From e38ac4f90c324b76d6ffcd3a84a9ee8a3a8d7b6a Mon Sep 17 00:00:00 2001 From: Mark Eichin Date: Tue, 9 Apr 1996 22:51:38 +0000 Subject: [PATCH] add sam encoders, decoders, including "optional string" macros git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7771 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/KRB5-asn.py | 46 ++++++++++++ src/lib/krb5/asn.1/asn1_k_decode.c | 110 +++++++++++++++++++++++++++++ src/lib/krb5/asn.1/asn1_k_encode.c | 104 +++++++++++++++++++++++++++ src/lib/krb5/asn.1/krb5_decode.c | 65 +++++++++++++++++ src/lib/krb5/asn.1/krb5_encode.c | 55 +++++++++++++++ 5 files changed, 380 insertions(+) diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py index 036d10dee..73afd9457 100644 --- a/src/lib/krb5/asn.1/KRB5-asn.py +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -349,4 +349,50 @@ PasswdData ::= SEQUENCE { passwd-sequence[1] SEQUENCE OF PasswdSequence } +-- encodings from +-- Integrating Single-use Authentication Mechanisms with Kerberos + +PA-SAM-CHALLENGE ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-type-name[2] GeneralString OPTIONAL, + sam-track-id[3] GeneralString OPTIONAL, + sam-challenge-label[4] GeneralString OPTIONAL, + sam-challenge[5] GeneralString OPTIONAL, + sam-response-prompt[6] GeneralString OPTIONAL, + sam-pk-for-sad[7] EncryptionKey OPTIONAL, + sam-nonce[8] INTEGER OPTIONAL, + sam-cksum[9] Checksum OPTIONAL +} + +-- these are [0].. [2] in the draft +SAMFlags ::= BIT STRING { + use-sad-as-key(0), + send-encrypted-sad(1), + must-pk-encrypt-sad(2) +} + +PA-SAM-RESPONSE ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-track-id[2] GeneralString OPTIONAL, + -- sam-enc-key is reserved for future use, so I'm making it OPTIONAL - mwe + sam-enc-key[3] EncryptedData + -- PA-ENC-SAM-KEY, + sam-enc-nonce-or-ts[4] EncryptedData + -- PA-ENC-SAM-RESPONSE-ENC, + sam-nonce[5] INTEGER OPTIONAL, + sam-patimestamp[6] KerberosTime OPTIONAL +} + +PA-ENC-SAM-KEY ::= SEQUENCE { + sam-key[0] EncryptionKey +} + +PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { + sam-nonce[0] INTEGER OPTIONAL, + sam-timestamp[1] KerberosTime OPTIONAL, + sam-usec[2] INTEGER OPTIONAL, + sam-passcode[3] GeneralString OPTIONAL +} END diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 2d8654a20..1a2c7c30b 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -81,6 +81,10 @@ if(tagnum > (tagexpect)) return ASN1_MISSING_FIELD;\ if(tagnum < (tagexpect)) return ASN1_MISPLACED_FIELD;\ get_lenfield_body(len,var,decoder) +#define opt_lenfield(len,var,tagexpect,decoder)\ +if(tagnum == (tagexpect)){\ + get_lenfield_body(len,var,decoder); }\ +else { len = 0; var = 0; } #define begin_structure()\ @@ -707,3 +711,109 @@ asn1_error_code asn1_decode_sequence_of_passwdsequence(buf, val) { decode_array_body(passwd_phrase_element,asn1_decode_passwdsequence); } + +asn1_error_code asn1_decode_sam_flags(buf,val) + asn1buf * buf; + krb5_flags *val; +{ return asn1_decode_krb5_flags(buf,val); } + +#define opt_string(val,n,fn) opt_lenfield((val).length,(val).data,n,fn) +#define opt_cksum(var,tagexpect,decoder)\ +if(tagnum == (tagexpect)){\ + get_field_body(var,decoder); }\ +else var.length = 0 + +asn1_error_code asn1_decode_sam_challenge(buf,val) + asn1buf * buf; + krb5_sam_challenge *val; +{ + setup(); + { begin_structure(); + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_type_name,2,asn1_decode_charstring); + opt_string(val->sam_track_id,3,asn1_decode_charstring); + opt_string(val->sam_challenge_label,4,asn1_decode_charstring); + opt_string(val->sam_challenge,5,asn1_decode_charstring); + opt_string(val->sam_response_prompt,6,asn1_decode_charstring); + opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); + opt_field(val->sam_nonce,8,asn1_decode_int32,0); + opt_cksum(val->sam_cksum,9,asn1_decode_checksum); + end_structure(); + val->magic = KV5M_SAM_CHALLENGE; + } + cleanup(); +} +asn1_error_code asn1_decode_enc_sam_key(buf, val) + asn1buf * buf; + krb5_sam_key * val; +{ + setup(); + { begin_structure(); + /* alloc_field(val->sam_key,krb5_keyblock); */ + get_field(val->sam_key,0,asn1_decode_encryption_key); + end_structure(); + val->magic = KV5M_SAM_KEY; + } + cleanup(); +} + +asn1_error_code asn1_decode_enc_sam_response_enc(buf, val) + asn1buf * buf; + krb5_enc_sam_response_enc * val; +{ + setup(); + { begin_structure(); + opt_field(val->sam_nonce,0,asn1_decode_int32,0); + opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); + opt_field(val->sam_usec,2,asn1_decode_int32,0); + opt_string(val->sam_passcode,3,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_SAM_RESPONSE_ENC; + } + cleanup(); +} + +#define opt_encfield(fld,tag,fn) \ + if(tagnum == tag){ \ + get_field(fld,tag,fn); } \ + else{\ + fld.magic = 0;\ + fld.enctype = 0;\ + fld.kvno = 0;\ + fld.ciphertext.data = NULL;\ + fld.ciphertext.length = 0;\ + } + +asn1_error_code asn1_decode_sam_response(buf, val) + asn1buf * buf; + krb5_sam_response * val; +{ + setup(); + { begin_structure(); + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_track_id,2,asn1_decode_charstring); + opt_encfield(val->sam_enc_key,3,asn1_decode_encrypted_data); + get_field(val->sam_enc_nonce_or_ts,4,asn1_decode_encrypted_data); + opt_field(val->sam_nonce,5,asn1_decode_int32,0); + opt_field(val->sam_patimestamp,6,asn1_decode_kerberos_time,0); + end_structure(); + val->magic = KV5M_SAM_RESPONSE; + } + cleanup(); +} + + +asn1_error_code asn1_decode_predicted_sam_response(buf, val) + asn1buf * buf; + krb5_predicted_sam_response * val; +{ + setup(); + { begin_structure(); + get_field(val->sam_key,0,asn1_decode_encryption_key); + end_structure(); + val->magic = KV5M_PREDICTED_SAM_RESPONSE; + } + cleanup(); +} diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 9ef6b814b..75223294a 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -838,3 +838,107 @@ asn1_error_code asn1_encode_passwdsequence(buf, val, retlen) asn1_cleanup(); } +asn1_error_code asn1_encode_sam_flags(buf, val, retlen) + asn1buf * buf; + const krb5_flags val; + int * retlen; +{ + return asn1_encode_krb5_flags(buf,val,retlen); +} + +#define add_optstring(val,n,fn) \ + if ((val).length >= 0) {asn1_addlenfield((val).length,(val).data,n,fn);} + +asn1_error_code asn1_encode_sam_challenge(buf, val, retlen) + asn1buf * buf; + const krb5_sam_challenge * val; + int * retlen; +{ + asn1_setup(); + /* possibly wrong */ + if (val->sam_cksum.length) + asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); + + if (val->sam_nonce) + asn1_addfield(val->sam_nonce,8,asn1_encode_integer); + + add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); + add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); + add_optstring(val->sam_challenge,5,asn1_encode_charstring); + add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); + add_optstring(val->sam_track_id,3,asn1_encode_charstring); + add_optstring(val->sam_type_name,2,asn1_encode_charstring); + + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(val->sam_type,0,asn1_encode_integer); + + asn1_makeseq(); + asn1_cleanup(); +} + +asn1_error_code asn1_encode_sam_key(buf, val, retlen) + asn1buf * buf; + const krb5_sam_key * val; + int * retlen; +{ + asn1_setup(); + asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); + + asn1_makeseq(); + + asn1_cleanup(); +} + + +asn1_error_code asn1_encode_enc_sam_response_enc(buf, val, retlen) + asn1buf * buf; + const krb5_enc_sam_response_enc * val; + int * retlen; +{ + asn1_setup(); + add_optstring(val->sam_passcode,3,asn1_encode_charstring); + asn1_addfield(val->sam_usec,2,asn1_encode_integer); + asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time); + asn1_addfield(val->sam_nonce,0,asn1_encode_integer); + + asn1_makeseq(); + + asn1_cleanup(); +} + +asn1_error_code asn1_encode_sam_response(buf, val, retlen) + asn1buf * buf; + const krb5_sam_response * val; + int * retlen; +{ + asn1_setup(); + + if (val->sam_patimestamp) + asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); + if (val->sam_nonce) + asn1_addfield(val->sam_nonce,5,asn1_encode_integer); + asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data); + if (val->sam_enc_key.ciphertext.length) + asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); + add_optstring(val->sam_track_id,2,asn1_encode_charstring); + asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); + asn1_addfield(val->sam_type,0,asn1_encode_integer); + + asn1_makeseq(); + + asn1_cleanup(); +} + +asn1_error_code asn1_encode_predicted_sam_response(buf, val, retlen) + asn1buf * buf; + const krb5_predicted_sam_response * val; + int * retlen; +{ + asn1_setup(); + + asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); + + asn1_makeseq(); + + asn1_cleanup(); +} diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index c8ffdb745..3af86d024 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -771,3 +771,68 @@ krb5_error_code decode_krb5_pa_enc_ts(code, rep) cleanup(free); } +krb5_error_code decode_krb5_sam_challenge(code, rep) + const krb5_data * code; + krb5_sam_challenge **rep; +{ + setup_buf_only(); + alloc_field(*rep,krb5_sam_challenge); + + retval = asn1_decode_sam_challenge(&buf,*rep); + if(retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_enc_sam_key(code, rep) + const krb5_data * code; + krb5_sam_key **rep; +{ + setup_buf_only(); + alloc_field(*rep,krb5_sam_key); + + retval = asn1_decode_enc_sam_key(&buf,*rep); + if(retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_enc_sam_response_enc(code, rep) + const krb5_data * code; + krb5_enc_sam_response_enc **rep; +{ + setup_buf_only(); + alloc_field(*rep,krb5_enc_sam_response_enc); + + retval = asn1_decode_enc_sam_response_enc(&buf,*rep); + if(retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_sam_response(code, rep) + const krb5_data * code; + krb5_sam_response **rep; +{ + setup_buf_only(); + alloc_field(*rep,krb5_sam_response); + + retval = asn1_decode_sam_response(&buf,*rep); + if(retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_predicted_sam_response(code, rep) + const krb5_data * code; + krb5_predicted_sam_response **rep; +{ + setup_buf_only(); /* preallocated */ + alloc_field(*rep,krb5_predicted_sam_response); + + retval = asn1_decode_predicted_sam_response(&buf,*rep); + if(retval) clean_return(retval); + + cleanup(free); +} + diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 2a9d7a923..e421ebc10 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -792,3 +792,58 @@ krb5_error_code encode_krb5_padata_sequence(rep, code) krb5_cleanup(); } +/* sam preauth additions */ +krb5_error_code encode_krb5_sam_challenge(rep, code) + const krb5_sam_challenge * rep; + krb5_data ** code; +{ + krb5_setup(); + retval = asn1_encode_sam_challenge(buf,rep,&length); + if(retval) return retval; + sum += length; + krb5_cleanup(); +} + +krb5_error_code encode_krb5_sam_key(rep, code) + const krb5_sam_key * rep; + krb5_data ** code; +{ + krb5_setup(); + retval = asn1_encode_sam_key(buf,rep,&length); + if(retval) return retval; + sum += length; + krb5_cleanup(); +} + +krb5_error_code encode_krb5_enc_sam_response_enc(rep, code) + const krb5_enc_sam_response_enc * rep; + krb5_data ** code; +{ + krb5_setup(); + retval = asn1_encode_enc_sam_response_enc(buf,rep,&length); + if(retval) return retval; + sum += length; + krb5_cleanup(); +} + +krb5_error_code encode_krb5_sam_response(rep, code) + const krb5_sam_response * rep; + krb5_data ** code; +{ + krb5_setup(); + retval = asn1_encode_sam_response(buf,rep,&length); + if(retval) return retval; + sum += length; + krb5_cleanup(); +} + +krb5_error_code encode_krb5_predicted_sam_response(rep, code) + const krb5_predicted_sam_response * rep; + krb5_data ** code; +{ + krb5_setup(); + retval = asn1_encode_predicted_sam_response(buf,rep,&length); + if(retval) return retval; + sum += length; + krb5_cleanup(); +} -- 2.26.2