search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
import less(1)
[unleashed/tickless.git] / usr / src / lib / krb5 / plugins / preauth / pkinit / pkinit_lib.c
blob2fb74594b3b96e0efb75fe671d55643ae7e06df6
1 /*
2 * COPYRIGHT (C) 2006,2007
3 * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
4 * ALL RIGHTS RESERVED
5 *
6 * Permission is granted to use, copy, create derivative works
7 * and redistribute this software and such derivative works
8 * for any purpose, so long as the name of The University of
9 * Michigan is not used in any advertising or publicity
10 * pertaining to the use of distribution of this software
11 * without specific, written prior authorization. If the
12 * above copyright notice or any other identification of the
13 * University of Michigan is included in any copy of any
14 * portion of this software, then the disclaimer below must
15 * also be included.
16 *
17 * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
18 * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
19 * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
20 * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
21 * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
22 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
23 * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
24 * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
25 * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
26 * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
27 * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGES.
29 */
30
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <errno.h>
34 #include <unistd.h>
35 #include <string.h>
36 #include <ctype.h>
37 #include <assert.h>
38
39 #include "pkinit.h"
40
41 #define FAKECERT
42
43 const krb5_octet_data
44 dh_oid = { 0, 7, (unsigned char *)"\x2A\x86\x48\xce\x3e\x02\x01" };
45
46
47 krb5_error_code
48 pkinit_init_req_opts(pkinit_req_opts **reqopts)
49 {
50 krb5_error_code retval = ENOMEM;
51 pkinit_req_opts *opts = NULL;
52
53 *reqopts = NULL;
54 opts = (pkinit_req_opts *) calloc(1, sizeof(pkinit_req_opts));
55 if (opts == NULL)
56 return retval;
57
58 opts->require_eku = 1;
59 opts->accept_secondary_eku = 0;
60 opts->allow_upn = 0;
61 opts->dh_or_rsa = DH_PROTOCOL;
62 opts->require_crl_checking = 0;
63 opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
64 opts->win2k_target = 0;
65 opts->win2k_require_cksum = 0;
66
67 *reqopts = opts;
68
69 return 0;
70 }
71
72 void
73 pkinit_fini_req_opts(pkinit_req_opts *opts)
74 {
75 free(opts);
76 return;
77 }
78
79 krb5_error_code
80 pkinit_init_plg_opts(pkinit_plg_opts **plgopts)
81 {
82 krb5_error_code retval = ENOMEM;
83 pkinit_plg_opts *opts = NULL;
84
85 *plgopts = NULL;
86 opts = (pkinit_plg_opts *) calloc(1, sizeof(pkinit_plg_opts));
87 if (opts == NULL)
88 return retval;
89
90 opts->require_eku = 1;
91 opts->accept_secondary_eku = 0;
92 opts->dh_or_rsa = DH_PROTOCOL;
93 opts->allow_upn = 0;
94 opts->require_crl_checking = 0;
95
96 opts->dh_min_bits = PKINIT_DEFAULT_DH_MIN_BITS;
97
98 *plgopts = opts;
99
100 return 0;
101 }
102
103 void
104 pkinit_fini_plg_opts(pkinit_plg_opts *opts)
105 {
106 free(opts);
107 return;
108 }
109
110 void
111 free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in)
112 {
113 if (*in == NULL) return;
114 free((*in)->signedAuthPack.data);
115 if ((*in)->trustedCertifiers != NULL)
116 free_krb5_external_principal_identifier(&(*in)->trustedCertifiers);
117 free((*in)->kdcPkId.data);
118 free(*in);
119 }
120
121 void
122 free_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in)
123 {
124 if (*in == NULL) return;
125 free((*in)->signedAuthPack.data);
126 free((*in)->kdcCert.data);
127 free((*in)->encryptionCert.data);
128 if ((*in)->trustedCertifiers != NULL)
129 free_krb5_trusted_ca(&(*in)->trustedCertifiers);
130 free(*in);
131 }
132
133 void
134 free_krb5_reply_key_pack(krb5_reply_key_pack **in)
135 {
136 if (*in == NULL) return;
137 free((*in)->replyKey.contents);
138 free((*in)->asChecksum.contents);
139 free(*in);
140 }
141
142 void
143 free_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in)
144 {
145 if (*in == NULL) return;
146 free((*in)->replyKey.contents);
147 free(*in);
148 }
149
150 void
151 free_krb5_auth_pack(krb5_auth_pack **in)
152 {
153 if ((*in) == NULL) return;
154 if ((*in)->clientPublicValue != NULL) {
155 free((*in)->clientPublicValue->algorithm.algorithm.data);
156 free((*in)->clientPublicValue->algorithm.parameters.data);
157 free((*in)->clientPublicValue->subjectPublicKey.data);
158 free((*in)->clientPublicValue);
159 }
160 free((*in)->pkAuthenticator.paChecksum.contents);
161 if ((*in)->supportedCMSTypes != NULL)
162 free_krb5_algorithm_identifiers(&((*in)->supportedCMSTypes));
163 free(*in);
164 }
165
166 void
167 free_krb5_auth_pack_draft9(krb5_context context,
168 krb5_auth_pack_draft9 **in)
169 {
170 if ((*in) == NULL) return;
171 krb5_free_principal(context, (*in)->pkAuthenticator.kdcName);
172 free(*in);
173 }
174
175 void
176 free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in)
177 {
178 if (*in == NULL) return;
179 switch ((*in)->choice) {
180 case choice_pa_pk_as_rep_dhInfo:
181 free((*in)->u.dh_Info.dhSignedData.data);
182 break;
183 case choice_pa_pk_as_rep_encKeyPack:
184 free((*in)->u.encKeyPack.data);
185 break;
186 default:
187 break;
188 }
189 free(*in);
190 }
191
192 void
193 free_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in)
194 {
195 if (*in == NULL) return;
196 free((*in)->u.encKeyPack.data);
197 free(*in);
198 }
199
200 void
201 free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in)
202 {
203 int i = 0;
204 if (*in == NULL) return;
205 while ((*in)[i] != NULL) {
206 free((*in)[i]->subjectName.data);
207 free((*in)[i]->issuerAndSerialNumber.data);
208 free((*in)[i]->subjectKeyIdentifier.data);
209 free((*in)[i]);
210 i++;
211 }
212 free(*in);
213 }
214
215 void
216 free_krb5_trusted_ca(krb5_trusted_ca ***in)
217 {
218 int i = 0;
219 if (*in == NULL) return;
220 while ((*in)[i] != NULL) {
221 switch((*in)[i]->choice) {
222 case choice_trusted_cas_principalName:
223 break;
224 case choice_trusted_cas_caName:
225 free((*in)[i]->u.caName.data);
226 break;
227 case choice_trusted_cas_issuerAndSerial:
228 free((*in)[i]->u.issuerAndSerial.data);
229 break;
230 case choice_trusted_cas_UNKNOWN:
231 break;
232 }
233 free((*in)[i]);
234 i++;
235 }
236 free(*in);
237 }
238
239 void
240 free_krb5_typed_data(krb5_typed_data ***in)
241 {
242 int i = 0;
243 if (*in == NULL) return;
244 while ((*in)[i] != NULL) {
245 free((*in)[i]->data);
246 free((*in)[i]);
247 i++;
248 }
249 free(*in);
250 }
251
252 void
253 free_krb5_algorithm_identifier(krb5_algorithm_identifier *in)
254 {
255 if (in == NULL)
256 return;
257 free(in->algorithm.data);
258 free(in->parameters.data);
259 free(in);
260 }
261
262 void
263 free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in)
264 {
265 int i;
266 if (in == NULL || *in == NULL)
267 return;
268 for (i = 0; (*in)[i] != NULL; i++) {
269 free_krb5_algorithm_identifier((*in)[i]);
270 }
271 free(*in);
272 }
273
274 void
275 free_krb5_subject_pk_info(krb5_subject_pk_info **in)
276 {
277 if ((*in) == NULL) return;
278 free((*in)->algorithm.parameters.data);
279 free((*in)->subjectPublicKey.data);
280 free(*in);
281 }
282
283 void
284 free_krb5_kdc_dh_key_info(krb5_kdc_dh_key_info **in)
285 {
286 if (*in == NULL) return;
287 free((*in)->subjectPublicKey.data);
288 free(*in);
289 }
290
291 void
292 init_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in)
293 {
294 (*in) = malloc(sizeof(krb5_pa_pk_as_req));
295 if ((*in) == NULL) return;
296 (*in)->signedAuthPack.data = NULL;
297 (*in)->signedAuthPack.length = 0;
298 (*in)->trustedCertifiers = NULL;
299 (*in)->kdcPkId.data = NULL;
300 (*in)->kdcPkId.length = 0;
301 }
302
303 void
304 init_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in)
305 {
306 (*in) = malloc(sizeof(krb5_pa_pk_as_req_draft9));
307 if ((*in) == NULL) return;
308 (*in)->signedAuthPack.data = NULL;
309 (*in)->signedAuthPack.length = 0;
310 (*in)->trustedCertifiers = NULL;
311 (*in)->kdcCert.data = NULL;
312 (*in)->kdcCert.length = 0;
313 (*in)->encryptionCert.data = NULL;
314 (*in)->encryptionCert.length = 0;
315 }
316
317 void
318 init_krb5_reply_key_pack(krb5_reply_key_pack **in)
319 {
320 (*in) = malloc(sizeof(krb5_reply_key_pack));
321 if ((*in) == NULL) return;
322 (*in)->replyKey.contents = NULL;
323 (*in)->replyKey.length = 0;
324 (*in)->asChecksum.contents = NULL;
325 (*in)->asChecksum.length = 0;
326 }
327
328 void
329 init_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in)
330 {
331 (*in) = malloc(sizeof(krb5_reply_key_pack_draft9));
332 if ((*in) == NULL) return;
333 (*in)->replyKey.contents = NULL;
334 (*in)->replyKey.length = 0;
335 }
336
337 void
338 init_krb5_auth_pack(krb5_auth_pack **in)
339 {
340 (*in) = malloc(sizeof(krb5_auth_pack));
341 if ((*in) == NULL) return;
342 (*in)->clientPublicValue = NULL;
343 (*in)->supportedCMSTypes = NULL;
344 (*in)->clientDHNonce.length = 0;
345 (*in)->clientDHNonce.data = NULL;
346 (*in)->pkAuthenticator.paChecksum.contents = NULL;
347 }
348
349 void
350 init_krb5_auth_pack_draft9(krb5_auth_pack_draft9 **in)
351 {
352 (*in) = malloc(sizeof(krb5_auth_pack_draft9));
353 if ((*in) == NULL) return;
354 (*in)->clientPublicValue = NULL;
355 }
356
357 void
358 init_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in)
359 {
360 (*in) = malloc(sizeof(krb5_pa_pk_as_rep));
361 if ((*in) == NULL) return;
362 (*in)->u.dh_Info.serverDHNonce.length = 0;
363 (*in)->u.dh_Info.serverDHNonce.data = NULL;
364 (*in)->u.dh_Info.dhSignedData.length = 0;
365 (*in)->u.dh_Info.dhSignedData.data = NULL;
366 (*in)->u.encKeyPack.length = 0;
367 (*in)->u.encKeyPack.data = NULL;
368 }
369
370 void
371 init_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in)
372 {
373 (*in) = malloc(sizeof(krb5_pa_pk_as_rep_draft9));
374 if ((*in) == NULL) return;
375 (*in)->u.dhSignedData.length = 0;
376 (*in)->u.dhSignedData.data = NULL;
377 (*in)->u.encKeyPack.length = 0;
378 (*in)->u.encKeyPack.data = NULL;
379 }
380
381 void
382 init_krb5_typed_data(krb5_typed_data **in)
383 {
384 (*in) = malloc(sizeof(krb5_typed_data));
385 if ((*in) == NULL) return;
386 (*in)->type = 0;
387 (*in)->length = 0;
388 (*in)->data = NULL;
389 }
390
391 void
392 init_krb5_subject_pk_info(krb5_subject_pk_info **in)
393 {
394 (*in) = malloc(sizeof(krb5_subject_pk_info));
395 if ((*in) == NULL) return;
396 (*in)->algorithm.parameters.data = NULL;
397 (*in)->algorithm.parameters.length = 0;
398 (*in)->subjectPublicKey.data = NULL;
399 (*in)->subjectPublicKey.length = 0;
400 }
401
402 krb5_error_code
403 pkinit_copy_krb5_octet_data(krb5_octet_data *dst, const krb5_octet_data *src)
404 {
405 if (dst == NULL || src == NULL)
406 return EINVAL;
407 if (src->data == NULL) {
408 dst->data = NULL;
409 dst->length = 0;
410 return 0;
411 }
412 dst->data = malloc(src->length);
413 if (dst->data == NULL)
414 return ENOMEM;
415 (void) memcpy(dst->data, src->data, src->length);
416 dst->length = src->length;
417 return 0;
418 }
419
420 /* debugging functions */
421 void
422 print_buffer(unsigned char *buf, unsigned int len)
423 {
424 int i = 0;
425 /* Solaris Kerberos: len is unsigned (lint) */
426 if (len == 0)
427 return;
428
429 for (i = 0; i < len; i++)
430 pkiDebug("%02x ", buf[i]);
431 pkiDebug("\n");
432 }
433
434 void
435 print_buffer_bin(unsigned char *buf, unsigned int len, char *filename)
436 {
437 FILE *f = NULL;
438 int i = 0;
439
440 /* Solaris Kerberos: len is unsigned (lint) */
441 if (len == 0 || filename == NULL)
442 return;
443
444 if ((f = fopen(filename, "w")) == NULL)
445 return;
446
447 for (i = 0; i < len; i++)
448 (void) fputc(buf[i], f);
449
450 (void) fclose(f);
451 }
unleashed repo fork