Grid Community Toolkit  6.2.1629922860 (tag: v6.2.20210826)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
gssapi_openssl.h
Go to the documentation of this file.
1 /*
2  * Copyright 1999-2006 University of Chicago
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef GSSAPI_OPENSSL_H
18 #define GSSAPI_OPENSSL_H
19 
26 #include <stdbool.h>
27 
28 #include "globus_config.h"
29 #include "globus_common.h"
30 
31 #include "gssapi.h"
33 
34 #include "globus_gsi_callback.h"
35 #include "globus_gsi_proxy.h"
36 #include "globus_gsi_credential.h"
37 
38 #include <stdio.h>
39 #include "openssl/ssl.h"
40 #include "openssl/err.h"
41 #include "openssl/bio.h"
42 #include "openssl/pem.h"
43 #include "openssl/x509.h"
44 #include "openssl/x509v3.h"
45 #include "openssl/stack.h"
46 
47 #define GLOBUS_I_GSI_GSSAPI_IMPL_VERSION 1
48 
49 #define GSS_I_CTX_INITIALIZED 1
50 #define GSS_I_DISALLOW_ENCRYPTION 2
51 #define GSS_I_PROTECTION_FAIL_ON_CONTEXT_EXPIRATION 4
52 #define GSS_I_APPLICATION_WILL_HANDLE_EXTENSIONS 8
53 
54 #define GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG 1
55 
56 /*
57  * we need to distinguish between a token
58  * created by us using get_mic vs one using
59  * the SSL application data
60  * We use this in wrap and unwrap
61  * Future versions of SSL may use this
62  *
63  * Our wrapped buffer (integrity only) has
64  *
65  * byte type[1] = SSL3_RT_GSSAPI_OPENSSL
66  * byte version_major[1] = 0x03
67  * byte version_minor[1] = 0
68  * byte mic_length[2] = 2 byte length of following mic
69  *
70  * byte mic_seq[8] = 8 byte sequence number
71  * byte mic_data_length[4] = 4 byte length of data
72  * byte hash[*] = the hash of variable length
73  *
74  * byte data[*] = the data being wrapped.
75  */
76 
77 #define SSL3_RT_GSSAPI_OPENSSL 26
78 
79 /* These conversions macros are taken from SSL */
80 
81 #define L2N(LONG_VAL, CHAR_ARRAY) \
82  { \
83  unsigned char * _char_array_ = CHAR_ARRAY; \
84  *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
85  *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
86  *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \
87  *(_char_array_++) = (unsigned char) (((LONG_VAL)) & 0xff); \
88  }
89 
90 #define N2L(CHAR_ARRAY, LONG_VAL) \
91  { \
92  const unsigned char * _char_array_ = CHAR_ARRAY; \
93  (LONG_VAL) = ((*(_char_array_++)) << 24) & 0xff000000; \
94  (LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
95  (LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
96  (LONG_VAL) |= ((*(_char_array_++)) & 0xff); \
97  }
98 
99 #define N2S(CHAR_ARRAY, SHORT) \
100  { \
101  char * _char_array_ = CHAR_ARRAY; \
102  (SHORT) = ((unsigned int) (*(_char_array_++))) << 8; \
103  (SHORT) |= ((unsigned int) (*(_char_array_++))); \
104  }
105 
106 #define S2N(SHORT, CHAR_ARRAY) \
107  { \
108  char * _char_array_ = CHAR_ARRAY; \
109  *(_char_array_++) = (unsigned char) (((SHORT) >> 8) & 0xff); \
110  *(_char_array_++) = (unsigned char) ((SHORT) & 0xff); \
111  }
112 
113 #define U642N(U64VAL, CHAR_ARRAY) \
114  { \
115  unsigned char * _char_array_ = CHAR_ARRAY; \
116  *(_char_array_++) = (unsigned char) (((U64VAL) >> 56) & 0xff); \
117  *(_char_array_++) = (unsigned char) (((U64VAL) >> 48) & 0xff); \
118  *(_char_array_++) = (unsigned char) (((U64VAL) >> 40) & 0xff); \
119  *(_char_array_++) = (unsigned char) (((U64VAL) >> 32) & 0xff); \
120  *(_char_array_++) = (unsigned char) (((U64VAL) >> 24) & 0xff); \
121  *(_char_array_++) = (unsigned char) (((U64VAL) >> 16) & 0xff); \
122  *(_char_array_++) = (unsigned char) (((U64VAL) >> 8) & 0xff); \
123  *(_char_array_++) = (unsigned char) (((U64VAL) ) & 0xff); \
124  }
125 
126 #define N2U64(CHAR_ARRAY, U64VAL) \
127  { \
128  const unsigned char * _char_array_ = CHAR_ARRAY; \
129  uint64_t _u64val_ = 0; \
130  _u64val_ = (((uint64_t)(*(_char_array_++))) << 56) & 0xff00000000000000; \
131  _u64val_ = (((uint64_t)(*(_char_array_++))) << 48) & 0xff000000000000; \
132  _u64val_ = (((uint64_t)(*(_char_array_++))) << 40) & 0xff0000000000; \
133  _u64val_ = (((uint64_t)(*(_char_array_++))) << 32) & 0xff00000000; \
134  _u64val_ = (((uint64_t)(*(_char_array_++))) << 24) & 0xff000000; \
135  _u64val_ = (((uint64_t)(*(_char_array_++))) << 16) & 0xff0000; \
136  _u64val_ = (((uint64_t)(*(_char_array_++))) << 8) & 0xff00; \
137  _u64val_ = (((uint64_t)(*(_char_array_++))) ) & 0xff; \
138  (U64VAL) = _u64val_; \
139  }
140 /* Compare OIDs */
141 
142 #define g_OID_equal(o1, o2) \
143  (((o1) == (o2)) || \
144  ((o1) && (o2) && \
145  ((o1)->length == (o2)->length) && \
146  (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)))
147 
148 typedef struct gss_name_desc_struct {
149  /* gss_buffer_desc name_buffer ; */
150  gss_OID name_oid;
151 
152  X509_NAME * x509n;
153  char * x509n_oneline;
154  GENERAL_NAMES * subjectAltNames;
155  char * user_name;
156  char * service_name;
157  char * host_name;
158  char * ip_address;
159  char * ip_name;
160 } gss_name_desc;
161 
162 
163 typedef struct gss_cred_id_desc_struct {
164  globus_gsi_cred_handle_t cred_handle;
165  gss_name_desc * globusid;
166  gss_cred_usage_t cred_usage;
167  SSL_CTX * ssl_context;
168  gss_OID mech;
169 } gss_cred_id_desc;
170 
171 typedef struct gss_ctx_id_desc_struct{
172  globus_mutex_t mutex;
173  globus_gsi_callback_data_t callback_data;
174  gss_cred_id_desc * peer_cred_handle;
175  gss_cred_id_desc * cred_handle;
176  gss_cred_id_desc * deleg_cred_handle;
177  globus_gsi_proxy_handle_t proxy_handle;
178  OM_uint32 ret_flags;
179  OM_uint32 req_flags;
180  OM_uint32 ctx_flags;
181  int cred_obtained;
182  gss_OID mech;
183 #if OPENSSL_VERSION_NUMBER >= 0x10000100L
184 
185  uint64_t mac_read_sequence;
187  uint64_t mac_write_sequence;
189  unsigned char * mac_key;
194  unsigned char * mac_iv_fixed;
195 #endif
196  SSL * gss_ssl;
197  BIO * gss_rbio;
198  BIO * gss_wbio;
199  BIO * gss_sslbio;
200  gss_con_st_t gss_state;
201  int locally_initiated;
202  gss_delegation_state_t delegation_state;
203  gss_OID_set extension_oids;
204  gss_cred_id_t *sni_credentials;
205  bool sni_credentials_obtained;
206  size_t sni_credentials_count;
207  char *sni_servername;
208  unsigned char *alpn;
209  size_t alpn_length;
210 } gss_ctx_id_desc;
211 
212 extern
213 const gss_OID_desc * const gss_mech_globus_gssapi_openssl;
214 
215 extern
216 const gss_OID_desc * const gss_mech_globus_gssapi_openssl_micv2;
217 
218 extern
219 const gss_OID_desc * const gss_proxycertinfo_extension;
220 
221 extern
222 gss_OID_desc * gss_nt_host_ip;
223 
224 extern
225 gss_OID_desc * gss_nt_x509;
226 
227 extern
228 const gss_OID_desc * const gss_ext_server_name_oid;
229 
230 extern
231 const gss_OID_desc * const gss_ext_alpn_oid;
232 
233 extern
234 const gss_OID_desc * const gss_ext_tls_version_oid;
235 
236 extern
237 const gss_OID_desc * const gss_ext_tls_cipher_oid;
238 
239 extern
240 globus_bool_t globus_i_backward_compatible_mic;
241 extern
242 globus_bool_t globus_i_accept_backward_compatible_mic;
243 
244 #define GLOBUS_GSS_C_NT_HOST_IP gss_nt_host_ip
245 #define GLOBUS_GSS_C_NT_X509 gss_nt_x509
246 
247 extern
249 
250 void
251 globus_l_gsi_gssapi_activate_once(void);
252 
253 OM_uint32
255  OM_uint32 *minor_status,
256  const gss_ctx_id_t context_handle,
257  const EVP_MD ** hash,
258  const EVP_CIPHER ** cipher);
259 
260 
261 OM_uint32
262 globus_i_gssapi_gsi_gmac(
263  OM_uint32 * minor_status,
264  const EVP_CIPHER * evp_cipher,
265  const unsigned char * iv,
266  const unsigned char * key,
267  const gss_buffer_desc *message_buffer,
268  unsigned char tag[static 16]);
269 
270 #endif /* GSSAPI_OPENSSL_H */
Globus GSI Credential Library.
gss_delegation_state_t
Delegation State Type.
Definition: globus_gsi_gss_constants.h:112
Globus GSI Callback.
globus_thread_once_t once_control
Definition: module.c:121
gss_con_st_t
Connection State Type.
Definition: globus_gsi_gss_constants.h:98
Globus GSI Proxy API.
Globus Platform Configuration.
int globus_bool_t
Boolean type.
Definition: globus_types.h:93
struct globus_l_gsi_cred_handle_s * globus_gsi_cred_handle_t
Definition: globus_gsi_credential.h:162
struct globus_l_gsi_proxy_handle_s * globus_gsi_proxy_handle_t
GSI Proxy Handle.
Definition: globus_gsi_proxy.h:137
Thread once structure.
Definition: globus_thread.h:226
Mutex.
Definition: globus_thread.h:107
Globus GSI GSS constants.
Headers common to all of Globus.
OM_uint32 globus_i_gss_get_hash(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const EVP_MD **hash, const EVP_CIPHER **cipher)
Find the hash and cipher functions used by a context.
Definition: get_hash.c:24
struct globus_l_gsi_callback_data_s * globus_gsi_callback_data_t
Definition: globus_gsi_callback.h:121