2 * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 RCSID("$Id: pkinit.c 21039 2007-06-10 06:20:31Z lha $");
40 #include <heim_asn1.h>
41 #include <rfc2459_asn1.h>
43 #include <pkinit_asn1.h>
46 #include "crypto-headers.h"
48 /* XXX copied from lib/krb5/pkinit.c */
49 struct krb5_pk_identity {
50 hx509_context hx509ctx;
51 hx509_verify_ctx verify_ctx;
55 hx509_revoke_ctx revoke;
59 PKINIT_COMPAT_WIN2K = 1,
63 struct pk_client_params {
64 enum pkinit_type type;
65 BIGNUM *dh_public_key;
69 EncryptionKey reply_key;
72 hx509_certs client_anchors;
75 struct pk_principal_mapping {
77 struct pk_allowed_princ {
78 krb5_principal principal;
83 static struct krb5_pk_identity *kdc_identity;
84 static struct pk_principal_mapping principal_mappings;
85 static struct krb5_dh_moduli **moduli;
97 static krb5_error_code
98 pk_check_pkauthenticator_win2k(krb5_context context,
99 PKAuthenticator_Win2k *a,
104 krb5_timeofday (context, &now);
107 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
108 krb5_clear_error_string(context);
109 return KRB5KRB_AP_ERR_SKEW;
114 static krb5_error_code
115 pk_check_pkauthenticator(krb5_context context,
126 krb5_timeofday (context, &now);
129 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
130 krb5_clear_error_string(context);
131 return KRB5KRB_AP_ERR_SKEW;
134 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
136 krb5_clear_error_string(context);
140 krb5_abortx(context, "Internal error in ASN.1 encoder");
142 ret = krb5_create_checksum(context,
151 krb5_clear_error_string(context);
155 if (a->paChecksum == NULL) {
156 krb5_clear_error_string(context);
157 ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
161 if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
162 krb5_clear_error_string(context);
163 ret = KRB5KRB_ERR_GENERIC;
167 free_Checksum(&checksum);
173 _kdc_pk_free_client_param(krb5_context context,
174 pk_client_params *client_params)
176 if (client_params->cert)
177 hx509_cert_free(client_params->cert);
178 if (client_params->dh)
179 DH_free(client_params->dh);
180 if (client_params->dh_public_key)
181 BN_free(client_params->dh_public_key);
182 krb5_free_keyblock_contents(context, &client_params->reply_key);
183 if (client_params->dh_group_name)
184 free(client_params->dh_group_name);
185 if (client_params->peer)
186 hx509_peer_info_free(client_params->peer);
187 if (client_params->client_anchors)
188 hx509_certs_free(&client_params->client_anchors);
189 memset(client_params, 0, sizeof(*client_params));
193 static krb5_error_code
194 generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
195 krb5_enctype enctype, krb5_keyblock *reply_key)
197 unsigned char *dh_gen_key = NULL;
200 size_t dh_gen_keylen, size;
202 memset(&key, 0, sizeof(key));
204 if (!DH_generate_key(client_params->dh)) {
205 krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
206 ret = KRB5KRB_ERR_GENERIC;
209 if (client_params->dh_public_key == NULL) {
210 krb5_set_error_string(context, "dh_public_key");
211 ret = KRB5KRB_ERR_GENERIC;
215 dh_gen_keylen = DH_size(client_params->dh);
216 size = BN_num_bytes(client_params->dh->p);
217 if (size < dh_gen_keylen)
218 size = dh_gen_keylen;
220 dh_gen_key = malloc(size);
221 if (dh_gen_key == NULL) {
222 krb5_set_error_string(context, "malloc: out of memory");
226 memset(dh_gen_key, 0, size - dh_gen_keylen);
228 dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
229 client_params->dh_public_key,
231 if (dh_gen_keylen == -1) {
232 krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
233 ret = KRB5KRB_ERR_GENERIC;
237 ret = _krb5_pk_octetstring2key(context,
239 dh_gen_key, dh_gen_keylen,
246 if (key.keyvalue.data)
247 krb5_free_keyblock_contents(context, &key);
253 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
257 bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
259 krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
262 BN_set_negative(bn, f->negative);
266 static krb5_error_code
267 get_dh_param(krb5_context context,
268 krb5_kdc_configuration *config,
269 SubjectPublicKeyInfo *dh_key_info,
270 pk_client_params *client_params)
272 DomainParameters dhparam;
276 memset(&dhparam, 0, sizeof(dhparam));
278 if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
279 krb5_set_error_string(context,
280 "PKINIT invalid oid in clientPublicValue");
281 return KRB5_BADMSGTYPE;
284 if (dh_key_info->algorithm.parameters == NULL) {
285 krb5_set_error_string(context, "PKINIT missing algorithm parameter "
286 "in clientPublicValue");
287 return KRB5_BADMSGTYPE;
290 ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
291 dh_key_info->algorithm.parameters->length,
295 krb5_set_error_string(context, "Can't decode algorithm "
296 "parameters in clientPublicValue");
300 if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
301 ret = KRB5_BADMSGTYPE;
302 krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
303 "to 8 bit boundary");
308 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
309 &dhparam.p, &dhparam.g, &dhparam.q, moduli,
310 &client_params->dh_group_name);
312 /* XXX send back proposal of better group */
318 krb5_set_error_string(context, "Cannot create DH structure");
322 ret = KRB5_BADMSGTYPE;
323 dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
326 dh->g = integer_to_BN(context, "DH base", &dhparam.g);
329 dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
337 ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
338 dh_key_info->subjectPublicKey.length / 8,
342 krb5_clear_error_string(context);
346 client_params->dh_public_key = integer_to_BN(context,
349 der_free_heim_integer(&glue);
350 if (client_params->dh_public_key == NULL)
354 client_params->dh = dh;
361 free_DomainParameters(&dhparam);
366 _kdc_pk_rd_padata(krb5_context context,
367 krb5_kdc_configuration *config,
370 pk_client_params **ret_params)
372 pk_client_params *client_params;
374 heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
375 krb5_data eContent = { 0, NULL };
376 krb5_data signed_content = { 0, NULL };
377 const char *type = "unknown type";
382 if (!config->enable_pkinit) {
383 krb5_clear_error_string(context);
387 hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec);
389 client_params = calloc(1, sizeof(*client_params));
390 if (client_params == NULL) {
391 krb5_clear_error_string(context);
396 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
397 PA_PK_AS_REQ_Win2k r;
399 type = "PK-INIT-Win2k";
401 ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
402 pa->padata_value.length,
406 krb5_set_error_string(context, "Can't decode "
407 "PK-AS-REQ-Win2k: %d", ret);
411 ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
415 free_PA_PK_AS_REQ_Win2k(&r);
417 krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
421 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
424 type = "PK-INIT-IETF";
426 ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
427 pa->padata_value.length,
431 krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
435 /* XXX look at r.kdcPkId */
436 if (r.trustedCertifiers) {
437 ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
440 ret = hx509_certs_init(kdc_identity->hx509ctx,
441 "MEMORY:client-anchors",
443 &client_params->client_anchors);
445 krb5_set_error_string(context, "Can't allocate client anchors: %d", ret);
449 for (i = 0; i < edi->len; i++) {
450 IssuerAndSerialNumber iasn;
455 if (edi->val[i].issuerAndSerialNumber == NULL)
458 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
460 krb5_set_error_string(context,
461 "Failed to allocate hx509_query");
465 ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
466 edi->val[i].issuerAndSerialNumber->length,
470 hx509_query_free(kdc_identity->hx509ctx, q);
473 ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
474 free_IssuerAndSerialNumber(&iasn);
478 ret = hx509_certs_find(kdc_identity->hx509ctx,
482 hx509_query_free(kdc_identity->hx509ctx, q);
485 hx509_certs_add(kdc_identity->hx509ctx,
486 client_params->client_anchors, cert);
487 hx509_cert_free(cert);
491 ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
495 free_PA_PK_AS_REQ(&r);
497 krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
502 krb5_clear_error_string(context);
503 ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
507 ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
509 krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
511 ret = KRB5KRB_ERR_GENERIC;
516 krb5_set_error_string(context,
517 "PK-AS-REQ-Win2k no signed auth pack");
518 ret = KRB5KRB_ERR_GENERIC;
523 hx509_certs signer_certs;
525 ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
526 kdc_identity->verify_ctx,
528 signed_content.length,
530 kdc_identity->certpool,
535 char *s = hx509_get_error_string(kdc_identity->hx509ctx, ret);
536 krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
542 ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
543 &client_params->cert);
544 hx509_certs_free(&signer_certs);
549 /* Signature is correct, now verify the signed message */
550 if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
551 der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
553 krb5_set_error_string(context, "got wrong oid for pkauthdata");
554 ret = KRB5_BADMSGTYPE;
558 if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
561 ret = decode_AuthPack_Win2k(eContent.data,
566 krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
570 ret = pk_check_pkauthenticator_win2k(context,
574 free_AuthPack_Win2k(&ap);
578 client_params->type = PKINIT_COMPAT_WIN2K;
579 client_params->nonce = ap.pkAuthenticator.nonce;
581 if (ap.clientPublicValue) {
582 krb5_set_error_string(context, "DH not supported for windows");
583 ret = KRB5KRB_ERR_GENERIC;
586 free_AuthPack_Win2k(&ap);
588 } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
591 ret = decode_AuthPack(eContent.data,
596 krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
601 ret = pk_check_pkauthenticator(context,
609 client_params->type = PKINIT_COMPAT_27;
610 client_params->nonce = ap.pkAuthenticator.nonce;
612 if (ap.clientPublicValue) {
613 ret = get_dh_param(context, config,
614 ap.clientPublicValue, client_params);
621 if (ap.supportedCMSTypes) {
622 ret = hx509_peer_info_alloc(kdc_identity->hx509ctx,
623 &client_params->peer);
628 ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx,
630 ap.supportedCMSTypes->val,
631 ap.supportedCMSTypes->len);
639 krb5_abortx(context, "internal pkinit error");
641 kdc_log(context, config, 0, "PK-INIT request of type %s", type);
645 krb5_warn(context, ret, "PKINIT");
647 if (signed_content.data)
648 free(signed_content.data);
649 krb5_data_free(&eContent);
650 der_free_oid(&eContentType);
651 der_free_oid(&contentInfoOid);
653 _kdc_pk_free_client_param(context, client_params);
655 *ret_params = client_params;
663 static krb5_error_code
664 BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
666 integer->length = BN_num_bytes(bn);
667 integer->data = malloc(integer->length);
668 if (integer->data == NULL) {
669 krb5_clear_error_string(context);
672 BN_bn2bin(bn, integer->data);
673 integer->negative = BN_is_negative(bn);
677 static krb5_error_code
678 pk_mk_pa_reply_enckey(krb5_context context,
679 pk_client_params *client_params,
681 const krb5_data *req_buffer,
682 krb5_keyblock *reply_key,
683 ContentInfo *content_info)
685 const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
687 krb5_data buf, signed_data;
691 krb5_data_zero(&buf);
692 krb5_data_zero(&signed_data);
695 * If the message client is a win2k-type but it send pa data
696 * 09-binding it expects a IETF (checksum) reply so there can be
700 switch (client_params->type) {
701 case PKINIT_COMPAT_WIN2K: {
703 if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL)
707 case PKINIT_COMPAT_27:
710 krb5_abortx(context, "internal pkinit error");
714 ReplyKeyPack_Win2k kp;
715 memset(&kp, 0, sizeof(kp));
717 envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
718 sdAlg = oid_id_pkcs7_data();
720 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
722 krb5_clear_error_string(context);
725 kp.nonce = client_params->nonce;
727 ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
728 buf.data, buf.length,
730 free_ReplyKeyPack_Win2k(&kp);
732 krb5_crypto ascrypto;
734 memset(&kp, 0, sizeof(kp));
736 sdAlg = oid_id_pkrkeydata();
738 ret = copy_EncryptionKey(reply_key, &kp.replyKey);
740 krb5_clear_error_string(context);
744 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
746 krb5_clear_error_string(context);
750 ret = krb5_create_checksum(context, ascrypto, 6, 0,
751 req_buffer->data, req_buffer->length,
754 krb5_clear_error_string(context);
758 ret = krb5_crypto_destroy(context, ascrypto);
760 krb5_clear_error_string(context);
763 ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
764 free_ReplyKeyPack(&kp);
767 krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack "
771 if (buf.length != size)
772 krb5_abortx(context, "Internal ASN.1 encoder error");
778 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
782 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
783 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
785 ret = hx509_certs_find(kdc_identity->hx509ctx,
789 hx509_query_free(kdc_identity->hx509ctx, q);
793 ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
801 client_params->client_anchors,
802 kdc_identity->certpool,
804 hx509_cert_free(cert);
807 krb5_data_free(&buf);
811 if (client_params->type == PKINIT_COMPAT_WIN2K) {
812 ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(),
817 krb5_data_free(&signed_data);
821 ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
824 signed_data.data, signed_data.length,
826 oid_id_pkcs7_signedData(), &buf);
830 ret = _krb5_pk_mk_ContentInfo(context,
832 oid_id_pkcs7_envelopedData(),
835 krb5_data_free(&buf);
836 krb5_data_free(&signed_data);
844 static krb5_error_code
845 pk_mk_pa_reply_dh(krb5_context context,
847 pk_client_params *client_params,
848 krb5_keyblock *reply_key,
849 ContentInfo *content_info,
850 hx509_cert *kdc_cert)
852 KDCDHKeyInfo dh_info;
853 krb5_data signed_data, buf;
854 ContentInfo contentinfo;
859 memset(&contentinfo, 0, sizeof(contentinfo));
860 memset(&dh_info, 0, sizeof(dh_info));
861 krb5_data_zero(&buf);
862 krb5_data_zero(&signed_data);
866 ret = BN_to_integer(context, kdc_dh->pub_key, &i);
870 ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
872 krb5_set_error_string(context, "ASN.1 encoding of "
873 "DHPublicKey failed (%d)", ret);
874 krb5_clear_error_string(context);
877 if (buf.length != size)
878 krb5_abortx(context, "Internal ASN.1 encoder error");
880 dh_info.subjectPublicKey.length = buf.length * 8;
881 dh_info.subjectPublicKey.data = buf.data;
883 dh_info.nonce = client_params->nonce;
885 ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
888 krb5_set_error_string(context, "ASN.1 encoding of "
889 "KdcDHKeyInfo failed (%d)", ret);
892 if (buf.length != size)
893 krb5_abortx(context, "Internal ASN.1 encoder error");
896 * Create the SignedData structure and sign the KdcDHKeyInfo
904 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
908 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
909 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
911 ret = hx509_certs_find(kdc_identity->hx509ctx,
915 hx509_query_free(kdc_identity->hx509ctx, q);
919 ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
921 oid_id_pkdhkeydata(),
927 client_params->client_anchors,
928 kdc_identity->certpool,
935 ret = _krb5_pk_mk_ContentInfo(context,
937 oid_id_pkcs7_signedData(),
943 if (ret && *kdc_cert) {
944 hx509_cert_free(*kdc_cert);
948 krb5_data_free(&buf);
949 krb5_data_free(&signed_data);
950 free_KDCDHKeyInfo(&dh_info);
960 _kdc_pk_mk_pa_reply(krb5_context context,
961 krb5_kdc_configuration *config,
962 pk_client_params *client_params,
963 const hdb_entry_ex *client,
965 const krb5_data *req_buffer,
966 krb5_keyblock **reply_key,
972 krb5_enctype enctype;
974 hx509_cert kdc_cert = NULL;
977 if (!config->enable_pkinit) {
978 krb5_clear_error_string(context);
982 if (req->req_body.etype.len > 0) {
983 for (i = 0; i < req->req_body.etype.len; i++)
984 if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
986 if (req->req_body.etype.len <= i) {
987 ret = KRB5KRB_ERR_GENERIC;
988 krb5_set_error_string(context,
989 "No valid enctype available from client");
992 enctype = req->req_body.etype.val[i];
994 enctype = ETYPE_DES3_CBC_SHA1;
996 if (client_params->type == PKINIT_COMPAT_27) {
998 const char *type, *other = "";
1000 memset(&rep, 0, sizeof(rep));
1002 pa_type = KRB5_PADATA_PK_AS_REP;
1004 if (client_params->dh == NULL) {
1009 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1011 ret = krb5_generate_random_keyblock(context, enctype,
1012 &client_params->reply_key);
1014 free_PA_PK_AS_REP(&rep);
1017 ret = pk_mk_pa_reply_enckey(context,
1021 &client_params->reply_key,
1024 free_PA_PK_AS_REP(&rep);
1027 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1028 rep.u.encKeyPack.length, &info, &size,
1030 free_ContentInfo(&info);
1032 krb5_set_error_string(context, "encoding of Key ContentInfo "
1034 free_PA_PK_AS_REP(&rep);
1037 if (rep.u.encKeyPack.length != size)
1038 krb5_abortx(context, "Internal ASN.1 encoder error");
1044 if (client_params->dh_group_name)
1045 other = client_params->dh_group_name;
1047 rep.element = choice_PA_PK_AS_REP_dhInfo;
1049 ret = generate_dh_keyblock(context, client_params, enctype,
1050 &client_params->reply_key);
1054 ret = pk_mk_pa_reply_dh(context, client_params->dh,
1056 &client_params->reply_key,
1060 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
1061 rep.u.dhInfo.dhSignedData.length, &info, &size,
1063 free_ContentInfo(&info);
1065 krb5_set_error_string(context, "encoding of Key ContentInfo "
1067 free_PA_PK_AS_REP(&rep);
1070 if (rep.u.encKeyPack.length != size)
1071 krb5_abortx(context, "Internal ASN.1 encoder error");
1075 free_PA_PK_AS_REP(&rep);
1079 ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
1080 free_PA_PK_AS_REP(&rep);
1082 krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d",
1087 krb5_abortx(context, "Internal ASN.1 encoder error");
1089 kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
1091 } else if (client_params->type == PKINIT_COMPAT_WIN2K) {
1092 PA_PK_AS_REP_Win2k rep;
1095 if (client_params->dh) {
1096 krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
1097 ret = KRB5KRB_ERR_GENERIC;
1101 memset(&rep, 0, sizeof(rep));
1103 pa_type = KRB5_PADATA_PK_AS_REP_19;
1104 rep.element = choice_PA_PK_AS_REP_encKeyPack;
1106 ret = krb5_generate_random_keyblock(context, enctype,
1107 &client_params->reply_key);
1109 free_PA_PK_AS_REP_Win2k(&rep);
1112 ret = pk_mk_pa_reply_enckey(context,
1116 &client_params->reply_key,
1119 free_PA_PK_AS_REP_Win2k(&rep);
1122 ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
1123 rep.u.encKeyPack.length, &info, &size,
1125 free_ContentInfo(&info);
1127 krb5_set_error_string(context, "encoding of Key ContentInfo "
1129 free_PA_PK_AS_REP_Win2k(&rep);
1132 if (rep.u.encKeyPack.length != size)
1133 krb5_abortx(context, "Internal ASN.1 encoder error");
1135 ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
1136 free_PA_PK_AS_REP_Win2k(&rep);
1138 krb5_set_error_string(context,
1139 "encode PA-PK-AS-REP-Win2k failed %d", ret);
1143 krb5_abortx(context, "Internal ASN.1 encoder error");
1146 krb5_abortx(context, "PK-INIT internal error");
1149 ret = krb5_padata_add(context, md, pa_type, buf, len);
1151 krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret);
1156 if (config->pkinit_kdc_ocsp_file) {
1158 if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
1162 krb5_data_free(&ocsp.data);
1165 ocsp.next_update = kdc_time + 60 * 5;
1167 fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
1169 kdc_log(context, config, 0,
1170 "PK-INIT failed to open ocsp data file %d", errno);
1173 ret = fstat(fd, &sb);
1177 kdc_log(context, config, 0,
1178 "PK-INIT failed to stat ocsp data %d", ret);
1182 ret = krb5_data_alloc(&ocsp.data, sb.st_size);
1185 kdc_log(context, config, 0,
1186 "PK-INIT failed to stat ocsp data %d", ret);
1189 ocsp.data.length = sb.st_size;
1190 ret = read(fd, ocsp.data.data, sb.st_size);
1192 if (ret != sb.st_size) {
1193 kdc_log(context, config, 0,
1194 "PK-INIT failed to read ocsp data %d", errno);
1198 ret = hx509_ocsp_verify(kdc_identity->hx509ctx,
1202 ocsp.data.data, ocsp.data.length,
1205 kdc_log(context, config, 0,
1206 "PK-INIT failed to verify ocsp data %d", ret);
1207 krb5_data_free(&ocsp.data);
1209 } else if (ocsp.expire > 180) {
1210 ocsp.expire -= 180; /* refetch the ocsp before it expire */
1211 ocsp.next_update = ocsp.expire;
1213 ocsp.next_update = kdc_time;
1219 if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
1221 ret = krb5_padata_add(context, md,
1222 KRB5_PADATA_PA_PK_OCSP_RESPONSE,
1223 ocsp.data.data, ocsp.data.length);
1225 krb5_set_error_string(context,
1226 "Failed adding OCSP response %d", ret);
1234 hx509_cert_free(kdc_cert);
1237 *reply_key = &client_params->reply_key;
1242 match_rfc_san(krb5_context context,
1243 krb5_kdc_configuration *config,
1244 hx509_cert client_cert,
1245 krb5_const_principal match)
1247 hx509_octet_string_list list;
1248 int ret, i, found = 0;
1250 memset(&list, 0 , sizeof(list));
1252 ret = hx509_cert_find_subjectAltName_otherName(client_cert,
1253 oid_id_pkinit_san(),
1258 for (i = 0; !found && i < list.len; i++) {
1259 krb5_principal_data principal;
1260 KRB5PrincipalName kn;
1263 ret = decode_KRB5PrincipalName(list.val[i].data,
1267 kdc_log(context, config, 0,
1268 "Decoding kerberos name in certificate failed: %s",
1269 krb5_get_err_text(context, ret));
1272 if (size != list.val[i].length) {
1273 kdc_log(context, config, 0,
1274 "Decoding kerberos name have extra bits on the end");
1275 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1278 principal.name = kn.principalName;
1279 principal.realm = kn.realm;
1281 if (krb5_principal_compare(context, &principal, match) == TRUE)
1283 free_KRB5PrincipalName(&kn);
1287 hx509_free_octet_string_list(&list);
1292 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1298 match_ms_upn_san(krb5_context context,
1299 krb5_kdc_configuration *config,
1300 hx509_cert client_cert,
1301 krb5_const_principal match)
1303 hx509_octet_string_list list;
1304 krb5_principal principal = NULL;
1309 memset(&list, 0 , sizeof(list));
1311 ret = hx509_cert_find_subjectAltName_otherName(client_cert,
1312 oid_id_pkinit_ms_san(),
1317 if (list.len != 1) {
1318 kdc_log(context, config, 0,
1319 "More then one PK-INIT MS UPN SAN");
1323 ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
1325 kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
1329 kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
1331 ret = krb5_parse_name(context, upn, &principal);
1332 free_MS_UPN_SAN(&upn);
1334 kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
1339 * This is very wrong, but will do for now, should really and a
1340 * plugin to the windc layer to very this ACL.
1342 strupr(principal->realm);
1344 if (krb5_principal_compare(context, principal, match) == TRUE)
1349 krb5_free_principal(context, principal);
1350 hx509_free_octet_string_list(&list);
1355 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1361 _kdc_pk_check_client(krb5_context context,
1362 krb5_kdc_configuration *config,
1363 const hdb_entry_ex *client,
1364 pk_client_params *client_params,
1365 char **subject_name)
1367 const HDB_Ext_PKINIT_acl *acl;
1368 krb5_error_code ret;
1372 ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
1373 client_params->cert,
1378 ret = hx509_name_to_string(name, subject_name);
1379 hx509_name_free(&name);
1383 kdc_log(context, config, 0,
1384 "Trying to authorize PK-INIT subject DN %s",
1387 if (config->enable_pkinit_princ_in_cert) {
1388 ret = match_rfc_san(context, config,
1389 client_params->cert,
1390 client->entry.principal);
1392 kdc_log(context, config, 5,
1393 "Found matching PK-INIT SAN in certificate");
1396 ret = match_ms_upn_san(context, config,
1397 client_params->cert,
1398 client->entry.principal);
1400 kdc_log(context, config, 5,
1401 "Found matching MS UPN SAN in certificate");
1406 ret = hdb_entry_get_pkinit_acl(&client->entry, &acl);
1407 if (ret == 0 && acl != NULL) {
1409 * Cheat here and compare the generated name with the string
1410 * and not the reverse.
1412 for (i = 0; i < acl->len; i++) {
1413 if (strcmp(*subject_name, acl->val[0].subject) != 0)
1416 /* Don't support isser and anchor checking right now */
1417 if (acl->val[0].issuer)
1419 if (acl->val[0].anchor)
1422 kdc_log(context, config, 5,
1423 "Found matching PK-INIT database ACL");
1428 for (i = 0; i < principal_mappings.len; i++) {
1431 b = krb5_principal_compare(context,
1432 client->entry.principal,
1433 principal_mappings.val[i].principal);
1436 if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
1438 kdc_log(context, config, 5,
1439 "Found matching PK-INIT FILE ACL");
1443 krb5_set_error_string(context,
1444 "PKINIT no matching principals for %s",
1447 kdc_log(context, config, 5,
1448 "PKINIT no matching principals for %s",
1451 free(*subject_name);
1452 *subject_name = NULL;
1454 return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
1457 static krb5_error_code
1458 add_principal_mapping(krb5_context context,
1459 const char *principal_name,
1460 const char * subject)
1462 struct pk_allowed_princ *tmp;
1463 krb5_principal principal;
1464 krb5_error_code ret;
1466 tmp = realloc(principal_mappings.val,
1467 (principal_mappings.len + 1) * sizeof(*tmp));
1470 principal_mappings.val = tmp;
1472 ret = krb5_parse_name(context, principal_name, &principal);
1476 principal_mappings.val[principal_mappings.len].principal = principal;
1478 principal_mappings.val[principal_mappings.len].subject = strdup(subject);
1479 if (principal_mappings.val[principal_mappings.len].subject == NULL) {
1480 krb5_free_principal(context, principal);
1483 principal_mappings.len++;
1489 _kdc_add_inital_verified_cas(krb5_context context,
1490 krb5_kdc_configuration *config,
1491 pk_client_params *params,
1494 AD_INITIAL_VERIFIED_CAS cas;
1495 krb5_error_code ret;
1499 memset(&cas, 0, sizeof(cas));
1501 /* XXX add CAs to cas here */
1503 ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
1507 if (data.length != size)
1508 krb5_abortx(context, "internal asn.1 encoder error");
1510 ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
1511 ad_initial_verified_cas, &data);
1512 krb5_data_free(&data);
1521 load_mappings(krb5_context context, const char *fn)
1523 krb5_error_code ret;
1525 unsigned long lineno = 0;
1532 while (fgets(buf, sizeof(buf), f) != NULL) {
1533 char *subject_name, *p;
1535 buf[strcspn(buf, "\n")] = '\0';
1538 p = buf + strspn(buf, " \t");
1540 if (*p == '#' || *p == '\0')
1543 subject_name = strchr(p, ':');
1544 if (subject_name == NULL) {
1545 krb5_warnx(context, "pkinit mapping file line %lu "
1546 "missing \":\" :%s",
1550 *subject_name++ = '\0';
1552 ret = add_principal_mapping(context, p, subject_name);
1554 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
1568 _kdc_pk_initialize(krb5_context context,
1569 krb5_kdc_configuration *config,
1570 const char *user_id,
1571 const char *anchors,
1576 krb5_error_code ret;
1578 file = krb5_config_get_string(context, NULL,
1579 "libdefaults", "moduli", NULL);
1581 ret = _krb5_parse_moduli(context, file, &moduli);
1583 krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
1585 principal_mappings.len = 0;
1586 principal_mappings.val = NULL;
1588 ret = _krb5_pk_load_id(context,
1598 krb5_warn(context, ret, "PKINIT: ");
1599 config->enable_pkinit = 0;
1607 ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
1609 krb5_warnx(context, "PKINIT: out of memory");
1613 hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
1614 hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
1616 ret = hx509_certs_find(kdc_identity->hx509ctx,
1617 kdc_identity->certs,
1620 hx509_query_free(kdc_identity->hx509ctx, q);
1622 if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert,
1623 oid_id_pkkdcekuoid(), 0))
1624 krb5_warnx(context, "WARNING Found KDC certificate "
1625 "is missing the PK-INIT KDC EKU, this is bad for "
1626 "interoperability.");
1627 hx509_cert_free(cert);
1629 krb5_warnx(context, "PKINIT: failed to find a signing "
1630 "certifiate with a public key");
1633 ret = krb5_config_get_bool_default(context,
1637 "pkinit_allow_proxy_certificate",
1639 _krb5_pk_allow_proxy_certificate(kdc_identity, ret);
1641 file = krb5_config_get_string_default(context,
1643 HDB_DB_DIR "/pki-mapping",
1645 "pkinit_mappings_file",
1648 load_mappings(context, file);