[apple/xnu.git] / bsd / nfs / gss / gss_krb5_mech.h

/*
 * Copyright (c) 2015 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

#include <corecrypto/ccdigest.h>
#include <corecrypto/cchmac.h>
#include <corecrypto/ccsha1.h>
#include <corecrypto/ccdes.h>
#include <corecrypto/ccaes.h>
#include <corecrypto/ccpad.h>

/*
 * GSS-API things from gssapi.h
 */
/*
 * Copyright 1993 by OpenVision Technologies, Inc.
 *
 * Permission to use, copy, modify, distribute, and sell this software
 * and its documentation for any purpose is hereby granted without fee,
 * provided that the above copyright notice appears in all copies and
 * that both that copyright notice and this permission notice appear in
 * supporting documentation, and that the name of OpenVision not be used
 * in advertising or publicity pertaining to distribution of the software
 * without specific, written prior permission. OpenVision makes no
 * representations about the suitability of this software for any
 * purpose.  It is provided "as is" without express or implied warranty.
 *
 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

typedef uint32_t OM_uint32;

#define GSS_S_COMPLETE			0

/*
 * Some "helper" definitions to make the status code macros obvious.
 * From gssapi.h:
 */
#define GSS_C_CALLING_ERROR_OFFSET 24
#define GSS_C_ROUTINE_ERROR_OFFSET 16
#define GSS_C_SUPPLEMENTARY_OFFSET 0
#define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul)
#define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul)
#define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul)

/*
 * The macros that test status codes for error conditions.  Note that the
 * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now
 * evaluates its argument only once.
 */
#define GSS_CALLING_ERROR(x) \
	((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
#define GSS_ROUTINE_ERROR(x) \
	((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
#define GSS_SUPPLEMENTARY_INFO(x) \
	((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
#define GSS_ERROR(x) \
	((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
		(GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))

/*
 * Calling errors:
 */
#define GSS_S_CALL_INACCESSIBLE_READ \
			     (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET)
#define GSS_S_CALL_INACCESSIBLE_WRITE \
			     (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET)
#define GSS_S_CALL_BAD_STRUCTURE \
			     (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET)

/*
 * Routine errors:
 */
#define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DEFECTIVE_CREDENTIAL \
     (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_CREDENTIALS_EXPIRED \
     (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_CONTEXT_EXPIRED \
     (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DUPLICATE_ELEMENT \
     (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NAME_NOT_MN \
     (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET)

/*
 * Supplementary info bits:
 */
#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
#define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4))

#define GSS_C_QOP_DEFAULT 0

/* end of gssapi.h */

/*
 * The following data structures are genenrated from lucid.x in the gssd project
 * and must be kept in sync with that project. This is a more memory efficient
 * representation of the gss_kerb5_lucid_context_v1_t defined in gssapi_krb5.h
 */
struct lucid_key {
	uint32_t etype;
	struct {
		uint32_t key_len;
		uint8_t *key_val;
	} key;
};
typedef struct lucid_key lucid_key;

struct key_data_1964 {
	uint32_t sign_alg;
	uint32_t seal_alg;
};
typedef struct key_data_1964 key_data_1964;

struct key_data_4121 {
	uint32_t acceptor_subkey;
};
typedef struct key_data_4121 key_data_4121;

struct lucid_protocol {
	uint32_t proto;
	union {
		key_data_1964 data_1964;
		key_data_4121 data_4121;
	} lucid_protocol_u;
};
typedef struct lucid_protocol lucid_protocol;

struct lucid_context {
	uint32_t vers;
	uint32_t initiate;
	uint32_t endtime;
	uint64_t send_seq;
	uint64_t recv_seq;
	lucid_protocol key_data;
	lucid_key ctx_key;
};
typedef struct lucid_context lucid_context;

/* end of lucid.x generated data structures */

typedef struct lucid_context *lucid_context_t;
/*
 * Mask for determining the returned structure version.
 * See example below for usage.
 */
typedef struct lucid_context_version {
	uint32_t	version;
	/* Structure version number */
} *lucid_context_version_t;

typedef enum etypes {
	DES3_CBC_SHA1_KD = 16,
	AES128_CTS_HMAC_SHA1_96 = 17,
	AES256_CTS_HMAC_SHA1_96 = 18,
} etypes;

#define KRB5_USAGE_ACCEPTOR_SEAL	22
#define KRB5_USAGE_ACCEPTOR_SIGN	23
#define KRB5_USAGE_INITIATOR_SEAL	24
#define KRB5_USAGE_INITIATOR_SIGN	25
#define KRB5_USAGE_LEN 5

#define GSS_SND 0
#define GSS_RCV 1
#define GSS_C_QOP_REVERSE 0x80000000	/* Pseudo QOP value to use as input to gss_krb5_unwrap to allow Sender to unwrap */

/*
 * Key schedule is the cbc state for encryption and decryption.
 * For DES3 we always use the session key from the lucid context,
 * and in that case Ekey and Ikey will point to the session key.
 */
struct key_schedule {
	cccbc_ctx *enc;
	cccbc_ctx *dec;
	void *ikey[2];		/* Drived integrity key (same length context key); */
};

/*
 * Crypto context that supports AES and DES3 etypes
 * All supported encryption types use hmac with SHA1
 * All are CBC encryption types
 * des3-cbc-sha1            --  7
 * des3-dbc-sha1-kd         -- 16 ???
 * aes128-cts-hmac-sha1-96  -- 17
 * aes256-cts-hmac-sha1-96  -- 18
 */

typedef struct crypto_ctx {
	uint32_t etype;
	uint32_t mpad;           /* Message padding */
	uint32_t flags;
	lck_mtx_t *lock;
	lucid_context_t gss_ctx;  /* Back pointer to lucid context */
	uint32_t keylen;
	void *key;   /* Points to session key from lucid context */
	const struct ccdigest_info *di;
	const struct ccmode_cbc *enc_mode;
	const struct ccmode_cbc *dec_mode;
	struct key_schedule ks;
	uint32_t digest_size;
	void *ckey[2];	/* Derived checksum key. Same as key for DES3 */
} *crypto_ctx_t;

#define CRYPTO_KS_ALLOCED	0x00001
#define CRYPTO_CTS_ENABLE	0x00002

typedef struct gss_ctx_id_desc {
	lucid_context  gss_lucid_ctx;
	struct crypto_ctx  gss_cryptor;
} *gss_ctx_id_t;

typedef struct gss_buffer_desc_struct {
	size_t length;
	void *value;
} gss_buffer_desc, *gss_buffer_t;

uint32_t
gss_release_buffer(uint32_t *,        /* minor_status */
		   gss_buffer_t);


/* Per message interfaces for kerberos gss mech in the kernel */

typedef uint32_t gss_qop_t;

uint32_t
gss_krb5_get_mic_mbuf(uint32_t *,	/* minor_status */
		      gss_ctx_id_t,	/* context_handle */
		      gss_qop_t,	/* qop_req */
		      mbuf_t,		/* message mbuf */
		      size_t,		/* offest */
		      size_t,		/* length */
		      gss_buffer_t	/* message_token */
	);

uint32_t
gss_krb5_get_mic(uint32_t *,	/* minor_status */
		 gss_ctx_id_t,	/* context_handle */
		 gss_qop_t,	/* qop_req */
		 gss_buffer_t,	/* message buffer */
		 gss_buffer_t	/* message_token */
	);

uint32_t
gss_krb5_verify_mic(uint32_t *,		/* minor_status */
		    gss_ctx_id_t,	/* context_handle */
		    gss_buffer_t,	/* message_buffer */
		    gss_buffer_t,	/* message_token */
		    gss_qop_t *		/* qop_state */
	);

uint32_t
gss_krb5_verify_mic_mbuf(uint32_t *,		/* minor_status */
			 gss_ctx_id_t,		/* context_handle */
			 mbuf_t,		/* message_buffer */
			 size_t,		/* offset */
			 size_t,		/* length */
			 gss_buffer_t,		/* message_token */
			 gss_qop_t *		/* qop_state */
	);

uint32_t
gss_krb5_wrap_mbuf(uint32_t *,		/* minor_status */
		   gss_ctx_id_t,	/* context_handle */
		   int,			/* conf_req_flag */
		   gss_qop_t,		/* qop_req */
		   mbuf_t *,		/* input/output message_buffer */
		   size_t,		/* offset */
		   size_t,		/* length */
		   int *		/* conf_state */
	);

uint32_t
gss_krb5_unwrap_mbuf(uint32_t *,	/* minor_status */
		     gss_ctx_id_t,	/* context_handle */
		     mbuf_t *,		/* input/output message_buffer */
		     size_t,		/* offset */
		     size_t,		/* length */
		     int *,		/* conf_state */
		     gss_qop_t *	/* qop state */
	);

void gss_krb5_destroy_context(gss_ctx_id_t);

gss_ctx_id_t gss_krb5_make_context(void *, uint32_t);

void gss_krb5_mech_init(void);

int corecrypto_available(void);

errno_t gss_normalize_mbuf(mbuf_t, size_t, size_t *, mbuf_t *, mbuf_t *, int);

mbuf_t gss_join_mbuf(mbuf_t, mbuf_t, mbuf_t);

typedef struct hmac_ctx_struct {
	size_t keylen;
	uint8_t *key;
	ccdigest_ctx_t di_ctx;
} hmac_ctx, hmac_ctx_t[1];

void hmac_init(const struct ccdigest_info *, hmac_ctx_t, size_t, void *);
void hmac_update(const struct ccdigest_info *, hmac_ctx_t, size_t, void *);
void hmac_final(const struct ccdigest_info *, hmac_ctx_t, uint8_t *);

void printmbuf(const char *, mbuf_t, uint32_t, uint32_t);

void printgbuf(const char *, gss_buffer_t);
Commit	Line	Data
39037602 A	1	/*
	2	* Copyright (c) 2015 Apple Inc. All rights reserved.
	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
	29	#include <corecrypto/ccdigest.h>
	30	#include <corecrypto/cchmac.h>
	31	#include <corecrypto/ccsha1.h>
	32	#include <corecrypto/ccdes.h>
	33	#include <corecrypto/ccaes.h>
	34	#include <corecrypto/ccpad.h>
	35
	36	/*
	37	* GSS-API things from gssapi.h
	38	*/
	39	/*
	40	* Copyright 1993 by OpenVision Technologies, Inc.
	41	*
	42	* Permission to use, copy, modify, distribute, and sell this software
	43	* and its documentation for any purpose is hereby granted without fee,
	44	* provided that the above copyright notice appears in all copies and
	45	* that both that copyright notice and this permission notice appear in
	46	* supporting documentation, and that the name of OpenVision not be used
	47	* in advertising or publicity pertaining to distribution of the software
	48	* without specific, written prior permission. OpenVision makes no
	49	* representations about the suitability of this software for any
	50	* purpose. It is provided "as is" without express or implied warranty.
	51	*
	52	* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
	53	* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
	54	* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
	55	* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
	56	* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
	57	* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
	58	* PERFORMANCE OF THIS SOFTWARE.
	59	*/
	60
	61	typedef uint32_t OM_uint32;
	62
	63	#define GSS_S_COMPLETE 0
	64
65	/*
66	* Some "helper" definitions to make the status code macros obvious.
67	* From gssapi.h:
68	*/
69	#define GSS_C_CALLING_ERROR_OFFSET 24
70	#define GSS_C_ROUTINE_ERROR_OFFSET 16
71	#define GSS_C_SUPPLEMENTARY_OFFSET 0
72	#define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul)
73	#define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul)
74	#define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul)
75
76	/*
77	* The macros that test status codes for error conditions. Note that the
78	* GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now
79	* evaluates its argument only once.
80	*/
81	#define GSS_CALLING_ERROR(x) \
82	((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
83	#define GSS_ROUTINE_ERROR(x) \
84	((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
85	#define GSS_SUPPLEMENTARY_INFO(x) \
86	((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
87	#define GSS_ERROR(x) \
88	((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) \| \
89	(GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
90
91	/*
92	* Calling errors:
93	*/
94	#define GSS_S_CALL_INACCESSIBLE_READ \
95	(((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET)
96	#define GSS_S_CALL_INACCESSIBLE_WRITE \
97	(((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET)
98	#define GSS_S_CALL_BAD_STRUCTURE \
99	(((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET)
100
101	/*
102	* Routine errors:
103	*/
104	#define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET)
105	#define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET)
106	#define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET)
107	#define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET)
108	#define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET)
109	#define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET)
110	#define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET)
111	#define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET)
112	#define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET)
113	#define GSS_S_DEFECTIVE_CREDENTIAL \
114	(((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET)
115	#define GSS_S_CREDENTIALS_EXPIRED \
116	(((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET)
117	#define GSS_S_CONTEXT_EXPIRED \
118	(((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET)
119	#define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET)
120	#define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET)
121	#define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET)
122	#define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET)
123	#define GSS_S_DUPLICATE_ELEMENT \
124	(((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET)
125	#define GSS_S_NAME_NOT_MN \
126	(((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET)
127
128	/*
129	* Supplementary info bits:
130	*/
131	#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
132	#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
133	#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
134	#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
135	#define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
136
137	#define GSS_C_QOP_DEFAULT 0
138
139	/* end of gssapi.h */
140
141	/*
142	* The following data structures are genenrated from lucid.x in the gssd project
143	* and must be kept in sync with that project. This is a more memory efficient
144	* representation of the gss_kerb5_lucid_context_v1_t defined in gssapi_krb5.h
145	*/
146	struct lucid_key {
147	uint32_t etype;
148	struct {
149	uint32_t key_len;
150	uint8_t *key_val;
151	} key;
152	};
153	typedef struct lucid_key lucid_key;
154
155	struct key_data_1964 {
156	uint32_t sign_alg;
157	uint32_t seal_alg;
158	};
159	typedef struct key_data_1964 key_data_1964;
160
161	struct key_data_4121 {
162	uint32_t acceptor_subkey;
163	};
164	typedef struct key_data_4121 key_data_4121;
165
166	struct lucid_protocol {
167	uint32_t proto;
168	union {
169	key_data_1964 data_1964;
170	key_data_4121 data_4121;
171	} lucid_protocol_u;
172	};
173	typedef struct lucid_protocol lucid_protocol;
174
175	struct lucid_context {
176	uint32_t vers;
177	uint32_t initiate;
178	uint32_t endtime;
179	uint64_t send_seq;
180	uint64_t recv_seq;
181	lucid_protocol key_data;
182	lucid_key ctx_key;
183	};
184	typedef struct lucid_context lucid_context;
185
186	/* end of lucid.x generated data structures */
187
188	typedef struct lucid_context *lucid_context_t;
189	/*
190	* Mask for determining the returned structure version.
191	* See example below for usage.
192	*/
193	typedef struct lucid_context_version {
194	uint32_t version;
195	/* Structure version number */
196	} *lucid_context_version_t;
197
198	typedef enum etypes {
199	DES3_CBC_SHA1_KD = 16,
200	AES128_CTS_HMAC_SHA1_96 = 17,
201	AES256_CTS_HMAC_SHA1_96 = 18,
202	} etypes;
203
204	#define KRB5_USAGE_ACCEPTOR_SEAL 22
205	#define KRB5_USAGE_ACCEPTOR_SIGN 23
206	#define KRB5_USAGE_INITIATOR_SEAL 24
207	#define KRB5_USAGE_INITIATOR_SIGN 25
208	#define KRB5_USAGE_LEN 5
209
210	#define GSS_SND 0
211	#define GSS_RCV 1
212	#define GSS_C_QOP_REVERSE 0x80000000 /* Pseudo QOP value to use as input to gss_krb5_unwrap to allow Sender to unwrap */
213
214	/*
215	* Key schedule is the cbc state for encryption and decryption.
216	* For DES3 we always use the session key from the lucid context,
217	* and in that case Ekey and Ikey will point to the session key.
218	*/
219	struct key_schedule {
220	cccbc_ctx *enc;
221	cccbc_ctx *dec;
222	void ikey[2]; / Drived integrity key (same length context key); */
223	};
224
225	/*
226	* Crypto context that supports AES and DES3 etypes
227	* All supported encryption types use hmac with SHA1
228	* All are CBC encryption types
229	* des3-cbc-sha1 -- 7
230	* des3-dbc-sha1-kd -- 16 ???
231	* aes128-cts-hmac-sha1-96 -- 17
232	* aes256-cts-hmac-sha1-96 -- 18
233	*/
234
235	typedef struct crypto_ctx {
236	uint32_t etype;
237	uint32_t mpad; /* Message padding */
238	uint32_t flags;
239	lck_mtx_t *lock;
240	lucid_context_t gss_ctx; /* Back pointer to lucid context */
241	uint32_t keylen;
242	void key; / Points to session key from lucid context */
243	const struct ccdigest_info *di;
244	const struct ccmode_cbc *enc_mode;
245	const struct ccmode_cbc *dec_mode;
246	struct key_schedule ks;
247	uint32_t digest_size;
248	void ckey[2]; / Derived checksum key. Same as key for DES3 */
249	} *crypto_ctx_t;
250
251	#define CRYPTO_KS_ALLOCED 0x00001
252	#define CRYPTO_CTS_ENABLE 0x00002
253
254	typedef struct gss_ctx_id_desc {
255	lucid_context gss_lucid_ctx;
256	struct crypto_ctx gss_cryptor;
257	} *gss_ctx_id_t;
258
259	typedef struct gss_buffer_desc_struct {
260	size_t length;
261	void *value;
262	} gss_buffer_desc, *gss_buffer_t;
263
264	uint32_t
265	gss_release_buffer(uint32_t , / minor_status */
266	gss_buffer_t);
267
268
269	/* Per message interfaces for kerberos gss mech in the kernel */
270
271	typedef uint32_t gss_qop_t;
272
273	uint32_t
274	gss_krb5_get_mic_mbuf(uint32_t , / minor_status */
275	gss_ctx_id_t, /* context_handle */
276	gss_qop_t, /* qop_req */
277	mbuf_t, /* message mbuf */
278	size_t, /* offest */
279	size_t, /* length */
280	gss_buffer_t /* message_token */
281	);
282
283	uint32_t
284	gss_krb5_get_mic(uint32_t , / minor_status */
285	gss_ctx_id_t, /* context_handle */
286	gss_qop_t, /* qop_req */
287	gss_buffer_t, /* message buffer */
288	gss_buffer_t /* message_token */
289	);
290
291	uint32_t
292	gss_krb5_verify_mic(uint32_t , / minor_status */
293	gss_ctx_id_t, /* context_handle */
294	gss_buffer_t, /* message_buffer */
295	gss_buffer_t, /* message_token */
296	gss_qop_t * /* qop_state */
297	);
298
299	uint32_t
300	gss_krb5_verify_mic_mbuf(uint32_t , / minor_status */
301	gss_ctx_id_t, /* context_handle */
302	mbuf_t, /* message_buffer */
303	size_t, /* offset */
304	size_t, /* length */
305	gss_buffer_t, /* message_token */
306	gss_qop_t * /* qop_state */
307	);
308
309	uint32_t
310	gss_krb5_wrap_mbuf(uint32_t , / minor_status */
311	gss_ctx_id_t, /* context_handle */
312	int, /* conf_req_flag */
313	gss_qop_t, /* qop_req */
314	mbuf_t , / input/output message_buffer */
315	size_t, /* offset */
316	size_t, /* length */
317	int * /* conf_state */
318	);
319
320	uint32_t
321	gss_krb5_unwrap_mbuf(uint32_t , / minor_status */
322	gss_ctx_id_t, /* context_handle */
323	mbuf_t , / input/output message_buffer */
324	size_t, /* offset */
325	size_t, /* length */
326	int , / conf_state */
327	gss_qop_t * /* qop state */
328	);
329
330	void gss_krb5_destroy_context(gss_ctx_id_t);
331
332	gss_ctx_id_t gss_krb5_make_context(void *, uint32_t);
333
334	void gss_krb5_mech_init(void);
335
336	int corecrypto_available(void);
337
338	errno_t gss_normalize_mbuf(mbuf_t, size_t, size_t , mbuf_t , mbuf_t *, int);
339
340	mbuf_t gss_join_mbuf(mbuf_t, mbuf_t, mbuf_t);
341
342	typedef struct hmac_ctx_struct {
343	size_t keylen;
344	uint8_t *key;
345	ccdigest_ctx_t di_ctx;
346	} hmac_ctx, hmac_ctx_t[1];
347
348	void hmac_init(const struct ccdigest_info , hmac_ctx_t, size_t, void );
349	void hmac_update(const struct ccdigest_info , hmac_ctx_t, size_t, void );
350	void hmac_final(const struct ccdigest_info , hmac_ctx_t, uint8_t );
351
352	void printmbuf(const char *, mbuf_t, uint32_t, uint32_t);
353
354	void printgbuf(const char *, gss_buffer_t);