2 * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 RCSID("$Id: pkinit.c,v 1.72 2006/10/24 17:51:33 lha Exp $");
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
43 #include <pkinit_asn1.h>
46 #include "crypto-headers.h"
48 /* XXX copied from lib/krb5/pkinit.c */
49 struct krb5_pk_identity {
50 hx509_context hx509ctx;
51 hx509_verify_ctx verify_ctx;
55 hx509_revoke_ctx revoke;
59 PKINIT_COMPAT_WIN2K = 1,
63 struct pk_client_params {
64 enum pkinit_type type;
65 BIGNUM *dh_public_key;
69 EncryptionKey reply_key;
73 struct pk_principal_mapping {
75 struct pk_allowed_princ {
76 krb5_principal principal;
81 static struct krb5_pk_identity *kdc_identity;
82 static struct pk_principal_mapping principal_mappings;
83 static struct krb5_dh_moduli **moduli;
95 static krb5_error_code
96 pk_check_pkauthenticator_win2k(krb5_context context,
97 PKAuthenticator_Win2k *a,
102 krb5_timeofday (context, &now);
105 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
106 krb5_clear_error_string(context);
107 return KRB5KRB_AP_ERR_SKEW;
112 static krb5_error_code
113 pk_check_pkauthenticator(krb5_context context,
124 krb5_timeofday (context, &now);
127 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
128 krb5_clear_error_string(context);
129 return KRB5KRB_AP_ERR_SKEW;
132 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
134 krb5_clear_error_string(context);
138 krb5_abortx(context, "Internal error in ASN.1 encoder");
140 ret = krb5_create_checksum(context,
149 krb5_clear_error_string(context);
153 if (a->paChecksum == NULL) {
154 krb5_clear_error_string(context);
155 ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
159 if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
160 krb5_clear_error_string(context);
161 ret = KRB5KRB_ERR_GENERIC;
165 free_Checksum(&checksum);
171 _kdc_pk_free_client_param(krb5_context context,
172 pk_client_params *client_params)
174 if (client_params->cert)
175 hx509_cert_free(client_params->cert);
176 if (client_params->dh)
177 DH_free(client_params->dh);
178 if (client_params->dh_public_key)
179 BN_free(client_params->dh_public_key);
180 krb5_free_keyblock_contents(context, &client_params->reply_key);
181 if (client_params->dh_group_name)
182 free(client_params->dh_group_name);
183 memset(client_params, 0, sizeof(*client_params));
187 static krb5_error_code
188 generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
189 krb5_enctype enctype, krb5_keyblock *reply_key)
191 unsigned char *dh_gen_key = NULL;
194 size_t dh_gen_keylen, size;
196 memset(&key, 0, sizeof(key));
198 if (!DH_generate_key(client_params->dh)) {
199 krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
200 ret = KRB5KRB_ERR_GENERIC;
203 if (client_params->dh_public_key == NULL) {
204 krb5_set_error_string(context, "dh_public_key");
205 ret = KRB5KRB_ERR_GENERIC;
209 dh_gen_keylen = DH_size(client_params->dh);
210 size = BN_num_bytes(client_params->dh->p);
211 if (size < dh_gen_keylen)
212 size = dh_gen_keylen;
214 dh_gen_key = malloc(size);
215 if (dh_gen_key == NULL) {
216 krb5_set_error_string(context, "malloc: out of memory");
220 memset(dh_gen_key, 0, size - dh_gen_keylen);
222 dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
223 client_params->dh_public_key,
225 if (dh_gen_keylen == -1) {
226 krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
227 ret = KRB5KRB_ERR_GENERIC;
231 ret = _krb5_pk_octetstring2key(context,
233 dh_gen_key, dh_gen_keylen,
240 if (key.keyvalue.data)
241 krb5_free_keyblock_contents(context, &key);
247 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
251 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
253 krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
256 BN_set_negative(bn, f->negative);
260 static krb5_error_code
261 get_dh_param(krb5_context context,
262 krb5_kdc_configuration *config,
263 SubjectPublicKeyInfo *dh_key_info,
264 pk_client_params *client_params)
266 DomainParameters dhparam;
270 memset(&dhparam, 0, sizeof(dhparam));
272 if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
273 krb5_set_error_string(context,
274 "PKINIT invalid oid in clientPublicValue");
275 return KRB5_BADMSGTYPE;
278 if (dh_key_info->algorithm.parameters == NULL) {
279 krb5_set_error_string(context, "PKINIT missing algorithm parameter "
280 "in clientPublicValue");
281 return KRB5_BADMSGTYPE;
284 ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
285 dh_key_info->algorithm.parameters->length,
289 krb5_set_error_string(context, "Can't decode algorithm "
290 "parameters in clientPublicValue");
294 if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
295 ret = KRB5_BADMSGTYPE;
296 krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
297 "to 8 bit boundary");
302 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
303 &dhparam.p, &dhparam.g, &dhparam.q, moduli,
304 &client_params->dh_group_name);
310 krb5_set_error_string(context, "Cannot create DH structure");
314 ret = KRB5_BADMSGTYPE;
315 dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
318 dh->g = integer_to_BN(context, "DH base", &dhparam.g);
321 dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
329 ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
330 dh_key_info->subjectPublicKey.length / 8,
334 krb5_clear_error_string(context);
338 client_params->dh_public_key = integer_to_BN(context,
341 der_free_heim_integer(&glue);
342 if (client_params->dh_public_key == NULL)
346 client_params->dh = dh;
353 free_DomainParameters(&dhparam);
359 * XXX We only need this function if there are several certs for the
360 * KDC to choose from, and right now, we can't handle that so punt for
363 * If client has sent a list of CA's trusted by him, make sure our
369 verify_trusted_ca(PA_PK_AS_REQ_19 *r)
372 if (r.trustedCertifiers != NULL) {
373 X509_NAME *kdc_issuer;
376 kdc_cert = sk_X509_value(kdc_identity->cert, 0);
377 kdc_issuer = X509_get_issuer_name(kdc_cert);
379 /* XXX will work for heirarchical CA's ? */
380 /* XXX also serial_number should be compared */
382 ret = KRB5_KDC_ERR_KDC_NOT_TRUSTED;
383 for (i = 0; i < r.trustedCertifiers->len; i++) {
384 TrustedCA_19 *ca = &r.trustedCertifiers->val[i];
386 switch (ca->element) {
387 case choice_TrustedCA_19_caName: {
391 p = ca->u.caName.data;
392 name = d2i_X509_NAME(NULL, &p, ca->u.caName.length);
393 if (name == NULL) /* XXX should this be a failure instead ? */
395 if (X509_NAME_cmp(name, kdc_issuer) == 0)
397 X509_NAME_free(name);
400 case choice_TrustedCA_19_issuerAndSerial:
401 /* IssuerAndSerialNumber issuerAndSerial */
416 _kdc_pk_rd_padata(krb5_context context,
417 krb5_kdc_configuration *config,
420 pk_client_params **ret_params)
422 pk_client_params *client_params;
424 heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
425 krb5_data eContent = { 0, NULL };
426 krb5_data signed_content = { 0, NULL };
427 const char *type = "unknown type";
428 const heim_oid *pa_contentType;
433 if (!config->enable_pkinit) {
434 krb5_clear_error_string(context);
438 client_params = calloc(1, sizeof(*client_params));
439 if (client_params == NULL) {
440 krb5_clear_error_string(context);
445 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
446 PA_PK_AS_REQ_Win2k r;
448 type = "PK-INIT-Win2k";
449 pa_contentType = oid_id_pkcs7_data();
451 ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
452 pa->padata_value.length,
456 krb5_set_error_string(context, "Can't decode "
457 "PK-AS-REQ-Win2k: %d", ret);
461 ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
465 free_PA_PK_AS_REQ_Win2k(&r);
467 krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
471 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
474 type = "PK-INIT-IETF";
475 pa_contentType = oid_id_pkauthdata();
477 ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
478 pa->padata_value.length,
482 krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
486 /* XXX look at r.trustedCertifiers and r.kdcPkId */
488 ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
492 free_PA_PK_AS_REQ(&r);
494 krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
499 krb5_clear_error_string(context);
500 ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
504 ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
506 krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
508 ret = KRB5KRB_ERR_GENERIC;
513 krb5_set_error_string(context,
514 "PK-AS-REQ-Win2k no signed auth pack");
515 ret = KRB5KRB_ERR_GENERIC;
520 hx509_certs signer_certs;
522 ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
523 kdc_identity->verify_ctx,
525 signed_content.length,
526 kdc_identity->certpool,
531 kdc_log(context, config, 0,
532 "PK-INIT failed to verify signature %d", ret);
536 ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
537 &client_params->cert);
538 hx509_certs_free(&signer_certs);
543 /* Signature is correct, now verify the signed message */
544 if (der_heim_oid_cmp(&eContentType, pa_contentType)) {
545 krb5_set_error_string(context, "got wrong oid for pkauthdata");
546 ret = KRB5_BADMSGTYPE;
550 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
553 ret = decode_AuthPack_Win2k(eContent.data,
558 krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
562 ret = pk_check_pkauthenticator_win2k(context,
566 free_AuthPack_Win2k(&ap);
570 client_params->type = PKINIT_COMPAT_WIN2K;
571 client_params->nonce = ap.pkAuthenticator.nonce;
573 if (ap.clientPublicValue) {
574 krb5_set_error_string(context, "DH not supported for windows");
575 ret = KRB5KRB_ERR_GENERIC;
578 free_AuthPack_Win2k(&ap);
580 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
583 ret = decode_AuthPack(eContent.data,
588 krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
593 ret = pk_check_pkauthenticator(context,
601 client_params->type = PKINIT_COMPAT_27;
602 client_params->nonce = ap.pkAuthenticator.nonce;
604 if (ap.clientPublicValue) {
605 ret = get_dh_param(context, config,
606 ap.clientPublicValue, client_params);
614 krb5_abortx(context, "internal pkinit error");
616 kdc_log(context, config, 0, "PK-INIT request of type %s", type);
620 if (signed_content.data)
621 free(signed_content.data);
622 krb5_data_free(&eContent);
623 der_free_oid(&eContentType);
624 der_free_oid(&contentInfoOid);
626 _kdc_pk_free_client_param(context, client_params);
628 *ret_params = client_params;
636 static krb5_error_code
637 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
639 integer->length = BN_num_bytes(bn);
640 integer->data = malloc(integer->length);
641 if (integer->data == NULL) {
642 krb5_clear_error_string(context);
645 BN_bn2bin(bn, integer->data);
646 integer->negative = BN_is_negative(bn);
650 static krb5_error_code
651 pk_mk_pa_reply_enckey(krb5_context context,
652 pk_client_params *client_params,
654 const krb5_data *req_buffer,
655 krb5_keyblock *reply_key,
656 ContentInfo *content_info)
659 krb5_data buf, signed_data;
662 krb5_data_zero(&buf);
663 krb5_data_zero(&signed_data);
665 switch (client_params->type) {
666 case PKINIT_COMPAT_WIN2K: {
667 ReplyKeyPack_Win2k kp;
668 memset(&kp, 0, sizeof(kp));
670 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
672 krb5_clear_error_string(context);
675 kp.nonce = client_params->nonce;
677 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
678 buf.data, buf.length,
680 free_ReplyKeyPack_Win2k(&kp);
683 case PKINIT_COMPAT_27: {
684 krb5_crypto ascrypto;
686 memset(&kp, 0, sizeof(kp));
688 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
690 krb5_clear_error_string(context);
694 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
696 krb5_clear_error_string(context);
700 ret = krb5_create_checksum(context, ascrypto, 6, 0,
701 req_buffer->data, req_buffer->length,
704 krb5_clear_error_string(context);
708 ret = krb5_crypto_destroy(context, ascrypto);
710 krb5_clear_error_string(context);
713 ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
714 free_ReplyKeyPack(&kp);
718 krb5_abortx(context, "internal pkinit error");
721 krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack "
725 if (buf.length != size)
726 krb5_abortx(context, "Internal ASN.1 encoder error");
732 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
736 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
737 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
739 ret = hx509_certs_find(kdc_identity->hx509ctx,
743 hx509_query_free(kdc_identity->hx509ctx, q);
747 ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
753 kdc_identity->anchors,
754 kdc_identity->certpool,
756 hx509_cert_free(cert);
759 krb5_data_free(&buf);
763 ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
765 signed_data.data, signed_data.length, NULL,
766 oid_id_pkcs7_signedData(), &buf);
770 ret = _krb5_pk_mk_ContentInfo(context,
772 oid_id_pkcs7_envelopedData(),
775 krb5_data_free(&buf);
776 krb5_data_free(&signed_data);
784 static krb5_error_code
785 pk_mk_pa_reply_dh(krb5_context context,
787 pk_client_params *client_params,
788 krb5_keyblock *reply_key,
789 ContentInfo *content_info,
790 hx509_cert *kdc_cert)
792 KDCDHKeyInfo dh_info;
793 krb5_data signed_data, buf;
794 ContentInfo contentinfo;
799 memset(&contentinfo, 0, sizeof(contentinfo));
800 memset(&dh_info, 0, sizeof(dh_info));
801 krb5_data_zero(&buf);
802 krb5_data_zero(&signed_data);
806 ret = BN_to_integer(context, kdc_dh->pub_key, &i);
810 ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
812 krb5_set_error_string(context, "ASN.1 encoding of "
813 "DHPublicKey failed (%d)", ret);
814 krb5_clear_error_string(context);
817 if (buf.length != size)
818 krb5_abortx(context, "Internal ASN.1 encoder error");
820 dh_info.subjectPublicKey.length = buf.length * 8;
821 dh_info.subjectPublicKey.data = buf.data;
823 dh_info.nonce = client_params->nonce;
825 ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
828 krb5_set_error_string(context, "ASN.1 encoding of "
829 "KdcDHKeyInfo failed (%d)", ret);
832 if (buf.length != size)
833 krb5_abortx(context, "Internal ASN.1 encoder error");
836 * Create the SignedData structure and sign the KdcDHKeyInfo
844 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
848 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
849 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
851 ret = hx509_certs_find(kdc_identity->hx509ctx,
855 hx509_query_free(kdc_identity->hx509ctx, q);
859 ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
860 oid_id_pkdhkeydata(),
865 kdc_identity->anchors,
866 kdc_identity->certpool,
873 ret = _krb5_pk_mk_ContentInfo(context,
875 oid_id_pkcs7_signedData(),
881 if (ret && *kdc_cert) {
882 hx509_cert_free(*kdc_cert);
886 krb5_data_free(&buf);
887 krb5_data_free(&signed_data);
888 free_KDCDHKeyInfo(&dh_info);
898 _kdc_pk_mk_pa_reply(krb5_context context,
899 krb5_kdc_configuration *config,
900 pk_client_params *client_params,
901 const hdb_entry_ex *client,
903 const krb5_data *req_buffer,
904 krb5_keyblock **reply_key,
910 krb5_enctype enctype;
912 hx509_cert kdc_cert = NULL;
915 if (!config->enable_pkinit) {
916 krb5_clear_error_string(context);
920 if (req->req_body.etype.len > 0) {
921 for (i = 0; i < req->req_body.etype.len; i++)
922 if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
924 if (req->req_body.etype.len <= i) {
925 ret = KRB5KRB_ERR_GENERIC;
926 krb5_set_error_string(context,
927 "No valid enctype available from client");
930 enctype = req->req_body.etype.val[i];
932 enctype = ETYPE_DES3_CBC_SHA1;
934 if (client_params->type == PKINIT_COMPAT_27) {
936 const char *type, *other = "";
938 memset(&rep, 0, sizeof(rep));
940 pa_type = KRB5_PADATA_PK_AS_REP;
942 if (client_params->dh == NULL) {
947 rep.element = choice_PA_PK_AS_REP_encKeyPack;
949 krb5_generate_random_keyblock(context, enctype,
950 &client_params->reply_key);
951 ret = pk_mk_pa_reply_enckey(context,
955 &client_params->reply_key,
958 free_PA_PK_AS_REP(&rep);
961 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
962 rep.u.encKeyPack.length, &info, &size,
964 free_ContentInfo(&info);
966 krb5_set_error_string(context, "encoding of Key ContentInfo "
968 free_PA_PK_AS_REP(&rep);
971 if (rep.u.encKeyPack.length != size)
972 krb5_abortx(context, "Internal ASN.1 encoder error");
978 if (client_params->dh_group_name)
979 other = client_params->dh_group_name;
981 rep.element = choice_PA_PK_AS_REP_dhInfo;
983 ret = generate_dh_keyblock(context, client_params, enctype,
984 &client_params->reply_key);
988 ret = pk_mk_pa_reply_dh(context, client_params->dh,
990 &client_params->reply_key,
994 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
995 rep.u.dhInfo.dhSignedData.length, &info, &size,
997 free_ContentInfo(&info);
999 krb5_set_error_string(context, "encoding of Key ContentInfo "
1001 free_PA_PK_AS_REP(&rep);
1004 if (rep.u.encKeyPack.length != size)
1005 krb5_abortx(context, "Internal ASN.1 encoder error");
1009 free_PA_PK_AS_REP(&rep);
1013 ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
1014 free_PA_PK_AS_REP(&rep);
1016 krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d",
1021 krb5_abortx(context, "Internal ASN.1 encoder error");
1023 kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
1025 } else if (client_params->type == PKINIT_COMPAT_WIN2K) {
1026 PA_PK_AS_REP_Win2k rep;
1029 if (client_params->dh) {
1030 krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
1031 ret = KRB5KRB_ERR_GENERIC;
1035 memset(&rep, 0, sizeof(rep));
1037 pa_type = KRB5_PADATA_PK_AS_REP_19;
1038 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1040 krb5_generate_random_keyblock(context, enctype,
1041 &client_params->reply_key);
1042 ret = pk_mk_pa_reply_enckey(context,
1046 &client_params->reply_key,
1049 free_PA_PK_AS_REP_Win2k(&rep);
1052 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1053 rep.u.encKeyPack.length, &info, &size,
1055 free_ContentInfo(&info);
1057 krb5_set_error_string(context, "encoding of Key ContentInfo "
1059 free_PA_PK_AS_REP_Win2k(&rep);
1062 if (rep.u.encKeyPack.length != size)
1063 krb5_abortx(context, "Internal ASN.1 encoder error");
1065 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
1066 free_PA_PK_AS_REP_Win2k(&rep);
1068 krb5_set_error_string(context,
1069 "encode PA-PK-AS-REP-Win2k failed %d", ret);
1073 krb5_abortx(context, "Internal ASN.1 encoder error");
1076 krb5_abortx(context, "PK-INIT internal error");
1079 ret = krb5_padata_add(context, md, pa_type, buf, len);
1081 krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret);
1086 if (config->pkinit_kdc_ocsp_file) {
1088 if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
1092 krb5_data_free(&ocsp.data);
1096 fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
1098 kdc_log(context, config, 0,
1099 "PK-INIT failed to open ocsp data file %d", errno);
1102 ret = fstat(fd, &sb);
1106 kdc_log(context, config, 0,
1107 "PK-INIT failed to stat ocsp data %d", ret);
1111 ret = krb5_data_alloc(&ocsp.data, sb.st_size);
1114 kdc_log(context, config, 0,
1115 "PK-INIT failed to stat ocsp data %d", ret);
1118 ocsp.data.length = sb.st_size;
1119 ret = read(fd, ocsp.data.data, sb.st_size);
1121 if (ret != sb.st_size) {
1122 kdc_log(context, config, 0,
1123 "PK-INIT failed to read ocsp data %d", errno);
1127 ret = hx509_ocsp_verify(kdc_identity->hx509ctx,
1131 ocsp.data.data, ocsp.data.length,
1134 kdc_log(context, config, 0,
1135 "PK-INIT failed to verify ocsp data %d", ret);
1136 krb5_data_free(&ocsp.data);
1138 } else if (ocsp.expire > 180)
1139 ocsp.expire -= 180; /* refetch the ocsp before it expire */
1142 ocsp.next_update = kdc_time + 3600;
1146 if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
1148 ret = krb5_padata_add(context, md,
1149 KRB5_PADATA_PA_PK_OCSP_RESPONSE,
1150 ocsp.data.data, ocsp.data.length);
1152 krb5_set_error_string(context,
1153 "Failed adding OCSP response %d", ret);
1161 hx509_cert_free(kdc_cert);
1164 *reply_key = &client_params->reply_key;
1169 pk_principal_from_X509(krb5_context context,
1170 krb5_kdc_configuration *config,
1171 hx509_cert client_cert,
1172 krb5_const_principal match)
1174 hx509_octet_string_list list;
1175 int ret, i, found = 0;
1177 memset(&list, 0 , sizeof(list));
1179 ret = hx509_cert_find_subjectAltName_otherName(client_cert,
1180 oid_id_pkinit_san(),
1185 for (i = 0; !found && i < list.len; i++) {
1186 krb5_principal_data principal;
1187 KRB5PrincipalName kn;
1190 ret = decode_KRB5PrincipalName(list.val[i].data,
1194 kdc_log(context, config, 0,
1195 "Decoding kerberos name in certificate failed: %s",
1196 krb5_get_err_text(context, ret));
1199 if (size != list.val[i].length) {
1200 kdc_log(context, config, 0,
1201 "Decoding kerberos name have extra bits on the end");
1202 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1205 principal.name = kn.principalName;
1206 principal.realm = kn.realm;
1208 if (krb5_principal_compare(context, &principal, match) == TRUE)
1210 free_KRB5PrincipalName(&kn);
1214 hx509_free_octet_string_list(&list);
1219 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1226 _kdc_pk_check_client(krb5_context context,
1227 krb5_kdc_configuration *config,
1228 krb5_principal client_princ,
1229 const hdb_entry_ex *client,
1230 pk_client_params *client_params,
1231 char **subject_name)
1233 const HDB_Ext_PKINIT_acl *acl;
1234 krb5_error_code ret;
1238 ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
1239 client_params->cert,
1244 ret = hx509_name_to_string(name, subject_name);
1245 hx509_name_free(&name);
1249 kdc_log(context, config, 0,
1250 "Trying to authorize PK-INIT subject DN %s",
1253 if (config->enable_pkinit_princ_in_cert) {
1254 ret = pk_principal_from_X509(context, config,
1255 client_params->cert,
1258 kdc_log(context, config, 5,
1259 "Found matching PK-INIT SAN in certificate");
1264 ret = hdb_entry_get_pkinit_acl(&client->entry, &acl);
1265 if (ret == 0 && acl != NULL) {
1267 * Cheat here and compare the generated name with the string
1268 * and not the reverse.
1270 for (i = 0; i < acl->len; i++) {
1271 if (strcmp(*subject_name, acl->val[0].subject) != 0)
1274 /* Don't support isser and anchor checking right now */
1275 if (acl->val[0].issuer)
1277 if (acl->val[0].anchor)
1280 kdc_log(context, config, 5,
1281 "Found matching PK-INIT database ACL");
1286 for (i = 0; i < principal_mappings.len; i++) {
1289 b = krb5_principal_compare(context,
1291 principal_mappings.val[i].principal);
1294 if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
1296 kdc_log(context, config, 5,
1297 "Found matching PK-INIT FILE ACL");
1301 free(*subject_name);
1302 *subject_name = NULL;
1304 krb5_set_error_string(context, "PKINIT no matching principals");
1305 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1308 static krb5_error_code
1309 add_principal_mapping(krb5_context context,
1310 const char *principal_name,
1311 const char * subject)
1313 struct pk_allowed_princ *tmp;
1314 krb5_principal principal;
1315 krb5_error_code ret;
1317 tmp = realloc(principal_mappings.val,
1318 (principal_mappings.len + 1) * sizeof(*tmp));
1321 principal_mappings.val = tmp;
1323 ret = krb5_parse_name(context, principal_name, &principal);
1327 principal_mappings.val[principal_mappings.len].principal = principal;
1329 principal_mappings.val[principal_mappings.len].subject = strdup(subject);
1330 if (principal_mappings.val[principal_mappings.len].subject == NULL) {
1331 krb5_free_principal(context, principal);
1334 principal_mappings.len++;
1341 _kdc_pk_initialize(krb5_context context,
1342 krb5_kdc_configuration *config,
1343 const char *user_id,
1344 const char *anchors,
1349 krb5_error_code ret;
1351 unsigned long lineno = 0;
1354 file = krb5_config_get_string(context, NULL,
1355 "libdefaults", "moduli", NULL);
1357 ret = _krb5_parse_moduli(context, file, &moduli);
1359 krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
1361 principal_mappings.len = 0;
1362 principal_mappings.val = NULL;
1364 ret = _krb5_pk_load_id(context,
1374 krb5_warn(context, ret, "PKINIT: failed to load");
1375 config->enable_pkinit = 0;
1379 ret = krb5_config_get_bool_default(context,
1383 "pki-allow-proxy-certificate",
1385 _krb5_pk_allow_proxy_certificate(kdc_identity, ret);
1387 file = krb5_config_get_string_default(context,
1389 HDB_DB_DIR "/pki-mapping",
1391 "pki-mappings-file",
1393 f = fopen(file, "r");
1395 krb5_warnx(context, "PKINIT: failed to load mappings file %s", file);
1399 while (fgets(buf, sizeof(buf), f) != NULL) {
1400 char *subject_name, *p;
1402 buf[strcspn(buf, "\n")] = '\0';
1405 p = buf + strspn(buf, " \t");
1407 if (*p == '#' || *p == '\0')
1410 subject_name = strchr(p, ':');
1411 if (subject_name == NULL) {
1412 krb5_warnx(context, "pkinit mapping file line %lu "
1413 "missing \":\" :%s",
1417 *subject_name++ = '\0';
1419 ret = add_principal_mapping(context, p, subject_name);
1421 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",