Added underlying ASN.1 structures for pkinit algorithm agility
authorSam Hartman <hartmans@mit.edu>
Mon, 19 Sep 2011 00:34:52 +0000 (00:34 +0000)
committerSam Hartman <hartmans@mit.edu>
Mon, 19 Sep 2011 00:34:52 +0000 (00:34 +0000)
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
tested-by: Sam Hartman <hartmans@debian.org>
fixes-from: Sam Hartman <hartmans@debian.org>

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970

src/include/k5-int-pkinit.h
src/lib/krb5/asn.1/asn1_k_encode.c
src/lib/krb5/libkrb5.exports

index 0c5ab0e0e786fa47af02caa9886b790e61c5bb52..47e16e1c34287699196e0d32e7c368bd706208ad 100644 (file)
@@ -173,6 +173,22 @@ typedef struct _krb5_pa_pk_as_rep {
     } u;
 } krb5_pa_pk_as_rep;
 
+/* SP80056A OtherInfo, for pkinit algorithm agility */
+typedef struct _krb5_sp80056a_other_info {
+    krb5_algorithm_identifier algorithm_identifier;
+    krb5_principal  party_u_info;
+    krb5_principal  party_v_info;
+    krb5_data supp_pub_info;
+} krb5_sp80056a_other_info;
+
+/* PkinitSuppPubInfo, for pkinit algorithm agility */
+typedef struct _krb5_pkinit_supp_pub_info {
+    krb5_enctype      enctype;
+    krb5_octet_data   as_req;
+    krb5_octet_data   pk_as_rep;
+    krb5_ticket *ticket;
+} krb5_pkinit_supp_pub_info;
+
 /*
  * Begin "asn1.h"
  */
@@ -223,6 +239,12 @@ krb5_error_code
 encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **,
                              krb5_data **code);
 
+krb5_error_code
+encode_krb5_sp80056a_other_info(const krb5_sp80056a_other_info *,  krb5_data **);
+
+krb5_error_code
+encode_krb5_pkinit_supp_pub_info(const krb5_pkinit_supp_pub_info *, krb5_data **);
+
 /*************************************************************************
  * Prototypes for pkinit asn.1 decode routines
  *************************************************************************/
index fffe9474c1d2520247ad37342d0b1f6e9ef80988..7bca6d23b682847b213d2c179e3a3b40a3e1591e 100644 (file)
@@ -1421,6 +1421,39 @@ static unsigned int iakerb_finished_optional(const void *p)
 DEFSEQTYPE(iakerb_finished, krb5_iakerb_finished, iakerb_finished_fields,
            iakerb_finished_optional);
 
+DEFFNXTYPE(algorithm_identifier, krb5_algorithm_identifier, asn1_encode_algorithm_identifier);
+/* Krb5PrincipalName is defined in RFC 4556 and is *not* PrincipalName from RFC 4120*/
+static const struct field_info pkinit_krb5_principal_name_fields[] = {
+  FIELDOF_NORM(krb5_principal_data, gstring_data, realm, 0),
+  FIELDOF_ENCODEAS(krb5_principal_data, principal_data, 1)
+};
+
+
+DEFSEQTYPE(pkinit_krb5_principal_name_data, krb5_principal_data, pkinit_krb5_principal_name_fields, NULL);
+DEFPTRTYPE(pkinit_krb5_principal_name, pkinit_krb5_principal_name_data);
+DEFOCTETWRAPTYPE(pkinit_krb5_principal_name_wrapped, pkinit_krb5_principal_name);
+
+
+/* For SP80056A OtherInfo, for pkinit agility */
+static const struct field_info sp80056a_other_info_fields[] = {
+  FIELDOF_NORM(krb5_sp80056a_other_info, algorithm_identifier, algorithm_identifier, -1),
+  FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_u_info, 0),
+  FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_v_info, 1),
+  FIELDOF_STRING(krb5_sp80056a_other_info, s_octetstring, supp_pub_info.data, supp_pub_info.length, 2),
+};
+
+DEFSEQTYPE(sp80056a_other_info, krb5_sp80056a_other_info, sp80056a_other_info_fields, NULL);
+
+/* For PkinitSuppPubInfo, for pkinit agility */
+static const struct field_info pkinit_supp_pub_info_fields[] = {
+  FIELDOF_NORM(krb5_pkinit_supp_pub_info, int32, enctype, 0),
+  FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, as_req.data, as_req.length, 1),
+  FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, pk_as_rep.data, pk_as_rep.length, 2),
+  FIELDOF_NORM(krb5_pkinit_supp_pub_info, ticket_ptr, ticket, 3),
+};
+
+DEFSEQTYPE(pkinit_supp_pub_info, krb5_pkinit_supp_pub_info, pkinit_supp_pub_info_fields, NULL);
+
 /* Exported complete encoders -- these produce a krb5_data with
    the encoding in the correct byte order.  */
 
@@ -1499,9 +1532,8 @@ MAKE_FULL_ENCODER(encode_krb5_ad_signedpath_data, ad_signedpath_data);
 MAKE_FULL_ENCODER(encode_krb5_ad_signedpath, ad_signedpath);
 MAKE_FULL_ENCODER(encode_krb5_iakerb_header, iakerb_header);
 MAKE_FULL_ENCODER(encode_krb5_iakerb_finished, iakerb_finished);
-
-
-
+MAKE_FULL_ENCODER(encode_krb5_pkinit_supp_pub_info, pkinit_supp_pub_info);
+MAKE_FULL_ENCODER(encode_krb5_sp80056a_other_info, sp80056a_other_info);
 
 /*
  * PKINIT
index cff9d396d52eb6d0f63002f2cd8e99fba8dc3618..2637712b90b0f89d068847242846451e2bdf8c76 100644 (file)
@@ -79,6 +79,7 @@ encode_krb5_pa_s4u_x509_user
 encode_krb5_pa_server_referral_data
 encode_krb5_pa_svr_referral_data
 encode_krb5_padata_sequence
+encode_krb5_pkinit_supp_pub_info
 encode_krb5_predicted_sam_response
 encode_krb5_priv
 encode_krb5_pwd_data
@@ -91,6 +92,7 @@ encode_krb5_sam_challenge_2_body
 encode_krb5_sam_key
 encode_krb5_sam_response
 encode_krb5_sam_response_2
+encode_krb5_sp80056a_other_info
 encode_krb5_tgs_rep
 encode_krb5_tgs_req
 encode_krb5_ticket