1/*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "krb5_locl.h"
35
36#include <pkinit_asn1.h>
37
38krb5_error_code
39_krb5_pk_octetstring2key(krb5_context context,
40			 krb5_enctype type,
41			 const void *dhdata,
42			 size_t dhsize,
43			 const heim_octet_string *c_n,
44			 const heim_octet_string *k_n,
45			 krb5_keyblock *key)
46{
47    struct _krb5_encryption_type *et = _krb5_find_enctype(type);
48    krb5_error_code ret;
49    size_t keylen, offset;
50    void *keydata;
51    unsigned char counter;
52    unsigned char shaoutput[SHA_DIGEST_LENGTH];
53    EVP_MD_CTX *m;
54
55    if(et == NULL) {
56	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
57			       N_("encryption type %d not supported", ""),
58			       type);
59	return KRB5_PROG_ETYPE_NOSUPP;
60    }
61    keylen = (et->keytype->bits + 7) / 8;
62
63    keydata = malloc(keylen);
64    if (keydata == NULL) {
65	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
66	return ENOMEM;
67    }
68
69    m = EVP_MD_CTX_create();
70    if (m == NULL) {
71	free(keydata);
72	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
73	return ENOMEM;
74    }
75
76    counter = 0;
77    offset = 0;
78    do {
79
80	EVP_DigestInit_ex(m, EVP_sha1(), NULL);
81	EVP_DigestUpdate(m, &counter, 1);
82	EVP_DigestUpdate(m, dhdata, dhsize);
83
84	if (c_n)
85	    EVP_DigestUpdate(m, c_n->data, c_n->length);
86	if (k_n)
87	    EVP_DigestUpdate(m, k_n->data, k_n->length);
88
89	EVP_DigestFinal_ex(m, shaoutput, NULL);
90
91	memcpy((unsigned char *)keydata + offset,
92	       shaoutput,
93	       min(keylen - offset, sizeof(shaoutput)));
94
95	offset += sizeof(shaoutput);
96	counter++;
97    } while(offset < keylen);
98    memset(shaoutput, 0, sizeof(shaoutput));
99
100    EVP_MD_CTX_destroy(m);
101
102    ret = krb5_random_to_key(context, type, keydata, keylen, key);
103    memset(keydata, 0, sizeof(keylen));
104    free(keydata);
105    return ret;
106}
107
108static krb5_error_code
109encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data)
110{
111    KRB5PrincipalName pn;
112    krb5_error_code ret;
113    size_t size = 0;
114
115    pn.principalName = p->name;
116    pn.realm = p->realm;
117
118    ASN1_MALLOC_ENCODE(KRB5PrincipalName, data->data, data->length,
119		       &pn, &size, ret);
120    if (ret) {
121	krb5_data_zero(data);
122	krb5_set_error_message(context, ret,
123			       N_("Failed to encode KRB5PrincipalName", ""));
124	return ret;
125    }
126    if (data->length != size)
127	krb5_abortx(context, "asn1 compiler internal error");
128    return 0;
129}
130
131static krb5_error_code
132encode_otherinfo(krb5_context context,
133		 const AlgorithmIdentifier *ai,
134		 krb5_const_principal client,
135		 krb5_const_principal server,
136		 krb5_enctype enctype,
137		 const krb5_data *as_req,
138		 const krb5_data *pk_as_rep,
139		 const Ticket *ticket,
140		 krb5_data *other)
141{
142    PkinitSP80056AOtherInfo otherinfo;
143    PkinitSuppPubInfo pubinfo;
144    krb5_error_code ret;
145    krb5_data pub;
146    size_t size = 0;
147
148    krb5_data_zero(other);
149    memset(&otherinfo, 0, sizeof(otherinfo));
150    memset(&pubinfo, 0, sizeof(pubinfo));
151
152    pubinfo.enctype = enctype;
153    pubinfo.as_REQ = *as_req;
154    pubinfo.pk_as_rep = *pk_as_rep;
155    pubinfo.ticket = *ticket;
156    ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length,
157		       &pubinfo, &size, ret);
158    if (ret) {
159	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
160	return ret;
161    }
162    if (pub.length != size)
163	krb5_abortx(context, "asn1 compiler internal error");
164
165    ret = encode_uvinfo(context, client, &otherinfo.partyUInfo);
166    if (ret) {
167	free(pub.data);
168	return ret;
169    }
170    ret = encode_uvinfo(context, server, &otherinfo.partyVInfo);
171    if (ret) {
172	free(otherinfo.partyUInfo.data);
173	free(pub.data);
174	return ret;
175    }
176
177    otherinfo.algorithmID = *ai;
178    otherinfo.suppPubInfo = &pub;
179
180    ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length,
181		       &otherinfo, &size, ret);
182    free(otherinfo.partyUInfo.data);
183    free(otherinfo.partyVInfo.data);
184    free(pub.data);
185    if (ret) {
186	krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
187	return ret;
188    }
189    if (other->length != size)
190	krb5_abortx(context, "asn1 compiler internal error");
191
192    return 0;
193}
194
195
196
197krb5_error_code
198_krb5_pk_kdf(krb5_context context,
199	     const struct AlgorithmIdentifier *ai,
200	     const void *dhdata,
201	     size_t dhsize,
202	     krb5_const_principal client,
203	     krb5_const_principal server,
204	     krb5_enctype enctype,
205	     const krb5_data *as_req,
206	     const krb5_data *pk_as_rep,
207	     const Ticket *ticket,
208	     krb5_keyblock *key)
209{
210    struct _krb5_encryption_type *et;
211    krb5_error_code ret;
212    krb5_data other;
213    size_t keylen, offset;
214    uint32_t counter;
215    unsigned char *keydata;
216    unsigned char shaoutput[SHA512_DIGEST_LENGTH];
217    const EVP_MD *md;
218    EVP_MD_CTX *m;
219
220    if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) {
221        md = EVP_sha1();
222    } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) {
223        md = EVP_sha256();
224    } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) {
225        md = EVP_sha512();
226    } else {
227	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
228			       N_("KDF not supported", ""));
229	return KRB5_PROG_ETYPE_NOSUPP;
230    }
231    if (ai->parameters != NULL &&
232	(ai->parameters->length != 2 ||
233	 memcmp(ai->parameters->data, "\x05\x00", 2) != 0))
234	{
235	    krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
236				   N_("kdf params not NULL or the NULL-type",
237				      ""));
238	    return KRB5_PROG_ETYPE_NOSUPP;
239	}
240
241    et = _krb5_find_enctype(enctype);
242    if(et == NULL) {
243	krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
244			       N_("encryption type %d not supported", ""),
245			       enctype);
246	return KRB5_PROG_ETYPE_NOSUPP;
247    }
248    keylen = (et->keytype->bits + 7) / 8;
249
250    keydata = malloc(keylen);
251    if (keydata == NULL) {
252	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
253	return ENOMEM;
254    }
255
256    ret = encode_otherinfo(context, ai, client, server,
257			   enctype, as_req, pk_as_rep, ticket, &other);
258    if (ret) {
259	free(keydata);
260	return ret;
261    }
262
263    m = EVP_MD_CTX_create();
264    if (m == NULL) {
265	free(keydata);
266	free(other.data);
267	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
268	return ENOMEM;
269    }
270
271    offset = 0;
272    counter = 1;
273    do {
274	unsigned char cdata[4];
275
276	EVP_DigestInit_ex(m, md, NULL);
277	_krb5_put_int(cdata, counter, 4);
278	EVP_DigestUpdate(m, cdata, 4);
279	EVP_DigestUpdate(m, dhdata, dhsize);
280	EVP_DigestUpdate(m, other.data, other.length);
281
282	EVP_DigestFinal_ex(m, shaoutput, NULL);
283
284	memcpy((unsigned char *)keydata + offset,
285	       shaoutput,
286	       min(keylen - offset, EVP_MD_CTX_size(m)));
287
288	offset += EVP_MD_CTX_size(m);
289	counter++;
290    } while(offset < keylen);
291    memset(shaoutput, 0, sizeof(shaoutput));
292
293    EVP_MD_CTX_destroy(m);
294    free(other.data);
295
296    ret = krb5_random_to_key(context, enctype, keydata, keylen, key);
297    memset(keydata, 0, sizeof(keylen));
298    free(keydata);
299
300    return ret;
301}
302