1 /* $NetBSD: pkinit-ec.c,v 1.3 2023/06/19 21:41:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 2016 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 *
21 * 3. Neither the name of the Institute nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 */
37
38 #include <config.h>
39 #include <krb5/roken.h>
40
41 #ifdef PKINIT
42
43 /*
44 * As with the other *-ec.c files in Heimdal, this is a bit of a hack.
45 *
46 * The idea is to use OpenSSL for EC because hcrypto doesn't have the
47 * required functionality at this time. To do this we segregate
48 * EC-using code into separate source files and then we arrange for them
49 * to get the OpenSSL headers and not the conflicting hcrypto ones.
50 *
51 * Because of auto-generated *-private.h headers, we end up needing to
52 * make sure various types are defined before we include them, thus the
53 * strange header include order here.
54 */
55
56 #ifdef HAVE_HCRYPTO_W_OPENSSL
57 #include <openssl/ec.h>
58 #include <openssl/ecdh.h>
59 #include <openssl/evp.h>
60 #include <openssl/bn.h>
61 #define HEIM_NO_CRYPTO_HDRS
62 #else
63 #include <hcrypto/des.h>
64 #endif
65
66 /*
67 * NO_HCRYPTO_POLLUTION -> don't refer to hcrypto type/function names
68 * that we don't need in this file and which would clash with OpenSSL's
69 * in ways that are difficult to address in cleaner ways.
70 *
71 * In the medium- to long-term what we should do is move all PK in
72 * Heimdal to the newer EVP interfaces for PK and then nothing outside
73 * lib/hcrypto should ever have to include OpenSSL headers, and -more
74 * specifically- the only thing that should ever have to include OpenSSL
75 * headers is the OpenSSL backend to hcrypto.
76 */
77 #define NO_HCRYPTO_POLLUTION
78
79 #include "krb5_locl.h"
80 #include <krb5/cms_asn1.h>
81 #include <krb5/pkcs8_asn1.h>
82 #include <krb5/pkcs9_asn1.h>
83 #include <krb5/pkcs12_asn1.h>
84 #include <krb5/pkinit_asn1.h>
85 #include <krb5/asn1_err.h>
86
87 #include <krb5/der.h>
88
89 krb5_error_code
_krb5_build_authpack_subjectPK_EC(krb5_context context,krb5_pk_init_ctx ctx,AuthPack * a)90 _krb5_build_authpack_subjectPK_EC(krb5_context context,
91 krb5_pk_init_ctx ctx,
92 AuthPack *a)
93 {
94 #ifdef HAVE_HCRYPTO_W_OPENSSL
95 krb5_error_code ret;
96 ECParameters ecp;
97 unsigned char *p;
98 size_t size;
99 int xlen;
100
101 /* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */
102
103 ecp.element = choice_ECParameters_namedCurve;
104 ret = der_copy_oid(&asn1_oid_id_ec_group_secp256r1,
105 &ecp.u.namedCurve);
106 if (ret)
107 return ret;
108
109 ALLOC(a->clientPublicValue->algorithm.parameters, 1);
110 if (a->clientPublicValue->algorithm.parameters == NULL) {
111 free_ECParameters(&ecp);
112 return krb5_enomem(context);
113 }
114 ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret);
115 free_ECParameters(&ecp);
116 if (ret)
117 return ret;
118 if ((int)size != xlen)
119 krb5_abortx(context, "asn1 internal error");
120
121 a->clientPublicValue->algorithm.parameters->data = p;
122 a->clientPublicValue->algorithm.parameters->length = size;
123
124 /* copy in public key */
125
126 ret = der_copy_oid(&asn1_oid_id_ecPublicKey,
127 &a->clientPublicValue->algorithm.algorithm);
128 if (ret)
129 return ret;
130
131 ctx->u.eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
132 if (ctx->u.eckey == NULL)
133 return krb5_enomem(context);
134
135 ret = EC_KEY_generate_key(ctx->u.eckey);
136 if (ret != 1)
137 return EINVAL;
138
139 xlen = i2o_ECPublicKey(ctx->u.eckey, NULL);
140 if (xlen <= 0)
141 return EINVAL;
142
143 p = malloc(xlen);
144 if (p == NULL)
145 return krb5_enomem(context);
146
147 a->clientPublicValue->subjectPublicKey.data = p;
148
149 xlen = i2o_ECPublicKey(ctx->u.eckey, &p);
150 if (xlen <= 0) {
151 a->clientPublicValue->subjectPublicKey.data = NULL;
152 free(p);
153 return EINVAL;
154 }
155
156 a->clientPublicValue->subjectPublicKey.length = xlen * 8;
157
158 return 0;
159
160 /* XXX verify that this is right with RFC3279 */
161 #else
162 krb5_set_error_message(context, ENOTSUP,
163 N_("PKINIT: ECDH not supported", ""));
164 return ENOTSUP;
165 #endif
166 }
167
168 krb5_error_code
_krb5_pk_rd_pa_reply_ecdh_compute_key(krb5_context context,krb5_pk_init_ctx ctx,const unsigned char * in,size_t in_sz,unsigned char ** out,int * out_sz)169 _krb5_pk_rd_pa_reply_ecdh_compute_key(krb5_context context,
170 krb5_pk_init_ctx ctx,
171 const unsigned char *in,
172 size_t in_sz,
173 unsigned char **out,
174 int *out_sz)
175 {
176 #ifdef HAVE_HCRYPTO_W_OPENSSL
177 krb5_error_code ret = 0;
178 int dh_gen_keylen;
179
180 const EC_GROUP *group;
181 EC_KEY *public = NULL;
182
183 group = EC_KEY_get0_group(ctx->u.eckey);
184
185 public = EC_KEY_new();
186 if (public == NULL)
187 return krb5_enomem(context);
188 if (EC_KEY_set_group(public, group) != 1) {
189 EC_KEY_free(public);
190 return krb5_enomem(context);
191 }
192
193 if (o2i_ECPublicKey(&public, &in, in_sz) == NULL) {
194 EC_KEY_free(public);
195 ret = KRB5KRB_ERR_GENERIC;
196 krb5_set_error_message(context, ret,
197 N_("PKINIT: Can't parse ECDH public key", ""));
198 return ret;
199 }
200
201 *out_sz = (EC_GROUP_get_degree(group) + 7) / 8;
202 if (*out_sz < 0)
203 return EOVERFLOW;
204 *out = malloc(*out_sz);
205 if (*out == NULL) {
206 EC_KEY_free(public);
207 return krb5_enomem(context);
208 }
209 dh_gen_keylen = ECDH_compute_key(*out, *out_sz,
210 EC_KEY_get0_public_key(public),
211 ctx->u.eckey, NULL);
212 EC_KEY_free(public);
213 if (dh_gen_keylen <= 0) {
214 ret = KRB5KRB_ERR_GENERIC;
215 dh_gen_keylen = 0;
216 krb5_set_error_message(context, ret,
217 N_("PKINIT: Can't compute ECDH public key", ""));
218 free(*out);
219 *out = NULL;
220 *out_sz = 0;
221 }
222 *out_sz = dh_gen_keylen;
223
224 return ret;
225 #else
226 krb5_set_error_message(context, ENOTSUP,
227 N_("PKINIT: ECDH not supported", ""));
228 return ENOTSUP;
229 #endif
230 }
231
232 void
_krb5_pk_eckey_free(void * eckey)233 _krb5_pk_eckey_free(void *eckey)
234 {
235 #ifdef HAVE_HCRYPTO_W_OPENSSL
236 EC_KEY_free(eckey);
237 #endif
238 }
239
240 #else
241
242 static char lib_krb5_pkinit_ec_c = '\0';
243
244 #endif
245