gss: SAnon - the Simple Anonymous GSS-API mechanism

Add support for SAnon, a simple key agreement protocol that provides no
authentication of initiator or acceptor using x25519 ECDH key exchange.
See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol
description.

lib/gssapi/test_context.c

@@ -56,6 +56,7 @@ static int iov_flag = 0;
 static int aead_flag = 0;
 static int getverifymic_flag = 0;
 static int deleg_flag = 0;
+static int anon_flag = 0;
 static int policy_deleg_flag = 0;
 static int server_no_deleg_flag = 0;
 static int ei_cred_flag = 0;
@@ -71,6 +72,7 @@ static char *limit_enctype_string = NULL;
 static int version_flag = 0;
 static int verbose_flag = 0;
 static int help_flag	= 0;
+static char *channel_bindings = NULL;
 
 static krb5_context context;
 static krb5_enctype limit_enctype = 0;
@@ -86,6 +88,7 @@ static struct {
     { "spnego", NULL /* GSS_SPNEGO_MECHANISM */ },
     { "ntlm", NULL /* GSS_NTLM_MECHANISM */ },
     { "sasl-digest-md5", NULL /* GSS_SASL_DIGEST_MD5_MECHANISM */ },
+    { "sanon-x25519", NULL /* GSS_SASL_SANON_X25519_MECHANISM */ },
     { "test_negoex_1", NULL },
     { "test_negoex_2", NULL },
 };
@@ -97,8 +100,9 @@ init_o2n(void)
     o2n[1].oid = GSS_SPNEGO_MECHANISM;
     o2n[2].oid = GSS_NTLM_MECHANISM;
     o2n[3].oid = GSS_SASL_DIGEST_MD5_MECHANISM;
-    o2n[4].oid = &test_negoex_1_mech;
-    o2n[5].oid = &test_negoex_2_mech;
+    o2n[4].oid = GSS_SANON_X25519_MECHANISM;
+    o2n[5].oid = &test_negoex_1_mech;
+    o2n[6].oid = &test_negoex_2_mech;
 }
 
 static gss_OID
@@ -168,6 +172,8 @@ loop(gss_OID mechoid,
     OM_uint32 flags = 0, ret_cflags, ret_sflags;
     gss_OID actual_mech_client;
     gss_OID actual_mech_server;
+    struct gss_channel_bindings_struct channel_bindings_data;
+    gss_channel_bindings_t channel_bindings_p = GSS_C_NO_CHANNEL_BINDINGS;
 
     *actual_mech = GSS_C_NO_OID;
 
@@ -177,6 +183,8 @@ loop(gss_OID mechoid,
 
     if (mutual_auth_flag)
 	flags |= GSS_C_MUTUAL_FLAG;
+    if (anon_flag)
+	flags |= GSS_C_ANON_FLAG;
     if (dce_style_flag)
 	flags |= GSS_C_DCE_STYLE;
     if (deleg_flag)
@@ -197,6 +205,12 @@ loop(gss_OID mechoid,
     input_token.length = 0;
     input_token.value = NULL;
 
+    if (channel_bindings) {
+	channel_bindings_data.application_data.length = strlen(channel_bindings);
+	channel_bindings_data.application_data.value = channel_bindings;
+	channel_bindings_p = &channel_bindings_data;
+    }
+
     while (!server_done || !client_done) {
 	num_loops++;
 
@@ -209,7 +223,7 @@ loop(gss_OID mechoid,
 					mechoid,
 					flags,
 					0,
-					NULL,
+					channel_bindings_p,
 					&input_token,
 					&actual_mech_client,
 					&output_token,
@@ -237,7 +251,7 @@ loop(gss_OID mechoid,
 					  sctx,
 					  GSS_C_NO_CREDENTIAL,
 					  &output_token,
-					  GSS_C_NO_CHANNEL_BINDINGS,
+					  channel_bindings_p,
 					  &src_name,
 					  &actual_mech_server,
 					  &input_token,
@@ -328,6 +342,34 @@ loop(gss_OID mechoid,
 	printf("server time offset: %d\n", server_time_offset);
 	printf("client time offset: %d\n", client_time_offset);
 	printf("num loops %d\n", num_loops);
+	printf("flags: ");
+	if (ret_cflags & GSS_C_DELEG_FLAG)
+	    printf("deleg ");
+	if (ret_cflags & GSS_C_MUTUAL_FLAG)
+	    printf("mutual ");
+	if (ret_cflags & GSS_C_REPLAY_FLAG)
+	    printf("replay ");
+	if (ret_cflags & GSS_C_SEQUENCE_FLAG)
+	    printf("sequence ");
+	if (ret_cflags & GSS_C_CONF_FLAG)
+	    printf("conf ");
+	if (ret_cflags & GSS_C_INTEG_FLAG)
+	    printf("integ ");
+	if (ret_cflags & GSS_C_ANON_FLAG)
+	    printf("anon ");
+	if (ret_cflags & GSS_C_PROT_READY_FLAG)
+	    printf("prot-ready ");
+	if (ret_cflags & GSS_C_TRANS_FLAG)
+	    printf("trans ");
+	if (ret_cflags & GSS_C_DCE_STYLE)
+	    printf("dce-style ");
+	if (ret_cflags & GSS_C_IDENTIFY_FLAG)
+	    printf("identify " );
+	if (ret_cflags & GSS_C_EXTENDED_ERROR_FLAG)
+	    printf("extended-error " );
+	if (ret_cflags & GSS_C_DELEG_POLICY_FLAG)
+	    printf("deleg-policy " );
+	printf("\n");
     }
 }
 
@@ -625,6 +667,8 @@ static struct getargs args[] = {
     {"client-keytab",0, arg_string,	&client_keytab, "client keytab", NULL },
     {"client-name", 0,  arg_string,     &client_name, "client name", NULL },
     {"client-password", 0,  arg_string, &client_password, "client password", NULL },
+    {"anonymous", 0,	arg_flag,	&anon_flag, "anonymous auth", NULL },
+    {"channel-bindings", 0, arg_string,	&channel_bindings, "channel binding data", NULL },
     {"limit-enctype",0,	arg_string,	&limit_enctype_string, "enctype", NULL },
     {"dce-style",0,	arg_flag,	&dce_style_flag, "dce-style", NULL },
     {"wrapunwrap",0,	arg_flag,	&wrapunwrap_flag, "wrap/unwrap", NULL },
@@ -668,7 +712,7 @@ main(int argc, char **argv)
     gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL;
     gss_name_t cname = GSS_C_NO_NAME;
     gss_buffer_desc credential_data = GSS_C_EMPTY_BUFFER;
-    gss_OID_desc oids[6];
+    gss_OID_desc oids[7];
     gss_OID_set_desc mechoid_descs;
     gss_OID_set mechoids = GSS_C_NO_OID_SET;
     gss_key_value_element_desc client_cred_elements[2];
@@ -824,7 +868,7 @@ main(int argc, char **argv)
 					 &client_cred,
 					 &actual_mechs,
 					 NULL);
-	if (GSS_ERROR(maj_stat))
+	if (GSS_ERROR(maj_stat) && !anon_flag)
 	    errx(1, "gss_acquire_cred: %s",
 		 gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
     }
@@ -840,6 +884,17 @@ main(int argc, char **argv)
 	printf("\n");
     }
 
+    if (gss_oid_equal(mechoid, GSS_SPNEGO_MECHANISM) && mechs_string) {
+	maj_stat = gss_set_neg_mechs(&min_stat, client_cred, mechoids);
+	if (GSS_ERROR(maj_stat))
+	    errx(1, "gss_set_neg_mechs: %s",
+		 gssapi_err(maj_stat, min_stat, GSS_SPNEGO_MECHANISM));
+
+        mechoid_descs.elements = GSS_SPNEGO_MECHANISM;
+        mechoid_descs.count = 1;
+        mechoids = &mechoid_descs;
+    }
+
     if (ei_cred_flag) {
 	gss_cred_id_t cred2 = GSS_C_NO_CREDENTIAL;
 	gss_buffer_desc cb;