diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-09-07 21:13:48 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-09-18 18:22:16 -0400 |
| commit | d750ef3130b76dd079e863ed395eb3620a37386b (patch) | |
| tree | af9702fd08a842a14cf1caf0ac8609fda7021057 /src/lib/gssapi/generic/gssapi_ext.h | |
| parent | 6d53a8bf53c7380598698c3df98c96ab26db63b0 (diff) | |
| download | krb5-d750ef3130b76dd079e863ed395eb3620a37386b.tar.gz krb5-d750ef3130b76dd079e863ed395eb3620a37386b.tar.xz krb5-d750ef3130b76dd079e863ed395eb3620a37386b.zip | |
Add GSSAPI IOV MIC functions
Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov
functions, which work similarly to the corresponding IOV wrap
functions. Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for
the destination buffer.
Most of the internal code for this was already present, and just
needed to be fixed up and adjusted to use the new buffer type for the
MIC token.
ticket: 7705 (new)
Diffstat (limited to 'src/lib/gssapi/generic/gssapi_ext.h')
| -rw-r--r-- | src/lib/gssapi/generic/gssapi_ext.h | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index d8c8b6ab8..9ad44216d 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -238,6 +238,7 @@ typedef struct gss_iov_buffer_desc_struct { #define GSS_IOV_BUFFER_TYPE_PADDING 9 /* Padding */ #define GSS_IOV_BUFFER_TYPE_STREAM 10 /* Complete wrap token */ #define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 /* Sign only packet data */ +#define GSS_IOV_BUFFER_TYPE_MIC_TOKEN 12 /* MIC token destination */ #define GSS_IOV_BUFFER_FLAG_MASK 0xFFFF0000 #define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 /* indicates GSS should allocate */ @@ -326,6 +327,46 @@ OM_uint32 KRB5_CALLCONV gss_wrap_iov_length int); /* iov_count */ /* + * Produce a GSSAPI MIC token for a sequence of buffers. All SIGN_ONLY and + * DATA buffers will be signed, in the order they appear. One MIC_TOKEN buffer + * must be included for the result. Suitable space should be provided for the + * MIC_TOKEN buffer by calling gss_get_mic_iov_length, or the ALLOCATE flag + * should be set on that buffer. If the ALLOCATE flag is used, use + * gss_release_iov_buffer to free the allocated buffer within the iov list when + * it is no longer needed. + */ +OM_uint32 KRB5_CALLCONV gss_get_mic_iov +( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +/* + * Query the MIC_TOKEN buffer length within the iov list. + */ +OM_uint32 KRB5_CALLCONV gss_get_mic_iov_length( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +/* + * Verify the MIC_TOKEN buffer within the iov list against the SIGN_ONLY and + * DATA buffers in the order they appear. Return values are the same as for + * gss_verify_mic. + */ +OM_uint32 KRB5_CALLCONV gss_verify_mic_iov +( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t *, /* qop_state */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +/* * Release buffers that have the ALLOCATED flag set. */ OM_uint32 KRB5_CALLCONV gss_release_iov_buffer |