rfc2479.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

         -- perform (i.e., create) non-repudiable "proof of delivery"




Adams                        Informational                     [Page 17]

RFC 2479                      IDUP-GSS-API                 December 1998


      REC_CONF = { 1.3.6.1.5.7.1.2 }
         -- receive data confidentiality (i.e., decrypt data)
      REC_CONF_FULL = { 1.3.6.1.5.7.1.4 }
         -- receive full confidentiality (i.e., decrypt data and sig)
         -- (may be used only when REC_DOA is received simultaneously)
      REC_DOA  = { 1.3.6.1.5.7.3.2 }
         -- receive / verify DOA with data integrity
      REC_DOA_CIPH  = { 1.3.6.1.5.7.3.4 }
         -- verify DOA with DI over ciphertext (rather than plaintext)
         -- (may be used only when PER_CONF is received simultaneously)
      REC_POO  = { 1.3.6.1.5.7.4.2 }
         -- receive / verify "proof of origin"
      REC_POD  = { 1.3.6.1.5.7.4.4 }
         -- receive / verify "proof of delivery"
      TTIME    = { 1.3.6.1.5.7.7.1 }
         -- trusted time availability
      UTIME    = { 1.3.6.1.5.7.7.2 }
         -- untrusted time availability

   The PER_CONF return value (in the ret_services paramater) indicates
   whether the environment supports confidentiality services, and so
   informs the caller whether or not a request for encryption can be
   honored.  In similar fashion, the PER_DOA return value indicates
   whether DOA services are available in the established environment,
   and the PER_POO and PER_POD return values indicate whether evidence
   generation services are available.  The TTIME and UTIME values
   indicate whether trusted time and untrusted time are available for
   protection / unprotection services.

   Note that, unlike a GSS "context", an IDUP environment does not have
   an explicit lifetime associated with it.  Instead, it relies on the
   lifetime of the calling entity's credential (set by the caller in the
   GSS_Acquire_cred() call).  When the credential expires (or is
   explicitly deleted in any other way), no new operations are allowed
   in the IDUP environment (although operations which have begun, such
   as the Protection set of calls, can be taken to completion).















Adams                        Informational                     [Page 18]

RFC 2479                      IDUP-GSS-API                 December 1998


2.2.3. IDUP_Abolish_Env call

   Input:
   o  env_handle ENVIRONMENT HANDLE

   Outputs:
   o  major_status INTEGER,
   o  minor_status INTEGER,

   Return major_status codes:
   o  GSS_S_COMPLETE
      -- the relevant environment-specific information was flushed.
   o  IDUP_S_NO_ENV
   o  GSS_S_FAILURE

   This call is made to flush environment-specific information. (Once an
   environment is established, cached credential and environment-related
   info. is expected to be retained until an IDUP_Abolish_Env() call is
   made or until the cred. lifetime expires.)  Attempts to perform IDU
   processing on a deleted environment will result in error returns.

2.2.4. IDUP_Inquire_Env call

   Input:
   o  env_handle ENVIRONMENT HANDLE,

   Outputs:
   o  major_status INTEGER,
   o  minor_status INTEGER,
   o  mech_type OBJECT IDENTIFIER,
      -- the mechanism supporting this environment
   o  environmentPolicies EnvironmentPolicies,
      -- the environment policies in effect
   o  ret_services SET OF OBJECT IDENTIFIER,

   Return major_status codes:
   o  GSS_S_COMPLETE
      -- referenced environment is valid and mech_type and other return
      -- values describe the characteristics of the environment.
   o  GSS_S_CREDENTIALS_EXPIRED
   o  IDUP_S_NO_ENV
   o  GSS_S_FAILURE

   This routine provides environment-related information to the caller.







Adams                        Informational                     [Page 19]

RFC 2479                      IDUP-GSS-API                 December 1998


2.3.  Per-IDU calls

   This group of calls is used to perform IDU protection and
   unprotection processing on an established IDUP environment. Some of
   these calls may block pending network interactions (depending on the
   underlying mechanism in use).  These calls may be invoked by an IDU's
   protector or by the P-IDU's recipient.  Members of this group form
   pairs; the output from the protection types of calls is typically
   meant to be input to the unprotection types of calls.

   The per-IDU calls can support caller-requested data origin
   authentication with data integrity, confidentiality with data
   integrity, evidence, and evidence-requested-from-target services.

   The protection operations output a token which encapsulates all the
   information required to unprotect the IDU.  The token is passed to
   the target (possibly separate from the M-IDU) and is processed by the
   unprotection calls at that system.  Unprotection performs
   decipherment, DOA verification, evidence verification, or
   notification of evidence requested, as required.

   Each of the two main operations (protection and unprotection) may be
   separated into three parts:  "Start_Operation"; "Operation" (which
   may be called once for each buffer of input data); and
   "End_Operation".  This separation is available for the case where the
   IDU or P-IDU is to be processed one buffer at a time.
   "Start_Operation" allows the caller to specify or retrieve the
   appropriate "Quality" used during the processing.  "Operation" is
   concerned with the processing itself, receiving a buffer of input
   data and potentially returning a buffer of output data.
   "End_Operation" performs any required clean-up and creates the
   appropriate token or states whether the input token was verified.

   If the IDU or P-IDU is wholly contained in a single buffer, the
   three-part protection/unprotection processing need not be done.
   Instead, protection or unprotection can be accomplished using only a
   single call, simplifying application code.

2.3.1.  Relationship to GSS-API

   The set of calls described in this section is used in place of the
   calls GSS_GetMIC(), GSS_VerifyMIC, GSS_Wrap(), and GSS_Unwrap() which
   are specified in [RFC-2078], since those calls are specific to a
   session-oriented environment.







Adams                        Informational                     [Page 20]

RFC 2479                      IDUP-GSS-API                 December 1998


2.3.2.  The "SE" Calls

2.3.2.1. IDUP_SE Purpose

   The "SE" group of calls provides a very simple, high-level interface
   to underlying IDUP mechanisms when application developers need access
   only to signature and encryption protection/unprotection services.
   It includes both the single-buffer and multiple-buffer IDU cases and
   can be used for signing only, encrypting only, signing and encrypting
   (in either order, and with or without visibility of the resulting
   signature), and "clear signing" (where the data is not modified in
   any way and the signature itself is returned as a separate item).
   [Note that encapsulation occurs in all cases except for clear
   signing, so that these calls provide functionality similar to the
   GSS_Wrap call.]

   Note that the term "signing" is used in its most generic sense, not
   necessarily implying the use of public-key techniques.  This concept
   has also been called "sealing" in other contexts (e.g., in other
   standardization efforts).

   The SE calls may be viewed by mechanism implementors as an "API" to
   the more powerful GP calls defined later and so may be implemented as
   simple mapping functions to those calls (when those optional calls
   are supported).  Application callers, on the other hand, may find
   that the SE calls are all they currently need for many environments.
   At some time in the future when they have need of non-repudiation or
   "directed receipts" types of services, they may consider using the EV
   calls (or the GP calls -- when these are supported -- if complex and
   sophisticated combinations of services are required).  To assist in
   this migration path, mechanism implementors are encouraged to support
   the full set of IDUP calls (i.e., the SE, EV, and GP calls) even
   though some calling applications will only use the SE calls in the
   short term.

2.3.2.2. IDUP_SE Parameter Bundles

   The concept of "parameter bundles" is used in the calls presented in
   the following subsections in order to simplify their presentation and
   clarify their intended purpose and use.  See Section 2.3.4.1 for a
   more complete description of parameter bundles.

   The following parameter bundles are used in the "SE" protection and
   unprotection sets of calls.







Adams                        Informational                     [Page 21]

RFC 2479                      IDUP-GSS-API                 December 1998


   o  Protect_Options PARAMETER BUNDLE
      o  protect_operation  INTEGER {
            sign_only              (0),
            encrypt_only           (1),
            sign_and_encrypt       (2),
            -- let mechanism choose order (and readability of signature)
            sign_then_encrypt_data (3),
            -- sign, then encrypt plaintext (leaving signature in clear)
            sign_then_encrypt_full (4),
            -- sign, then encrypt everything (including signature)
            encrypt_then_sign      (5),
            -- encrypt, then sign the ciphertext
            clear_sign_only        (6)
         } OPTIONAL,
      o  protect_oper_oid   OBJECT IDENTIFIER OPTIONAL,
         -- may be used in place of above parameter if OID is known
      o  sign_qop_alg      UNSIGNED INTEGER,
      o  sign_qop_algID    AlgorithmIdentifier, --overrides sign_qop_alg
      o  enc_qop_alg       UNSIGNED INTEGER,
      o  enc_qop_algID     AlgorithmIdentifier, --overrides enc_qop_alg
      o  idu_type_string    OCTET STRING,
         -- type of the IDU ("data", "e-mail doc", MIME type, etc.)
      o  pidu_type_string   OCTET STRING,
      o  mech_indep_encap_req BOOLEAN -- (see Appendix A)

   o  PIDU_Information PARAMETER BUNDLE
      o  protect_options    Protect_Options,
      o  originator_name    INTERNAL NAME,
      o  originator_role    Originator_Role, -- (see Section 2.3.4.1)
      o  protection_time    INTEGER,
   o  Bad_Target_Name PARAMETER BUNDLE,  -- same as in Section 2.3.3.2
      o  bad_targ_name     INTERNAL NAME,
      o  bad_targ_status   INTEGER,
         -- a status flag giving the reason for rejection of the name
         -- in bad_targ_name.  Specified reasons include:
         --  SYNTAX_INVALID        (0) the syntax of the name is invalid;
         --  NAME_UNRECOGNIZED     (1) the name is not recognized;
         --  NAME_AMBIGUOUS        (2) the name cannot be resolved;
         --  ACCESS_DENIED         (3) access to this target is denied;
         --  CERTIFICATE_NOT_FOUND (4) the encryption certificate of the
                                      target could not be found.

   o  Target_Info PARAMETER BUNDLE,      -- same as in Section 2.3.3.2
      o  targ_names        SET OF INTERNAL NAME,
      o  bad_targ_count    INTEGER,
      o  bad_target_names  SET OF Bad_Target_Name,





Adams                        Informational                     [Page 22]

RFC 2479                      IDUP-GSS-API                 December 1998


2.3.2.3. IDUP_SE major_status codes

   The following major_status return codes are defined for the "SE"
   calls in this section:

   o  GSS_S_COMPLETE
   o  IDUP_S_MORE_OUTBUFFER_NEEDED
      -- returned (by any SE call) to indicate that there is more output
      -- data than can fit into the supplied buffers.  The application
      -- should save the returned data and call again to retrieve the
      -- remaining output.
   o  IDUP_S_MORE_PIDU_NEEDED
      -- indicates that more PIDU data is needed for the StartUnprotect
      -- operation (e.g., so that PIDU_Information or initial_idu_buffer
      -- may be returned).
   o  IDUP_S_INCONSISTENT_PARAMS
   o  GSS_S_CREDENTIALS_EXPIRED
   o  IDUP_S_NO_ENV
   o  GSS_S_BAD_QOP
   o  GSS_S_FAILURE

   If Target_Info is used as an input parameter (e.g., if an encryption
   operation is being performed), the following major_status return code
   is also defined:

   o  IDUP_S_BAD_TARG_INFO