search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cf/largefile.m4: Fix build with autoconf-2.72
[heimdal.git] / kdc / pkinit.c
blobfd0b20fc06c2e41c24ade6171435a38613e005e8
1 /*
2 * Copyright (c) 2003 - 2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kdc_locl.h"
37
38 #ifdef PKINIT
39
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
42 #include <cms_asn1.h>
43 #include <pkinit_asn1.h>
44
45 #include <hx509.h>
46 #include "crypto-headers.h"
47
48 struct pk_client_params {
49 enum krb5_pk_type type;
50 enum keyex_enum keyex;
51 union {
52 struct {
53 BIGNUM *public_key;
54 DH *key;
55 } dh;
56 struct {
57 void *public_key;
58 void *key;
59 } ecdh;
60 } u;
61 hx509_cert cert;
62 krb5_timestamp endtime;
63 krb5_timestamp max_life;
64 unsigned nonce;
65 EncryptionKey reply_key;
66 char *dh_group_name;
67 hx509_peer_info peer;
68 hx509_certs client_anchors;
69 hx509_verify_ctx verify_ctx;
70 };
71
72 struct pk_principal_mapping {
73 unsigned int len;
74 struct pk_allowed_princ {
75 krb5_principal principal;
76 char *subject;
77 } *val;
78 };
79
80 static struct krb5_pk_identity *kdc_identity;
81 static struct pk_principal_mapping principal_mappings;
82 static struct krb5_dh_moduli **moduli;
83
84 static struct {
85 krb5_data data;
86 time_t expire;
87 time_t next_update;
88 } ocsp;
89
90 /*
91 *
92 */
93
94 static krb5_error_code
95 pk_check_pkauthenticator_win2k(krb5_context context,
96 PKAuthenticator_Win2k *a,
97 const KDC_REQ *req)
98 {
99 krb5_timestamp now;
100
101 krb5_timeofday (context, &now);
102
103 /* XXX cusec */
104 if (a->ctime == 0 || labs(a->ctime - now) > context->max_skew) {
105 krb5_clear_error_message(context);
106 return KRB5KRB_AP_ERR_SKEW;
107 }
108 return 0;
109 }
110
111 static krb5_error_code
112 pk_check_pkauthenticator(krb5_context context,
113 const PKAuthenticator *a,
114 const KDC_REQ *req)
115 {
116 krb5_error_code ret;
117 krb5_timestamp now;
118 Checksum checksum;
119
120 krb5_timeofday (context, &now);
121
122 /* XXX cusec */
123 if (a->ctime == 0 || labs(a->ctime - now) > context->max_skew) {
124 krb5_clear_error_message(context);
125 return KRB5KRB_AP_ERR_SKEW;
126 }
127
128 ret = krb5_create_checksum(context,
129 NULL,
130 0,
131 CKSUMTYPE_SHA1,
132 req->req_body._save.data,
133 req->req_body._save.length,
134 &checksum);
135 if (ret) {
136 krb5_clear_error_message(context);
137 return ret;
138 }
139
140 if (a->paChecksum == NULL) {
141 krb5_clear_error_message(context);
142 ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
143 goto out;
144 }
145
146 if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
147 krb5_clear_error_message(context);
148 ret = KRB5KRB_ERR_GENERIC;
149 }
150
151 out:
152 free_Checksum(&checksum);
153
154 return ret;
155 }
156
157 void
158 _kdc_pk_free_client_param(krb5_context context, pk_client_params *cp)
159 {
160 if (cp == NULL)
161 return;
162 if (cp->cert)
163 hx509_cert_free(cp->cert);
164 if (cp->verify_ctx)
165 hx509_verify_destroy_ctx(cp->verify_ctx);
166 if (cp->keyex == USE_DH) {
167 if (cp->u.dh.key)
168 DH_free(cp->u.dh.key);
169 if (cp->u.dh.public_key)
170 BN_free(cp->u.dh.public_key);
171 }
172 if (cp->keyex == USE_ECDH)
173 _kdc_pk_free_client_ec_param(context, cp->u.ecdh.key,
174 cp->u.ecdh.public_key);
175 krb5_free_keyblock_contents(context, &cp->reply_key);
176 if (cp->dh_group_name)
177 free(cp->dh_group_name);
178 if (cp->peer)
179 hx509_peer_info_free(cp->peer);
180 if (cp->client_anchors)
181 hx509_certs_free(&cp->client_anchors);
182 memset(cp, 0, sizeof(*cp));
183 free(cp);
184 }
185
186 static krb5_error_code
187 generate_dh_keyblock(krb5_context context,
188 pk_client_params *client_params,
189 krb5_enctype enctype)
190 {
191 unsigned char *dh_gen_key = NULL;
192 krb5_keyblock key;
193 krb5_error_code ret;
194 size_t dh_gen_keylen, size;
195
196 memset(&key, 0, sizeof(key));
197
198 if (client_params->keyex == USE_DH) {
199
200 if (client_params->u.dh.public_key == NULL) {
201 ret = KRB5KRB_ERR_GENERIC;
202 krb5_set_error_message(context, ret, "missing DH public_key");
203 goto out;
204 }
205
206 if (!DH_generate_key(client_params->u.dh.key)) {
207 ret = KRB5KRB_ERR_GENERIC;
208 krb5_set_error_message(context, ret,
209 "Can't generate Diffie-Hellman keys");
210 goto out;
211 }
212
213 size = DH_size(client_params->u.dh.key);
214
215 dh_gen_key = malloc(size);
216 if (dh_gen_key == NULL) {
217 ret = ENOMEM;
218 krb5_set_error_message(context, ret, "malloc: out of memory");
219 goto out;
220 }
221
222 dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
223 if (dh_gen_keylen == (size_t)-1) {
224 ret = KRB5KRB_ERR_GENERIC;
225 krb5_set_error_message(context, ret,
226 "Can't compute Diffie-Hellman key");
227 goto out;
228 }
229 if (dh_gen_keylen < size) {
230 size -= dh_gen_keylen;
231 memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
232 memset(dh_gen_key, 0, size);
233 }
234 } else if (client_params->keyex == USE_ECDH) {
235 if (client_params->u.ecdh.public_key == NULL) {
236 ret = KRB5KRB_ERR_GENERIC;
237 krb5_set_error_message(context, ret, "missing ECDH public_key");
238 goto out;
239 }
240 ret = _kdc_generate_ecdh_keyblock(context,
241 client_params->u.ecdh.public_key,
242 &client_params->u.ecdh.key,
243 &dh_gen_key, &dh_gen_keylen);
244 if (ret)
245 goto out;
246 } else {
247 ret = KRB5KRB_ERR_GENERIC;
248 krb5_set_error_message(context, ret,
249 "Diffie-Hellman not selected keys");
250 goto out;
251 }
252
253 ret = _krb5_pk_octetstring2key(context,
254 enctype,
255 dh_gen_key, dh_gen_keylen,
256 NULL, NULL,
257 &client_params->reply_key);
258
259 out:
260 if (dh_gen_key)
261 free(dh_gen_key);
262 if (key.keyvalue.data)
263 krb5_free_keyblock_contents(context, &key);
264
265 return ret;
266 }
267
268 static BIGNUM *
269 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
270 {
271 BIGNUM *bn;
272
273 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
274 if (bn == NULL) {
275 krb5_set_error_message(context, KRB5_BADMSGTYPE,
276 "PKINIT: parsing BN failed %s", field);
277 return NULL;
278 }
279 BN_set_negative(bn, f->negative);
280 return bn;
281 }
282
283 static krb5_error_code
284 get_dh_param(krb5_context context,
285 krb5_kdc_configuration *config,
286 SubjectPublicKeyInfo *dh_key_info,
287 pk_client_params *client_params)
288 {
289 DomainParameters dhparam;
290 DH *dh = NULL;
291 krb5_error_code ret;
292
293 memset(&dhparam, 0, sizeof(dhparam));
294
295 if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
296 ret = KRB5_BADMSGTYPE;
297 krb5_set_error_message(context, ret,
298 "PKINIT: subjectPublicKey not aligned "
299 "to 8 bit boundary");
300 goto out;
301 }
302
303 if (dh_key_info->algorithm.parameters == NULL) {
304 krb5_set_error_message(context, KRB5_BADMSGTYPE,
305 "PKINIT missing algorithm parameter "
306 "in clientPublicValue");
307 return KRB5_BADMSGTYPE;
308 }
309
310 ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
311 dh_key_info->algorithm.parameters->length,
312 &dhparam,
313 NULL);
314 if (ret) {
315 krb5_set_error_message(context, ret, "Can't decode algorithm "
316 "parameters in clientPublicValue");
317 goto out;
318 }
319
320 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
321 &dhparam.p, &dhparam.g, dhparam.q, moduli,
322 &client_params->dh_group_name);
323 if (ret) {
324 /* XXX send back proposal of better group */
325 goto out;
326 }
327
328 dh = DH_new();
329 if (dh == NULL) {
330 ret = ENOMEM;
331 krb5_set_error_message(context, ret, "Cannot create DH structure");
332 goto out;
333 }
334 ret = KRB5_BADMSGTYPE;
335 dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
336 if (dh->p == NULL)
337 goto out;
338 dh->g = integer_to_BN(context, "DH base", &dhparam.g);
339 if (dh->g == NULL)
340 goto out;
341
342 if (dhparam.q) {
343 dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
344 if (dh->q == NULL)
345 goto out;
346 }
347
348 {
349 heim_integer glue;
350 size_t size;
351
352 ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
353 dh_key_info->subjectPublicKey.length / 8,
354 &glue,
355 &size);
356 if (ret) {
357 krb5_clear_error_message(context);
358 return ret;
359 }
360
361 client_params->u.dh.public_key = integer_to_BN(context,
362 "subjectPublicKey",
363 &glue);
364 der_free_heim_integer(&glue);
365 if (client_params->u.dh.public_key == NULL) {
366 ret = KRB5_BADMSGTYPE;
367 goto out;
368 }
369 }
370
371 client_params->u.dh.key = dh;
372 dh = NULL;
373 ret = 0;
374
375 out:
376 if (dh)
377 DH_free(dh);
378 free_DomainParameters(&dhparam);
379 return ret;
380 }
381
382 krb5_error_code
383 _kdc_pk_rd_padata(astgs_request_t priv,
384 const PA_DATA *pa,
385 pk_client_params **ret_params)
386 {
387 /* XXXrcd: we use priv vs r due to a conflict */
388 krb5_context context = priv->context;
389 krb5_kdc_configuration *config = priv->config;
390 const KDC_REQ *req = &priv->req;
391 hdb_entry *client = priv->client;
392 pk_client_params *cp;
393 krb5_error_code ret;
394 heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
395 krb5_data eContent = { 0, NULL };
396 krb5_data signed_content = { 0, NULL };
397 const char *type = "unknown type";
398 hx509_certs trust_anchors;
399 int have_data = 0;
400 const HDB_Ext_PKINIT_cert *pc;
401
402 *ret_params = NULL;
403
404 if (!config->enable_pkinit) {
405 kdc_log(context, config, 0, "PKINIT request but PKINIT not enabled");
406 krb5_clear_error_message(context);
407 return 0;
408 }
409
410 cp = calloc(1, sizeof(*cp));
411 if (cp == NULL) {
412 krb5_clear_error_message(context);
413 ret = ENOMEM;
414 goto out;
415 }
416
417 ret = hx509_certs_init(context->hx509ctx,
418 "MEMORY:trust-anchors",
419 0, NULL, &trust_anchors);
420 if (ret) {
421 krb5_set_error_message(context, ret, "failed to create trust anchors");
422 goto out;
423 }
424
425 ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
426 kdc_identity->anchors);
427 if (ret) {
428 hx509_certs_free(&trust_anchors);
429 krb5_set_error_message(context, ret, "failed to create verify context");
430 goto out;
431 }
432
433 /* Add any registered certificates for this client as trust anchors */
434 ret = hdb_entry_get_pkinit_cert(client, &pc);
435 if (ret == 0 && pc != NULL) {
436 hx509_cert cert;
437 unsigned int i;
438
439 for (i = 0; i < pc->len; i++) {
440 cert = hx509_cert_init_data(context->hx509ctx,
441 pc->val[i].cert.data,
442 pc->val[i].cert.length,
443 NULL);
444 if (cert == NULL)
445 continue;
446 hx509_certs_add(context->hx509ctx, trust_anchors, cert);
447 hx509_cert_free(cert);
448 }
449 }
450
451 ret = hx509_verify_init_ctx(context->hx509ctx, &cp->verify_ctx);
452 if (ret) {
453 hx509_certs_free(&trust_anchors);
454 krb5_set_error_message(context, ret, "failed to create verify context");
455 goto out;
456 }
457
458 hx509_verify_set_time(cp->verify_ctx, kdc_time);
459 hx509_verify_attach_anchors(cp->verify_ctx, trust_anchors);
460 hx509_certs_free(&trust_anchors);
461
462 if (config->pkinit_allow_proxy_certs)
463 hx509_verify_set_proxy_certificate(cp->verify_ctx, 1);
464
465 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
466 PA_PK_AS_REQ_Win2k r;
467
468 type = "PK-INIT-Win2k";
469
470 if (_kdc_is_anonymous(context, client->principal)) {
471 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
472 krb5_set_error_message(context, ret,
473 "Anonymous client not supported in RSA mode");
474 goto out;
475 }
476
477 ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
478 pa->padata_value.length,
479 &r,
480 NULL);
481 if (ret) {
482 krb5_set_error_message(context, ret, "Can't decode "
483 "PK-AS-REQ-Win2k: %d", ret);
484 goto out;
485 }
486
487 ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
488 &contentInfoOid,
489 &signed_content,
490 &have_data);
491 free_PA_PK_AS_REQ_Win2k(&r);
492 if (ret) {
493 krb5_set_error_message(context, ret,
494 "Can't unwrap ContentInfo(win): %d", ret);
495 goto out;
496 }
497
498 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
499 PA_PK_AS_REQ r;
500
501 type = "PK-INIT-IETF";
502
503 ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
504 pa->padata_value.length,
505 &r,
506 NULL);
507 if (ret) {
508 krb5_set_error_message(context, ret,
509 "Can't decode PK-AS-REQ: %d", ret);
510 goto out;
511 }
512
513 /* XXX look at r.kdcPkId */
514 if (r.trustedCertifiers) {
515 ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
516 unsigned int i, maxedi;
517
518 ret = hx509_certs_init(context->hx509ctx,
519 "MEMORY:client-anchors",
520 0, NULL,
521 &cp->client_anchors);
522 if (ret) {
523 krb5_set_error_message(context, ret,
524 "Can't allocate client anchors: %d",
525 ret);
526 goto out;
527
528 }
529 /*
530 * If the client sent more than 10 EDIs, don't bother
531 * looking at more than 10 for performance reasons.
532 */
533 maxedi = edi->len;
534 if (maxedi > 10)
535 maxedi = 10;
536 for (i = 0; i < maxedi; i++) {
537 IssuerAndSerialNumber iasn;
538 hx509_query *q;
539 hx509_cert cert;
540 size_t size;
541
542 if (edi->val[i].issuerAndSerialNumber == NULL)
543 continue;
544
545 ret = hx509_query_alloc(context->hx509ctx, &q);
546 if (ret) {
547 krb5_set_error_message(context, ret,
548 "Failed to allocate hx509_query");
549 goto out;
550 }
551
552 ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
553 edi->val[i].issuerAndSerialNumber->length,
554 &iasn,
555 &size);
556 if (ret) {
557 hx509_query_free(context->hx509ctx, q);
558 continue;
559 }
560 ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
561 free_IssuerAndSerialNumber(&iasn);
562 if (ret) {
563 hx509_query_free(context->hx509ctx, q);
564 continue;
565 }
566
567 ret = hx509_certs_find(context->hx509ctx,
568 kdc_identity->certs,
569 q,
570 &cert);
571 hx509_query_free(context->hx509ctx, q);
572 if (ret)
573 continue;
574 hx509_certs_add(context->hx509ctx,
575 cp->client_anchors, cert);
576 hx509_cert_free(cert);
577 }
578 }
579
580 ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
581 &contentInfoOid,
582 &signed_content,
583 &have_data);
584 free_PA_PK_AS_REQ(&r);
585 if (ret) {
586 krb5_set_error_message(context, ret,
587 "Can't unwrap ContentInfo: %d", ret);
588 goto out;
589 }
590
591 } else {
592 krb5_clear_error_message(context);
593 ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
594 goto out;
595 }
596
597 ret = der_heim_oid_cmp(&contentInfoOid, &asn1_oid_id_pkcs7_signedData);
598 if (ret != 0) {
599 ret = KRB5KRB_ERR_GENERIC;
600 krb5_set_error_message(context, ret,
601 "PK-AS-REQ-Win2k invalid content type oid");
602 goto out;
603 }
604
605 if (!have_data) {
606 ret = KRB5KRB_ERR_GENERIC;
607 krb5_set_error_message(context, ret,
608 "PK-AS-REQ-Win2k no signed auth pack");
609 goto out;
610 }
611
612 {
613 hx509_certs signer_certs;
614 int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */
615
616 if (_kdc_is_anonymous(context, client->principal)
617 || (config->historical_anon_realm && _kdc_is_anon_request(req)))
618 flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER;
619
620 ret = hx509_cms_verify_signed(context->hx509ctx,
621 cp->verify_ctx,
622 flags,
623 signed_content.data,
624 signed_content.length,
625 NULL,
626 kdc_identity->certpool,
627 &eContentType,
628 &eContent,
629 &signer_certs);
630 if (ret) {
631 char *s = hx509_get_error_string(context->hx509ctx, ret);
632 krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
633 s, ret);
634 free(s);
635 goto out;
636 }
637
638 if (signer_certs) {
639 ret = hx509_get_one_cert(context->hx509ctx, signer_certs,
640 &cp->cert);
641 hx509_certs_free(&signer_certs);
642 }
643 if (ret)
644 goto out;
645 }
646
647 /* Signature is correct, now verify the signed message */
648 if (der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkcs7_data) != 0 &&
649 der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkauthdata) != 0)
650 {
651 ret = KRB5_BADMSGTYPE;
652 krb5_set_error_message(context, ret, "got wrong oid for PK AuthData");
653 goto out;
654 }
655
656 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
657 AuthPack_Win2k ap;
658
659 ret = decode_AuthPack_Win2k(eContent.data,
660 eContent.length,
661 &ap,
662 NULL);
663 if (ret) {
664 krb5_set_error_message(context, ret,
665 "Can't decode AuthPack: %d", ret);
666 goto out;
667 }
668
669 ret = pk_check_pkauthenticator_win2k(context,
670 &ap.pkAuthenticator,
671 req);
672 if (ret) {
673 free_AuthPack_Win2k(&ap);
674 goto out;
675 }
676
677 cp->type = PKINIT_WIN2K;
678 cp->nonce = ap.pkAuthenticator.nonce;
679
680 if (ap.clientPublicValue) {
681 ret = KRB5KRB_ERR_GENERIC;
682 krb5_set_error_message(context, ret,
683 "DH not supported for Win2k");
684 free_AuthPack_Win2k(&ap);
685 goto out;
686 }
687 free_AuthPack_Win2k(&ap);
688
689 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
690 AuthPack ap;
691
692 ret = decode_AuthPack(eContent.data,
693 eContent.length,
694 &ap,
695 NULL);
696 if (ret) {
697 krb5_set_error_message(context, ret,
698 "Can't decode AuthPack: %d", ret);
699 free_AuthPack(&ap);
700 goto out;
701 }
702
703 if (_kdc_is_anonymous(context, client->principal) &&
704 ap.clientPublicValue == NULL) {
705 free_AuthPack(&ap);
706 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
707 krb5_set_error_message(context, ret,
708 "Anonymous client not supported in RSA mode");
709 goto out;
710 }
711
712 ret = pk_check_pkauthenticator(context,
713 &ap.pkAuthenticator,
714 req);
715 if (ret) {
716 free_AuthPack(&ap);
717 goto out;
718 }
719
720 cp->type = PKINIT_27;
721 cp->nonce = ap.pkAuthenticator.nonce;
722
723 if (ap.clientPublicValue) {
724 if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_dhpublicnumber) == 0) {
725 cp->keyex = USE_DH;
726 ret = get_dh_param(context, config,
727 ap.clientPublicValue, cp);
728 } else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) {
729 cp->keyex = USE_ECDH;
730 ret = _kdc_get_ecdh_param(context, config,
731 ap.clientPublicValue,
732 &cp->u.ecdh.public_key);
733 } else {
734 ret = KRB5_BADMSGTYPE;
735 krb5_set_error_message(context, ret,
736 "PKINIT unknown DH mechanism");
737 }
738 if (ret) {
739 free_AuthPack(&ap);
740 goto out;
741 }
742 } else
743 cp->keyex = USE_RSA;
744
745 ret = hx509_peer_info_alloc(context->hx509ctx,
746 &cp->peer);
747 if (ret) {
748 free_AuthPack(&ap);
749 goto out;
750 }
751
752 if (ap.supportedCMSTypes) {
753 ret = hx509_peer_info_set_cms_algs(context->hx509ctx,
754 cp->peer,
755 ap.supportedCMSTypes->val,
756 ap.supportedCMSTypes->len);
757 if (ret) {
758 free_AuthPack(&ap);
759 goto out;
760 }
761 } else {
762 /* assume old client */
763 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
764 hx509_crypto_des_rsdi_ede3_cbc());
765 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
766 hx509_signature_rsa_with_sha1());
767 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
768 hx509_signature_sha1());
769 }
770 free_AuthPack(&ap);
771 } else
772 krb5_abortx(context, "internal pkinit error");
773
774 kdc_log(context, config, 0, "PKINIT request of type %s", type);
775
776 out:
777 if (ret)
778 krb5_warn(context, ret, "PKINIT");
779
780 if (signed_content.data)
781 free(signed_content.data);
782 krb5_data_free(&eContent);
783 der_free_oid(&eContentType);
784 der_free_oid(&contentInfoOid);
785 if (ret) {
786 _kdc_pk_free_client_param(context, cp);
787 } else
788 *ret_params = cp;
789 return ret;
790 }
791
792 krb5_timestamp
793 _kdc_pk_endtime(pk_client_params *pkp)
794 {
795 return pkp->endtime;
796 }
797
798 krb5_timestamp
799 _kdc_pk_max_life(pk_client_params *pkp)
800 {
801 return pkp->max_life;
802 }
803
804 /*
805 *
806 */
807
808 static krb5_error_code
809 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
810 {
811 integer->length = BN_num_bytes(bn);
812 integer->data = malloc(integer->length);
813 if (integer->data == NULL) {
814 krb5_clear_error_message(context);
815 return ENOMEM;
816 }
817 BN_bn2bin(bn, integer->data);
818 integer->negative = BN_is_negative(bn);
819 return 0;
820 }
821
822 static krb5_error_code
823 pk_mk_pa_reply_enckey(krb5_context context,
824 krb5_kdc_configuration *config,
825 pk_client_params *cp,
826 const KDC_REQ *req,
827 const krb5_data *req_buffer,
828 krb5_keyblock *reply_key,
829 ContentInfo *content_info,
830 hx509_cert *kdc_cert)
831 {
832 const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
833 krb5_error_code ret;
834 krb5_data buf, signed_data;
835 size_t size = 0;
836 int do_win2k = 0;
837
838 krb5_data_zero(&buf);
839 krb5_data_zero(&signed_data);
840
841 *kdc_cert = NULL;
842
843 /*
844 * If the message client is a win2k-type but it sends pa data
845 * 09-binding it expects a IETF (checksum) reply so there can be
846 * no replay attacks.
847 */
848
849 switch (cp->type) {
850 case PKINIT_WIN2K: {
851 int i = 0;
852 if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
853 && config->pkinit_require_binding == 0)
854 {
855 do_win2k = 1;
856 }
857 sdAlg = &asn1_oid_id_pkcs7_data;
858 evAlg = &asn1_oid_id_pkcs7_data;
859 envelopedAlg = &asn1_oid_id_rsadsi_des_ede3_cbc;
860 break;
861 }
862 case PKINIT_27:
863 sdAlg = &asn1_oid_id_pkrkeydata;
864 evAlg = &asn1_oid_id_pkcs7_signedData;
865 break;
866 default:
867 krb5_abortx(context, "internal pkinit error");
868 }
869
870 if (do_win2k) {
871 ReplyKeyPack_Win2k kp;
872 memset(&kp, 0, sizeof(kp));
873
874 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
875 if (ret) {
876 krb5_clear_error_message(context);
877 goto out;
878 }
879 kp.nonce = cp->nonce;
880
881 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
882 buf.data, buf.length,
883 &kp, &size,ret);
884 free_ReplyKeyPack_Win2k(&kp);
885 } else {
886 krb5_crypto ascrypto;
887 ReplyKeyPack kp;
888 memset(&kp, 0, sizeof(kp));
889
890 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
891 if (ret) {
892 krb5_clear_error_message(context);
893 goto out;
894 }
895
896 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
897 if (ret) {
898 krb5_clear_error_message(context);
899 goto out;
900 }
901
902 ret = krb5_create_checksum(context, ascrypto, 6, 0,
903 req_buffer->data, req_buffer->length,
904 &kp.asChecksum);
905 if (ret) {
906 krb5_clear_error_message(context);
907 goto out;
908 }
909
910 ret = krb5_crypto_destroy(context, ascrypto);
911 if (ret) {
912 krb5_clear_error_message(context);
913 goto out;
914 }
915 ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
916 free_ReplyKeyPack(&kp);
917 }
918 if (ret) {
919 krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
920 "failed (%d)", ret);
921 goto out;
922 }
923 if (buf.length != size)
924 krb5_abortx(context, "Internal ASN.1 encoder error");
925
926 {
927 hx509_query *q;
928 hx509_cert cert;
929
930 ret = hx509_query_alloc(context->hx509ctx, &q);
931 if (ret)
932 goto out;
933
934 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
935 if (config->pkinit_kdc_friendly_name)
936 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
937
938 ret = hx509_certs_find(context->hx509ctx,
939 kdc_identity->certs,
940 q,
941 &cert);
942 hx509_query_free(context->hx509ctx, q);
943 if (ret)
944 goto out;
945
946 ret = hx509_cms_create_signed_1(context->hx509ctx,
947 0,
948 sdAlg,
949 buf.data,
950 buf.length,
951 NULL,
952 cert,
953 cp->peer,
954 cp->client_anchors,
955 kdc_identity->certpool,
956 &signed_data);
957 *kdc_cert = cert;
958 }
959
960 krb5_data_free(&buf);
961 if (ret)
962 goto out;
963
964 if (cp->type == PKINIT_WIN2K) {
965 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData,
966 &signed_data,
967 &buf);
968 if (ret)
969 goto out;
970 krb5_data_free(&signed_data);
971 signed_data = buf;
972 }
973
974 ret = hx509_cms_envelope_1(context->hx509ctx,
975 HX509_CMS_EV_NO_KU_CHECK,
976 cp->cert,
977 signed_data.data, signed_data.length,
978 envelopedAlg,
979 evAlg, &buf);
980 if (ret)
981 goto out;
982
983 ret = _krb5_pk_mk_ContentInfo(context,
984 &buf,
985 &asn1_oid_id_pkcs7_envelopedData,
986 content_info);
987 out:
988 if (ret && *kdc_cert) {
989 hx509_cert_free(*kdc_cert);
990 *kdc_cert = NULL;
991 }
992
993 krb5_data_free(&buf);
994 krb5_data_free(&signed_data);
995 return ret;
996 }
997
998 /*
999 *
1000 */
1001
1002 static krb5_error_code
1003 pk_mk_pa_reply_dh(krb5_context context,
1004 krb5_kdc_configuration *config,
1005 pk_client_params *cp,
1006 ContentInfo *content_info,
1007 hx509_cert *kdc_cert)
1008 {
1009 KDCDHKeyInfo dh_info;
1010 krb5_data signed_data, buf;
1011 ContentInfo contentinfo;
1012 krb5_error_code ret;
1013 hx509_cert cert;
1014 hx509_query *q;
1015 size_t size = 0;
1016
1017 memset(&contentinfo, 0, sizeof(contentinfo));
1018 memset(&dh_info, 0, sizeof(dh_info));
1019 krb5_data_zero(&signed_data);
1020 krb5_data_zero(&buf);
1021
1022 *kdc_cert = NULL;
1023
1024 if (cp->keyex == USE_DH) {
1025 DH *kdc_dh = cp->u.dh.key;
1026 heim_integer i;
1027
1028 ret = BN_to_integer(context, kdc_dh->pub_key, &i);
1029 if (ret)
1030 return ret;
1031
1032 ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
1033 der_free_heim_integer(&i);
1034 if (ret) {
1035 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1036 "DHPublicKey failed (%d)", ret);
1037 return ret;
1038 }
1039 if (buf.length != size)
1040 krb5_abortx(context, "Internal ASN.1 encoder error");
1041
1042 dh_info.subjectPublicKey.length = buf.length * 8;
1043 dh_info.subjectPublicKey.data = buf.data;
1044 krb5_data_zero(&buf);
1045 } else if (cp->keyex == USE_ECDH) {
1046 unsigned char *p;
1047 ret = _kdc_serialize_ecdh_key(context, cp->u.ecdh.key, &p,
1048 &dh_info.subjectPublicKey.length);
1049 if (ret)
1050 goto out;
1051 dh_info.subjectPublicKey.data = p;
1052 } else
1053 krb5_abortx(context, "no keyex selected ?");
1054
1055
1056 dh_info.nonce = cp->nonce;
1057
1058 ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
1059 ret);
1060 if (ret) {
1061 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1062 "KdcDHKeyInfo failed (%d)", ret);
1063 goto out;
1064 }
1065 if (buf.length != size)
1066 krb5_abortx(context, "Internal ASN.1 encoder error");
1067
1068 /*
1069 * Create the SignedData structure and sign the KdcDHKeyInfo
1070 * filled in above
1071 */
1072
1073 ret = hx509_query_alloc(context->hx509ctx, &q);
1074 if (ret)
1075 goto out;
1076
1077 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1078 if (config->pkinit_kdc_friendly_name)
1079 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1080
1081 ret = hx509_certs_find(context->hx509ctx,
1082 kdc_identity->certs,
1083 q,
1084 &cert);
1085 hx509_query_free(context->hx509ctx, q);
1086 if (ret)
1087 goto out;
1088
1089 ret = hx509_cms_create_signed_1(context->hx509ctx,
1090 0,
1091 &asn1_oid_id_pkdhkeydata,
1092 buf.data,
1093 buf.length,
1094 NULL,
1095 cert,
1096 cp->peer,
1097 cp->client_anchors,
1098 kdc_identity->certpool,
1099 &signed_data);
1100 if (ret) {
1101 kdc_log(context, config, 0, "Failed signing the DH* reply: %d", ret);
1102 goto out;
1103 }
1104 *kdc_cert = cert;
1105
1106 ret = _krb5_pk_mk_ContentInfo(context,
1107 &signed_data,
1108 &asn1_oid_id_pkcs7_signedData,
1109 content_info);
1110 if (ret)
1111 goto out;
1112
1113 out:
1114 if (ret && *kdc_cert) {
1115 hx509_cert_free(*kdc_cert);
1116 *kdc_cert = NULL;
1117 }
1118
1119 krb5_data_free(&buf);
1120 krb5_data_free(&signed_data);
1121 free_KDCDHKeyInfo(&dh_info);
1122
1123 return ret;
1124 }
1125
1126 /*
1127 *
1128 */
1129
1130 krb5_error_code
1131 _kdc_pk_mk_pa_reply(astgs_request_t r, pk_client_params *cp)
1132 {
1133 krb5_kdc_configuration *config = r->config;
1134 krb5_enctype sessionetype = r->sessionetype;
1135 const KDC_REQ *req = &r->req;
1136 const krb5_data *req_buffer = &r->request;
1137 krb5_keyblock *reply_key = &r->reply_key;
1138 krb5_keyblock *sessionkey = &r->session_key;
1139 METHOD_DATA *md = r->rep.padata;
1140 krb5_error_code ret;
1141 void *buf = NULL;
1142 size_t len = 0, size = 0;
1143 krb5_enctype enctype;
1144 int pa_type;
1145 hx509_cert kdc_cert = NULL;
1146 size_t i;
1147
1148 if (!config->enable_pkinit) {
1149 krb5_clear_error_message(r->context);
1150 return 0;
1151 }
1152
1153 if (req->req_body.etype.len > 0) {
1154 for (i = 0; i < req->req_body.etype.len; i++)
1155 if (krb5_enctype_valid(r->context, req->req_body.etype.val[i]) == 0)
1156 break;
1157 if (req->req_body.etype.len <= i) {
1158 ret = KRB5KRB_ERR_GENERIC;
1159 krb5_set_error_message(r->context, ret,
1160 "No valid enctype available from client");
1161 goto out;
1162 }
1163 enctype = req->req_body.etype.val[i];
1164 } else
1165 enctype = ETYPE_DES3_CBC_SHA1;
1166
1167 if (cp->type == PKINIT_27) {
1168 PA_PK_AS_REP rep;
1169 const char *type, *other = "";
1170
1171 memset(&rep, 0, sizeof(rep));
1172
1173 pa_type = KRB5_PADATA_PK_AS_REP;
1174
1175 if (cp->keyex == USE_RSA) {
1176 ContentInfo info;
1177
1178 type = "enckey";
1179
1180 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1181
1182 ret = krb5_generate_random_keyblock(r->context, enctype,
1183 &cp->reply_key);
1184 if (ret) {
1185 free_PA_PK_AS_REP(&rep);
1186 goto out;
1187 }
1188 ret = pk_mk_pa_reply_enckey(r->context,
1189 config,
1190 cp,
1191 req,
1192 req_buffer,
1193 &cp->reply_key,
1194 &info,
1195 &kdc_cert);
1196 if (ret) {
1197 free_PA_PK_AS_REP(&rep);
1198 goto out;
1199 }
1200 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1201 rep.u.encKeyPack.length, &info, &size,
1202 ret);
1203 free_ContentInfo(&info);
1204 if (ret) {
1205 krb5_set_error_message(r->context, ret, "encoding of Key ContentInfo "
1206 "failed %d", ret);
1207 free_PA_PK_AS_REP(&rep);
1208 goto out;
1209 }
1210 if (rep.u.encKeyPack.length != size)
1211 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1212
1213 ret = krb5_generate_random_keyblock(r->context, sessionetype,
1214 sessionkey);
1215 if (ret) {
1216 free_PA_PK_AS_REP(&rep);
1217 goto out;
1218 }
1219
1220 } else {
1221 ContentInfo info;
1222
1223 switch (cp->keyex) {
1224 case USE_DH: type = "dh"; break;
1225 case USE_ECDH: type = "ecdh"; break;
1226 default: krb5_abortx(r->context, "unknown keyex"); break;
1227 }
1228
1229 if (cp->dh_group_name)
1230 other = cp->dh_group_name;
1231
1232 rep.element = choice_PA_PK_AS_REP_dhInfo;
1233
1234 ret = generate_dh_keyblock(r->context, cp, enctype);
1235 if (ret)
1236 return ret;
1237
1238 ret = pk_mk_pa_reply_dh(r->context, config,
1239 cp,
1240 &info,
1241 &kdc_cert);
1242 if (ret) {
1243 free_PA_PK_AS_REP(&rep);
1244 krb5_set_error_message(r->context, ret,
1245 "create pa-reply-dh "
1246 "failed %d", ret);
1247 goto out;
1248 }
1249
1250 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
1251 rep.u.dhInfo.dhSignedData.length, &info, &size,
1252 ret);
1253 free_ContentInfo(&info);
1254 if (ret) {
1255 krb5_set_error_message(r->context, ret,
1256 "encoding of Key ContentInfo "
1257 "failed %d", ret);
1258 free_PA_PK_AS_REP(&rep);
1259 goto out;
1260 }
1261 if (rep.u.encKeyPack.length != size)
1262 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1263
1264 /* generate the session key using the method from RFC6112 */
1265 {
1266 krb5_keyblock kdc_contribution_key;
1267 krb5_crypto reply_crypto;
1268 krb5_crypto kdccont_crypto;
1269 krb5_data p1 = { strlen("PKINIT"), "PKINIT"};
1270 krb5_data p2 = { strlen("KEYEXCHANGE"), "KEYEXCHANGE"};
1271 void *kckdata;
1272 size_t kcklen;
1273 EncryptedData kx;
1274 void *kxdata;
1275 size_t kxlen;
1276
1277 ret = krb5_generate_random_keyblock(r->context, sessionetype,
1278 &kdc_contribution_key);
1279 if (ret) {
1280 free_PA_PK_AS_REP(&rep);
1281 goto out;
1282 }
1283 ret = krb5_crypto_init(r->context, &cp->reply_key, enctype, &reply_crypto);
1284 if (ret) {
1285 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1286 free_PA_PK_AS_REP(&rep);
1287 goto out;
1288 }
1289 ret = krb5_crypto_init(r->context, &kdc_contribution_key, sessionetype, &kdccont_crypto);
1290 if (ret) {
1291 krb5_crypto_destroy(r->context, reply_crypto);
1292 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1293 free_PA_PK_AS_REP(&rep);
1294 goto out;
1295 }
1296 /* KRB-FX-CF2 */
1297 ret = krb5_crypto_fx_cf2(r->context, kdccont_crypto, reply_crypto,
1298 &p1, &p2, sessionetype, sessionkey);
1299 krb5_crypto_destroy(r->context, kdccont_crypto);
1300 if (ret) {
1301 krb5_crypto_destroy(r->context, reply_crypto);
1302 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1303 free_PA_PK_AS_REP(&rep);
1304 goto out;
1305 }
1306 ASN1_MALLOC_ENCODE(EncryptionKey, kckdata, kcklen,
1307 &kdc_contribution_key, &size, ret);
1308 krb5_free_keyblock_contents(r->context, &kdc_contribution_key);
1309 if (ret) {
1310 krb5_set_error_message(r->context, ret, "encoding of PKINIT-KX Key failed %d", ret);
1311 krb5_crypto_destroy(r->context, reply_crypto);
1312 free_PA_PK_AS_REP(&rep);
1313 goto out;
1314 }
1315 if (kcklen != size)
1316 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1317 ret = krb5_encrypt_EncryptedData(r->context, reply_crypto, KRB5_KU_PA_PKINIT_KX,
1318 kckdata, kcklen, 0, &kx);
1319 krb5_crypto_destroy(r->context, reply_crypto);
1320 free(kckdata);
1321 if (ret) {
1322 free_PA_PK_AS_REP(&rep);
1323 goto out;
1324 }
1325 ASN1_MALLOC_ENCODE(EncryptedData, kxdata, kxlen,
1326 &kx, &size, ret);
1327 free_EncryptedData(&kx);
1328 if (ret) {
1329 krb5_set_error_message(r->context, ret,
1330 "encoding of PKINIT-KX failed %d", ret);
1331 free_PA_PK_AS_REP(&rep);
1332 goto out;
1333 }
1334 if (kxlen != size)
1335 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1336 /* Add PA-PKINIT-KX */
1337 ret = krb5_padata_add(r->context, md, KRB5_PADATA_PKINIT_KX, kxdata, kxlen);
1338 if (ret) {
1339 krb5_set_error_message(r->context, ret,
1340 "Failed adding PKINIT-KX %d", ret);
1341 free(buf);
1342 goto out;
1343 }
1344 }
1345 }
1346
1347 #define use_btmm_with_enckey 0
1348 if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
1349 PA_PK_AS_REP_BTMM btmm;
1350 heim_any any;
1351
1352 any.data = rep.u.encKeyPack.data;
1353 any.length = rep.u.encKeyPack.length;
1354
1355 btmm.dhSignedData = NULL;
1356 btmm.encKeyPack = &any;
1357
1358 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
1359 } else {
1360 ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
1361 }
1362
1363 free_PA_PK_AS_REP(&rep);
1364 if (ret) {
1365 krb5_set_error_message(r->context, ret,
1366 "encode PA-PK-AS-REP failed %d", ret);
1367 goto out;
1368 }
1369 if (len != size)
1370 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1371
1372 kdc_log(r->context, config, 0, "PKINIT using %s %s", type, other);
1373
1374 } else if (cp->type == PKINIT_WIN2K) {
1375 PA_PK_AS_REP_Win2k rep;
1376 ContentInfo info;
1377
1378 if (cp->keyex != USE_RSA) {
1379 ret = KRB5KRB_ERR_GENERIC;
1380 krb5_set_error_message(r->context, ret,
1381 "Win2k PKINIT doesn't support DH");
1382 goto out;
1383 }
1384
1385 memset(&rep, 0, sizeof(rep));
1386
1387 pa_type = KRB5_PADATA_PK_AS_REP_19;
1388 rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack;
1389
1390 ret = krb5_generate_random_keyblock(r->context, enctype,
1391 &cp->reply_key);
1392 if (ret) {
1393 free_PA_PK_AS_REP_Win2k(&rep);
1394 goto out;
1395 }
1396 ret = pk_mk_pa_reply_enckey(r->context,
1397 config,
1398 cp,
1399 req,
1400 req_buffer,
1401 &cp->reply_key,
1402 &info,
1403 &kdc_cert);
1404 if (ret) {
1405 free_PA_PK_AS_REP_Win2k(&rep);
1406 goto out;
1407 }
1408 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1409 rep.u.encKeyPack.length, &info, &size,
1410 ret);
1411 free_ContentInfo(&info);
1412 if (ret) {
1413 krb5_set_error_message(r->context, ret, "encoding of Key ContentInfo "
1414 "failed %d", ret);
1415 free_PA_PK_AS_REP_Win2k(&rep);
1416 goto out;
1417 }
1418 if (rep.u.encKeyPack.length != size)
1419 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1420
1421 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
1422 free_PA_PK_AS_REP_Win2k(&rep);
1423 if (ret) {
1424 krb5_set_error_message(r->context, ret,
1425 "encode PA-PK-AS-REP-Win2k failed %d", ret);
1426 goto out;
1427 }
1428 if (len != size)
1429 krb5_abortx(r->context, "Internal ASN.1 encoder error");
1430
1431 ret = krb5_generate_random_keyblock(r->context, sessionetype,
1432 sessionkey);
1433 if (ret) {
1434 free(buf);
1435 goto out;
1436 }
1437
1438 } else
1439 krb5_abortx(r->context, "PKINIT internal error");
1440
1441
1442 ret = krb5_padata_add(r->context, md, pa_type, buf, len);
1443 if (ret) {
1444 krb5_set_error_message(r->context, ret,
1445 "Failed adding PA-PK-AS-REP %d", ret);
1446 free(buf);
1447 goto out;
1448 }
1449
1450 if (config->pkinit_kdc_ocsp_file) {
1451
1452 if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
1453 struct stat sb;
1454 int fd;
1455
1456 krb5_data_free(&ocsp.data);
1457
1458 ocsp.expire = 0;
1459 ocsp.next_update = kdc_time + 60 * 5;
1460
1461 fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
1462 if (fd < 0) {
1463 kdc_log(r->context, config, 0,
1464 "PKINIT failed to open ocsp data file %d", errno);
1465 goto out_ocsp;
1466 }
1467 ret = fstat(fd, &sb);
1468 if (ret) {
1469 ret = errno;
1470 close(fd);
1471 kdc_log(r->context, config, 0,
1472 "PKINIT failed to stat ocsp data %d", ret);
1473 goto out_ocsp;
1474 }
1475
1476 ret = krb5_data_alloc(&ocsp.data, sb.st_size);
1477 if (ret) {
1478 close(fd);
1479 kdc_log(r->context, config, 0,
1480 "PKINIT failed to allocate ocsp data %d", ret);
1481 goto out_ocsp;
1482 }
1483 ocsp.data.length = sb.st_size;
1484 ret = read(fd, ocsp.data.data, sb.st_size);
1485 close(fd);
1486 if (ret != sb.st_size) {
1487 kdc_log(r->context, config, 0,
1488 "PKINIT failed to read ocsp data %d", errno);
1489 goto out_ocsp;
1490 }
1491
1492 ret = hx509_ocsp_verify(r->context->hx509ctx,
1493 kdc_time,
1494 kdc_cert,
1495 0,
1496 ocsp.data.data, ocsp.data.length,
1497 &ocsp.expire);
1498 if (ret) {
1499 kdc_log(r->context, config, 0,
1500 "PKINIT failed to verify ocsp data %d", ret);
1501 krb5_data_free(&ocsp.data);
1502 ocsp.expire = 0;
1503 } else if (ocsp.expire > 180) {
1504 ocsp.expire -= 180; /* refetch the ocsp before it expires */
1505 ocsp.next_update = ocsp.expire;
1506 } else {
1507 ocsp.next_update = kdc_time;
1508 }
1509 out_ocsp:
1510 ret = 0;
1511 }
1512
1513 if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
1514
1515 ret = krb5_padata_add(r->context, md,
1516 KRB5_PADATA_PA_PK_OCSP_RESPONSE,
1517 ocsp.data.data, ocsp.data.length);
1518 if (ret) {
1519 krb5_set_error_message(r->context, ret,
1520 "Failed adding OCSP response %d", ret);
1521 goto out;
1522 }
1523 }
1524 }
1525
1526 out:
1527 if (kdc_cert)
1528 hx509_cert_free(kdc_cert);
1529
1530 if (ret == 0)
1531 ret = krb5_copy_keyblock_contents(r->context, &cp->reply_key, reply_key);
1532 return ret;
1533 }
1534
1535 static int
1536 match_rfc_san(krb5_context context,
1537 krb5_kdc_configuration *config,
1538 hx509_context hx509ctx,
1539 hx509_cert client_cert,
1540 krb5_const_principal match)
1541 {
1542 hx509_octet_string_list list;
1543 int ret, found = 0;
1544 size_t i;
1545
1546 memset(&list, 0 , sizeof(list));
1547
1548 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1549 client_cert,
1550 &asn1_oid_id_pkinit_san,
1551 &list);
1552 if (ret)
1553 goto out;
1554
1555 for (i = 0; !found && i < list.len; i++) {
1556 krb5_principal_data principal;
1557 KRB5PrincipalName kn;
1558 size_t size;
1559
1560 ret = decode_KRB5PrincipalName(list.val[i].data,
1561 list.val[i].length,
1562 &kn, &size);
1563 if (ret) {
1564 const char *msg = krb5_get_error_message(context, ret);
1565 kdc_log(context, config, 0,
1566 "Decoding Kerberos principal name in certificate failed: %s", msg);
1567 krb5_free_error_message(context, msg);
1568 break;
1569 }
1570 if (size != list.val[i].length) {
1571 kdc_log(context, config, 0,
1572 "Decoded Kerberos principal name did not have expected length");
1573 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1574 }
1575
1576 memset(&principal, 0, sizeof (principal));
1577 principal.name = kn.principalName;
1578 principal.realm = kn.realm;
1579
1580 if (krb5_principal_compare(context, &principal, match) == TRUE)
1581 found = 1;
1582 free_KRB5PrincipalName(&kn);
1583 }
1584
1585 out:
1586 hx509_free_octet_string_list(&list);
1587 if (ret)
1588 return ret;
1589
1590 if (!found)
1591 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1592
1593 return 0;
1594 }
1595
1596 static int
1597 match_ms_upn_san(krb5_context context,
1598 krb5_kdc_configuration *config,
1599 hx509_context hx509ctx,
1600 hx509_cert client_cert,
1601 HDB *clientdb,
1602 hdb_entry *client)
1603 {
1604 hx509_octet_string_list list;
1605 krb5_principal principal = NULL;
1606 int ret;
1607 MS_UPN_SAN upn;
1608 size_t size;
1609
1610 memset(&list, 0 , sizeof(list));
1611
1612 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1613 client_cert,
1614 &asn1_oid_id_pkinit_ms_san,
1615 &list);
1616 if (ret)
1617 goto out;
1618
1619 if (list.len != 1) {
1620 if (list.len)
1621 kdc_log(context, config, 0,
1622 "More than one PKINIT MS UPN SAN");
1623 else
1624 kdc_log(context, config, 0,
1625 "No PKINIT MS UPN SAN");
1626 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1627 goto out;
1628 }
1629
1630 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
1631 if (ret) {
1632 kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
1633 goto out;
1634 }
1635 if (size != list.val[0].length) {
1636 free_MS_UPN_SAN(&upn);
1637 kdc_log(context, config, 0, "Trailing data in MS UPN SAN");
1638 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1639 goto out;
1640 }
1641
1642 kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
1643
1644 ret = krb5_parse_name(context, upn, &principal);
1645 free_MS_UPN_SAN(&upn);
1646 if (ret) {
1647 kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
1648 goto out;
1649 }
1650
1651 if (clientdb->hdb_check_pkinit_ms_upn_match) {
1652 ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal);
1653 } else {
1654
1655 /*
1656 * This is very wrong, but will do for a fallback
1657 */
1658 strupr(principal->realm);
1659
1660 if (krb5_principal_compare(context, principal, client->principal) == FALSE)
1661 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1662 }
1663
1664 out:
1665 if (principal)
1666 krb5_free_principal(context, principal);
1667 hx509_free_octet_string_list(&list);
1668
1669 return ret;
1670 }
1671
1672 krb5_error_code
1673 _kdc_pk_check_client(astgs_request_t r,
1674 pk_client_params *cp,
1675 char **subject_name)
1676 {
1677 krb5_kdc_configuration *config = r->config;
1678 HDB *clientdb = r->clientdb;
1679 hdb_entry *client = r->client;
1680 const HDB_Ext_PKINIT_acl *acl;
1681 const HDB_Ext_PKINIT_cert *pc;
1682 krb5_error_code ret;
1683 hx509_name name;
1684 size_t i;
1685
1686 if (cp->cert == NULL) {
1687 if (!_kdc_is_anonymous(r->context, client->principal)
1688 && !config->historical_anon_realm)
1689 return KRB5KDC_ERR_BADOPTION;
1690
1691 *subject_name = strdup("<unauthenticated anonymous client>");
1692 if (*subject_name == NULL)
1693 return ENOMEM;
1694 return 0;
1695 }
1696
1697 cp->endtime = hx509_cert_get_notAfter(cp->cert);
1698 cp->max_life = 0;
1699 if (config->pkinit_max_life_from_cert_extension)
1700 cp->max_life =
1701 hx509_cert_get_pkinit_max_life(r->context->hx509ctx, cp->cert,
1702 config->pkinit_max_life_bound);
1703 if (cp->max_life == 0 && config->pkinit_max_life_from_cert > 0) {
1704 cp->max_life = cp->endtime - hx509_cert_get_notBefore(cp->cert);
1705 if (cp->max_life > config->pkinit_max_life_from_cert)
1706 cp->max_life = config->pkinit_max_life_from_cert;
1707 }
1708
1709 ret = hx509_cert_get_base_subject(r->context->hx509ctx,
1710 cp->cert,
1711 &name);
1712 if (ret)
1713 return ret;
1714
1715 ret = hx509_name_to_string(name, subject_name);
1716 hx509_name_free(&name);
1717 if (ret)
1718 return ret;
1719
1720 kdc_log(r->context, config, 0,
1721 "Trying to authorize PKINIT subject DN %s",
1722 *subject_name);
1723
1724 ret = hdb_entry_get_pkinit_cert(client, &pc);
1725 if (ret == 0 && pc) {
1726 hx509_cert cert;
1727 size_t j;
1728
1729 for (j = 0; j < pc->len; j++) {
1730 cert = hx509_cert_init_data(r->context->hx509ctx,
1731 pc->val[j].cert.data,
1732 pc->val[j].cert.length,
1733 NULL);
1734 if (cert == NULL)
1735 continue;
1736 ret = hx509_cert_cmp(cert, cp->cert);
1737 hx509_cert_free(cert);
1738 if (ret == 0) {
1739 kdc_log(r->context, config, 5,
1740 "Found matching PKINIT cert in hdb");
1741 return 0;
1742 }
1743 }
1744 }
1745
1746
1747 if (config->pkinit_princ_in_cert) {
1748 ret = match_rfc_san(r->context, config,
1749 r->context->hx509ctx,
1750 cp->cert,
1751 client->principal);
1752 if (ret == 0) {
1753 kdc_log(r->context, config, 5,
1754 "Found matching PKINIT SAN in certificate");
1755 return 0;
1756 }
1757 ret = match_ms_upn_san(r->context, config,
1758 r->context->hx509ctx,
1759 cp->cert,
1760 clientdb,
1761 client);
1762 if (ret == 0) {
1763 kdc_log(r->context, config, 5,
1764 "Found matching MS UPN SAN in certificate");
1765 return 0;
1766 }
1767 }
1768
1769 ret = hdb_entry_get_pkinit_acl(client, &acl);
1770 if (ret == 0 && acl != NULL) {
1771 /*
1772 * Cheat here and compare the generated name with the string
1773 * and not the reverse.
1774 */
1775 for (i = 0; i < acl->len; i++) {
1776 if (strcmp(*subject_name, acl->val[0].subject) != 0)
1777 continue;
1778
1779 /* Don't support issuer and anchor checking right now */
1780 if (acl->val[0].issuer)
1781 continue;
1782 if (acl->val[0].anchor)
1783 continue;
1784
1785 kdc_log(r->context, config, 5,
1786 "Found matching PKINIT database ACL");
1787 return 0;
1788 }
1789 }
1790
1791 for (i = 0; i < principal_mappings.len; i++) {
1792 krb5_boolean b;
1793
1794 b = krb5_principal_compare(r->context,
1795 client->principal,
1796 principal_mappings.val[i].principal);
1797 if (b == FALSE)
1798 continue;
1799 if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
1800 continue;
1801 kdc_log(r->context, config, 5,
1802 "Found matching PKINIT FILE ACL");
1803 return 0;
1804 }
1805
1806 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1807 krb5_set_error_message(r->context, ret,
1808 "PKINIT no matching principals for %s",
1809 *subject_name);
1810
1811 kdc_log(r->context, config, 5,
1812 "PKINIT no matching principals for %s",
1813 *subject_name);
1814
1815 free(*subject_name);
1816 *subject_name = NULL;
1817
1818 return ret;
1819 }
1820
1821 static krb5_error_code
1822 add_principal_mapping(krb5_context context,
1823 const char *principal_name,
1824 const char * subject)
1825 {
1826 struct pk_allowed_princ *tmp;
1827 krb5_principal principal;
1828 krb5_error_code ret;
1829
1830 tmp = realloc(principal_mappings.val,
1831 (principal_mappings.len + 1) * sizeof(*tmp));
1832 if (tmp == NULL)
1833 return ENOMEM;
1834 principal_mappings.val = tmp;
1835
1836 ret = krb5_parse_name(context, principal_name, &principal);
1837 if (ret)
1838 return ret;
1839
1840 principal_mappings.val[principal_mappings.len].principal = principal;
1841
1842 principal_mappings.val[principal_mappings.len].subject = strdup(subject);
1843 if (principal_mappings.val[principal_mappings.len].subject == NULL) {
1844 krb5_free_principal(context, principal);
1845 return ENOMEM;
1846 }
1847 principal_mappings.len++;
1848
1849 return 0;
1850 }
1851
1852 krb5_error_code
1853 _kdc_add_initial_verified_cas(krb5_context context,
1854 krb5_kdc_configuration *config,
1855 pk_client_params *cp,
1856 EncTicketPart *tkt)
1857 {
1858 AD_INITIAL_VERIFIED_CAS cas;
1859 krb5_error_code ret;
1860 krb5_data data;
1861 size_t size = 0;
1862
1863 memset(&cas, 0, sizeof(cas));
1864
1865 /* XXX add CAs to cas here */
1866
1867 ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
1868 &cas, &size, ret);
1869 if (ret)
1870 return ret;
1871 if (data.length != size)
1872 krb5_abortx(context, "internal asn.1 encoder error");
1873
1874 ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
1875 KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
1876 &data);
1877 krb5_data_free(&data);
1878 return ret;
1879 }
1880
1881 /*
1882 *
1883 */
1884
1885 static void
1886 load_mappings(krb5_context context, const char *fn)
1887 {
1888 krb5_error_code ret;
1889 char buf[1024];
1890 unsigned long lineno = 0;
1891 FILE *f;
1892
1893 f = fopen(fn, "r");
1894 if (f == NULL)
1895 return;
1896
1897 while (fgets(buf, sizeof(buf), f) != NULL) {
1898 char *subject_name, *p;
1899
1900 buf[strcspn(buf, "\n")] = '\0';
1901 lineno++;
1902
1903 p = buf + strspn(buf, " \t");
1904
1905 if (*p == '#' || *p == '\0')
1906 continue;
1907
1908 subject_name = strchr(p, ':');
1909 if (subject_name == NULL) {
1910 krb5_warnx(context, "pkinit mapping file line %lu "
1911 "missing \":\" :%s",
1912 lineno, buf);
1913 continue;
1914 }
1915 *subject_name++ = '\0';
1916
1917 ret = add_principal_mapping(context, p, subject_name);
1918 if (ret) {
1919 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
1920 lineno, buf);
1921 continue;
1922 }
1923 }
1924
1925 fclose(f);
1926 }
1927
1928 /*
1929 *
1930 */
1931
1932 KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
1933 krb5_kdc_pk_initialize(krb5_context context,
1934 krb5_kdc_configuration *config,
1935 const char *user_id,
1936 const char *anchors,
1937 char **pool,
1938 char **revoke_list)
1939 {
1940 const char *file;
1941 char *fn = NULL;
1942 krb5_error_code ret;
1943
1944 file = krb5_config_get_string(context, NULL,
1945 "libdefaults", "moduli", NULL);
1946
1947 ret = _krb5_parse_moduli(context, file, &moduli);
1948 if (ret)
1949 krb5_err(context, 1, ret, "PKINIT: failed to load moduli file");
1950
1951 principal_mappings.len = 0;
1952 principal_mappings.val = NULL;
1953
1954 ret = _krb5_pk_load_id(context,
1955 &kdc_identity,
1956 user_id,
1957 anchors,
1958 pool,
1959 revoke_list,
1960 NULL,
1961 NULL,
1962 NULL);
1963 if (ret) {
1964 krb5_warn(context, ret, "PKINIT: failed to load ID");
1965 config->enable_pkinit = 0;
1966 return ret;
1967 }
1968
1969 {
1970 hx509_query *q;
1971 hx509_cert cert;
1972
1973 ret = hx509_query_alloc(context->hx509ctx, &q);
1974 if (ret) {
1975 krb5_warnx(context, "PKINIT: out of memory");
1976 return ENOMEM;
1977 }
1978
1979 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1980 if (config->pkinit_kdc_friendly_name)
1981 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1982
1983 ret = hx509_certs_find(context->hx509ctx,
1984 kdc_identity->certs,
1985 q,
1986 &cert);
1987 hx509_query_free(context->hx509ctx, q);
1988 if (ret == 0) {
1989 if (hx509_cert_check_eku(context->hx509ctx, cert,
1990 &asn1_oid_id_pkkdcekuoid, 0)) {
1991 hx509_name name;
1992 char *str;
1993 ret = hx509_cert_get_subject(cert, &name);
1994 if (ret == 0) {
1995 hx509_name_to_string(name, &str);
1996 krb5_warnx(context, "WARNING Found KDC certificate (%s) "
1997 "is missing the PKINIT KDC EKU, this is bad for "
1998 "interoperability.", str);
1999 hx509_name_free(&name);
2000 free(str);
2001 }
2002 }
2003 hx509_cert_free(cert);
2004 } else
2005 krb5_warnx(context, "PKINIT: failed to find a signing "
2006 "certificate with a public key");
2007 }
2008
2009 if (krb5_config_get_bool_default(context,
2010 NULL,
2011 FALSE,
2012 "kdc",
2013 "pkinit_allow_proxy_certificate",
2014 NULL))
2015 config->pkinit_allow_proxy_certs = 1;
2016
2017 file = krb5_config_get_string(context,
2018 NULL,
2019 "kdc",
2020 "pkinit_mappings_file",
2021 NULL);
2022 if (file == NULL) {
2023 int aret;
2024
2025 aret = asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
2026 if (aret == -1) {
2027 krb5_warnx(context, "PKINIT: out of memory");
2028 return ENOMEM;
2029 }
2030
2031 file = fn;
2032 }
2033
2034 load_mappings(context, file);
2035 if (fn)
2036 free(fn);
2037
2038 return 0;
2039 }
2040
2041 #endif /* PKINIT */
Heimdal