From 3e0d13c8278d2885760e405f537a882b896ff156 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 19 Sep 2011 00:34:52 +0000 Subject: [PATCH] Added underlying ASN.1 structures for pkinit algorithm agility Signed-off-by: Margaret Wasserman tested-by: Sam Hartman fixes-from: Sam Hartman git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int-pkinit.h | 22 +++++++++++++++++ src/lib/krb5/asn.1/asn1_k_encode.c | 38 +++++++++++++++++++++++++++--- src/lib/krb5/libkrb5.exports | 2 ++ 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h index 0c5ab0e0e..47e16e1c3 100644 --- a/src/include/k5-int-pkinit.h +++ b/src/include/k5-int-pkinit.h @@ -173,6 +173,22 @@ typedef struct _krb5_pa_pk_as_rep { } u; } krb5_pa_pk_as_rep; +/* SP80056A OtherInfo, for pkinit algorithm agility */ +typedef struct _krb5_sp80056a_other_info { + krb5_algorithm_identifier algorithm_identifier; + krb5_principal party_u_info; + krb5_principal party_v_info; + krb5_data supp_pub_info; +} krb5_sp80056a_other_info; + +/* PkinitSuppPubInfo, for pkinit algorithm agility */ +typedef struct _krb5_pkinit_supp_pub_info { + krb5_enctype enctype; + krb5_octet_data as_req; + krb5_octet_data pk_as_rep; + krb5_ticket *ticket; +} krb5_pkinit_supp_pub_info; + /* * Begin "asn1.h" */ @@ -223,6 +239,12 @@ krb5_error_code encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **, krb5_data **code); +krb5_error_code +encode_krb5_sp80056a_other_info(const krb5_sp80056a_other_info *, krb5_data **); + +krb5_error_code +encode_krb5_pkinit_supp_pub_info(const krb5_pkinit_supp_pub_info *, krb5_data **); + /************************************************************************* * Prototypes for pkinit asn.1 decode routines *************************************************************************/ diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index fffe9474c..7bca6d23b 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1421,6 +1421,39 @@ static unsigned int iakerb_finished_optional(const void *p) DEFSEQTYPE(iakerb_finished, krb5_iakerb_finished, iakerb_finished_fields, iakerb_finished_optional); +DEFFNXTYPE(algorithm_identifier, krb5_algorithm_identifier, asn1_encode_algorithm_identifier); +/* Krb5PrincipalName is defined in RFC 4556 and is *not* PrincipalName from RFC 4120*/ +static const struct field_info pkinit_krb5_principal_name_fields[] = { + FIELDOF_NORM(krb5_principal_data, gstring_data, realm, 0), + FIELDOF_ENCODEAS(krb5_principal_data, principal_data, 1) +}; + + +DEFSEQTYPE(pkinit_krb5_principal_name_data, krb5_principal_data, pkinit_krb5_principal_name_fields, NULL); +DEFPTRTYPE(pkinit_krb5_principal_name, pkinit_krb5_principal_name_data); +DEFOCTETWRAPTYPE(pkinit_krb5_principal_name_wrapped, pkinit_krb5_principal_name); + + +/* For SP80056A OtherInfo, for pkinit agility */ +static const struct field_info sp80056a_other_info_fields[] = { + FIELDOF_NORM(krb5_sp80056a_other_info, algorithm_identifier, algorithm_identifier, -1), + FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_u_info, 0), + FIELDOF_NORM(krb5_sp80056a_other_info, pkinit_krb5_principal_name_wrapped, party_v_info, 1), + FIELDOF_STRING(krb5_sp80056a_other_info, s_octetstring, supp_pub_info.data, supp_pub_info.length, 2), +}; + +DEFSEQTYPE(sp80056a_other_info, krb5_sp80056a_other_info, sp80056a_other_info_fields, NULL); + +/* For PkinitSuppPubInfo, for pkinit agility */ +static const struct field_info pkinit_supp_pub_info_fields[] = { + FIELDOF_NORM(krb5_pkinit_supp_pub_info, int32, enctype, 0), + FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, as_req.data, as_req.length, 1), + FIELDOF_STRING(krb5_pkinit_supp_pub_info, octetstring, pk_as_rep.data, pk_as_rep.length, 2), + FIELDOF_NORM(krb5_pkinit_supp_pub_info, ticket_ptr, ticket, 3), +}; + +DEFSEQTYPE(pkinit_supp_pub_info, krb5_pkinit_supp_pub_info, pkinit_supp_pub_info_fields, NULL); + /* Exported complete encoders -- these produce a krb5_data with the encoding in the correct byte order. */ @@ -1499,9 +1532,8 @@ MAKE_FULL_ENCODER(encode_krb5_ad_signedpath_data, ad_signedpath_data); MAKE_FULL_ENCODER(encode_krb5_ad_signedpath, ad_signedpath); MAKE_FULL_ENCODER(encode_krb5_iakerb_header, iakerb_header); MAKE_FULL_ENCODER(encode_krb5_iakerb_finished, iakerb_finished); - - - +MAKE_FULL_ENCODER(encode_krb5_pkinit_supp_pub_info, pkinit_supp_pub_info); +MAKE_FULL_ENCODER(encode_krb5_sp80056a_other_info, sp80056a_other_info); /* * PKINIT diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index cff9d396d..2637712b9 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -79,6 +79,7 @@ encode_krb5_pa_s4u_x509_user encode_krb5_pa_server_referral_data encode_krb5_pa_svr_referral_data encode_krb5_padata_sequence +encode_krb5_pkinit_supp_pub_info encode_krb5_predicted_sam_response encode_krb5_priv encode_krb5_pwd_data @@ -91,6 +92,7 @@ encode_krb5_sam_challenge_2_body encode_krb5_sam_key encode_krb5_sam_response encode_krb5_sam_response_2 +encode_krb5_sp80056a_other_info encode_krb5_tgs_rep encode_krb5_tgs_req encode_krb5_ticket -- 2.26.2