import typing as t
from enum import IntEnum
from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
if t.TYPE_CHECKING:
from gssapi.raw.named_tuples import IOVUnwrapResult, WrapResult
from gssapi.raw.sec_contexts import SecurityContext
[docs]
class IOVBufferType(IntEnum):
"""
IOV Buffer Types
This IntEnum represent GSSAPI IOV buffer
types to be used with the IOV methods.
The numbers behind the values correspond directly
to their C counterparts.
"""
[docs]
empty = 0 #: GSS_IOV_BUFFER_TYPE_EMPTY
[docs]
data = 1 #: GSS_IOV_BUFFER_TYPE_DATA
[docs]
mech_params = 3 #: GSS_IOV_BUFFER_TYPE_MECH_PARAMS
[docs]
trailer = 7 #: GSS_IOV_BUFFER_TYPE_TRAILER
[docs]
padding = 9 #: GSS_IOV_BUFFER_TYPE_PADDING
[docs]
stream = 10 #: GSS_IOV_BUFFER_TYPE_STREAM
[docs]
sign_only = 11 #: GSS_IOV_BUFFER_TYPE_SIGN_ONLY
[docs]
mic_token = 12 #: GSS_IOV_BUFFER_TYPE_MIC_TOKEN
[docs]
class IOVBuffer(t.NamedTuple):
[docs]
allocate: t.Optional[bool]
[docs]
value: t.Optional[bytes]
[docs]
class IOV:
"""A GSSAPI IOV"""
def __init__(
self,
*args: t.Union[
IOVBuffer,
t.Tuple[
t.Union[IOVBufferType, int],
t.Optional[bool],
t.Optional[bytes]],
t.Tuple[
t.Union[IOVBufferType, int],
t.Optional[t.Union[bool, bytes]],
],
bytes,
t.Union[IOVBufferType, int],
],
std_layout: bool = True,
auto_alloc: bool = True,
) -> None: ...
def __getitem__(
self,
ind: int,
) -> IOVBuffer: ...
def __len__(self) -> int: ...
def __iter__(self) -> t.Iterator[IOVBuffer]: ...
def __contains__(
self,
item: IOVBuffer,
) -> bool: ...
def __reversed__(self) -> t.Iterator[IOVBuffer]: ...
[docs]
def index(
self,
value: t.Any,
) -> int: ...
[docs]
def count(
self,
value: t.Any,
) -> int: ...
[docs]
def wrap_iov(
context: "SecurityContext",
message: IOV,
confidential: bool = True,
qop: t.Optional[int] = None,
) -> bool:
"""Wrap/Encrypt an IOV message.
This method wraps or encrypts an IOV message. The allocate
parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
indicates whether or not that particular buffer should be
automatically allocated (for use with padding, header, and
trailer buffers).
Warning:
This modifies the input :class:`IOV`.
Args:
context (~gssapi.raw.sec_contexts.SecurityContext): the current
security context
message (IOV): an :class:`IOV` containing the message
confidential (bool): whether or not to encrypt the miovessage (True),
or just wrap it with a MIC (False)
qop (int): the desired Quality of Protection
(or None for the default QoP)
Returns:
bool: whether or not confidentiality was actually used
Raises:
~gssapi.exceptions.GSSError
"""
[docs]
def unwrap_iov(
context: "SecurityContext",
message: IOV,
) -> "IOVUnwrapResult":
"""Unwrap/Decrypt an IOV message.
This method uwraps or decrypts an IOV message. The allocate
parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
indicates whether or not that particular buffer should be
automatically allocated (for use with padding, header, and
trailer buffers).
As a special case, you may pass an entire IOV message
as a single 'stream'. In this case, pass a buffer type
of :attr:`IOVBufferType.stream` followed by a buffer type of
:attr:`IOVBufferType.data`. The former should contain the
entire IOV message, while the latter should be empty.
Warning:
This modifies the input :class:`IOV`.
Args:
context (~gssapi.raw.sec_contexts.SecurityContext): the current
security context
message (IOV): an :class:`IOV` containing the message
Returns:
IOVUnwrapResult: whether or not confidentiality was used,
and the QoP used.
Raises:
~gssapi.exceptions.GSSError
"""
[docs]
def wrap_iov_length(
context: "SecurityContext",
message: IOV,
confidential: bool = True,
qop: t.Optional[int] = None,
) -> "WrapResult":
"""Appropriately size padding, trailer, and header IOV buffers.
This method sets the length values on the IOV buffers. You
should already have data provided for the data (and sign-only)
buffer(s) so that padding lengths can be appropriately computed.
In Python terms, this will result in an appropriately sized
`bytes` object consisting of all zeros.
Warning:
This modifies the input :class:`IOV`.
Args:
context (~gssapi.raw.sec_contexts.SecurityContext): the current
security context
message (IOV): an :class:`IOV` containing the message
Returns:
WrapResult: a list of :class:IOVBuffer` objects, and whether or not
encryption was actually used
Raises:
~gssapi.exceptions.GSSError
"""