[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Exporting gssapi context, take two

Here is a revised proposal for a Kerberos 5 mechanism-specific interface to
export the gssapi context into a form usable by the kernel for NFSv4.

Again, comments and suggestions are welcome.

K.C.


/*
 * Data declarations
 */

/* (Lifted from MIT header file)
   These are to be stored in little-endian order, i.e., des-mac is
   stored as 02 00.  */
enum sgn_alg {
  SGN_ALG_DES_MAC_MD5           = 0x0000,
  SGN_ALG_MD2_5                 = 0x0001,
  SGN_ALG_DES_MAC               = 0x0002,
  SGN_ALG_3                     = 0x0003, /* not published */
  SGN_ALG_HMAC_MD5              = 0x0011, /* microsoft w2k;  */
  SGN_ALG_HMAC_SHA1_DES3_KD     = 0x0004
};
enum seal_alg {
  SEAL_ALG_NONE            = 0xffff,
  SEAL_ALG_DES             = 0x0000,
  SEAL_ALG_1               = 0x0001, /* not published */
  SEAL_ALG_MICROSOFT_RC4   = 0x0010, /* microsoft w2k;  */
  SEAL_ALG_DES3KD          = 0x0002
};

typedef struct gss_krb5_lucid_key {
	OM_uint32	type;		/* key encryption type */
	OM_uint32	length;		/* length of key data */
	void *		data;		/* actual key data */
} gss_krb5_lucid_key_t;

typedef struct gss_krb5_rfc1964_keydata {
	OM_uint32	sign_alg;	/* signing algorthm */
	OM_uint32	seal_alg;	/* seal/encrypt algorthm */
	gss_krb5_lucid_key_t	ctx_key;
					/* Context key
					   (Kerberos session key or subkey) */
	gss_krb5_lucid_key_t	conf_key;
					/* Encryption key */
} gss_krb5_rfc1964_keydata_t;

typedef struct gss_krb5_cfx_keydata {
	OM_uint32	is_acceptor_subkey; /* 1 if seal_key is an acceptor
					       subkey, 0 otherwise */
	gss_krb5_lucid_key_t	sign_key; /* derived signing key */
	gss_krb5_lucid_key_t	seal_key; /* derived sealing key */
} gss_krb5_cfx_keydata_t;

typedef struct gss_krb5_lucid_context_v1 {
	OM_uint32	version;	/* Structure version number (1)
					   MUST be at beginning of struct! */
	OM_uint32	initiate;	/* Are we the initiator? */
	OM_uint32	endtime;	/* expiration time of context */
	OM_uint64 XXX	send_seq;	/* sender sequence number */
	OM_uint64 XXX	recv_seq;	/* receive sequence number */
	OM_uint32	protocol;	/* 0: rfc1964,
					   1: draft-ietf-krb-wg-gssapi-cfx-07 */
	/*
	 * if (protocol == 0) rfc1964_kd should be used
	 * and cfx_kd contents are invalid and should be zero
	 * if (protocol == 1) cfx_kd should be used
	 * and rfc1964_kd contents are invalid and should be zero
	 */
	gss_krb5_rfc1964_keydata_t rfc1964_kd;
	gss_krb5_cfx_keydata_t     cfx_kd;
} gss_krb5_lucid_context_v1_t;

/*
 * Mask for determining the returned structure version.
 * See example below for usage.
 */
typedef struct gss_krb5_lucid_context_version {
	OM_uint32	version;	/* Structure version number */
} gss_krb5_lucid_context_version_t;



/*
 * Function declarations
 */


/*
 * krb5_gss_set_allowable_enctypes
 *
 * This function may be called by a context initiator after calling
 * gss_acquire_cred(), but before calling gss_init_sec_context(),
 * to restrict the set of enctypes which will be negotiated during
 * context establishment to those in the provided array.
 *
 * 'cred' must be a valid credential handle obtained via
 * gss_acquire_cred().  It may not be GSS_C_NO_CREDENTIAL.
 * gss_acquire_cred() may have been called to get a handle to
 * the default credential.
 *
 * The purpose of this function is to limit the keys that may
 * be exported via krb5_gss_export_lucid_sec_context(); thus it
 * should limit the enctypes of all keys that will be needed
 * after the security context has been established.
 * (i.e. context establishment may use a session key with a
 * stronger enctype than in the provided array, however a
 * subkey must be established within the enctype limits
 * established by this function.)
 *
 */
OM_uint32
krb5_gss_set_allowable_enctypes(OM_uint32 *minor_status, 
				gss_cred_id_t cred,
				OM_uint32 num_ktypes,
				krb5_enctype *ktypes);

/*
 * Returns a non-opaque (lucid) version of the internal context
 * information.  
 *
 * Note that context_handle must not be used again by the caller
 * after this call.  The GSS implementation is free to release any
 * resources associated with the original context.  It is up to the
 * GSS implementation whether it returns pointers to existing data,
 * or copies of the data.  The caller should treat the returned
 * lucid context as read-only.
 * 
 * The caller must call krb5_gss_free_lucid_context() to free
 * the context and allocated resources when it is finished with it.
 *
 * 'version' is an integer indicating the highest version of lucid
 * context understood by the caller.  The highest version
 * understood by both the caller and the GSS implementation must
 * be returned.  The caller can determine which version of the
 * structure was actually returned by examining the version field
 * of the returned structure.  gss_krb5_lucid_context_version_t
 * may be used as a mask to examine the returned structure version.
 *
 * If there are no common versions, an error should be returned.
 * (XXX Need error definition(s))
 *
 * For example:
 *	void *return_ctx;
 *	gss_krb5_lucid_context_v1_t *ctx;
 *	OM_uint32 min_stat, maj_stat;
 *	OM_uint32 vers;
 *	gss_ctx_id_t *ctx_handle;
 *
 *	maj_stat = krb5_gss_export_lucid_sec_context(&min_stat,
 *			ctx_handle, 1, &return_ctx);
 *	/* Verify success */
 *
 *	vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version;
 *	switch (vers) {
 *	case 1:
 *		ctx = (gss_krb5_lucid_context_v1_t *) return_ctx;
 *		break;
 *	default:
 *		/* Error, unknown version returned */
 *		break;
 *	}
 *
 */

OM_uint32
krb5_gss_export_lucid_sec_context(OM_uint32 *minor_status,
				  gss_ctx_id_t *context_handle,
				  OM_uint32 version,
				  void **kctx);

/*
 * Frees the allocated storage associated with an
 * exported struct gss_krb5_lucid_context.
 */
OM_uint32
krb5_gss_free_lucid_sec_context(OM_uint32 *minor_status,
				void *kctx);