2 * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
43 #include <pkinit_asn1.h>
46 #include "crypto-headers.h"
48 /* XXX copied from lib/krb5/pkinit.c */
49 struct krb5_pk_identity
{
50 hx509_context hx509ctx
;
51 hx509_verify_ctx verify_ctx
;
55 hx509_revoke_ctx revoke
;
59 PKINIT_COMPAT_WIN2K
= 1,
63 struct pk_client_params
{
64 enum pkinit_type type
;
65 BIGNUM
*dh_public_key
;
69 EncryptionKey reply_key
;
72 hx509_certs client_anchors
;
75 struct pk_principal_mapping
{
77 struct pk_allowed_princ
{
78 krb5_principal principal
;
83 static struct krb5_pk_identity
*kdc_identity
;
84 static struct pk_principal_mapping principal_mappings
;
85 static struct krb5_dh_moduli
**moduli
;
97 static krb5_error_code
98 pk_check_pkauthenticator_win2k(krb5_context context
,
99 PKAuthenticator_Win2k
*a
,
104 krb5_timeofday (context
, &now
);
107 if (a
->ctime
== 0 || abs(a
->ctime
- now
) > context
->max_skew
) {
108 krb5_clear_error_string(context
);
109 return KRB5KRB_AP_ERR_SKEW
;
114 static krb5_error_code
115 pk_check_pkauthenticator(krb5_context context
,
126 krb5_timeofday (context
, &now
);
129 if (a
->ctime
== 0 || abs(a
->ctime
- now
) > context
->max_skew
) {
130 krb5_clear_error_string(context
);
131 return KRB5KRB_AP_ERR_SKEW
;
134 ASN1_MALLOC_ENCODE(KDC_REQ_BODY
, buf
, buf_size
, &req
->req_body
, &len
, ret
);
136 krb5_clear_error_string(context
);
140 krb5_abortx(context
, "Internal error in ASN.1 encoder");
142 ret
= krb5_create_checksum(context
,
151 krb5_clear_error_string(context
);
155 if (a
->paChecksum
== NULL
) {
156 krb5_clear_error_string(context
);
157 ret
= KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED
;
161 if (der_heim_octet_string_cmp(a
->paChecksum
, &checksum
.checksum
) != 0) {
162 krb5_clear_error_string(context
);
163 ret
= KRB5KRB_ERR_GENERIC
;
167 free_Checksum(&checksum
);
173 _kdc_pk_free_client_param(krb5_context context
,
174 pk_client_params
*client_params
)
176 if (client_params
->cert
)
177 hx509_cert_free(client_params
->cert
);
178 if (client_params
->dh
)
179 DH_free(client_params
->dh
);
180 if (client_params
->dh_public_key
)
181 BN_free(client_params
->dh_public_key
);
182 krb5_free_keyblock_contents(context
, &client_params
->reply_key
);
183 if (client_params
->dh_group_name
)
184 free(client_params
->dh_group_name
);
185 if (client_params
->peer
)
186 hx509_peer_info_free(client_params
->peer
);
187 if (client_params
->client_anchors
)
188 hx509_certs_free(&client_params
->client_anchors
);
189 memset(client_params
, 0, sizeof(*client_params
));
193 static krb5_error_code
194 generate_dh_keyblock(krb5_context context
, pk_client_params
*client_params
,
195 krb5_enctype enctype
, krb5_keyblock
*reply_key
)
197 unsigned char *dh_gen_key
= NULL
;
200 size_t dh_gen_keylen
, size
;
202 memset(&key
, 0, sizeof(key
));
204 if (!DH_generate_key(client_params
->dh
)) {
205 krb5_set_error_string(context
, "Can't generate Diffie-Hellman keys");
206 ret
= KRB5KRB_ERR_GENERIC
;
209 if (client_params
->dh_public_key
== NULL
) {
210 krb5_set_error_string(context
, "dh_public_key");
211 ret
= KRB5KRB_ERR_GENERIC
;
215 dh_gen_keylen
= DH_size(client_params
->dh
);
216 size
= BN_num_bytes(client_params
->dh
->p
);
217 if (size
< dh_gen_keylen
)
218 size
= dh_gen_keylen
;
220 dh_gen_key
= malloc(size
);
221 if (dh_gen_key
== NULL
) {
222 krb5_set_error_string(context
, "malloc: out of memory");
226 memset(dh_gen_key
, 0, size
- dh_gen_keylen
);
228 dh_gen_keylen
= DH_compute_key(dh_gen_key
+ (size
- dh_gen_keylen
),
229 client_params
->dh_public_key
,
231 if (dh_gen_keylen
== -1) {
232 krb5_set_error_string(context
, "Can't compute Diffie-Hellman key");
233 ret
= KRB5KRB_ERR_GENERIC
;
237 ret
= _krb5_pk_octetstring2key(context
,
239 dh_gen_key
, dh_gen_keylen
,
246 if (key
.keyvalue
.data
)
247 krb5_free_keyblock_contents(context
, &key
);
253 integer_to_BN(krb5_context context
, const char *field
, heim_integer
*f
)
257 bn
= BN_bin2bn((const unsigned char *)f
->data
, f
->length
, NULL
);
259 krb5_set_error_string(context
, "PKINIT: parsing BN failed %s", field
);
262 BN_set_negative(bn
, f
->negative
);
266 static krb5_error_code
267 get_dh_param(krb5_context context
,
268 krb5_kdc_configuration
*config
,
269 SubjectPublicKeyInfo
*dh_key_info
,
270 pk_client_params
*client_params
)
272 DomainParameters dhparam
;
276 memset(&dhparam
, 0, sizeof(dhparam
));
278 if (der_heim_oid_cmp(&dh_key_info
->algorithm
.algorithm
, oid_id_dhpublicnumber())) {
279 krb5_set_error_string(context
,
280 "PKINIT invalid oid in clientPublicValue");
281 return KRB5_BADMSGTYPE
;
284 if (dh_key_info
->algorithm
.parameters
== NULL
) {
285 krb5_set_error_string(context
, "PKINIT missing algorithm parameter "
286 "in clientPublicValue");
287 return KRB5_BADMSGTYPE
;
290 ret
= decode_DomainParameters(dh_key_info
->algorithm
.parameters
->data
,
291 dh_key_info
->algorithm
.parameters
->length
,
295 krb5_set_error_string(context
, "Can't decode algorithm "
296 "parameters in clientPublicValue");
300 if ((dh_key_info
->subjectPublicKey
.length
% 8) != 0) {
301 ret
= KRB5_BADMSGTYPE
;
302 krb5_set_error_string(context
, "PKINIT: subjectPublicKey not aligned "
303 "to 8 bit boundary");
308 ret
= _krb5_dh_group_ok(context
, config
->pkinit_dh_min_bits
,
309 &dhparam
.p
, &dhparam
.g
, &dhparam
.q
, moduli
,
310 &client_params
->dh_group_name
);
312 /* XXX send back proposal of better group */
318 krb5_set_error_string(context
, "Cannot create DH structure");
322 ret
= KRB5_BADMSGTYPE
;
323 dh
->p
= integer_to_BN(context
, "DH prime", &dhparam
.p
);
326 dh
->g
= integer_to_BN(context
, "DH base", &dhparam
.g
);
329 dh
->q
= integer_to_BN(context
, "DH p-1 factor", &dhparam
.q
);
337 ret
= decode_DHPublicKey(dh_key_info
->subjectPublicKey
.data
,
338 dh_key_info
->subjectPublicKey
.length
/ 8,
342 krb5_clear_error_string(context
);
346 client_params
->dh_public_key
= integer_to_BN(context
,
349 der_free_heim_integer(&glue
);
350 if (client_params
->dh_public_key
== NULL
)
354 client_params
->dh
= dh
;
361 free_DomainParameters(&dhparam
);
366 _kdc_pk_rd_padata(krb5_context context
,
367 krb5_kdc_configuration
*config
,
370 pk_client_params
**ret_params
)
372 pk_client_params
*client_params
;
374 heim_oid eContentType
= { 0, NULL
}, contentInfoOid
= { 0, NULL
};
375 krb5_data eContent
= { 0, NULL
};
376 krb5_data signed_content
= { 0, NULL
};
377 const char *type
= "unknown type";
382 if (!config
->enable_pkinit
) {
383 kdc_log(context
, config
, 0, "PK-INIT request but PK-INIT not enabled");
384 krb5_clear_error_string(context
);
388 hx509_verify_set_time(kdc_identity
->verify_ctx
, _kdc_now
.tv_sec
);
390 client_params
= calloc(1, sizeof(*client_params
));
391 if (client_params
== NULL
) {
392 krb5_clear_error_string(context
);
397 if (pa
->padata_type
== KRB5_PADATA_PK_AS_REQ_WIN
) {
398 PA_PK_AS_REQ_Win2k r
;
400 type
= "PK-INIT-Win2k";
402 ret
= decode_PA_PK_AS_REQ_Win2k(pa
->padata_value
.data
,
403 pa
->padata_value
.length
,
407 krb5_set_error_string(context
, "Can't decode "
408 "PK-AS-REQ-Win2k: %d", ret
);
412 ret
= hx509_cms_unwrap_ContentInfo(&r
.signed_auth_pack
,
416 free_PA_PK_AS_REQ_Win2k(&r
);
418 krb5_set_error_string(context
, "Can't decode PK-AS-REQ: %d", ret
);
422 } else if (pa
->padata_type
== KRB5_PADATA_PK_AS_REQ
) {
425 type
= "PK-INIT-IETF";
427 ret
= decode_PA_PK_AS_REQ(pa
->padata_value
.data
,
428 pa
->padata_value
.length
,
432 krb5_set_error_string(context
, "Can't decode PK-AS-REQ: %d", ret
);
436 /* XXX look at r.kdcPkId */
437 if (r
.trustedCertifiers
) {
438 ExternalPrincipalIdentifiers
*edi
= r
.trustedCertifiers
;
441 ret
= hx509_certs_init(kdc_identity
->hx509ctx
,
442 "MEMORY:client-anchors",
444 &client_params
->client_anchors
);
446 krb5_set_error_string(context
, "Can't allocate client anchors: %d", ret
);
450 for (i
= 0; i
< edi
->len
; i
++) {
451 IssuerAndSerialNumber iasn
;
456 if (edi
->val
[i
].issuerAndSerialNumber
== NULL
)
459 ret
= hx509_query_alloc(kdc_identity
->hx509ctx
, &q
);
461 krb5_set_error_string(context
,
462 "Failed to allocate hx509_query");
466 ret
= decode_IssuerAndSerialNumber(edi
->val
[i
].issuerAndSerialNumber
->data
,
467 edi
->val
[i
].issuerAndSerialNumber
->length
,
471 hx509_query_free(kdc_identity
->hx509ctx
, q
);
474 ret
= hx509_query_match_issuer_serial(q
, &iasn
.issuer
, &iasn
.serialNumber
);
475 free_IssuerAndSerialNumber(&iasn
);
479 ret
= hx509_certs_find(kdc_identity
->hx509ctx
,
483 hx509_query_free(kdc_identity
->hx509ctx
, q
);
486 hx509_certs_add(kdc_identity
->hx509ctx
,
487 client_params
->client_anchors
, cert
);
488 hx509_cert_free(cert
);
492 ret
= hx509_cms_unwrap_ContentInfo(&r
.signedAuthPack
,
496 free_PA_PK_AS_REQ(&r
);
498 krb5_set_error_string(context
, "Can't unwrap ContentInfo: %d", ret
);
503 krb5_clear_error_string(context
);
504 ret
= KRB5KDC_ERR_PADATA_TYPE_NOSUPP
;
508 ret
= der_heim_oid_cmp(&contentInfoOid
, oid_id_pkcs7_signedData());
510 krb5_set_error_string(context
, "PK-AS-REQ-Win2k invalid content "
512 ret
= KRB5KRB_ERR_GENERIC
;
517 krb5_set_error_string(context
,
518 "PK-AS-REQ-Win2k no signed auth pack");
519 ret
= KRB5KRB_ERR_GENERIC
;
524 hx509_certs signer_certs
;
526 ret
= hx509_cms_verify_signed(kdc_identity
->hx509ctx
,
527 kdc_identity
->verify_ctx
,
529 signed_content
.length
,
531 kdc_identity
->certpool
,
536 char *s
= hx509_get_error_string(kdc_identity
->hx509ctx
, ret
);
537 krb5_warnx(context
, "PKINIT: failed to verify signature: %s: %d",
543 ret
= hx509_get_one_cert(kdc_identity
->hx509ctx
, signer_certs
,
544 &client_params
->cert
);
545 hx509_certs_free(&signer_certs
);
550 /* Signature is correct, now verify the signed message */
551 if (der_heim_oid_cmp(&eContentType
, oid_id_pkcs7_data()) != 0 &&
552 der_heim_oid_cmp(&eContentType
, oid_id_pkauthdata()) != 0)
554 krb5_set_error_string(context
, "got wrong oid for pkauthdata");
555 ret
= KRB5_BADMSGTYPE
;
559 if (pa
->padata_type
== KRB5_PADATA_PK_AS_REQ_WIN
) {
562 ret
= decode_AuthPack_Win2k(eContent
.data
,
567 krb5_set_error_string(context
, "can't decode AuthPack: %d", ret
);
571 ret
= pk_check_pkauthenticator_win2k(context
,
575 free_AuthPack_Win2k(&ap
);
579 client_params
->type
= PKINIT_COMPAT_WIN2K
;
580 client_params
->nonce
= ap
.pkAuthenticator
.nonce
;
582 if (ap
.clientPublicValue
) {
583 krb5_set_error_string(context
, "DH not supported for windows");
584 ret
= KRB5KRB_ERR_GENERIC
;
587 free_AuthPack_Win2k(&ap
);
589 } else if (pa
->padata_type
== KRB5_PADATA_PK_AS_REQ
) {
592 ret
= decode_AuthPack(eContent
.data
,
597 krb5_set_error_string(context
, "can't decode AuthPack: %d", ret
);
602 ret
= pk_check_pkauthenticator(context
,
610 client_params
->type
= PKINIT_COMPAT_27
;
611 client_params
->nonce
= ap
.pkAuthenticator
.nonce
;
613 if (ap
.clientPublicValue
) {
614 ret
= get_dh_param(context
, config
,
615 ap
.clientPublicValue
, client_params
);
622 if (ap
.supportedCMSTypes
) {
623 ret
= hx509_peer_info_alloc(kdc_identity
->hx509ctx
,
624 &client_params
->peer
);
629 ret
= hx509_peer_info_set_cms_algs(kdc_identity
->hx509ctx
,
631 ap
.supportedCMSTypes
->val
,
632 ap
.supportedCMSTypes
->len
);
640 krb5_abortx(context
, "internal pkinit error");
642 kdc_log(context
, config
, 0, "PK-INIT request of type %s", type
);
646 krb5_warn(context
, ret
, "PKINIT");
648 if (signed_content
.data
)
649 free(signed_content
.data
);
650 krb5_data_free(&eContent
);
651 der_free_oid(&eContentType
);
652 der_free_oid(&contentInfoOid
);
654 _kdc_pk_free_client_param(context
, client_params
);
656 *ret_params
= client_params
;
664 static krb5_error_code
665 BN_to_integer(krb5_context context
, BIGNUM
*bn
, heim_integer
*integer
)
667 integer
->length
= BN_num_bytes(bn
);
668 integer
->data
= malloc(integer
->length
);
669 if (integer
->data
== NULL
) {
670 krb5_clear_error_string(context
);
673 BN_bn2bin(bn
, integer
->data
);
674 integer
->negative
= BN_is_negative(bn
);
678 static krb5_error_code
679 pk_mk_pa_reply_enckey(krb5_context context
,
680 krb5_kdc_configuration
*config
,
681 pk_client_params
*client_params
,
683 const krb5_data
*req_buffer
,
684 krb5_keyblock
*reply_key
,
685 ContentInfo
*content_info
)
687 const heim_oid
*envelopedAlg
= NULL
, *sdAlg
= NULL
;
689 krb5_data buf
, signed_data
;
693 krb5_data_zero(&buf
);
694 krb5_data_zero(&signed_data
);
697 * If the message client is a win2k-type but it send pa data
698 * 09-binding it expects a IETF (checksum) reply so there can be
702 switch (client_params
->type
) {
703 case PKINIT_COMPAT_WIN2K
: {
705 if (_kdc_find_padata(req
, &i
, KRB5_PADATA_PK_AS_09_BINDING
) == NULL
706 && config
->pkinit_require_binding
== 0)
712 case PKINIT_COMPAT_27
:
715 krb5_abortx(context
, "internal pkinit error");
719 ReplyKeyPack_Win2k kp
;
720 memset(&kp
, 0, sizeof(kp
));
722 envelopedAlg
= oid_id_rsadsi_des_ede3_cbc();
723 sdAlg
= oid_id_pkcs7_data();
725 ret
= copy_EncryptionKey(reply_key
, &kp
.replyKey
);
727 krb5_clear_error_string(context
);
730 kp
.nonce
= client_params
->nonce
;
732 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k
,
733 buf
.data
, buf
.length
,
735 free_ReplyKeyPack_Win2k(&kp
);
737 krb5_crypto ascrypto
;
739 memset(&kp
, 0, sizeof(kp
));
741 sdAlg
= oid_id_pkrkeydata();
743 ret
= copy_EncryptionKey(reply_key
, &kp
.replyKey
);
745 krb5_clear_error_string(context
);
749 ret
= krb5_crypto_init(context
, reply_key
, 0, &ascrypto
);
751 krb5_clear_error_string(context
);
755 ret
= krb5_create_checksum(context
, ascrypto
, 6, 0,
756 req_buffer
->data
, req_buffer
->length
,
759 krb5_clear_error_string(context
);
763 ret
= krb5_crypto_destroy(context
, ascrypto
);
765 krb5_clear_error_string(context
);
768 ASN1_MALLOC_ENCODE(ReplyKeyPack
, buf
.data
, buf
.length
, &kp
, &size
,ret
);
769 free_ReplyKeyPack(&kp
);
772 krb5_set_error_string(context
, "ASN.1 encoding of ReplyKeyPack "
776 if (buf
.length
!= size
)
777 krb5_abortx(context
, "Internal ASN.1 encoder error");
783 ret
= hx509_query_alloc(kdc_identity
->hx509ctx
, &q
);
787 hx509_query_match_option(q
, HX509_QUERY_OPTION_PRIVATE_KEY
);
788 hx509_query_match_option(q
, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE
);
790 ret
= hx509_certs_find(kdc_identity
->hx509ctx
,
794 hx509_query_free(kdc_identity
->hx509ctx
, q
);
798 ret
= hx509_cms_create_signed_1(kdc_identity
->hx509ctx
,
806 client_params
->client_anchors
,
807 kdc_identity
->certpool
,
809 hx509_cert_free(cert
);
812 krb5_data_free(&buf
);
816 if (client_params
->type
== PKINIT_COMPAT_WIN2K
) {
817 ret
= hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(),
822 krb5_data_free(&signed_data
);
826 ret
= hx509_cms_envelope_1(kdc_identity
->hx509ctx
,
829 signed_data
.data
, signed_data
.length
,
831 oid_id_pkcs7_signedData(), &buf
);
835 ret
= _krb5_pk_mk_ContentInfo(context
,
837 oid_id_pkcs7_envelopedData(),
840 krb5_data_free(&buf
);
841 krb5_data_free(&signed_data
);
849 static krb5_error_code
850 pk_mk_pa_reply_dh(krb5_context context
,
852 pk_client_params
*client_params
,
853 krb5_keyblock
*reply_key
,
854 ContentInfo
*content_info
,
855 hx509_cert
*kdc_cert
)
857 KDCDHKeyInfo dh_info
;
858 krb5_data signed_data
, buf
;
859 ContentInfo contentinfo
;
864 memset(&contentinfo
, 0, sizeof(contentinfo
));
865 memset(&dh_info
, 0, sizeof(dh_info
));
866 krb5_data_zero(&buf
);
867 krb5_data_zero(&signed_data
);
871 ret
= BN_to_integer(context
, kdc_dh
->pub_key
, &i
);
875 ASN1_MALLOC_ENCODE(DHPublicKey
, buf
.data
, buf
.length
, &i
, &size
, ret
);
877 krb5_set_error_string(context
, "ASN.1 encoding of "
878 "DHPublicKey failed (%d)", ret
);
879 krb5_clear_error_string(context
);
882 if (buf
.length
!= size
)
883 krb5_abortx(context
, "Internal ASN.1 encoder error");
885 dh_info
.subjectPublicKey
.length
= buf
.length
* 8;
886 dh_info
.subjectPublicKey
.data
= buf
.data
;
888 dh_info
.nonce
= client_params
->nonce
;
890 ASN1_MALLOC_ENCODE(KDCDHKeyInfo
, buf
.data
, buf
.length
, &dh_info
, &size
,
893 krb5_set_error_string(context
, "ASN.1 encoding of "
894 "KdcDHKeyInfo failed (%d)", ret
);
897 if (buf
.length
!= size
)
898 krb5_abortx(context
, "Internal ASN.1 encoder error");
901 * Create the SignedData structure and sign the KdcDHKeyInfo
909 ret
= hx509_query_alloc(kdc_identity
->hx509ctx
, &q
);
913 hx509_query_match_option(q
, HX509_QUERY_OPTION_PRIVATE_KEY
);
914 hx509_query_match_option(q
, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE
);
916 ret
= hx509_certs_find(kdc_identity
->hx509ctx
,
920 hx509_query_free(kdc_identity
->hx509ctx
, q
);
924 ret
= hx509_cms_create_signed_1(kdc_identity
->hx509ctx
,
926 oid_id_pkdhkeydata(),
932 client_params
->client_anchors
,
933 kdc_identity
->certpool
,
940 ret
= _krb5_pk_mk_ContentInfo(context
,
942 oid_id_pkcs7_signedData(),
948 if (ret
&& *kdc_cert
) {
949 hx509_cert_free(*kdc_cert
);
953 krb5_data_free(&buf
);
954 krb5_data_free(&signed_data
);
955 free_KDCDHKeyInfo(&dh_info
);
965 _kdc_pk_mk_pa_reply(krb5_context context
,
966 krb5_kdc_configuration
*config
,
967 pk_client_params
*client_params
,
968 const hdb_entry_ex
*client
,
970 const krb5_data
*req_buffer
,
971 krb5_keyblock
**reply_key
,
977 krb5_enctype enctype
;
979 hx509_cert kdc_cert
= NULL
;
982 if (!config
->enable_pkinit
) {
983 krb5_clear_error_string(context
);
987 if (req
->req_body
.etype
.len
> 0) {
988 for (i
= 0; i
< req
->req_body
.etype
.len
; i
++)
989 if (krb5_enctype_valid(context
, req
->req_body
.etype
.val
[i
]) == 0)
991 if (req
->req_body
.etype
.len
<= i
) {
992 ret
= KRB5KRB_ERR_GENERIC
;
993 krb5_set_error_string(context
,
994 "No valid enctype available from client");
997 enctype
= req
->req_body
.etype
.val
[i
];
999 enctype
= ETYPE_DES3_CBC_SHA1
;
1001 if (client_params
->type
== PKINIT_COMPAT_27
) {
1003 const char *type
, *other
= "";
1005 memset(&rep
, 0, sizeof(rep
));
1007 pa_type
= KRB5_PADATA_PK_AS_REP
;
1009 if (client_params
->dh
== NULL
) {
1014 rep
.element
= choice_PA_PK_AS_REP_encKeyPack
;
1016 ret
= krb5_generate_random_keyblock(context
, enctype
,
1017 &client_params
->reply_key
);
1019 free_PA_PK_AS_REP(&rep
);
1022 ret
= pk_mk_pa_reply_enckey(context
,
1027 &client_params
->reply_key
,
1030 free_PA_PK_AS_REP(&rep
);
1033 ASN1_MALLOC_ENCODE(ContentInfo
, rep
.u
.encKeyPack
.data
,
1034 rep
.u
.encKeyPack
.length
, &info
, &size
,
1036 free_ContentInfo(&info
);
1038 krb5_set_error_string(context
, "encoding of Key ContentInfo "
1040 free_PA_PK_AS_REP(&rep
);
1043 if (rep
.u
.encKeyPack
.length
!= size
)
1044 krb5_abortx(context
, "Internal ASN.1 encoder error");
1050 if (client_params
->dh_group_name
)
1051 other
= client_params
->dh_group_name
;
1053 rep
.element
= choice_PA_PK_AS_REP_dhInfo
;
1055 ret
= generate_dh_keyblock(context
, client_params
, enctype
,
1056 &client_params
->reply_key
);
1060 ret
= pk_mk_pa_reply_dh(context
, client_params
->dh
,
1062 &client_params
->reply_key
,
1066 ASN1_MALLOC_ENCODE(ContentInfo
, rep
.u
.dhInfo
.dhSignedData
.data
,
1067 rep
.u
.dhInfo
.dhSignedData
.length
, &info
, &size
,
1069 free_ContentInfo(&info
);
1071 krb5_set_error_string(context
, "encoding of Key ContentInfo "
1073 free_PA_PK_AS_REP(&rep
);
1076 if (rep
.u
.encKeyPack
.length
!= size
)
1077 krb5_abortx(context
, "Internal ASN.1 encoder error");
1081 free_PA_PK_AS_REP(&rep
);
1085 ASN1_MALLOC_ENCODE(PA_PK_AS_REP
, buf
, len
, &rep
, &size
, ret
);
1086 free_PA_PK_AS_REP(&rep
);
1088 krb5_set_error_string(context
, "encode PA-PK-AS-REP failed %d",
1093 krb5_abortx(context
, "Internal ASN.1 encoder error");
1095 kdc_log(context
, config
, 0, "PK-INIT using %s %s", type
, other
);
1097 } else if (client_params
->type
== PKINIT_COMPAT_WIN2K
) {
1098 PA_PK_AS_REP_Win2k rep
;
1101 if (client_params
->dh
) {
1102 krb5_set_error_string(context
, "Windows PK-INIT doesn't support DH");
1103 ret
= KRB5KRB_ERR_GENERIC
;
1107 memset(&rep
, 0, sizeof(rep
));
1109 pa_type
= KRB5_PADATA_PK_AS_REP_19
;
1110 rep
.element
= choice_PA_PK_AS_REP_encKeyPack
;
1112 ret
= krb5_generate_random_keyblock(context
, enctype
,
1113 &client_params
->reply_key
);
1115 free_PA_PK_AS_REP_Win2k(&rep
);
1118 ret
= pk_mk_pa_reply_enckey(context
,
1123 &client_params
->reply_key
,
1126 free_PA_PK_AS_REP_Win2k(&rep
);
1129 ASN1_MALLOC_ENCODE(ContentInfo
, rep
.u
.encKeyPack
.data
,
1130 rep
.u
.encKeyPack
.length
, &info
, &size
,
1132 free_ContentInfo(&info
);
1134 krb5_set_error_string(context
, "encoding of Key ContentInfo "
1136 free_PA_PK_AS_REP_Win2k(&rep
);
1139 if (rep
.u
.encKeyPack
.length
!= size
)
1140 krb5_abortx(context
, "Internal ASN.1 encoder error");
1142 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k
, buf
, len
, &rep
, &size
, ret
);
1143 free_PA_PK_AS_REP_Win2k(&rep
);
1145 krb5_set_error_string(context
,
1146 "encode PA-PK-AS-REP-Win2k failed %d", ret
);
1150 krb5_abortx(context
, "Internal ASN.1 encoder error");
1153 krb5_abortx(context
, "PK-INIT internal error");
1156 ret
= krb5_padata_add(context
, md
, pa_type
, buf
, len
);
1158 krb5_set_error_string(context
, "failed adding PA-PK-AS-REP %d", ret
);
1163 if (config
->pkinit_kdc_ocsp_file
) {
1165 if (ocsp
.expire
== 0 && ocsp
.next_update
> kdc_time
) {
1169 krb5_data_free(&ocsp
.data
);
1172 ocsp
.next_update
= kdc_time
+ 60 * 5;
1174 fd
= open(config
->pkinit_kdc_ocsp_file
, O_RDONLY
);
1176 kdc_log(context
, config
, 0,
1177 "PK-INIT failed to open ocsp data file %d", errno
);
1180 ret
= fstat(fd
, &sb
);
1184 kdc_log(context
, config
, 0,
1185 "PK-INIT failed to stat ocsp data %d", ret
);
1189 ret
= krb5_data_alloc(&ocsp
.data
, sb
.st_size
);
1192 kdc_log(context
, config
, 0,
1193 "PK-INIT failed to stat ocsp data %d", ret
);
1196 ocsp
.data
.length
= sb
.st_size
;
1197 ret
= read(fd
, ocsp
.data
.data
, sb
.st_size
);
1199 if (ret
!= sb
.st_size
) {
1200 kdc_log(context
, config
, 0,
1201 "PK-INIT failed to read ocsp data %d", errno
);
1205 ret
= hx509_ocsp_verify(kdc_identity
->hx509ctx
,
1209 ocsp
.data
.data
, ocsp
.data
.length
,
1212 kdc_log(context
, config
, 0,
1213 "PK-INIT failed to verify ocsp data %d", ret
);
1214 krb5_data_free(&ocsp
.data
);
1216 } else if (ocsp
.expire
> 180) {
1217 ocsp
.expire
-= 180; /* refetch the ocsp before it expire */
1218 ocsp
.next_update
= ocsp
.expire
;
1220 ocsp
.next_update
= kdc_time
;
1226 if (ocsp
.expire
!= 0 && ocsp
.expire
> kdc_time
) {
1228 ret
= krb5_padata_add(context
, md
,
1229 KRB5_PADATA_PA_PK_OCSP_RESPONSE
,
1230 ocsp
.data
.data
, ocsp
.data
.length
);
1232 krb5_set_error_string(context
,
1233 "Failed adding OCSP response %d", ret
);
1241 hx509_cert_free(kdc_cert
);
1244 *reply_key
= &client_params
->reply_key
;
1249 match_rfc_san(krb5_context context
,
1250 krb5_kdc_configuration
*config
,
1251 hx509_context hx509ctx
,
1252 hx509_cert client_cert
,
1253 krb5_const_principal match
)
1255 hx509_octet_string_list list
;
1256 int ret
, i
, found
= 0;
1258 memset(&list
, 0 , sizeof(list
));
1260 ret
= hx509_cert_find_subjectAltName_otherName(hx509ctx
,
1262 oid_id_pkinit_san(),
1267 for (i
= 0; !found
&& i
< list
.len
; i
++) {
1268 krb5_principal_data principal
;
1269 KRB5PrincipalName kn
;
1272 ret
= decode_KRB5PrincipalName(list
.val
[i
].data
,
1276 kdc_log(context
, config
, 0,
1277 "Decoding kerberos name in certificate failed: %s",
1278 krb5_get_err_text(context
, ret
));
1281 if (size
!= list
.val
[i
].length
) {
1282 kdc_log(context
, config
, 0,
1283 "Decoding kerberos name have extra bits on the end");
1284 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH
;
1287 principal
.name
= kn
.principalName
;
1288 principal
.realm
= kn
.realm
;
1290 if (krb5_principal_compare(context
, &principal
, match
) == TRUE
)
1292 free_KRB5PrincipalName(&kn
);
1296 hx509_free_octet_string_list(&list
);
1301 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH
;
1307 match_ms_upn_san(krb5_context context
,
1308 krb5_kdc_configuration
*config
,
1309 hx509_context hx509ctx
,
1310 hx509_cert client_cert
,
1311 krb5_const_principal match
)
1313 hx509_octet_string_list list
;
1314 krb5_principal principal
= NULL
;
1319 memset(&list
, 0 , sizeof(list
));
1321 ret
= hx509_cert_find_subjectAltName_otherName(hx509ctx
,
1323 oid_id_pkinit_ms_san(),
1328 if (list
.len
!= 1) {
1329 kdc_log(context
, config
, 0,
1330 "More then one PK-INIT MS UPN SAN");
1334 ret
= decode_MS_UPN_SAN(list
.val
[0].data
, list
.val
[0].length
, &upn
, &size
);
1336 kdc_log(context
, config
, 0, "Decode of MS-UPN-SAN failed");
1340 kdc_log(context
, config
, 0, "found MS UPN SAN: %s", upn
);
1342 ret
= krb5_parse_name(context
, upn
, &principal
);
1343 free_MS_UPN_SAN(&upn
);
1345 kdc_log(context
, config
, 0, "Failed to parse principal in MS UPN SAN");
1350 * This is very wrong, but will do for now, should really and a
1351 * plugin to the windc layer to very this ACL.
1353 strupr(principal
->realm
);
1355 if (krb5_principal_compare(context
, principal
, match
) == TRUE
)
1360 krb5_free_principal(context
, principal
);
1361 hx509_free_octet_string_list(&list
);
1366 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH
;
1372 _kdc_pk_check_client(krb5_context context
,
1373 krb5_kdc_configuration
*config
,
1374 const hdb_entry_ex
*client
,
1375 pk_client_params
*client_params
,
1376 char **subject_name
)
1378 const HDB_Ext_PKINIT_acl
*acl
;
1379 krb5_error_code ret
;
1383 ret
= hx509_cert_get_base_subject(kdc_identity
->hx509ctx
,
1384 client_params
->cert
,
1389 ret
= hx509_name_to_string(name
, subject_name
);
1390 hx509_name_free(&name
);
1394 kdc_log(context
, config
, 0,
1395 "Trying to authorize PK-INIT subject DN %s",
1398 if (config
->pkinit_princ_in_cert
) {
1399 ret
= match_rfc_san(context
, config
,
1400 kdc_identity
->hx509ctx
,
1401 client_params
->cert
,
1402 client
->entry
.principal
);
1404 kdc_log(context
, config
, 5,
1405 "Found matching PK-INIT SAN in certificate");
1408 ret
= match_ms_upn_san(context
, config
,
1409 kdc_identity
->hx509ctx
,
1410 client_params
->cert
,
1411 client
->entry
.principal
);
1413 kdc_log(context
, config
, 5,
1414 "Found matching MS UPN SAN in certificate");
1419 ret
= hdb_entry_get_pkinit_acl(&client
->entry
, &acl
);
1420 if (ret
== 0 && acl
!= NULL
) {
1422 * Cheat here and compare the generated name with the string
1423 * and not the reverse.
1425 for (i
= 0; i
< acl
->len
; i
++) {
1426 if (strcmp(*subject_name
, acl
->val
[0].subject
) != 0)
1429 /* Don't support isser and anchor checking right now */
1430 if (acl
->val
[0].issuer
)
1432 if (acl
->val
[0].anchor
)
1435 kdc_log(context
, config
, 5,
1436 "Found matching PK-INIT database ACL");
1441 for (i
= 0; i
< principal_mappings
.len
; i
++) {
1444 b
= krb5_principal_compare(context
,
1445 client
->entry
.principal
,
1446 principal_mappings
.val
[i
].principal
);
1449 if (strcmp(principal_mappings
.val
[i
].subject
, *subject_name
) != 0)
1451 kdc_log(context
, config
, 5,
1452 "Found matching PK-INIT FILE ACL");
1456 krb5_set_error_string(context
,
1457 "PKINIT no matching principals for %s",
1460 kdc_log(context
, config
, 5,
1461 "PKINIT no matching principals for %s",
1464 free(*subject_name
);
1465 *subject_name
= NULL
;
1467 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH
;
1470 static krb5_error_code
1471 add_principal_mapping(krb5_context context
,
1472 const char *principal_name
,
1473 const char * subject
)
1475 struct pk_allowed_princ
*tmp
;
1476 krb5_principal principal
;
1477 krb5_error_code ret
;
1479 tmp
= realloc(principal_mappings
.val
,
1480 (principal_mappings
.len
+ 1) * sizeof(*tmp
));
1483 principal_mappings
.val
= tmp
;
1485 ret
= krb5_parse_name(context
, principal_name
, &principal
);
1489 principal_mappings
.val
[principal_mappings
.len
].principal
= principal
;
1491 principal_mappings
.val
[principal_mappings
.len
].subject
= strdup(subject
);
1492 if (principal_mappings
.val
[principal_mappings
.len
].subject
== NULL
) {
1493 krb5_free_principal(context
, principal
);
1496 principal_mappings
.len
++;
1502 _kdc_add_inital_verified_cas(krb5_context context
,
1503 krb5_kdc_configuration
*config
,
1504 pk_client_params
*params
,
1507 AD_INITIAL_VERIFIED_CAS cas
;
1508 krb5_error_code ret
;
1512 memset(&cas
, 0, sizeof(cas
));
1514 /* XXX add CAs to cas here */
1516 ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS
, data
.data
, data
.length
,
1520 if (data
.length
!= size
)
1521 krb5_abortx(context
, "internal asn.1 encoder error");
1523 ret
= _kdc_tkt_add_if_relevant_ad(context
, tkt
,
1524 KRB5_AUTHDATA_INITIAL_VERIFIED_CAS
,
1526 krb5_data_free(&data
);
1535 load_mappings(krb5_context context
, const char *fn
)
1537 krb5_error_code ret
;
1539 unsigned long lineno
= 0;
1546 while (fgets(buf
, sizeof(buf
), f
) != NULL
) {
1547 char *subject_name
, *p
;
1549 buf
[strcspn(buf
, "\n")] = '\0';
1552 p
= buf
+ strspn(buf
, " \t");
1554 if (*p
== '#' || *p
== '\0')
1557 subject_name
= strchr(p
, ':');
1558 if (subject_name
== NULL
) {
1559 krb5_warnx(context
, "pkinit mapping file line %lu "
1560 "missing \":\" :%s",
1564 *subject_name
++ = '\0';
1566 ret
= add_principal_mapping(context
, p
, subject_name
);
1568 krb5_warn(context
, ret
, "failed to add line %lu \":\" :%s\n",
1582 _kdc_pk_initialize(krb5_context context
,
1583 krb5_kdc_configuration
*config
,
1584 const char *user_id
,
1585 const char *anchors
,
1591 krb5_error_code ret
;
1593 file
= krb5_config_get_string(context
, NULL
,
1594 "libdefaults", "moduli", NULL
);
1596 ret
= _krb5_parse_moduli(context
, file
, &moduli
);
1598 krb5_err(context
, 1, ret
, "PKINIT: failed to load modidi file");
1600 principal_mappings
.len
= 0;
1601 principal_mappings
.val
= NULL
;
1603 ret
= _krb5_pk_load_id(context
,
1613 krb5_warn(context
, ret
, "PKINIT: ");
1614 config
->enable_pkinit
= 0;
1622 ret
= hx509_query_alloc(kdc_identity
->hx509ctx
, &q
);
1624 krb5_warnx(context
, "PKINIT: out of memory");
1628 hx509_query_match_option(q
, HX509_QUERY_OPTION_PRIVATE_KEY
);
1629 hx509_query_match_option(q
, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE
);
1631 ret
= hx509_certs_find(kdc_identity
->hx509ctx
,
1632 kdc_identity
->certs
,
1635 hx509_query_free(kdc_identity
->hx509ctx
, q
);
1637 if (hx509_cert_check_eku(kdc_identity
->hx509ctx
, cert
,
1638 oid_id_pkkdcekuoid(), 0))
1639 krb5_warnx(context
, "WARNING Found KDC certificate "
1640 "is missing the PK-INIT KDC EKU, this is bad for "
1641 "interoperability.");
1642 hx509_cert_free(cert
);
1644 krb5_warnx(context
, "PKINIT: failed to find a signing "
1645 "certifiate with a public key");
1648 ret
= krb5_config_get_bool_default(context
,
1652 "pkinit_allow_proxy_certificate",
1654 _krb5_pk_allow_proxy_certificate(kdc_identity
, ret
);
1656 file
= krb5_config_get_string(context
,
1659 "pkinit_mappings_file",
1662 asprintf(&fn
, "%s/pki-mapping", hdb_db_dir(context
));
1666 load_mappings(context
, file
);