svn rev #21556: branches/mskrb-integ/src/lib/gssapi/mechglue/
lhoward@MIT.EDU
lhoward at MIT.EDU
Sun Dec 21 00:04:50 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21556
Commit By: lhoward
Log Message:
If a mechanism does not implement gss_seal/gss_unseal, then layer
mechglue shims on top of gss_wrap_aead/gss_unwrap_aead first, then
gss_wrap_iov/gss_unwrap_iov. This allows a mechanism to implement
gss_wrap_aead and not gss_seal/gss_wrap_iov, as well as consolidating
the shim code.
Changed Files:
U branches/mskrb-integ/src/lib/gssapi/mechglue/g_seal.c
U branches/mskrb-integ/src/lib/gssapi/mechglue/g_unseal.c
U branches/mskrb-integ/src/lib/gssapi/mechglue/g_unwrap_aead.c
U branches/mskrb-integ/src/lib/gssapi/mechglue/g_wrap_aead.c
U branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h
Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_seal.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/mechglue/g_seal.c 2008-12-20 02:11:58 UTC (rev 21555)
+++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_seal.c 2008-12-21 05:04:47 UTC (rev 21556)
@@ -66,84 +66,6 @@
return (GSS_S_COMPLETE);
}
-static OM_uint32
-gssint_seal_iov_shim(gss_mechanism mech,
- OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- int qop_req,
- gss_buffer_t input_message_buffer,
- int *conf_state,
- gss_buffer_t output_message_buffer)
-{
- gss_iov_buffer_desc iov[4];
- OM_uint32 status;
- size_t offset;
-
- iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
- iov[0].buffer.value = NULL;
- iov[0].buffer.length = 0;
-
- iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
- iov[1].buffer = *input_message_buffer;
-
- iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING;
- iov[2].buffer.value = NULL;
- iov[2].buffer.length = 0;
-
- iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER;
- iov[3].buffer.value = NULL;
- iov[3].buffer.length = 0;
-
- assert(mech->gss_wrap_iov_length);
-
- status = mech->gss_wrap_iov_length(minor_status, context_handle,
- conf_req_flag, (gss_qop_t)qop_req,
- NULL, iov,
- sizeof(iov)/sizeof(iov[0]));
- if (status != GSS_S_COMPLETE) {
- map_error(minor_status, mech);
- return status;
- }
-
- output_message_buffer->length = iov[0].buffer.length +
- iov[1].buffer.length +
- iov[2].buffer.length +
- iov[3].buffer.length;
- output_message_buffer->value = malloc(output_message_buffer->length);
- if (output_message_buffer->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- offset = 0;
-
- iov[0].buffer.value = (unsigned char *)output_message_buffer->value + offset;
- offset += iov[0].buffer.length;
-
- iov[1].buffer.value = (unsigned char *)output_message_buffer->value + offset;
- offset += iov[1].buffer.length;
-
- memcpy(iov[1].buffer.value, input_message_buffer->value, iov[1].buffer.length);
-
- iov[2].buffer.value = (unsigned char *)output_message_buffer->value + offset;
- offset += iov[2].buffer.length;
-
- iov[3].buffer.value = (unsigned char *)output_message_buffer->value + offset;
-
- status = mech->gss_wrap_iov(minor_status, context_handle,
- conf_req_flag, (gss_qop_t)qop_req, conf_state,
- iov, sizeof(iov)/sizeof(iov[0]));
- if (status != GSS_S_COMPLETE) {
- OM_uint32 minor;
-
- map_error(minor_status, mech);
- gss_release_buffer(&minor, output_message_buffer);
- }
-
- return status;
-}
-
OM_uint32 KRB5_CALLCONV
gss_seal (minor_status,
context_handle,
@@ -194,18 +116,20 @@
output_message_buffer);
if (status != GSS_S_COMPLETE)
map_error(minor_status, mech);
- } else if (mech->gss_wrap_iov && mech->gss_wrap_iov_length) {
- status = gssint_seal_iov_shim(mech,
- minor_status,
- ctx->internal_ctx_id,
- conf_req_flag,
- qop_req,
- input_message_buffer,
- conf_state,
- output_message_buffer);
+ } else if (mech->gss_wrap_aead ||
+ (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) {
+ status = gssint_wrap_aead(mech,
+ minor_status,
+ ctx,
+ conf_req_flag,
+ (gss_qop_t)qop_req,
+ GSS_C_NO_BUFFER,
+ input_message_buffer,
+ conf_state,
+ output_message_buffer);
} else
status = GSS_S_UNAVAILABLE;
-
+
return(status);
}
/* EXPORT DELETE END */
Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_unseal.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/mechglue/g_unseal.c 2008-12-20 02:11:58 UTC (rev 21555)
+++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_unseal.c 2008-12-21 05:04:47 UTC (rev 21556)
@@ -28,43 +28,6 @@
#include "mglueP.h"
-static OM_uint32
-gssint_unseal_iov_shim(gss_mechanism mech,
- OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int *conf_state,
- gss_qop_t *qop_state)
-{
- OM_uint32 status;
- gss_iov_buffer_desc iov[2];
-
- iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
- iov[0].buffer = *input_message_buffer;
-
- iov[1].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
- iov[1].buffer.value = NULL;
- iov[1].buffer.length = 0;
-
- assert(mech->gss_unwrap_iov);
-
- status = mech->gss_unwrap_iov(minor_status, context_handle, conf_state,
- qop_state, iov, sizeof(iov)/sizeof(iov[0]));
- if (status == GSS_S_COMPLETE)
- *output_message_buffer = iov[1].buffer;
- else {
- OM_uint32 tmp;
-
- map_error(minor_status, mech);
-
- if (iov[1].type & GSS_IOV_BUFFER_FLAG_ALLOCATED)
- gss_release_buffer(&tmp, &iov[1].buffer);
- }
-
- return status;
-}
-
OM_uint32 KRB5_CALLCONV
gss_unseal (minor_status,
context_handle,
@@ -112,7 +75,6 @@
* select the approprate underlying mechanism routine and
* call it.
*/
-
ctx = (gss_union_ctx_id_t) context_handle;
mech = gssint_get_mechanism (ctx->mech_type);
@@ -126,14 +88,15 @@
qop_state);
if (status != GSS_S_COMPLETE)
map_error(minor_status, mech);
- } else if (mech->gss_unwrap_iov) {
- status = gssint_unseal_iov_shim(mech,
- minor_status,
- ctx->internal_ctx_id,
- input_message_buffer,
- output_message_buffer,
- conf_state,
- (gss_qop_t *)qop_state);
+ } else if (mech->gss_unwrap_aead || mech->gss_unwrap_iov) {
+ status = gssint_unwrap_aead(mech,
+ minor_status,
+ ctx,
+ input_message_buffer,
+ GSS_C_NO_BUFFER,
+ output_message_buffer,
+ conf_state,
+ (gss_qop_t *)qop_state);
} else
status = GSS_S_UNAVAILABLE;
Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_unwrap_aead.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/mechglue/g_unwrap_aead.c 2008-12-20 02:11:58 UTC (rev 21555)
+++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_unwrap_aead.c 2008-12-21 05:04:47 UTC (rev 21556)
@@ -62,14 +62,14 @@
}
static OM_uint32
-gssint_wrap_aead_iov_shim(gss_mechanism mech,
- OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t input_assoc_buffer,
- gss_buffer_t output_payload_buffer,
- int *conf_state,
- gss_qop_t *qop_state)
+gssint_unwrap_aead_iov_shim(gss_mechanism mech,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
{
OM_uint32 status;
gss_iov_buffer_desc iov[3];
@@ -85,7 +85,7 @@
i++;
}
- iov[i].type = GSS_IOV_BUFFER_TYPE_DATA;
+ iov[i].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
iov[i].buffer.value = NULL;
iov[i].buffer.length = 0;
i++;
@@ -94,14 +94,65 @@
status = mech->gss_unwrap_iov(minor_status, context_handle, conf_state,
qop_state, iov, i);
- if (status != GSS_S_COMPLETE)
+ if (status == GSS_S_COMPLETE) {
+ *output_payload_buffer = iov[i - 1].buffer;
+ } else {
+ OM_uint32 minor;
+
map_error(minor_status, mech);
- *output_payload_buffer = iov[i - 1].buffer;
+ if (iov[i - 1].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
+ gss_release_buffer(&minor, &iov[i - 1].buffer);
+ iov[i - 1].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+ }
+ }
return status;
}
+OM_uint32
+gssint_unwrap_aead (gss_mechanism mech,
+ OM_uint32 *minor_status,
+ gss_union_ctx_id_t ctx,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+{
+ OM_uint32 status;
+
+ assert(mech != NULL);
+ assert(ctx != NULL);
+
+ /* EXPORT DELETE START */
+
+ if (mech->gss_unwrap_aead) {
+ status = mech->gss_unwrap_aead(minor_status,
+ ctx->internal_ctx_id,
+ input_message_buffer,
+ input_assoc_buffer,
+ output_payload_buffer,
+ conf_state,
+ qop_state);
+ if (status != GSS_S_COMPLETE)
+ map_error(minor_status, mech);
+ } else if (mech->gss_unwrap_iov) {
+ status = gssint_unwrap_aead_iov_shim(mech,
+ minor_status,
+ ctx->internal_ctx_id,
+ input_message_buffer,
+ input_assoc_buffer,
+ output_payload_buffer,
+ conf_state,
+ qop_state);
+ } else
+ status = GSS_S_UNAVAILABLE;
+ /* EXPORT DELETE END */
+
+ return (status);
+}
+
OM_uint32 KRB5_CALLCONV
gss_unwrap_aead (minor_status,
context_handle,
@@ -118,7 +169,6 @@
int *conf_state;
gss_qop_t *qop_state;
{
- /* EXPORT DELETE START */
OM_uint32 status;
gss_union_ctx_id_t ctx;
@@ -135,38 +185,14 @@
* select the approprate underlying mechanism routine and
* call it.
*/
-
ctx = (gss_union_ctx_id_t) context_handle;
mech = gssint_get_mechanism (ctx->mech_type);
- if (mech) {
- if (mech->gss_unwrap_aead) {
- status = mech->gss_unwrap_aead(
- minor_status,
- ctx->internal_ctx_id,
- input_message_buffer,
- input_assoc_buffer,
- output_payload_buffer,
- conf_state,
- qop_state);
- if (status != GSS_S_COMPLETE)
- map_error(minor_status, mech);
- } else if (mech->gss_unwrap_iov) {
- status = gssint_wrap_aead_iov_shim(mech,
- minor_status,
- ctx->internal_ctx_id,
- input_message_buffer,
- input_assoc_buffer,
- output_payload_buffer,
- conf_state,
- qop_state);
- } else
- status = GSS_S_UNAVAILABLE;
-
- return(status);
- }
- /* EXPORT DELETE END */
-
- return (GSS_S_BAD_MECH);
+ if (!mech)
+ return (GSS_S_BAD_MECH);
+
+ return gssint_unwrap_aead(mech, minor_status, context_handle,
+ input_message_buffer, input_assoc_buffer,
+ output_payload_buffer, conf_state, qop_state);
}
Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/g_wrap_aead.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/mechglue/g_wrap_aead.c 2008-12-20 02:11:58 UTC (rev 21555)
+++ branches/mskrb-integ/src/lib/gssapi/mechglue/g_wrap_aead.c 2008-12-21 05:04:47 UTC (rev 21556)
@@ -176,6 +176,52 @@
return status;
}
+OM_uint32
+gssint_wrap_aead (gss_mechanism mech,
+ OM_uint32 *minor_status,
+ gss_union_ctx_id_t ctx,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t input_payload_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ /* EXPORT DELETE START */
+ OM_uint32 status;
+
+ assert(ctx != NULL);
+ assert(mech != NULL);
+
+ if (mech->gss_wrap_aead) {
+ status = mech->gss_wrap_aead(minor_status,
+ ctx->internal_ctx_id,
+ conf_req_flag,
+ qop_req,
+ input_assoc_buffer,
+ input_payload_buffer,
+ conf_state,
+ output_message_buffer);
+ if (status != GSS_S_COMPLETE)
+ map_error(minor_status, mech);
+ } else if (mech->gss_wrap_iov && mech->gss_wrap_iov_length) {
+ status = gssint_wrap_aead_iov_shim(mech,
+ minor_status,
+ ctx->internal_ctx_id,
+ conf_req_flag,
+ qop_req,
+ input_assoc_buffer,
+ input_payload_buffer,
+ conf_state,
+ output_message_buffer);
+ } else
+ status = GSS_S_UNAVAILABLE;
+
+ /* EXPORT DELETE END */
+
+ return status;
+}
+
OM_uint32 KRB5_CALLCONV
gss_wrap_aead (minor_status,
context_handle,
@@ -194,11 +240,9 @@
int * conf_state;
gss_buffer_t output_message_buffer;
{
- /* EXPORT DELETE START */
-
OM_uint32 status;
+ gss_mechanism mech;
gss_union_ctx_id_t ctx;
- gss_mechanism mech;
status = val_wrap_aead_args(minor_status, context_handle,
conf_req_flag, qop_req,
@@ -211,40 +255,13 @@
* select the approprate underlying mechanism routine and
* call it.
*/
-
- ctx = (gss_union_ctx_id_t) context_handle;
+ ctx = (gss_union_ctx_id_t)context_handle;
mech = gssint_get_mechanism (ctx->mech_type);
-
- if (mech) {
- if (mech->gss_wrap_aead) {
- status = mech->gss_wrap_aead(
- minor_status,
- ctx->internal_ctx_id,
- conf_req_flag,
- qop_req,
- input_assoc_buffer,
- input_payload_buffer,
- conf_state,
- output_message_buffer);
- if (status != GSS_S_COMPLETE)
- map_error(minor_status, mech);
- } else if (mech->gss_wrap_iov && mech->gss_wrap_iov_length) {
- status = gssint_wrap_aead_iov_shim(mech,
- minor_status,
- ctx->internal_ctx_id,
- conf_req_flag,
- qop_req,
- input_assoc_buffer,
- input_payload_buffer,
- conf_state,
- output_message_buffer);
- } else
- status = GSS_S_UNAVAILABLE;
-
- return(status);
- }
- /* EXPORT DELETE END */
-
- return (GSS_S_BAD_MECH);
-}
+ if (!mech)
+ return (GSS_S_BAD_MECH);
+ return gssint_wrap_aead(mech, minor_status, context_handle,
+ conf_req_flag, qop_req,
+ input_assoc_buffer, input_payload_buffer,
+ conf_state, output_message_buffer);
+}
Modified: branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h 2008-12-20 02:11:58 UTC (rev 21555)
+++ branches/mskrb-integ/src/lib/gssapi/mechglue/mglueP.h 2008-12-21 05:04:47 UTC (rev 21556)
@@ -630,6 +630,27 @@
unsigned int /* max_len */
);
+OM_uint32
+gssint_wrap_aead (gss_mechanism, /* mech */
+ OM_uint32 *, /* minor_status */
+ gss_union_ctx_id_t, /* ctx */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req_flag */
+ gss_buffer_t, /* input_assoc_buffer */
+ gss_buffer_t, /* input_payload_buffer */
+ int *, /* conf_state */
+ gss_buffer_t); /* output_message_buffer */
+OM_uint32
+gssint_unwrap_aead (gss_mechanism, /* mech */
+ OM_uint32 *, /* minor_status */
+ gss_union_ctx_id_t, /* ctx */
+ gss_buffer_t, /* input_message_buffer */
+ gss_buffer_t, /* input_assoc_buffer */
+ gss_buffer_t, /* output_payload_buffer */
+ int *, /* conf_state */
+ gss_qop_t *); /* qop_state */
+
+
/* Use this to map an error code that was returned from a mech
operation; the mech will be asked to produce the associated error
messages.
More information about the cvs-krb5
mailing list