Remove the ticket from the pkinit-alg-agility KDF function, to match
authorSam Hartman <hartmans@mit.edu>
Mon, 19 Sep 2011 00:58:38 +0000 (00:58 +0000)
committerSam Hartman <hartmans@mit.edu>
Mon, 19 Sep 2011 00:58:38 +0000 (00:58 +0000)
agreed changes to the IETF specification.  Includes removing a parameter from
the KDF function, removing the ticket from the ASN.1 encoder, and updating
the test code.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970

src/include/k5-int-pkinit.h
src/lib/krb5/asn.1/asn1_k_encode.c
src/plugins/preauth/pkinit/pkinit_crypto.h
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
src/plugins/preauth/pkinit/pkinit_kdf_test.c

index 4f22cddb660c54fa7d09bdfe08683f865ca32b09..8490f82d919f0a348d32964dab876be943d1c527 100644 (file)
@@ -188,7 +188,6 @@ typedef struct _krb5_pkinit_supp_pub_info {
     krb5_enctype      enctype;
     krb5_octet_data   as_req;
     krb5_octet_data   pk_as_rep;
-    krb5_ticket *ticket;
 } krb5_pkinit_supp_pub_info;
 
 /*
index 9d06de109cfc81930d83a5c325c8cf78d9e7b57a..2c7c43a832f842975f4116c853d9a29831abc219 100644 (file)
@@ -1466,7 +1466,6 @@ static const struct field_info pkinit_supp_pub_info_fields[] = {
     FIELDOF_NORM(krb5_pkinit_supp_pub_info, int32, enctype, 0),
     FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, as_req.data, as_req.length, 1),
     FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, pk_as_rep.data, pk_as_rep.length, 2),
-    FIELDOF_NORM(krb5_pkinit_supp_pub_info, ticket_ptr, ticket, 3),
 };
 
 DEFSEQTYPE(pkinit_supp_pub_info, krb5_pkinit_supp_pub_info, pkinit_supp_pub_info_fields, NULL);
index e69fce3ea8529f0490d66977b61a8be5be62cd7b..528caecfb33e649848ec6fca8806366e7a4e9de7 100644 (file)
@@ -640,7 +640,6 @@ pkinit_alg_agility_kdf(krb5_context context,
                        krb5_enctype enctype,
                        krb5_octet_data *as_req,
                        krb5_octet_data *pk_as_rep,
-                       const krb5_ticket  *ticket,
                        krb5_keyblock *key_block);
 
 extern const krb5_octet krb5_pkinit_sha1_oid[];
index 509f8b6e42c01e0fe81c1c557670074e9f0324cd..6f7b8bc28e339ca127419162b08842948ab4bd9e 100644 (file)
@@ -2103,8 +2103,7 @@ pkinit_octetstring2key(krb5_context context,
                        unsigned char *key,
                        unsigned int dh_key_len,
                        krb5_keyblock *key_block)
-{
-    krb5_error_code retval;
+{   krb5_error_code retval;
     unsigned char *buf = NULL;
     unsigned char md[SHA_DIGEST_LENGTH];
     unsigned char counter;
@@ -2233,7 +2232,6 @@ pkinit_alg_agility_kdf(krb5_context context,
                        krb5_enctype enctype,
                        krb5_octet_data *as_req,
                        krb5_octet_data *pk_as_rep,
-                       const krb5_ticket *ticket,
                        krb5_keyblock *key_block)
 {
     krb5_error_code retval = 0;
@@ -2292,7 +2290,6 @@ pkinit_alg_agility_kdf(krb5_context context,
     supp_pub_info_fields.enctype = enctype;
     supp_pub_info_fields.as_req = *as_req;
     supp_pub_info_fields.pk_as_rep = *pk_as_rep;
-    supp_pub_info_fields.ticket = (krb5_ticket *) ticket;
     if (0 != ((retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields,
                                                          &supp_pub_info))))
         goto cleanup;
index 1d659bfeac8ff17a4bcd227f1d96025f4c7a13c1..036d9e2582da702713d26e02fcc44c4fb7ebe244 100644 (file)
@@ -59,26 +59,11 @@ char party_u_name [] = "lha@SU.SE";
 char party_v_name [] = "krbtgt/SU.SE@SU.SE";
 int enctype_value = 18;
 krb5_octet key_hex [] =
-  {0xC7, 0x62, 0x89, 0xEC, 0x4B, 0x28, 0xA6, 0x91,
-   0xFF, 0xCE, 0x80, 0xBB, 0xB7, 0xEC, 0x82, 0x41,
-   0x52, 0x3F, 0x99, 0xB1, 0x90, 0xCF, 0x2D, 0x34,
-   0x8F, 0x54, 0xA8, 0x65, 0x81, 0x2C, 0x32, 0x73};
+  {0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B,
+   0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D,
+   0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E,
+   0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD};
 const krb5_data lha_data = DATA_FROM_STRING("lha");
-const krb5_principal_data ticket_server = {
-    0, /*magic*/
-    DATA_FROM_STRING("SU.SE"),
-    (krb5_data *) &lha_data,
-    1, 1};
-const krb5_ticket test_ticket = {
-    KV5M_TICKET,
-    (krb5_principal) &ticket_server,
-    {0, /*magic*/
-     18,
-     0,
-     DATA_FROM_STRING("hejhej") },
-    NULL};
-
-
 
 int
 main (int argc,
@@ -122,11 +107,11 @@ main (int argc,
 
     /* set-up the partyUInfo and partyVInfo principals */
     if ((0 != (retval = krb5_parse_name(context, party_u_name,
-                                       &u_principal)))
-       (0 != (retval = krb5_parse_name(context, party_v_name,
-                                       &v_principal)))) {
+                                        &u_principal)))
+        (0 != (retval = krb5_parse_name(context, party_v_name,
+                                        &v_principal)))) {
       printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d",
-            retval);
+             retval);
       goto cleanup;
     }
 
@@ -142,20 +127,20 @@ main (int argc,
     /* set-up the key_block */
     if (0 != (retval = krb5_init_keyblock(context, enctype, max_keylen,
                                           &key_block_ptr))) {
-         printf("ERROR in pkinit_kdf_test: can't init keybloc, retval = %d",
-                retval);
-         goto cleanup;
+          printf("ERROR in pkinit_kdf_test: can't init keybloc, retval = %d",
+                 retval);
+          goto cleanup;
 
-       }
+        }
 
-    /* call krb5_pkinit_alg_agility_kdf() with test vector values*/
+    /* call pkinit_alg_agility_kdf() with test vector values*/
     if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm,
-                                             u_principal, v_principal,
-                                             enctype, &as_req, &pk_as_rep,
-                                             &test_ticket, &key_block))) {
+                                              u_principal, v_principal,
+                                              enctype, &as_req, &pk_as_rep,
+                                              &key_block))) {
         printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d",
-              retval);
-       goto cleanup;
+               retval);
+        goto cleanup;
     }
 
     /* compare key to expected key value */
@@ -171,13 +156,13 @@ main (int argc,
         }
 
     cleanup:
-       /* release all allocated resources, whether good or bad return */
-       if (secret.data)
-         free(secret.data);
-       if (u_principal)
-         free(u_principal);
-       if (v_principal)
-         free(v_principal);
-               krb5_free_keyblock_contents(context, &key_block);
-       exit(retval);
+        /* release all allocated resources, whether good or bad return */
+        if (secret.data)
+          free(secret.data);
+        if (u_principal)
+          free(u_principal);
+        if (v_principal)
+          free(v_principal);
+                krb5_free_keyblock_contents(context, &key_block);
+        exit(retval);
 }