NETWORK WORKING GROUP J. Luciani INTERNET-DRAFT Novell, Inc. Expires: June 24, 2005 December 22, 2004 GSS-API V2: Java & C# Bindings draft-ietf-kitten-gssapi-rfc2853-update-for-csharp-00 Status of this Memo This document is an Internet-Draft and is subject to all provisions of section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she become aware will be disclosed, in accordance with RFC 3668. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on May 26, 2005. Copyright Notice Copyright (C) The Internet Society (2004). Abstract The Generic Security Services Application Program Interface (GSS-API) offers application programmers uniform access to security services atop a variety of underlying cryptographic mechanisms. This document proposes an update to Generic Security Service API Version 2: Java Bindings [RFC2853], to include C# bindings. The proposed updates are documented as additions to be merged into section 4 of RFC 2853. Luciani Expires June 24 2005 [Page 1] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Additions to Section 4 of RFC 2853 . . . . . . . . . . . . . . . 4 2.1 New Section 4.17 - Title: C# Modifications . . . . . . . . 4 2.2 New Section 4.17.1 - Title: C# Assembly Name . . . . . . . 4 2.3 New Section 4.17.2 - Title: C# Class Definitions . . . . . 4 2.4 New Section 4.17.3 - Title: C# Data Types. . . . . . . . . 4 2.5 New Section 4.17.4 - Title: C# Exception Handling. . . . . 4 2.6 New Section 4.17.5: Title: C# Example Code . . . . . . . . 5 3. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . . 9 4. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . 9 5. Normative References . . . . . . . . . . . . . . . . . . . . . . 9 6. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 7. Intellectual Property Statement. . . . . . . . . . . . . . . . 10 8. Disclaimer of Validity . . . . . . . . . . . . . . . . . . . . 10 9. Copyright Statement . . . . . . . . . . . . . . . . . . . . . . 10 Luciani Expires June 24, 2005 [Page 2] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 1. Introduction This document specifies modifications to RFC 2853, Generic Security Service API Version 2: Java Bindings, that will allow it to also document C# bindings for GSS-API V2. The C# language has recently gained much popularity with the advent of the .NET and the Mono frameworks. The C# GSS-API bindings aim to allow C# application developers to leverage the security services of the API from within those frameworks. The design goal of the C# GSS-API was to adhere to the definition of the Java GSS-API as much as possible to leverage the work that has been done on it and to ease the transition of Java application developers to the C# environment. The following section describes additions that when merged with the contents of RFC 2853 should result in a document that covers both the Java and C# bindings of GSS-API [RFC2743]. Luciani Expires June 24, 2005 [Page 3] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 2.0 Additions to Section 4 of RFC 2853 2.1 New Section 4.17 - Title: C# Modifications This section describes the language dependent modifications necessary to implement the interface in C#. 2.2 New Section 4.17.1 - Title: C# Assembly Name The C# namespace is org.ietf.gss. See section 4.17.5 for an example. 2.3 New Section 4.17.2 - Title: C# Class Definitions All class definitions & methods remain the same as specified in the Java bindings. 2.4 New Section 4.17.3 - Title: C# Data Types All data types remain the same. 2.5 New Section 4.17.4 - Title: C# Exception Handling All exception codes remain the same as specified in the Java bindings. However, C# does not have a 'throws' statement. Therefore, method prototypes do not include the exception type. For example, Java method prototype : public abstract GSSName createName(String nameStr, Oid nameType) throws GSSException; Equivalent C# method prototype : public abstract GSSName createName(String nameStr, Oid nameType); C# does implement the throw and catch keywords, for example: public class GSSName createName(String nameStr, Oid nameType) { int majorCode = 0; ... majorCode = validateParms(nameStr, nameType); if (majorCode) throw new GSSException(majorCode); ... } Luciani Expires June 24, 2005 [Page 4] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 2.6 New Section 4.17.5: Title: C# Example Code Client example : using ietf.org.gss; class GssapiClient { private static TcpClient client; private static NetworkStream stream; static void Main(string[] args) { Connect("127.0.0.1", "message from client"); try { GSSManager manager = GSSManager.getInstance(); Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2"); Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1"); // Optionally Identify who the client wishes to be // GSSName name = manager.createName("test@gsserver", // GSSName.NT_USER_NAME); // Obtain default credential GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY); GSSName name = userCreds.getName(krb5PrincipalNameType); Console.WriteLine( "Just acquired credentials for " + name.toString()); int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4")); int initLife = userCreds.getRemainingInitLifetime(new Oid("1..3.")); int remLife = userCreds.getRemainingLifetime(); int usage = userCreds.getUsage(); GSSName namea = userCreds.getName(); Oid[] oa = userCreds.getMechs(); Luciani Expires June 24, 2005 [Page 5] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 // Instantiate and initialize a security context that will be // established with the server GSSContext context = manager.createContext(name, krb5Mechanism, userCreds, GSSContext.DEFAULT_LIFETIME); userCreds.dispose(); // Optionally Set Context Options, must be done // before iniSecContext call. context.requestMutualAuth(true); context.requestConf(true); context.requestInteg(true); context.requestSequenceDet(true); context.requestCredDeleg(true); MemoryStream ins = new MemoryStream(); MemoryStream outs = new MemoryStream(); // loop until context is setup and no more tokens to receive while (!context.isEstablished()) { outs = new MemoryStream(); context.initSecContext(ins, outs); // send token if present if (outs.Length > 0) { Console.WriteLine("Sending token..."); sendToken(outs); } // check if we should expect more tokens if (context.isEstablished()) break; // another token expected from peer Console.WriteLine( "Still expecting another token from server..."); ins = recvToken(); } // // display context information // Luciani Expires June 24, 2005 [Page 6] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 // Did the server authenticate back to client? Console.WriteLine("\n{0} Mutual Authentication", context.getMutualAuthState() ? "Using" : "Not using"); Console.WriteLine("Credentials were delegated = " + context.getCredDelegState()); Console.WriteLine("Remaining lifetime in seconds = " + context.getLifetime()); Console.WriteLine("Context mechanism = " + context.getMech()); Console.WriteLine("Initiator = " + context.getSrcName().toString()); Console.WriteLine("Acceptor = " + context.getTargName().toString()); Console.WriteLine("Confidentiality (i.e., privacy) is {0}available", context.getConfState() ? "" : "not "); Console.WriteLine("Integrity is {0}available", context.getIntegState() ? "" : "not "); Console.WriteLine("Is initiator = " + context.isInitiator()); Console.WriteLine("Is transferable = " + context.isTransferable()); Console.WriteLine("Is protReady = " + context.isProtReady()); Console.WriteLine("ReplayDetState = " + context.getReplayDetState()); Console.WriteLine("SequenceDetState = " + context.getSequenceDetState()); // perform wrap on an application supplied message // using QOP = 0, and requesting privacy service MessageProp msgProp = new MessageProp(0, true); byte [] message = System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!"); byte [] token = System.Text.Encoding.ASCII.GetBytes("tok"); // Byte aray method is equivalent to stream method //byte []token = context.wrap(message, 0, appMsg.length, msgProp); //sendToken(token); ins = new MemoryStream(); outs = new MemoryStream(); ins.Write(token, 0, token.Length); context.getMIC(ins, outs, msgProp); sendToken(outs); Luciani Expires June 24, 2005 [Page 7] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 outs = new MemoryStream(); outs.Write(message, 0, message.Length); sendToken(outs); ins = new MemoryStream(); outs = new MemoryStream(); ins.Write(message, 0, message.Length); context.wrap(ins, outs, msgProp); sendToken(outs); // Optionally export context to another thead GSSContext ctx = manager.createContext(context.export()); Console.WriteLine("New context isTransferable = " + ctx.isTransferable()); Console.WriteLine("New context isInitiator = " + ctx.isInitiator()); Console.WriteLine("New context protReady = " + ctx.isProtReady()); Console.WriteLine("New context srcName = " + ctx.getSrcName().toString()); Console.WriteLine("New context targName = " + ctx.getTargName().toString()); // release the local-end of the context ctx.dispose(); stream.Close(); Console.WriteLine("Leaving..."); } catch (GSSException e) { Console.WriteLine(e.getMessage()); Console.WriteLine(e.StackTrace); } } Luciani Expires June 24, 2005 [Page 8] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 3. IANA Considerations This document has no actions for IANA. 4. Acknowledgments The author would like to thank the following: Corby Morris who wrote the original version of this document and is the creator of the C# GSS-API bindings. Jeff Altman for his support and suggestions. Kabat, J. and Upadhyay, M. for writing the Generic Security Service API Version 2 : Java Bindings specification [RFC2743] that constitutes the basis of this work. Funding for the RFC Editor function is currently provided by the Internet Society. 5. Normative References [RFC2743] Linn, J., "Generic Security Service Application Program Interface Version 2, Update 1", RFC 2743, January 2000. [RFC2853] Kabat, J. and Upadhyay, M., "Generic Security Service API Version 2 : Java Bindings", RFC 2853, June 2000. 6. Authors' Addresses Juan Carlos Luciani Novell, Inc. 1800 South Novell Place Provo, Utah 84606 US EMail: jluciani@novell.com Luciani Expires June 24, 2005 [Page 9] Internet-Draft GSS-API V2: Java & C# Bindings December 2004 7. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. 8. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 9. Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Luciani Expires June 24, 2005 [Page 10]