X-Git-Url: http://www.project-moonshot.org/gitweb/?p=moonshot.git;a=blobdiff_plain;f=mech_eap%2Futil.h;h=e5376a6dad2d2027df88baf2887398f142c19033;hp=b3399be19862d281a4fd1cd84467ab9f0dab0fc5;hb=49fe654233ffe718cb78867964c540cac547dfe9;hpb=de13ec1bef665ffca5093daa5e957018cc0bc5b8 diff --git a/mech_eap/util.h b/mech_eap/util.h index b3399be..e5376a6 100644 --- a/mech_eap/util.h +++ b/mech_eap/util.h @@ -164,46 +164,65 @@ enum gss_eap_token_type { TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */ }; +struct gss_eap_itok_map { + OM_uint32 type; /* inner token type */ + OM_uint32 flag; /* context flag */ +}; + /* inner token types and flags */ -#define ITOK_TYPE_NONE 0x00000000 -#define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */ -#define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */ -#define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */ -#define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */ -#define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */ -#define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* critical, required, if not reauth */ -#define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */ -#define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */ -#define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */ -#define ITOK_TYPE_VERSION_INFO 0x0000000A /* optional */ -#define ITOK_TYPE_VENDOR_INFO 0x0000000B /* optional */ - -#define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */ -#define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */ - -#define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED)) +#define ITOK_TYPE_NONE 0x00000000 +#define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */ +#define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */ +#define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */ +#define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */ +#define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */ +#define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* optional */ +#define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */ +#define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */ +#define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */ +#define ITOK_TYPE_GSS_FLAGS 0x0000000A /* optional */ +#define ITOK_TYPE_INITIATOR_MIC 0x0000000B /* required */ +#define ITOK_TYPE_ACCEPTOR_MIC 0x0000000C /* required */ +#define ITOK_TYPE_SUPPORTED_ACCEPTOR_EXTS 0x0000000D /* optional */ +#define ITOK_TYPE_SUPPORTED_INITIATOR_EXTS 0x0000000E /* optional */ + +/* experimental */ +#define ITOK_TYPE_VERSION_INFO 0x00000080 /* optional */ +#define ITOK_TYPE_VENDOR_INFO 0x00000081 /* optional */ + +#define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */ +#define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */ + +#define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED)) + +#define ITOK_HEADER_LENGTH 8 /* type || length */ + +#define GSSEAP_WIRE_FLAGS_MASK ( GSS_C_MUTUAL_FLAG ) OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx); OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx); OM_uint32 -gssEapMakeToken(OM_uint32 *minor, - gss_ctx_id_t ctx, - const gss_buffer_t innerToken, - enum gss_eap_token_type tokenType, - gss_buffer_t outputToken); +gssEapContextTime(OM_uint32 *minor, + gss_ctx_id_t context_handle, + OM_uint32 *time_rec); OM_uint32 -gssEapVerifyToken(OM_uint32 *minor, - gss_ctx_id_t ctx, - const gss_buffer_t inputToken, - enum gss_eap_token_type *tokenType, - gss_buffer_t innerInputToken); +gssEapGetConversationMIC(OM_uint32 *minor, + gss_ctx_id_t ctx, + gss_buffer_t convMIC); OM_uint32 -gssEapContextTime(OM_uint32 *minor, - gss_ctx_id_t context_handle, - OM_uint32 *time_rec); +gssEapVerifyConversationMIC(OM_uint32 *minor, + gss_ctx_id_t ctx, + const gss_buffer_t convMIC); + +OM_uint32 +gssEapMakeTokenChannelBindings(OM_uint32 *minor, + gss_ctx_id_t ctx, + gss_channel_bindings_t userBindings, + gss_buffer_t inputToken, + gss_channel_bindings_t wireBindings); /* util_cred.c */ OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred); @@ -604,7 +623,7 @@ struct gss_eap_sm { }; /* state machine flags, set by handler */ -#define SM_FLAG_FORCE_SEND_TOKEN 0x00000001 /* send token even if no inner tokens */ +#define SM_FLAG_SEND_TOKEN 0x00000001 /* exit state machine, send token */ #define SM_FLAG_OUTPUT_TOKEN_CRITICAL 0x00000002 /* output token is critical */ /* state machine flags, set by state machine */ @@ -631,24 +650,48 @@ gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state); /* util_token.c */ OM_uint32 -gssEapEncodeInnerTokens(OM_uint32 *minor, - gss_buffer_set_t extensions, - OM_uint32 *types, - gss_buffer_t buffer); -OM_uint32 gssEapDecodeInnerTokens(OM_uint32 *minor, const gss_buffer_t buffer, gss_buffer_set_t *pExtensions, OM_uint32 **pTypes); +OM_uint32 +gssEapRecordContextTokenHeader(OM_uint32 *minor, + gss_ctx_id_t ctx, + enum gss_eap_token_type tokType); + +OM_uint32 +gssEapRecordInnerContextToken(OM_uint32 *minor, + gss_ctx_id_t ctx, + gss_buffer_t innerToken, + OM_uint32 type); + +OM_uint32 +gssEapVerifyContextToken(OM_uint32 *minor, + gss_ctx_id_t ctx, + const gss_buffer_t inputToken, + enum gss_eap_token_type tokenType, + gss_buffer_t innerInputToken); + +OM_uint32 +gssEapEncodeSupportedExts(OM_uint32 *minor, + OM_uint32 *types, + size_t typesCount, + gss_buffer_t outputToken); + +OM_uint32 +gssEapProcessSupportedExts(OM_uint32 *minor, + gss_buffer_t inputToken, + struct gss_eap_itok_map *map, + size_t mapCount, + OM_uint32 *flags); + size_t -tokenSize(const gss_OID_desc *mech, size_t body_size); +tokenSize(size_t bodySize); void -makeTokenHeader(const gss_OID_desc *mech, - size_t body_size, - unsigned char **buf, - enum gss_eap_token_type tok_type); +makeTokenHeader(size_t body_size, + unsigned char **buf); OM_uint32 verifyTokenHeader(OM_uint32 *minor,