xref: /netbsd-src/crypto/external/bsd/heimdal/dist/lib/gssapi/krb5/aeap.c (revision 7330f729ccf0bd976a06f95fad452fe774fc7fd1) 
1 /*	$NetBSD: aeap.c,v 1.2 2017/01/28 21:31:46 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 2008  Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "gsskrb5_locl.h"
37 
38 #include <krb5/roken.h>
39 
40 OM_uint32 GSSAPI_CALLCONV
41 _gk_wrap_iov(OM_uint32 * minor_status,
42 	     gss_ctx_id_t  context_handle,
43 	     int conf_req_flag,
44 	     gss_qop_t qop_req,
45 	     int * conf_state,
46 	     gss_iov_buffer_desc *iov,
47 	     int iov_count)
48 {
49     const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
50     krb5_context context;
51     OM_uint32 ret;
52     krb5_keyblock *key;
53     krb5_keytype keytype;
54 
55     GSSAPI_KRB5_INIT (&context);
56 
57     if (ctx->more_flags & IS_CFX)
58         return _gssapi_wrap_cfx_iov(minor_status, ctx, context,
59 				    conf_req_flag, conf_state,
60 				    iov, iov_count);
61 
62     HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
63     ret = _gsskrb5i_get_token_key(ctx, context, &key);
64     HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
65     if (ret) {
66 	*minor_status = ret;
67 	return GSS_S_FAILURE;
68     }
69     krb5_enctype_to_keytype(context, key->keytype, &keytype);
70 
71     switch (keytype) {
72     case KEYTYPE_ARCFOUR:
73     case KEYTYPE_ARCFOUR_56:
74 	ret = _gssapi_wrap_iov_arcfour(minor_status, ctx, context,
75 				       conf_req_flag, conf_state,
76 				       iov, iov_count, key);
77 	break;
78 
79     default:
80 	ret = GSS_S_FAILURE;
81 	break;
82     }
83 
84     krb5_free_keyblock(context, key);
85     return ret;
86 }
87 
88 OM_uint32 GSSAPI_CALLCONV
89 _gk_unwrap_iov(OM_uint32 *minor_status,
90 	       gss_ctx_id_t context_handle,
91 	       int *conf_state,
92 	       gss_qop_t *qop_state,
93 	       gss_iov_buffer_desc *iov,
94 	       int iov_count)
95 {
96     const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
97     krb5_context context;
98     OM_uint32 ret;
99     krb5_keytype keytype;
100     krb5_keyblock *key;
101 
102     GSSAPI_KRB5_INIT (&context);
103 
104     if (ctx->more_flags & IS_CFX)
105 	return _gssapi_unwrap_cfx_iov(minor_status, ctx, context,
106 				      conf_state, qop_state, iov, iov_count);
107 
108     HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
109     ret = _gsskrb5i_get_token_key(ctx, context, &key);
110     HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
111     if (ret) {
112 	*minor_status = ret;
113 	return GSS_S_FAILURE;
114     }
115     krb5_enctype_to_keytype(context, key->keytype, &keytype);
116 
117     switch (keytype) {
118     case KEYTYPE_ARCFOUR:
119     case KEYTYPE_ARCFOUR_56:
120 	ret = _gssapi_unwrap_iov_arcfour(minor_status, ctx, context,
121 					 conf_state, qop_state,
122 					 iov, iov_count, key);
123 	break;
124 
125     default:
126 	ret = GSS_S_FAILURE;
127 	break;
128     }
129 
130     krb5_free_keyblock(context, key);
131     return ret;
132 }
133 
134 OM_uint32 GSSAPI_CALLCONV
135 _gk_wrap_iov_length(OM_uint32 * minor_status,
136 		    gss_ctx_id_t context_handle,
137 		    int conf_req_flag,
138 		    gss_qop_t qop_req,
139 		    int *conf_state,
140 		    gss_iov_buffer_desc *iov,
141 		    int iov_count)
142 {
143     const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
144     krb5_context context;
145     OM_uint32 ret;
146     krb5_keytype keytype;
147     krb5_keyblock *key;
148 
149     GSSAPI_KRB5_INIT (&context);
150 
151     if (ctx->more_flags & IS_CFX)
152 	return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context,
153 					   conf_req_flag, qop_req, conf_state,
154 					   iov, iov_count);
155 
156     HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
157     ret = _gsskrb5i_get_token_key(ctx, context, &key);
158     HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
159     if (ret) {
160 	*minor_status = ret;
161 	return GSS_S_FAILURE;
162     }
163     krb5_enctype_to_keytype(context, key->keytype, &keytype);
164 
165     switch (keytype) {
166     case KEYTYPE_ARCFOUR:
167     case KEYTYPE_ARCFOUR_56:
168 	ret = _gssapi_wrap_iov_length_arcfour(minor_status, ctx, context,
169 					      conf_req_flag, qop_req, conf_state,
170 					      iov, iov_count);
171 	break;
172 
173     default:
174 	ret = GSS_S_FAILURE;
175 	break;
176     }
177 
178     krb5_free_keyblock(context, key);
179     return ret;
180 }
181