search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Ensure DER form of hxtool ca random serial numbers
[heimdal.git] / kdc / fast.c
blob1a806d8f4a58445d46bf9f23d132a0057dd2c606
1 /*
2 * Copyright (c) 1997-2011 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2010 - 2011 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kdc_locl.h"
37
38 static krb5_error_code
39 get_fastuser_crypto(kdc_request_t r, krb5_enctype enctype, krb5_crypto *crypto)
40 {
41 krb5_principal fast_princ;
42 hdb_entry_ex *fast_user = NULL;
43 Key *cookie_key = NULL;
44 krb5_error_code ret;
45
46 *crypto = NULL;
47
48 ret = krb5_make_principal(r->context, &fast_princ,
49 KRB5_WELLKNOWN_ORG_H5L_REALM,
50 KRB5_WELLKNOWN_NAME, "org.h5l.fast-cookie", NULL);
51 if (ret)
52 goto out;
53
54 ret = _kdc_db_fetch(r->context, r->config, fast_princ,
55 HDB_F_GET_CLIENT, NULL, NULL, &fast_user);
56 krb5_free_principal(r->context, fast_princ);
57 if (ret)
58 goto out;
59
60 if (enctype == KRB5_ENCTYPE_NULL)
61 ret = _kdc_get_preferred_key(r->context, r->config, fast_user,
62 "fast-cookie", &enctype, &cookie_key);
63 else
64 ret = hdb_enctype2key(r->context, &fast_user->entry, NULL,
65 enctype, &cookie_key);
66 if (ret)
67 goto out;
68
69 ret = krb5_crypto_init(r->context, &cookie_key->key, 0, crypto);
70 if (ret)
71 goto out;
72
73 out:
74 if (fast_user)
75 _kdc_free_ent(r->context, fast_user);
76
77 return ret;
78 }
79
80
81 static krb5_error_code
82 fast_parse_cookie(kdc_request_t r, const PA_DATA *pa)
83 {
84 krb5_crypto crypto = NULL;
85 krb5_error_code ret;
86 KDCFastCookie data;
87 krb5_data d1;
88 size_t len;
89
90 ret = decode_KDCFastCookie(pa->padata_value.data,
91 pa->padata_value.length,
92 &data, &len);
93 if (ret)
94 return ret;
95
96 if (len != pa->padata_value.length || strcmp("H5L1", data.version) != 0) {
97 free_KDCFastCookie(&data);
98 return KRB5KDC_ERR_POLICY;
99 }
100
101 ret = get_fastuser_crypto(r, data.cookie.etype, &crypto);
102 if (ret)
103 goto out;
104
105 ret = krb5_decrypt_EncryptedData(r->context, crypto,
106 KRB5_KU_H5L_COOKIE,
107 &data.cookie, &d1);
108 krb5_crypto_destroy(r->context, crypto);
109 if (ret)
110 goto out;
111
112 ret = decode_KDCFastState(d1.data, d1.length, &r->fast, &len);
113 krb5_data_free(&d1);
114 if (ret)
115 goto out;
116
117 if (r->fast.expiration < kdc_time) {
118 kdc_log(r->context, r->config, 0, "fast cookie expired");
119 ret = KRB5KDC_ERR_POLICY;
120 goto out;
121 }
122
123 out:
124 free_KDCFastCookie(&data);
125
126 return ret;
127 }
128
129 static krb5_error_code
130 fast_add_cookie(kdc_request_t r, METHOD_DATA *method_data)
131 {
132 krb5_crypto crypto = NULL;
133 KDCFastCookie shell;
134 krb5_error_code ret;
135 krb5_data data;
136 size_t size;
137
138 memset(&shell, 0, sizeof(shell));
139
140 r->fast.expiration = kdc_time + FAST_EXPIRATION_TIME;
141
142 ASN1_MALLOC_ENCODE(KDCFastState, data.data, data.length,
143 &r->fast, &size, ret);
144 if (ret)
145 return ret;
146 heim_assert(size == data.length, "internal asn1 encoder error");
147
148 ret = get_fastuser_crypto(r, KRB5_ENCTYPE_NULL, &crypto);
149 if (ret)
150 goto out;
151
152 ret = krb5_encrypt_EncryptedData(r->context, crypto,
153 KRB5_KU_H5L_COOKIE,
154 data.data, data.length, 0,
155 &shell.cookie);
156 krb5_crypto_destroy(r->context, crypto);
157 if (ret)
158 goto out;
159
160 free(data.data);
161
162 shell.version = "H5L1";
163
164 ASN1_MALLOC_ENCODE(KDCFastCookie, data.data, data.length,
165 &shell, &size, ret);
166 free_EncryptedData(&shell.cookie);
167 if (ret)
168 goto out;
169 heim_assert(size == data.length, "internal asn1 encoder error");
170
171 ret = krb5_padata_add(r->context, method_data,
172 KRB5_PADATA_FX_COOKIE,
173 data.data, data.length);
174 out:
175 if (ret)
176 free(data.data);
177 return ret;
178 }
179
180 krb5_error_code
181 _kdc_fast_mk_response(krb5_context context,
182 krb5_crypto armor_crypto,
183 METHOD_DATA *pa_data,
184 krb5_keyblock *strengthen_key,
185 KrbFastFinished *finished,
186 krb5uint32 nonce,
187 krb5_data *data)
188 {
189 PA_FX_FAST_REPLY fxfastrep;
190 KrbFastResponse fastrep;
191 krb5_error_code ret;
192 krb5_data buf;
193 size_t size;
194
195 memset(&fxfastrep, 0, sizeof(fxfastrep));
196 memset(&fastrep, 0, sizeof(fastrep));
197 krb5_data_zero(data);
198
199 if (pa_data) {
200 fastrep.padata.val = pa_data->val;
201 fastrep.padata.len = pa_data->len;
202 }
203 fastrep.strengthen_key = strengthen_key;
204 fastrep.finished = finished;
205 fastrep.nonce = nonce;
206
207 ASN1_MALLOC_ENCODE(KrbFastResponse, buf.data, buf.length,
208 &fastrep, &size, ret);
209 if (ret)
210 return ret;
211 if (buf.length != size)
212 krb5_abortx(context, "internal asn.1 error");
213
214 fxfastrep.element = choice_PA_FX_FAST_REPLY_armored_data;
215
216 ret = krb5_encrypt_EncryptedData(context,
217 armor_crypto,
218 KRB5_KU_FAST_REP,
219 buf.data,
220 buf.length,
221 0,
222 &fxfastrep.u.armored_data.enc_fast_rep);
223 krb5_data_free(&buf);
224 if (ret)
225 return ret;
226
227 ASN1_MALLOC_ENCODE(PA_FX_FAST_REPLY, data->data, data->length,
228 &fxfastrep, &size, ret);
229 free_PA_FX_FAST_REPLY(&fxfastrep);
230 if (ret)
231 return ret;
232 if (data->length != size)
233 krb5_abortx(context, "internal asn.1 error");
234
235 return 0;
236 }
237
238
239 krb5_error_code
240 _kdc_fast_mk_error(krb5_context context,
241 kdc_request_t r,
242 METHOD_DATA *error_method,
243 krb5_crypto armor_crypto,
244 const KDC_REQ_BODY *req_body,
245 krb5_error_code outer_error,
246 const char *e_text,
247 krb5_principal error_client,
248 krb5_principal error_server,
249 time_t *csec, int *cusec,
250 krb5_data *error_msg)
251 {
252 krb5_error_code ret;
253 krb5_data e_data;
254 size_t size;
255
256 krb5_data_zero(&e_data);
257
258 if (armor_crypto) {
259 PA_FX_FAST_REPLY fxfastrep;
260 KrbFastResponse fastrep;
261
262 memset(&fxfastrep, 0, sizeof(fxfastrep));
263 memset(&fastrep, 0, sizeof(fastrep));
264
265 /* first add the KRB-ERROR to the fast errors */
266
267 ret = krb5_mk_error(context,
268 outer_error,
269 e_text,
270 NULL,
271 error_client,
272 error_server,
273 NULL,
274 NULL,
275 &e_data);
276 if (ret)
277 return ret;
278
279 ret = krb5_padata_add(context, error_method,
280 KRB5_PADATA_FX_ERROR,
281 e_data.data, e_data.length);
282 if (ret) {
283 krb5_data_free(&e_data);
284 return ret;
285 }
286
287 if (/* hide_principal */ 0) {
288 error_client = NULL;
289 error_server = NULL;
290 e_text = NULL;
291 }
292
293 if (r)
294 ret = fast_add_cookie(r, error_method);
295 else
296 ret = krb5_padata_add(context, error_method,
297 KRB5_PADATA_FX_COOKIE,
298 NULL, 0);
299 if (ret) {
300 kdc_log(r->context, r->config, 0, "failed to add fast cookie with: %d", ret);
301 free_METHOD_DATA(error_method);
302 return ret;
303 }
304
305 ret = _kdc_fast_mk_response(context, armor_crypto,
306 error_method, NULL, NULL,
307 req_body->nonce, &e_data);
308 free_METHOD_DATA(error_method);
309 if (ret)
310 return ret;
311
312 ret = krb5_padata_add(context, error_method,
313 KRB5_PADATA_FX_FAST,
314 e_data.data, e_data.length);
315 if (ret)
316 return ret;
317 }
318
319 if (error_method && error_method->len) {
320 ASN1_MALLOC_ENCODE(METHOD_DATA, e_data.data, e_data.length,
321 error_method, &size, ret);
322 if (ret)
323 return ret;
324 if (e_data.length != size)
325 krb5_abortx(context, "internal asn.1 error");
326 }
327
328 ret = krb5_mk_error(context,
329 outer_error,
330 e_text,
331 (e_data.length ? &e_data : NULL),
332 error_client,
333 error_server,
334 csec,
335 cusec,
336 error_msg);
337 krb5_data_free(&e_data);
338
339 return ret;
340 }
341
342 krb5_error_code
343 _kdc_fast_unwrap_request(kdc_request_t r)
344 {
345 krb5_principal armor_server = NULL;
346 hdb_entry_ex *armor_user = NULL;
347 PA_FX_FAST_REQUEST fxreq;
348 krb5_auth_context ac = NULL;
349 krb5_ticket *ticket = NULL;
350 krb5_flags ap_req_options;
351 Key *armor_key = NULL;
352 krb5_keyblock armorkey;
353 krb5_error_code ret;
354 krb5_ap_req ap_req;
355 unsigned char *buf;
356 KrbFastReq fastreq;
357 size_t len, size;
358 krb5_data data;
359 const PA_DATA *pa;
360 int i = 0;
361
362 /*
363 * First look for FX_COOKIE and and process it
364 */
365 pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_COOKIE);
366 if (pa) {
367 ret = fast_parse_cookie(r, pa);
368 if (ret)
369 goto out;
370 }
371
372 i = 0;
373 pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_FAST);
374 if (pa == NULL)
375 return 0;
376
377 ret = decode_PA_FX_FAST_REQUEST(pa->padata_value.data,
378 pa->padata_value.length,
379 &fxreq,
380 &len);
381 if (ret)
382 goto out;
383 if (len != pa->padata_value.length) {
384 ret = KRB5KDC_ERR_PREAUTH_FAILED;
385 goto out;
386 }
387
388 if (fxreq.element != choice_PA_FX_FAST_REQUEST_armored_data) {
389 kdc_log(r->context, r->config, 0,
390 "AS-REQ FAST contain unknown type: %d", (int)fxreq.element);
391 ret = KRB5KDC_ERR_PREAUTH_FAILED;
392 goto out;
393 }
394
395 /* pull out armor key */
396 if (fxreq.u.armored_data.armor == NULL) {
397 kdc_log(r->context, r->config, 0,
398 "AS-REQ armor missing");
399 ret = KRB5KDC_ERR_PREAUTH_FAILED;
400 goto out;
401 }
402
403 if (fxreq.u.armored_data.armor->armor_type != 1) {
404 kdc_log(r->context, r->config, 0,
405 "AS-REQ armor type not ap-req");
406 ret = KRB5KDC_ERR_PREAUTH_FAILED;
407 goto out;
408 }
409
410 ret = krb5_decode_ap_req(r->context,
411 &fxreq.u.armored_data.armor->armor_value,
412 &ap_req);
413 if(ret) {
414 kdc_log(r->context, r->config, 0, "AP-REQ decode failed");
415 goto out;
416 }
417
418 /* Save that principal that was in the request */
419 ret = _krb5_principalname2krb5_principal(r->context,
420 &armor_server,
421 ap_req.ticket.sname,
422 ap_req.ticket.realm);
423 if (ret) {
424 free_AP_REQ(&ap_req);
425 goto out;
426 }
427
428 ret = _kdc_db_fetch(r->context, r->config, armor_server,
429 HDB_F_GET_SERVER, NULL, NULL, &armor_user);
430 if(ret == HDB_ERR_NOT_FOUND_HERE) {
431 kdc_log(r->context, r->config, 5,
432 "armor key does not have secrets at this KDC, "
433 "need to proxy");
434 goto out;
435 } else if (ret) {
436 free_AP_REQ(&ap_req);
437 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
438 goto out;
439 }
440
441 ret = hdb_enctype2key(r->context, &armor_user->entry, NULL,
442 ap_req.ticket.enc_part.etype,
443 &armor_key);
444 if (ret) {
445 free_AP_REQ(&ap_req);
446 goto out;
447 }
448
449 ret = krb5_verify_ap_req2(r->context, &ac,
450 &ap_req,
451 armor_server,
452 &armor_key->key,
453 0,
454 &ap_req_options,
455 &ticket,
456 KRB5_KU_AP_REQ_AUTH);
457 free_AP_REQ(&ap_req);
458 if (ret)
459 goto out;
460
461 if (ac->remote_subkey == NULL) {
462 krb5_auth_con_free(r->context, ac);
463 kdc_log(r->context, r->config, 0,
464 "FAST AP-REQ remote subkey missing");
465 ret = KRB5KDC_ERR_PREAUTH_FAILED;
466 goto out;
467 }
468
469 ret = _krb5_fast_armor_key(r->context,
470 ac->remote_subkey,
471 &ticket->ticket.key,
472 &armorkey,
473 &r->armor_crypto);
474 krb5_auth_con_free(r->context, ac);
475 krb5_free_ticket(r->context, ticket);
476 if (ret)
477 goto out;
478
479 krb5_free_keyblock_contents(r->context, &armorkey);
480
481 /* verify req-checksum of the outer body */
482
483 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, len, &r->req.req_body, &size, ret);
484 if (ret)
485 goto out;
486 if (size != len) {
487 ret = KRB5KDC_ERR_PREAUTH_FAILED;
488 goto out;
489 }
490
491 ret = krb5_verify_checksum(r->context, r->armor_crypto,
492 KRB5_KU_FAST_REQ_CHKSUM,
493 buf, len,
494 &fxreq.u.armored_data.req_checksum);
495 free(buf);
496 if (ret) {
497 kdc_log(r->context, r->config, 0,
498 "FAST request have a bad checksum");
499 goto out;
500 }
501
502 ret = krb5_decrypt_EncryptedData(r->context, r->armor_crypto,
503 KRB5_KU_FAST_ENC,
504 &fxreq.u.armored_data.enc_fast_req,
505 &data);
506 if (ret) {
507 kdc_log(r->context, r->config, 0,
508 "Failed to decrypt FAST request");
509 goto out;
510 }
511
512 ret = decode_KrbFastReq(data.data, data.length, &fastreq, &size);
513 if (ret) {
514 krb5_data_free(&data);
515 goto out;
516 }
517 if (data.length != size) {
518 krb5_data_free(&data);
519 ret = KRB5KDC_ERR_PREAUTH_FAILED;
520 goto out;
521 }
522 krb5_data_free(&data);
523
524 free_KDC_REQ_BODY(&r->req.req_body);
525 ret = copy_KDC_REQ_BODY(&fastreq.req_body, &r->req.req_body);
526 if (ret)
527 goto out;
528
529 /* check for unsupported mandatory options */
530 if (FastOptions2int(fastreq.fast_options) & 0xfffc) {
531 kdc_log(r->context, r->config, 0,
532 "FAST unsupported mandatory option set");
533 ret = KRB5KDC_ERR_PREAUTH_FAILED;
534 goto out;
535 }
536
537 /* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */
538 if (r->req.padata)
539 free_METHOD_DATA(r->req.padata);
540 else
541 ALLOC(r->req.padata);
542
543 ret = copy_METHOD_DATA(&fastreq.padata, r->req.padata);
544 if (ret)
545 goto out;
546
547 free_KrbFastReq(&fastreq);
548 free_PA_FX_FAST_REQUEST(&fxreq);
549
550 out:
551 if (armor_server)
552 krb5_free_principal(r->context, armor_server);
553 if(armor_user)
554 _kdc_free_ent(r->context, armor_user);
555
556 return ret;
557 }
Heimdal