heimdal/lib/gssapi/sanon/init_sec_context.c

/*
 * Copyright (c) 2019-2020, AuriStor, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * - Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in
 *   the documentation and/or other materials provided with the
 *   distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "sanon_locl.h"

int
_gss_sanon_available_p(gss_const_cred_id_t claimant_cred_handle,
		       gss_const_name_t target_name,
		       OM_uint32 req_flags)
{
    OM_uint32 minor;
    gss_name_t initiator_name = GSS_C_NO_NAME;
    int available;

    if (claimant_cred_handle != GSS_C_NO_CREDENTIAL) {
	_gss_sanon_inquire_cred(&minor, claimant_cred_handle,
				&initiator_name, NULL, NULL, NULL);
	heim_assert(initiator_name != GSS_C_NO_NAME,
		    "Invalid null SAnon initiator name");
    }

    /*
     * SAnon is available if one of the following is true:
     *
     * The caller set anon_req_flag (GSS_C_ANON_FLAG)
     * The claimant_cred_handle identity is anonymous
     * The claimant_cred_handle is the default credential
     *   and target_name is anonymous
     */
    if (req_flags & GSS_C_ANON_FLAG)
	available = TRUE;
    else if (initiator_name == _gss_sanon_anonymous_identity)
	available = TRUE;
    else if (claimant_cred_handle == GSS_C_NO_CREDENTIAL &&
	target_name == _gss_sanon_anonymous_identity)
	available = TRUE;
    else
	available = FALSE;

    _gss_sanon_release_name(&minor, &initiator_name);
    return available;
}

OM_uint32 GSSAPI_CALLCONV
_gss_sanon_init_sec_context(OM_uint32 *minor,
			    gss_const_cred_id_t cred_handle,
			    gss_ctx_id_t *context_handle,
			    gss_const_name_t target_name,
			    const gss_OID mech_type,
			    OM_uint32 req_flags,
			    OM_uint32 time_req,
			    const gss_channel_bindings_t input_chan_bindings,
			    const gss_buffer_t input_token,
			    gss_OID *actual_mech_type,
			    gss_buffer_t output_token,
			    OM_uint32 *ret_flags,
			    OM_uint32 *time_rec)
{
    gss_buffer_desc mech_token = GSS_C_EMPTY_BUFFER;
    OM_uint32 major, tmp;
    sanon_ctx sc = (sanon_ctx)*context_handle;
    OM_uint32 flags = 0;
    gss_buffer_desc session_key = GSS_C_EMPTY_BUFFER;

    *minor = 0;
    _mg_buffer_zero(output_token);

    if (!_gss_sanon_available_p(cred_handle, target_name, req_flags)) {
	major = GSS_S_UNAVAILABLE;
	goto out;
    }

    flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
	     GSS_C_INTEG_FLAG | GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
	     GSS_C_EXTENDED_ERROR_FLAG; /* supported flags */
    flags &= req_flags;
    flags |= GSS_C_ANON_FLAG; /* always set this flag */

    if (sc == NULL) {
	if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
	    major = GSS_S_DEFECTIVE_TOKEN;
	    goto out;
	}

	sc = calloc(1, sizeof(*sc));
	if (sc == NULL) {
	    *minor = ENOMEM;
	    major = GSS_S_FAILURE;
	    goto out;
	}

        sc->is_initiator = 1;
	sc->flags = req_flags;

	/* compute public and secret keys */
	major = _gss_sanon_curve25519_base(minor, sc);
	if (major != GSS_S_COMPLETE)
	    goto out;

	mech_token.length = sizeof(sc->pk);
	mech_token.value = sc->pk;

	/* send public key to acceptor */
	major = gss_encapsulate_token(&mech_token,
				      GSS_SANON_X25519_MECHANISM,
				      output_token);
	if (major != GSS_S_COMPLETE)
	    goto out;

	*context_handle = (gss_ctx_id_t)sc;
	major = GSS_S_CONTINUE_NEEDED;
    } else {
	static gss_buffer_desc empty = GSS_C_EMPTY_BUFFER;
	gss_buffer_desc pk, hok_mic;

	if (input_token == GSS_C_NO_BUFFER ||
	    input_token->length < crypto_scalarmult_curve25519_BYTES) {
	    major = GSS_S_DEFECTIVE_TOKEN;
	    goto out;
	} else if (sc->rfc4121 != GSS_C_NO_CONTEXT || !(sc->is_initiator)) {
	    major = GSS_S_BAD_STATUS;
	    goto out;
	}

	pk.length = crypto_scalarmult_curve25519_BYTES;
	pk.value = input_token->value;

	/* compute shared secret */
	major = _gss_sanon_curve25519(minor, sc, &pk, input_chan_bindings, &session_key);
	if (major != GSS_S_COMPLETE)
	    goto out;

	flags |= GSS_C_TRANS_FLAG;
        sc->flags |= GSS_C_TRANS_FLAG;

	major = _gss_sanon_import_rfc4121_context(minor, sc, &session_key);
	if (major != GSS_S_COMPLETE)
	    goto out;

	/* verify holder of key MIC */
	hok_mic.length = input_token->length - pk.length;
	hok_mic.value = (uint8_t *)input_token->value + pk.length;

	major = _gss_sanon_verify_mic(minor, (gss_const_ctx_id_t)sc,
				      &empty, &hok_mic, NULL);
	if (major != GSS_S_COMPLETE)
	    goto out;
    }

    if (ret_flags)
	*ret_flags = flags;
    if (time_rec)
	*time_rec = GSS_C_INDEFINITE;

out:
    if (actual_mech_type)
	*actual_mech_type = GSS_SANON_X25519_MECHANISM;

    if (GSS_ERROR(major)) {
	_gss_sanon_delete_sec_context(&tmp, (gss_ctx_id_t *)&sc, GSS_C_NO_BUFFER);
	*context_handle = GSS_C_NO_CONTEXT;
    }
    _gss_secure_release_buffer(&tmp, &session_key);

    return major;
}