2 Copyright (c) 2004-2006 The Regents of the University of Michigan.
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions
9 1. Redistributions of source code must retain the above copyright
10 notice, this list of conditions and the following disclaimer.
11 2. Redistributions in binary form must reproduce the above copyright
12 notice, this list of conditions and the following disclaimer in the
13 documentation and/or other materials provided with the distribution.
14 3. Neither the name of the University nor the names of its
15 contributors may be used to endorse or promote products derived
16 from this software without specific prior written permission.
18 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
25 BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #ifndef HAVE_LUCID_CONTEXT_SUPPORT
40 #include <gssapi/gssapi.h>
44 # include "lgss_utils.h"
45 # include "write_bytes.h"
47 # include "gss_util.h"
48 # include "gss_oids.h"
49 # include "err_util.h"
55 #if (KRB5_VERSION > 131)
56 /* XXX argggg, there's gotta be a better way than just duplicating this
57 * whole struct. Unfortunately, this is in a "private" header file,
58 * so this is our best choice at this point :-/
61 typedef struct _krb5_gss_ctx_id_rec {
62 unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */
63 unsigned int established : 1;
64 unsigned int big_endian : 1;
65 unsigned int have_acceptor_subkey : 1;
66 unsigned int seed_init : 1; /* XXX tested but never actually set */
68 unsigned int testing_unknown_tokid : 1; /* for testing only */
71 unsigned char seed[16];
74 krb5_keyblock *subkey;
80 krb5_timestamp endtime;
82 /* XXX these used to be signed. the old spec is inspecific, and
83 the new spec specifies unsigned. I don't believe that the change
84 affects the wire encoding. */
85 uint64_t seq_send; /* gssint_uint64 */
86 uint64_t seq_recv; /* gssint_uint64 */
88 krb5_auth_context auth_context;
89 gss_OID_desc *mech_used; /* gss_OID_desc */
90 /* Protocol spec revision
91 0 => RFC 1964 with 3DES and RC4 enhancements
92 1 => draft-ietf-krb-wg-gssapi-cfx-01
93 No others defined so far. */
95 krb5_cksumtype cksumtype; /* for "main" subkey */
96 krb5_keyblock *acceptor_subkey; /* CFX only */
97 krb5_cksumtype acceptor_subkey_cksumtype;
99 gss_buffer_desc init_token;
101 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
103 #else /* KRB5_VERSION > 131 */
105 typedef struct _krb5_gss_ctx_id_rec {
109 unsigned char seed[16];
111 krb5_principal there;
112 krb5_keyblock *subkey;
118 krb5_timestamp endtime;
119 krb5_flags krb_flags;
125 krb5_auth_context auth_context;
126 gss_OID_desc *mech_used;
128 krb5_cksumtype *ctypes;
129 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
131 #endif /* KRB5_VERSION */
135 write_keyblock(char **p, char *end, struct _krb5_keyblock *arg)
139 if (WRITE_BYTES(p, end, arg->enctype)) return -1;
140 tmp.length = arg->length;
141 tmp.value = arg->contents;
142 if (write_buffer(p, end, &tmp)) return -1;
147 * XXX Hack alert! XXX Do NOT submit upstream!
148 * XXX Hack alert! XXX Do NOT submit upstream!
150 * We shouldn't be using these definitions
152 * XXX Hack alert! XXX Do NOT submit upstream!
153 * XXX Hack alert! XXX Do NOT submit upstream!
156 #define KG_USAGE_SEAL 22
157 #define KG_USAGE_SIGN 23
158 #define KG_USAGE_SEQ 24
161 #define KG_USAGE_ACCEPTOR_SEAL 22
162 #define KG_USAGE_ACCEPTOR_SIGN 23
163 #define KG_USAGE_INITIATOR_SEAL 24
164 #define KG_USAGE_INITIATOR_SIGN 25
166 /* Lifted from mit src/lib/gssapi/krb5/gssapiP_krb5.h */
168 SEAL_ALG_NONE = 0xffff,
169 SEAL_ALG_DES = 0x0000,
170 SEAL_ALG_1 = 0x0001, /* not published */
171 SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */
172 SEAL_ALG_DES3KD = 0x0002
175 #define KEY_USAGE_SEED_ENCRYPTION 0xAA
176 #define KEY_USAGE_SEED_INTEGRITY 0x55
177 #define KEY_USAGE_SEED_CHECKSUM 0x99
180 extern void krb5_enc_des3;
181 extern void krb5int_enc_des3;
182 extern void krb5int_enc_arcfour;
183 extern void krb5int_enc_aes128;
184 extern void krb5int_enc_aes256;
185 extern int krb5_derive_key();
188 * XXX Hack alert! XXX Do NOT submit upstream!
189 * XXX Hack alert! XXX Do NOT submit upstream!
191 * We should be passing down a single key to the kernel
192 * and it should be deriving the other keys. We cannot
193 * depend on any of this stuff being accessible in the
196 * XXX Hack alert! XXX Do NOT submit upstream!
197 * XXX Hack alert! XXX Do NOT submit upstream!
200 * Function to derive a new key from a given key and given constant data.
202 static krb5_error_code
203 derive_key(const krb5_keyblock *in, krb5_keyblock *out, int usage, char extra)
205 krb5_error_code code;
206 unsigned char constant_data[K5CLENGTH];
211 switch (in->enctype) {
212 #ifdef ENCTYPE_DES3_CBC_RAW
213 case ENCTYPE_DES3_CBC_RAW:
215 /* Extra hack, the structure was renamed as rc4 was added... */
216 #if defined(ENCTYPE_ARCFOUR_HMAC)
217 enc = &krb5int_enc_des3;
219 enc = &krb5_enc_des3;
223 #ifdef ENCTYPE_ARCFOUR_HMAC
224 case ENCTYPE_ARCFOUR_HMAC:
226 enc = &krb5int_enc_arcfour;
230 code = KRB5_BAD_ENCTYPE;
234 /* allocate memory for output key */
235 if ((out->contents = malloc(keylength)) == NULL) {
239 out->length = keylength;
240 out->enctype = in->enctype;
242 datain.data = (char *) constant_data;
243 datain.length = K5CLENGTH;
245 datain.data[0] = (usage>>24)&0xff;
246 datain.data[1] = (usage>>16)&0xff;
247 datain.data[2] = (usage>>8)&0xff;
248 datain.data[3] = usage&0xff;
250 datain.data[4] = (char) extra;
252 if ((code = krb5_derive_key(enc, in, out, &datain))) {
254 out->contents = NULL;
259 printerr(0, "ERROR: derive_key returning error %d (%s)\n",
260 code, error_message(code));
265 * We really shouldn't know about glue-layer context structure, but
266 * we need to get at the real krb5 context pointer. This should be
267 * removed as soon as we say there is no support for MIT Kerberos
268 * prior to 1.4 -- which gives us "legal" access to the context info.
270 typedef struct gss_union_ctx_id_t {
272 gss_ctx_id_t internal_ctx_id;
273 } gss_union_ctx_id_desc, *gss_union_ctx_id_t;
276 serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf)
278 krb5_gss_ctx_id_t kctx = ((gss_union_ctx_id_t)ctx)->internal_ctx_id;
280 static int constant_zero = 0;
281 static int constant_one = 1;
282 static int constant_two = 2;
283 uint32_t word_seq_send;
284 u_int64_t seq_send_64bit;
285 uint32_t v2_flags = 0;
286 krb5_keyblock derived_key;
289 if (!(buf->value = calloc(1, MAX_CTX_LEN)))
292 end = buf->value + MAX_CTX_LEN;
294 switch (kctx->sealalg) {
296 /* Old format of context to the kernel */
297 if (kctx->initiate) {
298 if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
301 if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
303 if (kctx->seed_init) {
304 if (WRITE_BYTES(&p, end, constant_one)) goto out_err;
307 if (WRITE_BYTES(&p, end, constant_zero)) goto out_err;
309 if (write_bytes(&p, end, &kctx->seed, sizeof(kctx->seed)))
311 if (WRITE_BYTES(&p, end, kctx->signalg)) goto out_err;
312 if (WRITE_BYTES(&p, end, kctx->sealalg)) goto out_err;
313 if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
314 word_seq_send = kctx->seq_send;
315 if (WRITE_BYTES(&p, end, word_seq_send)) goto out_err;
316 if (write_oid(&p, end, kctx->mech_used)) goto out_err;
318 printerr(2, "serialize_krb5_ctx: serializing keys with "
319 "enctype %d and length %d\n",
320 kctx->enc->enctype, kctx->enc->length);
322 if (write_keyblock(&p, end, kctx->enc)) goto out_err;
323 if (write_keyblock(&p, end, kctx->seq)) goto out_err;
325 case SEAL_ALG_MICROSOFT_RC4:
326 case SEAL_ALG_DES3KD:
327 /* New format of context to the kernel */
330 * #define KRB5_CTX_FLAG_INITIATOR 0x00000001
331 * #define KRB5_CTX_FLAG_CFX 0x00000002
332 * #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
335 * u32 size_of_each_key; ( size in bytes )
336 * u32 number_of_keys; ( N (assumed to be 3 for now) )
337 * keydata-1; ( Ke (Kenc for DES3) )
338 * keydata-2; ( Ki (Kseq for DES3) )
339 * keydata-3; ( Kc (derived checksum key) )
341 if (WRITE_BYTES(&p, end, constant_two)) goto out_err;
342 if (WRITE_BYTES(&p, end, kctx->endtime)) goto out_err;
344 /* Only applicable flag for this is initiator */
345 if (kctx->initiate) v2_flags |= KRB5_CTX_FLAG_INITIATOR;
346 if (WRITE_BYTES(&p, end, v2_flags)) goto out_err;
348 seq_send_64bit = kctx->seq_send;
349 if (WRITE_BYTES(&p, end, seq_send_64bit)) goto out_err;
351 if (WRITE_BYTES(&p, end, kctx->enc->enctype)) goto out_err;
352 if (WRITE_BYTES(&p, end, kctx->enc->length)) goto out_err;
354 if (WRITE_BYTES(&p, end, numkeys)) goto out_err;
355 printerr(2, "serialize_krb5_ctx: serializing %d keys with "
356 "enctype %d and size %d\n",
357 numkeys, kctx->enc->enctype, kctx->enc->length);
360 if (write_bytes(&p, end, kctx->enc->contents,
365 if (write_bytes(&p, end, kctx->enc->contents,
370 if (derive_key(kctx->seq, &derived_key,
371 KG_USAGE_SIGN, KEY_USAGE_SEED_CHECKSUM))
373 if (write_bytes(&p, end, derived_key.contents,
376 free(derived_key.contents);
379 printerr(0, "ERROR: serialize_krb5_ctx: unsupported seal "
380 "algorithm %d\n", kctx->sealalg);
384 buf->length = p - (char *)buf->value;
388 printerr(0, "ERROR: failed serializing krb5 context for kernel\n");
397 #endif /* HAVE_KRB5 */
398 #endif /* HAVE_LUCID_CONTEXT_SUPPORT */