search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Windows: Remove *_PA_ClientCanon* from export list
[heimdal.git] / kdc / pkinit.c
blob66c27504a59c047b8d5e28c5789421a2bfb9030f
1 /*
2 * Copyright (c) 2003 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kdc_locl.h"
37
38 #ifdef PKINIT
39
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
42 #include <cms_asn1.h>
43 #include <pkinit_asn1.h>
44
45 #include <hx509.h>
46 #include "crypto-headers.h"
47
48 struct pk_client_params {
49 enum krb5_pk_type type;
50 enum { USE_RSA, USE_DH, USE_ECDH } keyex;
51 union {
52 struct {
53 BIGNUM *public_key;
54 DH *key;
55 } dh;
56 #ifdef HAVE_OPENSSL
57 struct {
58 EC_KEY *public_key;
59 EC_KEY *key;
60 } ecdh;
61 #endif
62 } u;
63 hx509_cert cert;
64 unsigned nonce;
65 EncryptionKey reply_key;
66 char *dh_group_name;
67 hx509_peer_info peer;
68 hx509_certs client_anchors;
69 hx509_verify_ctx verify_ctx;
70 };
71
72 struct pk_principal_mapping {
73 unsigned int len;
74 struct pk_allowed_princ {
75 krb5_principal principal;
76 char *subject;
77 } *val;
78 };
79
80 static struct krb5_pk_identity *kdc_identity;
81 static struct pk_principal_mapping principal_mappings;
82 static struct krb5_dh_moduli **moduli;
83
84 static struct {
85 krb5_data data;
86 time_t expire;
87 time_t next_update;
88 } ocsp;
89
90 /*
91 *
92 */
93
94 static krb5_error_code
95 pk_check_pkauthenticator_win2k(krb5_context context,
96 PKAuthenticator_Win2k *a,
97 const KDC_REQ *req)
98 {
99 krb5_timestamp now;
100
101 krb5_timeofday (context, &now);
102
103 /* XXX cusec */
104 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
105 krb5_clear_error_message(context);
106 return KRB5KRB_AP_ERR_SKEW;
107 }
108 return 0;
109 }
110
111 static krb5_error_code
112 pk_check_pkauthenticator(krb5_context context,
113 PKAuthenticator *a,
114 const KDC_REQ *req)
115 {
116 u_char *buf = NULL;
117 size_t buf_size;
118 krb5_error_code ret;
119 size_t len = 0;
120 krb5_timestamp now;
121 Checksum checksum;
122
123 krb5_timeofday (context, &now);
124
125 /* XXX cusec */
126 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
127 krb5_clear_error_message(context);
128 return KRB5KRB_AP_ERR_SKEW;
129 }
130
131 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
132 if (ret) {
133 krb5_clear_error_message(context);
134 return ret;
135 }
136 if (buf_size != len)
137 krb5_abortx(context, "Internal error in ASN.1 encoder");
138
139 ret = krb5_create_checksum(context,
140 NULL,
141 0,
142 CKSUMTYPE_SHA1,
143 buf,
144 len,
145 &checksum);
146 free(buf);
147 if (ret) {
148 krb5_clear_error_message(context);
149 return ret;
150 }
151
152 if (a->paChecksum == NULL) {
153 krb5_clear_error_message(context);
154 ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
155 goto out;
156 }
157
158 if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
159 krb5_clear_error_message(context);
160 ret = KRB5KRB_ERR_GENERIC;
161 }
162
163 out:
164 free_Checksum(&checksum);
165
166 return ret;
167 }
168
169 void
170 _kdc_pk_free_client_param(krb5_context context, pk_client_params *cp)
171 {
172 if (cp == NULL)
173 return;
174 if (cp->cert)
175 hx509_cert_free(cp->cert);
176 if (cp->verify_ctx)
177 hx509_verify_destroy_ctx(cp->verify_ctx);
178 if (cp->keyex == USE_DH) {
179 if (cp->u.dh.key)
180 DH_free(cp->u.dh.key);
181 if (cp->u.dh.public_key)
182 BN_free(cp->u.dh.public_key);
183 }
184 #ifdef HAVE_OPENSSL
185 if (cp->keyex == USE_ECDH) {
186 if (cp->u.ecdh.key)
187 EC_KEY_free(cp->u.ecdh.key);
188 if (cp->u.ecdh.public_key)
189 EC_KEY_free(cp->u.ecdh.public_key);
190 }
191 #endif
192 krb5_free_keyblock_contents(context, &cp->reply_key);
193 if (cp->dh_group_name)
194 free(cp->dh_group_name);
195 if (cp->peer)
196 hx509_peer_info_free(cp->peer);
197 if (cp->client_anchors)
198 hx509_certs_free(&cp->client_anchors);
199 memset(cp, 0, sizeof(*cp));
200 free(cp);
201 }
202
203 static krb5_error_code
204 generate_dh_keyblock(krb5_context context,
205 pk_client_params *client_params,
206 krb5_enctype enctype)
207 {
208 unsigned char *dh_gen_key = NULL;
209 krb5_keyblock key;
210 krb5_error_code ret;
211 size_t dh_gen_keylen, size;
212
213 memset(&key, 0, sizeof(key));
214
215 if (client_params->keyex == USE_DH) {
216
217 if (client_params->u.dh.public_key == NULL) {
218 ret = KRB5KRB_ERR_GENERIC;
219 krb5_set_error_message(context, ret, "public_key");
220 goto out;
221 }
222
223 if (!DH_generate_key(client_params->u.dh.key)) {
224 ret = KRB5KRB_ERR_GENERIC;
225 krb5_set_error_message(context, ret,
226 "Can't generate Diffie-Hellman keys");
227 goto out;
228 }
229
230 size = DH_size(client_params->u.dh.key);
231
232 dh_gen_key = malloc(size);
233 if (dh_gen_key == NULL) {
234 ret = ENOMEM;
235 krb5_set_error_message(context, ret, "malloc: out of memory");
236 goto out;
237 }
238
239 dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
240 if (dh_gen_keylen == (size_t)-1) {
241 ret = KRB5KRB_ERR_GENERIC;
242 krb5_set_error_message(context, ret,
243 "Can't compute Diffie-Hellman key");
244 goto out;
245 }
246 if (dh_gen_keylen < size) {
247 size -= dh_gen_keylen;
248 memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
249 memset(dh_gen_key, 0, size);
250 }
251
252 ret = 0;
253 #ifdef HAVE_OPENSSL
254 } else if (client_params->keyex == USE_ECDH) {
255
256 if (client_params->u.ecdh.public_key == NULL) {
257 ret = KRB5KRB_ERR_GENERIC;
258 krb5_set_error_message(context, ret, "public_key");
259 goto out;
260 }
261
262 client_params->u.ecdh.key = EC_KEY_new();
263 if (client_params->u.ecdh.key == NULL) {
264 ret = ENOMEM;
265 goto out;
266 }
267 EC_KEY_set_group(client_params->u.ecdh.key,
268 EC_KEY_get0_group(client_params->u.ecdh.public_key));
269
270 if (EC_KEY_generate_key(client_params->u.ecdh.key) != 1) {
271 ret = ENOMEM;
272 goto out;
273 }
274
275 size = (EC_GROUP_get_degree(EC_KEY_get0_group(client_params->u.ecdh.key)) + 7) / 8;
276 dh_gen_key = malloc(size);
277 if (dh_gen_key == NULL) {
278 ret = ENOMEM;
279 krb5_set_error_message(context, ret,
280 N_("malloc: out of memory", ""));
281 goto out;
282 }
283
284 dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
285 EC_KEY_get0_public_key(client_params->u.ecdh.public_key),
286 client_params->u.ecdh.key, NULL);
287
288 #endif /* HAVE_OPENSSL */
289 } else {
290 ret = KRB5KRB_ERR_GENERIC;
291 krb5_set_error_message(context, ret,
292 "Diffie-Hellman not selected keys");
293 goto out;
294 }
295
296 ret = _krb5_pk_octetstring2key(context,
297 enctype,
298 dh_gen_key, dh_gen_keylen,
299 NULL, NULL,
300 &client_params->reply_key);
301
302 out:
303 if (dh_gen_key)
304 free(dh_gen_key);
305 if (key.keyvalue.data)
306 krb5_free_keyblock_contents(context, &key);
307
308 return ret;
309 }
310
311 static BIGNUM *
312 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
313 {
314 BIGNUM *bn;
315
316 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
317 if (bn == NULL) {
318 krb5_set_error_message(context, KRB5_BADMSGTYPE,
319 "PKINIT: parsing BN failed %s", field);
320 return NULL;
321 }
322 BN_set_negative(bn, f->negative);
323 return bn;
324 }
325
326 static krb5_error_code
327 get_dh_param(krb5_context context,
328 krb5_kdc_configuration *config,
329 SubjectPublicKeyInfo *dh_key_info,
330 pk_client_params *client_params)
331 {
332 DomainParameters dhparam;
333 DH *dh = NULL;
334 krb5_error_code ret;
335
336 memset(&dhparam, 0, sizeof(dhparam));
337
338 if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
339 ret = KRB5_BADMSGTYPE;
340 krb5_set_error_message(context, ret,
341 "PKINIT: subjectPublicKey not aligned "
342 "to 8 bit boundary");
343 goto out;
344 }
345
346 if (dh_key_info->algorithm.parameters == NULL) {
347 krb5_set_error_message(context, KRB5_BADMSGTYPE,
348 "PKINIT missing algorithm parameter "
349 "in clientPublicValue");
350 return KRB5_BADMSGTYPE;
351 }
352
353 ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
354 dh_key_info->algorithm.parameters->length,
355 &dhparam,
356 NULL);
357 if (ret) {
358 krb5_set_error_message(context, ret, "Can't decode algorithm "
359 "parameters in clientPublicValue");
360 goto out;
361 }
362
363 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
364 &dhparam.p, &dhparam.g, dhparam.q, moduli,
365 &client_params->dh_group_name);
366 if (ret) {
367 /* XXX send back proposal of better group */
368 goto out;
369 }
370
371 dh = DH_new();
372 if (dh == NULL) {
373 ret = ENOMEM;
374 krb5_set_error_message(context, ret, "Cannot create DH structure");
375 goto out;
376 }
377 ret = KRB5_BADMSGTYPE;
378 dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
379 if (dh->p == NULL)
380 goto out;
381 dh->g = integer_to_BN(context, "DH base", &dhparam.g);
382 if (dh->g == NULL)
383 goto out;
384
385 if (dhparam.q) {
386 dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
387 if (dh->g == NULL)
388 goto out;
389 }
390
391 {
392 heim_integer glue;
393 size_t size;
394
395 ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
396 dh_key_info->subjectPublicKey.length / 8,
397 &glue,
398 &size);
399 if (ret) {
400 krb5_clear_error_message(context);
401 return ret;
402 }
403
404 client_params->u.dh.public_key = integer_to_BN(context,
405 "subjectPublicKey",
406 &glue);
407 der_free_heim_integer(&glue);
408 if (client_params->u.dh.public_key == NULL) {
409 ret = KRB5_BADMSGTYPE;
410 goto out;
411 }
412 }
413
414 client_params->u.dh.key = dh;
415 dh = NULL;
416 ret = 0;
417
418 out:
419 if (dh)
420 DH_free(dh);
421 free_DomainParameters(&dhparam);
422 return ret;
423 }
424
425 #ifdef HAVE_OPENSSL
426
427 static krb5_error_code
428 get_ecdh_param(krb5_context context,
429 krb5_kdc_configuration *config,
430 SubjectPublicKeyInfo *dh_key_info,
431 pk_client_params *client_params)
432 {
433 ECParameters ecp;
434 EC_KEY *public = NULL;
435 krb5_error_code ret;
436 const unsigned char *p;
437 size_t len;
438 int nid;
439
440 if (dh_key_info->algorithm.parameters == NULL) {
441 krb5_set_error_message(context, KRB5_BADMSGTYPE,
442 "PKINIT missing algorithm parameter "
443 "in clientPublicValue");
444 return KRB5_BADMSGTYPE;
445 }
446
447 memset(&ecp, 0, sizeof(ecp));
448
449 ret = decode_ECParameters(dh_key_info->algorithm.parameters->data,
450 dh_key_info->algorithm.parameters->length, &ecp, &len);
451 if (ret)
452 goto out;
453
454 if (ecp.element != choice_ECParameters_namedCurve) {
455 ret = KRB5_BADMSGTYPE;
456 goto out;
457 }
458
459 if (der_heim_oid_cmp(&ecp.u.namedCurve, &asn1_oid_id_ec_group_secp256r1) == 0)
460 nid = NID_X9_62_prime256v1;
461 else {
462 ret = KRB5_BADMSGTYPE;
463 goto out;
464 }
465
466 /* XXX verify group is ok */
467
468 public = EC_KEY_new_by_curve_name(nid);
469
470 p = dh_key_info->subjectPublicKey.data;
471 len = dh_key_info->subjectPublicKey.length / 8;
472 if (o2i_ECPublicKey(&public, &p, len) == NULL) {
473 ret = KRB5_BADMSGTYPE;
474 krb5_set_error_message(context, ret,
475 "PKINIT failed to decode ECDH key");
476 goto out;
477 }
478 client_params->u.ecdh.public_key = public;
479 public = NULL;
480
481 out:
482 if (public)
483 EC_KEY_free(public);
484 free_ECParameters(&ecp);
485 return ret;
486 }
487
488 #endif /* HAVE_OPENSSL */
489
490 krb5_error_code
491 _kdc_pk_rd_padata(krb5_context context,
492 krb5_kdc_configuration *config,
493 const KDC_REQ *req,
494 const PA_DATA *pa,
495 hdb_entry_ex *client,
496 pk_client_params **ret_params)
497 {
498 pk_client_params *cp;
499 krb5_error_code ret;
500 heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
501 krb5_data eContent = { 0, NULL };
502 krb5_data signed_content = { 0, NULL };
503 const char *type = "unknown type";
504 hx509_certs trust_anchors;
505 int have_data = 0;
506 const HDB_Ext_PKINIT_cert *pc;
507
508 *ret_params = NULL;
509
510 if (!config->enable_pkinit) {
511 kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
512 krb5_clear_error_message(context);
513 return 0;
514 }
515
516 cp = calloc(1, sizeof(*cp));
517 if (cp == NULL) {
518 krb5_clear_error_message(context);
519 ret = ENOMEM;
520 goto out;
521 }
522
523 ret = hx509_certs_init(context->hx509ctx,
524 "MEMORY:trust-anchors",
525 0, NULL, &trust_anchors);
526 if (ret) {
527 krb5_set_error_message(context, ret, "failed to create trust anchors");
528 goto out;
529 }
530
531 ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
532 kdc_identity->anchors);
533 if (ret) {
534 hx509_certs_free(&trust_anchors);
535 krb5_set_error_message(context, ret, "failed to create verify context");
536 goto out;
537 }
538
539 /* Add any registered certificates for this client as trust anchors */
540 ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
541 if (ret == 0 && pc != NULL) {
542 hx509_cert cert;
543 unsigned int i;
544
545 for (i = 0; i < pc->len; i++) {
546 cert = hx509_cert_init_data(context->hx509ctx,
547 pc->val[i].cert.data,
548 pc->val[i].cert.length,
549 NULL);
550 if (cert == NULL)
551 continue;
552 hx509_certs_add(context->hx509ctx, trust_anchors, cert);
553 hx509_cert_free(cert);
554 }
555 }
556
557 ret = hx509_verify_init_ctx(context->hx509ctx, &cp->verify_ctx);
558 if (ret) {
559 hx509_certs_free(&trust_anchors);
560 krb5_set_error_message(context, ret, "failed to create verify context");
561 goto out;
562 }
563
564 hx509_verify_set_time(cp->verify_ctx, kdc_time);
565 hx509_verify_attach_anchors(cp->verify_ctx, trust_anchors);
566 hx509_certs_free(&trust_anchors);
567
568 if (config->pkinit_allow_proxy_certs)
569 hx509_verify_set_proxy_certificate(cp->verify_ctx, 1);
570
571 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
572 PA_PK_AS_REQ_Win2k r;
573
574 type = "PK-INIT-Win2k";
575
576 if (_kdc_is_anon_request(&req->req_body)) {
577 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
578 krb5_set_error_message(context, ret,
579 "Anon not supported in RSA mode");
580 goto out;
581 }
582
583 ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
584 pa->padata_value.length,
585 &r,
586 NULL);
587 if (ret) {
588 krb5_set_error_message(context, ret, "Can't decode "
589 "PK-AS-REQ-Win2k: %d", ret);
590 goto out;
591 }
592
593 ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
594 &contentInfoOid,
595 &signed_content,
596 &have_data);
597 free_PA_PK_AS_REQ_Win2k(&r);
598 if (ret) {
599 krb5_set_error_message(context, ret,
600 "Can't unwrap ContentInfo(win): %d", ret);
601 goto out;
602 }
603
604 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
605 PA_PK_AS_REQ r;
606
607 type = "PK-INIT-IETF";
608
609 ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
610 pa->padata_value.length,
611 &r,
612 NULL);
613 if (ret) {
614 krb5_set_error_message(context, ret,
615 "Can't decode PK-AS-REQ: %d", ret);
616 goto out;
617 }
618
619 /* XXX look at r.kdcPkId */
620 if (r.trustedCertifiers) {
621 ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
622 unsigned int i, maxedi;
623
624 ret = hx509_certs_init(context->hx509ctx,
625 "MEMORY:client-anchors",
626 0, NULL,
627 &cp->client_anchors);
628 if (ret) {
629 krb5_set_error_message(context, ret,
630 "Can't allocate client anchors: %d",
631 ret);
632 goto out;
633
634 }
635 /*
636 * If the client sent more then 10 EDI, don't bother
637 * looking more then 10 of performance reasons.
638 */
639 maxedi = edi->len;
640 if (maxedi > 10)
641 maxedi = 10;
642 for (i = 0; i < maxedi; i++) {
643 IssuerAndSerialNumber iasn;
644 hx509_query *q;
645 hx509_cert cert;
646 size_t size;
647
648 if (edi->val[i].issuerAndSerialNumber == NULL)
649 continue;
650
651 ret = hx509_query_alloc(context->hx509ctx, &q);
652 if (ret) {
653 krb5_set_error_message(context, ret,
654 "Failed to allocate hx509_query");
655 goto out;
656 }
657
658 ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
659 edi->val[i].issuerAndSerialNumber->length,
660 &iasn,
661 &size);
662 if (ret) {
663 hx509_query_free(context->hx509ctx, q);
664 continue;
665 }
666 ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
667 free_IssuerAndSerialNumber(&iasn);
668 if (ret) {
669 hx509_query_free(context->hx509ctx, q);
670 continue;
671 }
672
673 ret = hx509_certs_find(context->hx509ctx,
674 kdc_identity->certs,
675 q,
676 &cert);
677 hx509_query_free(context->hx509ctx, q);
678 if (ret)
679 continue;
680 hx509_certs_add(context->hx509ctx,
681 cp->client_anchors, cert);
682 hx509_cert_free(cert);
683 }
684 }
685
686 ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
687 &contentInfoOid,
688 &signed_content,
689 &have_data);
690 free_PA_PK_AS_REQ(&r);
691 if (ret) {
692 krb5_set_error_message(context, ret,
693 "Can't unwrap ContentInfo: %d", ret);
694 goto out;
695 }
696
697 } else {
698 krb5_clear_error_message(context);
699 ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
700 goto out;
701 }
702
703 ret = der_heim_oid_cmp(&contentInfoOid, &asn1_oid_id_pkcs7_signedData);
704 if (ret != 0) {
705 ret = KRB5KRB_ERR_GENERIC;
706 krb5_set_error_message(context, ret,
707 "PK-AS-REQ-Win2k invalid content type oid");
708 goto out;
709 }
710
711 if (!have_data) {
712 ret = KRB5KRB_ERR_GENERIC;
713 krb5_set_error_message(context, ret,
714 "PK-AS-REQ-Win2k no signed auth pack");
715 goto out;
716 }
717
718 {
719 hx509_certs signer_certs;
720 int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */
721
722 if (_kdc_is_anon_request(&req->req_body))
723 flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER;
724
725 ret = hx509_cms_verify_signed(context->hx509ctx,
726 cp->verify_ctx,
727 flags,
728 signed_content.data,
729 signed_content.length,
730 NULL,
731 kdc_identity->certpool,
732 &eContentType,
733 &eContent,
734 &signer_certs);
735 if (ret) {
736 char *s = hx509_get_error_string(context->hx509ctx, ret);
737 krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
738 s, ret);
739 free(s);
740 goto out;
741 }
742
743 if (signer_certs) {
744 ret = hx509_get_one_cert(context->hx509ctx, signer_certs,
745 &cp->cert);
746 hx509_certs_free(&signer_certs);
747 }
748 if (ret)
749 goto out;
750 }
751
752 /* Signature is correct, now verify the signed message */
753 if (der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkcs7_data) != 0 &&
754 der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkauthdata) != 0)
755 {
756 ret = KRB5_BADMSGTYPE;
757 krb5_set_error_message(context, ret, "got wrong oid for pkauthdata");
758 goto out;
759 }
760
761 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
762 AuthPack_Win2k ap;
763
764 ret = decode_AuthPack_Win2k(eContent.data,
765 eContent.length,
766 &ap,
767 NULL);
768 if (ret) {
769 krb5_set_error_message(context, ret,
770 "Can't decode AuthPack: %d", ret);
771 goto out;
772 }
773
774 ret = pk_check_pkauthenticator_win2k(context,
775 &ap.pkAuthenticator,
776 req);
777 if (ret) {
778 free_AuthPack_Win2k(&ap);
779 goto out;
780 }
781
782 cp->type = PKINIT_WIN2K;
783 cp->nonce = ap.pkAuthenticator.nonce;
784
785 if (ap.clientPublicValue) {
786 ret = KRB5KRB_ERR_GENERIC;
787 krb5_set_error_message(context, ret,
788 "DH not supported for windows");
789 goto out;
790 }
791 free_AuthPack_Win2k(&ap);
792
793 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
794 AuthPack ap;
795
796 ret = decode_AuthPack(eContent.data,
797 eContent.length,
798 &ap,
799 NULL);
800 if (ret) {
801 krb5_set_error_message(context, ret,
802 "Can't decode AuthPack: %d", ret);
803 free_AuthPack(&ap);
804 goto out;
805 }
806
807 if (_kdc_is_anon_request(&req->req_body) &&
808 ap.clientPublicValue == NULL) {
809 free_AuthPack(&ap);
810 ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
811 krb5_set_error_message(context, ret,
812 "Anon not supported in RSA mode");
813 goto out;
814 }
815
816 ret = pk_check_pkauthenticator(context,
817 &ap.pkAuthenticator,
818 req);
819 if (ret) {
820 free_AuthPack(&ap);
821 goto out;
822 }
823
824 cp->type = PKINIT_27;
825 cp->nonce = ap.pkAuthenticator.nonce;
826
827 if (ap.clientPublicValue) {
828 if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_dhpublicnumber) == 0) {
829 cp->keyex = USE_DH;
830 ret = get_dh_param(context, config,
831 ap.clientPublicValue, cp);
832 #ifdef HAVE_OPENSSL
833 } else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) {
834 cp->keyex = USE_ECDH;
835 ret = get_ecdh_param(context, config,
836 ap.clientPublicValue, cp);
837 #endif /* HAVE_OPENSSL */
838 } else {
839 ret = KRB5_BADMSGTYPE;
840 krb5_set_error_message(context, ret, "PKINIT unknown DH mechanism");
841 }
842 if (ret) {
843 free_AuthPack(&ap);
844 goto out;
845 }
846 } else
847 cp->keyex = USE_RSA;
848
849 ret = hx509_peer_info_alloc(context->hx509ctx,
850 &cp->peer);
851 if (ret) {
852 free_AuthPack(&ap);
853 goto out;
854 }
855
856 if (ap.supportedCMSTypes) {
857 ret = hx509_peer_info_set_cms_algs(context->hx509ctx,
858 cp->peer,
859 ap.supportedCMSTypes->val,
860 ap.supportedCMSTypes->len);
861 if (ret) {
862 free_AuthPack(&ap);
863 goto out;
864 }
865 } else {
866 /* assume old client */
867 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
868 hx509_crypto_des_rsdi_ede3_cbc());
869 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
870 hx509_signature_rsa_with_sha1());
871 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
872 hx509_signature_sha1());
873 }
874 free_AuthPack(&ap);
875 } else
876 krb5_abortx(context, "internal pkinit error");
877
878 kdc_log(context, config, 0, "PK-INIT request of type %s", type);
879
880 out:
881 if (ret)
882 krb5_warn(context, ret, "PKINIT");
883
884 if (signed_content.data)
885 free(signed_content.data);
886 krb5_data_free(&eContent);
887 der_free_oid(&eContentType);
888 der_free_oid(&contentInfoOid);
889 if (ret) {
890 _kdc_pk_free_client_param(context, cp);
891 } else
892 *ret_params = cp;
893 return ret;
894 }
895
896 /*
897 *
898 */
899
900 static krb5_error_code
901 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
902 {
903 integer->length = BN_num_bytes(bn);
904 integer->data = malloc(integer->length);
905 if (integer->data == NULL) {
906 krb5_clear_error_message(context);
907 return ENOMEM;
908 }
909 BN_bn2bin(bn, integer->data);
910 integer->negative = BN_is_negative(bn);
911 return 0;
912 }
913
914 static krb5_error_code
915 pk_mk_pa_reply_enckey(krb5_context context,
916 krb5_kdc_configuration *config,
917 pk_client_params *cp,
918 const KDC_REQ *req,
919 const krb5_data *req_buffer,
920 krb5_keyblock *reply_key,
921 ContentInfo *content_info,
922 hx509_cert *kdc_cert)
923 {
924 const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
925 krb5_error_code ret;
926 krb5_data buf, signed_data;
927 size_t size = 0;
928 int do_win2k = 0;
929
930 krb5_data_zero(&buf);
931 krb5_data_zero(&signed_data);
932
933 *kdc_cert = NULL;
934
935 /*
936 * If the message client is a win2k-type but it send pa data
937 * 09-binding it expects a IETF (checksum) reply so there can be
938 * no replay attacks.
939 */
940
941 switch (cp->type) {
942 case PKINIT_WIN2K: {
943 int i = 0;
944 if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
945 && config->pkinit_require_binding == 0)
946 {
947 do_win2k = 1;
948 }
949 sdAlg = &asn1_oid_id_pkcs7_data;
950 evAlg = &asn1_oid_id_pkcs7_data;
951 envelopedAlg = &asn1_oid_id_rsadsi_des_ede3_cbc;
952 break;
953 }
954 case PKINIT_27:
955 sdAlg = &asn1_oid_id_pkrkeydata;
956 evAlg = &asn1_oid_id_pkcs7_signedData;
957 break;
958 default:
959 krb5_abortx(context, "internal pkinit error");
960 }
961
962 if (do_win2k) {
963 ReplyKeyPack_Win2k kp;
964 memset(&kp, 0, sizeof(kp));
965
966 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
967 if (ret) {
968 krb5_clear_error_message(context);
969 goto out;
970 }
971 kp.nonce = cp->nonce;
972
973 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
974 buf.data, buf.length,
975 &kp, &size,ret);
976 free_ReplyKeyPack_Win2k(&kp);
977 } else {
978 krb5_crypto ascrypto;
979 ReplyKeyPack kp;
980 memset(&kp, 0, sizeof(kp));
981
982 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
983 if (ret) {
984 krb5_clear_error_message(context);
985 goto out;
986 }
987
988 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
989 if (ret) {
990 krb5_clear_error_message(context);
991 goto out;
992 }
993
994 ret = krb5_create_checksum(context, ascrypto, 6, 0,
995 req_buffer->data, req_buffer->length,
996 &kp.asChecksum);
997 if (ret) {
998 krb5_clear_error_message(context);
999 goto out;
1000 }
1001
1002 ret = krb5_crypto_destroy(context, ascrypto);
1003 if (ret) {
1004 krb5_clear_error_message(context);
1005 goto out;
1006 }
1007 ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
1008 free_ReplyKeyPack(&kp);
1009 }
1010 if (ret) {
1011 krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
1012 "failed (%d)", ret);
1013 goto out;
1014 }
1015 if (buf.length != size)
1016 krb5_abortx(context, "Internal ASN.1 encoder error");
1017
1018 {
1019 hx509_query *q;
1020 hx509_cert cert;
1021
1022 ret = hx509_query_alloc(context->hx509ctx, &q);
1023 if (ret)
1024 goto out;
1025
1026 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1027 if (config->pkinit_kdc_friendly_name)
1028 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1029
1030 ret = hx509_certs_find(context->hx509ctx,
1031 kdc_identity->certs,
1032 q,
1033 &cert);
1034 hx509_query_free(context->hx509ctx, q);
1035 if (ret)
1036 goto out;
1037
1038 ret = hx509_cms_create_signed_1(context->hx509ctx,
1039 0,
1040 sdAlg,
1041 buf.data,
1042 buf.length,
1043 NULL,
1044 cert,
1045 cp->peer,
1046 cp->client_anchors,
1047 kdc_identity->certpool,
1048 &signed_data);
1049 *kdc_cert = cert;
1050 }
1051
1052 krb5_data_free(&buf);
1053 if (ret)
1054 goto out;
1055
1056 if (cp->type == PKINIT_WIN2K) {
1057 ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData,
1058 &signed_data,
1059 &buf);
1060 if (ret)
1061 goto out;
1062 krb5_data_free(&signed_data);
1063 signed_data = buf;
1064 }
1065
1066 ret = hx509_cms_envelope_1(context->hx509ctx,
1067 HX509_CMS_EV_NO_KU_CHECK,
1068 cp->cert,
1069 signed_data.data, signed_data.length,
1070 envelopedAlg,
1071 evAlg, &buf);
1072 if (ret)
1073 goto out;
1074
1075 ret = _krb5_pk_mk_ContentInfo(context,
1076 &buf,
1077 &asn1_oid_id_pkcs7_envelopedData,
1078 content_info);
1079 out:
1080 if (ret && *kdc_cert) {
1081 hx509_cert_free(*kdc_cert);
1082 *kdc_cert = NULL;
1083 }
1084
1085 krb5_data_free(&buf);
1086 krb5_data_free(&signed_data);
1087 return ret;
1088 }
1089
1090 /*
1091 *
1092 */
1093
1094 static krb5_error_code
1095 pk_mk_pa_reply_dh(krb5_context context,
1096 krb5_kdc_configuration *config,
1097 pk_client_params *cp,
1098 ContentInfo *content_info,
1099 hx509_cert *kdc_cert)
1100 {
1101 KDCDHKeyInfo dh_info;
1102 krb5_data signed_data, buf;
1103 ContentInfo contentinfo;
1104 krb5_error_code ret;
1105 hx509_cert cert;
1106 hx509_query *q;
1107 size_t size = 0;
1108
1109 memset(&contentinfo, 0, sizeof(contentinfo));
1110 memset(&dh_info, 0, sizeof(dh_info));
1111 krb5_data_zero(&signed_data);
1112 krb5_data_zero(&buf);
1113
1114 *kdc_cert = NULL;
1115
1116 if (cp->keyex == USE_DH) {
1117 DH *kdc_dh = cp->u.dh.key;
1118 heim_integer i;
1119
1120 ret = BN_to_integer(context, kdc_dh->pub_key, &i);
1121 if (ret)
1122 return ret;
1123
1124 ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
1125 der_free_heim_integer(&i);
1126 if (ret) {
1127 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1128 "DHPublicKey failed (%d)", ret);
1129 return ret;
1130 }
1131 if (buf.length != size)
1132 krb5_abortx(context, "Internal ASN.1 encoder error");
1133
1134 dh_info.subjectPublicKey.length = buf.length * 8;
1135 dh_info.subjectPublicKey.data = buf.data;
1136 krb5_data_zero(&buf);
1137 #ifdef HAVE_OPENSSL
1138 } else if (cp->keyex == USE_ECDH) {
1139 unsigned char *p;
1140 int len;
1141
1142 len = i2o_ECPublicKey(cp->u.ecdh.key, NULL);
1143 if (len <= 0)
1144 abort();
1145
1146 p = malloc(len);
1147 if (p == NULL)
1148 abort();
1149
1150 dh_info.subjectPublicKey.length = len * 8;
1151 dh_info.subjectPublicKey.data = p;
1152
1153 len = i2o_ECPublicKey(cp->u.ecdh.key, &p);
1154 if (len <= 0)
1155 abort();
1156 #endif
1157 } else
1158 krb5_abortx(context, "no keyex selected ?");
1159
1160
1161 dh_info.nonce = cp->nonce;
1162
1163 ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
1164 ret);
1165 if (ret) {
1166 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1167 "KdcDHKeyInfo failed (%d)", ret);
1168 goto out;
1169 }
1170 if (buf.length != size)
1171 krb5_abortx(context, "Internal ASN.1 encoder error");
1172
1173 /*
1174 * Create the SignedData structure and sign the KdcDHKeyInfo
1175 * filled in above
1176 */
1177
1178 ret = hx509_query_alloc(context->hx509ctx, &q);
1179 if (ret)
1180 goto out;
1181
1182 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1183 if (config->pkinit_kdc_friendly_name)
1184 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
1185
1186 ret = hx509_certs_find(context->hx509ctx,
1187 kdc_identity->certs,
1188 q,
1189 &cert);
1190 hx509_query_free(context->hx509ctx, q);
1191 if (ret)
1192 goto out;
1193
1194 ret = hx509_cms_create_signed_1(context->hx509ctx,
1195 0,
1196 &asn1_oid_id_pkdhkeydata,
1197 buf.data,
1198 buf.length,
1199 NULL,
1200 cert,
1201 cp->peer,
1202 cp->client_anchors,
1203 kdc_identity->certpool,
1204 &signed_data);
1205 if (ret) {
1206 kdc_log(context, config, 0, "Failed signing the DH* reply: %d", ret);
1207 goto out;
1208 }
1209 *kdc_cert = cert;
1210
1211 ret = _krb5_pk_mk_ContentInfo(context,
1212 &signed_data,
1213 &asn1_oid_id_pkcs7_signedData,
1214 content_info);
1215 if (ret)
1216 goto out;
1217
1218 out:
1219 if (ret && *kdc_cert) {
1220 hx509_cert_free(*kdc_cert);
1221 *kdc_cert = NULL;
1222 }
1223
1224 krb5_data_free(&buf);
1225 krb5_data_free(&signed_data);
1226 free_KDCDHKeyInfo(&dh_info);
1227
1228 return ret;
1229 }
1230
1231 /*
1232 *
1233 */
1234
1235 krb5_error_code
1236 _kdc_pk_mk_pa_reply(krb5_context context,
1237 krb5_kdc_configuration *config,
1238 pk_client_params *cp,
1239 const hdb_entry_ex *client,
1240 krb5_enctype sessionetype,
1241 const KDC_REQ *req,
1242 const krb5_data *req_buffer,
1243 krb5_keyblock *reply_key,
1244 krb5_keyblock *sessionkey,
1245 METHOD_DATA *md)
1246 {
1247 krb5_error_code ret;
1248 void *buf = NULL;
1249 size_t len = 0, size = 0;
1250 krb5_enctype enctype;
1251 int pa_type;
1252 hx509_cert kdc_cert = NULL;
1253 size_t i;
1254
1255 if (!config->enable_pkinit) {
1256 krb5_clear_error_message(context);
1257 return 0;
1258 }
1259
1260 if (req->req_body.etype.len > 0) {
1261 for (i = 0; i < req->req_body.etype.len; i++)
1262 if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
1263 break;
1264 if (req->req_body.etype.len <= i) {
1265 ret = KRB5KRB_ERR_GENERIC;
1266 krb5_set_error_message(context, ret,
1267 "No valid enctype available from client");
1268 goto out;
1269 }
1270 enctype = req->req_body.etype.val[i];
1271 } else
1272 enctype = ETYPE_DES3_CBC_SHA1;
1273
1274 if (cp->type == PKINIT_27) {
1275 PA_PK_AS_REP rep;
1276 const char *type, *other = "";
1277
1278 memset(&rep, 0, sizeof(rep));
1279
1280 pa_type = KRB5_PADATA_PK_AS_REP;
1281
1282 if (cp->keyex == USE_RSA) {
1283 ContentInfo info;
1284
1285 type = "enckey";
1286
1287 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1288
1289 ret = krb5_generate_random_keyblock(context, enctype,
1290 &cp->reply_key);
1291 if (ret) {
1292 free_PA_PK_AS_REP(&rep);
1293 goto out;
1294 }
1295 ret = pk_mk_pa_reply_enckey(context,
1296 config,
1297 cp,
1298 req,
1299 req_buffer,
1300 &cp->reply_key,
1301 &info,
1302 &kdc_cert);
1303 if (ret) {
1304 free_PA_PK_AS_REP(&rep);
1305 goto out;
1306 }
1307 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1308 rep.u.encKeyPack.length, &info, &size,
1309 ret);
1310 free_ContentInfo(&info);
1311 if (ret) {
1312 krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
1313 "failed %d", ret);
1314 free_PA_PK_AS_REP(&rep);
1315 goto out;
1316 }
1317 if (rep.u.encKeyPack.length != size)
1318 krb5_abortx(context, "Internal ASN.1 encoder error");
1319
1320 ret = krb5_generate_random_keyblock(context, sessionetype,
1321 sessionkey);
1322 if (ret) {
1323 free_PA_PK_AS_REP(&rep);
1324 goto out;
1325 }
1326
1327 } else {
1328 ContentInfo info;
1329
1330 switch (cp->keyex) {
1331 case USE_DH: type = "dh"; break;
1332 #ifdef HAVE_OPENSSL
1333 case USE_ECDH: type = "ecdh"; break;
1334 #endif
1335 default: krb5_abortx(context, "unknown keyex"); break;
1336 }
1337
1338 if (cp->dh_group_name)
1339 other = cp->dh_group_name;
1340
1341 rep.element = choice_PA_PK_AS_REP_dhInfo;
1342
1343 ret = generate_dh_keyblock(context, cp, enctype);
1344 if (ret)
1345 return ret;
1346
1347 ret = pk_mk_pa_reply_dh(context, config,
1348 cp,
1349 &info,
1350 &kdc_cert);
1351 if (ret) {
1352 free_PA_PK_AS_REP(&rep);
1353 krb5_set_error_message(context, ret,
1354 "create pa-reply-dh "
1355 "failed %d", ret);
1356 goto out;
1357 }
1358
1359 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
1360 rep.u.dhInfo.dhSignedData.length, &info, &size,
1361 ret);
1362 free_ContentInfo(&info);
1363 if (ret) {
1364 krb5_set_error_message(context, ret,
1365 "encoding of Key ContentInfo "
1366 "failed %d", ret);
1367 free_PA_PK_AS_REP(&rep);
1368 goto out;
1369 }
1370 if (rep.u.encKeyPack.length != size)
1371 krb5_abortx(context, "Internal ASN.1 encoder error");
1372
1373 /* generate the session key using the method from RFC6112 */
1374 {
1375 krb5_keyblock kdc_contribution_key;
1376 krb5_crypto reply_crypto;
1377 krb5_crypto kdccont_crypto;
1378 krb5_data p1 = { strlen("PKINIT"), "PKINIT"};
1379 krb5_data p2 = { strlen("KEYEXCHANGE"), "KEYEXCHANGE"};
1380 void *kckdata;
1381 size_t kcklen;
1382 EncryptedData kx;
1383 void *kxdata;
1384 size_t kxlen;
1385
1386 ret = krb5_generate_random_keyblock(context, sessionetype,
1387 &kdc_contribution_key);
1388 if (ret) {
1389 free_PA_PK_AS_REP(&rep);
1390 goto out;
1391 }
1392 ret = krb5_crypto_init(context, &cp->reply_key, enctype, &reply_crypto);
1393 if (ret) {
1394 krb5_free_keyblock_contents(context, &kdc_contribution_key);
1395 free_PA_PK_AS_REP(&rep);
1396 goto out;
1397 }
1398 ret = krb5_crypto_init(context, &kdc_contribution_key, sessionetype, &kdccont_crypto);
1399 if (ret) {
1400 krb5_crypto_destroy(context, reply_crypto);
1401 krb5_free_keyblock_contents(context, &kdc_contribution_key);
1402 free_PA_PK_AS_REP(&rep);
1403 goto out;
1404 }
1405 /* KRB-FX-CF2 */
1406 ret = krb5_crypto_fx_cf2(context, kdccont_crypto, reply_crypto,
1407 &p1, &p2, sessionetype, sessionkey);
1408 krb5_crypto_destroy(context, kdccont_crypto);
1409 if (ret) {
1410 krb5_crypto_destroy(context, reply_crypto);
1411 krb5_free_keyblock_contents(context, &kdc_contribution_key);
1412 free_PA_PK_AS_REP(&rep);
1413 goto out;
1414 }
1415 ASN1_MALLOC_ENCODE(EncryptionKey, kckdata, kcklen,
1416 &kdc_contribution_key, &size, ret);
1417 krb5_free_keyblock_contents(context, &kdc_contribution_key);
1418 if (ret) {
1419 krb5_set_error_message(context, ret, "encoding of PKINIT-KX Key failed %d", ret);
1420 krb5_crypto_destroy(context, reply_crypto);
1421 free_PA_PK_AS_REP(&rep);
1422 goto out;
1423 }
1424 if (kcklen != size)
1425 krb5_abortx(context, "Internal ASN.1 encoder error");
1426 ret = krb5_encrypt_EncryptedData(context, reply_crypto, KRB5_KU_PA_PKINIT_KX,
1427 kckdata, kcklen, 0, &kx);
1428 krb5_crypto_destroy(context, reply_crypto);
1429 free(kckdata);
1430 if (ret) {
1431 free_PA_PK_AS_REP(&rep);
1432 goto out;
1433 }
1434 ASN1_MALLOC_ENCODE(EncryptedData, kxdata, kxlen,
1435 &kx, &size, ret);
1436 free_EncryptedData(&kx);
1437 if (ret) {
1438 krb5_set_error_message(context, ret, "encoding of PKINIT-KX failed %d", ret);
1439 free_PA_PK_AS_REP(&rep);
1440 goto out;
1441 }
1442 if (kxlen != size)
1443 krb5_abortx(context, "Internal ASN.1 encoder error");
1444 /* Add PA-PKINIT-KX */
1445 ret = krb5_padata_add(context, md, KRB5_PADATA_PKINIT_KX, kxdata, kxlen);
1446 if (ret) {
1447 krb5_set_error_message(context, ret,
1448 "Failed adding PKINIT-KX %d", ret);
1449 free(buf);
1450 goto out;
1451 }
1452 }
1453 }
1454
1455 #define use_btmm_with_enckey 0
1456 if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
1457 PA_PK_AS_REP_BTMM btmm;
1458 heim_any any;
1459
1460 any.data = rep.u.encKeyPack.data;
1461 any.length = rep.u.encKeyPack.length;
1462
1463 btmm.dhSignedData = NULL;
1464 btmm.encKeyPack = &any;
1465
1466 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
1467 } else {
1468 ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
1469 }
1470
1471 free_PA_PK_AS_REP(&rep);
1472 if (ret) {
1473 krb5_set_error_message(context, ret,
1474 "encode PA-PK-AS-REP failed %d", ret);
1475 goto out;
1476 }
1477 if (len != size)
1478 krb5_abortx(context, "Internal ASN.1 encoder error");
1479
1480 kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
1481
1482 } else if (cp->type == PKINIT_WIN2K) {
1483 PA_PK_AS_REP_Win2k rep;
1484 ContentInfo info;
1485
1486 if (cp->keyex != USE_RSA) {
1487 ret = KRB5KRB_ERR_GENERIC;
1488 krb5_set_error_message(context, ret,
1489 "Windows PK-INIT doesn't support DH");
1490 goto out;
1491 }
1492
1493 memset(&rep, 0, sizeof(rep));
1494
1495 pa_type = KRB5_PADATA_PK_AS_REP_19;
1496 rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack;
1497
1498 ret = krb5_generate_random_keyblock(context, enctype,
1499 &cp->reply_key);
1500 if (ret) {
1501 free_PA_PK_AS_REP_Win2k(&rep);
1502 goto out;
1503 }
1504 ret = pk_mk_pa_reply_enckey(context,
1505 config,
1506 cp,
1507 req,
1508 req_buffer,
1509 &cp->reply_key,
1510 &info,
1511 &kdc_cert);
1512 if (ret) {
1513 free_PA_PK_AS_REP_Win2k(&rep);
1514 goto out;
1515 }
1516 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1517 rep.u.encKeyPack.length, &info, &size,
1518 ret);
1519 free_ContentInfo(&info);
1520 if (ret) {
1521 krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
1522 "failed %d", ret);
1523 free_PA_PK_AS_REP_Win2k(&rep);
1524 goto out;
1525 }
1526 if (rep.u.encKeyPack.length != size)
1527 krb5_abortx(context, "Internal ASN.1 encoder error");
1528
1529 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
1530 free_PA_PK_AS_REP_Win2k(&rep);
1531 if (ret) {
1532 krb5_set_error_message(context, ret,
1533 "encode PA-PK-AS-REP-Win2k failed %d", ret);
1534 goto out;
1535 }
1536 if (len != size)
1537 krb5_abortx(context, "Internal ASN.1 encoder error");
1538
1539 ret = krb5_generate_random_keyblock(context, sessionetype,
1540 sessionkey);
1541 if (ret) {
1542 free(buf);
1543 goto out;
1544 }
1545
1546 } else
1547 krb5_abortx(context, "PK-INIT internal error");
1548
1549
1550 ret = krb5_padata_add(context, md, pa_type, buf, len);
1551 if (ret) {
1552 krb5_set_error_message(context, ret,
1553 "Failed adding PA-PK-AS-REP %d", ret);
1554 free(buf);
1555 goto out;
1556 }
1557
1558 if (config->pkinit_kdc_ocsp_file) {
1559
1560 if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
1561 struct stat sb;
1562 int fd;
1563
1564 krb5_data_free(&ocsp.data);
1565
1566 ocsp.expire = 0;
1567 ocsp.next_update = kdc_time + 60 * 5;
1568
1569 fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
1570 if (fd < 0) {
1571 kdc_log(context, config, 0,
1572 "PK-INIT failed to open ocsp data file %d", errno);
1573 goto out_ocsp;
1574 }
1575 ret = fstat(fd, &sb);
1576 if (ret) {
1577 ret = errno;
1578 close(fd);
1579 kdc_log(context, config, 0,
1580 "PK-INIT failed to stat ocsp data %d", ret);
1581 goto out_ocsp;
1582 }
1583
1584 ret = krb5_data_alloc(&ocsp.data, sb.st_size);
1585 if (ret) {
1586 close(fd);
1587 kdc_log(context, config, 0,
1588 "PK-INIT failed to stat ocsp data %d", ret);
1589 goto out_ocsp;
1590 }
1591 ocsp.data.length = sb.st_size;
1592 ret = read(fd, ocsp.data.data, sb.st_size);
1593 close(fd);
1594 if (ret != sb.st_size) {
1595 kdc_log(context, config, 0,
1596 "PK-INIT failed to read ocsp data %d", errno);
1597 goto out_ocsp;
1598 }
1599
1600 ret = hx509_ocsp_verify(context->hx509ctx,
1601 kdc_time,
1602 kdc_cert,
1603 0,
1604 ocsp.data.data, ocsp.data.length,
1605 &ocsp.expire);
1606 if (ret) {
1607 kdc_log(context, config, 0,
1608 "PK-INIT failed to verify ocsp data %d", ret);
1609 krb5_data_free(&ocsp.data);
1610 ocsp.expire = 0;
1611 } else if (ocsp.expire > 180) {
1612 ocsp.expire -= 180; /* refetch the ocsp before it expire */
1613 ocsp.next_update = ocsp.expire;
1614 } else {
1615 ocsp.next_update = kdc_time;
1616 }
1617 out_ocsp:
1618 ret = 0;
1619 }
1620
1621 if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
1622
1623 ret = krb5_padata_add(context, md,
1624 KRB5_PADATA_PA_PK_OCSP_RESPONSE,
1625 ocsp.data.data, ocsp.data.length);
1626 if (ret) {
1627 krb5_set_error_message(context, ret,
1628 "Failed adding OCSP response %d", ret);
1629 goto out;
1630 }
1631 }
1632 }
1633
1634 out:
1635 if (kdc_cert)
1636 hx509_cert_free(kdc_cert);
1637
1638 if (ret == 0)
1639 ret = krb5_copy_keyblock_contents(context, &cp->reply_key, reply_key);
1640 return ret;
1641 }
1642
1643 static int
1644 match_rfc_san(krb5_context context,
1645 krb5_kdc_configuration *config,
1646 hx509_context hx509ctx,
1647 hx509_cert client_cert,
1648 krb5_const_principal match)
1649 {
1650 hx509_octet_string_list list;
1651 int ret, found = 0;
1652 size_t i;
1653
1654 memset(&list, 0 , sizeof(list));
1655
1656 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1657 client_cert,
1658 &asn1_oid_id_pkinit_san,
1659 &list);
1660 if (ret)
1661 goto out;
1662
1663 for (i = 0; !found && i < list.len; i++) {
1664 krb5_principal_data principal;
1665 KRB5PrincipalName kn;
1666 size_t size;
1667
1668 ret = decode_KRB5PrincipalName(list.val[i].data,
1669 list.val[i].length,
1670 &kn, &size);
1671 if (ret) {
1672 const char *msg = krb5_get_error_message(context, ret);
1673 kdc_log(context, config, 0,
1674 "Decoding kerberos name in certificate failed: %s", msg);
1675 krb5_free_error_message(context, msg);
1676 break;
1677 }
1678 if (size != list.val[i].length) {
1679 kdc_log(context, config, 0,
1680 "Decoding kerberos name have extra bits on the end");
1681 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1682 }
1683
1684 memset(&principal, 0, sizeof (principal));
1685 principal.name = kn.principalName;
1686 principal.realm = kn.realm;
1687
1688 if (krb5_principal_compare(context, &principal, match) == TRUE)
1689 found = 1;
1690 free_KRB5PrincipalName(&kn);
1691 }
1692
1693 out:
1694 hx509_free_octet_string_list(&list);
1695 if (ret)
1696 return ret;
1697
1698 if (!found)
1699 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1700
1701 return 0;
1702 }
1703
1704 static int
1705 match_ms_upn_san(krb5_context context,
1706 krb5_kdc_configuration *config,
1707 hx509_context hx509ctx,
1708 hx509_cert client_cert,
1709 HDB *clientdb,
1710 hdb_entry_ex *client)
1711 {
1712 hx509_octet_string_list list;
1713 krb5_principal principal = NULL;
1714 int ret;
1715 MS_UPN_SAN upn;
1716 size_t size;
1717
1718 memset(&list, 0 , sizeof(list));
1719
1720 ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
1721 client_cert,
1722 &asn1_oid_id_pkinit_ms_san,
1723 &list);
1724 if (ret)
1725 goto out;
1726
1727 if (list.len != 1) {
1728 kdc_log(context, config, 0,
1729 "More then one PK-INIT MS UPN SAN");
1730 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1731 goto out;
1732 }
1733
1734 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
1735 if (ret) {
1736 kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
1737 goto out;
1738 }
1739 if (size != list.val[0].length) {
1740 free_MS_UPN_SAN(&upn);
1741 kdc_log(context, config, 0, "Trailing data in ");
1742 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1743 goto out;
1744 }
1745
1746 kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
1747
1748 ret = krb5_parse_name(context, upn, &principal);
1749 free_MS_UPN_SAN(&upn);
1750 if (ret) {
1751 kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
1752 goto out;
1753 }
1754
1755 if (clientdb->hdb_check_pkinit_ms_upn_match) {
1756 ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal);
1757 } else {
1758
1759 /*
1760 * This is very wrong, but will do for a fallback
1761 */
1762 strupr(principal->realm);
1763
1764 if (krb5_principal_compare(context, principal, client->entry.principal) == FALSE)
1765 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1766 }
1767
1768 out:
1769 if (principal)
1770 krb5_free_principal(context, principal);
1771 hx509_free_octet_string_list(&list);
1772
1773 return ret;
1774 }
1775
1776 krb5_error_code
1777 _kdc_pk_check_client(krb5_context context,
1778 krb5_kdc_configuration *config,
1779 HDB *clientdb,
1780 hdb_entry_ex *client,
1781 pk_client_params *cp,
1782 char **subject_name)
1783 {
1784 const HDB_Ext_PKINIT_acl *acl;
1785 const HDB_Ext_PKINIT_cert *pc;
1786 krb5_error_code ret;
1787 hx509_name name;
1788 size_t i;
1789
1790 if (cp->cert == NULL) {
1791
1792 *subject_name = strdup("anonymous client client");
1793 if (*subject_name == NULL)
1794 return ENOMEM;
1795 return 0;
1796 }
1797
1798 ret = hx509_cert_get_base_subject(context->hx509ctx,
1799 cp->cert,
1800 &name);
1801 if (ret)
1802 return ret;
1803
1804 ret = hx509_name_to_string(name, subject_name);
1805 hx509_name_free(&name);
1806 if (ret)
1807 return ret;
1808
1809 kdc_log(context, config, 0,
1810 "Trying to authorize PK-INIT subject DN %s",
1811 *subject_name);
1812
1813 ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
1814 if (ret == 0 && pc) {
1815 hx509_cert cert;
1816 size_t j;
1817
1818 for (j = 0; j < pc->len; j++) {
1819 cert = hx509_cert_init_data(context->hx509ctx,
1820 pc->val[j].cert.data,
1821 pc->val[j].cert.length,
1822 NULL);
1823 if (cert == NULL)
1824 continue;
1825 ret = hx509_cert_cmp(cert, cp->cert);
1826 hx509_cert_free(cert);
1827 if (ret == 0) {
1828 kdc_log(context, config, 5,
1829 "Found matching PK-INIT cert in hdb");
1830 return 0;
1831 }
1832 }
1833 }
1834
1835
1836 if (config->pkinit_princ_in_cert) {
1837 ret = match_rfc_san(context, config,
1838 context->hx509ctx,
1839 cp->cert,
1840 client->entry.principal);
1841 if (ret == 0) {
1842 kdc_log(context, config, 5,
1843 "Found matching PK-INIT SAN in certificate");
1844 return 0;
1845 }
1846 ret = match_ms_upn_san(context, config,
1847 context->hx509ctx,
1848 cp->cert,
1849 clientdb,
1850 client);
1851 if (ret == 0) {
1852 kdc_log(context, config, 5,
1853 "Found matching MS UPN SAN in certificate");
1854 return 0;
1855 }
1856 }
1857
1858 ret = hdb_entry_get_pkinit_acl(&client->entry, &acl);
1859 if (ret == 0 && acl != NULL) {
1860 /*
1861 * Cheat here and compare the generated name with the string
1862 * and not the reverse.
1863 */
1864 for (i = 0; i < acl->len; i++) {
1865 if (strcmp(*subject_name, acl->val[0].subject) != 0)
1866 continue;
1867
1868 /* Don't support isser and anchor checking right now */
1869 if (acl->val[0].issuer)
1870 continue;
1871 if (acl->val[0].anchor)
1872 continue;
1873
1874 kdc_log(context, config, 5,
1875 "Found matching PK-INIT database ACL");
1876 return 0;
1877 }
1878 }
1879
1880 for (i = 0; i < principal_mappings.len; i++) {
1881 krb5_boolean b;
1882
1883 b = krb5_principal_compare(context,
1884 client->entry.principal,
1885 principal_mappings.val[i].principal);
1886 if (b == FALSE)
1887 continue;
1888 if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
1889 continue;
1890 kdc_log(context, config, 5,
1891 "Found matching PK-INIT FILE ACL");
1892 return 0;
1893 }
1894
1895 ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1896 krb5_set_error_message(context, ret,
1897 "PKINIT no matching principals for %s",
1898 *subject_name);
1899
1900 kdc_log(context, config, 5,
1901 "PKINIT no matching principals for %s",
1902 *subject_name);
1903
1904 free(*subject_name);
1905 *subject_name = NULL;
1906
1907 return ret;
1908 }
1909
1910 static krb5_error_code
1911 add_principal_mapping(krb5_context context,
1912 const char *principal_name,
1913 const char * subject)
1914 {
1915 struct pk_allowed_princ *tmp;
1916 krb5_principal principal;
1917 krb5_error_code ret;
1918
1919 tmp = realloc(principal_mappings.val,
1920 (principal_mappings.len + 1) * sizeof(*tmp));
1921 if (tmp == NULL)
1922 return ENOMEM;
1923 principal_mappings.val = tmp;
1924
1925 ret = krb5_parse_name(context, principal_name, &principal);
1926 if (ret)
1927 return ret;
1928
1929 principal_mappings.val[principal_mappings.len].principal = principal;
1930
1931 principal_mappings.val[principal_mappings.len].subject = strdup(subject);
1932 if (principal_mappings.val[principal_mappings.len].subject == NULL) {
1933 krb5_free_principal(context, principal);
1934 return ENOMEM;
1935 }
1936 principal_mappings.len++;
1937
1938 return 0;
1939 }
1940
1941 krb5_error_code
1942 _kdc_add_inital_verified_cas(krb5_context context,
1943 krb5_kdc_configuration *config,
1944 pk_client_params *cp,
1945 EncTicketPart *tkt)
1946 {
1947 AD_INITIAL_VERIFIED_CAS cas;
1948 krb5_error_code ret;
1949 krb5_data data;
1950 size_t size = 0;
1951
1952 memset(&cas, 0, sizeof(cas));
1953
1954 /* XXX add CAs to cas here */
1955
1956 ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
1957 &cas, &size, ret);
1958 if (ret)
1959 return ret;
1960 if (data.length != size)
1961 krb5_abortx(context, "internal asn.1 encoder error");
1962
1963 ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
1964 KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
1965 &data);
1966 krb5_data_free(&data);
1967 return ret;
1968 }
1969
1970 /*
1971 *
1972 */
1973
1974 static void
1975 load_mappings(krb5_context context, const char *fn)
1976 {
1977 krb5_error_code ret;
1978 char buf[1024];
1979 unsigned long lineno = 0;
1980 FILE *f;
1981
1982 f = fopen(fn, "r");
1983 if (f == NULL)
1984 return;
1985
1986 while (fgets(buf, sizeof(buf), f) != NULL) {
1987 char *subject_name, *p;
1988
1989 buf[strcspn(buf, "\n")] = '\0';
1990 lineno++;
1991
1992 p = buf + strspn(buf, " \t");
1993
1994 if (*p == '#' || *p == '\0')
1995 continue;
1996
1997 subject_name = strchr(p, ':');
1998 if (subject_name == NULL) {
1999 krb5_warnx(context, "pkinit mapping file line %lu "
2000 "missing \":\" :%s",
2001 lineno, buf);
2002 continue;
2003 }
2004 *subject_name++ = '\0';
2005
2006 ret = add_principal_mapping(context, p, subject_name);
2007 if (ret) {
2008 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
2009 lineno, buf);
2010 continue;
2011 }
2012 }
2013
2014 fclose(f);
2015 }
2016
2017 /*
2018 *
2019 */
2020
2021 krb5_error_code
2022 krb5_kdc_pk_initialize(krb5_context context,
2023 krb5_kdc_configuration *config,
2024 const char *user_id,
2025 const char *anchors,
2026 char **pool,
2027 char **revoke_list)
2028 {
2029 const char *file;
2030 char *fn = NULL;
2031 krb5_error_code ret;
2032
2033 file = krb5_config_get_string(context, NULL,
2034 "libdefaults", "moduli", NULL);
2035
2036 ret = _krb5_parse_moduli(context, file, &moduli);
2037 if (ret)
2038 krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
2039
2040 principal_mappings.len = 0;
2041 principal_mappings.val = NULL;
2042
2043 ret = _krb5_pk_load_id(context,
2044 &kdc_identity,
2045 user_id,
2046 anchors,
2047 pool,
2048 revoke_list,
2049 NULL,
2050 NULL,
2051 NULL);
2052 if (ret) {
2053 krb5_warn(context, ret, "PKINIT: ");
2054 config->enable_pkinit = 0;
2055 return ret;
2056 }
2057
2058 {
2059 hx509_query *q;
2060 hx509_cert cert;
2061
2062 ret = hx509_query_alloc(context->hx509ctx, &q);
2063 if (ret) {
2064 krb5_warnx(context, "PKINIT: out of memory");
2065 return ENOMEM;
2066 }
2067
2068 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
2069 if (config->pkinit_kdc_friendly_name)
2070 hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name);
2071
2072 ret = hx509_certs_find(context->hx509ctx,
2073 kdc_identity->certs,
2074 q,
2075 &cert);
2076 hx509_query_free(context->hx509ctx, q);
2077 if (ret == 0) {
2078 if (hx509_cert_check_eku(context->hx509ctx, cert,
2079 &asn1_oid_id_pkkdcekuoid, 0)) {
2080 hx509_name name;
2081 char *str;
2082 ret = hx509_cert_get_subject(cert, &name);
2083 if (ret == 0) {
2084 hx509_name_to_string(name, &str);
2085 krb5_warnx(context, "WARNING Found KDC certificate (%s)"
2086 "is missing the PK-INIT KDC EKU, this is bad for "
2087 "interoperability.", str);
2088 hx509_name_free(&name);
2089 free(str);
2090 }
2091 }
2092 hx509_cert_free(cert);
2093 } else
2094 krb5_warnx(context, "PKINIT: failed to find a signing "
2095 "certifiate with a public key");
2096 }
2097
2098 if (krb5_config_get_bool_default(context,
2099 NULL,
2100 FALSE,
2101 "kdc",
2102 "pkinit_allow_proxy_certificate",
2103 NULL))
2104 config->pkinit_allow_proxy_certs = 1;
2105
2106 file = krb5_config_get_string(context,
2107 NULL,
2108 "kdc",
2109 "pkinit_mappings_file",
2110 NULL);
2111 if (file == NULL) {
2112 int aret;
2113
2114 aret = asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
2115 if (aret == -1) {
2116 krb5_warnx(context, "PKINIT: out of memory");
2117 return ENOMEM;
2118 }
2119
2120 file = fn;
2121 }
2122
2123 load_mappings(context, file);
2124 if (fn)
2125 free(fn);
2126
2127 return 0;
2128 }
2129
2130 #endif /* PKINIT */
Heimdal