1/* $NetBSD: mech.h,v 1.3 2011/02/11 23:44:43 christos Exp $ */ 2 3/* Copyright (c) 2010 The NetBSD Foundation, Inc. 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to The NetBSD Foundation 7 * by Mateusz Kocielski. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the NetBSD 20 * Foundation, Inc. and its contributors. 21 * 4. Neither the name of The NetBSD Foundation nor the names of its 22 * contributors may be used to endorse or promote products derived 23 * from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35 * POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38#ifndef _MECH_H_ 39#define _MECH_H_ 40 41#include <sys/queue.h> 42 43#include <assert.h> 44#include <stdint.h> 45 46#include "dict.h" 47#include "list.h" 48 49/** mechanism status */ 50enum { 51 STATUS_AUTHENTICATION, /**< authentication in progress */ 52 STATUS_AUTHENTICATED /**< session authenticated. this value is used 53 * after last step of the authentication and 54 * means only that last step was performed. */ 55}; 56 57/* mechanism cont return values - used by _cont() functions */ 58enum { 59 MECH_ERROR = -1, /* error */ 60 MECH_OK = 0, /* mechanism authenticated */ 61 MECH_STEP = 1 /* mechanism needs one or more steps more */ 62}; 63 64/* qop enums and flags */ 65/* NB: used to index saslc__mech_qop_tbl[] */ 66typedef enum { 67 QOP_NONE = 0, /* no QOP layer */ 68 QOP_INT = 1, /* integrity */ 69 QOP_CONF = 2 /* confirmation */ 70} saslc__mech_sess_qop_t; 71 72/* NB: These flags must match the security layer flags provided by the 73 * GSSAPI server. See RFC 2222 section 7.2.3 and RFC 4752 section 3.3. */ 74#define F_QOP_NONE (1 << QOP_NONE) 75#define F_QOP_INT (1 << QOP_INT) 76#define F_QOP_CONF (1 << QOP_CONF) 77 78/* mechanism session */ 79typedef struct saslc__mech_sess_t { 80 uint32_t status; /**< status of authentication */ 81 uint32_t step; /**< step counter */ 82 saslc__mech_sess_qop_t qop; /**< quality of protection layer */ 83} saslc__mech_sess_t; 84 85/* mechanism functions */ 86typedef int (*saslc__mech_create_t)(saslc_sess_t *); 87typedef int (*saslc__mech_cont_t)(saslc_sess_t *, const void *, size_t, 88 void **, size_t *); 89typedef ssize_t (*saslc__mech_xxcode_t)(saslc_sess_t *, const void *, size_t, 90 void **, size_t *); 91typedef int (*saslc__mech_destroy_t)(saslc_sess_t *); 92 93/** mechanism structure */ 94typedef struct saslc__mech_t { 95 const char *name; /**< mechanism name */ 96 const uint32_t flags; /**< mechanism flags */ 97#define FLAG_NONE 0 /**< no flags */ 98#define FLAG_ANONYMOUS (1 << 0) /**< anonymous authentication */ 99#define FLAG_PLAINTEXT (1 << 1) /**< mechanism uses plaintext 100 for sharing secrets */ 101#define FLAG_DICTIONARY (1 << 2) /**< dictionary attack against 102 authentication is possible */ 103#define FLAG_ACTIVE (1 << 3) /**< nondictionary active attack 104 against authentication is 105 possible */ 106#define FLAG_MUTUAL (1 << 4) /**< mutual authentication */ 107 108/* see xsess.c:flags_OK() for REJ_FLAGS and REQ_FLAGS meaning */ 109#define REJ_FLAGS (FLAG_ANONYMOUS | FLAG_PLAINTEXT |\ 110 FLAG_DICTIONARY | FLAG_ACTIVE) 111#define REQ_FLAGS (FLAG_MUTUAL) 112 113 saslc__mech_create_t create; /**< create function - creates 114 mechanism instance */ 115 saslc__mech_cont_t cont; /**< step function - performs 116 one step of authentication */ 117 saslc__mech_xxcode_t encode; /**< encoding function - encodes input 118 according to negotiated security 119 layer */ 120 saslc__mech_xxcode_t decode; /**< decoding function - decodes input 121 according to negotiated security 122 layer */ 123 saslc__mech_destroy_t destroy; /**< destroy function - destroys 124 mechanism instance */ 125} saslc__mech_t; 126 127/* mechanism list */ 128 129/** mechanisms list node */ 130typedef struct saslc__mech_list_node_t { 131 LIST_ENTRY(saslc__mech_list_node_t) nodes; /**< nodes */ 132 const saslc__mech_t *mech; /**< mechanism */ 133 saslc__dict_t *prop; /**< mechanism config */ 134} saslc__mech_list_node_t; 135 136/* mechanisms list head */ 137typedef struct saslc__mech_list_t saslc__mech_list_t; 138LIST_HEAD(saslc__mech_list_t, saslc__mech_list_node_t); 139 140/* mechanism list functions */ 141saslc__mech_list_t *saslc__mech_list_create(saslc_t *); 142void saslc__mech_list_destroy(saslc__mech_list_t *); 143saslc__mech_list_node_t *saslc__mech_list_get(saslc__mech_list_t *, 144 const char *); 145 146/* generic functions */ 147int saslc__mech_generic_create(saslc_sess_t *); 148int saslc__mech_generic_destroy(saslc_sess_t *); 149 150/* additional functions */ 151int saslc__mech_strdup(saslc_sess_t *, char **, size_t *, const char *, 152 const char *); 153 154/* qop inline routines */ 155extern const named_flag_t saslc__mech_qop_tbl[4]; 156 157static inline const char * 158saslc__mech_qop_name(saslc__mech_sess_qop_t qop) 159{ 160 161 /* NULL terminated table */ 162 assert(qop < __arraycount(saslc__mech_qop_tbl) - 1); 163 return saslc__mech_qop_tbl[qop].name; 164} 165 166static inline int 167saslc__mech_qop_flag(saslc__mech_sess_qop_t qop) 168{ 169 170 /* NULL terminated table */ 171 assert(qop < __arraycount(saslc__mech_qop_tbl) - 1); 172 return saslc__mech_qop_tbl[qop].flag; 173} 174 175static inline unsigned int 176saslc__mech_qop_list_flags(list_t *list) 177{ 178 179 return saslc__list_flags(list, saslc__mech_qop_tbl); 180} 181 182#endif /* ! _MECH_H_ */ 183