2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A * This module contains the implementation of the gssapi context support 2N/A * routines for the Diffie-Hellman mechanism. 2N/A * The GSS routines that are supported by this module are: 2N/A * gss_delete_sec_context 2N/A * gss_inquire_context 2N/A * gss_wrap_size_limit 2N/A * The following routines are not supported for the Diffie-Hellman 2N/A * Mechanism at this time. 2N/A * gss_export_sec_context 2N/A * gss_import_sec_context 2N/A * The following routine is not supported since it is obsolete in version 2 2N/A * gss_process_context_token. 2N/A * Note that support for gss_init_sec_context and gss_accept_sec_context is 2N/A /* Context is a dh context */ 2N/A /* Validate context */ 2N/A /* See if it is always valid */ 2N/A /* Calculate the remainning time */ 2N/A /* Return expired if there is no time left */ 2N/A * Delete a Diffie-Hellman context that is pointed to by context. 2N/A * On a successfull return *context will be NULL. 2N/A /* context is a Diffie-Hellman context */ 2N/A * If token then set the length to zero value to zero to indicate 2N/A * We indicat a null token since we don't need to send a token to 2N/A /* Deleting a null context is OK */ 2N/A /* Validate the context */ 2N/A /* Zero out the session keys! */ 2N/A /* Unregister the context */ 2N/A /* Set context to NULL */ 2N/A * Diffie-Hellman mechanism currently does not support exporting and importing 2N/A * Get the state of a Diffie-Hellman context 2N/A int *
local,
/* True if we're the initiator */ 2N/A int *
open /* True if the context is established */)
2N/A /* context is a Diffie-Hellman */ 2N/A /* Validate the context */ 2N/A /* If the caller wants the mechanism OID set *mech to if we can */ 2N/A /* set t to be the time left on the context */ 2N/A /* If the caller wants the initiator set *initiator to it. */ 2N/A /* If the callers wants the acceptor set *acceptor to it. */ 2N/A /* If the caller wants the time remaining set *time_rec to t */ 2N/A /* Return the flags in flags_rec if set */ 2N/A /* ditto for local */ 2N/A /* ditto for open */ 2N/A /* return GSS_S_CONTEXT_EXPIRED if no time is left on the context */ 2N/A * __dh_gss_process_context_token. 2N/A * This routine is not implemented. It is depricated in version 2. 2N/A * This implements the gss_wrap_size_limit entry point for Diffie-Hellman 2N/A * mechanism. See RFC 2078 for details. The idea here is for a context, 2N/A * qop, whether confidentiality is specified, and an output size, return 2N/A * the maximum input size that will fit in the given output size. Typically 2N/A * the output size would be the MTU of the higher level protocol using the 2N/A /* We check for valid unexpired context by calling gss_context_time. */ 2N/A /* Find the signature size for this qop. */ 2N/A /* Just return if we can't give the caller what he ask for. */ 2N/A * If we requested confidentiality, get the cipher pad for the 2N/A * requested qop. Since we can't support privacy the cipher pad 2N/A * Set up an empty wrap token to calculate header and signature 2N/A /* This is the size of an empy wrap token */ 2N/A /* This is the amount of space left to put our message. */ 2N/A /* XDR needs to pad to a four byte boundry */ 2N/A /* We need to pad to pad bytes for encryption (=1 if conf_req = 0) */ 2N/A * The serialization of the inner message includes 2N/A * the original length. 2N/A * We now have the space for the inner wrap message, which is also 2N/A * XDR encoded and is padded to a four byte boundry.