globus_gssapi_gsi 14.20
Loading...
Searching...
No Matches
gssapi_openssl.h
Go to the documentation of this file.
1/*
2 * Copyright 1999-2006 University of Chicago
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef GSSAPI_OPENSSL_H
18#define GSSAPI_OPENSSL_H
19
26#include <stdbool.h>
27
28#include "globus_config.h"
29#include "globus_common.h"
30
31#include "gssapi.h"
33
34#include "globus_gsi_callback.h"
35#include "globus_gsi_proxy.h"
36#include "globus_gsi_credential.h"
37
38#include <stdio.h>
39#include "openssl/ssl.h"
40#include "openssl/err.h"
41#include "openssl/bio.h"
42#include "openssl/pem.h"
43#include "openssl/x509.h"
44#include "openssl/x509v3.h"
45#include "openssl/stack.h"
46
47#define GLOBUS_I_GSI_GSSAPI_IMPL_VERSION 1
48
49#define GSS_I_CTX_INITIALIZED 1
50#define GSS_I_DISALLOW_ENCRYPTION 2
51#define GSS_I_PROTECTION_FAIL_ON_CONTEXT_EXPIRATION 4
52#define GSS_I_APPLICATION_WILL_HANDLE_EXTENSIONS 8
53
54#define GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG 1
55
56/*
57 * we need to distinguish between a token
58 * created by us using get_mic vs one using
59 * the SSL application data
60 * We use this in wrap and unwrap
61 * Future versions of SSL may use this
62 *
63 * Our wrapped buffer (integrity only) has
64 *
65 * byte type[1] = SSL3_RT_GSSAPI_OPENSSL
66 * byte version_major[1] = 0x03
67 * byte version_minor[1] = 0
68 * byte mic_length[2] = 2 byte length of following mic
69 *
70 * byte mic_seq[8] = 8 byte sequence number
71 * byte mic_data_length[4] = 4 byte length of data
72 * byte hash[*] = the hash of variable length
73 *
74 * byte data[*] = the data being wrapped.
75 */
76
77#define SSL3_RT_GSSAPI_OPENSSL 26
78
79/* These conversions macros are taken from SSL */
80
81#define L2N(LONG_VAL, CHAR_ARRAY) \
82 { \
83 unsigned char * _char_array_ = CHAR_ARRAY; \
84 *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
85 *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
86 *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \
87 *(_char_array_++) = (unsigned char) (((LONG_VAL)) & 0xff); \
88 }
89
90#define N2L(CHAR_ARRAY, LONG_VAL) \
91 { \
92 const unsigned char * _char_array_ = CHAR_ARRAY; \
93 (LONG_VAL) = ((*(_char_array_++)) << 24) & 0xff000000; \
94 (LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
95 (LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
96 (LONG_VAL) |= ((*(_char_array_++)) & 0xff); \
97 }
98
99#define N2S(CHAR_ARRAY, SHORT) \
100 { \
101 char * _char_array_ = CHAR_ARRAY; \
102 (SHORT) = ((unsigned int) (*(_char_array_++))) << 8; \
103 (SHORT) |= ((unsigned int) (*(_char_array_++))); \
104 }
105
106#define S2N(SHORT, CHAR_ARRAY) \
107 { \
108 char * _char_array_ = CHAR_ARRAY; \
109 *(_char_array_++) = (unsigned char) (((SHORT) >> 8) & 0xff); \
110 *(_char_array_++) = (unsigned char) ((SHORT) & 0xff); \
111 }
112
113#define U642N(U64VAL, CHAR_ARRAY) \
114 { \
115 unsigned char * _char_array_ = CHAR_ARRAY; \
116 *(_char_array_++) = (unsigned char) (((U64VAL) >> 56) & 0xff); \
117 *(_char_array_++) = (unsigned char) (((U64VAL) >> 48) & 0xff); \
118 *(_char_array_++) = (unsigned char) (((U64VAL) >> 40) & 0xff); \
119 *(_char_array_++) = (unsigned char) (((U64VAL) >> 32) & 0xff); \
120 *(_char_array_++) = (unsigned char) (((U64VAL) >> 24) & 0xff); \
121 *(_char_array_++) = (unsigned char) (((U64VAL) >> 16) & 0xff); \
122 *(_char_array_++) = (unsigned char) (((U64VAL) >> 8) & 0xff); \
123 *(_char_array_++) = (unsigned char) (((U64VAL) ) & 0xff); \
124 }
125
126#define N2U64(CHAR_ARRAY, U64VAL) \
127 { \
128 const unsigned char * _char_array_ = CHAR_ARRAY; \
129 uint64_t _u64val_ = 0; \
130 _u64val_ = (((uint64_t)(*(_char_array_++))) << 56) & 0xff00000000000000; \
131 _u64val_ = (((uint64_t)(*(_char_array_++))) << 48) & 0xff000000000000; \
132 _u64val_ = (((uint64_t)(*(_char_array_++))) << 40) & 0xff0000000000; \
133 _u64val_ = (((uint64_t)(*(_char_array_++))) << 32) & 0xff00000000; \
134 _u64val_ = (((uint64_t)(*(_char_array_++))) << 24) & 0xff000000; \
135 _u64val_ = (((uint64_t)(*(_char_array_++))) << 16) & 0xff0000; \
136 _u64val_ = (((uint64_t)(*(_char_array_++))) << 8) & 0xff00; \
137 _u64val_ = (((uint64_t)(*(_char_array_++))) ) & 0xff; \
138 (U64VAL) = _u64val_; \
139 }
140/* Compare OIDs */
141
142#define g_OID_equal(o1, o2) \
143 (((o1) == (o2)) || \
144 ((o1) && (o2) && \
145 ((o1)->length == (o2)->length) && \
146 (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)))
147
148typedef struct gss_name_desc_struct {
149 /* gss_buffer_desc name_buffer ; */
150 gss_OID name_oid;
151
152 X509_NAME * x509n;
153 char * x509n_oneline;
154 GENERAL_NAMES * subjectAltNames;
155 char * user_name;
156 char * service_name;
157 char * host_name;
158 char * ip_address;
159 char * ip_name;
160} gss_name_desc;
161
162
163typedef struct gss_cred_id_desc_struct {
164 globus_gsi_cred_handle_t cred_handle;
165 gss_name_desc * globusid;
166 gss_cred_usage_t cred_usage;
167 SSL_CTX * ssl_context;
168 gss_OID mech;
169} gss_cred_id_desc;
170
171typedef struct gss_ctx_id_desc_struct{
172 globus_mutex_t mutex;
173 globus_gsi_callback_data_t callback_data;
174 gss_cred_id_desc * peer_cred_handle;
175 gss_cred_id_desc * cred_handle;
176 gss_cred_id_desc * deleg_cred_handle;
177 globus_gsi_proxy_handle_t proxy_handle;
178 OM_uint32 ret_flags;
179 OM_uint32 req_flags;
180 OM_uint32 ctx_flags;
181 int cred_obtained;
182 gss_OID mech;
183#if OPENSSL_VERSION_NUMBER >= 0x10000100L
185 uint64_t mac_read_sequence;
187 uint64_t mac_write_sequence;
189 unsigned char * mac_key;
194 unsigned char * mac_iv_fixed;
195#endif
196 SSL * gss_ssl;
197 BIO * gss_rbio;
198 BIO * gss_wbio;
199 BIO * gss_sslbio;
200 gss_con_st_t gss_state;
201 int locally_initiated;
202 gss_delegation_state_t delegation_state;
203 gss_OID_set extension_oids;
204 gss_cred_id_t *sni_credentials;
205 bool sni_credentials_obtained;
206 size_t sni_credentials_count;
207 char *sni_servername;
208 unsigned char *alpn;
209 size_t alpn_length;
210} gss_ctx_id_desc;
211
212extern
213const gss_OID_desc * const gss_mech_globus_gssapi_openssl;
214
215extern
216const gss_OID_desc * const gss_mech_globus_gssapi_openssl_micv2;
217
218extern
219const gss_OID_desc * const gss_proxycertinfo_extension;
220
221extern
222gss_OID_desc * gss_nt_host_ip;
223
224extern
225gss_OID_desc * gss_nt_x509;
226
227extern
228const gss_OID_desc * const gss_ext_server_name_oid;
229
230extern
231const gss_OID_desc * const gss_ext_alpn_oid;
232
233extern
234const gss_OID_desc * const gss_ext_tls_version_oid;
235
236extern
237const gss_OID_desc * const gss_ext_tls_cipher_oid;
238
239extern
240globus_bool_t globus_i_backward_compatible_mic;
241extern
242globus_bool_t globus_i_accept_backward_compatible_mic;
243
244#define GLOBUS_GSS_C_NT_HOST_IP gss_nt_host_ip
245#define GLOBUS_GSS_C_NT_X509 gss_nt_x509
246
247extern
248globus_thread_once_t once_control;
249
250void
251globus_l_gsi_gssapi_activate_once(void);
252
253OM_uint32
255 OM_uint32 *minor_status,
256 const gss_ctx_id_t context_handle,
257 const EVP_MD ** hash,
258 const EVP_CIPHER ** cipher);
259
260
261OM_uint32
262globus_i_gssapi_gsi_gmac(
263 OM_uint32 * minor_status,
264 const EVP_CIPHER * evp_cipher,
265 const unsigned char * iv,
266 const unsigned char * key,
267 const gss_buffer_desc *message_buffer,
268 unsigned char tag[static 16]);
269
270#endif /* GSSAPI_OPENSSL_H */
Globus GSI GSS constants.
gss_con_st_t
Connection State Type.
Definition: globus_gsi_gss_constants.h:98
gss_delegation_state_t
Delegation State Type.
Definition: globus_gsi_gss_constants.h:111
OM_uint32 globus_i_gss_get_hash(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const EVP_MD **hash, const EVP_CIPHER **cipher)
Find the hash and cipher functions used by a context.
Definition: get_hash.c:24
globus_thread_once_t once_control
Definition: module.c:121