL);
2017 if (file == NULL) {
2018 int aret;
2019
2020 aret = asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
2021 if (aret == -1) {
2022 krb5_warnx(context, "PKINIT: out of memory");
2023 return ENOMEM;
2024 }
2025
2026 file = fn;
2027 }
2028
2029 load_mappings(context, file);
2030 if (fn)
2031 free(fn);
2032
2033 return 0;
2034 }
2035
2036 #endif /* PKINIT */
Heimdal