passwd-sequence[1] SEQUENCE OF PasswdSequence
}
+-- encodings from
+-- Integrating Single-use Authentication Mechanisms with Kerberos
+
+PA-SAM-CHALLENGE ::= SEQUENCE {
+ sam-type[0] INTEGER,
+ sam-flags[1] SAMFlags,
+ sam-type-name[2] GeneralString OPTIONAL,
+ sam-track-id[3] GeneralString OPTIONAL,
+ sam-challenge-label[4] GeneralString OPTIONAL,
+ sam-challenge[5] GeneralString OPTIONAL,
+ sam-response-prompt[6] GeneralString OPTIONAL,
+ sam-pk-for-sad[7] EncryptionKey OPTIONAL,
+ sam-nonce[8] INTEGER OPTIONAL,
+ sam-cksum[9] Checksum OPTIONAL
+}
+
+-- these are [0].. [2] in the draft
+SAMFlags ::= BIT STRING {
+ use-sad-as-key(0),
+ send-encrypted-sad(1),
+ must-pk-encrypt-sad(2)
+}
+
+PA-SAM-RESPONSE ::= SEQUENCE {
+ sam-type[0] INTEGER,
+ sam-flags[1] SAMFlags,
+ sam-track-id[2] GeneralString OPTIONAL,
+ -- sam-enc-key is reserved for future use, so I'm making it OPTIONAL - mwe
+ sam-enc-key[3] EncryptedData
+ -- PA-ENC-SAM-KEY,
+ sam-enc-nonce-or-ts[4] EncryptedData
+ -- PA-ENC-SAM-RESPONSE-ENC,
+ sam-nonce[5] INTEGER OPTIONAL,
+ sam-patimestamp[6] KerberosTime OPTIONAL
+}
+
+PA-ENC-SAM-KEY ::= SEQUENCE {
+ sam-key[0] EncryptionKey
+}
+
+PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
+ sam-nonce[0] INTEGER OPTIONAL,
+ sam-timestamp[1] KerberosTime OPTIONAL,
+ sam-usec[2] INTEGER OPTIONAL,
+ sam-passcode[3] GeneralString OPTIONAL
+}
END
if(tagnum < (tagexpect)) return ASN1_MISPLACED_FIELD;\
get_lenfield_body(len,var,decoder)
+#define opt_lenfield(len,var,tagexpect,decoder)\
+if(tagnum == (tagexpect)){\
+ get_lenfield_body(len,var,decoder); }\
+else { len = 0; var = 0; }
#define begin_structure()\
{
decode_array_body(passwd_phrase_element,asn1_decode_passwdsequence);
}
+
+asn1_error_code asn1_decode_sam_flags(buf,val)
+ asn1buf * buf;
+ krb5_flags *val;
+{ return asn1_decode_krb5_flags(buf,val); }
+
+#define opt_string(val,n,fn) opt_lenfield((val).length,(val).data,n,fn)
+#define opt_cksum(var,tagexpect,decoder)\
+if(tagnum == (tagexpect)){\
+ get_field_body(var,decoder); }\
+else var.length = 0
+
+asn1_error_code asn1_decode_sam_challenge(buf,val)
+ asn1buf * buf;
+ krb5_sam_challenge *val;
+{
+ setup();
+ { begin_structure();
+ get_field(val->sam_type,0,asn1_decode_int32);
+ get_field(val->sam_flags,1,asn1_decode_sam_flags);
+ opt_string(val->sam_type_name,2,asn1_decode_charstring);
+ opt_string(val->sam_track_id,3,asn1_decode_charstring);
+ opt_string(val->sam_challenge_label,4,asn1_decode_charstring);
+ opt_string(val->sam_challenge,5,asn1_decode_charstring);
+ opt_string(val->sam_response_prompt,6,asn1_decode_charstring);
+ opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring);
+ opt_field(val->sam_nonce,8,asn1_decode_int32,0);
+ opt_cksum(val->sam_cksum,9,asn1_decode_checksum);
+ end_structure();
+ val->magic = KV5M_SAM_CHALLENGE;
+ }
+ cleanup();
+}
+asn1_error_code asn1_decode_enc_sam_key(buf, val)
+ asn1buf * buf;
+ krb5_sam_key * val;
+{
+ setup();
+ { begin_structure();
+ /* alloc_field(val->sam_key,krb5_keyblock); */
+ get_field(val->sam_key,0,asn1_decode_encryption_key);
+ end_structure();
+ val->magic = KV5M_SAM_KEY;
+ }
+ cleanup();
+}
+
+asn1_error_code asn1_decode_enc_sam_response_enc(buf, val)
+ asn1buf * buf;
+ krb5_enc_sam_response_enc * val;
+{
+ setup();
+ { begin_structure();
+ opt_field(val->sam_nonce,0,asn1_decode_int32,0);
+ opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0);
+ opt_field(val->sam_usec,2,asn1_decode_int32,0);
+ opt_string(val->sam_passcode,3,asn1_decode_charstring);
+ end_structure();
+ val->magic = KV5M_ENC_SAM_RESPONSE_ENC;
+ }
+ cleanup();
+}
+
+#define opt_encfield(fld,tag,fn) \
+ if(tagnum == tag){ \
+ get_field(fld,tag,fn); } \
+ else{\
+ fld.magic = 0;\
+ fld.enctype = 0;\
+ fld.kvno = 0;\
+ fld.ciphertext.data = NULL;\
+ fld.ciphertext.length = 0;\
+ }
+
+asn1_error_code asn1_decode_sam_response(buf, val)
+ asn1buf * buf;
+ krb5_sam_response * val;
+{
+ setup();
+ { begin_structure();
+ get_field(val->sam_type,0,asn1_decode_int32);
+ get_field(val->sam_flags,1,asn1_decode_sam_flags);
+ opt_string(val->sam_track_id,2,asn1_decode_charstring);
+ opt_encfield(val->sam_enc_key,3,asn1_decode_encrypted_data);
+ get_field(val->sam_enc_nonce_or_ts,4,asn1_decode_encrypted_data);
+ opt_field(val->sam_nonce,5,asn1_decode_int32,0);
+ opt_field(val->sam_patimestamp,6,asn1_decode_kerberos_time,0);
+ end_structure();
+ val->magic = KV5M_SAM_RESPONSE;
+ }
+ cleanup();
+}
+
+
+asn1_error_code asn1_decode_predicted_sam_response(buf, val)
+ asn1buf * buf;
+ krb5_predicted_sam_response * val;
+{
+ setup();
+ { begin_structure();
+ get_field(val->sam_key,0,asn1_decode_encryption_key);
+ end_structure();
+ val->magic = KV5M_PREDICTED_SAM_RESPONSE;
+ }
+ cleanup();
+}
asn1_cleanup();
}
+asn1_error_code asn1_encode_sam_flags(buf, val, retlen)
+ asn1buf * buf;
+ const krb5_flags val;
+ int * retlen;
+{
+ return asn1_encode_krb5_flags(buf,val,retlen);
+}
+
+#define add_optstring(val,n,fn) \
+ if ((val).length >= 0) {asn1_addlenfield((val).length,(val).data,n,fn);}
+
+asn1_error_code asn1_encode_sam_challenge(buf, val, retlen)
+ asn1buf * buf;
+ const krb5_sam_challenge * val;
+ int * retlen;
+{
+ asn1_setup();
+ /* possibly wrong */
+ if (val->sam_cksum.length)
+ asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum);
+
+ if (val->sam_nonce)
+ asn1_addfield(val->sam_nonce,8,asn1_encode_integer);
+
+ add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring);
+ add_optstring(val->sam_response_prompt,6,asn1_encode_charstring);
+ add_optstring(val->sam_challenge,5,asn1_encode_charstring);
+ add_optstring(val->sam_challenge_label,4,asn1_encode_charstring);
+ add_optstring(val->sam_track_id,3,asn1_encode_charstring);
+ add_optstring(val->sam_type_name,2,asn1_encode_charstring);
+
+ asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags);
+ asn1_addfield(val->sam_type,0,asn1_encode_integer);
+
+ asn1_makeseq();
+ asn1_cleanup();
+}
+
+asn1_error_code asn1_encode_sam_key(buf, val, retlen)
+ asn1buf * buf;
+ const krb5_sam_key * val;
+ int * retlen;
+{
+ asn1_setup();
+ asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key);
+
+ asn1_makeseq();
+
+ asn1_cleanup();
+}
+
+
+asn1_error_code asn1_encode_enc_sam_response_enc(buf, val, retlen)
+ asn1buf * buf;
+ const krb5_enc_sam_response_enc * val;
+ int * retlen;
+{
+ asn1_setup();
+ add_optstring(val->sam_passcode,3,asn1_encode_charstring);
+ asn1_addfield(val->sam_usec,2,asn1_encode_integer);
+ asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time);
+ asn1_addfield(val->sam_nonce,0,asn1_encode_integer);
+
+ asn1_makeseq();
+
+ asn1_cleanup();
+}
+
+asn1_error_code asn1_encode_sam_response(buf, val, retlen)
+ asn1buf * buf;
+ const krb5_sam_response * val;
+ int * retlen;
+{
+ asn1_setup();
+
+ if (val->sam_patimestamp)
+ asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time);
+ if (val->sam_nonce)
+ asn1_addfield(val->sam_nonce,5,asn1_encode_integer);
+ asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data);
+ if (val->sam_enc_key.ciphertext.length)
+ asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data);
+ add_optstring(val->sam_track_id,2,asn1_encode_charstring);
+ asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags);
+ asn1_addfield(val->sam_type,0,asn1_encode_integer);
+
+ asn1_makeseq();
+
+ asn1_cleanup();
+}
+
+asn1_error_code asn1_encode_predicted_sam_response(buf, val, retlen)
+ asn1buf * buf;
+ const krb5_predicted_sam_response * val;
+ int * retlen;
+{
+ asn1_setup();
+
+ asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key);
+
+ asn1_makeseq();
+
+ asn1_cleanup();
+}
cleanup(free);
}
+krb5_error_code decode_krb5_sam_challenge(code, rep)
+ const krb5_data * code;
+ krb5_sam_challenge **rep;
+{
+ setup_buf_only();
+ alloc_field(*rep,krb5_sam_challenge);
+
+ retval = asn1_decode_sam_challenge(&buf,*rep);
+ if(retval) clean_return(retval);
+
+ cleanup(free);
+}
+
+krb5_error_code decode_krb5_enc_sam_key(code, rep)
+ const krb5_data * code;
+ krb5_sam_key **rep;
+{
+ setup_buf_only();
+ alloc_field(*rep,krb5_sam_key);
+
+ retval = asn1_decode_enc_sam_key(&buf,*rep);
+ if(retval) clean_return(retval);
+
+ cleanup(free);
+}
+
+krb5_error_code decode_krb5_enc_sam_response_enc(code, rep)
+ const krb5_data * code;
+ krb5_enc_sam_response_enc **rep;
+{
+ setup_buf_only();
+ alloc_field(*rep,krb5_enc_sam_response_enc);
+
+ retval = asn1_decode_enc_sam_response_enc(&buf,*rep);
+ if(retval) clean_return(retval);
+
+ cleanup(free);
+}
+
+krb5_error_code decode_krb5_sam_response(code, rep)
+ const krb5_data * code;
+ krb5_sam_response **rep;
+{
+ setup_buf_only();
+ alloc_field(*rep,krb5_sam_response);
+
+ retval = asn1_decode_sam_response(&buf,*rep);
+ if(retval) clean_return(retval);
+
+ cleanup(free);
+}
+
+krb5_error_code decode_krb5_predicted_sam_response(code, rep)
+ const krb5_data * code;
+ krb5_predicted_sam_response **rep;
+{
+ setup_buf_only(); /* preallocated */
+ alloc_field(*rep,krb5_predicted_sam_response);
+
+ retval = asn1_decode_predicted_sam_response(&buf,*rep);
+ if(retval) clean_return(retval);
+
+ cleanup(free);
+}
+
krb5_cleanup();
}
+/* sam preauth additions */
+krb5_error_code encode_krb5_sam_challenge(rep, code)
+ const krb5_sam_challenge * rep;
+ krb5_data ** code;
+{
+ krb5_setup();
+ retval = asn1_encode_sam_challenge(buf,rep,&length);
+ if(retval) return retval;
+ sum += length;
+ krb5_cleanup();
+}
+
+krb5_error_code encode_krb5_sam_key(rep, code)
+ const krb5_sam_key * rep;
+ krb5_data ** code;
+{
+ krb5_setup();
+ retval = asn1_encode_sam_key(buf,rep,&length);
+ if(retval) return retval;
+ sum += length;
+ krb5_cleanup();
+}
+
+krb5_error_code encode_krb5_enc_sam_response_enc(rep, code)
+ const krb5_enc_sam_response_enc * rep;
+ krb5_data ** code;
+{
+ krb5_setup();
+ retval = asn1_encode_enc_sam_response_enc(buf,rep,&length);
+ if(retval) return retval;
+ sum += length;
+ krb5_cleanup();
+}
+
+krb5_error_code encode_krb5_sam_response(rep, code)
+ const krb5_sam_response * rep;
+ krb5_data ** code;
+{
+ krb5_setup();
+ retval = asn1_encode_sam_response(buf,rep,&length);
+ if(retval) return retval;
+ sum += length;
+ krb5_cleanup();
+}
+
+krb5_error_code encode_krb5_predicted_sam_response(rep, code)
+ const krb5_predicted_sam_response * rep;
+ krb5_data ** code;
+{
+ krb5_setup();
+ retval = asn1_encode_predicted_sam_response(buf,rep,&length);
+ if(retval) return retval;
+ sum += length;
+ krb5_cleanup();
+}
projects / krb5.git / commitdiff