bsd/nfs/gss/gss_krb5_mech.h

   1 /*
   2  * Copyright (c) 2015 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. The rights granted to you under the License
  10  * may not be used to create, or enable the creation or redistribution of,
  11  * unlawful or unlicensed copies of an Apple operating system, or to
  12  * circumvent, violate, or enable the circumvention or violation of, any
  13  * terms of an Apple operating system software license agreement.
  14  *
  15  * Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  17  *
  18  * The Original Code and all software distributed under the License are
  19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  23  * Please see the License for the specific language governing rights and
  24  * limitations under the License.
  25  *
  26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  27  */
  28
  29 #include <corecrypto/ccdigest.h>
  30 #include <corecrypto/cchmac.h>
  31 #include <corecrypto/ccsha1.h>
  32 #include <corecrypto/ccdes.h>
  33 #include <corecrypto/ccaes.h>
  34 #include <corecrypto/ccpad.h>
  35
  36 /*
  37  * GSS-API things from gssapi.h
  38  */
  39 /*
  40  * Copyright 1993 by OpenVision Technologies, Inc.
  41  *
  42  * Permission to use, copy, modify, distribute, and sell this software
  43  * and its documentation for any purpose is hereby granted without fee,
  44  * provided that the above copyright notice appears in all copies and
  45  * that both that copyright notice and this permission notice appear in
  46  * supporting documentation, and that the name of OpenVision not be used
  47  * in advertising or publicity pertaining to distribution of the software
  48  * without specific, written prior permission. OpenVision makes no
  49  * representations about the suitability of this software for any
  50  * purpose.  It is provided "as is" without express or implied warranty.
  51  *
  52  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  53  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  54  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  55  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
  56  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
  57  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  58  * PERFORMANCE OF THIS SOFTWARE.
  59  */
  60
  61 typedef uint32_t OM_uint32;
  62
  63 #define GSS_S_COMPLETE                  0
  64
  65 /*
  66  * Some "helper" definitions to make the status code macros obvious.
  67  * From gssapi.h:
  68  */
  69 #define GSS_C_CALLING_ERROR_OFFSET 24
  70 #define GSS_C_ROUTINE_ERROR_OFFSET 16
  71 #define GSS_C_SUPPLEMENTARY_OFFSET 0
  72 #define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul)
  73 #define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul)
  74 #define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul)
  75
  76 /*
  77  * The macros that test status codes for error conditions.  Note that the
  78  * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now
  79  * evaluates its argument only once.
  80  */
  81 #define GSS_CALLING_ERROR(x) \
  82         ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
  83 #define GSS_ROUTINE_ERROR(x) \
  84         ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
  85 #define GSS_SUPPLEMENTARY_INFO(x) \
  86         ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
  87 #define GSS_ERROR(x) \
  88         ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
  89                 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
  90
  91 /*
  92  * Calling errors:
  93  */
  94 #define GSS_S_CALL_INACCESSIBLE_READ \
  95                              (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET)
  96 #define GSS_S_CALL_INACCESSIBLE_WRITE \
  97                              (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET)
  98 #define GSS_S_CALL_BAD_STRUCTURE \
  99                              (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET)
 100
 101 /*
 102  * Routine errors:
 103  */
 104 #define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 105 #define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 106 #define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 107 #define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 108 #define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 109 #define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 110 #define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 111 #define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 112 #define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 113 #define GSS_S_DEFECTIVE_CREDENTIAL \
 114      (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 115 #define GSS_S_CREDENTIALS_EXPIRED \
 116      (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 117 #define GSS_S_CONTEXT_EXPIRED \
 118      (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 119 #define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 120 #define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 121 #define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 122 #define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 123 #define GSS_S_DUPLICATE_ELEMENT \
 124      (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 125 #define GSS_S_NAME_NOT_MN \
 126      (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET)
 127
 128 /*
 129  * Supplementary info bits:
 130  */
 131 #define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
 132 #define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
 133 #define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
 134 #define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
 135 #define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
 136
 137 #define GSS_C_QOP_DEFAULT 0
 138
 139 /* end of gssapi.h */
 140
 141 /*
 142  * The following data structures are genenrated from lucid.x in the gssd project
 143  * and must be kept in sync with that project. This is a more memory efficient
 144  * representation of the gss_kerb5_lucid_context_v1_t defined in gssapi_krb5.h
 145  */
 146 struct lucid_key {
 147         uint32_t etype;
 148         struct {
 149                 uint32_t key_len;
 150                 uint8_t *key_val;
 151         } key;
 152 };
 153 typedef struct lucid_key lucid_key;
 154
 155 struct key_data_1964 {
 156         uint32_t sign_alg;
 157         uint32_t seal_alg;
 158 };
 159 typedef struct key_data_1964 key_data_1964;
 160
 161 struct key_data_4121 {
 162         uint32_t acceptor_subkey;
 163 };
 164 typedef struct key_data_4121 key_data_4121;
 165
 166 struct lucid_protocol {
 167         uint32_t proto;
 168         union {
 169                 key_data_1964 data_1964;
 170                 key_data_4121 data_4121;
 171         } lucid_protocol_u;
 172 };
 173 typedef struct lucid_protocol lucid_protocol;
 174
 175 struct lucid_context {
 176         uint32_t vers;
 177         uint32_t initiate;
 178         uint32_t endtime;
 179         uint64_t send_seq;
 180         uint64_t recv_seq;
 181         lucid_protocol key_data;
 182         lucid_key ctx_key;
 183 };
 184 typedef struct lucid_context lucid_context;
 185
 186 /* end of lucid.x generated data structures */
 187
 188 typedef struct lucid_context *lucid_context_t;
 189 /*
 190  * Mask for determining the returned structure version.
 191  * See example below for usage.
 192  */
 193 typedef struct lucid_context_version {
 194         uint32_t        version;
 195         /* Structure version number */
 196 } *lucid_context_version_t;
 197
 198 typedef enum etypes {
 199         DES3_CBC_SHA1_KD = 16,
 200         AES128_CTS_HMAC_SHA1_96 = 17,
 201         AES256_CTS_HMAC_SHA1_96 = 18,
 202 } etypes;
 203
 204 #define KRB5_USAGE_ACCEPTOR_SEAL        22
 205 #define KRB5_USAGE_ACCEPTOR_SIGN        23
 206 #define KRB5_USAGE_INITIATOR_SEAL       24
 207 #define KRB5_USAGE_INITIATOR_SIGN       25
 208 #define KRB5_USAGE_LEN 5
 209
 210 #define GSS_SND 0
 211 #define GSS_RCV 1
 212 #define GSS_C_QOP_REVERSE 0x80000000    /* Pseudo QOP value to use as input to gss_krb5_unwrap to allow Sender to unwrap */
 213
 214 /*
 215  * Key schedule is the cbc state for encryption and decryption.
 216  * For DES3 we always use the session key from the lucid context,
 217  * and in that case Ekey and Ikey will point to the session key.
 218  */
 219 struct key_schedule {
 220         cccbc_ctx *enc;
 221         cccbc_ctx *dec;
 222         void *ikey[2];          /* Drived integrity key (same length context key); */
 223 };
 224
 225 /*
 226  * Crypto context that supports AES and DES3 etypes
 227  * All supported encryption types use hmac with SHA1
 228  * All are CBC encryption types
 229  * des3-cbc-sha1            --  7
 230  * des3-dbc-sha1-kd         -- 16 ???
 231  * aes128-cts-hmac-sha1-96  -- 17
 232  * aes256-cts-hmac-sha1-96  -- 18
 233  */
 234
 235 typedef struct crypto_ctx {
 236         uint32_t etype;
 237         uint32_t mpad;           /* Message padding */
 238         uint32_t flags;
 239         lck_mtx_t *lock;
 240         lucid_context_t gss_ctx;  /* Back pointer to lucid context */
 241         uint32_t keylen;
 242         void *key;   /* Points to session key from lucid context */
 243         const struct ccdigest_info *di;
 244         const struct ccmode_cbc *enc_mode;
 245         const struct ccmode_cbc *dec_mode;
 246         struct key_schedule ks;
 247         uint32_t digest_size;
 248         void *ckey[2];  /* Derived checksum key. Same as key for DES3 */
 249 } *crypto_ctx_t;
 250
 251 #define CRYPTO_KS_ALLOCED       0x00001
 252 #define CRYPTO_CTS_ENABLE       0x00002
 253
 254 typedef struct gss_ctx_id_desc {
 255         lucid_context  gss_lucid_ctx;
 256         struct crypto_ctx  gss_cryptor;
 257 } *gss_ctx_id_t;
 258
 259 typedef struct gss_buffer_desc_struct {
 260         size_t length;
 261         void *value;
 262 } gss_buffer_desc, *gss_buffer_t;
 263
 264 uint32_t
 265 gss_release_buffer(uint32_t *,        /* minor_status */
 266                    gss_buffer_t);
 267
 268
 269 /* Per message interfaces for kerberos gss mech in the kernel */
 270
 271 typedef uint32_t gss_qop_t;
 272
 273 uint32_t
 274 gss_krb5_get_mic_mbuf(uint32_t *,       /* minor_status */
 275                       gss_ctx_id_t,     /* context_handle */
 276                       gss_qop_t,        /* qop_req */
 277                       mbuf_t,           /* message mbuf */
 278                       size_t,           /* offest */
 279                       size_t,           /* length */
 280                       gss_buffer_t      /* message_token */
 281         );
 282
 283 uint32_t
 284 gss_krb5_get_mic(uint32_t *,    /* minor_status */
 285                  gss_ctx_id_t,  /* context_handle */
 286                  gss_qop_t,     /* qop_req */
 287                  gss_buffer_t,  /* message buffer */
 288                  gss_buffer_t   /* message_token */
 289         );
 290
 291 uint32_t
 292 gss_krb5_verify_mic(uint32_t *,         /* minor_status */
 293                     gss_ctx_id_t,       /* context_handle */
 294                     gss_buffer_t,       /* message_buffer */
 295                     gss_buffer_t,       /* message_token */
 296                     gss_qop_t *         /* qop_state */
 297         );
 298
 299 uint32_t
 300 gss_krb5_verify_mic_mbuf(uint32_t *,            /* minor_status */
 301                          gss_ctx_id_t,          /* context_handle */
 302                          mbuf_t,                /* message_buffer */
 303                          size_t,                /* offset */
 304                          size_t,                /* length */
 305                          gss_buffer_t,          /* message_token */
 306                          gss_qop_t *            /* qop_state */
 307         );
 308
 309 uint32_t
 310 gss_krb5_wrap_mbuf(uint32_t *,          /* minor_status */
 311                    gss_ctx_id_t,        /* context_handle */
 312                    int,                 /* conf_req_flag */
 313                    gss_qop_t,           /* qop_req */
 314                    mbuf_t *,            /* input/output message_buffer */
 315                    size_t,              /* offset */
 316                    size_t,              /* length */
 317                    int *                /* conf_state */
 318         );
 319
 320 uint32_t
 321 gss_krb5_unwrap_mbuf(uint32_t *,        /* minor_status */
 322                      gss_ctx_id_t,      /* context_handle */
 323                      mbuf_t *,          /* input/output message_buffer */
 324                      size_t,            /* offset */
 325                      size_t,            /* length */
 326                      int *,             /* conf_state */
 327                      gss_qop_t *        /* qop state */
 328         );
 329
 330 void gss_krb5_destroy_context(gss_ctx_id_t);
 331
 332 gss_ctx_id_t gss_krb5_make_context(void *, uint32_t);
 333
 334 void gss_krb5_mech_init(void);
 335
 336 int corecrypto_available(void);
 337
 338 errno_t gss_normalize_mbuf(mbuf_t, size_t, size_t *, mbuf_t *, mbuf_t *, int);
 339
 340 mbuf_t gss_join_mbuf(mbuf_t, mbuf_t, mbuf_t);
 341
 342 typedef struct hmac_ctx_struct {
 343         size_t keylen;
 344         uint8_t *key;
 345         ccdigest_ctx_t di_ctx;
 346 } hmac_ctx, hmac_ctx_t[1];
 347
 348 void hmac_init(const struct ccdigest_info *, hmac_ctx_t, size_t, void *);
 349 void hmac_update(const struct ccdigest_info *, hmac_ctx_t, size_t, void *);
 350 void hmac_final(const struct ccdigest_info *, hmac_ctx_t, uint8_t *);
 351
 352 void printmbuf(const char *, mbuf_t, uint32_t, uint32_t);
 353
 354 void printgbuf(const char *, gss_buffer_t);