From a02992087ea991bbd0793f21021f843af6df1ef7 Mon Sep 17 00:00:00 2001 From: Ken Hornstein Date: Wed, 30 Oct 2002 18:41:24 +0000 Subject: [PATCH] Wrong ASN.1 definition and padata type for new hardware preauth It turned out that early in the development cycle, one of our developers picked the "next" PADATA type in krb5.hin, and we said, "We've got to fix that when we get the real one assigned" ... and we never did. Noticed by Ezra Peisach. Also, the definition for sam-pk-for-sad was changed to OCTET STRING from EncryptionKey in the draft and the code, but we never updated the ASN.1 definition. Also noticed by Ezra Peisach. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14945 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 5 +++++ src/include/krb5.hin | 7 +++++-- src/lib/krb5/asn.1/ChangeLog | 4 ++++ src/lib/krb5/asn.1/KRB5-asn.py | 2 +- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index bf8dbf6b3..6c6e50742 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2002-10-30 Ken Hornstein + + * krb5.hin: Change definitions of new SAM preauth types to + match kerberos-clarifications. + 2002-10-24 Ken Hornstein * k5-int.h, krb5.hin: Add new protocols, definitions, and diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 5b8cb2c60..ceb5a47b8 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -866,8 +866,11 @@ krb5_error_code krb5_decrypt_data #define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ #define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ #define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ -#define KRB5_PADATA_SAM_CHALLENGE_2 14 /* draft challenge system, updated */ -#define KRB5_PADATA_SAM_RESPONSE_2 15 /* draft challenge system, updated */ +#define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */ +#define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */ + +#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ +#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index 577429d7e..f5734ff7c 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,7 @@ +2002-10-30 Ken Hornstein + + * KRB5-asn.py: Fix definition for sam-pk-for-sad element. + 2002-10-24 Ken Hornstein * KRB5-asn.py, asn1_k_decode.c, asn1_k_decode.h, asn1_k_encode.c, diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py index 867ac6771..e455fd9a1 100644 --- a/src/lib/krb5/asn.1/KRB5-asn.py +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -363,7 +363,7 @@ PA-SAM-CHALLENGE ::= SEQUENCE { sam-challenge-label[4] GeneralString OPTIONAL, sam-challenge[5] GeneralString OPTIONAL, sam-response-prompt[6] GeneralString OPTIONAL, - sam-pk-for-sad[7] EncryptionKey OPTIONAL, + sam-pk-for-sad[7] OCTET STRING OPTIONAL, sam-nonce[8] INTEGER OPTIONAL, sam-cksum[9] Checksum OPTIONAL } -- 2.26.2