gss_api.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
gss_api.h (4560B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2/*
      3 * linux/include/linux/sunrpc/gss_api.h
      4 *
      5 * Somewhat simplified version of the gss api.
      6 *
      7 * Dug Song <dugsong@monkey.org>
      8 * Andy Adamson <andros@umich.edu>
      9 * Bruce Fields <bfields@umich.edu>
     10 * Copyright (c) 2000 The Regents of the University of Michigan
     11 */
     12
     13#ifndef _LINUX_SUNRPC_GSS_API_H
     14#define _LINUX_SUNRPC_GSS_API_H
     15
     16#include <linux/sunrpc/xdr.h>
     17#include <linux/sunrpc/msg_prot.h>
     18#include <linux/uio.h>
     19
     20/* The mechanism-independent gss-api context: */
     21struct gss_ctx {
     22	struct gss_api_mech	*mech_type;
     23	void			*internal_ctx_id;
     24	unsigned int		slack, align;
     25};
     26
     27#define GSS_C_NO_BUFFER		((struct xdr_netobj) 0)
     28#define GSS_C_NO_CONTEXT	((struct gss_ctx *) 0)
     29#define GSS_C_QOP_DEFAULT	(0)
     30
     31/*XXX  arbitrary length - is this set somewhere? */
     32#define GSS_OID_MAX_LEN 32
     33struct rpcsec_gss_oid {
     34	unsigned int	len;
     35	u8		data[GSS_OID_MAX_LEN];
     36};
     37
     38/* From RFC 3530 */
     39struct rpcsec_gss_info {
     40	struct rpcsec_gss_oid	oid;
     41	u32			qop;
     42	u32			service;
     43};
     44
     45/* gss-api prototypes; note that these are somewhat simplified versions of
     46 * the prototypes specified in RFC 2744. */
     47int gss_import_sec_context(
     48		const void*		input_token,
     49		size_t			bufsize,
     50		struct gss_api_mech	*mech,
     51		struct gss_ctx		**ctx_id,
     52		time64_t		*endtime,
     53		gfp_t			gfp_mask);
     54u32 gss_get_mic(
     55		struct gss_ctx		*ctx_id,
     56		struct xdr_buf		*message,
     57		struct xdr_netobj	*mic_token);
     58u32 gss_verify_mic(
     59		struct gss_ctx		*ctx_id,
     60		struct xdr_buf		*message,
     61		struct xdr_netobj	*mic_token);
     62u32 gss_wrap(
     63		struct gss_ctx		*ctx_id,
     64		int			offset,
     65		struct xdr_buf		*outbuf,
     66		struct page		**inpages);
     67u32 gss_unwrap(
     68		struct gss_ctx		*ctx_id,
     69		int			offset,
     70		int			len,
     71		struct xdr_buf		*inbuf);
     72u32 gss_delete_sec_context(
     73		struct gss_ctx		**ctx_id);
     74
     75rpc_authflavor_t gss_svc_to_pseudoflavor(struct gss_api_mech *, u32 qop,
     76					u32 service);
     77u32 gss_pseudoflavor_to_service(struct gss_api_mech *, u32 pseudoflavor);
     78bool gss_pseudoflavor_to_datatouch(struct gss_api_mech *, u32 pseudoflavor);
     79char *gss_service_to_auth_domain_name(struct gss_api_mech *, u32 service);
     80
     81struct pf_desc {
     82	u32	pseudoflavor;
     83	u32	qop;
     84	u32	service;
     85	char	*name;
     86	char	*auth_domain_name;
     87	struct auth_domain *domain;
     88	bool	datatouch;
     89};
     90
     91/* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
     92 * mechanisms may be dynamically registered or unregistered by modules. */
     93
     94/* Each mechanism is described by the following struct: */
     95struct gss_api_mech {
     96	struct list_head	gm_list;
     97	struct module		*gm_owner;
     98	struct rpcsec_gss_oid	gm_oid;
     99	char			*gm_name;
    100	const struct gss_api_ops *gm_ops;
    101	/* pseudoflavors supported by this mechanism: */
    102	int			gm_pf_num;
    103	struct pf_desc *	gm_pfs;
    104	/* Should the following be a callback operation instead? */
    105	const char		*gm_upcall_enctypes;
    106};
    107
    108/* and must provide the following operations: */
    109struct gss_api_ops {
    110	int (*gss_import_sec_context)(
    111			const void		*input_token,
    112			size_t			bufsize,
    113			struct gss_ctx		*ctx_id,
    114			time64_t		*endtime,
    115			gfp_t			gfp_mask);
    116	u32 (*gss_get_mic)(
    117			struct gss_ctx		*ctx_id,
    118			struct xdr_buf		*message,
    119			struct xdr_netobj	*mic_token);
    120	u32 (*gss_verify_mic)(
    121			struct gss_ctx		*ctx_id,
    122			struct xdr_buf		*message,
    123			struct xdr_netobj	*mic_token);
    124	u32 (*gss_wrap)(
    125			struct gss_ctx		*ctx_id,
    126			int			offset,
    127			struct xdr_buf		*outbuf,
    128			struct page		**inpages);
    129	u32 (*gss_unwrap)(
    130			struct gss_ctx		*ctx_id,
    131			int			offset,
    132			int			len,
    133			struct xdr_buf		*buf);
    134	void (*gss_delete_sec_context)(
    135			void			*internal_ctx_id);
    136};
    137
    138int gss_mech_register(struct gss_api_mech *);
    139void gss_mech_unregister(struct gss_api_mech *);
    140
    141/* returns a mechanism descriptor given an OID, and increments the mechanism's
    142 * reference count. */
    143struct gss_api_mech * gss_mech_get_by_OID(struct rpcsec_gss_oid *);
    144
    145/* Given a GSS security tuple, look up a pseudoflavor */
    146rpc_authflavor_t gss_mech_info2flavor(struct rpcsec_gss_info *);
    147
    148/* Given a pseudoflavor, look up a GSS security tuple */
    149int gss_mech_flavor2info(rpc_authflavor_t, struct rpcsec_gss_info *);
    150
    151/* Returns a reference to a mechanism, given a name like "krb5" etc. */
    152struct gss_api_mech *gss_mech_get_by_name(const char *);
    153
    154/* Similar, but get by pseudoflavor. */
    155struct gss_api_mech *gss_mech_get_by_pseudoflavor(u32);
    156
    157struct gss_api_mech * gss_mech_get(struct gss_api_mech *);
    158
    159/* For every successful gss_mech_get or gss_mech_get_by_* call there must be a
    160 * corresponding call to gss_mech_put. */
    161void gss_mech_put(struct gss_api_mech *);
    162
    163#endif /* _LINUX_SUNRPC_GSS_API_H */
    164