LCOV - code coverage report
Current view: top level - lib - msg.c (source / functions) Hit Total Coverage
Test: GNU Generic Security Service Lines: 10 44 22.7 %
Date: 2010-05-20 Functions: 2 4 50.0 %
Legend: Lines: hit not hit | Branches: + taken - not taken # not executed Branches: 4 32 12.5 %

           Branch data     Line data    Source code
       1                 :            : /* msg.c --- Implementation of GSS-API Per-Message functions.
       2                 :            :  * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010  Simon Josefsson
       3                 :            :  *
       4                 :            :  * This file is part of the Generic Security Service (GSS).
       5                 :            :  *
       6                 :            :  * GSS is free software; you can redistribute it and/or modify it
       7                 :            :  * under the terms of the GNU General Public License as published by
       8                 :            :  * the Free Software Foundation; either version 3 of the License, or
       9                 :            :  * (at your option) any later version.
      10                 :            :  *
      11                 :            :  * GSS is distributed in the hope that it will be useful, but WITHOUT
      12                 :            :  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
      13                 :            :  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
      14                 :            :  * License for more details.
      15                 :            :  *
      16                 :            :  * You should have received a copy of the GNU General Public License
      17                 :            :  * along with GSS; if not, see http://www.gnu.org/licenses or write to
      18                 :            :  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth
      19                 :            :  * Floor, Boston, MA 02110-1301, USA.
      20                 :            :  *
      21                 :            :  */
      22                 :            : 
      23                 :            : #include "internal.h"
      24                 :            : 
      25                 :            : /* _gss_find_mech */
      26                 :            : #include "meta.h"
      27                 :            : 
      28                 :            : /**
      29                 :            :  * gss_get_mic:
      30                 :            :  * @minor_status: (Integer, modify) Mechanism specific status code.
      31                 :            :  * @context_handle: (gss_ctx_id_t, read) Identifies the context on
      32                 :            :  *   which the message will be sent.
      33                 :            :  * @qop_req: (gss_qop_t, read, optional) Specifies requested quality
      34                 :            :  *   of protection.  Callers are encouraged, on portability grounds,
      35                 :            :  *   to accept the default quality of protection offered by the chosen
      36                 :            :  *   mechanism, which may be requested by specifying GSS_C_QOP_DEFAULT
      37                 :            :  *   for this parameter.  If an unsupported protection strength is
      38                 :            :  *   requested, gss_get_mic will return a major_status of
      39                 :            :  *   GSS_S_BAD_QOP.
      40                 :            :  * @message_buffer: (buffer, opaque, read) Message to be protected.
      41                 :            :  * @message_token: (buffer, opaque, modify) Buffer to receive token.  The
      42                 :            :  *   application must free storage associated with this buffer after
      43                 :            :  *   use with a call to gss_release_buffer().
      44                 :            :  *
      45                 :            :  * Generates a cryptographic MIC for the supplied message, and places
      46                 :            :  * the MIC in a token for transfer to the peer application. The
      47                 :            :  * qop_req parameter allows a choice between several cryptographic
      48                 :            :  * algorithms, if supported by the chosen mechanism.
      49                 :            :  *
      50                 :            :  * Since some application-level protocols may wish to use tokens
      51                 :            :  * emitted by gss_wrap() to provide "secure framing", implementations
      52                 :            :  * must support derivation of MICs from zero-length messages.
      53                 :            :  *
      54                 :            :  * Return value:
      55                 :            :  *
      56                 :            :  * `GSS_S_COMPLETE`: Successful completion.
      57                 :            :  *
      58                 :            :  * `GSS_S_CONTEXT_EXPIRED`: The context has already expired.
      59                 :            :  *
      60                 :            :  * `GSS_S_NO_CONTEXT`: The context_handle parameter did not identify a
      61                 :            :  * valid context.
      62                 :            :  *
      63                 :            :  * `GSS_S_BAD_QOP`: The specified QOP is not supported by the
      64                 :            :  * mechanism.
      65                 :            :  **/
      66                 :            : OM_uint32
      67                 :          0 : gss_get_mic (OM_uint32 * minor_status,
      68                 :            :              const gss_ctx_id_t context_handle,
      69                 :            :              gss_qop_t qop_req,
      70                 :            :              const gss_buffer_t message_buffer, gss_buffer_t message_token)
      71                 :            : {
      72                 :            :   _gss_mech_api_t mech;
      73                 :            : 
      74         [ #  # ]:          0 :   if (!context_handle)
      75                 :            :     {
      76         [ #  # ]:          0 :       if (minor_status)
      77                 :          0 :         *minor_status = 0;
      78                 :          0 :       return GSS_S_NO_CONTEXT;
      79                 :            :     }
      80                 :            : 
      81                 :          0 :   mech = _gss_find_mech (context_handle->mech);
      82         [ #  # ]:          0 :   if (mech == NULL)
      83                 :            :     {
      84         [ #  # ]:          0 :       if (minor_status)
      85                 :          0 :         *minor_status = 0;
      86                 :          0 :       return GSS_S_BAD_MECH;
      87                 :            :     }
      88                 :            : 
      89                 :          0 :   return mech->get_mic (minor_status, context_handle, qop_req,
      90                 :            :                         message_buffer, message_token);
      91                 :            : }
      92                 :            : 
      93                 :            : /**
      94                 :            :  * gss_verify_mic:
      95                 :            :  * @minor_status: (Integer, modify) Mechanism specific status code.
      96                 :            :  * @context_handle: (gss_ctx_id_t, read) Identifies the context on
      97                 :            :  *   which the message arrived.
      98                 :            :  * @message_buffer: (buffer, opaque, read) Message to be verified.
      99                 :            :  * @token_buffer: (buffer, opaque, read) Token associated with
     100                 :            :  *   message.
     101                 :            :  * @qop_state: (gss_qop_t, modify, optional) Quality of protection
     102                 :            :  *   gained from MIC Specify NULL if not required.
     103                 :            :  *
     104                 :            :  * Verifies that a cryptographic MIC, contained in the token
     105                 :            :  * parameter, fits the supplied message.  The qop_state parameter
     106                 :            :  * allows a message recipient to determine the strength of protection
     107                 :            :  * that was applied to the message.
     108                 :            :  *
     109                 :            :  * Since some application-level protocols may wish to use tokens
     110                 :            :  * emitted by gss_wrap() to provide "secure framing", implementations
     111                 :            :  * must support the calculation and verification of MICs over
     112                 :            :  * zero-length messages.
     113                 :            :  *
     114                 :            :  * Return value:
     115                 :            :  *
     116                 :            :  * `GSS_S_COMPLETE`: Successful completion.
     117                 :            :  *
     118                 :            :  * `GSS_S_DEFECTIVE_TOKEN`: The token failed consistency checks.
     119                 :            :  *
     120                 :            :  * `GSS_S_BAD_SIG`: The MIC was incorrect.
     121                 :            :  *
     122                 :            :  * `GSS_S_DUPLICATE_TOKEN`: The token was valid, and contained a
     123                 :            :  * correct MIC for the message, but it had already been processed.
     124                 :            :  *
     125                 :            :  * `GSS_S_OLD_TOKEN`: The token was valid, and contained a correct MIC
     126                 :            :  * for the message, but it is too old to check for duplication.
     127                 :            :  *
     128                 :            :  * `GSS_S_UNSEQ_TOKEN`: The token was valid, and contained a correct
     129                 :            :  * MIC for the message, but has been verified out of sequence; a later
     130                 :            :  * token has already been received.
     131                 :            :  *
     132                 :            :  * `GSS_S_GAP_TOKEN`: The token was valid, and contained a correct MIC
     133                 :            :  * for the message, but has been verified out of sequence; an earlier
     134                 :            :  * expected token has not yet been received.
     135                 :            :  *
     136                 :            :  * `GSS_S_CONTEXT_EXPIRED`: The context has already expired.
     137                 :            :  *
     138                 :            :  * `GSS_S_NO_CONTEXT`: The context_handle parameter did not identify a
     139                 :            :  * valid context.
     140                 :            :  **/
     141                 :            : OM_uint32
     142                 :          0 : gss_verify_mic (OM_uint32 * minor_status,
     143                 :            :                 const gss_ctx_id_t context_handle,
     144                 :            :                 const gss_buffer_t message_buffer,
     145                 :            :                 const gss_buffer_t token_buffer, gss_qop_t * qop_state)
     146                 :            : {
     147                 :            :   _gss_mech_api_t mech;
     148                 :            : 
     149         [ #  # ]:          0 :   if (!context_handle)
     150                 :            :     {
     151         [ #  # ]:          0 :       if (minor_status)
     152                 :          0 :         *minor_status = 0;
     153                 :          0 :       return GSS_S_NO_CONTEXT;
     154                 :            :     }
     155                 :            : 
     156                 :          0 :   mech = _gss_find_mech (context_handle->mech);
     157         [ #  # ]:          0 :   if (mech == NULL)
     158                 :            :     {
     159         [ #  # ]:          0 :       if (minor_status)
     160                 :          0 :         *minor_status = 0;
     161                 :          0 :       return GSS_S_BAD_MECH;
     162                 :            :     }
     163                 :            : 
     164                 :          0 :   return mech->verify_mic (minor_status, context_handle,
     165                 :            :                            message_buffer, token_buffer, qop_state);
     166                 :            : }
     167                 :            : 
     168                 :            : /**
     169                 :            :  * gss_wrap:
     170                 :            :  * @minor_status: (Integer, modify) Mechanism specific status code.
     171                 :            :  * @context_handle: (gss_ctx_id_t, read) Identifies the context on
     172                 :            :  *   which the message will be sent.
     173                 :            :  * @conf_req_flag: (boolean, read) Non-zero - Both confidentiality and
     174                 :            :  *   integrity services are requested. Zero - Only integrity service is
     175                 :            :  *   requested.
     176                 :            :  * @qop_req: (gss_qop_t, read, optional) Specifies required quality of
     177                 :            :  *   protection.  A mechanism-specific default may be requested by
     178                 :            :  *   setting qop_req to GSS_C_QOP_DEFAULT.  If an unsupported
     179                 :            :  *   protection strength is requested, gss_wrap will return a
     180                 :            :  *   major_status of GSS_S_BAD_QOP.
     181                 :            :  * @input_message_buffer: (buffer, opaque, read) Message to be
     182                 :            :  *   protected.
     183                 :            :  * @conf_state: (boolean, modify, optional) Non-zero -
     184                 :            :  *   Confidentiality, data origin authentication and integrity
     185                 :            :  *   services have been applied. Zero - Integrity and data origin
     186                 :            :  *   services only has been applied.  Specify NULL if not required.
     187                 :            :  * @output_message_buffer: (buffer, opaque, modify) Buffer to receive
     188                 :            :  *   protected message.  Storage associated with this message must be
     189                 :            :  *   freed by the application after use with a call to
     190                 :            :  *   gss_release_buffer().
     191                 :            :  *
     192                 :            :  * Attaches a cryptographic MIC and optionally encrypts the specified
     193                 :            :  * input_message.  The output_message contains both the MIC and the
     194                 :            :  * message.  The qop_req parameter allows a choice between several
     195                 :            :  * cryptographic algorithms, if supported by the chosen mechanism.
     196                 :            :  *
     197                 :            :  * Since some application-level protocols may wish to use tokens
     198                 :            :  * emitted by gss_wrap() to provide "secure framing", implementations
     199                 :            :  * must support the wrapping of zero-length messages.
     200                 :            :  *
     201                 :            :  * Return value:
     202                 :            :  *
     203                 :            :  * `GSS_S_COMPLETE`: Successful completion.
     204                 :            :  *
     205                 :            :  * `GSS_S_CONTEXT_EXPIRED`: The context has already expired.
     206                 :            :  *
     207                 :            :  * `GSS_S_NO_CONTEXT`: The context_handle parameter did not identify a
     208                 :            :  *  valid context.
     209                 :            :  *
     210                 :            :  * `GSS_S_BAD_QOP`: The specified QOP is not supported by the
     211                 :            :  * mechanism.
     212                 :            :  **/
     213                 :            : OM_uint32
     214                 :          3 : gss_wrap (OM_uint32 * minor_status,
     215                 :            :           const gss_ctx_id_t context_handle,
     216                 :            :           int conf_req_flag,
     217                 :            :           gss_qop_t qop_req,
     218                 :            :           const gss_buffer_t input_message_buffer,
     219                 :            :           int *conf_state, gss_buffer_t output_message_buffer)
     220                 :            : {
     221                 :            :   _gss_mech_api_t mech;
     222                 :            : 
     223         [ -  + ]:          3 :   if (!context_handle)
     224                 :            :     {
     225         [ #  # ]:          0 :       if (minor_status)
     226                 :          0 :         *minor_status = 0;
     227                 :          0 :       return GSS_S_NO_CONTEXT;
     228                 :            :     }
     229                 :            : 
     230                 :          3 :   mech = _gss_find_mech (context_handle->mech);
     231         [ -  + ]:          3 :   if (mech == NULL)
     232                 :            :     {
     233         [ #  # ]:          0 :       if (minor_status)
     234                 :          0 :         *minor_status = 0;
     235                 :          0 :       return GSS_S_BAD_MECH;
     236                 :            :     }
     237                 :            : 
     238                 :          3 :   return mech->wrap (minor_status, context_handle, conf_req_flag, qop_req,
     239                 :            :                      input_message_buffer, conf_state, output_message_buffer);
     240                 :            : }
     241                 :            : 
     242                 :            : /**
     243                 :            :  * gss_unwrap:
     244                 :            :  * @minor_status: (Integer, modify) Mechanism specific status code.
     245                 :            :  * @context_handle: (gss_ctx_id_t, read) Identifies the context on
     246                 :            :  *   which the message arrived.
     247                 :            :  * @input_message_buffer: (buffer, opaque, read) Protected message.
     248                 :            :  * @output_message_buffer: (buffer, opaque, modify) Buffer to receive
     249                 :            :  *   unwrapped message.  Storage associated with this buffer must be
     250                 :            :  *   freed by the application after use use with a call to
     251                 :            :  *   gss_release_buffer().
     252                 :            :  * @conf_state: (boolean, modify, optional) Non-zero - Confidentiality
     253                 :            :  *   and integrity protection were used. Zero - Integrity service only
     254                 :            :  *   was used.  Specify NULL if not required.
     255                 :            :  * @qop_state: (gss_qop_t, modify, optional) Quality of protection
     256                 :            :  *   provided.  Specify NULL if not required.
     257                 :            :  *
     258                 :            :  * Converts a message previously protected by gss_wrap back to a
     259                 :            :  * usable form, verifying the embedded MIC.  The conf_state parameter
     260                 :            :  * indicates whether the message was encrypted; the qop_state
     261                 :            :  * parameter indicates the strength of protection that was used to
     262                 :            :  * provide the confidentiality and integrity services.
     263                 :            :  *
     264                 :            :  * Since some application-level protocols may wish to use tokens
     265                 :            :  * emitted by gss_wrap() to provide "secure framing", implementations
     266                 :            :  * must support the wrapping and unwrapping of zero-length messages.
     267                 :            :  *
     268                 :            :  * Return value:
     269                 :            :  *
     270                 :            :  * `GSS_S_COMPLETE`: Successful completion.
     271                 :            :  *
     272                 :            :  * `GSS_S_DEFECTIVE_TOKEN`: The token failed consistency checks.
     273                 :            :  *
     274                 :            :  * `GSS_S_BAD_SIG`: The MIC was incorrect.
     275                 :            :  *
     276                 :            :  * `GSS_S_DUPLICATE_TOKEN`: The token was valid, and contained a
     277                 :            :  *  correct MIC for the message, but it had already been processed.
     278                 :            :  *
     279                 :            :  * `GSS_S_OLD_TOKEN`: The token was valid, and contained a correct MIC
     280                 :            :  * for the message, but it is too old to check for duplication.
     281                 :            :  *
     282                 :            :  * `GSS_S_UNSEQ_TOKEN`: The token was valid, and contained a correct
     283                 :            :  * MIC for the message, but has been verified out of sequence; a later
     284                 :            :  * token has already been received.
     285                 :            :  *
     286                 :            :  * `GSS_S_GAP_TOKEN`: The token was valid, and contained a correct MIC
     287                 :            :  * for the message, but has been verified out of sequence; an earlier
     288                 :            :  * expected token has not yet been received.
     289                 :            :  *
     290                 :            :  * `GSS_S_CONTEXT_EXPIRED`: The context has already expired.
     291                 :            :  *
     292                 :            :  * `GSS_S_NO_CONTEXT`: The context_handle parameter did not identify a
     293                 :            :  * valid context.
     294                 :            :  **/
     295                 :            : OM_uint32
     296                 :          3 : gss_unwrap (OM_uint32 * minor_status,
     297                 :            :             const gss_ctx_id_t context_handle,
     298                 :            :             const gss_buffer_t input_message_buffer,
     299                 :            :             gss_buffer_t output_message_buffer,
     300                 :            :             int *conf_state, gss_qop_t * qop_state)
     301                 :            : {
     302                 :            :   _gss_mech_api_t mech;
     303                 :            : 
     304         [ -  + ]:          3 :   if (!context_handle)
     305                 :            :     {
     306         [ #  # ]:          0 :       if (minor_status)
     307                 :          0 :         *minor_status = 0;
     308                 :          0 :       return GSS_S_NO_CONTEXT;
     309                 :            :     }
     310                 :            : 
     311                 :          3 :   mech = _gss_find_mech (context_handle->mech);
     312         [ -  + ]:          3 :   if (mech == NULL)
     313                 :            :     {
     314         [ #  # ]:          0 :       if (minor_status)
     315                 :          0 :         *minor_status = 0;
     316                 :          0 :       return GSS_S_BAD_MECH;
     317                 :            :     }
     318                 :            : 
     319                 :          3 :   return mech->unwrap (minor_status, context_handle, input_message_buffer,
     320                 :            :                        output_message_buffer, conf_state, qop_state);
     321                 :            : }

Generated by: LCOV version 1.8