From 3352ed02d146c3627337ab2c9d41f696f4a87fbd Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 6 May 2003 18:46:46 +0000 Subject: [PATCH] Implement encoders for etype_info2 and add support to s2kparams for decoders. Ticket: 1454 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15393 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 6 ++++ src/include/k5-int.h | 8 +++++ src/lib/krb5/asn.1/ChangeLog | 15 ++++++++++ src/lib/krb5/asn.1/asn1_k_decode.c | 12 ++++++-- src/lib/krb5/asn.1/asn1_k_encode.c | 14 ++++++--- src/lib/krb5/asn.1/asn1_k_encode.h | 4 +-- src/lib/krb5/asn.1/krb5_decode.c | 10 +++++++ src/lib/krb5/asn.1/krb5_encode.c | 12 +++++++- src/lib/krb5/krb/ChangeLog | 4 +++ src/lib/krb5/krb/kfree.c | 1 + src/tests/asn.1/ChangeLog | 7 +++++ src/tests/asn.1/krb5_encode_test.c | 26 ++++++++++++++++ src/tests/asn.1/ktest.c | 45 ++++++++++++++++++++++++++++ src/tests/asn.1/ktest.h | 2 ++ src/tests/asn.1/reference_encode.out | 2 ++ src/tests/asn.1/trval_reference.out | 23 ++++++++++++++ 16 files changed, 182 insertions(+), 9 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index e3b83e825..8ae6cd178 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,9 @@ +2003-05-06 Sam Hartman + + * k5-int.h: Add s2kparams to + krb5_etype_info_entry + Add encode_etype_info2 and decode_etype_info2 + 2003-05-02 Ken Raeburn * port-sockets.h (inet_ntop) [!_WIN32 && !HAVE_MACSOCK_H]: Define diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 35d924bc3..ccbd16899 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -282,12 +282,15 @@ typedef struct _krb5_alt_method { * A null-terminated array of this structure is returned by the KDC as * the data part of the ETYPE_INFO preauth type. It informs the * client which encryption types are supported. + * The same data structure is used by both etype-info and etype-info2 + * but s2kparams must be null when encoding etype-info. */ typedef struct _krb5_etype_info_entry { krb5_magic magic; krb5_enctype etype; unsigned int length; krb5_octet *salt; + krb5_data s2kparams; } krb5_etype_info_entry; /* @@ -1230,6 +1233,8 @@ krb5_error_code encode_krb5_alt_method krb5_error_code encode_krb5_etype_info (const krb5_etype_info_entry **, krb5_data **code); +krb5_error_code encode_krb5_etype_info2 + (const krb5_etype_info_entry **, krb5_data **code); krb5_error_code encode_krb5_enc_data (const krb5_enc_data *, krb5_data **); @@ -1408,6 +1413,9 @@ krb5_error_code decode_krb5_alt_method krb5_error_code decode_krb5_etype_info (const krb5_data *output, krb5_etype_info_entry ***rep); +krb5_error_code decode_krb5_etype_info2 + (const krb5_data *output, krb5_etype_info_entry ***rep); + krb5_error_code decode_krb5_enc_data (const krb5_data *output, krb5_enc_data **rep); diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index 4eaa5fe61..c4bd9bc08 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,18 @@ +2003-05-06 Sam Hartman + + * krb5_decode.c (decode_krb5_etype_info2): New function; currently + the same code as decode_krb5_etype_info. This means that we can + manage to accept s2kparams in etype_info which is wrong but + probably harmless. + + * asn1_k_decode.c (asn1_decode_etype_info_entry): Add etype_info2 + support + + * asn1_k_encode.c (asn1_encode_etype_info_entry): Add support for + etype-info2 + + * krb5_encode.c (encode_krb5_etype_info2): New function + 2003-04-15 Sam Hartman * krb5_encode.c (encode_krb5_setpw_req): new function diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index a19dda2a3..e56832a7b 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -796,7 +796,7 @@ asn1_error_code asn1_decode_sequence_of_checksum(asn1buf *buf, krb5_checksum *** decode_array_body(krb5_checksum, asn1_decode_checksum); } -asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val) +asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val ) { setup(); { begin_structure(); @@ -807,13 +807,21 @@ asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry val->length = KRB5_ETYPE_NO_SALT; val->salt = 0; } + if ( tagnum ==2) { + krb5_octet *params = (krb5_octet *) val->s2kparams.data; + get_lenfield( val->s2kparams.length, params, + 2, asn1_decode_octetstring); + } else { + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + } end_structure(); val->magic = KV5M_ETYPE_INFO_ENTRY; } cleanup(); } -asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val) +asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val ) { decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry); } diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 9226f7ca2..703214dd2 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -27,6 +27,7 @@ #include "asn1_k_encode.h" #include "asn1_make.h" #include "asn1_encode.h" +#include /**** asn1 macros ****/ #if 0 @@ -708,14 +709,18 @@ asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *va asn1_cleanup(); } -asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, unsigned int *retlen) +asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, + unsigned int *retlen, int etype_info2) { asn1_setup(); + assert(val->s2kparams.data == NULL || etype_info2); if(val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT && val->salt == NULL)) return ASN1_MISSING_FIELD; - + if(val->s2kparams.data != NULL) + asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, + asn1_encode_octetstring); if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) asn1_addlenfield(val->length,val->salt,1, asn1_encode_octetstring); @@ -725,7 +730,8 @@ asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info asn1_cleanup(); } -asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, unsigned int *retlen) +asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, + unsigned int *retlen, int etype_info2) { asn1_setup(); int i; @@ -734,7 +740,7 @@ asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry for(i=0; val[i] != NULL; i++); /* get to the end of the array */ for(i--; i>=0; i--){ - retval = asn1_encode_etype_info_entry(buf,val[i],&length); + retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2); if(retval) return retval; sum += length; } diff --git a/src/lib/krb5/asn.1/asn1_k_encode.h b/src/lib/krb5/asn.1/asn1_k_encode.h index 5914e0981..a2429a778 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.h +++ b/src/lib/krb5/asn.1/asn1_k_encode.h @@ -219,11 +219,11 @@ asn1_error_code asn1_encode_alt_method asn1_error_code asn1_encode_etype_info_entry (asn1buf *buf, const krb5_etype_info_entry *val, - unsigned int *retlen); + unsigned int *retlen, int etype_info2); asn1_error_code asn1_encode_etype_info (asn1buf *buf, const krb5_etype_info_entry **val, - unsigned int *retlen); + unsigned int *retlen, int etype_info2); asn1_error_code asn1_encode_passwdsequence (asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen); diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index 03a30295b..b39bae5c4 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -744,6 +744,16 @@ krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_en cleanup_none(); /* we're not allocating anything here */ } +krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep) +{ + setup_buf_only(); + *rep = 0; + retval = asn1_decode_etype_info(&buf,rep); + if(retval) clean_return(retval); + cleanup_none(); /* we're not allocating anything here */ +} + + krb5_error_code decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **rep) { setup_buf_only(); diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 04deef0d2..7412209f6 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -678,12 +678,22 @@ krb5_error_code encode_krb5_alt_method(const krb5_alt_method *rep, krb5_data **c krb5_error_code encode_krb5_etype_info(const krb5_etype_info_entry **rep, krb5_data **code) { krb5_setup(); - retval = asn1_encode_etype_info(buf,rep,&length); + retval = asn1_encode_etype_info(buf,rep,&length, 0); if(retval) return retval; sum += length; krb5_cleanup(); } +krb5_error_code encode_krb5_etype_info2(const krb5_etype_info_entry **rep, krb5_data **code) +{ + krb5_setup(); + retval = asn1_encode_etype_info(buf,rep,&length, 1); + if(retval) return retval; + sum += length; + krb5_cleanup(); +} + + krb5_error_code encode_krb5_enc_data(const krb5_enc_data *rep, krb5_data **code) { krb5_setup(); diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 6d60e232a..0d46e8eca 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,7 @@ +2003-05-06 Sam Hartman + + * kfree.c (krb5_free_etype_info): Free s2kparams + 2003-04-27 Sam Hartman * chpw.c (krb5int_setpw_result_code_string): Make internal diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 0313a912a..9fc8ed4ed 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -246,6 +246,7 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info) for(i=0; info[i] != NULL; i++) { if (info[i]->salt) free(info[i]->salt); + krb5_free_data_contents( context, &info[2]->s2kparams); free(info[i]); } free(info); diff --git a/src/tests/asn.1/ChangeLog b/src/tests/asn.1/ChangeLog index d4c543025..2cfc096d7 100644 --- a/src/tests/asn.1/ChangeLog +++ b/src/tests/asn.1/ChangeLog @@ -1,3 +1,10 @@ +2003-05-06 Sam Hartman + + * krb5_encode_test.c (main): Add etype_info2 support + + * ktest.c (ktest_make_sample_etype_info): Initialize s2kparams to be null. + (ktest_make_sample_etype_info2): New function + 2002-11-07 Ezra Peisach * krb5_decode_test.c: Test for sam_challenege without empty diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c index 012be90b4..1cbeccd66 100644 --- a/src/tests/asn.1/krb5_encode_test.c +++ b/src/tests/asn.1/krb5_encode_test.c @@ -531,6 +531,32 @@ main(argc, argv) free(info); } + /* encode_etype_info 2*/ + { + krb5_etype_info_entry **info; + + setup(info,krb5_etype_info_entry **,"etype_info2", + ktest_make_sample_etype_info2); + retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code)); + if(retval) { + com_err("encoding etype_info",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info2", ""); + ktest_destroy_etype_info_entry(info[2]); info[2] = 0; + ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + + retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code)); + if(retval) { + com_err("encoding etype_info (only 1)",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info2 (only 1)", ""); + + ktest_destroy_etype_info_entry(info[0]); info[0] = 0; + + free(info); + } /****************************************************************/ /* encode_pa_enc_ts */ diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index af02d1ad7..e08203622 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -656,6 +656,8 @@ krb5_error_code ktest_make_sample_etype_info(p) if (info[i]->salt == 0) goto memfail; strcpy((char *) info[i]->salt, buf); + info[i]->s2kparams.data = NULL; + info[i]->s2kparams.length = 0; info[i]->magic = KV5M_ETYPE_INFO_ENTRY; } free(info[1]->salt); @@ -668,6 +670,49 @@ memfail: return ENOMEM; } + +krb5_error_code ktest_make_sample_etype_info2(p) + krb5_etype_info_entry *** p; +{ + krb5_etype_info_entry **info; + int i; + char buf[80]; + + info = malloc(sizeof(krb5_etype_info_entry *) * 4); + if (!info) + return ENOMEM; + memset(info, 0, sizeof(krb5_etype_info_entry *) * 4); + + for (i=0; i < 3; i++) { + info[i] = malloc(sizeof(krb5_etype_info_entry)); + if (info[i] == 0) + goto memfail; + info[i]->etype = i; + sprintf(buf, "Morton's #%d", i); + info[i]->length = strlen(buf); + info[i]->salt = malloc((size_t) (info[i]->length+1)); + if (info[i]->salt == 0) + goto memfail; + strcpy((char *) info[i]->salt, buf); + sprintf(buf, "s2k: %d", i); + info[i]->s2kparams.data = malloc(strlen(buf)+1); + if (info[i]->s2kparams.data == NULL) + goto memfail; + strcpy( info[i]->s2kparams.data, buf); + info[i]->s2kparams.length = strlen(buf); + info[i]->magic = KV5M_ETYPE_INFO_ENTRY; + } + free(info[1]->salt); + info[1]->length = KRB5_ETYPE_NO_SALT; + info[1]->salt = 0; + *p = info; + return 0; +memfail: + ktest_destroy_etype_info(info); + return ENOMEM; +} + + krb5_error_code ktest_make_sample_pa_enc_ts(pa_enc) krb5_pa_enc_ts * pa_enc; { diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h index 59e87047c..5c8175c65 100644 --- a/src/tests/asn.1/ktest.h +++ b/src/tests/asn.1/ktest.h @@ -89,6 +89,8 @@ krb5_error_code ktest_make_sample_alt_method krb5_error_code ktest_make_sample_etype_info (krb5_etype_info_entry *** p); +krb5_error_code ktest_make_sample_etype_info2 + (krb5_etype_info_entry *** p); krb5_error_code ktest_make_sample_pa_enc_ts (krb5_pa_enc_ts *am); krb5_error_code ktest_make_sample_sam_challenge diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out index 0dbfc8d77..0d449d232 100644 --- a/src/tests/asn.1/reference_encode.out +++ b/src/tests/asn.1/reference_encode.out @@ -44,6 +44,8 @@ encode_krb5_alt_method (no data): 30 05 A0 03 02 01 2A encode_krb5_etype_info: 30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 encode_krb5_etype_info (only 1): 30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 encode_krb5_etype_info (no info): 30 00 +encode_krb5_etype_info2: 30 51 30 1E A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32 +encode_krb5_etype_info2 (only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out index 2287d5fac..4422ad4cb 100644 --- a/src/tests/asn.1/trval_reference.out +++ b/src/tests/asn.1/trval_reference.out @@ -1124,6 +1124,29 @@ encode_krb5_etype_info (no info): [Sequence/Sequence Of] +encode_krb5_etype_info2: + +[Sequence/Sequence Of] +. [Sequence/Sequence Of] +. . [0] [Integer] 0 +. . [1] [Octet String] "Morton's #0" +. . [2] [Octet String] "s2k: 0" +. [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [2] [Octet String] "s2k: 1" +. [Sequence/Sequence Of] +. . [0] [Integer] 2 +. . [1] [Octet String] "Morton's #2" +. . [2] [Octet String] "s2k: 2" + +encode_krb5_etype_info2 (only 1): + +[Sequence/Sequence Of] +. [Sequence/Sequence Of] +. . [0] [Integer] 0 +. . [1] [Octet String] "Morton's #0" +. . [2] [Octet String] "s2k: 0" + encode_krb5_pa_enc_ts: [Sequence/Sequence Of] -- 2.26.2