Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1ac3719a22
Branches Tags
linux-vybrid_pu...
/
include
/
linux
/
sunrpc
/
gss_krb5.h

gss_krb5.h 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185 
  1. /*
    2. 

  2.  *  linux/include/linux/sunrpc/gss_krb5_types.h
    3. 

  3.  *
    4. 

  4.  *  Adapted from MIT Kerberos 5-1.2.1 lib/include/krb5.h,
    5. 

  5.  *  lib/gssapi/krb5/gssapiP_krb5.h, and others
    6. 

  6.  *
    7. 

  7.  *  Copyright (c) 2000 The Regents of the University of Michigan.
    8. 

  8.  *  All rights reserved.
    9. 

  9.  *
    10. 

  10.  *  Andy Adamson   <andros@umich.edu>
    11. 

  11.  *  Bruce Fields   <bfields@umich.edu>
    12. 

  12.  */
    13. 

  13. 

  14. /*
    15. 

  15.  * Copyright 1995 by the Massachusetts Institute of Technology.
    16. 

  16.  * All Rights Reserved.
    17. 

  17.  *
    18. 

  18.  * Export of this software from the United States of America may
    19. 

  19.  *   require a specific license from the United States Government.
    20. 

  20.  *   It is the responsibility of any person or organization contemplating
    21. 

  21.  *   export to obtain such a license before exporting.
    22. 

  22.  *
    23. 

  23.  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
    24. 

  24.  * distribute this software and its documentation for any purpose and
    25. 

  25.  * without fee is hereby granted, provided that the above copyright
    26. 

  26.  * notice appear in all copies and that both that copyright notice and
    27. 

  27.  * this permission notice appear in supporting documentation, and that
    28. 

  28.  * the name of M.I.T. not be used in advertising or publicity pertaining
    29. 

  29.  * to distribution of the software without specific, written prior
    30. 

  30.  * permission.  Furthermore if you modify this software you must label
    31. 

  31.  * your software as modified software and not distribute it in such a
    32. 

  32.  * fashion that it might be confused with the original M.I.T. software.
    33. 

  33.  * M.I.T. makes no representations about the suitability of
    34. 

  34.  * this software for any purpose.  It is provided "as is" without express
    35. 

  35.  * or implied warranty.
    36. 

  36.  *
    37. 

  37.  */
    38. 

  38. 

  39. #include <linux/sunrpc/auth_gss.h>
    40. 

  40. #include <linux/sunrpc/gss_err.h>
    41. 

  41. #include <linux/sunrpc/gss_asn1.h>
    42. 

  42. 

  43. /* Maximum checksum function output for the supported crypto algorithms */
    44. 

  44. #define GSS_KRB5_MAX_CKSUM_LEN  (20)
    45. 

  45. 

  46. /* Maximum blocksize for the supported crypto algorithms */
    47. 

  47. #define GSS_KRB5_MAX_BLOCKSIZE  (16)
    48. 

  48. 

  49. struct krb5_ctx {
    50. 

  50. 	int			initiate; /* 1 = initiating, 0 = accepting */
    51. 

  51. 	u32			enctype;
    52. 

  52. 	struct crypto_blkcipher	*enc;
    53. 

  53. 	struct crypto_blkcipher	*seq;
    54. 

  54. 	s32			endtime;
    55. 

  55. 	u32			seq_send;
    56. 

  56. 	struct xdr_netobj	mech_used;
    57. 

  57. };
    58. 

  58. 

  59. extern spinlock_t krb5_seq_lock;
    60. 

  60. 

  61. /* The length of the Kerberos GSS token header */
    62. 

  62. #define GSS_KRB5_TOK_HDR_LEN	(16)
    63. 

  63. 

  64. #define KG_TOK_MIC_MSG    0x0101
    65. 

  65. #define KG_TOK_WRAP_MSG   0x0201
    66. 

  66. 

  67. enum sgn_alg {
    68. 

  68. 	SGN_ALG_DES_MAC_MD5 = 0x0000,
    69. 

  69. 	SGN_ALG_MD2_5 = 0x0001,
    70. 

  70. 	SGN_ALG_DES_MAC = 0x0002,
    71. 

  71. 	SGN_ALG_3 = 0x0003,		/* not published */
    72. 

  72. 	SGN_ALG_HMAC_MD5 = 0x0011,	/* microsoft w2k; no support */
    73. 

  73. 	SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004
    74. 

  74. };
    75. 

  75. enum seal_alg {
    76. 

  76. 	SEAL_ALG_NONE = 0xffff,
    77. 

  77. 	SEAL_ALG_DES = 0x0000,
    78. 

  78. 	SEAL_ALG_1 = 0x0001,		/* not published */
    79. 

  79. 	SEAL_ALG_MICROSOFT_RC4 = 0x0010,/* microsoft w2k; no support */
    80. 

  80. 	SEAL_ALG_DES3KD = 0x0002
    81. 

  81. };
    82. 

  82. 

  83. #define CKSUMTYPE_CRC32			0x0001
    84. 

  84. #define CKSUMTYPE_RSA_MD4		0x0002
    85. 

  85. #define CKSUMTYPE_RSA_MD4_DES		0x0003
    86. 

  86. #define CKSUMTYPE_DESCBC		0x0004
    87. 

  87. #define CKSUMTYPE_RSA_MD5		0x0007
    88. 

  88. #define CKSUMTYPE_RSA_MD5_DES		0x0008
    89. 

  89. #define CKSUMTYPE_NIST_SHA		0x0009
    90. 

  90. #define CKSUMTYPE_HMAC_SHA1_DES3	0x000c
    91. 

  91. 

  92. /* from gssapi_err_krb5.h */
    93. 

  93. #define KG_CCACHE_NOMATCH                        (39756032L)
    94. 

  94. #define KG_KEYTAB_NOMATCH                        (39756033L)
    95. 

  95. #define KG_TGT_MISSING                           (39756034L)
    96. 

  96. #define KG_NO_SUBKEY                             (39756035L)
    97. 

  97. #define KG_CONTEXT_ESTABLISHED                   (39756036L)
    98. 

  98. #define KG_BAD_SIGN_TYPE                         (39756037L)
    99. 

  99. #define KG_BAD_LENGTH                            (39756038L)
    100. 

  100. #define KG_CTX_INCOMPLETE                        (39756039L)
    101. 

  101. #define KG_CONTEXT                               (39756040L)
    102. 

  102. #define KG_CRED                                  (39756041L)
    103. 

  103. #define KG_ENC_DESC                              (39756042L)
    104. 

  104. #define KG_BAD_SEQ                               (39756043L)
    105. 

  105. #define KG_EMPTY_CCACHE                          (39756044L)
    106. 

  106. #define KG_NO_CTYPES                             (39756045L)
    107. 

  107. 

  108. /* per Kerberos v5 protocol spec crypto types from the wire. 
    109. 

  109.  * these get mapped to linux kernel crypto routines.  
    110. 

  110.  */
    111. 

  111. #define ENCTYPE_NULL            0x0000
    112. 

  112. #define ENCTYPE_DES_CBC_CRC     0x0001	/* DES cbc mode with CRC-32 */
    113. 

  113. #define ENCTYPE_DES_CBC_MD4     0x0002	/* DES cbc mode with RSA-MD4 */
    114. 

  114. #define ENCTYPE_DES_CBC_MD5     0x0003	/* DES cbc mode with RSA-MD5 */
    115. 

  115. #define ENCTYPE_DES_CBC_RAW     0x0004	/* DES cbc mode raw */
    116. 

  116. /* XXX deprecated? */
    117. 

  117. #define ENCTYPE_DES3_CBC_SHA    0x0005	/* DES-3 cbc mode with NIST-SHA */
    118. 

  118. #define ENCTYPE_DES3_CBC_RAW    0x0006	/* DES-3 cbc mode raw */
    119. 

  119. #define ENCTYPE_DES_HMAC_SHA1   0x0008
    120. 

  120. #define ENCTYPE_DES3_CBC_SHA1   0x0010
    121. 

  121. #define ENCTYPE_UNKNOWN         0x01ff
    122. 

  122. 

  123. /*
    124. 

  124.  * This compile-time check verifies that we will not exceed the
    125. 

  125.  * slack space allotted by the client and server auth_gss code
    126. 

  126.  * before they call gss_wrap().
    127. 

  127.  */
    128. 

  128. #define GSS_KRB5_MAX_SLACK_NEEDED \
    129. 

  129. 	(GSS_KRB5_TOK_HDR_LEN     /* gss token header */         \
    130. 

  130. 	+ GSS_KRB5_MAX_CKSUM_LEN  /* gss token checksum */       \
    131. 

  131. 	+ GSS_KRB5_MAX_BLOCKSIZE  /* confounder */               \
    132. 

  132. 	+ GSS_KRB5_MAX_BLOCKSIZE  /* possible padding */         \
    133. 

  133. 	+ GSS_KRB5_TOK_HDR_LEN    /* encrypted hdr in v2 token */\
    134. 

  134. 	+ GSS_KRB5_MAX_CKSUM_LEN  /* encryption hmac */          \
    135. 

  135. 	+ 4 + 4                   /* RPC verifier */             \
    136. 

  136. 	+ GSS_KRB5_TOK_HDR_LEN                                   \
    137. 

  137. 	+ GSS_KRB5_MAX_CKSUM_LEN)
    138. 

  138. 

  139. s32
    140. 

  140. make_checksum(char *, char *header, int hdrlen, struct xdr_buf *body,
    141. 

  141. 		   int body_offset, struct xdr_netobj *cksum);
    142. 

  142. 

  143. u32 gss_get_mic_kerberos(struct gss_ctx *, struct xdr_buf *,
    144. 

  144. 		struct xdr_netobj *);
    145. 

  145. 

  146. u32 gss_verify_mic_kerberos(struct gss_ctx *, struct xdr_buf *,
    147. 

  147. 		struct xdr_netobj *);
    148. 

  148. 

  149. u32
    150. 

  150. gss_wrap_kerberos(struct gss_ctx *ctx_id, int offset,
    151. 

  151. 		struct xdr_buf *outbuf, struct page **pages);
    152. 

  152. 

  153. u32
    154. 

  154. gss_unwrap_kerberos(struct gss_ctx *ctx_id, int offset,
    155. 

  155. 		struct xdr_buf *buf);
    156. 

  156. 

  157. 

  158. u32
    159. 

  159. krb5_encrypt(struct crypto_blkcipher *key,
    160. 

  160. 	     void *iv, void *in, void *out, int length);
    161. 

  161. 

  162. u32
    163. 

  163. krb5_decrypt(struct crypto_blkcipher *key,
    164. 

  164. 	     void *iv, void *in, void *out, int length); 
    165. 

  165. 

  166. int
    167. 

  167. gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *outbuf,
    168. 

  168. 		    int offset, struct page **pages);
    169. 

  169. 

  170. int
    171. 

  171. gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
    172. 

  172. 		    int offset);
    173. 

  173. 

  174. s32
    175. 

  175. krb5_make_seq_num(struct crypto_blkcipher *key,
    176. 

  176. 		int direction,
    177. 

  177. 		u32 seqnum, unsigned char *cksum, unsigned char *buf);
    178. 

  178. 

  179. s32
    180. 

  180. krb5_get_seq_num(struct crypto_blkcipher *key,
    181. 

  181. 	       unsigned char *cksum,
    182. 

  182. 	       unsigned char *buf, int *direction, u32 *seqnum);
    183. 

  183. 

  184. int
    185. 

  185. xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen);
    186.