One document matched: draft-ietf-cat-idup-cbind-02.txt
Differences from draft-ietf-cat-idup-cbind-01.txt
Independent Data Unit Protection Generic Security Service
Application Program Interface: C-bindings
STATUS OF THIS MEMO
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force(IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
To learn the current status of any Internet Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
Comments on this document should be sent to "cat-ietf@mit.edu", the
IETF Common Authentication Technology WG discussion list.
ABSTRACT
The Independent Data Unit Protection Generic Security Service
Application Program Interface (IDUP-GSS-API) extends the GSS-API
[RFC-1508] for applications requiring protection of a generic data
unit (such as a file or message) in a way which is independent of the
protection of any other data unit and independent of any concurrent
contact with designated "receivers" of the data unit. Thus, it is
suitable for applications such as secure electronic mail where data
needs to be protected without any on-line connection with the
intended recipient(s) of that data. The protection offered by the
IDUP includes data origin authentication with data integrity, data
confidentiality with data integrity, and support for non-repudiation
services. Subsequent to being protected, the independent data unit
can be transferred to the recipient(s) - or to an archive - perhaps
to be processed ("unprotected") only days or years later.
This document is a companion document to the IDUP-GSS-API and
specifies its C language bindings. It extends the generic GSS-API:
C-Bindings document [RFC-1509].
Thakkar, Grebovich 1 Expires: August 18, 1996
TABLE OF CONTENTS
1. INTRODUCTION ................................................ 3
2. IDUP-GSS-API ROUTINES ....................................... 4
2.1. Data Types and Calling Conventions ........................ 5
2.1.1. Structured data types ................................... 5
2.1.2. Integer types ........................................... 6
2.1.3. String and similar data ................................. 6
2.1.3.1. Opaque data types ..................................... 6
2.1.3.2. Character strings ..................................... 6
2.1.4. Data Unit Identifiers ................................... 7
2.1.5. Data Unit Identifier Sets ............................... 7
2.1.6. Parameter Bundles ....................................... 8
2.1.7. Credentials ............................................. 13
2.1.8. Environments ............................................ 13
2.1.9. Tokens .................................................. 14
2.1.10. Status values .......................................... 14
2.1.10.1. IDUP-GSS status codes ................................ 14
2.1.10.2. Mechanism-specific status codes ...................... 17
2.1.11. Names .................................................. 17
2.1.12. Optional parameters .................................... 18
2.1.12.1. gss_buffer_t types ................................... 18
2.1.12.2. Integer types (input) ................................ 18
2.1.12.3. Integer types (output) ............................... 18
2.1.12.4. Pointer types ........................................ 18
2.1.12.5. Object IDs ........................................... 19
2.1.12.6. Object ID Sets ....................................... 19
2.1.12.7. Parameter Bundles .................................... 19
2.1.12.8. Credentials .......................................... 19
2.1.12.9. Environments ......................................... 19
3. IDUP-GSS-API routine descriptions .......................... 19
3.1. Credential management calls .............................. 19
3.2. Environment-level calls .................................. 19
3.2.1. idup_establish_env ..................................... 20
3.2.2. idup_abolish_env ....................................... 22
3.2.3. idup_inquire_env ....................................... 24
3.3. Per-IDU calls ............................................ 25
3.3.1. idup_start_protect ...................................... 26
3.3.2. idup_protect ............................................ 29
3.3.3. idup_end_protect ........................................ 30
3.3.4. idup_start_unprotect .................................... 32
3.3.5. idup_unprotect .......................................... 36
3.3.6. idup_end_unprotect ...................................... 37
3.4. Special-Purpose Calls .................................... 38
3.4.1. idup_form_complete_evidence ............................. 39
3.5. Support calls ............................................ 40
3.5.1 idup_parse_token ........................................ 41
4. ACKNOWLEDGMENTS ............................................ 42
5. SECURITY CONSIDERATIONS .................................... 42
6. REFERENCES ................................................. 42
7. AUTHOR'S ADDRESS ........................................... 42
APPENDIX - IDUP-GSS-API Example ................................ 43
Thakkar, Grebovich 2 Expires: August 18, 1996
1. INTRODUCTION
The Independent Data Unit Protection Generic Security Service
Application Program Interface (IDUP-GSS-API) [IDUP] provides security
services to calling applications in a local environment. It allows
an application to protect an independent data unit for future use, to
unprotect a protected independent data unit and to apply security
services such as data origin authentication with integrity (DOA),
confidentiality with integrity (CONF), and / or support for non-
repudiation on a per-data-unit basis.
There are four stages to using the IDUP-GSS-API:
(a) The application acquires a set of credentials with which it may
bind its identity to a data unit. The application's credentials
vouch for its global identity, which may or may not be related
to the local username under which it is running.
(b) The application establishes a security environment using its
credentials. The security environment is an IDUP-GSS-API data
structure that contains information which is required in order
that per-data-unit security services may be provided.
(c) Per-data-unit services are invoked on an established IDUP
environment to perform IDU protection and unprotection.
Per-IDU calls for IDU protection can support
(i) data origin authentication with data integrity,
(ii) confidentiality with data integrity,
(iii) evidence generation
(perform non-repudiable "proof of origin" or "proof of
delivery")
The application wishing to protect an IDU will call the protect
IDUP-GSS-API routines, specifying the appropriate security
environment. IDUP-GSS-API calls for protection operations will
return a token data structure. This token encapsulates all the
information required to unprotect the IDU.
Per-IDU calls for IDU unprotection can support
(i) data origin authentication verification,
(ii) decipherment,
(iii) evidence verification
The recipient will pass the protected IDU to the unprotecting
routines to remove the protection and validate the data.
Thakkar, Grebovich 3 Expires: August 18, 1996
(d) At the completion of a security environment (which may extend
across several protection and unprotection operations), the
application calls an IDUP-GSS-API routine to abolish the security
environment.
2. IDUP-GSS-API ROUTINES
This section lists the functions performed by each of the IDUP-GSS-
API calls and discusses their major parameters, describing how they
are to be passed to the routines. The calls are listed in Figure 1
(an asterisk marks the calls which are identical to the GSS-API
specification).
Figure 1 - IDUP-GSS-API Calls
CREDENTIAL MANAGEMENT
* gss_acquire_cred acquire credentials for use
* gss_release_cred release credentials after use
* gss_inquire_cred display information about credentials
* gss_add_cred add credential info. (see [GSSv2])
ENVIRONMENT-LEVEL CALLS
idup_establish_env establish IDUP environment (to protect
or unprotect IDUs)
idup_abolish_env abolish env. when no longer needed
idup_inquire_env obtain environment parameters
PER-IDU CALLS
idup_start_protect begin the protection process
idup_protect protect IDU (perhaps 1 buffer at a
time)
idup_end_protect end the protection process;
create a token which contains info.
necessary for the legitimate
receiver(s) of the P-IDU to
unprotect it
idup_start_unprotect begin the unprotection process
Thakkar, Grebovich 4 Expires: August 18, 1996
idup_unprotect use the token to unprotect the P-IDU
(possibly 1 buffer at a time)
idup_end_unprotect end the unprotection process
SPECIAL-PURPOSE CALLS (might not be supported by all mechanisms)
idup_form_complete_evidence insert in evidence token any data not
provided by the protection calls
SUPPORT CALLS
* gss_display_status translate status codes to printable form
* gss_indicate_mechs indicate mech_types supported on local
system
* gss_compare_name compare two names for equality
* gss_display_name translate name to printable form
* gss_import_name convert printable name to normalized
form
* gss_release_name free storage of normalized-form name
* gss_release_buffer free storage of printable name
* gss_release_oid_set free storage of OID set
idup_parse_token examine an input token to determine
mech_type and token_type and other info.
Individual IDUP-GSS-API implementations may augment these routines by
providing additional mechanism-specific routines if required
functionality is not available from the generic forms. Applications
are encouraged to use the generic routines wherever possible on
portability grounds.
2.1. Data Types and Calling Conventions
The following conventions are used by the IDUP-GSS-API:
2.1.1. Structured data types
Wherever these IDUP-GSS-API C-bindings describe structured data, only
fields that must be provided by all IDUP-GSS-API implementations are
documented. Individual implementations may provide additional
fields, either for internal use within IDUP-GSS-API routines, or for
use by non-portable applications.
Thakkar, Grebovich 5 Expires: August 18, 1996
2.1.2. Integer types
IDUP-GSS-API defines the following integer data type:
OM_uint32 32-bit unsigned integer
Where guaranteed minimum bit-count is important, this portable data
type is used by the IDUP-GSS-API routine definitions. Individual
IDUP-GSS-API implementations will include appropriate typedef
definitions to map this type onto a built-in data type.
2.1.3. String and similar data
Many of the IDUP-GSS-API routines take arguments and return values
that describe contiguous multiple-byte data. All such data is passed
between the IDUP-GSS-API and the caller using the gss_buffer_t data
type.
This data type is a pointer to a buffer descriptor, which consists of
a length field that contains the total number of bytes in the datum,
and a value field which contains a pointer to the actual datum:
typedef struct gss_buffer_desc_struct {
size_t length;
void *value;
} gss_buffer_desc, *gss_buffer_t;
Storage for data passed to the application by a IDUP-GSS-API routine
using the gss_buffer_t conventions is allocated by the IDUP-GSS-API
routine. The application may free this storage by invoking the
gss_release_buffer routine. Allocation of the gss_buffer_desc data
unit is always the responsibility of the application; unused
gss_buffer_desc data units may be initialized to the value
GSS_C_EMPTY_BUFFER.
2.1.3.1. Opaque data types
Certain multiple-word data items are considered opaque data types at
the IDUP-GSS-API, because their internal structure has no
significance either to the IDUP-GSS-API or to the caller. An example
of such an opaque data type is the input_buffer parameter to
idup_protect (which is opaque to the IDUP-GSS-API). Opaque data is
passed between the IDUP-GSS-API and the application using the
gss_buffer_t datatype.
2.1.3.2. Character strings
Certain multiple-word data items may be regarded as simple ISO Latin-
1 character strings. An example of this is the input_name_buffer
parameter to gss_import_name. Some IDUP-GSS-API routines also return
character strings. Character strings are passed between the
application and the IDUP-GSS-API using the gss_buffer_t datatype.
Thakkar, Grebovich 6 Expires: August 18, 1996
2.1.4. Object Identifiers
Certain IDUP-GSS-API procedures take parameters of the type gss_OID,
or Object Identifier. This is a type containing ISO-defined tree-
structured values, and is used by the IDUP-GSS-API caller to select
an underlying security mechanism. A value of type gss_OID has the
following structure:
typedef struct gss_OID_desc_struct {
OM_uint32 length;
void *elements;
} gss_OID_desc, *gss_OID;
The elements field of this structure points to the first byte of an
octet string containing the ASN.1 BER encoding of the value of the
gss_OID. The length field contains the number of bytes in this
value. For example, the gss_OID value corresponding to {iso(1)
identified-organization(3) icd-ecma(12) member-company(2) dec(1011)
cryptoAlgorithms(7) SPX(5)} meaning SPX (Digital's X.509
authentication mechanism) has a length field of 7 and an elements
field pointing to seven octets containing the following octal
values: 53,14,2,207,163,7,5. IDUP-GSS-API implementations should
provide constant gss_OID values to allow callers to request any
supported mechanism, although applications are encouraged on
portability grounds to accept the default mechanism. gss_OID values
should also be provided to allow applications to specify particular
name types (see section 2.1.10). Applications should treat
gss_OID_desc values returned by IDUP-GSS-API routines as read-only.
In particular, the application should not attempt to deallocate them.
The gss_OID_desc datatype is equivalent to the X/Open
OM_object_identifier datatype [OSI].
2.1.5. Object Identifier Sets
Certain IDUP-GSS-API procedures take parameters of the type
gss_OID_set. This type represents one or more object identifiers
(section 2.1.4). A gss_OID_set object has the following structure:
typedef struct gss_OID_set_desc_struct {
int count;
gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;
The count field contains the number of OIDs within the set. The
elements field is a pointer to an array of gss_OID_desc objects, each
of which describes a single OID. gss_OID_set values are used to name
the available mechanisms supported by the API-GSS-API, to request the
use of specific mechanisms, and to indicate which mechanisms a given
credential supports. Storage associated with gss_OID_set values
returned to the application by the IDUP-GSS-API may be deallocated
by the gss_release_oid_set routine.
Thakkar, Grebovich 7 Expires: August 18, 1996
2.1.6. Parameter Bundles
Parameter bundles are set of closely-related parameters of a call and
are used by some IDUP-GSS-API procedures. A parameter bundle in
turn may contain one or more parameter bundle. Parameters in a
parameter bundle are either used by / available to the calling
application or not used by / unavailable to the calling application.
These parameters can be all input parameters, all output parameters,
or any combination of the two. A parameter with comment "/* Input */"
is an input parameter; one with "/* Output */" is an output
parameter; one with no comment is an input if the bundle itself is an
input and is an output if the bundle itself is an output.
Wherever these IDUP-GSS-API C-bindings describe parameter bundles,
only fields that must be provided by all IDUP-GSS-API implementations
are documented. Individual implementations may provide additional
fields, either for internal use within IDUP-GSS-API routines, or for
use by non-portable applications. For some parameter bundles actual
parameters included are defined by (and specific to) the underlying
mechanism and are not described here. Following is the list of
parameter bundles (Structures with individual parameters as structure
members) that are are described:
o Mech_Specific_Info
o Idu_Sensitivity
o Service_Creation_Info
o Service_Verification_Info
o Quality
o Idu_Information
o Prot_Information
o Special_Conditions
o General_Service_Data
o Bad_Target_Name
o Target_Info
o Prot_Service
o Unprot_Service
o Services_to_Perform
o Services_to_Receive
o Mech_Specific_Info :
Actual parameters included in this structure are defined by (and
specific to) the underlying mechanism.
o Idu_Sensitivity :
Actual parameters included in this structure are defined by (and
specific to) the underlying mechanism, but may include codified
values for "Unclassifed", "Secret", "Top Secret", and so on.
Thakkar, Grebovich 8 Expires: August 18, 1996
o Service_Creation_Info :
o Service_Verification_Info :
Actual parameters included in these structures are defined by (and
specific to) the underlying mechanism, but it is mandatory that they
include at least service_id and Quality.
o Quality :
This parameter bundle includes information which defines the level of
quality associated with a security service.
A Quality parameter bundle has the following structure:
typedef struct {
OM_uint32 qop_algs;
OM_uint32 validity;
gss_OID policy_id;
Boolean allow_policy_mapping;
} IDUP_Quality_desc, *IDUP_Quality;
o Idu_Information :
This parameter bundle contains encapsulated content type, content
description and sensitivity IDU information.
A Idu_Information parameter bundle has the following structure:
typedef struct {
gss_buffer_t idu_type;
gss_buffer_t idu_title;
IDUP_Idu_Sensitivity Idu_Sensitivity;
} IDUP_Idu_Information_desc, *IDUP_Idu_Information;
o Prot_Information :
This parameter bundle contains the originator name, IDU information,
and time when protection was performed.
A Prot_Information parameter bundle has the following structure:
typedef struct {
gss_buffer_t originator_name;
IDUP_Idu_Information Idu_Information;
int protection_time;
} IDUP_Prot_Information_desc, *IDUP_Prot_Information;
Thakkar, Grebovich 9 Expires: August 18, 1996
o Special_Conditions :
This parameter bundle contains parameters which control the
(un)protection procedures.
A Special_Conditions parameter bundle has the following structure:
typedef struct {
int prot_oper_id;
Boolean use_trusted_time;
Boolean use_untrusted_time;
} IDUP_Special_Conditions_desc, *IDUP_Special_Conditions;
o General_Service_Data :
This parameter bundle is used by both protection and unprotection
procedures and contains IDUP_Target_Info parameter bundle as input
and returns unencapsulated token (if enacapsulation_request is FALSE)
and minor status as output.
A General_Service_Data parameter bundle has the following structure:
typedef struct {
IDUP_Target_Info Target_Info;
gss_buffer_t unencapsulated_token; /* Output */
OM_uint32 minor_status; /* Output */
} IDUP_General_Service_Data_desc,
*IDUP_General_Service_Data;
o Bad_Target_Name
This parameter bundle contains the target name which has been
rejected and an integer specifying reason for rejection.
A Bad_Target_Name parameter bundle has the following structure:
typedef struct {
gss_buffer_t bad_targ_name; /* Output */
int bad_targ_status; /* Output */
} IDUP_Bad_Target_Name_desc, *IDUP_Bad_Target_Name;
o Target_Info :
This parameter bundle contains parameters which allow the application
to specify target names (to whom the service is to be delivered) and
to receive rejected names and reason for rejection for each rejected
name.
A Target_Info parameter bundle has the following structure:
Thakkar, Grebovich 10 Expires: August 18, 1996
typedef struct {
idup_name_set targ_names; /* Input */
IDUP_Bad_Target_Name Bad_Target_Names; /* Output */
int bad_count; /* Output */
} IDUP_Target_Info_desc, *IDUP_Target_Info;
The targ_names field is pointer to array of gss_buffer_desc objects,
each of which describes a single buffer containing a name to whom the
service is to be delivered. The rejected names are returned in
IDUP_Bad_Target_Name which is pointer to array of
Bad_Target_Name_desc objects each of which describes a rejected name
with reason for rejection. The number of rejected names is returned
in bad_count.
o Prot_Service :
Three types of protection services are defined in IDUP. These are
1. perform unsolicited service
As an originator, applying data confidentiality with data
integrity, or data origin authentication with data integrity,
or proof of origin evidence is an example of this service type.
2. perform solicited service
As a target, creating a proof of delivery (i.e., receipt)
evidence token as the result of a request received from the
originator is an example of this service type.
3. perform service solicitation.
As an originator, submitting a request that one or more targets
return a receipt for the data sent is an example of this
service type.
The first four parameters in the Prot_Service parameter bundle
pertain to all service types; the fifth parameter is used if and only
if service type 2 is desired; parameters 6-8 are used if and only if
service type 3 is desired.
A Prot_Service parameter bundle has the following structure:
typedef struct {
int prot_service_type; /* Input */
gss_OID service_id; /* Input */
IDUP_Quality Quality; /* Input */
IDUP_General_Service_Data General_Service_Data; /* Input */
IDUP_Service_Creation_Info Service_Creation_Info; /* Input */
idup_name_set services_to; /* Input */
IDUP_Service_Verification_Info
Service_Verification_Info;
/* Output */
int service_verification_info_id;
/* Output */
} IDUP_Prot_Service_desc, *IDUP_Prot_Service;
Thakkar, Grebovich 11 Expires: August 18, 1996
o Services_To_Perform :
This parameter bundle is a set of Prot_Service parameter bundles.
A Services_To_Perform parameter bundle has the following structure:
typedef struct {
OM_uint32 no_of_services;
IDUP_Prot_Service Prot_Service;
} IDUP_Services_To_Perform_desc, *IDUP_Services_To_Perform;
o Unprot_Service :
Three types of unprotection services are defined. These are
1. receive unsolicited service
As a target, unprotecting an encrypted message, or verifying
the originator's proof of origin is an example of this service
type.
2. receive solicited service
As an originator, verifying a proof of delivery which you
requested from a target is an example of this service type.
3. receive service solicitation. As a target, receiving a request
from an originator for a proof of delivery is an example of
this service type.
The first four parameters in the Unprot_Service parameter bundle
pertain to all service types; parameters 5-6 are used if and only if
service type 2 is required; parameters 7-8 are used only if service
type 3 is required.
A Unprot_Service parameter bundle has the following structure:
typedef struct {
int unprot_service_type; /* Output */
gss_OID service_id; /* Output */
IDUP_Quality Quality; /* Output */
IDUP_General_Service_Data General_Service_Data; /* Output */
int service_verification_info_id;
/* Output */
IDUP_Service_Verification_Info
Service_Verification_Info;
/* Input */
idup_name_set services_to; /* Output */
IDUP_Service_Creation_Info Service_Creation_Info; /* Output */
} IDUP_Unprot_Service_desc, *IDUP_Unprot_Service;
o Services_To_Receive :
This parameter bundle is a set of Unprot_Service parameter bundle.
A Services_To_Receive parameter bundle has the following structure:
Thakkar, Grebovich 12 Expires: August 18, 1996
typedef struct {
OM_uint32 no_of_services;
IDUP_Unprot_Service Unprot_Service;
} IDUP_Services_To_Receive_desc, *IDUP_Services_To_Receive;
2.1.7. Credentials
A credential handle is a caller-opaque atomic datum that identifies a
IDUP-GSS-API credential data structure. It is represented by the
caller-opaque type gss_cred_id_t, which may be implemented as either
an arithmetic or a pointer type. Credentials describe a principal,
and they give their holder the ability to act as that principal. The
IDUP-GSS-API does not make the actual credentials available to
applications; instead the credential handle is used to identify a
particular credential, held internally by IDUP-GSS-API or an
underlying mechanism. Thus the credential handle contains no
security-relevant information, and requires no special protection by
the application. Depending on the implementation, a given
credential handle may refer to different credentials when presented
to the IDUP-GSS-API by different callers. Individual IDUP-GSS-API
implementations should define both the scope of a credential handle
and the scope of a credential itself (which must be at least as wide
as that of its handle). Possibilities for credential handle scope
include the process that acquired the handle, the acquiring process
and its children, or all processes sharing some local
identification information (e.g., UID). If no handles exist by which
a given credential may be reached, the IDUP-GSS-API may abolish the
credential.
Certain routines allow credential handle parameters to be omitted to
indicate the use of a default credential. The mechanism by which a
default credential is established and its scope should be defined by
the individual IDUP-GSS-API implementation.
2.1.8. Environments
The idup_env_id_t data type contains a caller-opaque atomic value
that identifies an IDUP-GSS-API security environment. It may be
implemented as either an arithmetic or a pointer type. Depending on
the implementation, a given idup_env_id_t value may refer to
different IDUP-GSS-API security environments when presented to the
IDUP-GSS-API by different callers. The security environment holds
state information about the security operations, including
cryptographic state information. Individual IDUP-GSS-API
implementations should define the scope of an environment. Since no
way is provided by which a new idup_env_id_t value may be obtained
for an existing environment, the scope of an environment should be
the same as the scope of the idup_env_id_t data type.
Thakkar, Grebovich 13 Expires: August 18, 1996
2.1.9. Tokens
A token is a caller-opaque type that IDUP-GSS-API uses to store
information regarding an IDU. The token is a bit-string, generated
by the underlying mechanism during protection calls for use by the
same or another security mechanism during unprotection calls. A
token is passed between the IDUP-GSS-API and the application using
the gss_buffer_t convention.
2.1.10. Status values
One or more status codes are returned by each IDUP-GSS-API routine.
Two distinct sorts of status codes are returned. These are termed
GSS status codes and Mechanism status codes.
2.1.10.1. IDUP-GSS status codes
IDUP-GSS-API routines return IDUP-GSS status codes as their OM_uint32
function value. These codes indicate errors that are independent of
the underlying mechanism used to provide the security service. The
errors that can be indicated via a IDUP-GSS status code are either
generic API routine errors (errors that are defined in the IDUP-GSS-
API specification) or calling errors (errors that are specific to
these bindings).
An IDUP-GSS status code can indicate a single fatal generic API error
from the routine and a single calling error. In addition,
supplementary status information may be indicated via the setting of
bits in the supplementary info field of a IDUP-GSS status code.
These errors are encoded into the 32-bit GSS status code as follows:
MSB LSB
|------------------------------------------------------------|
| Calling Error | Routine Error | Supplementary Info |
|------------------------------------------------------------|
Bit 31 24 23 16 15 0
Hence if a IDUP-GSS-API routine returns a IDUP-GSS status code whose
upper 16 bits contain a non-zero value, the call failed. If the
calling error field is non-zero, the invoking application's call of
the routine was erroneous. Calling errors are defined in Table 1.
If the routine error field is non-zero, the routine failed for one of
the routine-specific reasons listed below in Table 2. Whether or not
the upper 16 bits indicate a failure or a success, the routine may
indicate additional information by setting bits in the
supplementary info field of the status code. The meaning of
individual bits is listed below in Table 3.
Thakkar, Grebovich 14 Expires: August 18, 1996
Table 1 - Calling Errors
Name Value in Meaning
Field
GSS_S_CALL_INACCESSIBLE_READ 1 a required input parameter could
not be read
GSS_S_CALL_INACCESSIBLE_WRITE 2 a required output parameter
could not be written.
GSS_S_CALL_BAD_STRUCTURE 3 a parameter was malformed.
Table 2 - Routine Errors
Name Value in Meaning
Field
GSS_S_BAD_MECH 1 unsupported mechanism requested
GSS_S_BAD_NAME 2 invalid name provided
GSS_S_BAD_NAMETYPE 3 name of unsupported type provided
GSS_S_BAD_BINDINGS 4 NOT APPLICABLE TO IDUP
GSS_S_BAD_STATUS 5 invalid input status selector
GSS_S_BAD_SIG 6 token had invalid signature
GSS_S_NO_CRED 7 no valid credentials provided
GSS_S_NO_CONTEXT 8 NOT APPLICABLE TO IDUP
GSS_S_DEFECTIVE_TOKEN 9 defective token detected
GSS_S_DEFECTIVE_CREDENTIAL 10 defective credential detected
GSS_S_CREDENTIALS_EXPIRED 11 expired credentials detected
GSS_S_CONTEXT_EXPIRED 12 specified security context expired
GSS_S_FAILURE 13 failure, unspecified at GSS-API
level
GSS_S_BAD_QOP 14 unsupported QOP value
GSS_S_UNAUTHORIZED 15 the operation is forbidden by local
security policy
GSS_S_UNAVAILABLE 16 the operation or option is not
available
IDUP_S_BAD_TARG_INFO 17 all target information is invalid
or unsuitable for IDU protection.
IDUP_S_BAD_DOA_KEY 18 DOA key has expired or been revoked
IDUP_S_BAD_KE_KEY 19 key used for key establishment
between originator and target has
expired or been revoked.
IDUP_S_BAD_ENC_IDU 20 encrypted IDU is defective/invalid
IDUP_S_EVIDENCE_TOKEN_INCOMPLETE
21 there is not enough info. in
evidence_token for verification
IDUP_S_SERV_VERIF_INFO_NEEDED 22 the Service_Verification_Info
parameter bundle is required
IDUP_S_SERVICE_UNAVAIL 23 mechanism does not support
requested service
Thakkar, Grebovich 15 Expires: August 18, 1996
IDUP_S_REQ_TIME_SERVICE_UNAVAIL
24 the time service in not available
in this environment
IDUP_S_NO_ENV 25 no environment recognized for
env_handle
IDUP_S_NO_MATCH 26 Service_Verification_Info and token
do not match
IDUP_S_UNKNOWN_OPER_ID 27 requested operation id. is
unsupported
Table 3 - Supplementary Status Bits
Name Bit Number(LSB) Meaning
GSS_S_CONTINUE_NEEDED 0 continuation call to routine
required
GSS_S_DUPLICATE_TOKEN 1 NOT APPLICABLE TO IDUP
GSS_S_OLD_TOKEN 2 NOT APPLICABLE TO IDUP
GSS_S_UNSEQ_TOKEN 3 NOT APPLICABLE TO IDUP
GSS_S_GAP_TOKEN 4 NOT APPLICABLE TO IDUP
IDUP_S_ENCAPSULATION_UNAVAIL 5 encapsulation of M-IDU into P-IDU
is not supported
IDUP_S_MORE_PIDU_NEEDED 6 more P-IDU data is needed for
idup_start_unprotect()
IDUP_S_MORE_DATA_NEEDED 7 more data is needed for protection
or unprotection
The routine documentation also uses the name GSS_S_COMPLETE, which is
a zero value, to indicate an absence of any API errors or
supplementary information bits.
All GSS_S_xxx and IDUP_S_xxx symbols equate to complete OM_uint32
status codes, rather than to bitfield values. For example, the
actual value of the symbol GSS_S_BAD_NAMETYPE (value 4 in the routine
error field) is 4 << 16.
The macros GSS_CALLING_ERROR(), GSS_ROUTINE_ERROR() and
GSS_SUPPLEMENTARY_INFO() are provided, each of which takes a IDUP-GSS
status code and removes all but the relevant field. For example, the
value obtained by applying GSS_ROUTINE_ERROR to a status code removes
the calling errors and supplementary info fields, leaving only the
routine errors field. The values delivered by these macros may be
directly compared with a GSS_S_xxx symbol of the appropriate type.
The macro GSS_ERROR() is also provided, which when applied to a IDUP-
GSS status code returns a non-zero value if the status code indicated
a calling or routine error, and a zero value otherwise.
An IDUP-GSS-API implementation may choose to signal calling errors in
a platform-specific manner instead of, or in addition to, the routine
value; routine errors and supplementary info should be returned via
routine status values only.
Thakkar, Grebovich 16 Expires: August 18, 1996
2.1.10.2. Mechanism-specific status codes
IDUP-GSS-API routines return a minor_status parameter, which is used
to indicate specialized errors from the underlying security
mechanism. This parameter may contain a single mechanism-specific
error, indicated by a OM_uint32 value.
The minor_status parameter will always be set by an IDUP-GSS-API
routine, even if it returns a calling error or one of the generic API
errors indicated above as fatal, although other output parameters
remain unset in such cases. However, output parameters that are
expected to return pointers to storage allocated by a routine must
always set by the routine, even in the event of an error, although in
such cases the IDUP-GSS-API routine may elect to set the returned
parameter value to NULL to indicate that no storage was actually
allocated. Any length field associated with such pointers (as in a
gss_buffer_desc structure) should also be set to zero in such cases.
The GSS status code GSS_S_FAILURE is used to indicate that the
underlying mechanism detected an error for which no specific IDUP-
GSS-API status code is defined. The mechanism status code will
provide more details about the error.
2.1.11. Names
A name is used to identify a person or entity. IDUP-GSS-API
authenticates the relationship between a name and the entity claiming
the name.
Two distinct representations are defined for names:
(a) A printable form, for presentation to a user
(b) An internal form, for presentation at the API
The syntax of a printable name is defined by the IDUP-GSS-API
implementation, and may be dependent on local system configuration,
or on individual user preference. The internal form provides a
canonical representation of the name that is independent of
configuration.
A given IDUP-GSS-API implementation may support names drawn from
multiple namespaces. In such an implementation, the internal form of
the name must include fields that identify the namespace from which
the name is drawn. The namespace from which a printable name is
drawn is specified by an accompanying object identifier.
Thakkar, Grebovich 17 Expires: August 18, 1996
Routines (gss_import_name and gss_display_name) are provided to
convert names between their printable representations and the
gss_name_t type. GSS_Import_name may support multiple syntaxes for
each supported namespace, allowing users the freedom to choose a
preferred name representation. gss_display_name should use an
implementation-chosen preferred syntax for each supported name-type.
Comparison of internal-form names is accomplished via the
gss_compare_names routine. This removes the need for the application
program to understand the syntaxes of the various printable names
that a given IDUP-GSS-API implementation may support. Storage is
allocated by routines that return gss_name_t values. A procedure,
gss_release_name, is provided to free storage associated with a name.
Certain IDUP-GSS-API procedures take parameters of the type
idup_name_set. This type represents one or more names. A
idup_name_set object has the following structure:
typedef struct idup_name_set_desc_struct {
int count;
gss_name_t elements;
} idup_name_set_desc, *idup_name_set;
2.1.12. Optional parameters
Various parameters are described as optional. This means that they
follow a convention whereby a default value may be requested. The
following conventions are used for omitted parameters. These
conventions apply only to those parameters that are explicitly
documented as optional.
2.1.12.1. gss_buffer_t types
Specify GSS_C_NO_BUFFER as a value. For an input parameter this
signifies that default behavior is requested, while for an output
parameter it indicates that the information that would be returned
via the parameter is not required by the application.
2.1.12.2. Integer types (input)
Individual parameter documentation lists values to be used to
indicate default actions.
2.1.12.3. Integer types (output)
Specify NULL as the value for the pointer.
2.1.12.4. Pointer types
Specify NULL as the value.
Thakkar, Grebovich 18 Expires: August 18, 1996
2.1.12.5. Object IDs
Specify GSS_C_NULL_OID as the value.
2.1.12.6. Object ID Sets
Specify GSS_C_NULL_OID_SET as the value.
2.1.12.7. Parameter Bundles
Specify NULL as the value.
2.1.12.8. Credentials
Specify GSS_C_NO_CREDENTIAL to use the default credential handle.
2.1.12.9. Environments
Specify IDUP_C_NO_ENV to use the default environment handle.
3. IDUP-GSS-API routine descriptions
3.1 Credential Management Calls
Credential management in IDUP-GSS-API is to be understood and used as
described in GSS-API [RFC-1508 and RFC-1509]. The calls
gss_acquire_cred(), gss_release_cred(), gss_add_cred() (from [GSSv2])
and gss_inquire_cred() are unchanged.
3.2 Environment-level Calls
The set of calls described in this section are used un place of the
calls gss_init_sec_context(), gss_accept_sec_context(),
gss_delete_sec_context(), gss_process_context_token() and
gss_context_time() which are specified in [RFC-1508 and RFC-1509].
Thakkar, Grebovich 19 Expires: August 18, 1996
3.2.1. idup_establish_env
OM_uint32 idup_establish_env (
gss_cred_id_t claimant_cred_handle,
gss_OID req_mech_type,
gss_OID req_policy,
time_t policy_time,
gss_OID_set req_services,
OM_uint32 * minor_status,
idup_env_id_t * env_handle,
gss_OID * actual_mech_type,
gss_OID * actual_policy,
time_t * actual_policy_time,
gss_OID_set ret_services)
Purpose:
Called by the application to establish a security environment.
Parameters:
claimant_cred_handle gss_cred_id_t, read, optional
handle for credentials claimed.
GSS_C_NO_CREDENTIAL parameter specifies
"use default".
req_mech_type OID, read, optional
Object ID of desired mechanism.
GSS_C_NULL_OID parameter specifies "use
default".
req_policy OID, read, optional
Object ID of desired policy.
policy_time time_t, read
The security policy rules available at the
specified time. NULL parameter specifies
"use default".
req_services set of OID, read
set of Object ID which request that the
environment support specific services.
The OIDs available are:
PER_CONF perform data confidentiality
PER_DOA perform data origin
authentication with data
integrity
PER_POO perform non-repudiable "proof
of origin"
PER_POD perform non-repudiable "proof
of delivery"
REC_CONF receive data confidentiality
Thakkar, Grebovich 20 Expires: August 18, 1996
REC_DOA receive/verify DOA with data
integrity
REC_POO receive/verify "proof of
origin"
REC_POD receive/verify "proof of
delivery"
TTIME trusted time available
UTIME untrusted time available
minor_status integer, modify
Mechanism specific status code.
env_handle idup_env_id_t, modify
environment handle for new environment.
actual_mech_type OID, modify
Actual mechanism used.
Always indicated, never NULL.
actual_policy OID, modify
Always indicated, never NULL.
actual_policy_time time_t, modify
Actual time at which the above policy
rules came into effect.
ret_services set of OID, modify
Not all services requested in req_services
may be available in all underlying
mech_types. The set of OID returned
indicates services supported in the
environment.
The value of this parameter is undefined
unless the routine returns GSS_S_COMPLETE.
Function value:
GSS status code:
GSS_S_COMPLETE indicates that environment-level
information was successfully initialized,
and that IDU / P-IDU processing can
begin on the newly-established
environment.
GSS_S_DEFECTIVE_CREDENTIAL indicates that consistency checks
performed on the credential structure
referenced by claimant_cred_handle
failed, preventing further processing from
being performed using that credential
structure.
Thakkar, Grebovich 21 Expires: August 18, 1996
GSS_S_NO_CRED indicates that no environment was
established, either because the input
cred_handle was invalid or because the
caller lacks authorization to access the
referenced credentials.
GSS_S_CREDENTIALS_EXPIRED indicates that the credentials provided
through the input claimant_cred_handle
argument are no longer valid, so
environment establishment cannot be
completed.
GSS_S_BAD_MECH indicates that a mech_type unsupported
by the IDUP_GSS-API implementation type
was requested, causing the environment
establishment operation to fail.
GSS_S_FAILURE indicates that environment setup could not
be accomplished for reasons unspecified at
the IDUP-GSS-API level, and that no
interface-defined recovery action is
available.
See minor_status code for more
information.
Thakkar, Grebovich 22 Expires: August 18, 1996
3.2.2 idup_abolish_env
OM_uint32 idup_abolish_env (
idup_env_id_t * env_handle,
OM_uint32 * minor_status)
Purpose:
This call is made to flush environment-specific information. (Once an
environment is established, cashed credential and environment-related
information is expected to be retained until an idup_abolish_env()
call is made or until the credential lifetime expires.) Attempts to
perform IDU processing on a deleted environment will result in error
returns.
Parameters:
env_handle idup_env_id_t, read
environment handle identifying environment
to abolish
minor_status integer, modify
Mechanism-specific status code.
Function value:
GSS status code:
GSS_S_COMPLETE indicates that the environment was
recognized and that relevant environment-
specific information was flushed.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided, so
no deletion was performed.
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
See minor_status code for more
information.
Thakkar, Grebovich 23 Expires: August 18, 1996
3.2.3 idup_inquire_env
OM_uint32 idup_inquire_env (
idup_env_id_t env_handle,
OM_uint32 * minor_status,
gss_OID * mech_type,
gss_OID * policy,
time_t * policy_time,
gss_OID_set * ret_services)
Purpose:
This call is used to extract information describing characteristics
of the security environment.
Parameters:
env_handle idup_env_id_t, read, optional
environment handle identifying environment
used.
minor_status integer, modify
mechanism specific status code.
mech_type OID, modify, optional
the mechanism supporting security
environment
policy OID, modify
The policy used in this environment.
policy_time time_t, modify
Time at which the above policy rules came
into effect.
ret_services set of OID, modify
The set of OID returned indicates services
supported in the environment.
OIDs available are:
PER_CONF perform data confidentiality
PER_DOA perform data origin
authentication with data
integrity
PER_POO perform non-repudiable " of
origin"
PER_POD perform non-repudiable "proof of
delivery"
REC_CONF receive data confidentiality
REC_DOA receive/verify DOA with data
integrity
REC_POO receive/verify "proof of origin"
Thakkar, Grebovich 24 Expires: August 18, 1996
REC_POD receive/verify "proof of
delivery"
TTIME trusted time available
UTIME untrusted time available
Function value:
GSS status code:
GSS_S_COMPLETE indicates that the referenced environment
is valid and that mech_type, and
ret_services return values describe
the corresponding characteristics of the
environment.
GSS_S_CREDENTIALS_EXPIRED indicates that the credentials provided
through the input claimant_cred_handle
argument are no longer valid, so
environment establishment cannot be
completed.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the input env_handle
provided. Return values other than
major_status and minor_status are
undefined.
GSS_S_FAILURE indicates that the requested operation
failed for reasons unspecified at the GSS-
API level. Return values other than
major_status and minor_status are
undefined.
3.3 Per-IDU Calls
This group of calls is used to perform IDU protection processing on
an established IDUP environment. Some of these calls may block
pending network interactions (depending on the underlying mechanism
in use). These calls may be invoked by a data unit's protector or by
the P-IDU's recipient. The two sets of members of this group form a
pair; the output from the protection set is properly input to the
unprotection set.
Thakkar, Grebovich 25 Expires: August 18, 1996
3.3.1. idup_start_protect
OM_uint32 idup_start_protect (
idup_env_id_t env_handle,
IDUP_Mech_Specific_Info Mech_Specific_Info,
IDUP_Idu_Information Idu_Information,
int encapsulation_request,
IDUP_Special_Conditions Special_Conditions,
gss_buffer_t single_idu_buffer,
IDUP_Target_Info Target_Info,
IDUP_Services_To_Perform Services_to_Perform,
OM_uint32* minor_status,
gss_buffer_t midu_buffer,
gss_buffer_t pidu_buffer)
Purpose:
Using the security environment referenced by env_handle, initiate
the data structures required to begin the process of protecting the
IDU buffers.
Parameters:
env_handle idup_env_id_t, read
Identifies the environment in which the
data unit will be protected.
Mechanism_Specific_Info IDUP_Mech_Specific_Info, read
A collection of information defined by
(and specific to) the underlying
mechanism. NULL selects the mechanism-
defined default value for each parameter.
Idu_Information IDUP_Idu_Information, read
A collection of information (such as
encapsulated content type, content
description and sensitivity) about the IDU
to be protected.
encapsulation_request boolean, read
TRUE - request to encapsulate IDU
FALSE - do not encapsulate IDU.
Special_Conditions IDUP_Special_Conditions, read
These conditions control the protection
procedure. For those mechanisms which
allow or require multiple stages of
processing, each producing a different
aspect of protection for the data data
unit, the parameter bundle contains the
prot_oper_id parameter which is used to
specify which stage is currently being
Thakkar, Grebovich 26 Expires: August 18, 1996
requested by the application. The
parameter bundle also includes flags to
request use of trusted time or use of
untrusted time.
single_idu_buffer gss_buffer_t, read
Non-zero length for this buffer means that
idup_protect() and idup_end_protect() will
not be called (i.e., the entire IDU is
contained in this buffer)
Target_Info IDUP_Target_Info, read/modify
The P-IDU recipients are specified using
idup_name_set parameter and any invalid
recipients are returned in a set of
Bad_Target_Name parameter bundle.
Services_to_Perform IDUP_Services_To_Perform, read/modify
Protection Services requested. Each
service is able to return a minor status
code to the calling application, if
necessary.
minor_status integer, modify
mechanism specific status code.
midu_buffer gss_buffer_t, modify
zero length if encapsulation_request is
TRUE or if single_idu_buffer has zero
length.
pidu_buffer gss_buffer_t, modify
zero length if encapsulation_request is
FALSE or if single_idu_buffer has zero
length.
Function value:
GSS status code:
GSS_S_COMPLETE indicates that the protection process can
begin (or has completed, if
single_idu_buffer has non-zero length).
GSS_S_CONTINUE NEEDED indicates that at least one of the buffers
supplied is too small to hold the
generated data. The application should
continue calling this routine (until
GSS_S_COMPLETE is returned) in order to
get all remaining data.
Thakkar, Grebovich 27 Expires: August 18, 1996
GSS_S_CREDENTIALS_EXPIRED indicates that the environment is
recognized, but that its associated
credentials have expired, so that the
requested operation cannot be performed.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided.
IDUP_S_ENCAPSULATION_UNAVAIL indicates that the underlying mechanism
does not support encapsulation of the M-
IDU into the token.
IDUP_S_MORE_DATA_NEEDED indicates whether protection is completed
by this call or by idup_end_protect()
(e.g., whether more data buffers are
required for evidence generation).
IDUP_S_SERVICE_UNAVAIL indicates that the underlying mechanism
does not support the service requested.
IDUP_S_REQ_TIME_SERVICE_UNAVAIL indicates that the time service
requested (TTIME or UTIME) is not
available in the environment.
IDUP_S_UNKNOWN_OPER_ID indicates that the input prot_oper_id
value is not recognized or supported in
the underlying mechanism.
GSS_S_BAD_QOP indicates that the provided QOP value is
not recognized or supported for the
environment.
IDUP_S_BAD_TARG_INFO indicates that all the information
regarding the target(s) is invalid or is
insufficient for the protection of an IDU,
so the P-IDU cannot be created.
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
Thakkar, Grebovich 28 Expires: August 18, 1996
3.3.2. idup_protect
OM_uint32 idup_protect (
idup_env_id_t env_handle,
gss_buffer_t input_buffer,
OM_uint32 * minor_status,
gss_buffer_t output_buffer)
Purpose:
Using the security environment referenced by env_handle, continue the
protection processing on the data in input_buffer and, if the
underlying mechanism defines this, put any resulting M-IDU data in
output_buffer. The application calls this routine over and over
again with new buffers of data until it has protected all the data
buffers of the IDU. It then calls idup_end_protect() to complete
the protection process.
Parameters:
env_handle idup_env_id_t, read
Environment handle identifying environment
used.
input_buffer buffer, read
IDU buffer
minor_status integer, modify
Implementation specific status code
output_buffer buffer, opaque, modify
Protected data unit buffer. Zero length
if encapsulation_request was set to TRUE
in idup_start_protect()
Function value:
GSS status codes:
GSS_S_COMPLETE indicates that the input_buffer has
successfully been included in the
protection computation.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided.
GSS_S_FAILURE indicates that the environment is
recognized, but that the required
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
Thakkar, Grebovich 29 Expires: August 18, 1996
3.3.3. idup_end_protect
OM_uint32 idup_end_protect (
idup_env_id_t env_handle,
OM_uint32 * minor_status,
IDUP_Services_To_Perform Services_to_Perform,
gss_buffer_t final_midu_buffer,
gss_buffer_t final_pidu_buffer)
Purpose:
Using the security environment referenced by env_handle, complete the
protection processing on the data and place the computed output in
final_pidu_buffer (or final_midu_buffer and the uncapsulated_token
parameter for each Prot_Service). If a service was requested from
one or more targets in Start_Protect() - and if this is supported by
underlying mechanism - Service_Verification_Info will hold whatever
data is necessary for the mechanism to verify a service retuned by
a target (unprotector) of the P-IDU. Successful application of
idup_end_protect() does not guarantee that the corresponding
unprotection set of functions can necessarily be performed
successfully when the protected data unit arrives at the target (for
example, it may be damaged in transit).
Parameters:
env_handle idup_env_id_t, read
Environment handle identifying environment
used.
minor_status integer, modify
Implementation specific status code.
Services_to_Perform IDUP_Services_To_Perform
Protection Services requested. Each
service is able to return minor status
code to the calling application, if
necessary.
final_midu_buffer buffer, opaque, modify
Protected data unit buffer which holds any
residual data from the previous
idup_protect call. Zero length if
encapsulation_request was set to TRUE in
idup_start_protect(), in which case pidu
is used.
final_pidu_buffer buffer, opaque, modify
Protected data unit buffer. Zero length if
encapsulation_request was set to FALSE in
idup_start_protect(), in which case token
and midu are used.
Thakkar, Grebovich 30 Expires: August 18, 1996
Function value:
GSS status codes:
GSS_S_COMPLETE indicates that the protection computation
has been successfully completed and the
resulting P-IDU is ready for transfer. If
defined by the underlying mechanism,
final_midu_buffer will contain any
residual M-IDU data.
GSS_CONTINUE NEEDED indicates that at least one of the buffers
supplied is too small to hold the
generated data. The application should
continue calling this routine (until
GSS_S_COMPLETE is returned) in order to
get all remaining data.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided.
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
Thakkar, Grebovich 31 Expires: August 18, 1996
3.3.4. idup_start_unprotect
OM_uint32 idup_start_unprotect(
idup_env_id_t env_handle,
IDUP_Mech_Specific_Info Mech_Specific_Info,
gss_buffer_t single_pidu_buffer,
gss_buffer_t partial_pidu_buffer,
gss_buffer_t final_pidu_buffer,
IDUP_Special_Conditions Special_Conditions,
OM_uint32 * minor_status,
IDUP_Services_To_Receive Services_to_Receive,
IDUP_Prot_Information Prot_Information,
gss_buffer_t single_idu_buffer,
gss_buffer_t initial_idu_buffer,
IDUP_Service_Verification_Info
Service_Verification_Info,
int * service_verification_info_id)
Purpose:
Using the security environment referenced by env_handle, initialize
the data structures required to begin the process of unprotecting the
P-IDU.
Parameters:
env_handle idup_env_id_t, read
Environment handle identifying environment
used.
Mechanism_Specific_Info IDUP_Mech_Specific_Info, read
A collection of information defined by
(and specific to) the underlying
mechanism. NULL selects the mechanism-
defined default value for each parameter.
single_pidu_buffer buffer, read
Non-zero length for this buffer means that
idup_unprotect() and idup_end_unprotect()
will not be called. (i.e., the entire P-
IDU is contained in this buffer)
partial_pidu_buffer buffer, read
may be arbitary-sized piece of the full
pidu (if the application's buffer isn't
large enough to hold entire pidu), or may
be service token (if encapsulation was not
used).
final_pidu_buffer buffer, read
final buffer must be passed in
final_pidu_buffer rather then partial pidu
Thakkar, Grebovich 32 Expires: August 18, 1996
buffer. Only one of single_pidu_buffer and
partial(final)_pidu_buffer can have non
zero length.
Special_Conditions Special_Conditions, read
These conditions control the unprotection
procedure. For those mechanisms which
allow or require multiple stages of
processing, each producing a different
aspect of unprotection for the P-IDU, the
parameter bundle contains a prot_oper_id
parameter which is used to specify which
stage is currently being requested by the
application. The parameter bundle also
includes flags to request use of trusted
time or use of untrusted time.
minor_status integer, modify
Implementation specific status code
Services_to_Receive IDUP_Services_To_Receive, read/modify
This parameter bundle returns which
services were applied to the P-IDU.
Prot_Information IDUP_Prot_Information, modify
Holds originator name, IDU information,
time when protection was performed.
single_idu_buffer buffer, modify
If this buffer has non-zero length, then
service processing has been completed on
the data in single_pidu_buffer.
initial_idu_buffer buffer, modify
Holds any data from
partial(final)_pidu_buffer which has been
unprotected; remaining data will be
returned by Unprotect and End_Unprotect as
they are called with successive buffers of
pidu.
Service_Verification_Info IDUP_Service_Verification_Info, modify
Used only if target is on "service_to"
list in Unprot_Service.
service_verification_info_id integer, modify
Used only if target is on "service_to"
list in Unprot_Service.
Function value:
GSS status codes:
Thakkar, Grebovich 33 Expires: August 18, 1996
GSS_S_COMPLETE indicates that unprotection processing
can begin (or has been completed, if
single_idu_buffer has non-zero length).
GSS_S_CONTINUE NEEDED indicates that at least one of the
buffers supplied is too small to hold the
generated data. The application should
continue calling this routine (until
GSS_S_COMPLETE is returned) in order to
get all remaining data.
IDUP_S_MORE_PIDU_NEEDED indicates that not enough of P-IDU has
been input yet for the completion of
Start_Unprotect. The application should
call this routine again with another
buffer of P-IDU in partial_pidu_buffer.
GSS_S_DEFECTIVE_TOKEN indicates that consistency checks
performed on the received P-IDU failed,
preventing further processing from being
performed with that token.
IDUP_S_MORE_DATA_NEEDED indicates whether unprotection is
completed by this call or by
idup_end_unprotect() (e.g., whether more
data buffers are required for
unprotection).
GSS_DEFECTIVE_VERIF indicates that consistency checks
performed on the
Service_Verification_Info failed,
preventing further processing from being
performed with that parameter.
IDUP_S_NO_MATCH indicates that Service_Verification_Info
and the P-IDU to be verified do not
match.
IDUP_S_SERVICE_UNAVAIL indicates that the underlying mechanism
does not support the service requested.
IDUP_S_REQ_TIME_SERVICE_UNAVAIL indicates that the time service
requested (TTIME or UTIME) is not
available in the environment.
IDUP_S_EVIDENCE_TOKEN_INCOMPLETE indicates that more information is
needed in the P-IDU in order to verify it
(this may, if specified by the underlying
mechanism, be an indication that the token
is incomplete and
idup_form_complete_evidence() needs to be
called to complete it).
Thakkar, Grebovich 34 Expires: August 18, 1996
IDUP_S_SERV_VERIF_INFO_NEEDED indicates that the
Service_Verification_Info parameter bundle
must be input in order for service
verification to proceed. The output
parameter service_verification_info_id
contains an identifier whch may be used
by the calling application to locate the
necessary information.
GSS_S_CREDENTIALS_EXPIRED indicates that the environment is
recognized, but that its associated
credentials have expired, so that the
requested operation cannot be performed.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided.
IDUP_S_UNKNOWN_OPER_ID indicates that the input prot_oper_id
value is not recognized or supported in
the underlying mechanism.
GSS_S_BAD_QOP indicates that the qop_algs value
specified in P-IDU for at least one of the
services is unavailable in the local
mechanism, so processing cannot continue.
GSS_S_BAD_SIG indicates that the received P-IDU contains
an incorrect integrity field (e.g.,
signature or MAC) for the data.
IDUP_S_BAD_DOA_KEY indicates that the key used to provide IDU
data origin auth. / integ. has either
expired or been revoked.
IDUP_S_BAD_KE_KEY indicates that the key used to establish a
key for confidentiality purposes between
originator and target has either expired
or been revoked.
IDUP_S_BAD_ENC_IDU indicates that decryption of the received
IDU cannot be completed because the
encrypted IDU was invalid/defective
(e.g., the final block was short or had
incorrect padding).
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
Thakkar, Grebovich 35 Expires: August 18, 1996
3.3.5. idup_unprotect
OM_uint32 idup_unprotect (
idup_env_id_t env_handle,
gss_buffer_t input_buffer,
OM_uint32 * minor_status,
gss_buffer_t output_buffer)
Purpose:
Using the security environment referenced by env_handle, continue the
unprotect processing on the data and return the appropriate status
code. The application calls this routine over and over again with
new buffers of data until it has unprotected all the data buffers of
the P-IDU. It then calls idup_end_unprotect() to complete the
unprotection process.
Parameters:
env_handle idup_env_id_t, read
Environment handle identifying environment
used.
input_buffer buffer, modify
Protected data unit buffer.
minor_status integer, modify
Implementation specific status code
output_buffer buffer, modify
Unprotected data unit buffer.
Function values:
GSS status codes:
GSS_S_COMPLETE indicates that the input_buffer has
successfully been included in the
unprotection computation.
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided.
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
Thakkar, Grebovich 36 Expires: August 18, 1996
3.3.6. idup_end_unprotect
OM_uint32 idup_end_unprotect (
idup_env_id_t env_handle,
OM_uint32 * minor_status,
IDUP_Services_To_Receive Services_to_Receive,
gss_buffer_t final_idu_buffer,
IDUP_Service_Verification_Info
Service_Verification_Info,
int * service_verification_info_id)
Purpose:
Using the security environment referenced by env_handle, complete the
unprotect processing on the data and return the appropriate status
code.
Parameters:
env_handle idup_env_id_t, read
Environment handle identifying environment
used.
minor_status integer, modify
Implementation-specific status code.
Services_to_Receive IDUP_Services_To_Receive
This parameter bundle returns which
services were applied to the P-IDU.
final_idu_buffer buffer, modify
Unprotected data unit buffer.
Service_Verification_Info IDUP_Service_Verification_Info, modify
Used only if target is on "service_to"
list in Unprot_Service.
service_verification_info_id integer, modify
Used only if target is on "service_to"
list in Unprot_Service.
Function value:
GSS status codes:
GSS_S_COMPLETE indicates that the unprotect computation
was successful. Any residual IDU data
will be returned in final_idu_buffer.
Thakkar, Grebovich 37 Expires: August 18, 1996
GSS_S_CONTINUE NEEDED indicates that at least one of the buffers
supplied is too small to hold the
generated data. The application should
continue calling this routine (until
GSS_S_COMPLETE is returned) in order to
get all remaining data.
GSS_S_BAD_SIG indicates that the received P-IDU contains
an incorrect integrity field (e.g.,
signature or MAC) for the data.
IDUP_S_BAD_DOA_KEY indicates that the key used to provide IDU
data origin auth. / integ. has either
expired or been revoked.
IDUP_S_BAD_KE_KEY indicates that the key used to establish a
key for confidentiality purposes between
originator and target has either expired
or been revoked.
IDUP_S_BAD_ENC_IDU indicates that decryption of the received
IDU cannot be completed because the
encrypted IDU was invalid/defective (e.g.,
the final block was short or had incorrect
padding).
IDUP_S_NO_ENV indicates that no valid environment was
recognized for the env_handle provided.
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not performed for reasons
unspecified at the IDUP-GSS-API level.
3.4 Special Purpose Calls
The special purpose call described in this section has no analogue in
GSS-API [RFC-1508, RFC-1509]. This call is used to complete the
portfolio of evidence services in IDUP environment. This call may not be
supported by all underlying IDUP mechanisms or implementations.
Thakkar, Grebovich 38 Expires: August 18, 1996
3.4.1. idup_form_complete_evidence
OM_uint32 idup_form_complete_evidence (
idup_env_id_t env_handle,
gss_buffer_t single_evidence_buffer,
gss_buffer_t partial_evidence_buffer,
gss_buffer_t final_evidence_buffer,
OM_uint32 * minor_status,
gss_buffer_t evidence_token_out)
Purpose:
Using the security environment referenced by env_handle, complete the
generation of an evidence token for non-repudiation purposes and
return the appropriate status value along with the completed token.
Parameters:
env_handle idup_env_id_t, read
Environment handle identifying environment
used.
single_evidence_buffer buffer, opaque, read
partial_evidence_buffer buffer, opaque, read
may be an arbitary-sized piece of the full
evidence token.
final_evidence_buffer buffer, opaque, read
final buffer must be passed in
final_evidence_buffer rather then partial
evidence buffer. Only one of
single_evidence_buffer and
partial(final)_evidence_buffer can have
non zero length.
minor status integer, modify
Implementation specific status code.
evidence_token_out buffer, modify
Function value:
GSS status codes:
GSS_S_COMPLETE indicates that the completion of evidence
generation was successful.
Thakkar, Grebovich 39 Expires: August 18, 1996
GSS_S_CONTINUE NEEDED indicates that the buffer supplied for
evidence_token_out is too small to hold
the generated data. The application
should continue calling this routine
(until GSS_S_COMPLETE is returned) in
order to get all remaining data.
IDUP_S_SERVICE_UNAVAIL indicates that the underlying mechanism
does not support the service requested.
GSS_S_DEFECTIVE_TOKEN indicates that consistency checks
performed on the input evidence token
failed, preventing further processing from
being performed with that token.
GSS_S_FAILURE indicates that the environment is
recognized, but that the requested
operation could not be performed for
reasons unspecified at the IDUP-GSS-API
level.
3.5 Support calls
Support calls in IDUP-GSS-API are to be understood and used as
described in GSS-API [RFC-1508 and RFC-1509]. The calls
gss_display_status(), gss_indicate_mechs(), gss_compare_name(),
gss_display_name(), gss_import_name(), gss_release_name(),
gss_release_buffer(), gss_release_oid_set() are unchanged.
Thakkar, Grebovich 40 Expires: August 18, 1996
3.5.1 idup_parse_token
OM_uint32 idup_parse_token (
gss_buffer_t input_token,
OM_uint32 * minor_status,
gss_OID * mech_type)
Purpose:
idup_parse_token is used to return to an application the attributes
which correspond to a given input token.
Parameters:
input_token gss_buffer_t, read
Input token from the protect call.
minor_status integer, modify
Implementation specific status code.
mech_type OID, modify
The mechanism that was used to create
input_token.
Function value:
GSS status code:
GSS_S_COMPLETE indicates that the input_token could be
parsed for all relevant fields.
GSS_S_CREDENTIALS EXPIRED indicates that the environment is
recognized, but that its associated
credentials have expired, so that the
requested operation cannot be performed.
GSS_S_DEFECTIVE_TOKEN indicates that the mechanism type could be
parsed, but that either the other fields
could not be determined from the
input_token, or their values did not
correspond to valid values for that
mechanism.
GSS_S_FAILURE indicates that the mechanism type could
not be parsed (e.g., the token may be
corrupted).
Thakkar, Grebovich 41 Expires: August 18, 1996
4. ACKNOWLEDGMENTS
Many thanks to Carlisle Adams of Bell-Northern Research for many
helpful comments.
Section 1 and many parts of section 2 of this document are either
strongly influenced by or identical to John Wray's GSS-API: C-
Bindings [RFC-1509].
5. SECURITY CONSIDERATIONS
Security issues are discussed throughout this memo.
6. REFERENCES
[GSSv2] J. Linn, "Generic Security Service Application Program
Interface, Version 2", Internet Draft draft-ietf-cat-
gssv2-0x.txt (work in progress).
[IDUP] C. Adams, Independent Data Unit Protection Generic
Security Service Application Program Interface,
Internet Draft draft-ietf-cat-idup-gss-0x.txt (work in
progress).
[OSI] "OSI Object Management API Specification, Version 2.0 ",
X.400 API Association & X/Open Company Limited, August
1990. Specification of datatypes and routines for
manipulating information objects.
[RFC-1508]: J. Linn, "Generic Security Service Application Program
Interface", RFC 1508.
[RFC-1509]: J. Wray, "Generic Security Service API: C-bindings",
RFC1509.
7. AUTHOR'S ADDRESS
Dhanya Thakkar Dragan Grebovich
Bell-Northern Research Time-Step Corporation
P.O.Box 3511, Station C 359 Terry Fox Drive
Nepean, Ontario, CANADA K1Y 4H7 Kanata, Ontario, CANADA K2K 2E7
Phone: +1 (613) 763-9039 Phone: +1 (613) 599-3610 x4361
E-mail: dickie48@bnr.ca E-mail: dgrebovich@timestep.com
Thakkar, Grebovich 42 Expires: August 18, 1996
IDUP-GSS-API Example
#ifndef IDUP-GSS-API_H_
#define IDUP-GSS-API_H_
/*
* First, define the platform-dependent types.
*/
typedef <platform-specific> OM_uint32;
typedef <platform-specific> idup_env_id_t;
typedef <platform-specific> gss_cred_id_t;
typedef <platform-specific> gss_name_t;
typedef <platform-specific> idup_name_t;
/*
* Note that a platform supporting the xom.h X/Open header file
* may make use of that header for the definitions of OM_uint32
* and the structure to which gss_OID_desc equates.
*/
typedef struct gss_OID_desc_struct {
OM_uint32 length;
void *elements;
} gss_OID_desc, *gss_OID;
typedef struct gss_OID_set_desc_struct {
int count;
gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;
typedef struct gss_buffer_desc_struct {
size_t length;
void *value;
} gss_buffer_desc, *gss_buffer_t;
typedef struct idup_name_set_desc_struct {
int count;
gss_name_t elements;
} idup_name_set_desc, *idup_name_set;
typedef struct {
gss_buffer_t idu_type;
gss_buffer_t idu_title;
IDUP_Idu_Sensitivity Idu_Sensitivity;
} IDUP_Idu_Information_desc, *IDUP_Idu_Information;
Thakkar, Grebovich 43 Expires: August 18, 1996
typedef struct {
OM_uint32 qop_algs;
OM_uint32 validity;
gss_OID policy_id;
int allow_policy_mapping;
} IDUP_Quality_desc, *IDUP_Quality;
typedef struct {
gss_buffer_t originator_name;
IDUP_Idu_Information Idu_Information;
int protection_time;
} IDUP_Prot_Information_desc, *IDUP_Prot_Information;
typedef struct {
int prot_oper_id;
int use_trusted_time;
int use_untrusted_time;
} IDUP_Special_Conditions_desc, *IDUP_Special_Conditions;
typedef struct {
IDUP_Target_Info Target_Info;
gss_buffer_t unencapsulated_token; /* Output */
OM_uint32 minor_status; /* Output */
} IDUP_General_Service_Data_desc, *IDUP_General_Service_Data;
typedef struct {
gss_buffer_t bad_targ_name; /* Output */
int bad_targ_status; /* Output */
} IDUP_Bad_Target_Name_desc, *IDUP_Bad_Target_Name;
typedef struct {
idup_name_set targ_names; /* Input */
IDUP_Bad_Target_Name Bad_Target_Names; /* Output */
int bad_count; /* Output */
} IDUP_Target_Info_desc, *IDUP_Target_Info;
Thakkar, Grebovich 44 Expires: August 18, 1996
typedef struct {
int prot_service_type; /* Input */
gss_OID service_id; /* Input */
IDUP_Quality Quality; /* Input */
IDUP_General_Service_Data
General_Service_Data; /* Input */
IDUP_Service_Creation_Info
Service_Creation_Info;
/* Input */
idup_name_set services_to; /* Input */
IDUP_Service_Verification_Info
Service_Verification_Info;
/* Output */
int service_verification_info_id;
/* Output */
} IDUP_Prot_Service_desc, *IDUP_Prot_Service;
typedef struct {
OM_uint32 no_of_services;
IDUP_Prot_Service Prot_Service;
} IDUP_Services_To_Perform_desc, *IDUP_Services_To_Perform;
typedef struct {
int unprot_service_type; /* Output */
gss_OID service_id; /* Output */
IDUP_Quality Quality; /* Output */
IDUP_General_Service_Data General_Service_Data;
/* Output */
int service_verification_info_id;
/* Output */
IDUP_Service_Verification_Info
Service_Verification_Info;
/* Input */
idup_name_set services_to; /* Output */
IDUP_Service_Creation_Info
Service_Creation_Info;
/* Output */
} IDUP_Unprot_Service_desc, *IDUP_Unprot_Service;
typedef struct {
OM_uint32 no_of_services;
IDUP_Unprot_Service Unprot_Service;
} IDUP_Services_To_Receive_desc, *IDUP_Services_To_Receive;
Thakkar, Grebovich 45 Expires: August 18, 1996
/*
* Credential usage options
*/
#define GSS_C_BOTH 0
#define IDUP_C_PROTECT 1
#define IDUP_C_UNPROTECT 2
/*
* Status code types for gss_display_status
*/
#define GSS_C_GSS_CODE 1
#define GSS_C_MECH_CODE 2
#define IDUP_C_CODE 3
#define GSS_C_AF_NULLADDR 255;
#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
#define GSS_C_NULL_OID ((gss_OID) 0)
#define GSS_C_NULL_OID_SET ((gss_OID_set) 0)
#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
#define GSS_C_EMPTY_BUFFER {0, NULL}
#define IDUP_C_NO_ENV ((idup_env_id_t) 0)
/*
* Define the default Quality of Protection for per-data-unit
* services. Note that an implementation that offers multiple
* levels of QOP may either reserve a value (for example zero,
* as assumed here) to mean "default protection", or alternatively
* may simply equate GSS_C_QOP_DEFAULT to a specific explicit QOP
* value.
*/
#define GSS_C_QOP_DEFAULT 0
/*
* Define the default policy time for per-data-unit services.
* An implementation may equate IDUP_C_POLICY_TIME_DEFAULT to a
* specific explicit IDUP_C_POLICY_TIME_DEFAULT value.
*/
#define IDUP_C_POLICY_TIME_DEFAULT 0
Thakkar, Grebovich 46 Expires: August 18, 1996
/*
* Expiration time of 2^32-1 seconds means infinite lifetime for a
* credential or security environment
*/
#define GSS_C_INDEFINITE 0xfffffffful
/* Major status codes */
#define GSS_S_COMPLETE 0
/*
* Some "helper" definitions to make the status code macros
obvious.
*/
#define GSS_C_CALLING_ERROR_OFFSET 24
#define GSS_C_ROUTINE_ERROR_OFFSET 16
#define GSS_C_SUPPLEMENTARY_OFFSET 0
#define GSS_C_CALLING_ERROR_MASK 0377ul
#define GSS_C_ROUTINE_ERROR_MASK 0377ul
#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
/*
* The macros that test status codes for error conditions
*/
#define GSS_CALLING_ERROR(x) \
(x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
#define GSS_ROUTINE_ERROR(x) \
(x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
#define GSS_SUPPLEMENTARY_INFO(x) \
(x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
#define GSS_ERROR(x) \
((GSS_CALLING_ERROR(x) != 0) || (GSS_ROUTINE_ERROR(x) != 0))
/*
* Calling errors:
*/
#define GSS_S_CALL_INACCESSIBLE_READ \
(1ul << GSS_C_CALLING_ERROR_OFFSET)
#define GSS_S_CALL_INACCESSIBLE_WRITE \
(2ul << GSS_C_CALLING_ERROR_OFFSET)
#define GSS_S_CALL_BAD_STRUCTURE \
(3ul << GSS_C_CALLING_ERROR_OFFSET)
Thakkar, Grebovich 47 Expires: August 18, 1996
/*
* Routine errors:
*/
#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_CONTEXT_EXPIRED(12ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_UNAUTHORIZED (15ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_UNAVAILABLE (16ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_BAD_TARG_INFO (17ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_BAD_DOA_KEY (18ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_BAD_KE_KEY (19ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_BAD_ENC_IDU (20ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_EVIDENCE_TOKEN_INCOMPLETE \
(21ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_SERV_VERIF_INFO_NEEDED \
(22ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_SERVICE_UNAVAIL (23ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_REQ_TIME_SERVICE_UNAVAIL \
(24ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_NO_ENV (25ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_NO_MATCH (26ul << IDUP_C_ROUTINE_ERROR_OFFSET)
#define IDUP_S_UNKNOWN_OPER_ID (27ul << IDUP_C_ROUTINE_ERROR_OFFSET)
/*
* Supplementary info bits:
*/
#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
#define IDUP_S_ENCAPSULATION_UNAVAIL \
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 5))
#define IDUP_S_MORE_PIDU_NEEDED \
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 6))
#define IDUP_S_MORE_DATA_NEEDED \
(1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 7))
Thakkar, Grebovich 48 Expires: August 18, 1996
/*
* Finally, function prototypes for the IDUP-GSS-API routines.
*/
OM_uint32 idup_establish_env (
gss_cred_id_t, /* claimant_cred_handle,
gss_OID, /* req_mech_type */
gss_OID, /* req_policy */
time_t, /* policy_time */
gss_OID_set, /* req_services */
OM_uint32 *, /* minor_status */
idup_env_id_t *, /* env_handle */
gss_OID *, /* actual_mech_type */
gss_OID *, /* actual_policy */
time_t *, /* actual_policy_time */
gss_OID_set /* ret_services */
);
OM_uint32 idup_abolish_env (
idup_env_id_t *, /* env_handle */
OM_uint32 * /* minor_status */
);
OM_uint32 idup_inquire_env (
idup_env_id_t, /* env_handle */
OM_uint32 *, /* minor_status */
gss_OID *, /* mech_type */
gss_OID *, /* policy */
time_t *, /* policy_time */
gss_OID_set * /* ret_services */
);
OM_uint32 idup_start_protect (
idup_env_id_t, /* env_handle */
IDUP_Mech_Specific_Info, /* Mech_Specific_Info */
IDUP_Idu_Information, /* Idu_Information */
int, /* encapsulation_request */
IDUP_Special_Conditions, /* Special_Conditions */
gss_buffer_t, /* single_idu_buffer */
IDUP_Target_Info, /* Target_Info */
IDUP_Services_To_Perform, /* Services_to_Perform */
OM_uint32*, /* minor_status */
gss_buffer_t, /* midu_buffer */
gss_buffer_t /* pidu_buffer */
);
Thakkar, Grebovich 49 Expires: August 18, 1996
OM_uint32 idup_protect (
idup_env_id_t, /* env_handle */
gss_buffer_t, /* input_buffer */
OM_uint32 *, /* minor_status */
gss_buffer_t /* output_buffer */
);
OM_uint32 idup_end_protect (
idup_env_id_t, /* env_handle */
OM_uint32 *, /* minor_status */
IDUP_Services_To_Perform, /* Services_to_Perform */
gss_buffer_t, /* final_midu_buffer */
gss_buffer_t /* final_pidu_buffer */
);
OM_uint32 idup_start_unprotect (
idup_env_id_t, /* env_handle */
IDUP_Mech_Specific_Info, /* Mech_Specific_Info */
gss_buffer_t, /* single_pidu_buffer */
gss_buffer_t, /* partial_pidu_buffer */
gss_buffer_t, /* final_pidu_buffer */
IDUP_Special_Conditions, /* Special_Conditions */
OM_uint32 *, /* minor_status */
IDUP_Services_To_Receive, /* Services_to_Receive */
IDUP_Prot_Information, /* Prot_Information */
gss_buffer_t /* single_idu_buffer */
gss_buffer_t, /* initial_idu_buffer */
IDUP_Service_Verification_Info,
/* Service_Verification_Info */
int * /* service_verification_info_id */
);
OM_uint32 idup_unprotect (
idup_env_id_t, /* env_handle */
gss_buffer_t, /* input_buffer */
OM_uint32 *, /* minor_status */
gss_buffer_t /* output_buffer */
);
OM_uint32 idup_end_unprotect (
idup_env_id_t, /* env_handle */
OM_uint32 *, /* minor_status */
IDUP_Services_To_Receive, /* Services_to_Receive */
gss_buffer_t, /* final_idu_buffer */
IDUP_Service_Verification_Info,
/* Service_Verification_Info */
int * /* service_verification_info_id */
);
Thakkar, Grebovich 50 Expires: August 18, 1996
OM_uint32 idup_form_complete_evidence (
idup_env_id_t, /* env_handle */
gss_buffer_t, /* single_evidence_buffer */
gss_buffer_t, /* partial_evidence_buffer */
gss_buffer_t, /* final_evidence_buffer */
OM_uint32 *, /* minor_status */
gss_buffer_t /* evidence_token_out */
);
OM_uint32 idup_parse_token (
gss_buffer_t, /* input_token */
OM_uint32 *, /* minor_status */
gss_OID * /* mech_type */
);
OM_uint32 gss_display_status (
OM_uint32*, /* minor_status */
OM_uint32, /* status_value */
int, /* status_type */
gss_OID, /* mech_type */
int*, /* message_environment */
gss_buffer_t /* status_string */
);
OM_uint32 gss_indicate_mechs (
OM_uint32*, /* minor_status */
gss_OID_set* /* mech_set */
);
OM_uint32 gss_compare_name (
OM_uint32*, /* minor_status */
gss_name_t, /* name1 */
gss_name_t, /* name2 */
int* /* name_equal */
);
OM_uint32 gss_display_name (
OM_uint32*, /* minor_status */
gss_name_t, /* input_name */
gss_buffer_t, /* output_name_buffer */
gss_OID* /* output_name_type */
);
Thakkar, Grebovich 51 Expires: August 18, 1996
OM_uint32 gss_import_name (
OM_uint32*, /* minor_status */
gss_buffer_t, /* input_name_buffer */
gss_OID, /* input_name_type */
gss_name_t* /* output_name */
);
OM_uint32 gss_release_name (
OM_uint32*, /* minor_status */
gss_name_t* /* input_name */
);
OM_uint32 gss_release_buffer (
OM_uint32*, /* minor_status */
gss_buffer_t /* buffer */
);
OM_uint32 gss_release_oid_set (
OM_uint32*, /* minor_status */
gss_OID_set* /* set */
);
OM_uint32 idup_release_name_set (
OM_uint32*, /* minor_status */
idup_name_set* /* set */
);
#endif /* IDUP-GSS-API_H_ *
Thakkar, Grebovich 52 Expires: August 18, 1996
| PAFTECH AB 2003-2026 | 2026-04-23 06:07:08 |