diff options
Diffstat (limited to '')
-rw-r--r-- | third_party/heimdal/kdc/pkinit-ec.c | 318 |
1 files changed, 318 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/pkinit-ec.c b/third_party/heimdal/kdc/pkinit-ec.c new file mode 100644 index 0000000..c718aa7 --- /dev/null +++ b/third_party/heimdal/kdc/pkinit-ec.c @@ -0,0 +1,318 @@ +/* + * Copyright (c) 2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <config.h> +#include <roken.h> + +#ifdef PKINIT + +/* + * As with the other *-ec.c files in Heimdal, this is a bit of a hack. + * + * The idea is to use OpenSSL for EC because hcrypto doesn't have the + * required functionality at this time. To do this we segregate + * EC-using code into separate source files and then we arrange for them + * to get the OpenSSL headers and not the conflicting hcrypto ones. + * + * Because of auto-generated *-private.h headers, we end up needing to + * make sure various types are defined before we include them, thus the + * strange header include order here. + */ + +#ifdef HAVE_HCRYPTO_W_OPENSSL +#include <openssl/ec.h> +#include <openssl/ecdh.h> +#include <openssl/evp.h> +#include <openssl/bn.h> +#define HEIM_NO_CRYPTO_HDRS +#endif /* HAVE_HCRYPTO_W_OPENSSL */ + +#define NO_HCRYPTO_POLLUTION + +#include "kdc_locl.h" +#include <hcrypto/des.h> +#include <heim_asn1.h> +#include <rfc2459_asn1.h> +#include <cms_asn1.h> +#include <pkinit_asn1.h> + +#include <hx509.h> + +#ifdef HAVE_HCRYPTO_W_OPENSSL +static void +free_client_ec_param(krb5_context context, + EC_KEY *ec_key_pk, + EC_KEY *ec_key_key) +{ + if (ec_key_pk != NULL) + EC_KEY_free(ec_key_pk); + if (ec_key_key != NULL) + EC_KEY_free(ec_key_key); +} +#endif + +void +_kdc_pk_free_client_ec_param(krb5_context context, + void *ec_key_pk, + void *ec_key_key) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL + free_client_ec_param(context, ec_key_pk, ec_key_key); +#endif +} + +#ifdef HAVE_HCRYPTO_W_OPENSSL +static krb5_error_code +generate_ecdh_keyblock(krb5_context context, + EC_KEY *ec_key_pk, /* the client's public key */ + EC_KEY **ec_key_key, /* the KDC's ephemeral private */ + unsigned char **dh_gen_key, /* shared secret */ + size_t *dh_gen_keylen) +{ + const EC_GROUP *group; + EC_KEY *ephemeral; + krb5_keyblock key; + krb5_error_code ret; + unsigned char *p; + size_t size; + int len; + + *dh_gen_key = NULL; + *dh_gen_keylen = 0; + *ec_key_key = NULL; + + memset(&key, 0, sizeof(key)); + + if (ec_key_pk == NULL) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "public_key"); + return ret; + } + + group = EC_KEY_get0_group(ec_key_pk); + if (group == NULL) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "failed to get the group of " + "the client's public key"); + return ret; + } + + ephemeral = EC_KEY_new(); + if (ephemeral == NULL) + return krb5_enomem(context); + + EC_KEY_set_group(ephemeral, group); + + if (EC_KEY_generate_key(ephemeral) != 1) { + EC_KEY_free(ephemeral); + return krb5_enomem(context); + } + + size = (EC_GROUP_get_degree(group) + 7) / 8; + p = malloc(size); + if (p == NULL) { + EC_KEY_free(ephemeral); + return krb5_enomem(context); + } + + len = ECDH_compute_key(p, size, + EC_KEY_get0_public_key(ec_key_pk), + ephemeral, NULL); + if (len <= 0) { + free(p); + EC_KEY_free(ephemeral); + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Failed to compute ECDH " + "public shared secret"); + return ret; + } + + *ec_key_key = ephemeral; + *dh_gen_key = p; + *dh_gen_keylen = len; + + return 0; +} +#endif /* HAVE_HCRYPTO_W_OPENSSL */ + +krb5_error_code +_kdc_generate_ecdh_keyblock(krb5_context context, + void *ec_key_pk, /* the client's public key */ + void **ec_key_key, /* the KDC's ephemeral private */ + unsigned char **dh_gen_key, /* shared secret */ + size_t *dh_gen_keylen) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL + return generate_ecdh_keyblock(context, ec_key_pk, + (EC_KEY **)ec_key_key, + dh_gen_key, dh_gen_keylen); +#else + return ENOTSUP; +#endif /* HAVE_HCRYPTO_W_OPENSSL */ +} + +#ifdef HAVE_HCRYPTO_W_OPENSSL +static krb5_error_code +get_ecdh_param(krb5_context context, + krb5_kdc_configuration *config, + SubjectPublicKeyInfo *dh_key_info, + EC_KEY **out) +{ + ECParameters ecp; + EC_KEY *public = NULL; + krb5_error_code ret; + const unsigned char *p; + size_t len; + int nid; + + if (dh_key_info->algorithm.parameters == NULL) { + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT missing algorithm parameter " + "in clientPublicValue"); + return KRB5_BADMSGTYPE; + } + + memset(&ecp, 0, sizeof(ecp)); + + ret = decode_ECParameters(dh_key_info->algorithm.parameters->data, + dh_key_info->algorithm.parameters->length, &ecp, &len); + if (ret) + goto out; + + if (ecp.element != choice_ECParameters_namedCurve) { + ret = KRB5_BADMSGTYPE; + goto out; + } + + if (der_heim_oid_cmp(&ecp.u.namedCurve, &asn1_oid_id_ec_group_secp256r1) == 0) + nid = NID_X9_62_prime256v1; + else { + ret = KRB5_BADMSGTYPE; + goto out; + } + + /* XXX verify group is ok */ + + public = EC_KEY_new_by_curve_name(nid); + + p = dh_key_info->subjectPublicKey.data; + len = dh_key_info->subjectPublicKey.length / 8; + if (o2i_ECPublicKey(&public, &p, len) == NULL) { + ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, + "PKINIT failed to decode ECDH key"); + goto out; + } + *out = public; + public = NULL; + + out: + if (public) + EC_KEY_free(public); + free_ECParameters(&ecp); + return ret; +} +#endif /* HAVE_HCRYPTO_W_OPENSSL */ + +krb5_error_code +_kdc_get_ecdh_param(krb5_context context, + krb5_kdc_configuration *config, + SubjectPublicKeyInfo *dh_key_info, + void **out) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL + return get_ecdh_param(context, config, dh_key_info, (EC_KEY **)out); +#else + return ENOTSUP; +#endif /* HAVE_HCRYPTO_W_OPENSSL */ +} + + +/* + * + */ + +#ifdef HAVE_HCRYPTO_W_OPENSSL +static krb5_error_code +serialize_ecdh_key(krb5_context context, + EC_KEY *key, + unsigned char **out, + size_t *out_len) +{ + krb5_error_code ret = 0; + unsigned char *p; + int len; + + *out = NULL; + *out_len = 0; + + len = i2o_ECPublicKey(key, NULL); + if (len <= 0) + return EOVERFLOW; + + *out = malloc(len); + if (*out == NULL) + return krb5_enomem(context); + + p = *out; + len = i2o_ECPublicKey(key, &p); + if (len <= 0) { + free(*out); + *out = NULL; + ret = EINVAL; /* XXX Better error please */ + krb5_set_error_message(context, ret, + "PKINIT failed to encode ECDH key"); + return ret; + } + + *out_len = len * 8; + return ret; +} +#endif + +krb5_error_code +_kdc_serialize_ecdh_key(krb5_context context, + void *key, + unsigned char **out, + size_t *out_len) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL + return serialize_ecdh_key(context, key, out, out_len); +#else + return ENOTSUP; +#endif +} + +#endif |