1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright (c) 1997, by Sun Microsystems, Inc.
24  * All rights reserved.
25  *
26  * Diffie-Hellman GSS protocol descriptions
27  */
28 
29 #ifdef RPC_HDR
30 %/*
31 % *  dhmech_prot.h
32 % *
33 % * Copyright (c) 1997, by Sun Microsystems, Inc.
34 % * All rights reserved.
35 % *
36 % * Diffie-Hellman GSS protocol descriptions
37 % */
38 %
39 %#include <rpc/key_prot.h>
40 #endif
41 
42 /* Token types */
43 
44 enum dh_token_type {
45 	DH_INIT_CNTX = 1,
46 	DH_ACCEPT_CNTX = 2,
47 	DH_MIC = 3,
48 	DH_WRAP = 4,
49 	DH_DESTROY_CNTX = 5
50 };
51 
52 const DH_MAX_CHECKSUM_SIZE = 128;
53 const DH_PROTO_VERSION = 1;
54 const DH_MAX_SESSION_KEYS = 64;
55 
56 typedef opaque dh_buffer_desc<>;
57 typedef dh_buffer_desc *dh_buffer_t;
58 typedef opaque dh_signature<DH_MAX_CHECKSUM_SIZE>; /* Encrypted checksum */
59 typedef dh_signature *dh_signature_t;
60 typedef des_block dh_key_set<DH_MAX_SESSION_KEYS>;
61 typedef dh_key_set *dh_key_set_t;
62 typedef unsigned int dh_qop_t;
63 
64 struct dh_channel_binding_desc {
65 	unsigned initiator_addrtype;
66 	dh_buffer_desc initiator_address;
67 	unsigned acceptor_addrtype;
68 	dh_buffer_desc acceptor_address;
69 	dh_buffer_desc application_data;
70 };
71 typedef dh_channel_binding_desc *dh_channel_binding_t;
72 
73 struct dh_cntx_desc {
74 	netnamestr remote;
75 	netnamestr local;
76 	unsigned flags;		/* Supported flag values from
77 				 * gss_init_sec_context/gss_accept_sec_context
78 				 */
79 	unsigned expire;
80 	dh_channel_binding_t channel;
81 };
82 typedef dh_cntx_desc *dh_cntx_t;
83 
84 struct dh_init_context_desc {
85 	dh_cntx_desc	cntx;
86 	dh_key_set keys;	/* Session keys encrypted
87 				 * with the common key
88 				 */
89 };
90 typedef dh_init_context_desc *dh_init_context_t;
91 
92 struct dh_accept_context_desc {
93 	dh_cntx_desc cntx;
94 };
95 typedef dh_accept_context_desc *dh_accept_context_t;
96 
97 struct dh_mic_desc {
98 	dh_qop_t qop;
99 	unsigned seqnum;
100 	bool client_flag;	/* True if from  client (context initator). */
101 };
102 typedef dh_mic_desc *dh_mic_t;
103 
104 struct dh_wrap_desc {
105 	dh_mic_desc mic;
106 	bool conf_flag;
107 	opaque body<>;		/*
108 				 * If conf_flag, then body is an encrypted
109 				 * serialize opaque msg<>
110 				 */
111 };
112 typedef dh_wrap_desc *dh_wrap_t;
113 
114 union dh_token_body_desc switch (dh_token_type type) {
115 	case DH_INIT_CNTX:
116 		dh_init_context_desc init_context;
117 	case DH_ACCEPT_CNTX:
118 		dh_accept_context_desc accept_context;
119 	case DH_MIC:
120 		dh_mic_desc sign;
121 	case DH_WRAP:
122 		dh_wrap_desc seal;
123 	case DH_DESTROY_CNTX:
124 		void;
125 };
126 typedef dh_token_body_desc *dh_token_body_t;
127 
128 /*
129  * We define a discriminated union to handle different versions of the
130  * protocal. We will always have a verifier follow this versioned body
131  * as the last member of the token.
132  *
133  * Currently there is only one version, DH_PROTO_VERSION (1).
134  */
135 union dh_version switch (unsigned verno) {
136 	case DH_PROTO_VERSION:
137 		dh_token_body_desc body;
138 };
139 
140 /*
141  * Note: All versions of the Diffie-Hellman protocol will provide a
142  * verifier as the last part of a token. In this way we will always
143  * be able to calucate the signature over the entire versioned body of the
144  * the token.
145  */
146 
147 struct dh_token_desc {
148 	dh_version ver;
149 	dh_signature verifier;
150 };
151 typedef dh_token_desc *dh_token_t;
152 
153 /*
154  * The token return from gss_init_sec_context will be as follows:
155  *
156  *	0x60	tag for APPLICATION 0, SEQUENCE  (constructed, definite length)
157  * 	<length>  DER encoded
158  *	0x06	tag for OID, the mech type.
159  *	<mech type> DER encoded
160  *	token_desc   XDR encoded
161  */
162