retval = decoder(&seqbuf,&element); \
if (retval) clean_return(retval)
-static void *
-array_expand (void *array, int n_elts, size_t elt_size)
-{
- size_t new_size;
-
- if (n_elts <= 0)
- return NULL;
- if ((unsigned int) n_elts > SIZE_MAX / elt_size)
- return NULL;
- new_size = n_elts * elt_size;
- if (new_size == 0)
- return NULL;
- if (new_size / elt_size != (unsigned int) n_elts)
- return NULL;
- return realloc(array, new_size);
-}
-
-#define array_append(array,size,element,type) \
- { \
- void *new_array = array_expand(*(array), (size)+2, sizeof(type*)); \
- if (new_array == NULL) clean_return(ENOMEM); \
- *(array) = new_array; \
- (*(array))[(size)++] = elt; \
- }
-
/*
* Function body for array decoders. freefn is expected to look like
* a krb5_free_ function, so we pass a null first argument.
free(array); \
return retval
+static void *
+array_expand (void *array, int n_elts, size_t elt_size)
+{
+ size_t new_size;
+
+ if (n_elts <= 0)
+ return NULL;
+ if ((unsigned int) n_elts > SIZE_MAX / elt_size)
+ return NULL;
+ new_size = n_elts * elt_size;
+ if (new_size == 0)
+ return NULL;
+ if (new_size / elt_size != (unsigned int) n_elts)
+ return NULL;
+ return realloc(array, new_size);
+}
+
+#define array_append(array,size,element,type) \
+ { \
+ void *new_array = array_expand(*(array), (size)+2, sizeof(type*)); \
+ if (new_array == NULL) clean_return(ENOMEM); \
+ *(array) = new_array; \
+ (*(array))[(size)++] = elt; \
+ }
+
+
static void
free_authdata_elt(void *dummy, krb5_authdata *val)
{
free_trusted_ca);
}
+static asn1_error_code
+asn1_decode_kdf_alg_id_ptr( asn1buf *buf,
+ krb5_octet_data **valptr)
+{
+ decode_ptr(krb5_octet_data *, asn1_decode_kdf_alg_id);
+}
+
asn1_error_code
asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val)
{
setup();
val->dhSignedData.data = NULL;
val->serverDHNonce.data = NULL;
+ val->kdfID = NULL;
{ begin_structure();
get_implicit_octet_string(val->dhSignedData.length, val->dhSignedData.data, 0);
opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, asn1_decode_octetstring);
+ opt_field(val->kdfID, 2, asn1_decode_kdf_alg_id_ptr, NULL);
end_structure();
}
return 0;
error_out:
free(val->dhSignedData.data);
free(val->serverDHNonce.data);
+ krb5_free_octet_data(NULL, val->kdfID);
+ val->kdfID = NULL;
val->dhSignedData.data = NULL;
val->serverDHNonce.data = NULL;
return retval;
{
decode_ptr(krb5_typed_data *, asn1_decode_typed_data);
}
+
+asn1_error_code
+asn1_decode_kdf_alg_id( asn1buf *buf, krb5_octet_data *val)
+{
+ setup();
+ val->data = NULL;
+ { begin_structure();
+ get_lenfield(val->length,val->data,0,asn1_decode_oid);
+ end_structure();
+ }
+ return 0;
+error_out:
+ free(val->data);
+ return retval;
+}
+
+ asn1_error_code
+asn1_decode_sequence_of_kdf_alg_id(asn1buf *buf,
+ krb5_octet_data ***val)
+{
+ decode_array_body(krb5_octet_data, asn1_decode_kdf_alg_id_ptr,
+ krb5_free_octet_data);
+}
val->pkAuthenticator.paChecksum.contents = NULL;
val->supportedCMSTypes = NULL;
val->clientDHNonce.data = NULL;
+ val->supportedKDFs = NULL;
{ begin_structure();
get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator);
if (tagnum == 1) {
} else val->supportedCMSTypes = NULL;
}
opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring);
- end_structure();
+ opt_field(val->supportedKDFs, 4, asn1_decode_sequence_of_kdf_alg_id, NULL);
+ end_structure();
}
return 0;
error_out:
free(val->supportedCMSTypes);
}
free(val->clientDHNonce.data);
+ if (val->supportedKDFs) {
+
+ for (i=0; val->supportedKDFs[i]; i++)
+ krb5_free_octet_data(NULL, val->supportedKDFs[i]);
+ free(val->supportedKDFs);
+ val->supportedKDFs = NULL;
+ }
val->clientPublicValue = NULL;
val->pkAuthenticator.paChecksum.contents = NULL;
val->supportedCMSTypes = NULL;
iakerb_finished_optional);
DEFFNXTYPE(algorithm_identifier, krb5_algorithm_identifier, asn1_encode_algorithm_identifier);
+DEFFNLENTYPE(object_identifier, asn1_octet *, asn1_encode_oid);
+DEFFIELDTYPE(oid_data, krb5_octet_data,
+ FIELDOF_STRING(krb5_octet_data,object_identifier, data, length, -1));
+DEFPTRTYPE(oid_data_ptr, oid_data);
+
+static const struct field_info kdf_alg_id_fields[] = {
+ FIELDOF_ENCODEAS(krb5_octet_data, oid_data, 0)
+};
+DEFSEQTYPE(kdf_alg_id, krb5_octet_data, kdf_alg_id_fields, NULL);
+DEFPTRTYPE(kdf_alg_id_ptr, kdf_alg_id);
+DEFNONEMPTYNULLTERMSEQOFTYPE(supported_kdfs, kdf_alg_id_ptr);
+DEFPTRTYPE(supported_kdfs_ptr, supported_kdfs);
+MAKE_ENCFN(asn1_encode_supported_kdfs,
+ supported_kdfs);
+MAKE_ENCFN(asn1_encode_kdf_alg_id, kdf_alg_id);
+
+
/* Krb5PrincipalName is defined in RFC 4556 and is *not* PrincipalName from RFC 4120*/
static const struct field_info pkinit_krb5_principal_name_fields[] = {
- FIELDOF_NORM(krb5_principal_data, gstring_data, realm, 0),
- FIELDOF_ENCODEAS(krb5_principal_data, principal_data, 1)
+ FIELDOF_NORM(krb5_principal_data, gstring_data, realm, 0),
+ FIELDOF_ENCODEAS(krb5_principal_data, principal_data, 1)
};
/* For SP80056A OtherInfo, for pkinit agility */
static const struct field_info sp80056a_other_info_fields[] = {
- FIELDOF_NORM(krb5_sp80056a_other_info, algorithm_identifier, algorithm_identifier, -1),
- FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_u_info, 0),
- FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_v_info, 1),
- FIELDOF_STRING(krb5_sp80056a_other_info, s_octetstring, supp_pub_info.data, supp_pub_info.length, 2),
+ FIELDOF_NORM(krb5_sp80056a_other_info, algorithm_identifier, algorithm_identifier, -1),
+ FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_u_info, 0),
+ FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_v_info, 1),
+ FIELDOF_STRING(krb5_sp80056a_other_info, s_octetstring, supp_pub_info.data, supp_pub_info.length, 2),
};
DEFSEQTYPE(sp80056a_other_info, krb5_sp80056a_other_info, sp80056a_other_info_fields, NULL);
/* For PkinitSuppPubInfo, for pkinit agility */
static const struct field_info pkinit_supp_pub_info_fields[] = {
- FIELDOF_NORM(krb5_pkinit_supp_pub_info, int32, enctype, 0),
- FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, as_req.data, as_req.length, 1),
- FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, pk_as_rep.data, pk_as_rep.length, 2),
- FIELDOF_NORM(krb5_pkinit_supp_pub_info, ticket_ptr, ticket, 3),
+ FIELDOF_NORM(krb5_pkinit_supp_pub_info, int32, enctype, 0),
+ FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, as_req.data, as_req.length, 1),
+ FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, pk_as_rep.data, pk_as_rep.length, 2),
+ FIELDOF_NORM(krb5_pkinit_supp_pub_info, ticket_ptr, ticket, 3),
};
DEFSEQTYPE(pkinit_supp_pub_info, krb5_pkinit_supp_pub_info, pkinit_supp_pub_info_fields, NULL);
{
asn1_setup();
+ if (val->supportedKDFs != NULL)
+ asn1_addfield( val->supportedKDFs, 4, asn1_encode_supported_kdfs);
if (val->clientDHNonce.length != 0)
asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring);
if (val->supportedCMSTypes != NULL)
{
asn1_setup();
+ if (val->kdfID)
+ asn1_addfield(val->kdfID, 2, asn1_encode_kdf_alg_id);
if (val->serverDHNonce.length != 0)
asn1_insert_implicit_octetstring(val->serverDHNonce.length,val->serverDHNonce.data,1);