1 /* 2 * Copyright (c) 2015 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29 #include <corecrypto/ccdigest.h> 30 #include <corecrypto/cchmac.h> 31 #include <corecrypto/ccsha1.h> 32 #include <corecrypto/ccdes.h> 33 #include <corecrypto/ccaes.h> 34 #include <corecrypto/ccpad.h> 35 36 /* 37 * GSS-API things from gssapi.h 38 */ 39 /* 40 * Copyright 1993 by OpenVision Technologies, Inc. 41 * 42 * Permission to use, copy, modify, distribute, and sell this software 43 * and its documentation for any purpose is hereby granted without fee, 44 * provided that the above copyright notice appears in all copies and 45 * that both that copyright notice and this permission notice appear in 46 * supporting documentation, and that the name of OpenVision not be used 47 * in advertising or publicity pertaining to distribution of the software 48 * without specific, written prior permission. OpenVision makes no 49 * representations about the suitability of this software for any 50 * purpose. It is provided "as is" without express or implied warranty. 51 * 52 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 53 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 54 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 55 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 56 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 57 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 58 * PERFORMANCE OF THIS SOFTWARE. 59 */ 60 61 typedef uint32_t OM_uint32; 62 63 #define GSS_S_COMPLETE 0 64 65 /* 66 * Some "helper" definitions to make the status code macros obvious. 67 * From gssapi.h: 68 */ 69 #define GSS_C_CALLING_ERROR_OFFSET 24 70 #define GSS_C_ROUTINE_ERROR_OFFSET 16 71 #define GSS_C_SUPPLEMENTARY_OFFSET 0 72 #define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul) 73 #define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul) 74 #define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul) 75 76 /* 77 * The macros that test status codes for error conditions. Note that the 78 * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now 79 * evaluates its argument only once. 80 */ 81 #define GSS_CALLING_ERROR(x) \ 82 ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) 83 #define GSS_ROUTINE_ERROR(x) \ 84 ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) 85 #define GSS_SUPPLEMENTARY_INFO(x) \ 86 ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) 87 #define GSS_ERROR(x) \ 88 ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ 89 (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) 90 91 /* 92 * Calling errors: 93 */ 94 #define GSS_S_CALL_INACCESSIBLE_READ \ 95 (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET) 96 #define GSS_S_CALL_INACCESSIBLE_WRITE \ 97 (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET) 98 #define GSS_S_CALL_BAD_STRUCTURE \ 99 (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET) 100 101 /* 102 * Routine errors: 103 */ 104 #define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET) 105 #define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET) 106 #define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET) 107 #define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET) 108 #define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET) 109 #define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET) 110 #define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET) 111 #define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET) 112 #define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET) 113 #define GSS_S_DEFECTIVE_CREDENTIAL \ 114 (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET) 115 #define GSS_S_CREDENTIALS_EXPIRED \ 116 (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET) 117 #define GSS_S_CONTEXT_EXPIRED \ 118 (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET) 119 #define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET) 120 #define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET) 121 #define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET) 122 #define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET) 123 #define GSS_S_DUPLICATE_ELEMENT \ 124 (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET) 125 #define GSS_S_NAME_NOT_MN \ 126 (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET) 127 128 /* 129 * Supplementary info bits: 130 */ 131 #define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) 132 #define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) 133 #define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) 134 #define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) 135 #define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) 136 137 #define GSS_C_QOP_DEFAULT 0 138 139 /* end of gssapi.h */ 140 141 /* 142 * The following data structures are genenrated from lucid.x in the gssd project 143 * and must be kept in sync with that project. This is a more memory efficient 144 * representation of the gss_kerb5_lucid_context_v1_t defined in gssapi_krb5.h 145 */ 146 struct lucid_key { 147 uint32_t etype; 148 struct { 149 uint32_t key_len; 150 uint8_t *key_val; 151 } key; 152 }; 153 typedef struct lucid_key lucid_key; 154 155 struct key_data_1964 { 156 uint32_t sign_alg; 157 uint32_t seal_alg; 158 }; 159 typedef struct key_data_1964 key_data_1964; 160 161 struct key_data_4121 { 162 uint32_t acceptor_subkey; 163 }; 164 typedef struct key_data_4121 key_data_4121; 165 166 struct lucid_protocol { 167 uint32_t proto; 168 union { 169 key_data_1964 data_1964; 170 key_data_4121 data_4121; 171 } lucid_protocol_u; 172 }; 173 typedef struct lucid_protocol lucid_protocol; 174 175 struct lucid_context { 176 uint32_t vers; 177 uint32_t initiate; 178 uint32_t endtime; 179 uint64_t send_seq; 180 uint64_t recv_seq; 181 lucid_protocol key_data; 182 lucid_key ctx_key; 183 }; 184 typedef struct lucid_context lucid_context; 185 186 /* end of lucid.x generated data structures */ 187 188 typedef struct lucid_context *lucid_context_t; 189 /* 190 * Mask for determining the returned structure version. 191 * See example below for usage. 192 */ 193 typedef struct lucid_context_version { 194 uint32_t version; 195 /* Structure version number */ 196 } *lucid_context_version_t; 197 198 typedef enum etypes { 199 DES3_CBC_SHA1_KD = 16, 200 AES128_CTS_HMAC_SHA1_96 = 17, 201 AES256_CTS_HMAC_SHA1_96 = 18, 202 } etypes; 203 204 #define KRB5_USAGE_ACCEPTOR_SEAL 22 205 #define KRB5_USAGE_ACCEPTOR_SIGN 23 206 #define KRB5_USAGE_INITIATOR_SEAL 24 207 #define KRB5_USAGE_INITIATOR_SIGN 25 208 #define KRB5_USAGE_LEN 5 209 210 #define GSS_SND 0 211 #define GSS_RCV 1 212 #define GSS_C_QOP_REVERSE 0x80000000 /* Pseudo QOP value to use as input to gss_krb5_unwrap to allow Sender to unwrap */ 213 214 typedef struct krb5_key { 215 void *key_val; 216 size_t key_len; 217 } krb5_key_t; 218 219 /* 220 * Key schedule is the cbc state for encryption and decryption. 221 * For DES3 we always use the session key from the lucid context, 222 * and in that case Ekey and Ikey will point to the session key. 223 */ 224 struct key_schedule { 225 cccbc_ctx *enc; 226 cccbc_ctx *dec; 227 krb5_key_t ikeys[2]; /* Drived integrity key (same length context key); */ 228 }; 229 230 /* 231 * Crypto context that supports AES and DES3 etypes 232 * All supported encryption types use hmac with SHA1 233 * All are CBC encryption types 234 * des3-cbc-sha1 -- 7 235 * des3-dbc-sha1-kd -- 16 ??? 236 * aes128-cts-hmac-sha1-96 -- 17 237 * aes256-cts-hmac-sha1-96 -- 18 238 */ 239 240 typedef struct crypto_ctx { 241 uint32_t etype; 242 uint32_t flags; 243 size_t mpad; /* Message padding */ 244 lck_mtx_t lock; 245 lucid_context_t gss_ctx; /* Back pointer to lucid context */ 246 void *key; /* Points to session key from lucid context */ 247 const struct ccdigest_info *di; 248 const struct ccmode_cbc *enc_mode; 249 const struct ccmode_cbc *dec_mode; 250 struct key_schedule ks; 251 uint32_t digest_size; 252 uint32_t keylen; 253 krb5_key_t ckeys[2]; /* Derived checksum key. Same as key for DES3 */ 254 } *crypto_ctx_t; 255 256 #define CRYPTO_KS_ALLOCED 0x00001 257 #define CRYPTO_CTS_ENABLE 0x00002 258 259 #define CRYPTO_MAX_DIGSET_SIZE 20 // 160 bits for DES3_CBC_SHA1_KD 260 261 typedef struct gss_ctx_id_desc { 262 lucid_context gss_lucid_ctx; 263 struct crypto_ctx gss_cryptor; 264 } *gss_ctx_id_t; 265 266 typedef struct gss_buffer_desc_struct { 267 size_t length; 268 void *value; 269 } gss_buffer_desc, *gss_buffer_t; 270 271 uint32_t 272 gss_release_buffer(uint32_t *, /* minor_status */ 273 gss_buffer_t); 274 275 276 /* Per message interfaces for kerberos gss mech in the kernel */ 277 278 typedef uint32_t gss_qop_t; 279 280 uint32_t 281 gss_krb5_get_mic_mbuf(uint32_t *, /* minor_status */ 282 gss_ctx_id_t, /* context_handle */ 283 gss_qop_t, /* qop_req */ 284 mbuf_t, /* message mbuf */ 285 size_t, /* offest */ 286 size_t, /* length */ 287 gss_buffer_t /* message_token */ 288 ); 289 290 uint32_t 291 gss_krb5_get_mic(uint32_t *, /* minor_status */ 292 gss_ctx_id_t, /* context_handle */ 293 gss_qop_t, /* qop_req */ 294 gss_buffer_t, /* message buffer */ 295 gss_buffer_t /* message_token */ 296 ); 297 298 uint32_t 299 gss_krb5_verify_mic_mbuf(uint32_t *, /* minor_status */ 300 gss_ctx_id_t, /* context_handle */ 301 mbuf_t, /* message_buffer */ 302 size_t, /* offset */ 303 size_t, /* length */ 304 gss_buffer_t, /* message_token */ 305 gss_qop_t * /* qop_state */ 306 ); 307 308 uint32_t 309 gss_krb5_wrap_mbuf(uint32_t *, /* minor_status */ 310 gss_ctx_id_t, /* context_handle */ 311 int, /* conf_req_flag */ 312 gss_qop_t, /* qop_req */ 313 mbuf_t *, /* input/output message_buffer */ 314 size_t, /* offset */ 315 size_t, /* length */ 316 int * /* conf_state */ 317 ); 318 319 uint32_t 320 gss_krb5_unwrap_mbuf(uint32_t *, /* minor_status */ 321 gss_ctx_id_t, /* context_handle */ 322 mbuf_t *, /* input/output message_buffer */ 323 size_t, /* offset */ 324 size_t, /* length */ 325 int *, /* conf_state */ 326 gss_qop_t * /* qop state */ 327 ); 328 329 void gss_krb5_destroy_context(gss_ctx_id_t); 330 331 gss_ctx_id_t gss_krb5_make_context(void *, uint32_t); 332 333 void gss_krb5_mech_init(void); 334 335 int corecrypto_available(void); 336 337 errno_t gss_normalize_mbuf(mbuf_t, size_t, size_t *, mbuf_t *, mbuf_t *, int); 338 339 mbuf_t gss_join_mbuf(mbuf_t, mbuf_t, mbuf_t); 340 341 typedef struct hmac_ctx_struct { 342 size_t keylen; 343 uint8_t *key; 344 ccdigest_ctx_t di_ctx; 345 } hmac_ctx, hmac_ctx_t[1]; 346 347 void hmac_init(const struct ccdigest_info *, hmac_ctx_t, size_t, void *); 348 void hmac_update(const struct ccdigest_info *, hmac_ctx_t, size_t, void *); 349 void hmac_final(const struct ccdigest_info *, hmac_ctx_t, uint8_t *); 350 351 void printmbuf(const char *, mbuf_t, uint32_t, uint32_t); 352 353 void printgbuf(const char *, gss_buffer_t); 354