/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* tests/gssapi/t_pcontok.c - gss_process_context_token tests */
/*
* Copyright (C) 2014 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This test program exercises krb5 gss_process_context_token. It first
* establishes a context to a named target. Then, if the resulting context
* uses RFC 1964, it creates a context deletion token from the acceptor to the
* initiator and passes it to the initiator using gss_process_context_token.
* If the established context uses RFC 4121, this program feeds a made-up
* context token to gss_process_context_token and checks for the expected
* error.
*/
#include "k5-int.h"
#include "common.h"
#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04
#define SGN_ALG_HMAC_MD5 0x11
/*
* Create a valid RFC 1964 context deletion token using the information in *
* lctx. We must do this by hand since we no longer create context deletion
* tokens from gss_delete_sec_context.
*/
static void
make_delete_token(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *out)
{
krb5_error_code ret;
krb5_context context;
krb5_keyblock seqkb;
krb5_key seq;
krb5_checksum cksum;
krb5_cksumtype cktype;
krb5_keyusage ckusage;
krb5_crypto_iov iov;
krb5_data d;
size_t cksize, tlen;
unsigned char *token, *ptr, iv[8];
gss_krb5_lucid_key_t *lkey = &lctx->rfc1964_kd.ctx_key;
int signalg = lctx->rfc1964_kd.sign_alg;
ret = krb5_init_context(&context);
check_k5err(context, "krb5_init_context", ret);
seqkb.enctype = lkey->type;
seqkb.length = lkey->length;
seqkb.contents = lkey->data;
ret = krb5_k_create_key(context, &seqkb, &seq);
check_k5err(context, "krb5_k_create_key", ret);
if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) {
cktype = CKSUMTYPE_HMAC_SHA1_DES3;
cksize = 20;
ckusage = 23;
} else if (signalg == SGN_ALG_HMAC_MD5) {
cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR;
cksize = 8;
ckusage = 15;
} else {
abort();
}
tlen = 20 + mech_krb5.length + cksize;
token = malloc(tlen);
assert(token != NULL);
/* Create the ASN.1 wrapper (4 + mech_krb5.length bytes). Assume the ASN.1
* lengths fit in one byte since deletion tokens are short. */
ptr = token;
*ptr++ = 0x60;
*ptr++ = tlen - 2;
*ptr++ = 0x06;
*ptr++ = mech_krb5.length;
memcpy(ptr, mech_krb5.elements, mech_krb5.length);
ptr += mech_krb5.length;
/* Create the RFC 1964 token header (8 bytes). */
*ptr++ = 0x01;
*ptr++ = 0x02;
store_16_le(signalg, ptr);
ptr += 2;
*ptr++ = 0xFF;
*ptr++ = 0xFF;
*ptr++ = 0xFF;
*ptr++ = 0xFF;
/* Create the checksum (cksize bytes at offset 8 from the header). */
d = make_data(ptr - 8, 8);
ret = krb5_k_make_checksum(context, cktype, seq, ckusage, &d, &cksum);
check_k5err(context, "krb5_k_make_checksum", ret);
memcpy(ptr + 8, cksum.contents, cksize);
/* Create the sequence number (8 bytes). */
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data = make_data(ptr, 8);
ptr[4] = ptr[5] = ptr[6] = ptr[7] = lctx->initiate ? 0 : 0xFF;
memcpy(iv, ptr + 8, 8);
d = make_data(iv, 8);
if (signalg == SGN_ALG_HMAC_MD5) {
store_32_be(lctx->send_seq, ptr);
ret = krb5int_arcfour_gsscrypt(&seq->keyblock, 0, &d, &iov, 1);
check_k5err(context, "krb5int_arcfour_gsscrypt(seq)", ret);
} else {
store_32_le(lctx->send_seq, ptr);
ret = krb5_k_encrypt_iov(context, seq, 24, &d, &iov, 1);
check_k5err(context, "krb5_k_encrypt_iov(seq)", ret);
}
krb5_free_checksum_contents(context, &cksum);
krb5_k_free_key(context, seq);
krb5_free_context(context);
out->length = tlen;
out->value = token;
}
int
main(int argc, char *argv[])
{
OM_uint32 minor, major, flags;
gss_name_t tname;
gss_buffer_desc token, in = GSS_C_EMPTY_BUFFER, out;
gss_ctx_id_t ictx, actx;
gss_krb5_lucid_context_v1_t *lctx;
void *lptr;
assert(argc == 2);
tname = import_name(argv[1]);
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
tname, flags, &ictx, &actx, NULL, NULL, NULL);
/* Export the acceptor context to a lucid context so we can look inside. */
major = gss_krb5_export_lucid_sec_context(&minor, &actx, 1, &lptr);
check_gsserr("gss_export_lucid_sec_context", major, minor);
lctx = lptr;
if (!lctx->protocol) {
/* Make an RFC 1964 context deletion token and pass it to
* gss_process_context_token. */
make_delete_token(lctx, &token);
major = gss_process_context_token(&minor, ictx, &token);
free(token.value);
check_gsserr("gss_process_context_token", major, minor);
/* Check for the appropriate major code from gss_wrap. */
major = gss_wrap(&minor, ictx, 1, GSS_C_QOP_DEFAULT, &in, NULL, &out);
assert(major == GSS_S_NO_CONTEXT);
} else {
/* RFC 4121 defines no context deletion token, so try passing something
* arbitrary and check for the appropriate major code. */
token.value = "abcd";
token.length = 4;
major = gss_process_context_token(&minor, ictx, &token);
assert(major == GSS_S_DEFECTIVE_TOKEN);
}
(void)gss_release_name(&minor, &tname);
(void)gss_delete_sec_context(&minor, &ictx, NULL);
(void)gss_krb5_free_lucid_sec_context(&minor, lptr);
return 0;
}