summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2012-07-30 18:53:25 -0400
committerSimo Sorce <simo@redhat.com>2012-10-25 15:53:30 -0400
commit996edd872f5c8be5947200fc2dc0d8b32f748d9d (patch)
treeebe21f29c0062fc6346b4334e1dec26221cc328d
parent7bb48311df32689fdb04364ff59b01736aa39985 (diff)
downloadgss-proxy-996edd872f5c8be5947200fc2dc0d8b32f748d9d.tar.gz
gss-proxy-996edd872f5c8be5947200fc2dc0d8b32f748d9d.tar.xz
gss-proxy-996edd872f5c8be5947200fc2dc0d8b32f748d9d.zip
Implement privacy/integrity mechglue wrappers
-rw-r--r--proxy/Makefile.am1
-rw-r--r--proxy/src/mechglue/gpp_priv_integ.c346
-rw-r--r--proxy/src/mechglue/gss_plugin.h74
3 files changed, 421 insertions, 0 deletions
diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index 609b0de..baeff16 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -109,6 +109,7 @@ GP_MECHGLUE_OBJ = \
src/mechglue/gpp_display_status.c \
src/mechglue/gpp_import_and_canon_name.c \
src/mechglue/gpp_indicate_mechs.c \
+ src/mechglue/gpp_priv_integ.c \
src/mechglue/gss_plugin.c
dist_noinst_HEADERS = \
diff --git a/proxy/src/mechglue/gpp_priv_integ.c b/proxy/src/mechglue/gpp_priv_integ.c
new file mode 100644
index 0000000..a27dae4
--- /dev/null
+++ b/proxy/src/mechglue/gpp_priv_integ.c
@@ -0,0 +1,346 @@
+/*
+ GSS-PROXY
+
+ Copyright (C) 2012 Red Hat, Inc.
+ Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
+*/
+
+#include "gss_plugin.h"
+
+OM_uint32 gssi_wrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_message_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_wrap(minor_status, ctx_handle->local,
+ conf_req_flag, qop_req,
+ input_message_buffer, conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 gssi_wrap_size_limit(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_wrap_size_limit(minor_status, ctx_handle->local,
+ conf_req_flag, qop_req,
+ req_output_size, max_input_size);
+}
+
+OM_uint32 gssi_wrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_wrap_iov(minor_status, ctx_handle->local,
+ conf_req_flag, qop_req, conf_state,
+ iov, iov_count);
+}
+
+OM_uint32 gssi_wrap_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_wrap_iov_length(minor_status, ctx_handle->local,
+ conf_req_flag, qop_req, conf_state,
+ iov, iov_count);
+}
+
+OM_uint32 gssi_wrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t input_payload_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_wrap_aead(minor_status, ctx_handle->local,
+ conf_req_flag, qop_req,
+ input_assoc_buffer, input_payload_buffer,
+ conf_state, output_message_buffer);
+}
+
+OM_uint32 gssi_unwrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_unwrap(minor_status, ctx_handle->local,
+ input_message_buffer, output_message_buffer,
+ conf_state, qop_state);
+}
+
+OM_uint32 gssi_unwrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_unwrap_iov(minor_status, ctx_handle->local,
+ conf_state, qop_state, iov, iov_count);
+}
+
+OM_uint32 gssi_unwrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_unwrap_aead(minor_status, ctx_handle->local,
+ input_message_buffer, input_assoc_buffer,
+ output_payload_buffer,
+ conf_state, qop_state);
+}
+
+OM_uint32 gssi_get_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_get_mic(minor_status,
+ ctx_handle->local,
+ qop_req,
+ message_buffer,
+ message_token);
+}
+
+OM_uint32 gssi_verify_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ gss_qop_t *qop_state)
+{
+ struct gpp_context_handle *ctx_handle;
+ OM_uint32 maj, min;
+
+ ctx_handle = (struct gpp_context_handle *)context_handle;
+ if (!ctx_handle) {
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ /* for now we do encryption only locally and only for specific known
+ * mechanisms for which we can export/import the context */
+ if (ctx_handle->remote && !ctx_handle->local) {
+ maj = gpp_remote_to_local_ctx(&min, &ctx_handle->remote,
+ &ctx_handle->local);
+ if (maj != GSS_S_COMPLETE) {
+ *minor_status = gpp_map_error(min);
+ return maj;
+ }
+ }
+
+ return gss_verify_mic(minor_status,
+ ctx_handle->local,
+ message_buffer,
+ message_token,
+ qop_state);
+}
diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h
index 06e4b96..e69e1ec 100644
--- a/proxy/src/mechglue/gss_plugin.h
+++ b/proxy/src/mechglue/gss_plugin.h
@@ -311,4 +311,78 @@ OM_uint32 gssi_inquire_mech_for_saslname(OM_uint32 *minor_status,
const gss_buffer_t sasl_mech_name,
gss_OID *mech_type);
+OM_uint32 gssi_wrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_message_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer);
+
+OM_uint32 gssi_wrap_size_limit(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size);
+
+OM_uint32 gssi_wrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 gssi_wrap_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 gssi_wrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t input_payload_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer);
+
+OM_uint32 gssi_unwrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state);
+
+OM_uint32 gssi_unwrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 gssi_unwrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state);
+
+OM_uint32 gssi_get_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token);
+
+OM_uint32 gssi_verify_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ gss_qop_t *qop_state);
+
#endif /* _GSS_PLUGIN_H_ */