Context Navigation

pkinit.c

Last change on this file was 1, checked in by Paul Smedley, 10 years ago
Initial commit of Heimdal 1.5.3
File size: 63.6 KB

Line
1	/*
2	* Copyright (c) 2003 - 2007 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in the
17	* documentation and/or other materials provided with the distribution.
18	*
19	* 3. Neither the name of the Institute nor the names of its contributors
20	* may be used to endorse or promote products derived from this software
21	* without specific prior written permission.
22	*
23	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33	* SUCH DAMAGE.
34	*/
35
36	#include "krb5_locl.h"
37
38	struct krb5_dh_moduli {
39	char *name;
40	unsigned long bits;
41	heim_integer p;
42	heim_integer g;
43	heim_integer q;
44	};
45
46	#ifdef PKINIT
47
48	#include <cms_asn1.h>
49	#include <pkcs8_asn1.h>
50	#include <pkcs9_asn1.h>
51	#include <pkcs12_asn1.h>
52	#include <pkinit_asn1.h>
53	#include <asn1_err.h>
54
55	#include <der.h>
56
57	struct krb5_pk_cert {
58	hx509_cert cert;
59	};
60
61	struct krb5_pk_init_ctx_data {
62	struct krb5_pk_identity *id;
63	enum { USE_RSA, USE_DH, USE_ECDH } keyex;
64	union {
65	DH *dh;
66	#ifdef HAVE_OPENSSL
67	EC_KEY *eckey;
68	#endif
69	} u;
70	krb5_data *clientDHNonce;
71	struct krb5_dh_moduli **m;
72	hx509_peer_info peer;
73	enum krb5_pk_type type;
74	unsigned int require_binding:1;
75	unsigned int require_eku:1;
76	unsigned int require_krbtgt_otherName:1;
77	unsigned int require_hostname_match:1;
78	unsigned int trustedCertifiers:1;
79	unsigned int anonymous:1;
80	};
81
82	static void
83	pk_copy_error(krb5_context context,
84	hx509_context hx509ctx,
85	int hxret,
86	const char *fmt,
87	...)
88	__attribute__ ((format (printf, 4, 5)));
89
90	/*
91	*
92	*/
93
94	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
95	_krb5_pk_cert_free(struct krb5_pk_cert *cert)
96	{
97	if (cert->cert) {
98	hx509_cert_free(cert->cert);
99	}
100	free(cert);
101	}
102
103	static krb5_error_code
104	BN_to_integer(krb5_context context, BIGNUM bn, heim_integer integer)
105	{
106	integer->length = BN_num_bytes(bn);
107	integer->data = malloc(integer->length);
108	if (integer->data == NULL) {
109	krb5_clear_error_message(context);
110	return ENOMEM;
111	}
112	BN_bn2bin(bn, integer->data);
113	integer->negative = BN_is_negative(bn);
114	return 0;
115	}
116
117	static BIGNUM *
118	integer_to_BN(krb5_context context, const char field, const heim_integer f)
119	{
120	BIGNUM *bn;
121
122	bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
123	if (bn == NULL) {
124	krb5_set_error_message(context, ENOMEM,
125	N_("PKINIT: parsing BN failed %s", ""), field);
126	return NULL;
127	}
128	BN_set_negative(bn, f->negative);
129	return bn;
130	}
131
132	static krb5_error_code
133	select_dh_group(krb5_context context, DH *dh, unsigned long bits,
134	struct krb5_dh_moduli **moduli)
135	{
136	const struct krb5_dh_moduli *m;
137
138	if (bits == 0) {
139	m = moduli[1]; /* XXX */
140	if (m == NULL)
141	m = moduli[0]; /* XXX */
142	} else {
143	int i;
144	for (i = 0; moduli[i] != NULL; i++) {
145	if (bits < moduli[i]->bits)
146	break;
147	}
148	if (moduli[i] == NULL) {
149	krb5_set_error_message(context, EINVAL,
150	N_("Did not find a DH group parameter "
151	"matching requirement of %lu bits", ""),
152	bits);
153	return EINVAL;
154	}
155	m = moduli[i];
156	}
157
158	dh->p = integer_to_BN(context, "p", &m->p);
159	if (dh->p == NULL)
160	return ENOMEM;
161	dh->g = integer_to_BN(context, "g", &m->g);
162	if (dh->g == NULL)
163	return ENOMEM;
164	dh->q = integer_to_BN(context, "q", &m->q);
165	if (dh->q == NULL)
166	return ENOMEM;
167
168	return 0;
169	}
170
171	struct certfind {
172	const char *type;
173	const heim_oid *oid;
174	};
175
176	/*
177	* Try searchin the key by to use by first looking for for PK-INIT
178	* EKU, then the Microsoft smart card EKU and last, no special EKU at all.
179	*/
180
181	static krb5_error_code
182	find_cert(krb5_context context, struct krb5_pk_identity *id,
183	hx509_query q, hx509_cert cert)
184	{
185	struct certfind cf[4] = {
186	{ "MobileMe EKU" },
187	{ "PKINIT EKU" },
188	{ "MS EKU" },
189	{ "any (or no)" }
190	};
191	int ret = HX509_CERT_NOT_FOUND;
192	size_t i, start = 1;
193	unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 };
194	const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids };
195
196
197	if (id->flags & PKINIT_BTMM)
198	start = 0;
199
200	cf[0].oid = &mobileMe;
201	cf[1].oid = &asn1_oid_id_pkekuoid;
202	cf[2].oid = &asn1_oid_id_pkinit_ms_eku;
203	cf[3].oid = NULL;
204
205	for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) {
206	ret = hx509_query_match_eku(q, cf[i].oid);
207	if (ret) {
208	pk_copy_error(context, context->hx509ctx, ret,
209	"Failed setting %s OID", cf[i].type);
210	return ret;
211	}
212
213	ret = hx509_certs_find(context->hx509ctx, id->certs, q, cert);
214	if (ret == 0)
215	break;
216	pk_copy_error(context, context->hx509ctx, ret,
217	"Failed finding certificate with %s OID", cf[i].type);
218	}
219	return ret;
220	}
221
222
223	static krb5_error_code
224	create_signature(krb5_context context,
225	const heim_oid *eContentType,
226	krb5_data *eContent,
227	struct krb5_pk_identity *id,
228	hx509_peer_info peer,
229	krb5_data *sd_data)
230	{
231	int ret, flags = 0;
232
233	if (id->cert == NULL)
234	flags \|= HX509_CMS_SIGNATURE_NO_SIGNER;
235
236	ret = hx509_cms_create_signed_1(context->hx509ctx,
237	flags,
238	eContentType,
239	eContent->data,
240	eContent->length,
241	NULL,
242	id->cert,
243	peer,
244	NULL,
245	id->certs,
246	sd_data);
247	if (ret) {
248	pk_copy_error(context, context->hx509ctx, ret,
249	"Create CMS signedData");
250	return ret;
251	}
252
253	return 0;
254	}
255
256	static int
257	cert2epi(hx509_context context, void *ctx, hx509_cert c)
258	{
259	ExternalPrincipalIdentifiers *ids = ctx;
260	ExternalPrincipalIdentifier id;
261	hx509_name subject = NULL;
262	void *p;
263	int ret;
264
265	if (ids->len > 10)
266	return 0;
267
268	memset(&id, 0, sizeof(id));
269
270	ret = hx509_cert_get_subject(c, &subject);
271	if (ret)
272	return ret;
273
274	if (hx509_name_is_null_p(subject) != 0) {
275
276	id.subjectName = calloc(1, sizeof(*id.subjectName));
277	if (id.subjectName == NULL) {
278	hx509_name_free(&subject);
279	free_ExternalPrincipalIdentifier(&id);
280	return ENOMEM;
281	}
282
283	ret = hx509_name_binary(subject, id.subjectName);
284	if (ret) {
285	hx509_name_free(&subject);
286	free_ExternalPrincipalIdentifier(&id);
287	return ret;
288	}
289	}
290	hx509_name_free(&subject);
291
292
293	id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber));
294	if (id.issuerAndSerialNumber == NULL) {
295	free_ExternalPrincipalIdentifier(&id);
296	return ENOMEM;
297	}
298
299	{
300	IssuerAndSerialNumber iasn;
301	hx509_name issuer;
302	size_t size = 0;
303
304	memset(&iasn, 0, sizeof(iasn));
305
306	ret = hx509_cert_get_issuer(c, &issuer);
307	if (ret) {
308	free_ExternalPrincipalIdentifier(&id);
309	return ret;
310	}
311
312	ret = hx509_name_to_Name(issuer, &iasn.issuer);
313	hx509_name_free(&issuer);
314	if (ret) {
315	free_ExternalPrincipalIdentifier(&id);
316	return ret;
317	}
318
319	ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
320	if (ret) {
321	free_IssuerAndSerialNumber(&iasn);
322	free_ExternalPrincipalIdentifier(&id);
323	return ret;
324	}
325
326	ASN1_MALLOC_ENCODE(IssuerAndSerialNumber,
327	id.issuerAndSerialNumber->data,
328	id.issuerAndSerialNumber->length,
329	&iasn, &size, ret);
330	free_IssuerAndSerialNumber(&iasn);
331	if (ret)
332	return ret;
333	if (id.issuerAndSerialNumber->length != size)
334	abort();
335	}
336
337	id.subjectKeyIdentifier = NULL;
338
339	p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1));
340	if (p == NULL) {
341	free_ExternalPrincipalIdentifier(&id);
342	return ENOMEM;
343	}
344
345	ids->val = p;
346	ids->val[ids->len] = id;
347	ids->len++;
348
349	return 0;
350	}
351
352	static krb5_error_code
353	build_edi(krb5_context context,
354	hx509_context hx509ctx,
355	hx509_certs certs,
356	ExternalPrincipalIdentifiers *ids)
357	{
358	return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids);
359	}
360
361	static krb5_error_code
362	build_auth_pack(krb5_context context,
363	unsigned nonce,
364	krb5_pk_init_ctx ctx,
365	const KDC_REQ_BODY *body,
366	AuthPack *a)
367	{
368	size_t buf_size, len = 0;
369	krb5_error_code ret;
370	void *buf;
371	krb5_timestamp sec;
372	int32_t usec;
373	Checksum checksum;
374
375	krb5_clear_error_message(context);
376
377	memset(&checksum, 0, sizeof(checksum));
378
379	krb5_us_timeofday(context, &sec, &usec);
380	a->pkAuthenticator.ctime = sec;
381	a->pkAuthenticator.nonce = nonce;
382
383	ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
384	if (ret)
385	return ret;
386	if (buf_size != len)
387	krb5_abortx(context, "internal error in ASN.1 encoder");
388
389	ret = krb5_create_checksum(context,
390	NULL,
391	0,
392	CKSUMTYPE_SHA1,
393	buf,
394	len,
395	&checksum);
396	free(buf);
397	if (ret)
398	return ret;
399
400	ALLOC(a->pkAuthenticator.paChecksum, 1);
401	if (a->pkAuthenticator.paChecksum == NULL) {
402	krb5_set_error_message(context, ENOMEM,
403	N_("malloc: out of memory", ""));
404	return ENOMEM;
405	}
406
407	ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
408	checksum.checksum.data, checksum.checksum.length);
409	free_Checksum(&checksum);
410	if (ret)
411	return ret;
412
413	if (ctx->keyex == USE_DH \|\| ctx->keyex == USE_ECDH) {
414	const char *moduli_file;
415	unsigned long dh_min_bits;
416	krb5_data dhbuf;
417	size_t size = 0;
418
419	krb5_data_zero(&dhbuf);
420
421
422
423	moduli_file = krb5_config_get_string(context, NULL,
424	"libdefaults",
425	"moduli",
426	NULL);
427
428	dh_min_bits =
429	krb5_config_get_int_default(context, NULL, 0,
430	"libdefaults",
431	"pkinit_dh_min_bits",
432	NULL);
433
434	ret = _krb5_parse_moduli(context, moduli_file, &ctx->m);
435	if (ret)
436	return ret;
437
438	ctx->u.dh = DH_new();
439	if (ctx->u.dh == NULL) {
440	krb5_set_error_message(context, ENOMEM,
441	N_("malloc: out of memory", ""));
442	return ENOMEM;
443	}
444
445	ret = select_dh_group(context, ctx->u.dh, dh_min_bits, ctx->m);
446	if (ret)
447	return ret;
448
449	if (DH_generate_key(ctx->u.dh) != 1) {
450	krb5_set_error_message(context, ENOMEM,
451	N_("pkinit: failed to generate DH key", ""));
452	return ENOMEM;
453	}
454
455
456	if (1 /* support_cached_dh */) {
457	ALLOC(a->clientDHNonce, 1);
458	if (a->clientDHNonce == NULL) {
459	krb5_clear_error_message(context);
460	return ENOMEM;
461	}
462	ret = krb5_data_alloc(a->clientDHNonce, 40);
463	if (a->clientDHNonce == NULL) {
464	krb5_clear_error_message(context);
465	return ret;
466	}
467	RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
468	ret = krb5_copy_data(context, a->clientDHNonce,
469	&ctx->clientDHNonce);
470	if (ret)
471	return ret;
472	}
473
474	ALLOC(a->clientPublicValue, 1);
475	if (a->clientPublicValue == NULL)
476	return ENOMEM;
477
478	if (ctx->keyex == USE_DH) {
479	DH *dh = ctx->u.dh;
480	DomainParameters dp;
481	heim_integer dh_pub_key;
482
483	ret = der_copy_oid(&asn1_oid_id_dhpublicnumber,
484	&a->clientPublicValue->algorithm.algorithm);
485	if (ret)
486	return ret;
487
488	memset(&dp, 0, sizeof(dp));
489
490	ret = BN_to_integer(context, dh->p, &dp.p);
491	if (ret) {
492	free_DomainParameters(&dp);
493	return ret;
494	}
495	ret = BN_to_integer(context, dh->g, &dp.g);
496	if (ret) {
497	free_DomainParameters(&dp);
498	return ret;
499	}
500	ret = BN_to_integer(context, dh->q, &dp.q);
501	if (ret) {
502	free_DomainParameters(&dp);
503	return ret;
504	}
505	dp.j = NULL;
506	dp.validationParms = NULL;
507
508	a->clientPublicValue->algorithm.parameters =
509	malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
510	if (a->clientPublicValue->algorithm.parameters == NULL) {
511	free_DomainParameters(&dp);
512	return ret;
513	}
514
515	ASN1_MALLOC_ENCODE(DomainParameters,
516	a->clientPublicValue->algorithm.parameters->data,
517	a->clientPublicValue->algorithm.parameters->length,
518	&dp, &size, ret);
519	free_DomainParameters(&dp);
520	if (ret)
521	return ret;
522	if (size != a->clientPublicValue->algorithm.parameters->length)
523	krb5_abortx(context, "Internal ASN1 encoder error");
524
525	ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
526	if (ret)
527	return ret;
528
529	ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
530	&dh_pub_key, &size, ret);
531	der_free_heim_integer(&dh_pub_key);
532	if (ret)
533	return ret;
534	if (size != dhbuf.length)
535	krb5_abortx(context, "asn1 internal error");
536	} else if (ctx->keyex == USE_ECDH) {
537	#ifdef HAVE_OPENSSL
538	ECParameters ecp;
539	unsigned char *p;
540	int xlen;
541
542	/* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */
543
544	ecp.element = choice_ECParameters_namedCurve;
545	ret = der_copy_oid(&asn1_oid_id_ec_group_secp256r1,
546	&ecp.u.namedCurve);
547	if (ret)
548	return ret;
549
550	ALLOC(a->clientPublicValue->algorithm.parameters, 1);
551	if (a->clientPublicValue->algorithm.parameters == NULL) {
552	free_ECParameters(&ecp);
553	return ENOMEM;
554	}
555	ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret);
556	free_ECParameters(&ecp);
557	if (ret)
558	return ret;
559	if ((int)size != xlen)
560	krb5_abortx(context, "asn1 internal error");
561
562	a->clientPublicValue->algorithm.parameters->data = p;
563	a->clientPublicValue->algorithm.parameters->length = size;
564
565	/* copy in public key */
566
567	ret = der_copy_oid(&asn1_oid_id_ecPublicKey,
568	&a->clientPublicValue->algorithm.algorithm);
569	if (ret)
570	return ret;
571
572	ctx->u.eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
573	if (ctx->u.eckey == NULL)
574	return ENOMEM;
575
576	ret = EC_KEY_generate_key(ctx->u.eckey);
577	if (ret != 1)
578	return EINVAL;
579
580	/* encode onto dhkey */
581
582	xlen = i2o_ECPublicKey(ctx->u.eckey, NULL);
583	if (xlen <= 0)
584	abort();
585
586	dhbuf.data = malloc(xlen);
587	if (dhbuf.data == NULL)
588	abort();
589	dhbuf.length = xlen;
590	p = dhbuf.data;
591
592	xlen = i2o_ECPublicKey(ctx->u.eckey, &p);
593	if (xlen <= 0)
594	abort();
595
596	/* XXX verify that this is right with RFC3279 */
597	#else
598	return EINVAL;
599	#endif
600	} else
601	krb5_abortx(context, "internal error");
602	a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
603	a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
604	}
605
606	{
607	a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
608	if (a->supportedCMSTypes == NULL)
609	return ENOMEM;
610
611	ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL,
612	ctx->id->cert,
613	&a->supportedCMSTypes->val,
614	&a->supportedCMSTypes->len);
615	if (ret)
616	return ret;
617	}
618
619	return ret;
620	}
621
622	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
623	_krb5_pk_mk_ContentInfo(krb5_context context,
624	const krb5_data *buf,
625	const heim_oid *oid,
626	struct ContentInfo *content_info)
627	{
628	krb5_error_code ret;
629
630	ret = der_copy_oid(oid, &content_info->contentType);
631	if (ret)
632	return ret;
633	ALLOC(content_info->content, 1);
634	if (content_info->content == NULL)
635	return ENOMEM;
636	content_info->content->data = malloc(buf->length);
637	if (content_info->content->data == NULL)
638	return ENOMEM;
639	memcpy(content_info->content->data, buf->data, buf->length);
640	content_info->content->length = buf->length;
641	return 0;
642	}
643
644	static krb5_error_code
645	pk_mk_padata(krb5_context context,
646	krb5_pk_init_ctx ctx,
647	const KDC_REQ_BODY *req_body,
648	unsigned nonce,
649	METHOD_DATA *md)
650	{
651	struct ContentInfo content_info;
652	krb5_error_code ret;
653	const heim_oid *oid = NULL;
654	size_t size = 0;
655	krb5_data buf, sd_buf;
656	int pa_type = -1;
657
658	krb5_data_zero(&buf);
659	krb5_data_zero(&sd_buf);
660	memset(&content_info, 0, sizeof(content_info));
661
662	if (ctx->type == PKINIT_WIN2K) {
663	AuthPack_Win2k ap;
664	krb5_timestamp sec;
665	int32_t usec;
666
667	memset(&ap, 0, sizeof(ap));
668
669	/* fill in PKAuthenticator */
670	ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName);
671	if (ret) {
672	free_AuthPack_Win2k(&ap);
673	krb5_clear_error_message(context);
674	goto out;
675	}
676	ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm);
677	if (ret) {
678	free_AuthPack_Win2k(&ap);
679	krb5_clear_error_message(context);
680	goto out;
681	}
682
683	krb5_us_timeofday(context, &sec, &usec);
684	ap.pkAuthenticator.ctime = sec;
685	ap.pkAuthenticator.cusec = usec;
686	ap.pkAuthenticator.nonce = nonce;
687
688	ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length,
689	&ap, &size, ret);
690	free_AuthPack_Win2k(&ap);
691	if (ret) {
692	krb5_set_error_message(context, ret,
693	N_("Failed encoding AuthPackWin: %d", ""),
694	(int)ret);
695	goto out;
696	}
697	if (buf.length != size)
698	krb5_abortx(context, "internal ASN1 encoder error");
699
700	oid = &asn1_oid_id_pkcs7_data;
701	} else if (ctx->type == PKINIT_27) {
702	AuthPack ap;
703
704	memset(&ap, 0, sizeof(ap));
705
706	ret = build_auth_pack(context, nonce, ctx, req_body, &ap);
707	if (ret) {
708	free_AuthPack(&ap);
709	goto out;
710	}
711
712	ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
713	free_AuthPack(&ap);
714	if (ret) {
715	krb5_set_error_message(context, ret,
716	N_("Failed encoding AuthPack: %d", ""),
717	(int)ret);
718	goto out;
719	}
720	if (buf.length != size)
721	krb5_abortx(context, "internal ASN1 encoder error");
722
723	oid = &asn1_oid_id_pkauthdata;
724	} else
725	krb5_abortx(context, "internal pkinit error");
726
727	ret = create_signature(context, oid, &buf, ctx->id,
728	ctx->peer, &sd_buf);
729	krb5_data_free(&buf);
730	if (ret)
731	goto out;
732
733	ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &sd_buf, &buf);
734	krb5_data_free(&sd_buf);
735	if (ret) {
736	krb5_set_error_message(context, ret,
737	N_("ContentInfo wrapping of signedData failed",""));
738	goto out;
739	}
740
741	if (ctx->type == PKINIT_WIN2K) {
742	PA_PK_AS_REQ_Win2k winreq;
743
744	pa_type = KRB5_PADATA_PK_AS_REQ_WIN;
745
746	memset(&winreq, 0, sizeof(winreq));
747
748	winreq.signed_auth_pack = buf;
749
750	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length,
751	&winreq, &size, ret);
752	free_PA_PK_AS_REQ_Win2k(&winreq);
753
754	} else if (ctx->type == PKINIT_27) {
755	PA_PK_AS_REQ req;
756
757	pa_type = KRB5_PADATA_PK_AS_REQ;
758
759	memset(&req, 0, sizeof(req));
760	req.signedAuthPack = buf;
761
762	if (ctx->trustedCertifiers) {
763
764	req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers));
765	if (req.trustedCertifiers == NULL) {
766	ret = ENOMEM;
767	krb5_set_error_message(context, ret,
768	N_("malloc: out of memory", ""));
769	free_PA_PK_AS_REQ(&req);
770	goto out;
771	}
772	ret = build_edi(context, context->hx509ctx,
773	ctx->id->anchors, req.trustedCertifiers);
774	if (ret) {
775	krb5_set_error_message(context, ret,
776	N_("pk-init: failed to build "
777	"trustedCertifiers", ""));
778	free_PA_PK_AS_REQ(&req);
779	goto out;
780	}
781	}
782	req.kdcPkId = NULL;
783
784	ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length,
785	&req, &size, ret);
786
787	free_PA_PK_AS_REQ(&req);
788
789	} else
790	krb5_abortx(context, "internal pkinit error");
791	if (ret) {
792	krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret);
793	goto out;
794	}
795	if (buf.length != size)
796	krb5_abortx(context, "Internal ASN1 encoder error");
797
798	ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
799	if (ret)
800	free(buf.data);
801
802	if (ret == 0)
803	krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
804
805	out:
806	free_ContentInfo(&content_info);
807
808	return ret;
809	}
810
811
812	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
813	_krb5_pk_mk_padata(krb5_context context,
814	void *c,
815	int ic_flags,
816	int win2k,
817	const KDC_REQ_BODY *req_body,
818	unsigned nonce,
819	METHOD_DATA *md)
820	{
821	krb5_pk_init_ctx ctx = c;
822	int win2k_compat;
823
824	if (ctx->id->certs == NULL && ctx->anonymous == 0) {
825	krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY,
826	N_("PKINIT: No user certificate given", ""));
827	return HEIM_PKINIT_NO_PRIVATE_KEY;
828	}
829
830	win2k_compat = krb5_config_get_bool_default(context, NULL,
831	win2k,
832	"realms",
833	req_body->realm,
834	"pkinit_win2k",
835	NULL);
836
837	if (win2k_compat) {
838	ctx->require_binding =
839	krb5_config_get_bool_default(context, NULL,
840	TRUE,
841	"realms",
842	req_body->realm,
843	"pkinit_win2k_require_binding",
844	NULL);
845	ctx->type = PKINIT_WIN2K;
846	} else
847	ctx->type = PKINIT_27;
848
849	ctx->require_eku =
850	krb5_config_get_bool_default(context, NULL,
851	TRUE,
852	"realms",
853	req_body->realm,
854	"pkinit_require_eku",
855	NULL);
856	if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK)
857	ctx->require_eku = 0;
858	if (ctx->id->flags & PKINIT_BTMM)
859	ctx->require_eku = 0;
860
861	ctx->require_krbtgt_otherName =
862	krb5_config_get_bool_default(context, NULL,
863	TRUE,
864	"realms",
865	req_body->realm,
866	"pkinit_require_krbtgt_otherName",
867	NULL);
868
869	ctx->require_hostname_match =
870	krb5_config_get_bool_default(context, NULL,
871	FALSE,
872	"realms",
873	req_body->realm,
874	"pkinit_require_hostname_match",
875	NULL);
876
877	ctx->trustedCertifiers =
878	krb5_config_get_bool_default(context, NULL,
879	TRUE,
880	"realms",
881	req_body->realm,
882	"pkinit_trustedCertifiers",
883	NULL);
884
885	return pk_mk_padata(context, ctx, req_body, nonce, md);
886	}
887
888	static krb5_error_code
889	pk_verify_sign(krb5_context context,
890	const void *data,
891	size_t length,
892	struct krb5_pk_identity *id,
893	heim_oid *contentType,
894	krb5_data *content,
895	struct krb5_pk_cert **signer)
896	{
897	hx509_certs signer_certs;
898	int ret, flags = 0;
899
900	/* BTMM is broken in Leo and SnowLeo */
901	if (id->flags & PKINIT_BTMM) {
902	flags \|= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH;
903	flags \|= HX509_CMS_VS_NO_KU_CHECK;
904	flags \|= HX509_CMS_VS_NO_VALIDATE;
905	}
906
907	*signer = NULL;
908
909	ret = hx509_cms_verify_signed(context->hx509ctx,
910	id->verify_ctx,
911	flags,
912	data,
913	length,
914	NULL,
915	id->certpool,
916	contentType,
917	content,
918	&signer_certs);
919	if (ret) {
920	pk_copy_error(context, context->hx509ctx, ret,
921	"CMS verify signed failed");
922	return ret;
923	}
924
925	signer = calloc(1, sizeof(*signer));
926	if (*signer == NULL) {
927	krb5_clear_error_message(context);
928	ret = ENOMEM;
929	goto out;
930	}
931
932	ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert);
933	if (ret) {
934	pk_copy_error(context, context->hx509ctx, ret,
935	"Failed to get on of the signer certs");
936	goto out;
937	}
938
939	out:
940	hx509_certs_free(&signer_certs);
941	if (ret) {
942	if (*signer) {
943	hx509_cert_free((*signer)->cert);
944	free(*signer);
945	*signer = NULL;
946	}
947	}
948
949	return ret;
950	}
951
952	static krb5_error_code
953	get_reply_key_win(krb5_context context,
954	const krb5_data *content,
955	unsigned nonce,
956	krb5_keyblock **key)
957	{
958	ReplyKeyPack_Win2k key_pack;
959	krb5_error_code ret;
960	size_t size;
961
962	ret = decode_ReplyKeyPack_Win2k(content->data,
963	content->length,
964	&key_pack,
965	&size);
966	if (ret) {
967	krb5_set_error_message(context, ret,
968	N_("PKINIT decoding reply key failed", ""));
969	free_ReplyKeyPack_Win2k(&key_pack);
970	return ret;
971	}
972
973	if ((unsigned)key_pack.nonce != nonce) {
974	krb5_set_error_message(context, ret,
975	N_("PKINIT enckey nonce is wrong", ""));
976	free_ReplyKeyPack_Win2k(&key_pack);
977	return KRB5KRB_AP_ERR_MODIFIED;
978	}
979
980	key = malloc (sizeof (*key));
981	if (*key == NULL) {
982	free_ReplyKeyPack_Win2k(&key_pack);
983	krb5_set_error_message(context, ENOMEM,
984	N_("malloc: out of memory", ""));
985	return ENOMEM;
986	}
987
988	ret = copy_EncryptionKey(&key_pack.replyKey, *key);
989	free_ReplyKeyPack_Win2k(&key_pack);
990	if (ret) {
991	krb5_set_error_message(context, ret,
992	N_("PKINIT failed copying reply key", ""));
993	free(*key);
994	*key = NULL;
995	}
996
997	return ret;
998	}
999
1000	static krb5_error_code
1001	get_reply_key(krb5_context context,
1002	const krb5_data *content,
1003	const krb5_data *req_buffer,
1004	krb5_keyblock **key)
1005	{
1006	ReplyKeyPack key_pack;
1007	krb5_error_code ret;
1008	size_t size;
1009
1010	ret = decode_ReplyKeyPack(content->data,
1011	content->length,
1012	&key_pack,
1013	&size);
1014	if (ret) {
1015	krb5_set_error_message(context, ret,
1016	N_("PKINIT decoding reply key failed", ""));
1017	free_ReplyKeyPack(&key_pack);
1018	return ret;
1019	}
1020
1021	{
1022	krb5_crypto crypto;
1023
1024	/*
1025	* XXX Verify kp.replyKey is a allowed enctype in the
1026	* configuration file
1027	*/
1028
1029	ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
1030	if (ret) {
1031	free_ReplyKeyPack(&key_pack);
1032	return ret;
1033	}
1034
1035	ret = krb5_verify_checksum(context, crypto, 6,
1036	req_buffer->data, req_buffer->length,
1037	&key_pack.asChecksum);
1038	krb5_crypto_destroy(context, crypto);
1039	if (ret) {
1040	free_ReplyKeyPack(&key_pack);
1041	return ret;
1042	}
1043	}
1044
1045	key = malloc (sizeof (*key));
1046	if (*key == NULL) {
1047	free_ReplyKeyPack(&key_pack);
1048	krb5_set_error_message(context, ENOMEM,
1049	N_("malloc: out of memory", ""));
1050	return ENOMEM;
1051	}
1052
1053	ret = copy_EncryptionKey(&key_pack.replyKey, *key);
1054	free_ReplyKeyPack(&key_pack);
1055	if (ret) {
1056	krb5_set_error_message(context, ret,
1057	N_("PKINIT failed copying reply key", ""));
1058	free(*key);
1059	*key = NULL;
1060	}
1061
1062	return ret;
1063	}
1064
1065
1066	static krb5_error_code
1067	pk_verify_host(krb5_context context,
1068	const char *realm,
1069	const krb5_krbhst_info *hi,
1070	struct krb5_pk_init_ctx_data *ctx,
1071	struct krb5_pk_cert *host)
1072	{
1073	krb5_error_code ret = 0;
1074
1075	if (ctx->require_eku) {
1076	ret = hx509_cert_check_eku(context->hx509ctx, host->cert,
1077	&asn1_oid_id_pkkdcekuoid, 0);
1078	if (ret) {
1079	krb5_set_error_message(context, ret,
1080	N_("No PK-INIT KDC EKU in kdc certificate", ""));
1081	return ret;
1082	}
1083	}
1084	if (ctx->require_krbtgt_otherName) {
1085	hx509_octet_string_list list;
1086	size_t i;
1087
1088	ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx,
1089	host->cert,
1090	&asn1_oid_id_pkinit_san,
1091	&list);
1092	if (ret) {
1093	krb5_set_error_message(context, ret,
1094	N_("Failed to find the PK-INIT "
1095	"subjectAltName in the KDC "
1096	"certificate", ""));
1097
1098	return ret;
1099	}
1100
1101	for (i = 0; i < list.len; i++) {
1102	KRB5PrincipalName r;
1103
1104	ret = decode_KRB5PrincipalName(list.val[i].data,
1105	list.val[i].length,
1106	&r,
1107	NULL);
1108	if (ret) {
1109	krb5_set_error_message(context, ret,
1110	N_("Failed to decode the PK-INIT "
1111	"subjectAltName in the "
1112	"KDC certificate", ""));
1113
1114	break;
1115	}
1116
1117	if (r.principalName.name_string.len != 2 \|\|
1118	strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 \|\|
1119	strcmp(r.principalName.name_string.val[1], realm) != 0 \|\|
1120	strcmp(r.realm, realm) != 0)
1121	{
1122	ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
1123	krb5_set_error_message(context, ret,
1124	N_("KDC have wrong realm name in "
1125	"the certificate", ""));
1126	}
1127
1128	free_KRB5PrincipalName(&r);
1129	if (ret)
1130	break;
1131	}
1132	hx509_free_octet_string_list(&list);
1133	}
1134	if (ret)
1135	return ret;
1136
1137	if (hi) {
1138	ret = hx509_verify_hostname(context->hx509ctx, host->cert,
1139	ctx->require_hostname_match,
1140	HX509_HN_HOSTNAME,
1141	hi->hostname,
1142	hi->ai->ai_addr, hi->ai->ai_addrlen);
1143
1144	if (ret)
1145	krb5_set_error_message(context, ret,
1146	N_("Address mismatch in "
1147	"the KDC certificate", ""));
1148	}
1149	return ret;
1150	}
1151
1152	static krb5_error_code
1153	pk_rd_pa_reply_enckey(krb5_context context,
1154	int type,
1155	const heim_octet_string *indata,
1156	const heim_oid *dataType,
1157	const char *realm,
1158	krb5_pk_init_ctx ctx,
1159	krb5_enctype etype,
1160	const krb5_krbhst_info *hi,
1161	unsigned nonce,
1162	const krb5_data *req_buffer,
1163	PA_DATA *pa,
1164	krb5_keyblock **key)
1165	{
1166	krb5_error_code ret;
1167	struct krb5_pk_cert *host = NULL;
1168	krb5_data content;
1169	heim_oid contentType = { 0, NULL };
1170	int flags = HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT;
1171
1172	if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_envelopedData, dataType)) {
1173	krb5_set_error_message(context, EINVAL,
1174	N_("PKINIT: Invalid content type", ""));
1175	return EINVAL;
1176	}
1177
1178	if (ctx->type == PKINIT_WIN2K)
1179	flags \|= HX509_CMS_UE_ALLOW_WEAK;
1180
1181	ret = hx509_cms_unenvelope(context->hx509ctx,
1182	ctx->id->certs,
1183	flags,
1184	indata->data,
1185	indata->length,
1186	NULL,
1187	0,
1188	&contentType,
1189	&content);
1190	if (ret) {
1191	pk_copy_error(context, context->hx509ctx, ret,
1192	"Failed to unenvelope CMS data in PK-INIT reply");
1193	return ret;
1194	}
1195	der_free_oid(&contentType);
1196
1197	/* win2k uses ContentInfo */
1198	if (type == PKINIT_WIN2K) {
1199	heim_oid type2;
1200	heim_octet_string out;
1201
1202	ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
1203	if (ret) {
1204	/* windows LH with interesting CMS packets */
1205	size_t ph = 1 + der_length_len(content.length);
1206	unsigned char *ptr = malloc(content.length + ph);
1207	size_t l;
1208
1209	memcpy(ptr + ph, content.data, content.length);
1210
1211	ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length,
1212	ASN1_C_UNIV, CONS, UT_Sequence, &l);
1213	if (ret)
1214	return ret;
1215	free(content.data);
1216	content.data = ptr;
1217	content.length += ph;
1218
1219	ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL);
1220	if (ret)
1221	goto out;
1222	}
1223	if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) {
1224	ret = EINVAL; /* XXX */
1225	krb5_set_error_message(context, ret,
1226	N_("PKINIT: Invalid content type", ""));
1227	der_free_oid(&type2);
1228	der_free_octet_string(&out);
1229	goto out;
1230	}
1231	der_free_oid(&type2);
1232	krb5_data_free(&content);
1233	ret = krb5_data_copy(&content, out.data, out.length);
1234	der_free_octet_string(&out);
1235	if (ret) {
1236	krb5_set_error_message(context, ret,
1237	N_("malloc: out of memory", ""));
1238	goto out;
1239	}
1240	}
1241
1242	ret = pk_verify_sign(context,
1243	content.data,
1244	content.length,
1245	ctx->id,
1246	&contentType,
1247	&content,
1248	&host);
1249	if (ret)
1250	goto out;
1251
1252	/* make sure that it is the kdc's certificate */
1253	ret = pk_verify_host(context, realm, hi, ctx, host);
1254	if (ret) {
1255	goto out;
1256	}
1257
1258	#if 0
1259	if (type == PKINIT_WIN2K) {
1260	if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkcs7_data) != 0) {
1261	ret = KRB5KRB_AP_ERR_MSG_TYPE;
1262	krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
1263	goto out;
1264	}
1265	} else {
1266	if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkrkeydata) != 0) {
1267	ret = KRB5KRB_AP_ERR_MSG_TYPE;
1268	krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
1269	goto out;
1270	}
1271	}
1272	#endif
1273
1274	switch(type) {
1275	case PKINIT_WIN2K:
1276	ret = get_reply_key(context, &content, req_buffer, key);
1277	if (ret != 0 && ctx->require_binding == 0)
1278	ret = get_reply_key_win(context, &content, nonce, key);
1279	break;
1280	case PKINIT_27:
1281	ret = get_reply_key(context, &content, req_buffer, key);
1282	break;
1283	}
1284	if (ret)
1285	goto out;
1286
1287	/* XXX compare given etype with key->etype */
1288
1289	out:
1290	if (host)
1291	_krb5_pk_cert_free(host);
1292	der_free_oid(&contentType);
1293	krb5_data_free(&content);
1294
1295	return ret;
1296	}
1297
1298	static krb5_error_code
1299	pk_rd_pa_reply_dh(krb5_context context,
1300	const heim_octet_string *indata,
1301	const heim_oid *dataType,
1302	const char *realm,
1303	krb5_pk_init_ctx ctx,
1304	krb5_enctype etype,
1305	const krb5_krbhst_info *hi,
1306	const DHNonce *c_n,
1307	const DHNonce *k_n,
1308	unsigned nonce,
1309	PA_DATA *pa,
1310	krb5_keyblock **key)
1311	{
1312	const unsigned char *p;
1313	unsigned char *dh_gen_key = NULL;
1314	struct krb5_pk_cert *host = NULL;
1315	BIGNUM *kdc_dh_pubkey = NULL;
1316	KDCDHKeyInfo kdc_dh_info;
1317	heim_oid contentType = { 0, NULL };
1318	krb5_data content;
1319	krb5_error_code ret;
1320	int dh_gen_keylen = 0;
1321	size_t size;
1322
1323	krb5_data_zero(&content);
1324	memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
1325
1326	if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_signedData, dataType)) {
1327	krb5_set_error_message(context, EINVAL,
1328	N_("PKINIT: Invalid content type", ""));
1329	return EINVAL;
1330	}
1331
1332	ret = pk_verify_sign(context,
1333	indata->data,
1334	indata->length,
1335	ctx->id,
1336	&contentType,
1337	&content,
1338	&host);
1339	if (ret)
1340	goto out;
1341
1342	/* make sure that it is the kdc's certificate */
1343	ret = pk_verify_host(context, realm, hi, ctx, host);
1344	if (ret)
1345	goto out;
1346
1347	if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkdhkeydata)) {
1348	ret = KRB5KRB_AP_ERR_MSG_TYPE;
1349	krb5_set_error_message(context, ret,
1350	N_("pkinit - dh reply contains wrong oid", ""));
1351	goto out;
1352	}
1353
1354	ret = decode_KDCDHKeyInfo(content.data,
1355	content.length,
1356	&kdc_dh_info,
1357	&size);
1358
1359	if (ret) {
1360	krb5_set_error_message(context, ret,
1361	N_("pkinit - failed to decode "
1362	"KDC DH Key Info", ""));
1363	goto out;
1364	}
1365
1366	if (kdc_dh_info.nonce != nonce) {
1367	ret = KRB5KRB_AP_ERR_MODIFIED;
1368	krb5_set_error_message(context, ret,
1369	N_("PKINIT: DH nonce is wrong", ""));
1370	goto out;
1371	}
1372
1373	if (kdc_dh_info.dhKeyExpiration) {
1374	if (k_n == NULL) {
1375	ret = KRB5KRB_ERR_GENERIC;
1376	krb5_set_error_message(context, ret,
1377	N_("pkinit; got key expiration "
1378	"without server nonce", ""));
1379	goto out;
1380	}
1381	if (c_n == NULL) {
1382	ret = KRB5KRB_ERR_GENERIC;
1383	krb5_set_error_message(context, ret,
1384	N_("pkinit; got DH reuse but no "
1385	"client nonce", ""));
1386	goto out;
1387	}
1388	} else {
1389	if (k_n) {
1390	ret = KRB5KRB_ERR_GENERIC;
1391	krb5_set_error_message(context, ret,
1392	N_("pkinit: got server nonce "
1393	"without key expiration", ""));
1394	goto out;
1395	}
1396	c_n = NULL;
1397	}
1398
1399
1400	p = kdc_dh_info.subjectPublicKey.data;
1401	size = (kdc_dh_info.subjectPublicKey.length + 7) / 8;
1402
1403	if (ctx->keyex == USE_DH) {
1404	DHPublicKey k;
1405	ret = decode_DHPublicKey(p, size, &k, NULL);
1406	if (ret) {
1407	krb5_set_error_message(context, ret,
1408	N_("pkinit: can't decode "
1409	"without key expiration", ""));
1410	goto out;
1411	}
1412
1413	kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
1414	free_DHPublicKey(&k);
1415	if (kdc_dh_pubkey == NULL) {
1416	ret = ENOMEM;
1417	goto out;
1418	}
1419
1420
1421	size = DH_size(ctx->u.dh);
1422
1423	dh_gen_key = malloc(size);
1424	if (dh_gen_key == NULL) {
1425	ret = ENOMEM;
1426	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1427	goto out;
1428	}
1429
1430	dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh);
1431	if (dh_gen_keylen == -1) {
1432	ret = KRB5KRB_ERR_GENERIC;
1433	dh_gen_keylen = 0;
1434	krb5_set_error_message(context, ret,
1435	N_("PKINIT: Can't compute Diffie-Hellman key", ""));
1436	goto out;
1437	}
1438	if (dh_gen_keylen < (int)size) {
1439	size -= dh_gen_keylen;
1440	memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
1441	memset(dh_gen_key, 0, size);
1442	}
1443
1444	} else {
1445	#ifdef HAVE_OPENSSL
1446	const EC_GROUP *group;
1447	EC_KEY *public = NULL;
1448
1449	group = EC_KEY_get0_group(ctx->u.eckey);
1450
1451	public = EC_KEY_new();
1452	if (public == NULL) {
1453	ret = ENOMEM;
1454	goto out;
1455	}
1456	if (EC_KEY_set_group(public, group) != 1) {
1457	EC_KEY_free(public);
1458	ret = ENOMEM;
1459	goto out;
1460	}
1461
1462	if (o2i_ECPublicKey(&public, &p, size) == NULL) {
1463	EC_KEY_free(public);
1464	ret = KRB5KRB_ERR_GENERIC;
1465	krb5_set_error_message(context, ret,
1466	N_("PKINIT: Can't parse ECDH public key", ""));
1467	goto out;
1468	}
1469
1470	size = (EC_GROUP_get_degree(group) + 7) / 8;
1471	dh_gen_key = malloc(size);
1472	if (dh_gen_key == NULL) {
1473	EC_KEY_free(public);
1474	ret = ENOMEM;
1475	krb5_set_error_message(context, ret,
1476	N_("malloc: out of memory", ""));
1477	goto out;
1478	}
1479	dh_gen_keylen = ECDH_compute_key(dh_gen_key, size,
1480	EC_KEY_get0_public_key(public), ctx->u.eckey, NULL);
1481	EC_KEY_free(public);
1482	if (dh_gen_keylen == -1) {
1483	ret = KRB5KRB_ERR_GENERIC;
1484	dh_gen_keylen = 0;
1485	krb5_set_error_message(context, ret,
1486	N_("PKINIT: Can't compute ECDH public key", ""));
1487	goto out;
1488	}
1489	#else
1490	ret = EINVAL;
1491	#endif
1492	}
1493
1494	if (dh_gen_keylen <= 0) {
1495	ret = EINVAL;
1496	krb5_set_error_message(context, ret,
1497	N_("PKINIT: resulting DH key <= 0", ""));
1498	dh_gen_keylen = 0;
1499	goto out;
1500	}
1501
1502	key = malloc (sizeof (*key));
1503	if (*key == NULL) {
1504	ret = ENOMEM;
1505	krb5_set_error_message(context, ret,
1506	N_("malloc: out of memory", ""));
1507	goto out;
1508	}
1509
1510	ret = _krb5_pk_octetstring2key(context,
1511	etype,
1512	dh_gen_key, dh_gen_keylen,
1513	c_n, k_n,
1514	*key);
1515	if (ret) {
1516	krb5_set_error_message(context, ret,
1517	N_("PKINIT: can't create key from DH key", ""));
1518	free(*key);
1519	*key = NULL;
1520	goto out;
1521	}
1522
1523	out:
1524	if (kdc_dh_pubkey)
1525	BN_free(kdc_dh_pubkey);
1526	if (dh_gen_key) {
1527	memset(dh_gen_key, 0, dh_gen_keylen);
1528	free(dh_gen_key);
1529	}
1530	if (host)
1531	_krb5_pk_cert_free(host);
1532	if (content.data)
1533	krb5_data_free(&content);
1534	der_free_oid(&contentType);
1535	free_KDCDHKeyInfo(&kdc_dh_info);
1536
1537	return ret;
1538	}
1539
1540	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1541	_krb5_pk_rd_pa_reply(krb5_context context,
1542	const char *realm,
1543	void *c,
1544	krb5_enctype etype,
1545	const krb5_krbhst_info *hi,
1546	unsigned nonce,
1547	const krb5_data *req_buffer,
1548	PA_DATA *pa,
1549	krb5_keyblock **key)
1550	{
1551	krb5_pk_init_ctx ctx = c;
1552	krb5_error_code ret;
1553	size_t size;
1554
1555	/* Check for IETF PK-INIT first */
1556	if (ctx->type == PKINIT_27) {
1557	PA_PK_AS_REP rep;
1558	heim_octet_string os, data;
1559	heim_oid oid;
1560
1561	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
1562	krb5_set_error_message(context, EINVAL,
1563	N_("PKINIT: wrong padata recv", ""));
1564	return EINVAL;
1565	}
1566
1567	ret = decode_PA_PK_AS_REP(pa->padata_value.data,
1568	pa->padata_value.length,
1569	&rep,
1570	&size);
1571	if (ret) {
1572	krb5_set_error_message(context, ret,
1573	N_("Failed to decode pkinit AS rep", ""));
1574	return ret;
1575	}
1576
1577	switch (rep.element) {
1578	case choice_PA_PK_AS_REP_dhInfo:
1579	_krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh");
1580	os = rep.u.dhInfo.dhSignedData;
1581	break;
1582	case choice_PA_PK_AS_REP_encKeyPack:
1583	_krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key");
1584	os = rep.u.encKeyPack;
1585	break;
1586	default: {
1587	PA_PK_AS_REP_BTMM btmm;
1588	free_PA_PK_AS_REP(&rep);
1589	memset(&rep, 0, sizeof(rep));
1590
1591	_krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key");
1592
1593	ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data,
1594	pa->padata_value.length,
1595	&btmm,
1596	&size);
1597	if (ret) {
1598	krb5_set_error_message(context, EINVAL,
1599	N_("PKINIT: -27 reply "
1600	"invalid content type", ""));
1601	return EINVAL;
1602	}
1603
1604	if (btmm.dhSignedData \|\| btmm.encKeyPack == NULL) {
1605	free_PA_PK_AS_REP_BTMM(&btmm);
1606	ret = EINVAL;
1607	krb5_set_error_message(context, ret,
1608	N_("DH mode not supported for BTMM mode", ""));
1609	return ret;
1610	}
1611
1612	/*
1613	* Transform to IETF style PK-INIT reply so that free works below
1614	*/
1615
1616	rep.element = choice_PA_PK_AS_REP_encKeyPack;
1617	rep.u.encKeyPack.data = btmm.encKeyPack->data;
1618	rep.u.encKeyPack.length = btmm.encKeyPack->length;
1619	btmm.encKeyPack->data = NULL;
1620	btmm.encKeyPack->length = 0;
1621	free_PA_PK_AS_REP_BTMM(&btmm);
1622	os = rep.u.encKeyPack;
1623	}
1624	}
1625
1626	ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
1627	if (ret) {
1628	free_PA_PK_AS_REP(&rep);
1629	krb5_set_error_message(context, ret,
1630	N_("PKINIT: failed to unwrap CI", ""));
1631	return ret;
1632	}
1633
1634	switch (rep.element) {
1635	case choice_PA_PK_AS_REP_dhInfo:
1636	ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
1637	ctx->clientDHNonce,
1638	rep.u.dhInfo.serverDHNonce,
1639	nonce, pa, key);
1640	break;
1641	case choice_PA_PK_AS_REP_encKeyPack:
1642	ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm,
1643	ctx, etype, hi, nonce, req_buffer, pa, key);
1644	break;
1645	default:
1646	krb5_abortx(context, "pk-init as-rep case not possible to happen");
1647	}
1648	der_free_octet_string(&data);
1649	der_free_oid(&oid);
1650	free_PA_PK_AS_REP(&rep);
1651
1652	} else if (ctx->type == PKINIT_WIN2K) {
1653	PA_PK_AS_REP_Win2k w2krep;
1654
1655	/* Check for Windows encoding of the AS-REP pa data */
1656
1657	#if 0 /* should this be ? */
1658	if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
1659	krb5_set_error_message(context, EINVAL,
1660	"PKINIT: wrong padata recv");
1661	return EINVAL;
1662	}
1663	#endif
1664
1665	memset(&w2krep, 0, sizeof(w2krep));
1666
1667	ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
1668	pa->padata_value.length,
1669	&w2krep,
1670	&size);
1671	if (ret) {
1672	krb5_set_error_message(context, ret,
1673	N_("PKINIT: Failed decoding windows "
1674	"pkinit reply %d", ""), (int)ret);
1675	return ret;
1676	}
1677
1678	krb5_clear_error_message(context);
1679
1680	switch (w2krep.element) {
1681	case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
1682	heim_octet_string data;
1683	heim_oid oid;
1684
1685	ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack,
1686	&oid, &data, NULL);
1687	free_PA_PK_AS_REP_Win2k(&w2krep);
1688	if (ret) {
1689	krb5_set_error_message(context, ret,
1690	N_("PKINIT: failed to unwrap CI", ""));
1691	return ret;
1692	}
1693
1694	ret = pk_rd_pa_reply_enckey(context, PKINIT_WIN2K, &data, &oid, realm,
1695	ctx, etype, hi, nonce, req_buffer, pa, key);
1696	der_free_octet_string(&data);
1697	der_free_oid(&oid);
1698
1699	break;
1700	}
1701	default:
1702	free_PA_PK_AS_REP_Win2k(&w2krep);
1703	ret = EINVAL;
1704	krb5_set_error_message(context, ret,
1705	N_("PKINIT: win2k reply invalid "
1706	"content type", ""));
1707	break;
1708	}
1709
1710	} else {
1711	ret = EINVAL;
1712	krb5_set_error_message(context, ret,
1713	N_("PKINIT: unknown reply type", ""));
1714	}
1715
1716	return ret;
1717	}
1718
1719	struct prompter {
1720	krb5_context context;
1721	krb5_prompter_fct prompter;
1722	void *prompter_data;
1723	};
1724
1725	static int
1726	hx_pass_prompter(void data, const hx509_prompt prompter)
1727	{
1728	krb5_error_code ret;
1729	krb5_prompt prompt;
1730	krb5_data password_data;
1731	struct prompter *p = data;
1732
1733	password_data.data = prompter->reply.data;
1734	password_data.length = prompter->reply.length;
1735
1736	prompt.prompt = prompter->prompt;
1737	prompt.hidden = hx509_prompt_hidden(prompter->type);
1738	prompt.reply = &password_data;
1739
1740	switch (prompter->type) {
1741	case HX509_PROMPT_TYPE_INFO:
1742	prompt.type = KRB5_PROMPT_TYPE_INFO;
1743	break;
1744	case HX509_PROMPT_TYPE_PASSWORD:
1745	case HX509_PROMPT_TYPE_QUESTION:
1746	default:
1747	prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
1748	break;
1749	}
1750
1751	ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
1752	if (ret) {
1753	memset (prompter->reply.data, 0, prompter->reply.length);
1754	return 1;
1755	}
1756	return 0;
1757	}
1758
1759	static krb5_error_code
1760	_krb5_pk_set_user_id(krb5_context context,
1761	krb5_principal principal,
1762	krb5_pk_init_ctx ctx,
1763	struct hx509_certs_data *certs)
1764	{
1765	hx509_certs c = hx509_certs_ref(certs);
1766	hx509_query *q = NULL;
1767	int ret;
1768
1769	if (ctx->id->certs)
1770	hx509_certs_free(&ctx->id->certs);
1771	if (ctx->id->cert) {
1772	hx509_cert_free(ctx->id->cert);
1773	ctx->id->cert = NULL;
1774	}
1775
1776	ctx->id->certs = c;
1777	ctx->anonymous = 0;
1778
1779	ret = hx509_query_alloc(context->hx509ctx, &q);
1780	if (ret) {
1781	pk_copy_error(context, context->hx509ctx, ret,
1782	"Allocate query to find signing certificate");
1783	return ret;
1784	}
1785
1786	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1787	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
1788
1789	if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) {
1790	ctx->id->flags \|= PKINIT_BTMM;
1791	}
1792
1793	ret = find_cert(context, ctx->id, q, &ctx->id->cert);
1794	hx509_query_free(context->hx509ctx, q);
1795
1796	if (ret == 0 && _krb5_have_debug(context, 2)) {
1797	hx509_name name;
1798	char str, sn;
1799	heim_integer i;
1800
1801	ret = hx509_cert_get_subject(ctx->id->cert, &name);
1802	if (ret)
1803	goto out;
1804
1805	ret = hx509_name_to_string(name, &str);
1806	hx509_name_free(&name);
1807	if (ret)
1808	goto out;
1809
1810	ret = hx509_cert_get_serialnumber(ctx->id->cert, &i);
1811	if (ret) {
1812	free(str);
1813	goto out;
1814	}
1815
1816	ret = der_print_hex_heim_integer(&i, &sn);
1817	der_free_heim_integer(&i);
1818	if (ret) {
1819	free(name);
1820	goto out;
1821	}
1822
1823	_krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn);
1824	free(str);
1825	free(sn);
1826	}
1827	out:
1828
1829	return ret;
1830	}
1831
1832	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
1833	_krb5_pk_load_id(krb5_context context,
1834	struct krb5_pk_identity **ret_id,
1835	const char *user_id,
1836	const char *anchor_id,
1837	char * const *chain_list,
1838	char * const *revoke_list,
1839	krb5_prompter_fct prompter,
1840	void *prompter_data,
1841	char *password)
1842	{
1843	struct krb5_pk_identity *id = NULL;
1844	struct prompter p;
1845	int ret;
1846
1847	*ret_id = NULL;
1848
1849	if (anchor_id == NULL) {
1850	krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA,
1851	N_("PKINIT: No anchor given", ""));
1852	return HEIM_PKINIT_NO_VALID_CA;
1853	}
1854
1855	/* load cert */
1856
1857	id = calloc(1, sizeof(*id));
1858	if (id == NULL) {
1859	krb5_set_error_message(context, ENOMEM,
1860	N_("malloc: out of memory", ""));
1861	return ENOMEM;
1862	}
1863
1864	if (user_id) {
1865	hx509_lock lock;
1866
1867	ret = hx509_lock_init(context->hx509ctx, &lock);
1868	if (ret) {
1869	pk_copy_error(context, context->hx509ctx, ret, "Failed init lock");
1870	goto out;
1871	}
1872
1873	if (password && password[0])
1874	hx509_lock_add_password(lock, password);
1875
1876	if (prompter) {
1877	p.context = context;
1878	p.prompter = prompter;
1879	p.prompter_data = prompter_data;
1880
1881	ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
1882	if (ret) {
1883	hx509_lock_free(lock);
1884	goto out;
1885	}
1886	}
1887
1888	ret = hx509_certs_init(context->hx509ctx, user_id, 0, lock, &id->certs);
1889	hx509_lock_free(lock);
1890	if (ret) {
1891	pk_copy_error(context, context->hx509ctx, ret,
1892	"Failed to init cert certs");
1893	goto out;
1894	}
1895	} else {
1896	id->certs = NULL;
1897	}
1898
1899	ret = hx509_certs_init(context->hx509ctx, anchor_id, 0, NULL, &id->anchors);
1900	if (ret) {
1901	pk_copy_error(context, context->hx509ctx, ret,
1902	"Failed to init anchors");
1903	goto out;
1904	}
1905
1906	ret = hx509_certs_init(context->hx509ctx, "MEMORY:pkinit-cert-chain",
1907	0, NULL, &id->certpool);
1908	if (ret) {
1909	pk_copy_error(context, context->hx509ctx, ret,
1910	"Failed to init chain");
1911	goto out;
1912	}
1913
1914	while (chain_list && *chain_list) {
1915	ret = hx509_certs_append(context->hx509ctx, id->certpool,
1916	NULL, *chain_list);
1917	if (ret) {
1918	pk_copy_error(context, context->hx509ctx, ret,
1919	"Failed to laod chain %s",
1920	*chain_list);
1921	goto out;
1922	}
1923	chain_list++;
1924	}
1925
1926	if (revoke_list) {
1927	ret = hx509_revoke_init(context->hx509ctx, &id->revokectx);
1928	if (ret) {
1929	pk_copy_error(context, context->hx509ctx, ret,
1930	"Failed init revoke list");
1931	goto out;
1932	}
1933
1934	while (*revoke_list) {
1935	ret = hx509_revoke_add_crl(context->hx509ctx,
1936	id->revokectx,
1937	*revoke_list);
1938	if (ret) {
1939	pk_copy_error(context, context->hx509ctx, ret,
1940	"Failed load revoke list");
1941	goto out;
1942	}
1943	revoke_list++;
1944	}
1945	} else
1946	hx509_context_set_missing_revoke(context->hx509ctx, 1);
1947
1948	ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx);
1949	if (ret) {
1950	pk_copy_error(context, context->hx509ctx, ret,
1951	"Failed init verify context");
1952	goto out;
1953	}
1954
1955	hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
1956	hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
1957
1958	out:
1959	if (ret) {
1960	hx509_verify_destroy_ctx(id->verify_ctx);
1961	hx509_certs_free(&id->certs);
1962	hx509_certs_free(&id->anchors);
1963	hx509_certs_free(&id->certpool);
1964	hx509_revoke_free(&id->revokectx);
1965	free(id);
1966	} else
1967	*ret_id = id;
1968
1969	return ret;
1970	}
1971
1972	/*
1973	*
1974	*/
1975
1976	static void
1977	pk_copy_error(krb5_context context,
1978	hx509_context hx509ctx,
1979	int hxret,
1980	const char *fmt,
1981	...)
1982	{
1983	va_list va;
1984	char s, f;
1985	int ret;
1986
1987	va_start(va, fmt);
1988	ret = vasprintf(&f, fmt, va);
1989	va_end(va);
1990	if (ret == -1 \|\| f == NULL) {
1991	krb5_clear_error_message(context);
1992	return;
1993	}
1994
1995	s = hx509_get_error_string(hx509ctx, hxret);
1996	if (s == NULL) {
1997	krb5_clear_error_message(context);
1998	free(f);
1999	return;
2000	}
2001	krb5_set_error_message(context, hxret, "%s: %s", f, s);
2002	free(s);
2003	free(f);
2004	}
2005
2006	static int
2007	parse_integer(krb5_context context, char *p, const char file, int lineno,
2008	const char name, heim_integer integer)
2009	{
2010	int ret;
2011	char *p1;
2012	p1 = strsep(p, " \t");
2013	if (p1 == NULL) {
2014	krb5_set_error_message(context, EINVAL,
2015	N_("moduli file %s missing %s on line %d", ""),
2016	file, name, lineno);
2017	return EINVAL;
2018	}
2019	ret = der_parse_hex_heim_integer(p1, integer);
2020	if (ret) {
2021	krb5_set_error_message(context, ret,
2022	N_("moduli file %s failed parsing %s "
2023	"on line %d", ""),
2024	file, name, lineno);
2025	return ret;
2026	}
2027
2028	return 0;
2029	}
2030
2031	krb5_error_code
2032	_krb5_parse_moduli_line(krb5_context context,
2033	const char *file,
2034	int lineno,
2035	char *p,
2036	struct krb5_dh_moduli **m)
2037	{
2038	struct krb5_dh_moduli *m1;
2039	char *p1;
2040	int ret;
2041
2042	*m = NULL;
2043
2044	m1 = calloc(1, sizeof(*m1));
2045	if (m1 == NULL) {
2046	krb5_set_error_message(context, ENOMEM,
2047	N_("malloc: out of memory", ""));
2048	return ENOMEM;
2049	}
2050
2051	while (isspace((unsigned char)*p))
2052	p++;
2053	if (*p == '#') {
2054	free(m1);
2055	return 0;
2056	}
2057	ret = EINVAL;
2058
2059	p1 = strsep(&p, " \t");
2060	if (p1 == NULL) {
2061	krb5_set_error_message(context, ret,
2062	N_("moduli file %s missing name on line %d", ""),
2063	file, lineno);
2064	goto out;
2065	}
2066	m1->name = strdup(p1);
2067	if (m1->name == NULL) {
2068	ret = ENOMEM;
2069	krb5_set_error_message(context, ret, N_("malloc: out of memeory", ""));
2070	goto out;
2071	}
2072
2073	p1 = strsep(&p, " \t");
2074	if (p1 == NULL) {
2075	krb5_set_error_message(context, ret,
2076	N_("moduli file %s missing bits on line %d", ""),
2077	file, lineno);
2078	goto out;
2079	}
2080
2081	m1->bits = atoi(p1);
2082	if (m1->bits == 0) {
2083	krb5_set_error_message(context, ret,
2084	N_("moduli file %s have un-parsable "
2085	"bits on line %d", ""), file, lineno);
2086	goto out;
2087	}
2088
2089	ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
2090	if (ret)
2091	goto out;
2092	ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
2093	if (ret)
2094	goto out;
2095	ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
2096	if (ret)
2097	goto out;
2098
2099	*m = m1;
2100
2101	return 0;
2102	out:
2103	free(m1->name);
2104	der_free_heim_integer(&m1->p);
2105	der_free_heim_integer(&m1->g);
2106	der_free_heim_integer(&m1->q);
2107	free(m1);
2108	return ret;
2109	}
2110
2111	void
2112	_krb5_free_moduli(struct krb5_dh_moduli **moduli)
2113	{
2114	int i;
2115	for (i = 0; moduli[i] != NULL; i++) {
2116	free(moduli[i]->name);
2117	der_free_heim_integer(&moduli[i]->p);
2118	der_free_heim_integer(&moduli[i]->g);
2119	der_free_heim_integer(&moduli[i]->q);
2120	free(moduli[i]);
2121	}
2122	free(moduli);
2123	}
2124
2125	static const char *default_moduli_RFC2412_MODP_group2 =
2126	/* name */
2127	"RFC2412-MODP-group2 "
2128	/* bits */
2129	"1024 "
2130	/* p */
2131	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
2132	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
2133	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
2134	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
2135	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
2136	"FFFFFFFF" "FFFFFFFF "
2137	/* g */
2138	"02 "
2139	/* q */
2140	"7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
2141	"94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
2142	"F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
2143	"F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
2144	"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
2145	"FFFFFFFF" "FFFFFFFF";
2146
2147	static const char *default_moduli_rfc3526_MODP_group14 =
2148	/* name */
2149	"rfc3526-MODP-group14 "
2150	/* bits */
2151	"1760 "
2152	/* p */
2153	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
2154	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
2155	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
2156	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
2157	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
2158	"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
2159	"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
2160	"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
2161	"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
2162	"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
2163	"15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
2164	/* g */
2165	"02 "
2166	/* q */
2167	"7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
2168	"94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
2169	"F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
2170	"F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
2171	"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
2172	"E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
2173	"C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
2174	"B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
2175	"F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
2176	"EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
2177	"0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
2178
2179	krb5_error_code
2180	_krb5_parse_moduli(krb5_context context, const char *file,
2181	struct krb5_dh_moduli ***moduli)
2182	{
2183	/* name bits P G Q */
2184	krb5_error_code ret;
2185	struct krb5_dh_moduli m = NULL, m2;
2186	char buf[4096];
2187	FILE *f;
2188	int lineno = 0, n = 0;
2189
2190	*moduli = NULL;
2191
2192	m = calloc(1, sizeof(m[0]) * 3);
2193	if (m == NULL) {
2194	krb5_set_error_message(context, ENOMEM,
2195	N_("malloc: out of memory", ""));
2196	return ENOMEM;
2197	}
2198
2199	strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
2200	ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
2201	if (ret) {
2202	_krb5_free_moduli(m);
2203	return ret;
2204	}
2205	n++;
2206
2207	strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
2208	ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
2209	if (ret) {
2210	_krb5_free_moduli(m);
2211	return ret;
2212	}
2213	n++;
2214
2215
2216	if (file == NULL)
2217	file = MODULI_FILE;
2218
2219	#ifdef KRB5_USE_PATH_TOKENS
2220	{
2221	char * exp_file;
2222
2223	if (_krb5_expand_path_tokens(context, file, &exp_file) == 0) {
2224	f = fopen(exp_file, "r");
2225	krb5_xfree(exp_file);
2226	} else {
2227	f = NULL;
2228	}
2229	}
2230	#else
2231	f = fopen(file, "r");
2232	#endif
2233
2234	if (f == NULL) {
2235	*moduli = m;
2236	return 0;
2237	}
2238	rk_cloexec_file(f);
2239
2240	while(fgets(buf, sizeof(buf), f) != NULL) {
2241	struct krb5_dh_moduli *element;
2242
2243	buf[strcspn(buf, "\n")] = '\0';
2244	lineno++;
2245
2246	m2 = realloc(m, (n + 2) * sizeof(m[0]));
2247	if (m2 == NULL) {
2248	_krb5_free_moduli(m);
2249	krb5_set_error_message(context, ENOMEM,
2250	N_("malloc: out of memory", ""));
2251	return ENOMEM;
2252	}
2253	m = m2;
2254
2255	m[n] = NULL;
2256
2257	ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element);
2258	if (ret) {
2259	_krb5_free_moduli(m);
2260	return ret;
2261	}
2262	if (element == NULL)
2263	continue;
2264
2265	m[n] = element;
2266	m[n + 1] = NULL;
2267	n++;
2268	}
2269	*moduli = m;
2270	return 0;
2271	}
2272
2273	krb5_error_code
2274	_krb5_dh_group_ok(krb5_context context, unsigned long bits,
2275	heim_integer p, heim_integer g, heim_integer *q,
2276	struct krb5_dh_moduli **moduli,
2277	char **name)
2278	{
2279	int i;
2280
2281	if (name)
2282	*name = NULL;
2283
2284	for (i = 0; moduli[i] != NULL; i++) {
2285	if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
2286	der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
2287	(q == NULL \|\| der_heim_integer_cmp(&moduli[i]->q, q) == 0))
2288	{
2289	if (bits && bits > moduli[i]->bits) {
2290	krb5_set_error_message(context,
2291	KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,
2292	N_("PKINIT: DH group parameter %s "
2293	"no accepted, not enough bits "
2294	"generated", ""),
2295	moduli[i]->name);
2296	return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
2297	}
2298	if (name)
2299	*name = strdup(moduli[i]->name);
2300	return 0;
2301	}
2302	}
2303	krb5_set_error_message(context,
2304	KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,
2305	N_("PKINIT: DH group parameter no ok", ""));
2306	return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
2307	}
2308	#endif /* PKINIT */
2309
2310	KRB5_LIB_FUNCTION void KRB5_LIB_CALL
2311	_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
2312	{
2313	#ifdef PKINIT
2314	krb5_pk_init_ctx ctx;
2315
2316	if (opt->opt_private == NULL \|\| opt->opt_private->pk_init_ctx == NULL)
2317	return;
2318	ctx = opt->opt_private->pk_init_ctx;
2319	switch (ctx->keyex) {
2320	case USE_DH:
2321	if (ctx->u.dh)
2322	DH_free(ctx->u.dh);
2323	break;
2324	case USE_RSA:
2325	break;
2326	case USE_ECDH:
2327	#ifdef HAVE_OPENSSL
2328	if (ctx->u.eckey)
2329	EC_KEY_free(ctx->u.eckey);
2330	#endif
2331	break;
2332	}
2333	if (ctx->id) {
2334	hx509_verify_destroy_ctx(ctx->id->verify_ctx);
2335	hx509_certs_free(&ctx->id->certs);
2336	hx509_cert_free(ctx->id->cert);
2337	hx509_certs_free(&ctx->id->anchors);
2338	hx509_certs_free(&ctx->id->certpool);
2339
2340	if (ctx->clientDHNonce) {
2341	krb5_free_data(NULL, ctx->clientDHNonce);
2342	ctx->clientDHNonce = NULL;
2343	}
2344	if (ctx->m)
2345	_krb5_free_moduli(ctx->m);
2346	free(ctx->id);
2347	ctx->id = NULL;
2348	}
2349	free(opt->opt_private->pk_init_ctx);
2350	opt->opt_private->pk_init_ctx = NULL;
2351	#endif
2352	}
2353
2354	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
2355	krb5_get_init_creds_opt_set_pkinit(krb5_context context,
2356	krb5_get_init_creds_opt *opt,
2357	krb5_principal principal,
2358	const char *user_id,
2359	const char *x509_anchors,
2360	char * const * pool,
2361	char * const * pki_revoke,
2362	int flags,
2363	krb5_prompter_fct prompter,
2364	void *prompter_data,
2365	char *password)
2366	{
2367	#ifdef PKINIT
2368	krb5_error_code ret;
2369	char *anchors = NULL;
2370
2371	if (opt->opt_private == NULL) {
2372	krb5_set_error_message(context, EINVAL,
2373	N_("PKINIT: on non extendable opt", ""));
2374	return EINVAL;
2375	}
2376
2377	opt->opt_private->pk_init_ctx =
2378	calloc(1, sizeof(*opt->opt_private->pk_init_ctx));
2379	if (opt->opt_private->pk_init_ctx == NULL) {
2380	krb5_set_error_message(context, ENOMEM,
2381	N_("malloc: out of memory", ""));
2382	return ENOMEM;
2383	}
2384	opt->opt_private->pk_init_ctx->require_binding = 0;
2385	opt->opt_private->pk_init_ctx->require_eku = 1;
2386	opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1;
2387	opt->opt_private->pk_init_ctx->peer = NULL;
2388
2389	/* XXX implement krb5_appdefault_strings */
2390	if (pool == NULL)
2391	pool = krb5_config_get_strings(context, NULL,
2392	"appdefaults",
2393	"pkinit_pool",
2394	NULL);
2395
2396	if (pki_revoke == NULL)
2397	pki_revoke = krb5_config_get_strings(context, NULL,
2398	"appdefaults",
2399	"pkinit_revoke",
2400	NULL);
2401
2402	if (x509_anchors == NULL) {
2403	krb5_appdefault_string(context, "kinit",
2404	krb5_principal_get_realm(context, principal),
2405	"pkinit_anchors", NULL, &anchors);
2406	x509_anchors = anchors;
2407	}
2408
2409	if (flags & 4)
2410	opt->opt_private->pk_init_ctx->anonymous = 1;
2411
2412	ret = _krb5_pk_load_id(context,
2413	&opt->opt_private->pk_init_ctx->id,
2414	user_id,
2415	x509_anchors,
2416	pool,
2417	pki_revoke,
2418	prompter,
2419	prompter_data,
2420	password);
2421	if (ret) {
2422	free(opt->opt_private->pk_init_ctx);
2423	opt->opt_private->pk_init_ctx = NULL;
2424	return ret;
2425	}
2426
2427	if (opt->opt_private->pk_init_ctx->id->certs) {
2428	_krb5_pk_set_user_id(context,
2429	principal,
2430	opt->opt_private->pk_init_ctx,
2431	opt->opt_private->pk_init_ctx->id->certs);
2432	} else
2433	opt->opt_private->pk_init_ctx->id->cert = NULL;
2434
2435	if ((flags & 2) == 0) {
2436	hx509_context hx509ctx = context->hx509ctx;
2437	hx509_cert cert = opt->opt_private->pk_init_ctx->id->cert;
2438
2439	opt->opt_private->pk_init_ctx->keyex = USE_DH;
2440
2441	/*
2442	* If its a ECDSA certs, lets select ECDSA as the keyex algorithm.
2443	*/
2444	if (cert) {
2445	AlgorithmIdentifier alg;
2446
2447	ret = hx509_cert_get_SPKI_AlgorithmIdentifier(hx509ctx, cert, &alg);
2448	if (ret == 0) {
2449	if (der_heim_oid_cmp(&alg.algorithm, &asn1_oid_id_ecPublicKey) == 0)
2450	opt->opt_private->pk_init_ctx->keyex = USE_ECDH;
2451	free_AlgorithmIdentifier(&alg);
2452	}
2453	}
2454
2455	} else {
2456	opt->opt_private->pk_init_ctx->keyex = USE_RSA;
2457
2458	if (opt->opt_private->pk_init_ctx->id->certs == NULL) {
2459	krb5_set_error_message(context, EINVAL,
2460	N_("No anonymous pkinit support in RSA mode", ""));
2461	return EINVAL;
2462	}
2463	}
2464
2465	return 0;
2466	#else
2467	krb5_set_error_message(context, EINVAL,
2468	N_("no support for PKINIT compiled in", ""));
2469	return EINVAL;
2470	#endif
2471	}
2472
2473	krb5_error_code KRB5_LIB_FUNCTION
2474	krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
2475	krb5_get_init_creds_opt *opt,
2476	struct hx509_certs_data *certs)
2477	{
2478	#ifdef PKINIT
2479	if (opt->opt_private == NULL) {
2480	krb5_set_error_message(context, EINVAL,
2481	N_("PKINIT: on non extendable opt", ""));
2482	return EINVAL;
2483	}
2484	if (opt->opt_private->pk_init_ctx == NULL) {
2485	krb5_set_error_message(context, EINVAL,
2486	N_("PKINIT: on pkinit context", ""));
2487	return EINVAL;
2488	}
2489
2490	_krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs);
2491
2492	return 0;
2493	#else
2494	krb5_set_error_message(context, EINVAL,
2495	N_("no support for PKINIT compiled in", ""));
2496	return EINVAL;
2497	#endif
2498	}
2499
2500	#ifdef PKINIT
2501
2502	static int
2503	get_ms_san(hx509_context context, hx509_cert cert, char **upn)
2504	{
2505	hx509_octet_string_list list;
2506	int ret;
2507
2508	*upn = NULL;
2509
2510	ret = hx509_cert_find_subjectAltName_otherName(context,
2511	cert,
2512	&asn1_oid_id_pkinit_ms_san,
2513	&list);
2514	if (ret)
2515	return 0;
2516
2517	if (list.len > 0 && list.val[0].length > 0)
2518	ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length,
2519	upn, NULL);
2520	else
2521	ret = 1;
2522	hx509_free_octet_string_list(&list);
2523
2524	return ret;
2525	}
2526
2527	static int
2528	find_ms_san(hx509_context context, hx509_cert cert, void *ctx)
2529	{
2530	char *upn;
2531	int ret;
2532
2533	ret = get_ms_san(context, cert, &upn);
2534	if (ret == 0)
2535	free(upn);
2536	return ret;
2537	}
2538
2539
2540
2541	#endif
2542
2543	/*
2544	* Private since it need to be redesigned using krb5_get_init_creds()
2545	*/
2546
2547	KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
2548	krb5_pk_enterprise_cert(krb5_context context,
2549	const char *user_id,
2550	krb5_const_realm realm,
2551	krb5_principal *principal,
2552	struct hx509_certs_data **res)
2553	{
2554	#ifdef PKINIT
2555	krb5_error_code ret;
2556	hx509_certs certs, result;
2557	hx509_cert cert = NULL;
2558	hx509_query *q;
2559	char *name;
2560
2561	*principal = NULL;
2562	if (res)
2563	*res = NULL;
2564
2565	if (user_id == NULL) {
2566	krb5_set_error_message(context, ENOENT, "no user id");
2567	return ENOENT;
2568	}
2569
2570	ret = hx509_certs_init(context->hx509ctx, user_id, 0, NULL, &certs);
2571	if (ret) {
2572	pk_copy_error(context, context->hx509ctx, ret,
2573	"Failed to init cert certs");
2574	goto out;
2575	}
2576
2577	ret = hx509_query_alloc(context->hx509ctx, &q);
2578	if (ret) {
2579	krb5_set_error_message(context, ret, "out of memory");
2580	hx509_certs_free(&certs);
2581	goto out;
2582	}
2583
2584	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
2585	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
2586	hx509_query_match_eku(q, &asn1_oid_id_pkinit_ms_eku);
2587	hx509_query_match_cmp_func(q, find_ms_san, NULL);
2588
2589	ret = hx509_certs_filter(context->hx509ctx, certs, q, &result);
2590	hx509_query_free(context->hx509ctx, q);
2591	hx509_certs_free(&certs);
2592	if (ret) {
2593	pk_copy_error(context, context->hx509ctx, ret,
2594	"Failed to find PKINIT certificate");
2595	return ret;
2596	}
2597
2598	ret = hx509_get_one_cert(context->hx509ctx, result, &cert);
2599	hx509_certs_free(&result);
2600	if (ret) {
2601	pk_copy_error(context, context->hx509ctx, ret,
2602	"Failed to get one cert");
2603	goto out;
2604	}
2605
2606	ret = get_ms_san(context->hx509ctx, cert, &name);
2607	if (ret) {
2608	pk_copy_error(context, context->hx509ctx, ret,
2609	"Failed to get MS SAN");
2610	goto out;
2611	}
2612
2613	ret = krb5_make_principal(context, principal, realm, name, NULL);
2614	free(name);
2615	if (ret)
2616	goto out;
2617
2618	krb5_principal_set_type(context, *principal, KRB5_NT_ENTERPRISE_PRINCIPAL);
2619
2620	if (res) {
2621	ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res);
2622	if (ret)
2623	goto out;
2624
2625	ret = hx509_certs_add(context->hx509ctx, *res, cert);
2626	if (ret) {
2627	hx509_certs_free(res);
2628	goto out;
2629	}
2630	}
2631
2632	out:
2633	hx509_cert_free(cert);
2634
2635	return ret;
2636	#else
2637	krb5_set_error_message(context, EINVAL,
2638	N_("no support for PKINIT compiled in", ""));
2639	return EINVAL;
2640	#endif
2641	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: heimdal/vendor/current/lib/krb5/pkinit.c

Download in other formats: