]>
Commit | Line | Data |
---|---|---|
39037602 A |
1 | /* |
2 | * Copyright (c) 2015 Apple Inc. All rights reserved. | |
3 | * | |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ | |
5 | * | |
6 | * This file contains Original Code and/or Modifications of Original Code | |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
14 | * | |
15 | * Please obtain a copy of the License at | |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
25 | * | |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ | |
27 | */ | |
28 | ||
29 | #include <corecrypto/ccdigest.h> | |
30 | #include <corecrypto/cchmac.h> | |
31 | #include <corecrypto/ccsha1.h> | |
32 | #include <corecrypto/ccdes.h> | |
33 | #include <corecrypto/ccaes.h> | |
34 | #include <corecrypto/ccpad.h> | |
35 | ||
36 | /* | |
37 | * GSS-API things from gssapi.h | |
38 | */ | |
39 | /* | |
40 | * Copyright 1993 by OpenVision Technologies, Inc. | |
41 | * | |
42 | * Permission to use, copy, modify, distribute, and sell this software | |
43 | * and its documentation for any purpose is hereby granted without fee, | |
44 | * provided that the above copyright notice appears in all copies and | |
45 | * that both that copyright notice and this permission notice appear in | |
46 | * supporting documentation, and that the name of OpenVision not be used | |
47 | * in advertising or publicity pertaining to distribution of the software | |
48 | * without specific, written prior permission. OpenVision makes no | |
49 | * representations about the suitability of this software for any | |
50 | * purpose. It is provided "as is" without express or implied warranty. | |
51 | * | |
52 | * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, | |
53 | * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO | |
54 | * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR | |
55 | * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF | |
56 | * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR | |
57 | * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR | |
58 | * PERFORMANCE OF THIS SOFTWARE. | |
59 | */ | |
60 | ||
61 | typedef uint32_t OM_uint32; | |
62 | ||
0a7de745 | 63 | #define GSS_S_COMPLETE 0 |
39037602 A |
64 | |
65 | /* | |
66 | * Some "helper" definitions to make the status code macros obvious. | |
67 | * From gssapi.h: | |
68 | */ | |
69 | #define GSS_C_CALLING_ERROR_OFFSET 24 | |
70 | #define GSS_C_ROUTINE_ERROR_OFFSET 16 | |
71 | #define GSS_C_SUPPLEMENTARY_OFFSET 0 | |
72 | #define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul) | |
73 | #define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul) | |
74 | #define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul) | |
75 | ||
76 | /* | |
77 | * The macros that test status codes for error conditions. Note that the | |
78 | * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now | |
79 | * evaluates its argument only once. | |
80 | */ | |
81 | #define GSS_CALLING_ERROR(x) \ | |
82 | ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) | |
83 | #define GSS_ROUTINE_ERROR(x) \ | |
84 | ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) | |
85 | #define GSS_SUPPLEMENTARY_INFO(x) \ | |
86 | ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) | |
87 | #define GSS_ERROR(x) \ | |
88 | ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ | |
0a7de745 | 89 | (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) |
39037602 A |
90 | |
91 | /* | |
92 | * Calling errors: | |
93 | */ | |
94 | #define GSS_S_CALL_INACCESSIBLE_READ \ | |
0a7de745 | 95 | (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET) |
39037602 | 96 | #define GSS_S_CALL_INACCESSIBLE_WRITE \ |
0a7de745 | 97 | (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET) |
39037602 | 98 | #define GSS_S_CALL_BAD_STRUCTURE \ |
0a7de745 | 99 | (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET) |
39037602 A |
100 | |
101 | /* | |
102 | * Routine errors: | |
103 | */ | |
104 | #define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
105 | #define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
106 | #define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
107 | #define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
108 | #define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
109 | #define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
110 | #define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
111 | #define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
112 | #define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
113 | #define GSS_S_DEFECTIVE_CREDENTIAL \ | |
114 | (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
115 | #define GSS_S_CREDENTIALS_EXPIRED \ | |
116 | (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
117 | #define GSS_S_CONTEXT_EXPIRED \ | |
118 | (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
119 | #define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
120 | #define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
121 | #define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
122 | #define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
123 | #define GSS_S_DUPLICATE_ELEMENT \ | |
124 | (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
125 | #define GSS_S_NAME_NOT_MN \ | |
126 | (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET) | |
127 | ||
128 | /* | |
129 | * Supplementary info bits: | |
130 | */ | |
131 | #define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) | |
132 | #define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) | |
133 | #define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) | |
134 | #define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) | |
135 | #define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) | |
136 | ||
137 | #define GSS_C_QOP_DEFAULT 0 | |
138 | ||
139 | /* end of gssapi.h */ | |
140 | ||
141 | /* | |
142 | * The following data structures are genenrated from lucid.x in the gssd project | |
143 | * and must be kept in sync with that project. This is a more memory efficient | |
144 | * representation of the gss_kerb5_lucid_context_v1_t defined in gssapi_krb5.h | |
145 | */ | |
146 | struct lucid_key { | |
147 | uint32_t etype; | |
148 | struct { | |
149 | uint32_t key_len; | |
150 | uint8_t *key_val; | |
151 | } key; | |
152 | }; | |
153 | typedef struct lucid_key lucid_key; | |
154 | ||
155 | struct key_data_1964 { | |
156 | uint32_t sign_alg; | |
157 | uint32_t seal_alg; | |
158 | }; | |
159 | typedef struct key_data_1964 key_data_1964; | |
160 | ||
161 | struct key_data_4121 { | |
162 | uint32_t acceptor_subkey; | |
163 | }; | |
164 | typedef struct key_data_4121 key_data_4121; | |
165 | ||
166 | struct lucid_protocol { | |
167 | uint32_t proto; | |
168 | union { | |
169 | key_data_1964 data_1964; | |
170 | key_data_4121 data_4121; | |
171 | } lucid_protocol_u; | |
172 | }; | |
173 | typedef struct lucid_protocol lucid_protocol; | |
174 | ||
175 | struct lucid_context { | |
176 | uint32_t vers; | |
177 | uint32_t initiate; | |
178 | uint32_t endtime; | |
179 | uint64_t send_seq; | |
180 | uint64_t recv_seq; | |
181 | lucid_protocol key_data; | |
182 | lucid_key ctx_key; | |
183 | }; | |
184 | typedef struct lucid_context lucid_context; | |
185 | ||
186 | /* end of lucid.x generated data structures */ | |
187 | ||
188 | typedef struct lucid_context *lucid_context_t; | |
189 | /* | |
190 | * Mask for determining the returned structure version. | |
191 | * See example below for usage. | |
192 | */ | |
193 | typedef struct lucid_context_version { | |
0a7de745 | 194 | uint32_t version; |
39037602 A |
195 | /* Structure version number */ |
196 | } *lucid_context_version_t; | |
197 | ||
198 | typedef enum etypes { | |
199 | DES3_CBC_SHA1_KD = 16, | |
200 | AES128_CTS_HMAC_SHA1_96 = 17, | |
201 | AES256_CTS_HMAC_SHA1_96 = 18, | |
202 | } etypes; | |
203 | ||
0a7de745 A |
204 | #define KRB5_USAGE_ACCEPTOR_SEAL 22 |
205 | #define KRB5_USAGE_ACCEPTOR_SIGN 23 | |
206 | #define KRB5_USAGE_INITIATOR_SEAL 24 | |
207 | #define KRB5_USAGE_INITIATOR_SIGN 25 | |
39037602 A |
208 | #define KRB5_USAGE_LEN 5 |
209 | ||
210 | #define GSS_SND 0 | |
211 | #define GSS_RCV 1 | |
0a7de745 | 212 | #define GSS_C_QOP_REVERSE 0x80000000 /* Pseudo QOP value to use as input to gss_krb5_unwrap to allow Sender to unwrap */ |
39037602 A |
213 | |
214 | /* | |
215 | * Key schedule is the cbc state for encryption and decryption. | |
216 | * For DES3 we always use the session key from the lucid context, | |
217 | * and in that case Ekey and Ikey will point to the session key. | |
218 | */ | |
219 | struct key_schedule { | |
220 | cccbc_ctx *enc; | |
221 | cccbc_ctx *dec; | |
0a7de745 | 222 | void *ikey[2]; /* Drived integrity key (same length context key); */ |
39037602 A |
223 | }; |
224 | ||
225 | /* | |
226 | * Crypto context that supports AES and DES3 etypes | |
227 | * All supported encryption types use hmac with SHA1 | |
228 | * All are CBC encryption types | |
229 | * des3-cbc-sha1 -- 7 | |
230 | * des3-dbc-sha1-kd -- 16 ??? | |
231 | * aes128-cts-hmac-sha1-96 -- 17 | |
232 | * aes256-cts-hmac-sha1-96 -- 18 | |
233 | */ | |
234 | ||
235 | typedef struct crypto_ctx { | |
236 | uint32_t etype; | |
237 | uint32_t mpad; /* Message padding */ | |
238 | uint32_t flags; | |
239 | lck_mtx_t *lock; | |
240 | lucid_context_t gss_ctx; /* Back pointer to lucid context */ | |
241 | uint32_t keylen; | |
242 | void *key; /* Points to session key from lucid context */ | |
243 | const struct ccdigest_info *di; | |
244 | const struct ccmode_cbc *enc_mode; | |
245 | const struct ccmode_cbc *dec_mode; | |
246 | struct key_schedule ks; | |
247 | uint32_t digest_size; | |
0a7de745 | 248 | void *ckey[2]; /* Derived checksum key. Same as key for DES3 */ |
39037602 A |
249 | } *crypto_ctx_t; |
250 | ||
0a7de745 A |
251 | #define CRYPTO_KS_ALLOCED 0x00001 |
252 | #define CRYPTO_CTS_ENABLE 0x00002 | |
39037602 A |
253 | |
254 | typedef struct gss_ctx_id_desc { | |
255 | lucid_context gss_lucid_ctx; | |
256 | struct crypto_ctx gss_cryptor; | |
257 | } *gss_ctx_id_t; | |
258 | ||
259 | typedef struct gss_buffer_desc_struct { | |
260 | size_t length; | |
261 | void *value; | |
262 | } gss_buffer_desc, *gss_buffer_t; | |
263 | ||
264 | uint32_t | |
0a7de745 A |
265 | gss_release_buffer(uint32_t *, /* minor_status */ |
266 | gss_buffer_t); | |
39037602 A |
267 | |
268 | ||
269 | /* Per message interfaces for kerberos gss mech in the kernel */ | |
270 | ||
271 | typedef uint32_t gss_qop_t; | |
272 | ||
273 | uint32_t | |
0a7de745 A |
274 | gss_krb5_get_mic_mbuf(uint32_t *, /* minor_status */ |
275 | gss_ctx_id_t, /* context_handle */ | |
276 | gss_qop_t, /* qop_req */ | |
277 | mbuf_t, /* message mbuf */ | |
278 | size_t, /* offest */ | |
279 | size_t, /* length */ | |
280 | gss_buffer_t /* message_token */ | |
281 | ); | |
39037602 A |
282 | |
283 | uint32_t | |
0a7de745 A |
284 | gss_krb5_get_mic(uint32_t *, /* minor_status */ |
285 | gss_ctx_id_t, /* context_handle */ | |
286 | gss_qop_t, /* qop_req */ | |
287 | gss_buffer_t, /* message buffer */ | |
288 | gss_buffer_t /* message_token */ | |
289 | ); | |
39037602 A |
290 | |
291 | uint32_t | |
0a7de745 A |
292 | gss_krb5_verify_mic(uint32_t *, /* minor_status */ |
293 | gss_ctx_id_t, /* context_handle */ | |
294 | gss_buffer_t, /* message_buffer */ | |
295 | gss_buffer_t, /* message_token */ | |
296 | gss_qop_t * /* qop_state */ | |
297 | ); | |
39037602 A |
298 | |
299 | uint32_t | |
0a7de745 A |
300 | gss_krb5_verify_mic_mbuf(uint32_t *, /* minor_status */ |
301 | gss_ctx_id_t, /* context_handle */ | |
302 | mbuf_t, /* message_buffer */ | |
303 | size_t, /* offset */ | |
304 | size_t, /* length */ | |
305 | gss_buffer_t, /* message_token */ | |
306 | gss_qop_t * /* qop_state */ | |
307 | ); | |
39037602 A |
308 | |
309 | uint32_t | |
0a7de745 A |
310 | gss_krb5_wrap_mbuf(uint32_t *, /* minor_status */ |
311 | gss_ctx_id_t, /* context_handle */ | |
312 | int, /* conf_req_flag */ | |
313 | gss_qop_t, /* qop_req */ | |
314 | mbuf_t *, /* input/output message_buffer */ | |
315 | size_t, /* offset */ | |
316 | size_t, /* length */ | |
317 | int * /* conf_state */ | |
318 | ); | |
39037602 A |
319 | |
320 | uint32_t | |
0a7de745 A |
321 | gss_krb5_unwrap_mbuf(uint32_t *, /* minor_status */ |
322 | gss_ctx_id_t, /* context_handle */ | |
323 | mbuf_t *, /* input/output message_buffer */ | |
324 | size_t, /* offset */ | |
325 | size_t, /* length */ | |
326 | int *, /* conf_state */ | |
327 | gss_qop_t * /* qop state */ | |
328 | ); | |
39037602 A |
329 | |
330 | void gss_krb5_destroy_context(gss_ctx_id_t); | |
331 | ||
332 | gss_ctx_id_t gss_krb5_make_context(void *, uint32_t); | |
333 | ||
334 | void gss_krb5_mech_init(void); | |
335 | ||
336 | int corecrypto_available(void); | |
337 | ||
338 | errno_t gss_normalize_mbuf(mbuf_t, size_t, size_t *, mbuf_t *, mbuf_t *, int); | |
339 | ||
340 | mbuf_t gss_join_mbuf(mbuf_t, mbuf_t, mbuf_t); | |
341 | ||
342 | typedef struct hmac_ctx_struct { | |
343 | size_t keylen; | |
344 | uint8_t *key; | |
345 | ccdigest_ctx_t di_ctx; | |
346 | } hmac_ctx, hmac_ctx_t[1]; | |
347 | ||
348 | void hmac_init(const struct ccdigest_info *, hmac_ctx_t, size_t, void *); | |
349 | void hmac_update(const struct ccdigest_info *, hmac_ctx_t, size_t, void *); | |
350 | void hmac_final(const struct ccdigest_info *, hmac_ctx_t, uint8_t *); | |
351 | ||
352 | void printmbuf(const char *, mbuf_t, uint32_t, uint32_t); | |
353 | ||
354 | void printgbuf(const char *, gss_buffer_t); |