channel-bindings

Author: jake-desco

v3/channelbinding.go

@@ -3,11 +3,11 @@ package gssapi
 
 import "net"
 
-type gssAddressFamily int
+type GssAddressFamily int
 
 const (
-	GssAddrFamilyUNSPEC gssAddressFamily = 0
-	GssAddrFamilyLOCAL  gssAddressFamily = 1 << iota
+	GssAddrFamilyUNSPEC GssAddressFamily = 0
+	GssAddrFamilyLOCAL  GssAddressFamily = 1 << iota
 	GssAddrFamilyINET
 	GssAddrFamilyIMPLINK
 	GssAddrFamilyPUP

v3/provider.go

@@ -43,10 +43,11 @@ func NewProvider(name string) Provider {
 type QoP uint
 
 type InitSecContextOptions struct {
-	Credential Credential
-	Mech       GssMech
-	Flags      ContextFlag
-	Lifetime   time.Duration
+	Credential     Credential
+	Mech           GssMech
+	Flags          ContextFlag
+	Lifetime       time.Duration
+	ChannelBinding *ChannelBinding
 }
 
 type InitSecContextOption func(o *InitSecContextOptions)
@@ -75,6 +76,12 @@ func WithInitiatorLifetime(life time.Duration) InitSecContextOption {
 	}
 }
 
+func WithChannelBinding(cb *ChannelBinding) InitSecContextOption {
+	return func(o *InitSecContextOptions) {
+		o.ChannelBinding = cb
+	}
+}
+
 // Provider is the interface that defines the top level GSSAPI functions that
 // create name, credential and security contexts
 type Provider interface {
@@ -125,7 +132,7 @@ type Provider interface {
 	//
 	//   A partially established context may allow the creation of protected messages.
 	//   Check the [SecContextInfo.ProtectionReady] flag by calling [SecContext.Inquire()].
-	AcceptSecContext(cred Credential, inputToken []byte) (SecContext, []byte, error) // RFC 2743 § 2.2.2
+	AcceptSecContext(cred Credential, inputToken []byte, cb *ChannelBinding) (SecContext, []byte, error) // RFC 2743 § 2.2.2
 
 	// ImportSecContext corresponds to the GSS_Import_sec_context function from RFC 2743 § 2.2.9
 	// Parameters: