Lines Matching refs:context
95 pk_check_pkauthenticator_win2k(krb5_context context,
101 krb5_timeofday (context, &now);
104 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
105 krb5_clear_error_message(context);
112 pk_check_pkauthenticator(krb5_context context,
123 krb5_timeofday (context, &now);
126 if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
127 krb5_clear_error_message(context);
133 krb5_clear_error_message(context);
137 krb5_abortx(context, "Internal error in ASN.1 encoder");
139 ret = krb5_create_checksum(context,
148 krb5_clear_error_message(context);
153 krb5_clear_error_message(context);
159 krb5_clear_error_message(context);
170 _kdc_pk_free_client_param(krb5_context context, pk_client_params *cp)
192 krb5_free_keyblock_contents(context, &cp->reply_key);
204 generate_dh_keyblock(krb5_context context,
219 krb5_set_error_message(context, ret, "public_key");
225 krb5_set_error_message(context, ret,
235 krb5_set_error_message(context, ret, "malloc: out of memory");
242 krb5_set_error_message(context, ret,
258 krb5_set_error_message(context, ret, "public_key");
279 krb5_set_error_message(context, ret,
291 krb5_set_error_message(context, ret,
296 ret = _krb5_pk_octetstring2key(context,
306 krb5_free_keyblock_contents(context, &key);
312 integer_to_BN(krb5_context context, const char *field, heim_integer *f)
318 krb5_set_error_message(context, KRB5_BADMSGTYPE,
327 get_dh_param(krb5_context context,
341 krb5_set_error_message(context, ret,
348 krb5_set_error_message(context, KRB5_BADMSGTYPE,
359 krb5_set_error_message(context, ret, "Can't decode algorithm "
364 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
375 krb5_set_error_message(context, ret, "Cannot create DH structure");
379 p = integer_to_BN(context, "DH prime", &dhparam.p);
380 g = integer_to_BN(context, "DH base", &dhparam.g);
381 q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
404 krb5_clear_error_message(context);
408 client_params->u.dh.public_key = integer_to_BN(context,
432 get_ecdh_param(krb5_context context,
445 krb5_set_error_message(context, KRB5_BADMSGTYPE,
478 krb5_set_error_message(context, ret,
495 _kdc_pk_rd_padata(krb5_context context,
515 kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
516 krb5_clear_error_message(context);
522 krb5_clear_error_message(context);
527 ret = hx509_certs_init(context->hx509ctx,
531 krb5_set_error_message(context, ret, "failed to create trust anchors");
535 ret = hx509_certs_merge(context->hx509ctx, trust_anchors,
539 krb5_set_error_message(context, ret, "failed to create verify context");
550 ret = hx509_cert_init_data(context->hx509ctx,
556 hx509_certs_add(context->hx509ctx, trust_anchors, cert);
561 ret = hx509_verify_init_ctx(context->hx509ctx, &cp->verify_ctx);
564 krb5_set_error_message(context, ret, "failed to create verify context");
582 krb5_set_error_message(context, ret,
592 krb5_set_error_message(context, ret, "Can't decode "
603 krb5_set_error_message(context, ret,
618 krb5_set_error_message(context, ret,
628 ret = hx509_certs_init(context->hx509ctx,
633 krb5_set_error_message(context, ret,
655 ret = hx509_query_alloc(context->hx509ctx, &q);
657 krb5_set_error_message(context, ret,
667 hx509_query_free(context->hx509ctx, q);
673 hx509_query_free(context->hx509ctx, q);
677 ret = hx509_certs_find(context->hx509ctx,
681 hx509_query_free(context->hx509ctx, q);
684 hx509_certs_add(context->hx509ctx,
696 krb5_set_error_message(context, ret,
702 krb5_clear_error_message(context);
710 krb5_set_error_message(context, ret,
717 krb5_set_error_message(context, ret,
729 ret = hx509_cms_verify_signed(context->hx509ctx,
740 char *s = hx509_get_error_string(context->hx509ctx, ret);
741 krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
748 ret = hx509_get_one_cert(context->hx509ctx, signer_certs,
761 krb5_set_error_message(context, ret, "got wrong oid for pkauthdata");
773 krb5_set_error_message(context, ret,
778 ret = pk_check_pkauthenticator_win2k(context,
791 krb5_set_error_message(context, ret,
805 krb5_set_error_message(context, ret,
815 krb5_set_error_message(context, ret,
820 ret = pk_check_pkauthenticator(context,
834 ret = get_dh_param(context, config,
839 ret = get_ecdh_param(context, config,
844 krb5_set_error_message(context, ret, "PKINIT unknown DH mechanism");
853 ret = hx509_peer_info_alloc(context->hx509ctx,
861 ret = hx509_peer_info_set_cms_algs(context->hx509ctx,
871 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
873 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
875 hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
880 krb5_abortx(context, "internal pkinit error");
882 kdc_log(context, config, 0, "PK-INIT request of type %s", type);
886 krb5_warn(context, ret, "PKINIT");
894 _kdc_pk_free_client_param(context, cp);
905 BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer)
910 krb5_clear_error_message(context);
919 pk_mk_pa_reply_enckey(krb5_context context,
963 krb5_abortx(context, "internal pkinit error");
972 krb5_clear_error_message(context);
988 krb5_clear_error_message(context);
992 ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
994 krb5_clear_error_message(context);
998 ret = krb5_create_checksum(context, ascrypto, 6, 0,
1002 krb5_clear_error_message(context);
1006 ret = krb5_crypto_destroy(context, ascrypto);
1008 krb5_clear_error_message(context);
1015 krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
1020 krb5_abortx(context, "Internal ASN.1 encoder error");
1026 ret = hx509_query_alloc(context->hx509ctx, &q);
1034 ret = hx509_certs_find(context->hx509ctx,
1038 hx509_query_free(context->hx509ctx, q);
1042 ret = hx509_cms_create_signed_1(context->hx509ctx,
1070 ret = hx509_cms_envelope_1(context->hx509ctx,
1079 ret = _krb5_pk_mk_ContentInfo(context,
1099 pk_mk_pa_reply_dh(krb5_context context,
1126 ret = BN_to_integer(context, pub_key, &i);
1133 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1138 krb5_abortx(context, "Internal ASN.1 encoder error");
1164 krb5_abortx(context, "no keyex selected ?");
1172 krb5_set_error_message(context, ret, "ASN.1 encoding of "
1177 krb5_abortx(context, "Internal ASN.1 encoder error");
1184 ret = hx509_query_alloc(context->hx509ctx, &q);
1192 ret = hx509_certs_find(context->hx509ctx,
1196 hx509_query_free(context->hx509ctx, q);
1200 ret = hx509_cms_create_signed_1(context->hx509ctx,
1212 kdc_log(context, config, 0, "Failed signing the DH* reply: %d", ret);
1217 ret = _krb5_pk_mk_ContentInfo(context,
1242 _kdc_pk_mk_pa_reply(krb5_context context,
1262 krb5_clear_error_message(context);
1268 if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
1272 krb5_set_error_message(context, ret,
1295 ret = krb5_generate_random_keyblock(context, enctype,
1301 ret = pk_mk_pa_reply_enckey(context,
1318 krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
1324 krb5_abortx(context, "Internal ASN.1 encoder error");
1326 ret = krb5_generate_random_keyblock(context, sessionetype,
1341 default: krb5_abortx(context, "unknown keyex"); break;
1349 ret = generate_dh_keyblock(context, cp, enctype);
1353 ret = pk_mk_pa_reply_dh(context, config,
1359 krb5_set_error_message(context, ret,
1370 krb5_set_error_message(context, ret,
1377 krb5_abortx(context, "Internal ASN.1 encoder error");
1380 ret = krb5_generate_random_keyblock(context, sessionetype,
1409 krb5_set_error_message(context, ret,
1414 krb5_abortx(context, "Internal ASN.1 encoder error");
1416 kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
1424 krb5_set_error_message(context, ret,
1434 ret = krb5_generate_random_keyblock(context, enctype,
1440 ret = pk_mk_pa_reply_enckey(context,
1457 krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
1463 krb5_abortx(context, "Internal ASN.1 encoder error");
1468 krb5_set_error_message(context, ret,
1473 krb5_abortx(context, "Internal ASN.1 encoder error");
1475 ret = krb5_generate_random_keyblock(context, sessionetype,
1483 krb5_abortx(context, "PK-INIT internal error");
1486 ret = krb5_padata_add(context, md, pa_type, buf, len);
1488 krb5_set_error_message(context, ret,
1507 kdc_log(context, config, 0,
1515 kdc_log(context, config, 0,
1523 kdc_log(context, config, 0,
1531 kdc_log(context, config, 0,
1536 ret = hx509_ocsp_verify(context->hx509ctx,
1543 kdc_log(context, config, 0,
1559 ret = krb5_padata_add(context, md,
1563 krb5_set_error_message(context, ret,
1580 match_rfc_san(krb5_context context,
1608 const char *msg = krb5_get_error_message(context, ret);
1609 kdc_log(context, config, 0,
1611 krb5_free_error_message(context, msg);
1615 kdc_log(context, config, 0,
1623 if (krb5_principal_compare(context, &principal, match) == TRUE)
1640 match_ms_upn_san(krb5_context context,
1663 kdc_log(context, config, 0,
1670 kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
1675 kdc_log(context, config, 0, "Trailing data in ");
1680 kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
1682 ret = krb5_parse_name(context, upn, &principal);
1685 kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
1690 ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal);
1698 if (krb5_principal_compare(context, principal, client->entry.principal) == FALSE)
1704 krb5_free_principal(context, principal);
1711 _kdc_pk_check_client(krb5_context context,
1732 ret = hx509_cert_get_base_subject(context->hx509ctx,
1743 kdc_log(context, config, 0,
1753 ret = hx509_cert_init_data(context->hx509ctx,
1762 kdc_log(context, config, 5,
1771 ret = match_rfc_san(context, config,
1772 context->hx509ctx,
1776 kdc_log(context, config, 5,
1780 ret = match_ms_upn_san(context, config,
1781 context->hx509ctx,
1786 kdc_log(context, config, 5,
1808 kdc_log(context, config, 5,
1817 b = krb5_principal_compare(context,
1824 kdc_log(context, config, 5,
1830 krb5_set_error_message(context, ret,
1834 kdc_log(context, config, 5,
1845 add_principal_mapping(krb5_context context,
1859 ret = krb5_parse_name(context, principal_name, &principal);
1867 krb5_free_principal(context, principal);
1876 _kdc_add_inital_verified_cas(krb5_context context,
1895 krb5_abortx(context, "internal asn.1 encoder error");
1897 ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
1909 load_mappings(krb5_context context, const char *fn)
1933 krb5_warnx(context, "pkinit mapping file line %lu "
1940 ret = add_principal_mapping(context, p, subject_name);
1942 krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
1956 krb5_kdc_pk_initialize(krb5_context context,
1967 file = krb5_config_get_string(context, NULL,
1970 ret = _krb5_parse_moduli(context, file, &moduli);
1972 krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
1977 ret = _krb5_pk_load_id(context,
1987 krb5_warn(context, ret, "PKINIT: ");
1996 ret = hx509_query_alloc(context->hx509ctx, &q);
1998 krb5_warnx(context, "PKINIT: out of memory");
2006 ret = hx509_certs_find(context->hx509ctx,
2010 hx509_query_free(context->hx509ctx, q);
2012 if (hx509_cert_check_eku(context->hx509ctx, cert,
2019 krb5_warnx(context, "WARNING Found KDC certificate (%s)"
2028 krb5_warnx(context, "PKINIT: failed to find a signing "
2032 if (krb5_config_get_bool_default(context,
2040 file = krb5_config_get_string(context,
2046 asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
2050 load_mappings(context, file);