1/* $NetBSD: pkinit-ec.c,v 1.3 2023/06/19 21:41:44 christos Exp $ */ 2 3/* 4 * Copyright (c) 2016 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Portions Copyright (c) 2009 Apple Inc. All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 21 * 3. Neither the name of the Institute nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38#include <config.h> 39#include <krb5/roken.h> 40 41#ifdef PKINIT 42 43/* 44 * As with the other *-ec.c files in Heimdal, this is a bit of a hack. 45 * 46 * The idea is to use OpenSSL for EC because hcrypto doesn't have the 47 * required functionality at this time. To do this we segregate 48 * EC-using code into separate source files and then we arrange for them 49 * to get the OpenSSL headers and not the conflicting hcrypto ones. 50 * 51 * Because of auto-generated *-private.h headers, we end up needing to 52 * make sure various types are defined before we include them, thus the 53 * strange header include order here. 54 */ 55 56#ifdef HAVE_HCRYPTO_W_OPENSSL 57#include <openssl/ec.h> 58#include <openssl/ecdh.h> 59#include <openssl/evp.h> 60#include <openssl/bn.h> 61#define HEIM_NO_CRYPTO_HDRS 62#else 63#include <hcrypto/des.h> 64#endif 65 66/* 67 * NO_HCRYPTO_POLLUTION -> don't refer to hcrypto type/function names 68 * that we don't need in this file and which would clash with OpenSSL's 69 * in ways that are difficult to address in cleaner ways. 70 * 71 * In the medium- to long-term what we should do is move all PK in 72 * Heimdal to the newer EVP interfaces for PK and then nothing outside 73 * lib/hcrypto should ever have to include OpenSSL headers, and -more 74 * specifically- the only thing that should ever have to include OpenSSL 75 * headers is the OpenSSL backend to hcrypto. 76 */ 77#define NO_HCRYPTO_POLLUTION 78 79#include "krb5_locl.h" 80#include <krb5/cms_asn1.h> 81#include <krb5/pkcs8_asn1.h> 82#include <krb5/pkcs9_asn1.h> 83#include <krb5/pkcs12_asn1.h> 84#include <krb5/pkinit_asn1.h> 85#include <krb5/asn1_err.h> 86 87#include <krb5/der.h> 88 89krb5_error_code 90_krb5_build_authpack_subjectPK_EC(krb5_context context, 91 krb5_pk_init_ctx ctx, 92 AuthPack *a) 93{ 94#ifdef HAVE_HCRYPTO_W_OPENSSL 95 krb5_error_code ret; 96 ECParameters ecp; 97 unsigned char *p; 98 size_t size; 99 int xlen; 100 101 /* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */ 102 103 ecp.element = choice_ECParameters_namedCurve; 104 ret = der_copy_oid(&asn1_oid_id_ec_group_secp256r1, 105 &ecp.u.namedCurve); 106 if (ret) 107 return ret; 108 109 ALLOC(a->clientPublicValue->algorithm.parameters, 1); 110 if (a->clientPublicValue->algorithm.parameters == NULL) { 111 free_ECParameters(&ecp); 112 return krb5_enomem(context); 113 } 114 ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret); 115 free_ECParameters(&ecp); 116 if (ret) 117 return ret; 118 if ((int)size != xlen) 119 krb5_abortx(context, "asn1 internal error"); 120 121 a->clientPublicValue->algorithm.parameters->data = p; 122 a->clientPublicValue->algorithm.parameters->length = size; 123 124 /* copy in public key */ 125 126 ret = der_copy_oid(&asn1_oid_id_ecPublicKey, 127 &a->clientPublicValue->algorithm.algorithm); 128 if (ret) 129 return ret; 130 131 ctx->u.eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 132 if (ctx->u.eckey == NULL) 133 return krb5_enomem(context); 134 135 ret = EC_KEY_generate_key(ctx->u.eckey); 136 if (ret != 1) 137 return EINVAL; 138 139 xlen = i2o_ECPublicKey(ctx->u.eckey, NULL); 140 if (xlen <= 0) 141 return EINVAL; 142 143 p = malloc(xlen); 144 if (p == NULL) 145 return krb5_enomem(context); 146 147 a->clientPublicValue->subjectPublicKey.data = p; 148 149 xlen = i2o_ECPublicKey(ctx->u.eckey, &p); 150 if (xlen <= 0) { 151 a->clientPublicValue->subjectPublicKey.data = NULL; 152 free(p); 153 return EINVAL; 154 } 155 156 a->clientPublicValue->subjectPublicKey.length = xlen * 8; 157 158 return 0; 159 160 /* XXX verify that this is right with RFC3279 */ 161#else 162 krb5_set_error_message(context, ENOTSUP, 163 N_("PKINIT: ECDH not supported", "")); 164 return ENOTSUP; 165#endif 166} 167 168krb5_error_code 169_krb5_pk_rd_pa_reply_ecdh_compute_key(krb5_context context, 170 krb5_pk_init_ctx ctx, 171 const unsigned char *in, 172 size_t in_sz, 173 unsigned char **out, 174 int *out_sz) 175{ 176#ifdef HAVE_HCRYPTO_W_OPENSSL 177 krb5_error_code ret = 0; 178 int dh_gen_keylen; 179 180 const EC_GROUP *group; 181 EC_KEY *public = NULL; 182 183 group = EC_KEY_get0_group(ctx->u.eckey); 184 185 public = EC_KEY_new(); 186 if (public == NULL) 187 return krb5_enomem(context); 188 if (EC_KEY_set_group(public, group) != 1) { 189 EC_KEY_free(public); 190 return krb5_enomem(context); 191 } 192 193 if (o2i_ECPublicKey(&public, &in, in_sz) == NULL) { 194 EC_KEY_free(public); 195 ret = KRB5KRB_ERR_GENERIC; 196 krb5_set_error_message(context, ret, 197 N_("PKINIT: Can't parse ECDH public key", "")); 198 return ret; 199 } 200 201 *out_sz = (EC_GROUP_get_degree(group) + 7) / 8; 202 if (*out_sz < 0) 203 return EOVERFLOW; 204 *out = malloc(*out_sz); 205 if (*out == NULL) { 206 EC_KEY_free(public); 207 return krb5_enomem(context); 208 } 209 dh_gen_keylen = ECDH_compute_key(*out, *out_sz, 210 EC_KEY_get0_public_key(public), 211 ctx->u.eckey, NULL); 212 EC_KEY_free(public); 213 if (dh_gen_keylen <= 0) { 214 ret = KRB5KRB_ERR_GENERIC; 215 dh_gen_keylen = 0; 216 krb5_set_error_message(context, ret, 217 N_("PKINIT: Can't compute ECDH public key", "")); 218 free(*out); 219 *out = NULL; 220 *out_sz = 0; 221 } 222 *out_sz = dh_gen_keylen; 223 224 return ret; 225#else 226 krb5_set_error_message(context, ENOTSUP, 227 N_("PKINIT: ECDH not supported", "")); 228 return ENOTSUP; 229#endif 230} 231 232void 233_krb5_pk_eckey_free(void *eckey) 234{ 235#ifdef HAVE_HCRYPTO_W_OPENSSL 236 EC_KEY_free(eckey); 237#endif 238} 239 240#else 241 242static char lib_krb5_pkinit_ec_c = '\0'; 243 244#endif 245