2 * Copyright (c) 1997 - 2011 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
37 #include <pkinit_asn1.h>
41 * free all the memory used by (len, keys)
45 hdb_free_keys(krb5_context context
, int len
, Key
*keys
)
49 for (i
= 0; i
< len
; i
++) {
52 if (keys
[i
].salt
!= NULL
) {
53 free_Salt(keys
[i
].salt
);
57 krb5_free_keyblock_contents(context
, &keys
[i
].key
);
63 * for each entry in `default_keys' try to parse it as a sequence
64 * of etype:salttype:salt, syntax of this if something like:
65 * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it
66 * means all etypes, and if string is omitted is means the default
67 * string (for that principal). Additional special values:
70 * afs or afs3 == des:afs3-salt
73 static const krb5_enctype des_etypes
[] = {
74 KRB5_ENCTYPE_DES_CBC_MD5
,
75 KRB5_ENCTYPE_DES_CBC_MD4
,
76 KRB5_ENCTYPE_DES_CBC_CRC
79 static const krb5_enctype all_etypes
[] = {
80 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
,
81 KRB5_ENCTYPE_DES3_CBC_SHA1
,
82 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
85 static krb5_error_code
86 parse_key_set(krb5_context context
, const char *key
,
87 krb5_enctype
**ret_enctypes
, size_t *ret_num_enctypes
,
88 krb5_salt
*salt
, krb5_principal principal
)
93 int i
, num_enctypes
= 0;
95 const krb5_enctype
*enctypes
= NULL
;
100 *ret_enctypes
= NULL
;
101 *ret_num_enctypes
= 0;
103 /* split p in a list of :-separated strings */
104 for(num_buf
= 0; num_buf
< 3; num_buf
++)
105 if(strsep_copy(&p
, ":", buf
[num_buf
], sizeof(buf
[num_buf
])) == -1)
108 salt
->saltvalue
.data
= NULL
;
109 salt
->saltvalue
.length
= 0;
111 for(i
= 0; i
< num_buf
; i
++) {
112 if(enctypes
== NULL
&& num_buf
> 1) {
113 /* this might be a etype specifier */
114 /* XXX there should be a string_to_etypes handling
115 special cases like `des' and `all' */
116 if(strcmp(buf
[i
], "des") == 0) {
117 enctypes
= des_etypes
;
118 num_enctypes
= sizeof(des_etypes
)/sizeof(des_etypes
[0]);
119 } else if(strcmp(buf
[i
], "des3") == 0) {
120 e
= KRB5_ENCTYPE_DES3_CBC_SHA1
;
124 ret
= krb5_string_to_enctype(context
, buf
[i
], &e
);
133 if(salt
->salttype
== 0) {
134 /* interpret string as a salt specifier, if no etype
135 is set, this sets default values */
136 /* XXX should perhaps use string_to_salttype, but that
138 if(strcmp(buf
[i
], "pw-salt") == 0) {
139 if(enctypes
== NULL
) {
140 enctypes
= all_etypes
;
141 num_enctypes
= sizeof(all_etypes
)/sizeof(all_etypes
[0]);
143 salt
->salttype
= KRB5_PW_SALT
;
144 } else if(strcmp(buf
[i
], "afs3-salt") == 0) {
145 if(enctypes
== NULL
) {
146 enctypes
= des_etypes
;
147 num_enctypes
= sizeof(des_etypes
)/sizeof(des_etypes
[0]);
149 salt
->salttype
= KRB5_AFS3_SALT
;
154 if (salt
->saltvalue
.data
!= NULL
)
155 free(salt
->saltvalue
.data
);
156 /* if there is a final string, use it as the string to
157 salt with, this is mostly useful with null salt for
158 v4 compat, and a cell name for afs compat */
159 salt
->saltvalue
.data
= strdup(buf
[i
]);
160 if (salt
->saltvalue
.data
== NULL
)
161 return krb5_enomem(context
);
162 salt
->saltvalue
.length
= strlen(buf
[i
]);
165 if(enctypes
== NULL
|| salt
->salttype
== 0) {
166 krb5_free_salt(context
, *salt
);
167 krb5_set_error_message(context
, EINVAL
, "bad value for default_keys `%s'", key
);
171 /* if no salt was specified make up default salt */
172 if(salt
->saltvalue
.data
== NULL
) {
173 if(salt
->salttype
== KRB5_PW_SALT
) {
174 ret
= krb5_get_pw_salt(context
, principal
, salt
);
177 } else if(salt
->salttype
== KRB5_AFS3_SALT
) {
178 krb5_const_realm realm
= krb5_principal_get_realm(context
, principal
);
179 salt
->saltvalue
.data
= strdup(realm
);
180 if(salt
->saltvalue
.data
== NULL
) {
181 krb5_set_error_message(context
, ENOMEM
,
182 "out of memory while "
183 "parsing salt specifiers");
186 strlwr(salt
->saltvalue
.data
);
187 salt
->saltvalue
.length
= strlen(realm
);
191 *ret_enctypes
= malloc(sizeof(enctypes
[0]) * num_enctypes
);
192 if (*ret_enctypes
== NULL
) {
193 krb5_free_salt(context
, *salt
);
194 krb5_set_error_message(context
, ENOMEM
, "malloc: out of memory");
197 memcpy(*ret_enctypes
, enctypes
, sizeof(enctypes
[0]) * num_enctypes
);
198 *ret_num_enctypes
= num_enctypes
;
204 * This function prunes an HDB entry's historic keys by kvno.
206 * @param context Context
207 * @param entry HDB entry
208 * @param kvno Keyset kvno to prune, or zero to prune all too-old keys
211 hdb_prune_keys_kvno(krb5_context context
, hdb_entry
*entry
, int kvno
)
214 HDB_Ext_KeySet
*keys
;
216 time_t keep_time
= 0;
221 * XXX Pruning old keys for namespace principals may not be desirable, but!
222 * as long as the `set_time's of the base keys for a namespace principal
223 * match the `epoch's of the corresponding KeyRotation periods, it will be
224 * perfectly acceptable to prune old [base] keys for namespace principals
225 * just as for any other principal. Therefore, we may not need to make any
226 * changes here w.r.t. namespace principals.
229 ext
= hdb_find_extension(entry
, choice_HDB_extension_data_hist_keys
);
232 keys
= &ext
->data
.u
.hist_keys
;
236 * Optionally drop key history for keys older than now - max_life, which is
237 * all the keys no longer needed to decrypt extant tickets.
239 if (kvno
== 0 && entry
->max_life
!= NULL
&& nelem
> 0) {
240 time_t ceiling
= time(NULL
) - *entry
->max_life
;
243 * Compute most recent key timestamp that predates the current time
244 * by at least the entry's maximum ticket lifetime.
246 for (i
= 0; i
< nelem
; ++i
) {
247 elem
= &keys
->val
[i
];
248 if (elem
->set_time
&& *elem
->set_time
< ceiling
249 && (keep_time
== 0 || *elem
->set_time
> keep_time
))
250 keep_time
= *elem
->set_time
;
254 if (kvno
== 0 && keep_time
== 0)
257 for (i
= 0; i
< nelem
; /* see below */) {
258 elem
= &keys
->val
[i
];
259 if ((kvno
&& kvno
== elem
->kvno
) ||
260 (keep_time
&& elem
->set_time
&& *elem
->set_time
< keep_time
)) {
261 remove_HDB_Ext_KeySet(keys
, i
);
263 * Removing the i'th element shifts the tail down, continue
264 * at same index with reduced upper bound.
276 * This function prunes an HDB entry's keys that are too old to have been used
277 * to mint still valid tickets (based on the entry's maximum ticket lifetime).
279 * @param context Context
280 * @param entry HDB entry
283 hdb_prune_keys(krb5_context context
, hdb_entry
*entry
)
285 if (!krb5_config_get_bool_default(context
, NULL
, FALSE
,
286 "kadmin", "prune-key-history", NULL
))
288 return hdb_prune_keys_kvno(context
, entry
, 0);
292 * This function adds a keyset to an HDB entry's key history.
294 * @param context Context
295 * @param entry HDB entry
296 * @param kvno Key version number of the key to add to the history
297 * @param key The Key to add
300 hdb_add_history_keyset(krb5_context context
,
302 const hdb_keyset
*ks
)
305 HDB_Ext_KeySet
*hist_keys
;
308 krb5_error_code ret
= 0;
310 memset(&ext
, 0, sizeof (ext
));
312 extp
= hdb_find_extension(entry
, choice_HDB_extension_data_hist_keys
);
314 ext
.mandatory
= FALSE
;
315 ext
.data
.element
= choice_HDB_extension_data_hist_keys
;
316 ext
.data
.u
.hist_keys
.len
= 0;
317 ext
.data
.u
.hist_keys
.val
= 0;
320 hist_keys
= &extp
->data
.u
.hist_keys
;
322 for (i
= 0; i
< hist_keys
->len
; i
++) {
323 if (hist_keys
->val
[i
].kvno
== ks
->kvno
) {
324 /* Replace existing */
325 free_HDB_keyset(&hist_keys
->val
[i
]);
326 ret
= copy_HDB_keyset(ks
, &hist_keys
->val
[i
]);
330 if (i
>= hist_keys
->len
)
331 ret
= add_HDB_Ext_KeySet(hist_keys
, ks
); /* Append new */
332 if (ret
== 0 && extp
== &ext
)
333 ret
= hdb_replace_extension(context
, entry
, &ext
);
334 free_HDB_extension(&ext
);
339 * This function adds an HDB entry's current keyset to the entry's key
340 * history. The current keyset is left alone; the caller is responsible
343 * @param context Context
344 * @param entry HDB entry
346 * @return Zero on success, or an error code otherwise.
349 hdb_add_current_keys_to_history(krb5_context context
, hdb_entry
*entry
)
355 if (entry
->keys
.len
== 0)
356 return 0; /* nothing to do */
358 ret
= hdb_entry_get_pw_change_time(entry
, &newtime
);
362 ks
.keys
= entry
->keys
;
363 ks
.kvno
= entry
->kvno
;
364 ks
.set_time
= &newtime
;
366 ret
= hdb_add_history_keyset(context
, entry
, &ks
);
368 ret
= hdb_prune_keys(context
, entry
);
373 * This function adds a key to an HDB entry's key history.
375 * @param context Context
376 * @param entry HDB entry
377 * @param kvno Key version number of the key to add to the history
378 * @param key The Key to add
380 * @return Zero on success, or an error code otherwise.
383 hdb_add_history_key(krb5_context context
, hdb_entry
*entry
, krb5_kvno kvno
, Key
*key
)
387 HDB_Ext_KeySet
*hist_keys
;
392 memset(&keyset
, 0, sizeof (keyset
));
393 memset(&ext
, 0, sizeof (ext
));
395 extp
= hdb_find_extension(entry
, choice_HDB_extension_data_hist_keys
);
397 ext
.data
.element
= choice_HDB_extension_data_hist_keys
;
401 extp
->mandatory
= FALSE
;
402 hist_keys
= &extp
->data
.u
.hist_keys
;
404 for (i
= 0; i
< hist_keys
->len
; i
++) {
405 if (hist_keys
->val
[i
].kvno
== kvno
) {
406 ret
= add_Keys(&hist_keys
->val
[i
].keys
, key
);
412 ret
= add_Keys(&keyset
.keys
, key
);
415 ret
= add_HDB_Ext_KeySet(hist_keys
, &keyset
);
419 ret
= hdb_replace_extension(context
, entry
, &ext
);
425 free_HDB_keyset(&keyset
);
426 free_HDB_extension(&ext
);
431 * This function changes an hdb_entry's kvno, swapping the current key
432 * set with a historical keyset. If no historical keys are found then
433 * an error is returned (the caller can still set entry->kvno directly).
435 * @param context krb5_context
436 * @param new_kvno New kvno for the entry
437 * @param entry hdb_entry to modify
440 hdb_change_kvno(krb5_context context
, krb5_kvno new_kvno
, hdb_entry
*entry
)
445 HDB_Ext_KeySet
*hist_keys
;
450 if (entry
->kvno
== new_kvno
)
453 extp
= hdb_find_extension(entry
, choice_HDB_extension_data_hist_keys
);
455 memset(&ext
, 0, sizeof (ext
));
456 ext
.data
.element
= choice_HDB_extension_data_hist_keys
;
460 memset(&keyset
, 0, sizeof (keyset
));
461 hist_keys
= &extp
->data
.u
.hist_keys
;
462 for (i
= 0; i
< hist_keys
->len
; i
++) {
463 if (hist_keys
->val
[i
].kvno
== new_kvno
) {
465 ret
= copy_HDB_keyset(&hist_keys
->val
[i
], &keyset
);
468 ret
= remove_HDB_Ext_KeySet(hist_keys
, i
);
476 return HDB_ERR_KVNO_NOT_FOUND
;
478 ret
= hdb_add_current_keys_to_history(context
, entry
);
482 /* Note: we do nothing with keyset.set_time */
483 entry
->kvno
= new_kvno
;
484 entry
->keys
= keyset
.keys
; /* shortcut */
485 memset(&keyset
.keys
, 0, sizeof (keyset
.keys
));
488 free_HDB_keyset(&keyset
);
493 static krb5_error_code
494 add_enctype_to_key_set(Key
**key_set
, size_t *nkeyset
,
495 krb5_enctype enctype
, krb5_salt
*salt
)
500 memset(&key
, 0, sizeof(key
));
502 tmp
= realloc(*key_set
, (*nkeyset
+ 1) * sizeof((*key_set
)[0]));
508 key
.key
.keytype
= enctype
;
509 key
.key
.keyvalue
.length
= 0;
510 key
.key
.keyvalue
.data
= NULL
;
513 key
.salt
= calloc(1, sizeof(*key
.salt
));
514 if (key
.salt
== NULL
) {
519 key
.salt
->type
= salt
->salttype
;
520 krb5_data_zero (&key
.salt
->salt
);
522 ret
= krb5_data_copy(&key
.salt
->salt
,
523 salt
->saltvalue
.data
,
524 salt
->saltvalue
.length
);
532 (*key_set
)[*nkeyset
] = key
;
542 ks_tuple2str(krb5_context context
, int n_ks_tuple
,
543 krb5_key_salt_tuple
*ks_tuple
, char ***ks_tuple_strs
)
547 krb5_error_code rc
= KRB5_PROG_ETYPE_NOSUPP
;
549 *ks_tuple_strs
= NULL
;
553 if ((ksnames
= calloc(n_ks_tuple
+ 1, sizeof (*ksnames
))) == NULL
)
556 for (i
= 0; i
< n_ks_tuple
; i
++) {
559 if (krb5_enctype_to_string(context
, ks_tuple
[i
].ks_enctype
, &ename
))
561 if (krb5_salttype_to_string(context
, ks_tuple
[i
].ks_enctype
,
562 ks_tuple
[i
].ks_salttype
, &sname
)) {
567 if (asprintf(&ksnames
[i
], "%s:%s", ename
, sname
) == -1) {
578 *ks_tuple_strs
= ksnames
;
582 for (i
= 0; i
< n_ks_tuple
; i
++)
593 glob_rules_keys(krb5_context context
, krb5_const_principal principal
)
595 const krb5_config_binding
*list
;
596 krb5_principal pattern
;
599 list
= krb5_config_get_list(context
, NULL
, "kadmin",
600 "default_key_rules", NULL
);
605 if (list
->type
== krb5_config_string
) {
606 ret
= krb5_parse_name(context
, list
->name
, &pattern
);
608 ret
= krb5_principal_match(context
, principal
, pattern
);
609 krb5_free_principal(context
, pattern
);
611 return krb5_config_get_strings(context
, list
,
622 * NIST guidance in Section 5.1 of [SP800-132] requires that a portion
623 * of the salt of at least 128 bits shall be randomly generated.
625 static krb5_error_code
626 add_random_to_salt(krb5_context context
, krb5_salt
*in
, krb5_salt
*out
)
630 unsigned char random
[16];
634 krb5_generate_random_block(random
, sizeof(random
));
636 slen
= rk_base64_encode(random
, sizeof(random
), &s
);
640 ret
= krb5_data_alloc(&out
->saltvalue
, slen
+ in
->saltvalue
.length
);
646 p
= out
->saltvalue
.data
;
648 memcpy(&p
[slen
], in
->saltvalue
.data
, in
->saltvalue
.length
);
650 out
->salttype
= in
->salttype
;
657 * Generate the `key_set' from the [kadmin]default_keys statement. If
658 * `no_salt' is set, salt is not important (and will not be set) since
659 * it's random keys that is going to be created.
663 hdb_generate_key_set(krb5_context context
, krb5_principal principal
,
664 krb5_key_salt_tuple
*ks_tuple
, int n_ks_tuple
,
665 Key
**ret_key_set
, size_t *nkeyset
, int no_salt
)
667 char **ktypes
= NULL
;
672 char **ks_tuple_strs
;
673 char **config_ktypes
= NULL
;
674 static const char *default_keytypes
[] = {
675 "aes256-cts-hmac-sha1-96:pw-salt",
676 "des3-cbc-sha1:pw-salt",
677 "arcfour-hmac-md5:pw-salt",
681 if ((ret
= ks_tuple2str(context
, n_ks_tuple
, ks_tuple
, &ks_tuple_strs
)))
684 ktypes
= ks_tuple_strs
;
685 if (ktypes
== NULL
) {
686 config_ktypes
= glob_rules_keys(context
, principal
);
687 ktypes
= config_ktypes
;
689 if (ktypes
== NULL
) {
690 config_ktypes
= krb5_config_get_strings(context
, NULL
, "kadmin",
691 "default_keys", NULL
);
692 ktypes
= config_ktypes
;
695 ktypes
= (char **)(intptr_t)default_keytypes
;
697 *ret_key_set
= key_set
= NULL
;
700 for(kp
= ktypes
; kp
&& *kp
; kp
++) {
703 krb5_enctype
*enctypes
;
708 if(strcmp(p
, "v5") == 0)
710 else if(strcmp(p
, "v4") == 0)
712 else if(strcmp(p
, "afs") == 0 || strcmp(p
, "afs3") == 0)
714 else if (strcmp(p
, "arcfour-hmac-md5") == 0)
715 p
= "arcfour-hmac-md5:pw-salt";
717 memset(&salt
, 0, sizeof(salt
));
719 ret
= parse_key_set(context
, p
,
720 &enctypes
, &num_enctypes
, &salt
, principal
);
722 krb5_warn(context
, ret
, "bad value for default_keys `%s'", *kp
);
724 krb5_free_salt(context
, salt
);
728 for (i
= 0; i
< num_enctypes
; i
++) {
729 krb5_salt
*saltp
= no_salt
? NULL
: &salt
;
732 /* find duplicates */
733 for (j
= 0; j
< *nkeyset
; j
++) {
737 if (k
->key
.keytype
== enctypes
[i
]) {
740 if (k
->salt
== NULL
&& salt
.salttype
== KRB5_PW_SALT
)
742 if (k
->salt
->type
== salt
.salttype
&&
743 k
->salt
->salt
.length
== salt
.saltvalue
.length
&&
744 memcmp(k
->salt
->salt
.data
, salt
.saltvalue
.data
,
745 salt
.saltvalue
.length
) == 0)
749 /* not a duplicate, lets add it */
753 memset(&rsalt
, 0, sizeof(rsalt
));
755 /* prepend salt with randomness if required */
757 _krb5_enctype_requires_random_salt(context
, enctypes
[i
])) {
759 ret
= add_random_to_salt(context
, &salt
, &rsalt
);
763 ret
= add_enctype_to_key_set(&key_set
, nkeyset
, enctypes
[i
],
765 krb5_free_salt(context
, rsalt
);
769 krb5_free_salt(context
, salt
);
774 krb5_free_salt(context
, salt
);
777 *ret_key_set
= key_set
;
780 if (config_ktypes
!= NULL
)
781 krb5_config_free_strings(config_ktypes
);
783 for(kp
= ks_tuple_strs
; kp
&& *kp
; kp
++)
788 krb5_warn(context
, ret
,
789 "failed to parse the [kadmin]default_keys values");
791 for (i
= 0; i
< *nkeyset
; i
++)
792 free_Key(&key_set
[i
]);
794 } else if (*nkeyset
== 0) {
796 "failed to parse any of the [kadmin]default_keys values");
797 ret
= EINVAL
; /* XXX */
805 hdb_generate_key_set_password_with_ks_tuple(krb5_context context
,
806 krb5_principal principal
,
807 const char *password
,
808 krb5_key_salt_tuple
*ks_tuple
,
810 Key
**keys
, size_t *num_keys
)
815 ret
= hdb_generate_key_set(context
, principal
, ks_tuple
, n_ks_tuple
,
820 for (i
= 0; i
< (*num_keys
); i
++) {
822 Key
*key
= &(*keys
)[i
];
824 salt
.salttype
= key
->salt
->type
;
825 salt
.saltvalue
.length
= key
->salt
->salt
.length
;
826 salt
.saltvalue
.data
= key
->salt
->salt
.data
;
828 ret
= krb5_string_to_key_salt (context
,
838 hdb_free_keys (context
, *num_keys
, *keys
);
846 hdb_generate_key_set_password(krb5_context context
,
847 krb5_principal principal
,
848 const char *password
,
849 Key
**keys
, size_t *num_keys
)
852 return hdb_generate_key_set_password_with_ks_tuple(context
, principal
,