context.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include "dh_gssapi.h"
/*
* This module contains the implementation of the gssapi context support
* routines for the Diffie-Hellman mechanism.
*
* The GSS routines that are supported by this module are:
* gss_context_time
* gss_delete_sec_context
* gss_inquire_context
* gss_wrap_size_limit
*
* The following routines are not supported for the Diffie-Hellman
* Mechanism at this time.
* gss_export_sec_context
* gss_import_sec_context
*
* The following routine is not supported since it is obsolete in version 2
* of the GSS-API.
* gss_process_context_token.
*
* Note that support for gss_init_sec_context and gss_accept_sec_context is
* found in context_establish.c
*/
{
/* Context is a dh context */
if (minor == 0)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
if (time_remaining == 0)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
/* Validate context */
return (GSS_S_NO_CONTEXT);
/* See if it is always valid */
return (GSS_S_COMPLETE);
}
/* Calculate the remainning time */
/* Return expired if there is no time left */
}
/*
* Delete a Diffie-Hellman context that is pointed to by context.
* On a successfull return *context will be NULL.
*/
{
if (context == 0)
return (GSS_S_CALL_INACCESSIBLE_READ |
/* context is a Diffie-Hellman context */
if (minor == 0)
return (GSS_S_CALL_INACCESSIBLE_WRITE);
/*
* If token then set the length to zero value to zero to indicate
* We indicat a null token since we don't need to send a token to
* the other side.
*/
if (token) {
}
/* Deleting a null context is OK */
return (GSS_S_COMPLETE);
/* Validate the context */
return (GSS_S_NO_CONTEXT);
/* Zero out the session keys! */
/* Unregister the context */
/* Free storage */
/* Set context to NULL */
return (GSS_S_COMPLETE);
}
/*
* Diffie-Hellman mechanism currently does not support exporting and importing
* gss contexts.
*/
/*ARGSUSED*/
{
return (GSS_S_UNAVAILABLE);
}
/*ARGSUSED*/
{
return (GSS_S_UNAVAILABLE);
}
/*
* Get the state of a Diffie-Hellman context
*/
int *local, /* True if we're the initiator */
int *open /* True if the context is established */)
{
OM_uint32 t;
/* context is a Diffie-Hellman */
/* Validate the context */
return (GSS_S_NO_CONTEXT);
/* If the caller wants the mechanism OID set *mech to if we can */
if (mech) {
if (ctx == 0) {
*mech = GSS_C_NO_OID;
return (GSS_S_CALL_INACCESSIBLE_READ);
}
else
}
/* set t to be the time left on the context */
t = GSS_C_INDEFINITE;
else {
}
/* If the caller wants the initiator set *initiator to it. */
if (initiator) {
}
/* If the callers wants the acceptor set *acceptor to it. */
if (acceptor) {
}
/* If the caller wants the time remaining set *time_rec to t */
if (time_rec)
*time_rec = t;
/* Return the flags in flags_rec if set */
if (flags_rec)
/* ditto for local */
if (local)
/* ditto for open */
if (open)
/* return GSS_S_CONTEXT_EXPIRED if no time is left on the context */
}
/*
* __dh_gss_process_context_token.
* This routine is not implemented. It is depricated in version 2.
*/
/*ARGSUSED*/
{
return (GSS_S_UNAVAILABLE);
}
/*
* This implements the gss_wrap_size_limit entry point for Diffie-Hellman
* mechanism. See RFC 2078 for details. The idea here is for a context,
* qop, whether confidentiality is specified, and an output size, return
* the maximum input size that will fit in the given output size. Typically
* the output size would be the MTU of the higher level protocol using the
* GSS-API.
*/
int conf_req, /* True if confidentiality is wanted */
{
if (input_size == 0)
/* We check for valid unexpired context by calling gss_context_time. */
!= GSS_S_COMPLETE)
/* Find the signature size for this qop. */
return (GSS_S_BAD_QOP | stat);
/* Just return if we can't give the caller what he ask for. */
if (stat)
return (stat);
/*
* If we requested confidentiality, get the cipher pad for the
* requested qop. Since we can't support privacy the cipher pad
* is always 1.
*/
if (conf_req)
pad = 1;
/*
* Set up an empty wrap token to calculate header and signature
* overhead.
*/
/* This is the size of an empy wrap token */
/* This is the amount of space left to put our message. */
/* XDR needs to pad to a four byte boundry */
/* We need to pad to pad bytes for encryption (=1 if conf_req = 0) */
/*
* The serialization of the inner message includes
* the original length.
*/
/*
* We now have the space for the inner wrap message, which is also
* XDR encoded and is padded to a four byte boundry.
*/
*input_size = msgsize;
return (GSS_S_COMPLETE);
}