| blob | 9fd93e65ef1c7e0f14e043ff4ef00c965db7462e |
1 /* kdc.c Key distribution (AS/TGS) functions
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
24 /**
25 * shishi_as_derive_salt:
26 * @handle: shishi handle as allocated by shishi_init().
27 * @asreq: input AS-REQ variable.
28 * @asrep: input AS-REP variable.
29 * @salt: output array with salt.
30 * @saltlen: on input, maximum size of output array with salt, on output,
31 * holds actual size of output array with salt.
32 *
33 * Derive the salt that should be used when deriving a key via
34 * shishi_string_to_key() for an AS exchange. Currently this searches
35 * for PA-DATA of type SHISHI_PA_PW_SALT in the AS-REP and returns it
36 * if found, otherwise the salt is derived from the client name and
37 * realm in AS-REQ.
38 *
39 * Return value: Returns SHISHI_OK iff successful.
40 **/
41 int
43 Shishi_asn1 asreq,
45 {
59 {
69 {
77 }
78 }
91 {
103 }
108 }
110 int
113 {
124 {
128 }
133 {
137 }
143 {
147 }
156 {
159 {
162 {
165 {
166 shishi_error_printf
170 }
174 }
175 else
176 {
177 printf
179 }
180 }
181 }
185 }
187 /**
188 * shishi_kdc_copy_crealm:
189 * @handle: shishi handle as allocated by shishi_init().
190 * @kdcrep: KDC-REP to read crealm from.
191 * @encticketpart: EncTicketPart to set crealm in.
192 *
193 * Set crealm in KDC-REP to value in EncTicketPart.
194 *
195 * Return value: Returns SHISHI_OK if successful.
196 **/
197 int
200 {
205 #if 0
207 causes libtasn1 to strlen(buf)... */
208 #endif
219 }
221 /**
222 * shishi_as_check_crealm:
223 * @handle: shishi handle as allocated by shishi_init().
224 * @asreq: AS-REQ to compare realm field in.
225 * @asrep: AS-REP to compare realm field in.
226 *
227 * Verify that AS-REQ.req-body.realm and AS-REP.crealm fields matches.
228 * This is one of the steps that has to be performed when processing a
229 * AS-REQ and AS-REP exchange, see shishi_kdc_process().
230 *
231 * Return value: Returns SHISHI_OK if successful,
232 * SHISHI_REALM_MISMATCH if the values differ, or an error code.
233 **/
234 int
236 {
244 {
248 }
252 {
256 }
262 {
265 }
276 }
278 /**
279 * shishi_kdc_copy_cname:
280 * @handle: shishi handle as allocated by shishi_init().
281 * @kdcrep: KDC-REQ to read cname from.
282 * @encticketpart: EncTicketPart to set cname in.
283 *
284 * Set cname in KDC-REP to value in EncTicketPart.
285 *
286 * Return value: Returns SHISHI_OK if successful.
287 **/
288 int
291 {
318 {
335 }
338 }
340 /**
341 * shishi_as_check_cname:
342 * @handle: shishi handle as allocated by shishi_init().
343 * @asreq: AS-REQ to compare client name field in.
344 * @asrep: AS-REP to compare client name field in.
345 *
346 * Verify that AS-REQ.req-body.realm and AS-REP.crealm fields matches.
347 * This is one of the steps that has to be performed when processing a
348 * AS-REQ and AS-REP exchange, see shishi_kdc_process().
349 *
350 * Return value: Returns SHISHI_OK if successful,
351 * SHISHI_CNAME_MISMATCH if the values differ, or an error code.
352 **/
353 int
355 {
362 /* We do not compare msg-type as recommended on the ietf-krb-wg list */
378 {
380 res =
387 res =
394 {
399 }
409 }
412 }
414 /**
415 * shishi_kdc_copy_nonce:
416 * @handle: shishi handle as allocated by shishi_init().
417 * @kdcreq: KDC-REQ to read nonce from.
418 * @enckdcreppart: EncKDCRepPart to set nonce in.
419 *
420 * Set nonce in EncKDCRepPart to value in KDC-REQ.
421 *
422 * Return value: Returns SHISHI_OK if successful.
423 **/
424 int
427 {
440 }
442 static int
446 {
448 {
459 }
462 {
463 /* This case warrants some explanation.
464 *
465 * RFC 1510 didn't restrict nonce to 4 bytes, so the nonce field
466 * may be longer. There are KDCs that will accept longer nonces
467 * but truncated them to 4 bytes in the response. If we happen
468 * to parse such a KDC request, we consider it OK even though it
469 * isn't. I doubt this is a security problem, because you need
470 * to break the integrity protection of the encryption system
471 * as well as guess the nonce correctly. The nonce doesn't seem
472 * to serve any purpose at all, really.
473 *
474 */
482 }
489 }
491 /**
492 * shishi_kdc_check_nonce:
493 * @handle: shishi handle as allocated by shishi_init().
494 * @kdcreq: KDC-REQ to compare nonce field in.
495 * @enckdcreppart: Encrypted KDC-REP part to compare nonce field in.
496 *
497 * Verify that KDC-REQ.req-body.nonce and EncKDCRepPart.nonce fields
498 * matches. This is one of the steps that has to be performed when
499 * processing a KDC-REQ and KDC-REP exchange.
500 *
501 * Return value: Returns SHISHI_OK if successful,
502 * SHISHI_NONCE_LENGTH_MISMATCH if the nonces have different lengths
503 * (usually indicates that buggy server truncated nonce to 4 bytes),
504 * SHISHI_NONCE_MISMATCH if the values differ, or an error code.
505 **/
506 int
509 {
518 {
522 }
527 {
532 }
541 }
543 /**
544 * shishi_tgs_process:
545 * @handle: shishi handle as allocated by shishi_init().
546 * @tgsreq: input variable that holds the sent KDC-REQ.
547 * @tgsrep: input variable that holds the received KDC-REP.
548 * @authenticator: input variable with Authenticator from AP-REQ in KDC-REQ.
549 * @oldenckdcreppart: input variable with EncKDCRepPart used in request.
550 * @enckdcreppart: output variable that holds new EncKDCRepPart.
551 *
552 * Process a TGS client exchange and output decrypted EncKDCRepPart
553 * which holds details for the new ticket received. This function
554 * simply derives the encryption key from the ticket used to construct
555 * the TGS request and calls shishi_kdc_process(), which see.
556 *
557 * Return value: Returns SHISHI_OK iff the TGS client exchange was
558 * successful.
559 **/
560 int
562 Shishi_asn1 tgsreq,
563 Shishi_asn1 tgsrep,
564 Shishi_asn1 authenticator,
566 {
588 else
591 use_subkey ?
592 SHISHI_KEYUSAGE_ENCTGSREPPART_AUTHENTICATOR_KEY
594 enckdcreppart);
596 /* Entire if statement to work around buggy KDCs. */
599 {
602 /* Try again using key from ticket instead of subkey */
605 else
607 SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY,
608 enckdcreppart);
610 /* if bug workaround code didn't help, return original error. */
617 }
623 }
625 /**
626 * shishi_as_process:
627 * @handle: shishi handle as allocated by shishi_init().
628 * @asreq: input variable that holds the sent KDC-REQ.
629 * @asrep: input variable that holds the received KDC-REP.
630 * @string: input variable with zero terminated password.
631 * @enckdcreppart: output variable that holds new EncKDCRepPart.
632 *
633 * Process an AS client exchange and output decrypted EncKDCRepPart
634 * which holds details for the new ticket received. This function
635 * simply derives the encryption key from the password and calls
636 * shishi_kdc_process(), which see.
637 *
638 * Return value: Returns SHISHI_OK iff the AS client exchange was
639 * successful.
640 **/
641 int
643 Shishi_asn1 asreq,
644 Shishi_asn1 asrep,
646 {
675 }
677 /**
678 * shishi_kdc_process:
679 * @handle: shishi handle as allocated by shishi_init().
680 * @kdcreq: input variable that holds the sent KDC-REQ.
681 * @kdcrep: input variable that holds the received KDC-REP.
682 * @key: input array with key to decrypt encrypted part of KDC-REP with.
683 * @keyusage: kereros key usage value.
684 * @enckdcreppart: output variable that holds new EncKDCRepPart.
685 *
686 * Process a KDC client exchange and output decrypted EncKDCRepPart
687 * which holds details for the new ticket received. Use
688 * shishi_kdcrep_get_ticket() to extract the ticket. This function
689 * verifies the various conditions that must hold if the response is
690 * to be considered valid, specifically it compares nonces
691 * (shishi_check_nonces()) and if the exchange was a AS exchange, it
692 * also compares cname and crealm (shishi_check_cname() and
693 * shishi_check_crealm()).
694 *
695 * Usually the shishi_as_process() and shishi_tgs_process() functions
696 * should be used instead, since they simplify the decryption key
697 * computation.
698 *
699 * Return value: Returns SHISHI_OK iff the KDC client exchange was
700 * successful.
701 **/
702 int
704 Shishi_asn1 kdcreq,
705 Shishi_asn1 kdcrep,
708 {
712 /*
713 If the reply message type is KRB_AS_REP, then the client verifies
714 that the cname and crealm fields in the cleartext portion of the
715 reply match what it requested. If any padata fields are present,
716 they may be used to derive the proper secret key to decrypt the
717 message. The client decrypts the encrypted part of the response
718 using its secret key, verifies that the nonce in the encrypted
719 part matches the nonce it supplied in its request (to detect
720 replays). It also verifies that the sname and srealm in the
721 response match those in the request (or are otherwise expected
722 values), and that the host address field is also correct. It then
723 stores the ticket, session key, start and expiration times, and
724 other information for later use. The key-expiration field from the
725 encrypted part of the response may be checked to notify the user
726 of impending key expiration (the client program could then suggest
727 remedial action, such as a password change).
728 */
736 {
744 }
755 }