1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* kdc/cammac.c - Functions for wrapping and unwrapping CAMMACs */
4 * Copyright (C) 2015 by the Massachusetts Institute of Technology.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * * Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30 * OF THE POSSIBILITY OF SUCH DAMAGE.
36 /* Encode enc_tkt with contents as the authdata field, for use in KDC
37 * verifier checksums. */
38 static krb5_error_code
39 encode_kdcver_encpart(krb5_enc_tkt_part *enc_tkt, krb5_authdata **contents,
42 krb5_enc_tkt_part ck_enctkt;
45 ck_enctkt.authorization_data = contents;
46 return encode_krb5_enc_tkt_part(&ck_enctkt, der_out);
50 * Create a CAMMAC for contents, using enc_tkt and the first key from krbtgt
51 * for the KDC verifier. Set *cammac_out to a single-element authdata list
52 * containing the CAMMAC inside an IF-RELEVANT container.
55 cammac_create(krb5_context context, krb5_enc_tkt_part *enc_tkt,
56 krb5_keyblock *server_key, krb5_db_entry *krbtgt,
57 krb5_authdata **contents, krb5_authdata ***cammac_out)
60 krb5_data *der_authdata = NULL, *der_enctkt = NULL, *der_cammac = NULL;
61 krb5_authdata ad, *list[2];
63 krb5_verifier_mac kdc_verifier, svc_verifier;
66 krb5_checksum kdc_cksum, svc_cksum;
69 memset(&tgtkey, 0, sizeof(tgtkey));
70 memset(&kdc_cksum, 0, sizeof(kdc_cksum));
71 memset(&svc_cksum, 0, sizeof(svc_cksum));
73 /* Fetch the first krbtgt key for the KDC verifier. */
74 ret = krb5_dbe_find_enctype(context, krbtgt, -1, -1, 0, &kd);
77 ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL);
81 /* Checksum the reply with contents as authdata for the KDC verifier. */
82 ret = encode_kdcver_encpart(enc_tkt, contents, &der_enctkt);
85 ret = krb5_c_make_checksum(context, 0, &tgtkey, KRB5_KEYUSAGE_CAMMAC,
86 der_enctkt, &kdc_cksum);
89 kdc_verifier.princ = NULL;
90 kdc_verifier.kvno = kd->key_data_kvno;
91 kdc_verifier.enctype = ENCTYPE_NULL;
92 kdc_verifier.checksum = kdc_cksum;
94 /* Encode the authdata and checksum it for the service verifier. */
95 ret = encode_krb5_authdata(contents, &der_authdata);
98 ret = krb5_c_make_checksum(context, 0, server_key, KRB5_KEYUSAGE_CAMMAC,
99 der_authdata, &svc_cksum);
102 svc_verifier.princ = NULL;
103 svc_verifier.kvno = 0;
104 svc_verifier.enctype = ENCTYPE_NULL;
105 svc_verifier.checksum = svc_cksum;
107 cammac.elements = contents;
108 cammac.kdc_verifier = &kdc_verifier;
109 cammac.svc_verifier = &svc_verifier;
110 cammac.other_verifiers = NULL;
112 ret = encode_krb5_cammac(&cammac, &der_cammac);
116 /* Wrap the encoded CAMMAC in an IF-RELEVANT container and return it as a
117 * single-element authdata list. */
118 ad.ad_type = KRB5_AUTHDATA_CAMMAC;
119 ad.length = der_cammac->length;
120 ad.contents = (uint8_t *)der_cammac->data;
123 ret = krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT,
127 krb5_free_data(context, der_enctkt);
128 krb5_free_data(context, der_authdata);
129 krb5_free_data(context, der_cammac);
130 krb5_free_keyblock_contents(context, &tgtkey);
131 krb5_free_checksum_contents(context, &kdc_cksum);
132 krb5_free_checksum_contents(context, &svc_cksum);
136 /* Return true if cammac's KDC verifier is valid for enc_tkt, using krbtgt to
137 * retrieve the TGT key indicated by the verifier. */
139 cammac_check_kdcver(krb5_context context, krb5_cammac *cammac,
140 krb5_enc_tkt_part *enc_tkt, krb5_db_entry *krbtgt)
142 krb5_verifier_mac *ver = cammac->kdc_verifier;
144 krb5_keyblock tgtkey;
145 krb5_boolean valid = FALSE;
146 krb5_data *der_enctkt = NULL;
148 memset(&tgtkey, 0, sizeof(tgtkey));
153 /* Fetch the krbtgt key indicated by the KDC verifier. Only allow the
154 * first krbtgt key of the specified kvno. */
155 if (krb5_dbe_find_enctype(context, krbtgt, -1, -1, ver->kvno, &kd) != 0)
157 if (krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL) != 0)
159 if (ver->enctype != ENCTYPE_NULL && tgtkey.enctype != ver->enctype)
162 /* Verify the checksum over the DER-encoded enc_tkt with the CAMMAC
163 * elements as authdata. */
164 if (encode_kdcver_encpart(enc_tkt, cammac->elements, &der_enctkt) != 0)
166 (void)krb5_c_verify_checksum(context, &tgtkey, KRB5_KEYUSAGE_CAMMAC,
167 der_enctkt, &ver->checksum, &valid);
170 krb5_free_keyblock_contents(context, &tgtkey);
171 krb5_free_data(context, der_enctkt);