C++ (Cpp) GSSEAP_MALLOC Beispiele

Beispiel #1

0

Datei anzeigen

Datei: util_token.c Projekt: terrencegf/mech_saml_ec

OM_uint32
gssEapDecodeInnerTokens(OM_uint32 *minor,
                        const gss_buffer_t buffer,
                        struct gss_eap_token_buffer_set *tokens)
{
    OM_uint32 major, tmpMinor;
    unsigned char *p;
    size_t count = 0;
    size_t remain;

    tokens->buffers.count = 0;
    tokens->buffers.elements = NULL;
    tokens->types = NULL;

    if (buffer->length == 0) {
        major = GSS_S_COMPLETE;
        goto cleanup;
    }

    p = (unsigned char *)buffer->value;
    remain = buffer->length;

    do {
        OM_uint32 *ntypes;
        gss_buffer_desc tokenBuffer, *newTokenBuffers;

        if (remain < 8) {
            major = GSS_S_DEFECTIVE_TOKEN;
            *minor = GSSEAP_TOK_TRUNC;
            goto cleanup;
        }

        if (tokens->buffers.count <= count) {
            if (count == 0)
                count = 1;
            else
                count *= 2;

            ntypes = GSSEAP_MALLOC(count * sizeof(OM_uint32));
            if (ntypes == NULL) {
                major = GSS_S_FAILURE;
                *minor = ENOMEM;
                goto cleanup;
            }
            if (tokens->types != NULL) {
                memcpy(ntypes, tokens->types, tokens->buffers.count * sizeof(OM_uint32));
                GSSEAP_FREE(tokens->types);
            }
            tokens->types = ntypes;

            newTokenBuffers = GSSEAP_MALLOC(count * sizeof(gss_buffer_desc));
            if (newTokenBuffers == NULL) {
                major = GSS_S_FAILURE;
                *minor = ENOMEM;
                goto cleanup;
            }
            if (tokens->buffers.elements != NULL) {
                memcpy(newTokenBuffers, tokens->buffers.elements,
                       tokens->buffers.count * sizeof(gss_buffer_desc));
                GSSEAP_FREE(tokens->buffers.elements);
            }
            tokens->buffers.elements = newTokenBuffers;
        }

        tokens->types[tokens->buffers.count] = load_uint32_be(&p[0]);
        tokenBuffer.length = load_uint32_be(&p[4]);

        if (remain < 8 + tokenBuffer.length) {
            major = GSS_S_DEFECTIVE_TOKEN;
            *minor = GSSEAP_TOK_TRUNC;
            goto cleanup;
        }
        tokenBuffer.value = &p[8];

        tokens->buffers.elements[tokens->buffers.count] = tokenBuffer;
        tokens->buffers.count++;

        p      += 8 + tokenBuffer.length;
        remain -= 8 + tokenBuffer.length;
    } while (remain != 0);

    major = GSS_S_COMPLETE;
    *minor = 0;

cleanup:
    if (GSS_ERROR(major))
        gssEapReleaseInnerTokens(&tmpMinor, tokens, 0);

    return major;
}

Beispiel #2

0

Datei anzeigen

Datei: export_sec_context.c Projekt: terrencegf/mech_saml_ec

static OM_uint32
gssEapExportPartialContext(OM_uint32 *minor,
                           gss_ctx_id_t ctx,
                           gss_buffer_t token)
{
    OM_uint32 major, tmpMinor;
    size_t length, serverLen = 0;
    unsigned char *p;
    char serverBuf[MAXHOSTNAMELEN];
    if (ctx->acceptorCtx.radConn != NULL) {
#ifdef MECH_EAP
        if (rs_conn_get_current_peer(ctx->acceptorCtx.radConn,
                                     serverBuf, sizeof(serverBuf)) != 0) {
#if 0
            return gssEapRadiusMapError(minor,
                                        rs_err_conn_pop(ctx->acceptorCtx.radConn));
#else
            serverBuf[0] = '\0'; /* not implemented yet */
#endif
        }
#endif
        serverLen = strlen(serverBuf);
    }
    length = 4 + serverLen + 4 + ctx->acceptorCtx.state.length;

    token->value = GSSEAP_MALLOC(length);
    if (token->value == NULL) {
        major = GSS_S_FAILURE;
        *minor = ENOMEM;
        goto cleanup;
    }
    token->length = length;

    p = (unsigned char *)token->value;

    store_uint32_be(serverLen, p);
    p += 4;
    if (serverLen != 0) {
        memcpy(p, serverBuf, serverLen);
        p += serverLen;
    }

    store_uint32_be(ctx->acceptorCtx.state.length, p);
    p += 4;
    if (ctx->acceptorCtx.state.length != 0) {
        memcpy(p, ctx->acceptorCtx.state.value,
               ctx->acceptorCtx.state.length);
        p += ctx->acceptorCtx.state.length;
    }

    GSSEAP_ASSERT(p == (unsigned char *)token->value + token->length);

    major = GSS_S_COMPLETE;
    *minor = 0;

cleanup:
    if (GSS_ERROR(major))
        gss_release_buffer(&tmpMinor, token);

    return major;
}

Beispiel #3

0

Datei anzeigen

Datei: export_sec_context.c Projekt: terrencegf/mech_saml_ec

OM_uint32
gssEapExportSecContext(OM_uint32 *minor,
                       gss_ctx_id_t ctx,
                       gss_buffer_t token)
{
    OM_uint32 major, tmpMinor;
    size_t length;
    gss_buffer_desc initiatorName = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc acceptorName = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc partialCtx = GSS_C_EMPTY_BUFFER;
    gss_buffer_desc key;
    unsigned char *p;

    if ((CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx)) ||
        ctx->mechanismUsed == GSS_C_NO_OID) {
        *minor = GSSEAP_CONTEXT_INCOMPLETE;
        return GSS_S_NO_CONTEXT;
    }

    key.length = KRB_KEY_LENGTH(&ctx->rfc3961Key);
    key.value  = KRB_KEY_DATA(&ctx->rfc3961Key);

    if (ctx->initiatorName != GSS_C_NO_NAME) {
        major = gssEapExportNameInternal(minor, ctx->initiatorName,
                                         &initiatorName,
                                         EXPORT_NAME_FLAG_COMPOSITE);
        if (GSS_ERROR(major))
            goto cleanup;
    }

    if (ctx->acceptorName != GSS_C_NO_NAME) {
        major = gssEapExportNameInternal(minor, ctx->acceptorName,
                                         &acceptorName,
                                         EXPORT_NAME_FLAG_COMPOSITE);
        if (GSS_ERROR(major))
            goto cleanup;
    }

#ifdef GSSEAP_ENABLE_ACCEPTOR
    /*
     * The partial context is only transmitted for unestablished acceptor
     * contexts.
     */
    if (!CTX_IS_INITIATOR(ctx) && !CTX_IS_ESTABLISHED(ctx) &&
        (ctx->flags & CTX_FLAG_KRB_REAUTH) == 0) {
        major = gssEapExportPartialContext(minor, ctx, &partialCtx);
        if (GSS_ERROR(major))
            goto cleanup;
    }
#endif

    length  = 16;                               /* version, state, flags, */
    length += 4 + ctx->mechanismUsed->length;   /* mechanismUsed */
    length += 12 + key.length;                  /* rfc3961Key.value */
    length += 4 + initiatorName.length;         /* initiatorName.value */
    length += 4 + acceptorName.length;          /* acceptorName.value */
    length += 24 + sequenceSize(ctx->seqState); /* seqState */

    if (partialCtx.value != NULL)
        length += 4 + partialCtx.length;        /* partialCtx.value */

    token->value = GSSEAP_MALLOC(length);
    if (token->value == NULL) {
        major = GSS_S_FAILURE;
        *minor = ENOMEM;
        goto cleanup;
    }
    token->length = length;

    p = (unsigned char *)token->value;

    store_uint32_be(EAP_EXPORT_CONTEXT_V1, &p[0]);        /* version */
    store_uint32_be(GSSEAP_SM_STATE(ctx),  &p[4]);
    store_uint32_be(ctx->flags,            &p[8]);
    store_uint32_be(ctx->gssFlags,         &p[12]);
    p = store_oid(ctx->mechanismUsed,      &p[16]);

    store_uint32_be(ctx->checksumType,     &p[0]);
    store_uint32_be(ctx->encryptionType,   &p[4]);
    p = store_buffer(&key,                 &p[8], FALSE);

    p = store_buffer(&initiatorName,       p, FALSE);
    p = store_buffer(&acceptorName,        p, FALSE);

    store_uint64_be(ctx->expiryTime,       &p[0]);
    store_uint64_be(ctx->sendSeq,          &p[8]);
    store_uint64_be(ctx->recvSeq,          &p[16]);
    p += 24;

    major = sequenceExternalize(minor, ctx->seqState, &p, &length);
    if (GSS_ERROR(major))
        goto cleanup;

    if (partialCtx.value != NULL)
        p = store_buffer(&partialCtx, p, FALSE);

    GSSEAP_ASSERT(p == (unsigned char *)token->value + token->length);

    major = GSS_S_COMPLETE;
    *minor = 0;

cleanup:
    if (GSS_ERROR(major))
        gss_release_buffer(&tmpMinor, token);
    gss_release_buffer(&tmpMinor, &initiatorName);
    gss_release_buffer(&tmpMinor, &acceptorName);
    gss_release_buffer(&tmpMinor, &partialCtx);

    return major;
}

Beispiel #4

0

Datei anzeigen

Datei: import_sec_context.c Projekt: janetuk/mech_eap

static OM_uint32
gssEapImportPartialContext(OM_uint32 *minor,
                           unsigned char **pBuf,
                           size_t *pRemain,
                           gss_ctx_id_t ctx)
{
    OM_uint32 major;
    unsigned char *p = *pBuf;
    size_t remain = *pRemain;
    gss_buffer_desc buf;
    size_t ctxLength, serverLen;

    /* Length of partial RADIUS context */
    CHECK_REMAIN(4);
    ctxLength = load_uint32_be(p);
    UPDATE_REMAIN(4);

    CHECK_REMAIN(ctxLength);
    remain = ctxLength; /* check against partial context length */

    /* Selected RADIUS server */
    CHECK_REMAIN(4);
    serverLen = load_uint32_be(p);
    UPDATE_REMAIN(4);

    if (serverLen != 0) {
        CHECK_REMAIN(serverLen);

        ctx->acceptorCtx.radServer = GSSEAP_MALLOC(serverLen + 1);
        if (ctx->acceptorCtx.radServer == NULL) {
            *minor = ENOMEM;
            return GSS_S_FAILURE;
        }
        memcpy(ctx->acceptorCtx.radServer, p, serverLen);
        ctx->acceptorCtx.radServer[serverLen] = '\0';

        UPDATE_REMAIN(serverLen);
    }

    /* RADIUS state blob */
    CHECK_REMAIN(4);
    buf.length = load_uint32_be(p);
    UPDATE_REMAIN(4);

    if (buf.length != 0) {
        CHECK_REMAIN(buf.length);

        buf.value = p;

        major = duplicateBuffer(minor, &buf, &ctx->acceptorCtx.state);
        if (GSS_ERROR(major))
            return major;

        UPDATE_REMAIN(buf.length);
    }

#ifdef GSSEAP_DEBUG
    GSSEAP_ASSERT(remain == 0);
#endif

    *pBuf = p;
    *pRemain -= 4 + ctxLength;

    return GSS_S_COMPLETE;
}

Beispiel #5

0

Datei anzeigen

Datei: util_crypt.c Projekt: janetuk/mech_eap

/*
 * DCE_STYLE indicates actual RRC is EC + RRC
 * EC is extra rotate count for DCE_STYLE, pad length otherwise
 * RRC is rotate count.
 */
static krb5_error_code
mapIov(krb5_context context, int dce_style, size_t ec, size_t rrc,
#ifdef HAVE_HEIMDAL_VERSION
       krb5_crypto crypto,
#else
       krb5_keyblock *crypto,
#endif
       gss_iov_buffer_desc *iov,
       int iov_count, krb5_crypto_iov **pkiov,
       size_t *pkiov_count)
{
    gss_iov_buffer_t header;
    gss_iov_buffer_t trailer;
    int i = 0, j;
    size_t kiov_count;
    krb5_crypto_iov *kiov;
    size_t k5_headerlen = 0, k5_trailerlen = 0;
    size_t gss_headerlen, gss_trailerlen;
    krb5_error_code code;

    *pkiov = NULL;
    *pkiov_count = 0;

    header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
    GSSEAP_ASSERT(header != NULL);

    trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
    GSSEAP_ASSERT(trailer == NULL || rrc == 0);

    code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
    if (code != 0)
        return code;

    code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
    if (code != 0)
        return code;

    /* Check header and trailer sizes */
    gss_headerlen = 16 /* GSS-Header */ + k5_headerlen; /* Kerb-Header */
    gss_trailerlen = ec + 16 /* E(GSS-Header) */ + k5_trailerlen; /* Kerb-Trailer */

    /* If we're caller without a trailer, we must rotate by trailer length */
    if (trailer == NULL) {
        size_t actual_rrc = rrc;

        if (dce_style)
            actual_rrc += ec; /* compensate for Windows bug */

        if (actual_rrc != gss_trailerlen)
            return KRB5_BAD_MSIZE;

        gss_headerlen += gss_trailerlen;
    } else {
        if (trailer->buffer.length != gss_trailerlen)
            return KRB5_BAD_MSIZE;
    }

    if (header->buffer.length != gss_headerlen)
        return KRB5_BAD_MSIZE;

    kiov_count = 3 + iov_count;
    kiov = (krb5_crypto_iov *)GSSEAP_MALLOC(kiov_count * sizeof(krb5_crypto_iov));
    if (kiov == NULL)
        return ENOMEM;

    /*
     * The krb5 header is located at the end of the GSS header.
     */
    kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER;
    kiov[i].data.length = k5_headerlen;
    kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - k5_headerlen;
    i++;

    for (j = 0; j < iov_count; j++) {
        kiov[i].flags = gssEapMapCryptoFlag(iov[j].type);
        if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
            continue;

        kiov[i].data.length = iov[j].buffer.length;
        kiov[i].data.data = (char *)iov[j].buffer.value;
        i++;
    }

    /*
     * The EC and encrypted GSS header are placed in the trailer, which may
     * be rotated directly after the plaintext header if no trailer buffer
     * is provided.
     */
    kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
    kiov[i].data.length = ec + 16; /* E(Header) */
    if (trailer == NULL)
        kiov[i].data.data = (char *)header->buffer.value + 16;
    else
        kiov[i].data.data = (char *)trailer->buffer.value;
    i++;

    /*
     * The krb5 trailer is placed after the encrypted copy of the
     * krb5 header (which may be in the GSS header or trailer).
     */
    kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
    kiov[i].data.length = k5_trailerlen;
    kiov[i].data.data = (char *)kiov[i - 1].data.data + ec + 16; /* E(Header) */
    i++;

    *pkiov = kiov;
    *pkiov_count = i;

    return 0;
}

Beispiel #6

0

Datei anzeigen

Datei: pseudo_random.c Projekt: janetuk/mech_eap

OM_uint32
gssEapPseudoRandom(OM_uint32 *minor,
                   gss_const_ctx_id_t ctx,
                   int prf_key,
                   const gss_buffer_t prf_in,
                   gss_buffer_t prf_out)
{
    krb5_error_code code;
    int i;
    OM_uint32 tmpMinor;
    size_t prflen;
    krb5_data t, ns;
    unsigned char *p;
    krb5_context krbContext;
    ssize_t desired_output_len = prf_out->length;
#ifdef HAVE_HEIMDAL_VERSION
    krb5_crypto krbCrypto = NULL;
#endif

    *minor = 0;

    GSSEAP_KRB_INIT(&krbContext);

    KRB_DATA_INIT(&t);
    KRB_DATA_INIT(&ns);

    if (prf_key != GSS_C_PRF_KEY_PARTIAL &&
        prf_key != GSS_C_PRF_KEY_FULL) {
        code = GSSEAP_BAD_PRF_KEY;
        goto cleanup;
    }

#ifdef HAVE_HEIMDAL_VERSION
    code = krb5_crypto_prf_length(krbContext, ctx->encryptionType, &prflen);
#else
    code = krb5_c_prf_length(krbContext, ctx->encryptionType, &prflen);
#endif
    if (code != 0)
        goto cleanup;

    ns.length = 4 + prf_in->length;
    ns.data = GSSEAP_MALLOC(ns.length);
    if (ns.data == NULL) {
        code = ENOMEM;
        goto cleanup;
    }

#ifdef HAVE_HEIMDAL_VERSION
    code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, 0, &krbCrypto);
    if (code != 0)
        goto cleanup;
#else
    t.length = prflen;
    t.data = GSSEAP_MALLOC(t.length);
    if (t.data == NULL) {
        code = ENOMEM;
        goto cleanup;
    }
#endif

    memcpy((unsigned char *)ns.data + 4, prf_in->value, prf_in->length);
    i = 0;
    p = (unsigned char *)prf_out->value;
    while (desired_output_len > 0) {
        store_uint32_be(i, ns.data);

#ifdef HAVE_HEIMDAL_VERSION
        code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
#else
        code = krb5_c_prf(krbContext, &ctx->rfc3961Key, &ns, &t);
#endif
        if (code != 0)
            goto cleanup;

        memcpy(p, t.data, MIN(t.length, desired_output_len));

        p += t.length;
        desired_output_len -= t.length;
        i++;
    }

cleanup:
    if (code != 0)
        gss_release_buffer(&tmpMinor, prf_out);
    if (ns.data != NULL) {
        memset(ns.data, 0, ns.length);
        GSSEAP_FREE(ns.data);
    }
#ifdef HAVE_HEIMDAL_VERSION
    krb5_crypto_destroy(krbContext, krbCrypto);
    krb5_data_free(&t);
#else
    if (t.data != NULL) {
        memset(t.data, 0, t.length);
        GSSEAP_FREE(t.data);
    }
#endif

    *minor = code;

    return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
}