gss: SAnon - the Simple Anonymous GSS-API mechanism
Add support for SAnon, a simple key agreement protocol that provides no authentication of initiator or acceptor using x25519 ECDH key exchange. See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol description.
This commit is contained in:
Luke Howard
committed by
Nicolas Williams
Nicolas Williams
parent
beda11a079
commit
4a7eb74374
193
lib/gssapi/sanon/init_sec_context.c
Normal file
193
lib/gssapi/sanon/init_sec_context.c
Normal file
@@ -0,0 +1,193 @@
|
||||
/*
|
||||
* Copyright (c) 2019-2020, AuriStor, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* - Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* - Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "sanon_locl.h"
|
||||
|
||||
int
|
||||
_gss_sanon_available_p(gss_const_cred_id_t claimant_cred_handle,
|
||||
gss_const_name_t target_name,
|
||||
OM_uint32 req_flags)
|
||||
{
|
||||
OM_uint32 minor;
|
||||
gss_name_t initiator_name = GSS_C_NO_NAME;
|
||||
int available;
|
||||
|
||||
if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
|
||||
_gss_sanon_inquire_cred(&minor, claimant_cred_handle,
|
||||
&initiator_name, NULL, NULL, NULL);
|
||||
heim_assert(initiator_name != GSS_C_NO_NAME,
|
||||
"Invalid null SAnon initiator name");
|
||||
}
|
||||
|
||||
/*
|
||||
* SAnon is available if one of the following is true:
|
||||
*
|
||||
* The caller set anon_req_flag (GSS_C_ANON_FLAG)
|
||||
* The claimant_cred_handle identity is anonymous
|
||||
* The claimant_cred_handle is the default credential
|
||||
* and target_name is anonymous
|
||||
*/
|
||||
if (req_flags & GSS_C_ANON_FLAG)
|
||||
available = TRUE;
|
||||
else if (initiator_name == _gss_sanon_anonymous_identity)
|
||||
available = TRUE;
|
||||
else if (claimant_cred_handle == GSS_C_NO_CREDENTIAL &&
|
||||
target_name == _gss_sanon_anonymous_identity)
|
||||
available = TRUE;
|
||||
else
|
||||
available = FALSE;
|
||||
|
||||
_gss_sanon_release_name(&minor, &initiator_name);
|
||||
return available;
|
||||
}
|
||||
|
||||
OM_uint32 GSSAPI_CALLCONV
|
||||
_gss_sanon_init_sec_context(OM_uint32 *minor,
|
||||
gss_const_cred_id_t cred_handle,
|
||||
gss_ctx_id_t *context_handle,
|
||||
gss_const_name_t target_name,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 req_flags,
|
||||
OM_uint32 time_req,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID *actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 *ret_flags,
|
||||
OM_uint32 *time_rec)
|
||||
{
|
||||
gss_buffer_desc mech_token = GSS_C_EMPTY_BUFFER;
|
||||
OM_uint32 major, tmp;
|
||||
sanon_ctx sc = (sanon_ctx)*context_handle;
|
||||
OM_uint32 flags = 0;
|
||||
gss_buffer_desc session_key = GSS_C_EMPTY_BUFFER;
|
||||
|
||||
*minor = 0;
|
||||
_mg_buffer_zero(output_token);
|
||||
|
||||
if (!_gss_sanon_available_p(cred_handle, target_name, req_flags)) {
|
||||
major = GSS_S_UNAVAILABLE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
|
||||
GSS_C_INTEG_FLAG | GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
|
||||
GSS_C_EXTENDED_ERROR_FLAG; /* supported flags */
|
||||
flags &= req_flags;
|
||||
flags |= GSS_C_ANON_FLAG; /* always set this flag */
|
||||
|
||||
if (sc == NULL) {
|
||||
if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
|
||||
major = GSS_S_DEFECTIVE_TOKEN;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc = calloc(1, sizeof(*sc));
|
||||
if (sc == NULL) {
|
||||
*minor = ENOMEM;
|
||||
major = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sc->flags = SANON_FLAG_INITIATOR | rfc4757_to_sanon_flags(req_flags);
|
||||
|
||||
/* compute public and secret keys */
|
||||
major = _gss_sanon_curve25519_base(minor, sc);
|
||||
if (major != GSS_S_COMPLETE)
|
||||
goto out;
|
||||
|
||||
mech_token.length = sizeof(sc->pk);
|
||||
mech_token.value = sc->pk;
|
||||
|
||||
/* send public key to acceptor */
|
||||
major = gss_encapsulate_token(&mech_token,
|
||||
GSS_SANON_X25519_MECHANISM,
|
||||
output_token);
|
||||
if (major != GSS_S_COMPLETE)
|
||||
goto out;
|
||||
|
||||
*context_handle = (gss_ctx_id_t)sc;
|
||||
major = GSS_S_CONTINUE_NEEDED;
|
||||
} else {
|
||||
static gss_buffer_desc empty = GSS_C_EMPTY_BUFFER;
|
||||
gss_buffer_desc pk, hok_mic;
|
||||
|
||||
if (input_token == GSS_C_NO_BUFFER ||
|
||||
input_token->length < crypto_scalarmult_curve25519_BYTES) {
|
||||
major = GSS_S_DEFECTIVE_TOKEN;
|
||||
goto out;
|
||||
} else if (sc->rfc4121 != GSS_C_NO_CONTEXT ||
|
||||
!(sc->flags & SANON_FLAG_INITIATOR)) {
|
||||
major = GSS_S_BAD_STATUS;
|
||||
goto out;
|
||||
}
|
||||
|
||||
pk.length = crypto_scalarmult_curve25519_BYTES;
|
||||
pk.value = input_token->value;
|
||||
|
||||
/* compute shared secret */
|
||||
major = _gss_sanon_curve25519(minor, sc, &pk, input_chan_bindings, &session_key);
|
||||
if (major != GSS_S_COMPLETE)
|
||||
goto out;
|
||||
|
||||
flags |= GSS_C_TRANS_FLAG;
|
||||
|
||||
major = _gss_sanon_import_rfc4121_context(minor, sc, flags, &session_key);
|
||||
if (major != GSS_S_COMPLETE)
|
||||
goto out;
|
||||
|
||||
/* verify holder of key MIC */
|
||||
hok_mic.length = input_token->length - pk.length;
|
||||
hok_mic.value = (uint8_t *)input_token->value + pk.length;
|
||||
|
||||
major = _gss_sanon_verify_mic(minor, (gss_const_ctx_id_t)sc,
|
||||
&empty, &hok_mic, NULL);
|
||||
if (major != GSS_S_COMPLETE)
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (ret_flags)
|
||||
*ret_flags = flags;
|
||||
if (time_rec)
|
||||
*time_rec = GSS_C_INDEFINITE;
|
||||
|
||||
out:
|
||||
if (actual_mech_type)
|
||||
*actual_mech_type = GSS_SANON_X25519_MECHANISM;
|
||||
|
||||
if (GSS_ERROR(major)) {
|
||||
_gss_sanon_delete_sec_context(&tmp, (gss_ctx_id_t *)&sc, GSS_C_NO_BUFFER);
|
||||
*context_handle = GSS_C_NO_CONTEXT;
|
||||
}
|
||||
_gss_secure_release_buffer(&tmp, &session_key);
|
||||
|
||||
return major;
|
||||
}
|
||||
Reference in New Issue
Block a user