2 * Copyright (c) 2019-2020, AuriStor, Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * - Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
20 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
28 * OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "mech_locl.h"
35 * An internal API (for now) to return a mechglue context handle given
36 * a session key that can provide RFC 4121 compatible message protection
37 * and PRF services. Used by SAnon. The implementation of those services
38 * is currently provided by the krb5 GSS mechanism but that is opaque to
39 * the caller (minor status codes notwithstanding).
42 _gss_mg_import_rfc4121_context(OM_uint32
*minor
,
43 uint8_t initiator_flag
,
45 int32_t rfc3961_enctype
,
46 gss_const_buffer_t session_key
,
47 gss_ctx_id_t
*rfc4121_context_handle
)
49 OM_uint32 major
= GSS_S_FAILURE
, tmpMinor
;
53 gss_buffer_desc rfc4121_args
= GSS_C_EMPTY_BUFFER
;
58 *rfc4121_context_handle
= GSS_C_NO_CONTEXT
;
60 sp
= krb5_storage_emem();
66 krb5_storage_set_byteorder(sp
, KRB5_STORAGE_BYTEORDER_HOST
);
69 * The arguments GSS_KRB5_IMPORT_RFC4121_CONTEXT_X are the serialized
70 * form of initiator_flag || flags || keytype || session_key. The session
71 * key length is inferred from the keytype.
73 ret
= krb5_store_uint8(sp
, initiator_flag
);
77 ret
= krb5_store_uint32(sp
, gss_flags
);
81 ret
= krb5_store_int32(sp
, rfc3961_enctype
);
85 if (krb5_storage_write(sp
, session_key
->value
, session_key
->length
)
86 != session_key
->length
) {
91 ret
= krb5_storage_to_data(sp
, &d
);
95 rfc4121_args
.length
= d
.length
;
96 rfc4121_args
.value
= d
.data
;
98 major
= gss_set_sec_context_option(minor
, rfc4121_context_handle
,
99 GSS_KRB5_IMPORT_RFC4121_CONTEXT_X
,
103 _gss_secure_release_buffer(&tmpMinor
, &rfc4121_args
);
104 krb5_storage_free(sp
);
106 if (major
== GSS_S_FAILURE
&& *minor
== 0)