1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
import typing as t
from enum import IntEnum
from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
if t.TYPE_CHECKING:
from gssapi.raw.named_tuples import IOVUnwrapResult, WrapResult
from gssapi.raw.sec_contexts import SecurityContext
class IOVBufferType(IntEnum):
"""
IOV Buffer Types
This IntEnum represent GSSAPI IOV buffer
types to be used with the IOV methods.
The numbers behind the values correspond directly
to their C counterparts.
"""
empty = 0 #: GSS_IOV_BUFFER_TYPE_EMPTY
data = 1 #: GSS_IOV_BUFFER_TYPE_DATA
header = 2 #: GSS_IOV_BUFFER_TYPE_HEADER
mech_params = 3 #: GSS_IOV_BUFFER_TYPE_MECH_PARAMS
trailer = 7 #: GSS_IOV_BUFFER_TYPE_TRAILER
padding = 9 #: GSS_IOV_BUFFER_TYPE_PADDING
stream = 10 #: GSS_IOV_BUFFER_TYPE_STREAM
sign_only = 11 #: GSS_IOV_BUFFER_TYPE_SIGN_ONLY
mic_token = 12 #: GSS_IOV_BUFFER_TYPE_MIC_TOKEN
class IOVBuffer(t.NamedTuple):
type: IOVBufferType
allocate: t.Optional[bool]
value: t.Optional[bytes]
class IOV:
"""A GSSAPI IOV"""
def __init__(
self,
*args: t.Union[
IOVBuffer,
t.Tuple[
t.Union[IOVBufferType, int],
t.Optional[bool],
t.Optional[bytes]],
t.Tuple[
t.Union[IOVBufferType, int],
t.Optional[t.Union[bool, bytes]],
],
bytes,
t.Union[IOVBufferType, int],
],
std_layout: bool = True,
auto_alloc: bool = True,
) -> None: ...
def __getitem__(
self,
ind: int,
) -> IOVBuffer: ...
def __len__(self) -> int: ...
def __iter__(self) -> t.Iterator[IOVBuffer]: ...
def __contains__(
self,
item: IOVBuffer,
) -> bool: ...
def __reversed__(self) -> t.Iterator[IOVBuffer]: ...
def index(
self,
value: t.Any,
) -> int: ...
def count(
self,
value: t.Any,
) -> int: ...
def wrap_iov(
context: "SecurityContext",
message: IOV,
confidential: bool = True,
qop: t.Optional[int] = None,
) -> bool:
"""Wrap/Encrypt an IOV message.
This method wraps or encrypts an IOV message. The allocate
parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
indicates whether or not that particular buffer should be
automatically allocated (for use with padding, header, and
trailer buffers).
Warning:
This modifies the input :class:`IOV`.
Args:
context (~gssapi.raw.sec_contexts.SecurityContext): the current
security context
message (IOV): an :class:`IOV` containing the message
confidential (bool): whether or not to encrypt the miovessage (True),
or just wrap it with a MIC (False)
qop (int): the desired Quality of Protection
(or None for the default QoP)
Returns:
bool: whether or not confidentiality was actually used
Raises:
~gssapi.exceptions.GSSError
"""
def unwrap_iov(
context: "SecurityContext",
message: IOV,
) -> "IOVUnwrapResult":
"""Unwrap/Decrypt an IOV message.
This method uwraps or decrypts an IOV message. The allocate
parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
indicates whether or not that particular buffer should be
automatically allocated (for use with padding, header, and
trailer buffers).
As a special case, you may pass an entire IOV message
as a single 'stream'. In this case, pass a buffer type
of :attr:`IOVBufferType.stream` followed by a buffer type of
:attr:`IOVBufferType.data`. The former should contain the
entire IOV message, while the latter should be empty.
Warning:
This modifies the input :class:`IOV`.
Args:
context (~gssapi.raw.sec_contexts.SecurityContext): the current
security context
message (IOV): an :class:`IOV` containing the message
Returns:
IOVUnwrapResult: whether or not confidentiality was used,
and the QoP used.
Raises:
~gssapi.exceptions.GSSError
"""
def wrap_iov_length(
context: "SecurityContext",
message: IOV,
confidential: bool = True,
qop: t.Optional[int] = None,
) -> "WrapResult":
"""Appropriately size padding, trailer, and header IOV buffers.
This method sets the length values on the IOV buffers. You
should already have data provided for the data (and sign-only)
buffer(s) so that padding lengths can be appropriately computed.
In Python terms, this will result in an appropriately sized
`bytes` object consisting of all zeros.
Warning:
This modifies the input :class:`IOV`.
Args:
context (~gssapi.raw.sec_contexts.SecurityContext): the current
security context
message (IOV): an :class:`IOV` containing the message
Returns:
WrapResult: a list of :class:IOVBuffer` objects, and whether or not
encryption was actually used
Raises:
~gssapi.exceptions.GSSError
"""
|
