| blob | 954e34e7e60c53aa5911516a0fbd53d0d9618233 |
1 /* $NetBSD$ */
3 /*
4 * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2000-2002 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
20 /*
21 * Id: gssapi_link.c,v 1.14 2009/10/24 23:47:36 tbox Exp
22 */
24 #include <config.h>
26 #ifdef GSSAPI
28 #include <isc/buffer.h>
29 #include <isc/mem.h>
30 #include <isc/string.h>
31 #include <isc/util.h>
33 #include <dst/result.h>
38 #include <dst/gssapi.h>
40 #define INITIAL_BUFFER_SIZE 1024
41 #define BUFFER_EXTRA 1024
43 #define REGION_TO_GBUFFER(r, gb) \
44 do { \
45 (gb).length = (r).length; \
46 (gb).value = (r).base; \
47 } while (0)
52 };
54 /*%
55 * Allocate a temporary "context" for use in gathering data for signing
56 * or verifying.
57 */
58 static isc_result_t
61 isc_result_t result;
70 INITIAL_BUFFER_SIZE);
74 }
79 }
81 /*%
82 * Destroy the temporary sign/verify context.
83 */
84 static void
93 }
94 }
96 /*%
97 * Add data to our running buffer of data we will be signing or verifying.
98 * This code will see if the new data will fit in our existing buffer, and
99 * copy it in if it will. If not, it will attempt to allocate a larger
100 * buffer and copy old+new into it, and free the old buffer.
101 */
102 static isc_result_t
106 isc_region_t r;
108 isc_result_t result;
128 }
130 /*%
131 * Sign.
132 */
133 static isc_result_t
136 isc_region_t message;
142 /*
143 * Convert the data we wish to sign into a structure gssapi can
144 * understand.
145 */
149 /*
150 * Generate the signature.
151 */
155 /*
156 * If it did not complete, we log the result and return a generic
157 * failure code.
158 */
163 }
165 /*
166 * If it will not fit in our allocated buffer, return that we need
167 * more space.
168 */
172 }
174 /*
175 * Copy the output into our buffer space, and release the gssapi
176 * allocated space.
177 */
183 }
185 /*%
186 * Verify.
187 */
188 static isc_result_t
198 /*
199 * Convert the data we wish to sign into a structure gssapi can
200 * understand.
201 */
205 /*
206 * XXXMLG
207 * It seem that gss_verify_mic() modifies the signature buffer,
208 * at least on Heimdal's implementation. Copy it here to an allocated
209 * buffer.
210 */
219 /*
220 * Verify the data.
221 */
226 /*
227 * Convert return codes into something useful to us.
228 */
242 else
244 }
247 }
249 static isc_boolean_t
254 /* No idea */
256 }
258 static isc_result_t
264 /* No idea */
266 }
268 static isc_boolean_t
272 }
274 static void
279 }
282 gssapi_create_signverify_ctx,
283 gssapi_destroy_signverify_ctx,
284 gssapi_adddata,
285 gssapi_sign,
286 gssapi_verify,
288 gssapi_compare,
290 gssapi_generate,
291 gssapi_isprivate,
292 gssapi_destroy,
299 };
301 isc_result_t
307 }
309 #else
311 #endif
313 /*! \file */