1 /* $NetBSD: aeap.c,v 1.2 2017/01/28 21:31:46 christos Exp $ */
2
3 /*
4 * Copyright (c) 2008 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "gsskrb5_locl.h"
37
38 #include <krb5/roken.h>
39
40 OM_uint32 GSSAPI_CALLCONV
_gk_wrap_iov(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int conf_req_flag,gss_qop_t qop_req,int * conf_state,gss_iov_buffer_desc * iov,int iov_count)41 _gk_wrap_iov(OM_uint32 * minor_status,
42 gss_ctx_id_t context_handle,
43 int conf_req_flag,
44 gss_qop_t qop_req,
45 int * conf_state,
46 gss_iov_buffer_desc *iov,
47 int iov_count)
48 {
49 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
50 krb5_context context;
51 OM_uint32 ret;
52 krb5_keyblock *key;
53 krb5_keytype keytype;
54
55 GSSAPI_KRB5_INIT (&context);
56
57 if (ctx->more_flags & IS_CFX)
58 return _gssapi_wrap_cfx_iov(minor_status, ctx, context,
59 conf_req_flag, conf_state,
60 iov, iov_count);
61
62 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
63 ret = _gsskrb5i_get_token_key(ctx, context, &key);
64 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
65 if (ret) {
66 *minor_status = ret;
67 return GSS_S_FAILURE;
68 }
69 krb5_enctype_to_keytype(context, key->keytype, &keytype);
70
71 switch (keytype) {
72 case KEYTYPE_ARCFOUR:
73 case KEYTYPE_ARCFOUR_56:
74 ret = _gssapi_wrap_iov_arcfour(minor_status, ctx, context,
75 conf_req_flag, conf_state,
76 iov, iov_count, key);
77 break;
78
79 default:
80 ret = GSS_S_FAILURE;
81 break;
82 }
83
84 krb5_free_keyblock(context, key);
85 return ret;
86 }
87
88 OM_uint32 GSSAPI_CALLCONV
_gk_unwrap_iov(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int * conf_state,gss_qop_t * qop_state,gss_iov_buffer_desc * iov,int iov_count)89 _gk_unwrap_iov(OM_uint32 *minor_status,
90 gss_ctx_id_t context_handle,
91 int *conf_state,
92 gss_qop_t *qop_state,
93 gss_iov_buffer_desc *iov,
94 int iov_count)
95 {
96 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
97 krb5_context context;
98 OM_uint32 ret;
99 krb5_keytype keytype;
100 krb5_keyblock *key;
101
102 GSSAPI_KRB5_INIT (&context);
103
104 if (ctx->more_flags & IS_CFX)
105 return _gssapi_unwrap_cfx_iov(minor_status, ctx, context,
106 conf_state, qop_state, iov, iov_count);
107
108 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
109 ret = _gsskrb5i_get_token_key(ctx, context, &key);
110 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
111 if (ret) {
112 *minor_status = ret;
113 return GSS_S_FAILURE;
114 }
115 krb5_enctype_to_keytype(context, key->keytype, &keytype);
116
117 switch (keytype) {
118 case KEYTYPE_ARCFOUR:
119 case KEYTYPE_ARCFOUR_56:
120 ret = _gssapi_unwrap_iov_arcfour(minor_status, ctx, context,
121 conf_state, qop_state,
122 iov, iov_count, key);
123 break;
124
125 default:
126 ret = GSS_S_FAILURE;
127 break;
128 }
129
130 krb5_free_keyblock(context, key);
131 return ret;
132 }
133
134 OM_uint32 GSSAPI_CALLCONV
_gk_wrap_iov_length(OM_uint32 * minor_status,gss_ctx_id_t context_handle,int conf_req_flag,gss_qop_t qop_req,int * conf_state,gss_iov_buffer_desc * iov,int iov_count)135 _gk_wrap_iov_length(OM_uint32 * minor_status,
136 gss_ctx_id_t context_handle,
137 int conf_req_flag,
138 gss_qop_t qop_req,
139 int *conf_state,
140 gss_iov_buffer_desc *iov,
141 int iov_count)
142 {
143 const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
144 krb5_context context;
145 OM_uint32 ret;
146 krb5_keytype keytype;
147 krb5_keyblock *key;
148
149 GSSAPI_KRB5_INIT (&context);
150
151 if (ctx->more_flags & IS_CFX)
152 return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context,
153 conf_req_flag, qop_req, conf_state,
154 iov, iov_count);
155
156 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
157 ret = _gsskrb5i_get_token_key(ctx, context, &key);
158 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
159 if (ret) {
160 *minor_status = ret;
161 return GSS_S_FAILURE;
162 }
163 krb5_enctype_to_keytype(context, key->keytype, &keytype);
164
165 switch (keytype) {
166 case KEYTYPE_ARCFOUR:
167 case KEYTYPE_ARCFOUR_56:
168 ret = _gssapi_wrap_iov_length_arcfour(minor_status, ctx, context,
169 conf_req_flag, qop_req, conf_state,
170 iov, iov_count);
171 break;
172
173 default:
174 ret = GSS_S_FAILURE;
175 break;
176 }
177
178 krb5_free_keyblock(context, key);
179 return ret;
180 }
181