1 /* -*- mode: c; indent-tabs-mode: nil -*- */
3 * src/lib/krb5/asn.1/asn1_k_encode.c
5 * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
8 * Export of this software from the United States of America may
9 * require a specific license from the United States Government.
10 * It is the responsibility of any person or organization contemplating
11 * export to obtain such a license before exporting.
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. Furthermore if you modify this software you must label
21 * your software as modified software and not distribute it in such a
22 * fashion that it might be confused with the original M.I.T. software.
23 * M.I.T. makes no representations about the suitability of
24 * this software for any purpose. It is provided "as is" without express
25 * or implied warranty.
28 #include "asn1_k_encode.h"
29 #include "asn1_make.h"
30 #include "asn1_encode.h"
35 These are mostly only needed for PKINIT, but there are three
36 basic-krb5 encoders not converted yet. */
38 /* setup() -- create and initialize bookkeeping variables
39 retval: stores error codes returned from subroutines
40 length: length of the most-recently produced encoding
41 sum: cumulative length of the entire encoding */
43 asn1_error_code retval;\
46 /* form a sequence (by adding a sequence header to the current encoding) */
47 #define asn1_makeseq()\
48 { unsigned int length;\
49 retval = asn1_make_sequence(buf,sum,&length);\
54 /* produce the final output and clean up the workspace */
55 #define asn1_cleanup()\
59 /* asn1_addfield -- add a field, or component, to the encoding */
60 #define asn1_addfield(value,tag,encoder)\
61 { unsigned int length; \
62 retval = encoder(buf,value,&length); \
66 retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\
71 DEFINTTYPE(int32, krb5_int32);
72 DEFPTRTYPE(int32_ptr, int32);
74 DEFUINTTYPE(uint, unsigned int);
75 DEFUINTTYPE(octet, krb5_octet);
76 DEFUINTTYPE(ui_4, krb5_ui_4);
78 DEFFNLENTYPE(octetstring, unsigned char *, asn1_encode_octetstring);
79 DEFFNLENTYPE(s_octetstring, char *, asn1_encode_octetstring);
80 DEFFNLENTYPE(charstring, char *, asn1_encode_charstring);
81 DEFFNLENTYPE(generalstring, char *, asn1_encode_generalstring);
82 DEFFNLENTYPE(u_generalstring, unsigned char *, asn1_encode_generalstring);
83 DEFFNLENTYPE(opaque, char *, asn1_encode_opaque);
85 DEFFIELDTYPE(gstring_data, krb5_data,
86 FIELDOF_STRING(krb5_data, generalstring, data, length, -1));
87 DEFPTRTYPE(gstring_data_ptr,gstring_data);
89 DEFFIELDTYPE(ostring_data, krb5_data,
90 FIELDOF_STRING(krb5_data, s_octetstring, data, length, -1));
91 DEFPTRTYPE(ostring_data_ptr,ostring_data);
93 DEFFIELDTYPE(opaque_data, krb5_data,
94 FIELDOF_STRING(krb5_data, opaque, data, length, -1));
96 DEFFIELDTYPE(realm_of_principal_data, krb5_principal_data,
97 FIELDOF_NORM(krb5_principal_data, gstring_data, realm, -1));
98 DEFPTRTYPE(realm_of_principal, realm_of_principal_data);
101 static const struct field_info princname_fields[] = {
102 FIELDOF_NORM(krb5_principal_data, int32, type, 0),
103 FIELDOF_SEQOF_INT32(krb5_principal_data, gstring_data_ptr, data, length, 1),
105 /* krb5_principal is a typedef for krb5_principal_data*, so this is
106 effectively "encode_principal_data_at" with an address arg. */
107 DEFSEQTYPE(principal_data, krb5_principal_data, princname_fields, 0);
108 DEFPTRTYPE(principal, principal_data);
110 static asn1_error_code
111 asn1_encode_kerberos_time_at(asn1buf *buf, const krb5_timestamp *val,
112 unsigned int *retlen)
114 /* Range checking for time_t vs krb5_timestamp? */
116 return asn1_encode_generaltime(buf, tval, retlen);
118 DEFFNXTYPE(kerberos_time, krb5_timestamp, asn1_encode_kerberos_time_at);
120 const static struct field_info address_fields[] = {
121 FIELDOF_NORM(krb5_address, int32, addrtype, 0),
122 FIELDOF_STRING(krb5_address, octetstring, contents, length, 1),
124 DEFSEQTYPE(address, krb5_address, address_fields, 0);
125 DEFPTRTYPE(address_ptr, address);
127 DEFNULLTERMSEQOFTYPE(seq_of_host_addresses, address_ptr);
128 DEFPTRTYPE(ptr_seqof_host_addresses, seq_of_host_addresses);
131 optional_encrypted_data (const void *vptr)
133 const krb5_enc_data *val = vptr;
134 unsigned int optional = 0;
137 optional |= (1u << 1);
142 static const struct field_info encrypted_data_fields[] = {
143 FIELDOF_NORM(krb5_enc_data, int32, enctype, 0),
144 FIELDOF_OPT(krb5_enc_data, uint, kvno, 1, 1),
145 FIELDOF_NORM(krb5_enc_data, ostring_data, ciphertext, 2),
147 DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields,
148 optional_encrypted_data);
150 /* The encode_bitstring function wants an array of bytes (since PKINIT
151 may provide something that isn't 32 bits), but krb5_flags is stored
152 as a 32-bit integer in host order. */
153 static asn1_error_code
154 asn1_encode_krb5_flags_at(asn1buf *buf, const krb5_flags *val,
155 unsigned int *retlen)
157 unsigned char cbuf[4];
158 store_32_be((krb5_ui_4) *val, cbuf);
159 return asn1_encode_bitstring(buf, 4, cbuf, retlen);
161 DEFFNXTYPE(krb5_flags, krb5_flags, asn1_encode_krb5_flags_at);
163 const static struct field_info authdata_elt_fields[] = {
164 /* ad-type[0] INTEGER */
165 FIELDOF_NORM(krb5_authdata, int32, ad_type, 0),
166 /* ad-data[1] OCTET STRING */
167 FIELDOF_STRING(krb5_authdata, octetstring, contents, length, 1),
169 DEFSEQTYPE(authdata_elt, krb5_authdata, authdata_elt_fields, 0);
170 DEFPTRTYPE(authdata_elt_ptr, authdata_elt);
171 DEFNONEMPTYNULLTERMSEQOFTYPE(auth_data, authdata_elt_ptr);
172 DEFPTRTYPE(auth_data_ptr, auth_data);
174 static const struct field_info encryption_key_fields[] = {
175 FIELDOF_NORM(krb5_keyblock, int32, enctype, 0),
176 FIELDOF_STRING(krb5_keyblock, octetstring, contents, length, 1),
178 DEFSEQTYPE(encryption_key, krb5_keyblock, encryption_key_fields, 0);
179 DEFPTRTYPE(ptr_encryption_key, encryption_key);
181 static const struct field_info checksum_fields[] = {
182 FIELDOF_NORM(krb5_checksum, int32, checksum_type, 0),
183 FIELDOF_STRING(krb5_checksum, octetstring, contents, length, 1),
185 DEFSEQTYPE(checksum, krb5_checksum, checksum_fields, 0);
186 DEFPTRTYPE(checksum_ptr, checksum);
187 DEFNULLTERMSEQOFTYPE(seq_of_checksum, checksum_ptr);
188 DEFPTRTYPE(ptr_seqof_checksum, seq_of_checksum);
190 static const struct field_info lr_fields[] = {
191 FIELDOF_NORM(krb5_last_req_entry, int32, lr_type, 0),
192 FIELDOF_NORM(krb5_last_req_entry, kerberos_time, value, 1),
194 DEFSEQTYPE(last_req_ent, krb5_last_req_entry, lr_fields, 0);
196 DEFPTRTYPE(last_req_ent_ptr, last_req_ent);
197 DEFNONEMPTYNULLTERMSEQOFTYPE(last_req, last_req_ent_ptr);
198 DEFPTRTYPE(last_req_ptr, last_req);
200 static const struct field_info ticket_fields[] = {
201 FIELD_INT_IMM(KVNO, 0),
202 FIELDOF_NORM(krb5_ticket, realm_of_principal, server, 1),
203 FIELDOF_NORM(krb5_ticket, principal, server, 2),
204 FIELDOF_NORM(krb5_ticket, encrypted_data, enc_part, 3),
206 DEFSEQTYPE(untagged_ticket, krb5_ticket, ticket_fields, 0);
207 DEFAPPTAGGEDTYPE(ticket, 1, untagged_ticket);
209 static const struct field_info pa_data_fields[] = {
210 FIELDOF_NORM(krb5_pa_data, int32, pa_type, 1),
211 FIELDOF_STRING(krb5_pa_data, octetstring, contents, length, 2),
213 DEFSEQTYPE(pa_data, krb5_pa_data, pa_data_fields, 0);
214 DEFPTRTYPE(pa_data_ptr, pa_data);
216 DEFNULLTERMSEQOFTYPE(seq_of_pa_data, pa_data_ptr);
217 DEFPTRTYPE(ptr_seqof_pa_data, seq_of_pa_data);
219 DEFPTRTYPE(ticket_ptr, ticket);
220 DEFNONEMPTYNULLTERMSEQOFTYPE(seq_of_ticket,ticket_ptr);
221 DEFPTRTYPE(ptr_seqof_ticket, seq_of_ticket);
223 /* EncKDCRepPart ::= SEQUENCE */
224 static const struct field_info enc_kdc_rep_part_fields[] = {
225 /* key[0] EncryptionKey */
226 FIELDOF_NORM(krb5_enc_kdc_rep_part, ptr_encryption_key, session, 0),
227 /* last-req[1] LastReq */
228 FIELDOF_NORM(krb5_enc_kdc_rep_part, last_req_ptr, last_req, 1),
229 /* nonce[2] INTEGER */
230 FIELDOF_NORM(krb5_enc_kdc_rep_part, int32, nonce, 2),
231 /* key-expiration[3] KerberosTime OPTIONAL */
232 FIELDOF_OPT(krb5_enc_kdc_rep_part, kerberos_time, key_exp, 3, 3),
233 /* flags[4] TicketFlags */
234 FIELDOF_NORM(krb5_enc_kdc_rep_part, krb5_flags, flags, 4),
235 /* authtime[5] KerberosTime */
236 FIELDOF_NORM(krb5_enc_kdc_rep_part, kerberos_time, times.authtime, 5),
237 /* starttime[6] KerberosTime OPTIONAL */
238 FIELDOF_OPT(krb5_enc_kdc_rep_part, kerberos_time, times.starttime, 6, 6),
239 /* endtime[7] KerberosTime */
240 FIELDOF_NORM(krb5_enc_kdc_rep_part, kerberos_time, times.endtime, 7),
241 /* renew-till[8] KerberosTime OPTIONAL */
242 FIELDOF_OPT(krb5_enc_kdc_rep_part, kerberos_time, times.renew_till, 8, 8),
243 /* srealm[9] Realm */
244 FIELDOF_NORM(krb5_enc_kdc_rep_part, realm_of_principal, server, 9),
245 /* sname[10] PrincipalName */
246 FIELDOF_NORM(krb5_enc_kdc_rep_part, principal, server, 10),
247 /* caddr[11] HostAddresses OPTIONAL */
248 FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_host_addresses, caddrs,
250 /* encrypted-pa-data[12] SEQUENCE OF PA-DATA OPTIONAL */
251 FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_pa_data, enc_padata, 12, 12),
253 static unsigned int optional_enc_kdc_rep_part(const void *p)
255 const krb5_enc_kdc_rep_part *val = p;
256 unsigned int optional = 0;
259 optional |= (1u << 3);
260 if (val->times.starttime)
261 optional |= (1u << 6);
262 if (val->flags & TKT_FLG_RENEWABLE)
263 optional |= (1u << 8);
264 if (val->caddrs != NULL && val->caddrs[0] != NULL)
265 optional |= (1u << 11);
269 DEFSEQTYPE(enc_kdc_rep_part, krb5_enc_kdc_rep_part, enc_kdc_rep_part_fields,
270 optional_enc_kdc_rep_part);
272 /* Yuck! Eventually push this *up* above the encoder API and make the
273 rest of the library put the realm name in one consistent place. At
274 the same time, might as well add the msg-type field and encode both
275 AS-REQ and TGS-REQ through the same descriptor. */
276 struct kdc_req_hack {
278 krb5_data *server_realm;
280 static const struct field_info kdc_req_hack_fields[] = {
281 FIELDOF_NORM(struct kdc_req_hack, krb5_flags, v.kdc_options, 0),
282 FIELDOF_OPT(struct kdc_req_hack, principal, v.client, 1, 1),
283 FIELDOF_NORM(struct kdc_req_hack, gstring_data_ptr, server_realm, 2),
284 FIELDOF_OPT(struct kdc_req_hack, principal, v.server, 3, 3),
285 FIELDOF_OPT(struct kdc_req_hack, kerberos_time, v.from, 4, 4),
286 FIELDOF_NORM(struct kdc_req_hack, kerberos_time, v.till, 5),
287 FIELDOF_OPT(struct kdc_req_hack, kerberos_time, v.rtime, 6, 6),
288 FIELDOF_NORM(struct kdc_req_hack, int32, v.nonce, 7),
289 FIELDOF_SEQOF_INT32(struct kdc_req_hack, int32_ptr, v.ktype, v.nktypes, 8),
290 FIELDOF_OPT(struct kdc_req_hack, ptr_seqof_host_addresses, v.addresses, 9, 9),
291 FIELDOF_OPT(struct kdc_req_hack, encrypted_data, v.authorization_data, 10, 10),
292 FIELDOF_OPT(struct kdc_req_hack, ptr_seqof_ticket, v.second_ticket, 11, 11),
294 static unsigned int optional_kdc_req_hack(const void *p)
296 const struct kdc_req_hack *val2 = p;
297 const krb5_kdc_req *val = &val2->v;
298 unsigned int optional = 0;
300 if (val->second_ticket != NULL && val->second_ticket[0] != NULL)
301 optional |= (1u << 11);
302 if (val->authorization_data.ciphertext.data != NULL)
303 optional |= (1u << 10);
304 if (val->addresses != NULL && val->addresses[0] != NULL)
305 optional |= (1u << 9);
307 optional |= (1u << 6);
309 optional |= (1u << 4);
310 if (val->server != NULL)
311 optional |= (1u << 3);
312 if (val->client != NULL)
313 optional |= (1u << 1);
317 DEFSEQTYPE(kdc_req_body_hack, struct kdc_req_hack, kdc_req_hack_fields,
318 optional_kdc_req_hack);
319 static asn1_error_code
320 asn1_encode_kdc_req_hack(asn1buf *, const struct kdc_req_hack *,
322 MAKE_ENCFN(asn1_encode_kdc_req_hack, kdc_req_body_hack);
323 static asn1_error_code
324 asn1_encode_kdc_req_body(asn1buf *buf, const krb5_kdc_req *val,
325 unsigned int *retlen)
327 struct kdc_req_hack val2;
329 if (val->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
330 if (val->second_ticket != NULL && val->second_ticket[0] != NULL) {
331 val2.server_realm = &val->second_ticket[0]->server->realm;
332 } else return ASN1_MISSING_FIELD;
333 } else if (val->server != NULL) {
334 val2.server_realm = &val->server->realm;
335 } else return ASN1_MISSING_FIELD;
336 return asn1_encode_kdc_req_hack(buf, &val2, retlen);
338 DEFFNXTYPE(kdc_req_body, krb5_kdc_req, asn1_encode_kdc_req_body);
341 static const struct field_info transited_fields[] = {
342 FIELDOF_NORM(krb5_transited, octet, tr_type, 0),
343 FIELDOF_NORM(krb5_transited, ostring_data, tr_contents, 1),
345 DEFSEQTYPE(transited, krb5_transited, transited_fields, 0);
347 static const struct field_info krb_safe_body_fields[] = {
348 FIELDOF_NORM(krb5_safe, ostring_data, user_data, 0),
349 FIELDOF_OPT(krb5_safe, kerberos_time, timestamp, 1, 1),
350 FIELDOF_OPT(krb5_safe, int32, usec, 2, 2),
351 FIELDOF_OPT(krb5_safe, uint, seq_number, 3, 3),
352 FIELDOF_NORM(krb5_safe, address_ptr, s_address, 4),
353 FIELDOF_OPT(krb5_safe, address_ptr, r_address, 5, 5),
355 static unsigned int optional_krb_safe_body(const void *p)
357 const krb5_safe *val = p;
358 unsigned int optional = 0;
360 if (val->timestamp) {
361 optional |= (1u << 1);
362 optional |= (1u << 2);
365 optional |= (1u << 3);
366 if (val->r_address != NULL)
367 optional |= (1u << 5);
371 DEFSEQTYPE(krb_safe_body, krb5_safe, krb_safe_body_fields,
372 optional_krb_safe_body);
374 static const struct field_info krb_cred_info_fields[] = {
375 FIELDOF_NORM(krb5_cred_info, ptr_encryption_key, session, 0),
376 FIELDOF_OPT(krb5_cred_info, realm_of_principal, client, 1, 1),
377 FIELDOF_OPT(krb5_cred_info, principal, client, 2, 2),
378 FIELDOF_OPT(krb5_cred_info, krb5_flags, flags, 3, 3),
379 FIELDOF_OPT(krb5_cred_info, kerberos_time, times.authtime, 4, 4),
380 FIELDOF_OPT(krb5_cred_info, kerberos_time, times.starttime, 5, 5),
381 FIELDOF_OPT(krb5_cred_info, kerberos_time, times.endtime, 6, 6),
382 FIELDOF_OPT(krb5_cred_info, kerberos_time, times.renew_till, 7, 7),
383 FIELDOF_OPT(krb5_cred_info, realm_of_principal, server, 8, 8),
384 FIELDOF_OPT(krb5_cred_info, principal, server, 9, 9),
385 FIELDOF_OPT(krb5_cred_info, ptr_seqof_host_addresses, caddrs, 10, 10),
387 static unsigned int optional_krb_cred_info(const void *p)
389 const krb5_cred_info *val = p;
390 unsigned int optional = 0;
392 if (val->caddrs != NULL && val->caddrs[0] != NULL)
393 optional |= (1u << 10);
394 if (val->server != NULL) {
395 optional |= (1u << 9);
396 optional |= (1u << 8);
398 if (val->times.renew_till)
399 optional |= (1u << 7);
400 if (val->times.endtime)
401 optional |= (1u << 6);
402 if (val->times.starttime)
403 optional |= (1u << 5);
404 if (val->times.authtime)
405 optional |= (1u << 4);
407 optional |= (1u << 3);
408 if (val->client != NULL) {
409 optional |= (1u << 2);
410 optional |= (1u << 1);
415 DEFSEQTYPE(cred_info, krb5_cred_info, krb_cred_info_fields,
416 optional_krb_cred_info);
417 DEFPTRTYPE(cred_info_ptr, cred_info);
418 DEFNULLTERMSEQOFTYPE(seq_of_cred_info, cred_info_ptr);
420 DEFPTRTYPE(ptrseqof_cred_info, seq_of_cred_info);
425 optional_etype_info_entry(const void *vptr)
427 const krb5_etype_info_entry *val = vptr;
428 unsigned int optional = 0;
430 if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT)
431 optional |= (1u << 1);
435 static const struct field_info etype_info_entry_fields[] = {
436 FIELDOF_NORM(krb5_etype_info_entry, int32, etype, 0),
437 FIELDOF_OPTSTRING(krb5_etype_info_entry, octetstring, salt, length, 1, 1),
439 DEFSEQTYPE(etype_info_entry, krb5_etype_info_entry, etype_info_entry_fields,
440 optional_etype_info_entry);
443 optional_etype_info2_entry(const void *vptr)
445 const krb5_etype_info_entry *val = vptr;
446 unsigned int optional = 0;
448 if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT)
449 optional |= (1u << 1);
450 if (val->s2kparams.data)
451 optional |= (1u << 2);
456 static const struct field_info etype_info2_entry_fields[] = {
457 FIELDOF_NORM(krb5_etype_info_entry, int32, etype, 0),
458 FIELDOF_OPTSTRING(krb5_etype_info_entry, u_generalstring, salt, length,
460 FIELDOF_OPT(krb5_etype_info_entry, ostring_data, s2kparams, 2, 2),
462 DEFSEQTYPE(etype_info2_entry, krb5_etype_info_entry, etype_info2_entry_fields,
463 optional_etype_info2_entry);
465 DEFPTRTYPE(etype_info_entry_ptr, etype_info_entry);
466 DEFNULLTERMSEQOFTYPE(etype_info, etype_info_entry_ptr);
468 DEFPTRTYPE(etype_info2_entry_ptr, etype_info2_entry);
469 DEFNULLTERMSEQOFTYPE(etype_info2, etype_info2_entry_ptr);
471 static const struct field_info passwdsequence_fields[] = {
472 FIELDOF_NORM(passwd_phrase_element, ostring_data_ptr, passwd, 0),
473 FIELDOF_NORM(passwd_phrase_element, ostring_data_ptr, phrase, 1),
475 DEFSEQTYPE(passwdsequence, passwd_phrase_element, passwdsequence_fields, 0);
477 DEFPTRTYPE(passwdsequence_ptr, passwdsequence);
478 DEFNONEMPTYNULLTERMSEQOFTYPE(seqof_passwdsequence, passwdsequence_ptr);
479 DEFPTRTYPE(ptr_seqof_passwdsequence, seqof_passwdsequence);
482 static const struct field_info sam_challenge_fields[] = {
483 FIELDOF_NORM(krb5_sam_challenge, int32, sam_type, 0),
484 FIELDOF_NORM(krb5_sam_challenge, krb5_flags, sam_flags, 1),
485 FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_type_name, 2, 2),
486 FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_track_id,3, 3),
487 FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_challenge_label,4, 4),
488 FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_challenge,5, 5),
489 FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_response_prompt,6, 6),
490 FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_pk_for_sad,7, 7),
491 FIELDOF_OPT(krb5_sam_challenge, int32, sam_nonce, 8, 8),
492 FIELDOF_OPT(krb5_sam_challenge, checksum, sam_cksum, 9, 9),
494 static unsigned int optional_sam_challenge(const void *p)
496 const krb5_sam_challenge *val = p;
497 unsigned int optional = 0;
499 if (val->sam_cksum.length)
500 optional |= (1u << 9);
503 optional |= (1u << 8);
505 if (val->sam_pk_for_sad.length > 0) optional |= (1u << 7);
506 if (val->sam_response_prompt.length > 0) optional |= (1u << 6);
507 if (val->sam_challenge.length > 0) optional |= (1u << 5);
508 if (val->sam_challenge_label.length > 0) optional |= (1u << 4);
509 if (val->sam_track_id.length > 0) optional |= (1u << 3);
510 if (val->sam_type_name.length > 0) optional |= (1u << 2);
514 DEFSEQTYPE(sam_challenge,krb5_sam_challenge,sam_challenge_fields,
515 optional_sam_challenge);
517 #if 0 /* encoders not used! */
518 MAKE_ENCFN(asn1_encode_sequence_of_checksum, seq_of_checksum);
519 static asn1_error_code
520 asn1_encode_sam_challenge_2(asn1buf *buf, const krb5_sam_challenge_2 *val,
521 unsigned int *retlen)
524 if ( (!val) || (!val->sam_cksum) || (!val->sam_cksum[0]))
525 return ASN1_MISSING_FIELD;
527 asn1_addfield(val->sam_cksum, 1, asn1_encode_sequence_of_checksum);
532 retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length,
533 (unsigned char *)val->sam_challenge_2_body.data);
537 sum += val->sam_challenge_2_body.length;
538 retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0,
539 val->sam_challenge_2_body.length, &length);
549 DEFFNXTYPE(sam_challenge_2, krb5_sam_challenge_2, asn1_encode_sam_challenge_2);
551 static const struct field_info sam_challenge_2_body_fields[] = {
552 FIELDOF_NORM(krb5_sam_challenge_2_body, int32, sam_type, 0),
553 FIELDOF_NORM(krb5_sam_challenge_2_body, krb5_flags, sam_flags, 1),
554 FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_type_name, 2, 2),
555 FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_track_id,3, 3),
556 FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_challenge_label,4, 4),
557 FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_challenge,5, 5),
558 FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_response_prompt,6, 6),
559 FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_pk_for_sad,7, 7),
560 FIELDOF_NORM(krb5_sam_challenge_2_body, int32, sam_nonce, 8),
561 FIELDOF_NORM(krb5_sam_challenge_2_body, int32, sam_etype, 9),
563 static unsigned int optional_sam_challenge_2_body(const void *p)
565 const krb5_sam_challenge_2_body *val = p;
566 unsigned int optional = 0;
568 if (val->sam_pk_for_sad.length > 0) optional |= (1u << 7);
569 if (val->sam_response_prompt.length > 0) optional |= (1u << 6);
570 if (val->sam_challenge.length > 0) optional |= (1u << 5);
571 if (val->sam_challenge_label.length > 0) optional |= (1u << 4);
572 if (val->sam_track_id.length > 0) optional |= (1u << 3);
573 if (val->sam_type_name.length > 0) optional |= (1u << 2);
577 DEFSEQTYPE(sam_challenge_2_body,krb5_sam_challenge_2_body,sam_challenge_2_body_fields,
578 optional_sam_challenge_2_body);
581 static const struct field_info sam_key_fields[] = {
582 FIELDOF_NORM(krb5_sam_key, encryption_key, sam_key, 0),
584 DEFSEQTYPE(sam_key, krb5_sam_key, sam_key_fields, 0);
586 static const struct field_info enc_sam_response_enc_fields[] = {
587 FIELDOF_NORM(krb5_enc_sam_response_enc, int32, sam_nonce, 0),
588 FIELDOF_NORM(krb5_enc_sam_response_enc, kerberos_time, sam_timestamp, 1),
589 FIELDOF_NORM(krb5_enc_sam_response_enc, int32, sam_usec, 2),
590 FIELDOF_OPT(krb5_enc_sam_response_enc, ostring_data, sam_sad, 3, 3),
592 static unsigned int optional_enc_sam_response_enc(const void *p)
594 const krb5_enc_sam_response_enc *val = p;
595 unsigned int optional = 0;
597 if (val->sam_sad.length > 0) optional |= (1u << 3);
601 DEFSEQTYPE(enc_sam_response_enc, krb5_enc_sam_response_enc,
602 enc_sam_response_enc_fields, optional_enc_sam_response_enc);
604 static const struct field_info enc_sam_response_enc_2_fields[] = {
605 FIELDOF_NORM(krb5_enc_sam_response_enc_2, int32, sam_nonce, 0),
606 FIELDOF_OPT(krb5_enc_sam_response_enc_2, ostring_data, sam_sad, 1, 1),
608 static unsigned int optional_enc_sam_response_enc_2(const void *p)
610 const krb5_enc_sam_response_enc_2 *val = p;
611 unsigned int optional = 0;
613 if (val->sam_sad.length > 0) optional |= (1u << 1);
617 DEFSEQTYPE(enc_sam_response_enc_2, krb5_enc_sam_response_enc_2,
618 enc_sam_response_enc_2_fields, optional_enc_sam_response_enc_2);
620 static const struct field_info sam_response_fields[] = {
621 FIELDOF_NORM(krb5_sam_response, int32, sam_type, 0),
622 FIELDOF_NORM(krb5_sam_response, krb5_flags, sam_flags, 1),
623 FIELDOF_OPT(krb5_sam_response, ostring_data, sam_track_id, 2, 2),
624 FIELDOF_OPT(krb5_sam_response, encrypted_data, sam_enc_key, 3, 3),
625 FIELDOF_NORM(krb5_sam_response, encrypted_data, sam_enc_nonce_or_ts, 4),
626 FIELDOF_OPT(krb5_sam_response, int32, sam_nonce, 5, 5),
627 FIELDOF_OPT(krb5_sam_response, kerberos_time, sam_patimestamp, 6, 6),
629 static unsigned int optional_sam_response(const void *p)
631 const krb5_sam_response *val = p;
632 unsigned int optional = 0;
634 if (val->sam_patimestamp)
635 optional |= (1u << 6);
637 optional |= (1u << 5);
638 if (val->sam_enc_key.ciphertext.length)
639 optional |= (1u << 3);
640 if (val->sam_track_id.length > 0) optional |= (1u << 2);
644 DEFSEQTYPE(sam_response, krb5_sam_response, sam_response_fields,
645 optional_sam_response);
647 static const struct field_info sam_response_2_fields[] = {
648 FIELDOF_NORM(krb5_sam_response_2, int32, sam_type, 0),
649 FIELDOF_NORM(krb5_sam_response_2, krb5_flags, sam_flags, 1),
650 FIELDOF_OPT(krb5_sam_response_2, ostring_data, sam_track_id, 2, 2),
651 FIELDOF_NORM(krb5_sam_response_2, encrypted_data, sam_enc_nonce_or_sad, 3),
652 FIELDOF_NORM(krb5_sam_response_2, int32, sam_nonce, 4),
654 static unsigned int optional_sam_response_2(const void *p)
656 const krb5_sam_response_2 *val = p;
657 unsigned int optional = 0;
659 if (val->sam_track_id.length > 0) optional |= (1u << 2);
663 DEFSEQTYPE(sam_response_2, krb5_sam_response_2, sam_response_2_fields,
664 optional_sam_response_2);
666 static const struct field_info predicted_sam_response_fields[] = {
667 FIELDOF_NORM(krb5_predicted_sam_response, encryption_key, sam_key, 0),
668 FIELDOF_NORM(krb5_predicted_sam_response, krb5_flags, sam_flags, 1),
669 FIELDOF_NORM(krb5_predicted_sam_response, kerberos_time, stime, 2),
670 FIELDOF_NORM(krb5_predicted_sam_response, int32, susec, 3),
671 FIELDOF_NORM(krb5_predicted_sam_response, realm_of_principal, client, 4),
672 FIELDOF_NORM(krb5_predicted_sam_response, principal, client, 5),
673 FIELDOF_OPT(krb5_predicted_sam_response, ostring_data, msd, 6, 6),
675 static unsigned int optional_predicted_sam_response(const void *p)
677 const krb5_predicted_sam_response *val = p;
678 unsigned int optional = 0;
680 if (val->msd.length > 0) optional |= (1u << 6);
684 DEFSEQTYPE(predicted_sam_response, krb5_predicted_sam_response,
685 predicted_sam_response_fields,
686 optional_predicted_sam_response);
688 static const struct field_info krb5_authenticator_fields[] = {
689 /* Authenticator ::= [APPLICATION 2] SEQUENCE */
690 /* authenticator-vno[0] INTEGER */
691 FIELD_INT_IMM(KVNO, 0),
692 /* crealm[1] Realm */
693 FIELDOF_NORM(krb5_authenticator, realm_of_principal, client, 1),
694 /* cname[2] PrincipalName */
695 FIELDOF_NORM(krb5_authenticator, principal, client, 2),
696 /* cksum[3] Checksum OPTIONAL */
697 FIELDOF_OPT(krb5_authenticator, checksum_ptr, checksum, 3, 3),
698 /* cusec[4] INTEGER */
699 FIELDOF_NORM(krb5_authenticator, int32, cusec, 4),
700 /* ctime[5] KerberosTime */
701 FIELDOF_NORM(krb5_authenticator, kerberos_time, ctime, 5),
702 /* subkey[6] EncryptionKey OPTIONAL */
703 FIELDOF_OPT(krb5_authenticator, ptr_encryption_key, subkey, 6, 6),
704 /* seq-number[7] INTEGER OPTIONAL */
705 FIELDOF_OPT(krb5_authenticator, uint, seq_number, 7, 7),
706 /* authorization-data[8] AuthorizationData OPTIONAL */
707 FIELDOF_OPT(krb5_authenticator, auth_data_ptr, authorization_data, 8, 8),
709 static unsigned int optional_krb5_authenticator(const void *p)
711 const krb5_authenticator *val = p;
712 unsigned int optional = 0;
714 if (val->authorization_data != NULL && val->authorization_data[0] != NULL)
715 optional |= (1u << 8);
717 if (val->seq_number != 0)
718 optional |= (1u << 7);
720 if (val->subkey != NULL)
721 optional |= (1u << 6);
723 if (val->checksum != NULL)
724 optional |= (1u << 3);
728 DEFSEQTYPE(untagged_krb5_authenticator, krb5_authenticator, krb5_authenticator_fields,
729 optional_krb5_authenticator);
730 DEFAPPTAGGEDTYPE(krb5_authenticator, 2, untagged_krb5_authenticator);
732 static const struct field_info enc_tkt_part_fields[] = {
733 /* EncTicketPart ::= [APPLICATION 3] SEQUENCE */
734 /* flags[0] TicketFlags */
735 FIELDOF_NORM(krb5_enc_tkt_part, krb5_flags, flags, 0),
736 /* key[1] EncryptionKey */
737 FIELDOF_NORM(krb5_enc_tkt_part, ptr_encryption_key, session, 1),
738 /* crealm[2] Realm */
739 FIELDOF_NORM(krb5_enc_tkt_part, realm_of_principal, client, 2),
740 /* cname[3] PrincipalName */
741 FIELDOF_NORM(krb5_enc_tkt_part, principal, client, 3),
742 /* transited[4] TransitedEncoding */
743 FIELDOF_NORM(krb5_enc_tkt_part, transited, transited, 4),
744 /* authtime[5] KerberosTime */
745 FIELDOF_NORM(krb5_enc_tkt_part, kerberos_time, times.authtime, 5),
746 /* starttime[6] KerberosTime OPTIONAL */
747 FIELDOF_OPT(krb5_enc_tkt_part, kerberos_time, times.starttime, 6, 6),
748 /* endtime[7] KerberosTime */
749 FIELDOF_NORM(krb5_enc_tkt_part, kerberos_time, times.endtime, 7),
750 /* renew-till[8] KerberosTime OPTIONAL */
751 FIELDOF_OPT(krb5_enc_tkt_part, kerberos_time, times.renew_till, 8, 8),
752 /* caddr[9] HostAddresses OPTIONAL */
753 FIELDOF_OPT(krb5_enc_tkt_part, ptr_seqof_host_addresses, caddrs, 9, 9),
754 /* authorization-data[10] AuthorizationData OPTIONAL */
755 FIELDOF_OPT(krb5_enc_tkt_part, auth_data_ptr, authorization_data, 10, 10),
757 static unsigned int optional_enc_tkt_part(const void *p)
759 const krb5_enc_tkt_part *val = p;
760 unsigned int optional = 0;
762 if (val->authorization_data != NULL && val->authorization_data[0] != NULL)
763 optional |= (1u << 10);
764 if (val->caddrs != NULL && val->caddrs[0] != NULL)
765 optional |= (1u << 9);
766 if (val->times.renew_till)
767 optional |= (1u << 8);
768 if (val->times.starttime)
769 optional |= (1u << 6);
773 DEFSEQTYPE(untagged_enc_tkt_part, krb5_enc_tkt_part, enc_tkt_part_fields,
774 optional_enc_tkt_part);
775 DEFAPPTAGGEDTYPE(enc_tkt_part, 3, untagged_enc_tkt_part);
777 DEFAPPTAGGEDTYPE(enc_tgs_rep_part, 26, enc_kdc_rep_part);
779 static const struct field_info as_rep_fields[] = {
780 /* AS-REP ::= [APPLICATION 11] KDC-REP */
781 /* But KDC-REP needs to know what type it's being encapsulated
782 in, so expand each version. */
783 FIELD_INT_IMM(KVNO, 0),
784 FIELD_INT_IMM(KRB5_AS_REP, 1),
785 FIELDOF_OPT(krb5_kdc_rep, ptr_seqof_pa_data, padata, 2, 2),
786 FIELDOF_NORM(krb5_kdc_rep, realm_of_principal, client, 3),
787 FIELDOF_NORM(krb5_kdc_rep, principal, client, 4),
788 FIELDOF_NORM(krb5_kdc_rep, ticket_ptr, ticket, 5),
789 FIELDOF_NORM(krb5_kdc_rep, encrypted_data, enc_part, 6),
791 static unsigned int optional_as_rep(const void *p)
793 const krb5_kdc_rep *val = p;
794 unsigned int optional = 0;
796 if (val->padata != NULL && val->padata[0] != NULL)
797 optional |= (1u << 2);
801 DEFSEQTYPE(untagged_as_rep, krb5_kdc_rep, as_rep_fields, optional_as_rep);
802 DEFAPPTAGGEDTYPE(as_rep, 11, untagged_as_rep);
804 static const struct field_info tgs_rep_fields[] = {
805 /* TGS-REP ::= [APPLICATION 13] KDC-REP */
806 /* But KDC-REP needs to know what type it's being encapsulated
807 in, so expand each version. */
808 FIELD_INT_IMM(KVNO, 0),
809 FIELD_INT_IMM(KRB5_TGS_REP, 1),
810 FIELDOF_OPT(krb5_kdc_rep, ptr_seqof_pa_data, padata, 2, 2),
811 FIELDOF_NORM(krb5_kdc_rep, realm_of_principal, client, 3),
812 FIELDOF_NORM(krb5_kdc_rep, principal, client, 4),
813 FIELDOF_NORM(krb5_kdc_rep, ticket_ptr, ticket, 5),
814 FIELDOF_NORM(krb5_kdc_rep, encrypted_data, enc_part, 6),
816 static unsigned int optional_tgs_rep(const void *p)
818 const krb5_kdc_rep *val = p;
819 unsigned int optional = 0;
821 if (val->padata != NULL && val->padata[0] != NULL)
822 optional |= (1u << 2);
826 DEFSEQTYPE(untagged_tgs_rep, krb5_kdc_rep, tgs_rep_fields, optional_tgs_rep);
827 DEFAPPTAGGEDTYPE(tgs_rep, 13, untagged_tgs_rep);
829 static const struct field_info ap_req_fields[] = {
830 /* AP-REQ ::= [APPLICATION 14] SEQUENCE */
831 /* pvno[0] INTEGER */
832 FIELD_INT_IMM(KVNO, 0),
833 /* msg-type[1] INTEGER */
834 FIELD_INT_IMM(ASN1_KRB_AP_REQ, 1),
835 /* ap-options[2] APOptions */
836 FIELDOF_NORM(krb5_ap_req, krb5_flags, ap_options, 2),
837 /* ticket[3] Ticket */
838 FIELDOF_NORM(krb5_ap_req, ticket_ptr, ticket, 3),
839 /* authenticator[4] EncryptedData */
840 FIELDOF_NORM(krb5_ap_req, encrypted_data, authenticator, 4),
842 DEFSEQTYPE(untagged_ap_req, krb5_ap_req, ap_req_fields, 0);
843 DEFAPPTAGGEDTYPE(ap_req, 14, untagged_ap_req);
845 static const struct field_info ap_rep_fields[] = {
846 /* AP-REP ::= [APPLICATION 15] SEQUENCE */
847 /* pvno[0] INTEGER */
848 FIELD_INT_IMM(KVNO, 0),
849 /* msg-type[1] INTEGER */
850 FIELD_INT_IMM(ASN1_KRB_AP_REP, 1),
851 /* enc-part[2] EncryptedData */
852 FIELDOF_NORM(krb5_ap_rep, encrypted_data, enc_part, 2),
854 DEFSEQTYPE(untagged_ap_rep, krb5_ap_rep, ap_rep_fields, 0);
855 DEFAPPTAGGEDTYPE(ap_rep, 15, untagged_ap_rep);
857 static const struct field_info ap_rep_enc_part_fields[] = {
858 /* EncAPRepPart ::= [APPLICATION 27] SEQUENCE */
859 /* ctime[0] KerberosTime */
860 FIELDOF_NORM(krb5_ap_rep_enc_part, kerberos_time, ctime, 0),
861 /* cusec[1] INTEGER */
862 FIELDOF_NORM(krb5_ap_rep_enc_part, int32, cusec, 1),
863 /* subkey[2] EncryptionKey OPTIONAL */
864 FIELDOF_OPT(krb5_ap_rep_enc_part, ptr_encryption_key, subkey, 2, 2),
865 /* seq-number[3] INTEGER OPTIONAL */
866 FIELDOF_OPT(krb5_ap_rep_enc_part, uint, seq_number, 3, 3),
868 static unsigned int optional_ap_rep_enc_part(const void *p)
870 const krb5_ap_rep_enc_part *val = p;
871 unsigned int optional = 0;
874 optional |= (1u << 3);
875 if (val->subkey != NULL)
876 optional |= (1u << 2);
880 DEFSEQTYPE(untagged_ap_rep_enc_part, krb5_ap_rep_enc_part,
881 ap_rep_enc_part_fields, optional_ap_rep_enc_part);
882 DEFAPPTAGGEDTYPE(ap_rep_enc_part, 27, untagged_ap_rep_enc_part);
884 static const struct field_info as_req_fields[] = {
885 /* AS-REQ ::= [APPLICATION 10] KDC-REQ */
886 FIELD_INT_IMM(KVNO, 1),
887 FIELD_INT_IMM(KRB5_AS_REQ, 2),
888 FIELDOF_OPT(krb5_kdc_req, ptr_seqof_pa_data, padata, 3, 3),
889 FIELDOF_ENCODEAS(krb5_kdc_req, kdc_req_body, 4),
891 static unsigned int optional_as_req(const void *p)
893 const krb5_kdc_req *val = p;
894 unsigned int optional = 0;
896 if (val->padata != NULL && val->padata[0] != NULL)
897 optional |= (1u << 3);
901 DEFSEQTYPE(untagged_as_req, krb5_kdc_req, as_req_fields, optional_as_req);
902 DEFAPPTAGGEDTYPE(as_req, 10, untagged_as_req);
904 static const struct field_info tgs_req_fields[] = {
905 /* TGS-REQ ::= [APPLICATION 12] KDC-REQ */
906 FIELD_INT_IMM(KVNO, 1),
907 FIELD_INT_IMM(KRB5_TGS_REQ, 2),
908 FIELDOF_OPT(krb5_kdc_req, ptr_seqof_pa_data, padata, 3, 3),
909 FIELDOF_ENCODEAS(krb5_kdc_req, kdc_req_body, 4),
911 static unsigned int optional_tgs_req(const void *p)
913 const krb5_kdc_req *val = p;
914 unsigned int optional = 0;
916 if (val->padata != NULL && val->padata[0] != NULL)
917 optional |= (1u << 3);
921 DEFSEQTYPE(untagged_tgs_req, krb5_kdc_req, tgs_req_fields,
923 DEFAPPTAGGEDTYPE(tgs_req, 12, untagged_tgs_req);
925 static const struct field_info krb5_safe_fields[] = {
926 FIELD_INT_IMM(KVNO, 0),
927 FIELD_INT_IMM(ASN1_KRB_SAFE,1),
928 FIELD_SELF(krb_safe_body, 2),
929 FIELDOF_NORM(krb5_safe, checksum_ptr, checksum, 3),
931 DEFSEQTYPE(untagged_krb5_safe, krb5_safe, krb5_safe_fields, 0);
932 DEFAPPTAGGEDTYPE(krb5_safe, 20, untagged_krb5_safe);
934 DEFPTRTYPE(krb_saved_safe_body_ptr, opaque_data);
935 DEFFIELDTYPE(krb5_safe_checksum_only, krb5_safe,
936 FIELDOF_NORM(krb5_safe, checksum_ptr, checksum, -1));
937 DEFPTRTYPE(krb5_safe_checksum_only_ptr, krb5_safe_checksum_only);
938 static const struct field_info krb5_safe_with_body_fields[] = {
939 FIELD_INT_IMM(KVNO, 0),
940 FIELD_INT_IMM(ASN1_KRB_SAFE,1),
941 FIELDOF_NORM(struct krb5_safe_with_body, krb_saved_safe_body_ptr, body, 2),
942 FIELDOF_NORM(struct krb5_safe_with_body, krb5_safe_checksum_only_ptr, safe, 3),
944 DEFSEQTYPE(untagged_krb5_safe_with_body, struct krb5_safe_with_body,
945 krb5_safe_with_body_fields, 0);
946 DEFAPPTAGGEDTYPE(krb5_safe_with_body, 20, untagged_krb5_safe_with_body);
948 static const struct field_info priv_fields[] = {
949 FIELD_INT_IMM(KVNO, 0),
950 FIELD_INT_IMM(ASN1_KRB_PRIV, 1),
951 FIELDOF_NORM(krb5_priv, encrypted_data, enc_part, 3),
953 DEFSEQTYPE(untagged_priv, krb5_priv, priv_fields, 0);
954 DEFAPPTAGGEDTYPE(krb5_priv, 21, untagged_priv);
956 static const struct field_info priv_enc_part_fields[] = {
957 FIELDOF_NORM(krb5_priv_enc_part, ostring_data, user_data, 0),
958 FIELDOF_OPT(krb5_priv_enc_part, kerberos_time, timestamp, 1, 1),
959 FIELDOF_OPT(krb5_priv_enc_part, int32, usec, 2, 2),
960 FIELDOF_OPT(krb5_priv_enc_part, uint, seq_number, 3, 3),
961 FIELDOF_NORM(krb5_priv_enc_part, address_ptr, s_address, 4),
962 FIELDOF_OPT(krb5_priv_enc_part, address_ptr, r_address, 5, 5),
964 static unsigned int optional_priv_enc_part(const void *p)
966 const krb5_priv_enc_part *val = p;
967 unsigned int optional = 0;
969 if (val->timestamp) {
970 optional |= (1u << 2);
971 optional |= (1u << 1);
974 optional |= (1u << 3);
976 optional |= (1u << 5);
980 DEFSEQTYPE(untagged_priv_enc_part, krb5_priv_enc_part, priv_enc_part_fields,
981 optional_priv_enc_part);
982 DEFAPPTAGGEDTYPE(priv_enc_part, 28, untagged_priv_enc_part);
984 static const struct field_info cred_fields[] = {
985 /* KRB-CRED ::= [APPLICATION 22] SEQUENCE */
986 /* pvno[0] INTEGER */
987 FIELD_INT_IMM(KVNO, 0),
988 /* msg-type[1] INTEGER, -- KRB_CRED */
989 FIELD_INT_IMM(ASN1_KRB_CRED, 1),
990 /* tickets[2] SEQUENCE OF Ticket */
991 FIELDOF_NORM(krb5_cred, ptr_seqof_ticket, tickets, 2),
992 /* enc-part[3] EncryptedData */
993 FIELDOF_NORM(krb5_cred, encrypted_data, enc_part, 3),
995 DEFSEQTYPE(untagged_cred, krb5_cred, cred_fields, 0);
996 DEFAPPTAGGEDTYPE(krb5_cred, 22, untagged_cred);
998 static const struct field_info enc_cred_part_fields[] = {
999 /* EncKrbCredPart ::= [APPLICATION 29] SEQUENCE */
1000 /* ticket-info[0] SEQUENCE OF KrbCredInfo */
1001 FIELDOF_NORM(krb5_cred_enc_part, ptrseqof_cred_info, ticket_info, 0),
1002 /* nonce[1] INTEGER OPTIONAL */
1003 FIELDOF_OPT(krb5_cred_enc_part, int32, nonce, 1, 1),
1004 /* timestamp[2] KerberosTime OPTIONAL */
1005 FIELDOF_OPT(krb5_cred_enc_part, kerberos_time, timestamp, 2, 2),
1006 /* usec[3] INTEGER OPTIONAL */
1007 FIELDOF_OPT(krb5_cred_enc_part, int32, usec, 3, 3),
1008 /* s-address[4] HostAddress OPTIONAL */
1009 FIELDOF_OPT(krb5_cred_enc_part, address_ptr, s_address, 4, 4),
1010 /* r-address[5] HostAddress OPTIONAL */
1011 FIELDOF_OPT(krb5_cred_enc_part, address_ptr, r_address, 5, 5),
1013 static unsigned int optional_enc_cred_part(const void *p)
1015 const krb5_cred_enc_part *val = p;
1016 unsigned int optional = 0;
1018 if (val->r_address != NULL)
1019 optional |= (1u << 5);
1021 if (val->s_address != NULL)
1022 optional |= (1u << 4);
1024 if (val->timestamp) {
1025 optional |= (1u << 2);
1026 optional |= (1u << 3);
1030 optional |= (1u << 1);
1034 DEFSEQTYPE(untagged_enc_cred_part, krb5_cred_enc_part, enc_cred_part_fields,
1035 optional_enc_cred_part);
1036 DEFAPPTAGGEDTYPE(enc_cred_part, 29, untagged_enc_cred_part);
1038 static const struct field_info error_fields[] = {
1039 /* KRB-ERROR ::= [APPLICATION 30] SEQUENCE */
1040 /* pvno[0] INTEGER */
1041 FIELD_INT_IMM(KVNO, 0),
1042 /* msg-type[1] INTEGER */
1043 FIELD_INT_IMM(ASN1_KRB_ERROR, 1),
1044 /* ctime[2] KerberosTime OPTIONAL */
1045 FIELDOF_OPT(krb5_error, kerberos_time, ctime, 2, 2),
1046 /* cusec[3] INTEGER OPTIONAL */
1047 FIELDOF_OPT(krb5_error, int32, cusec, 3, 3),
1048 /* stime[4] KerberosTime */
1049 FIELDOF_NORM(krb5_error, kerberos_time, stime, 4),
1050 /* susec[5] INTEGER */
1051 FIELDOF_NORM(krb5_error, int32, susec, 5),
1052 /* error-code[6] INTEGER */
1053 FIELDOF_NORM(krb5_error, ui_4, error, 6),
1054 /* crealm[7] Realm OPTIONAL */
1055 FIELDOF_OPT(krb5_error, realm_of_principal, client, 7, 7),
1056 /* cname[8] PrincipalName OPTIONAL */
1057 FIELDOF_OPT(krb5_error, principal, client, 8, 8),
1058 /* realm[9] Realm -- Correct realm */
1059 FIELDOF_NORM(krb5_error, realm_of_principal, server, 9),
1060 /* sname[10] PrincipalName -- Correct name */
1061 FIELDOF_NORM(krb5_error, principal, server, 10),
1062 /* e-text[11] GeneralString OPTIONAL */
1063 FIELDOF_OPT(krb5_error, gstring_data, text, 11, 11),
1064 /* e-data[12] OCTET STRING OPTIONAL */
1065 FIELDOF_OPT(krb5_error, ostring_data, e_data, 12, 12),
1067 static unsigned int optional_error(const void *p)
1069 const krb5_error *val = p;
1070 unsigned int optional = 0;
1073 optional |= (1u << 2);
1075 optional |= (1u << 3);
1077 optional |= (1u << 7);
1078 optional |= (1u << 8);
1080 if (val->text.data != NULL && val->text.length > 0)
1081 optional |= (1u << 11);
1082 if (val->e_data.data != NULL && val->e_data.length > 0)
1083 optional |= (1u << 12);
1087 DEFSEQTYPE(untagged_krb5_error, krb5_error, error_fields, optional_error);
1088 DEFAPPTAGGEDTYPE(krb5_error, 30, untagged_krb5_error);
1090 static const struct field_info alt_method_fields[] = {
1091 FIELDOF_NORM(krb5_alt_method, int32, method, 0),
1092 FIELDOF_OPTSTRING(krb5_alt_method, octetstring, data, length, 1, 1),
1095 optional_alt_method(const void *p)
1097 const krb5_alt_method *a = p;
1098 unsigned int optional = 0;
1100 if (a->data != NULL && a->length > 0)
1101 optional |= (1u << 1);
1105 DEFSEQTYPE(alt_method, krb5_alt_method, alt_method_fields, optional_alt_method);
1107 static const struct field_info pa_enc_ts_fields[] = {
1108 FIELDOF_NORM(krb5_pa_enc_ts, kerberos_time, patimestamp, 0),
1109 FIELDOF_OPT(krb5_pa_enc_ts, int32, pausec, 1, 1),
1112 optional_pa_enc_ts(const void *p)
1114 const krb5_pa_enc_ts *val = p;
1115 unsigned int optional = 0;
1118 optional |= (1u << 1);
1122 DEFSEQTYPE(pa_enc_ts, krb5_pa_enc_ts, pa_enc_ts_fields, optional_pa_enc_ts);
1124 static const struct field_info pwd_data_fields[] = {
1125 FIELDOF_NORM(krb5_pwd_data, int32, sequence_count, 0),
1126 FIELDOF_NORM(krb5_pwd_data, ptr_seqof_passwdsequence, element, 1),
1128 DEFSEQTYPE(pwd_data, krb5_pwd_data, pwd_data_fields, 0);
1130 static const struct field_info setpw_req_fields[] = {
1131 FIELDOF_NORM(struct krb5_setpw_req, ostring_data, password, 0),
1132 FIELDOF_NORM(struct krb5_setpw_req, principal, target, 1),
1133 FIELDOF_NORM(struct krb5_setpw_req, realm_of_principal, target, 2),
1136 DEFSEQTYPE(setpw_req, struct krb5_setpw_req, setpw_req_fields, 0);
1138 /* [MS-SFU] Section 2.2.1. */
1139 static const struct field_info pa_for_user_fields[] = {
1140 FIELDOF_NORM(krb5_pa_for_user, principal, user, 0),
1141 FIELDOF_NORM(krb5_pa_for_user, realm_of_principal, user, 1),
1142 FIELDOF_NORM(krb5_pa_for_user, checksum, cksum, 2),
1143 FIELDOF_NORM(krb5_pa_for_user, gstring_data, auth_package, 3),
1146 DEFSEQTYPE(pa_for_user, krb5_pa_for_user, pa_for_user_fields, 0);
1148 /* draft-ietf-krb-wg-kerberos-referrals Appendix A. */
1149 static const struct field_info pa_svr_referral_data_fields[] = {
1150 FIELDOF_NORM(krb5_pa_svr_referral_data, realm_of_principal, principal, 0),
1151 FIELDOF_OPT(krb5_pa_svr_referral_data, principal, principal, 1, 1),
1154 DEFSEQTYPE(pa_svr_referral_data, krb5_pa_svr_referral_data, pa_svr_referral_data_fields, 0);
1156 /* draft-ietf-krb-wg-kerberos-referrals Section 8. */
1157 static const struct field_info pa_server_referral_data_fields[] = {
1158 FIELDOF_OPT(krb5_pa_server_referral_data, gstring_data_ptr, referred_realm, 0, 0),
1159 FIELDOF_OPT(krb5_pa_server_referral_data, principal, true_principal_name, 1, 1),
1160 FIELDOF_OPT(krb5_pa_server_referral_data, principal, requested_principal_name, 2, 2),
1161 FIELDOF_OPT(krb5_pa_server_referral_data, kerberos_time, referral_valid_until, 3, 3),
1162 FIELDOF_NORM(krb5_pa_server_referral_data, checksum, rep_cksum, 4),
1165 DEFSEQTYPE(pa_server_referral_data, krb5_pa_server_referral_data, pa_server_referral_data_fields, 0);
1168 /* draft-brezak-win2k-krb-authz Section 6. */
1169 static const struct field_info pa_pac_request_fields[] = {
1170 FIELDOF_NORM(krb5_pa_pac_req, boolean, include_pac, 0),
1173 DEFSEQTYPE(pa_pac_request, krb5_pa_pac_req, pa_pac_request_fields, 0);
1177 DEFFIELDTYPE(etype_list, krb5_etype_list,
1178 FIELDOF_SEQOF_INT32(krb5_etype_list, int32_ptr, etypes, length, -1));
1180 /* Exported complete encoders -- these produce a krb5_data with
1181 the encoding in the correct byte order. */
1183 MAKE_FULL_ENCODER(encode_krb5_authenticator, krb5_authenticator);
1184 MAKE_FULL_ENCODER(encode_krb5_ticket, ticket);
1185 MAKE_FULL_ENCODER(encode_krb5_encryption_key, encryption_key);
1186 MAKE_FULL_ENCODER(encode_krb5_enc_tkt_part, enc_tkt_part);
1187 /* XXX We currently (for backwards compatibility) encode both
1188 EncASRepPart and EncTGSRepPart with application tag 26. */
1189 MAKE_FULL_ENCODER(encode_krb5_enc_kdc_rep_part, enc_tgs_rep_part);
1190 MAKE_FULL_ENCODER(encode_krb5_as_rep, as_rep);
1191 MAKE_FULL_ENCODER(encode_krb5_tgs_rep, tgs_rep);
1192 MAKE_FULL_ENCODER(encode_krb5_ap_req, ap_req);
1193 MAKE_FULL_ENCODER(encode_krb5_ap_rep, ap_rep);
1194 MAKE_FULL_ENCODER(encode_krb5_ap_rep_enc_part, ap_rep_enc_part);
1195 MAKE_FULL_ENCODER(encode_krb5_as_req, as_req);
1196 MAKE_FULL_ENCODER(encode_krb5_tgs_req, tgs_req);
1197 MAKE_FULL_ENCODER(encode_krb5_kdc_req_body, kdc_req_body);
1198 MAKE_FULL_ENCODER(encode_krb5_safe, krb5_safe);
1201 * encode_krb5_safe_with_body
1203 * Like encode_krb5_safe(), except takes a saved KRB-SAFE-BODY
1204 * encoding to avoid problems with re-encoding.
1206 MAKE_FULL_ENCODER(encode_krb5_safe_with_body, krb5_safe_with_body);
1208 MAKE_FULL_ENCODER(encode_krb5_priv, krb5_priv);
1209 MAKE_FULL_ENCODER(encode_krb5_enc_priv_part, priv_enc_part);
1210 MAKE_FULL_ENCODER(encode_krb5_cred, krb5_cred);
1211 MAKE_FULL_ENCODER(encode_krb5_enc_cred_part, enc_cred_part);
1212 MAKE_FULL_ENCODER(encode_krb5_error, krb5_error);
1213 MAKE_FULL_ENCODER(encode_krb5_authdata, auth_data);
1214 MAKE_FULL_ENCODER(encode_krb5_authdata_elt, authdata_elt);
1215 MAKE_FULL_ENCODER(encode_krb5_alt_method, alt_method);
1216 MAKE_FULL_ENCODER(encode_krb5_etype_info, etype_info);
1217 MAKE_FULL_ENCODER(encode_krb5_etype_info2, etype_info2);
1218 MAKE_FULL_ENCODER(encode_krb5_enc_data, encrypted_data);
1219 MAKE_FULL_ENCODER(encode_krb5_pa_enc_ts, pa_enc_ts);
1220 /* Sandia Additions */
1221 MAKE_FULL_ENCODER(encode_krb5_pwd_sequence, passwdsequence);
1222 MAKE_FULL_ENCODER(encode_krb5_pwd_data, pwd_data);
1223 MAKE_FULL_ENCODER(encode_krb5_padata_sequence, seq_of_pa_data);
1224 /* sam preauth additions */
1225 MAKE_FULL_ENCODER(encode_krb5_sam_challenge, sam_challenge);
1226 #if 0 /* encoders not used! */
1227 MAKE_FULL_ENCODER(encode_krb5_sam_challenge_2, sam_challenge_2);
1228 MAKE_FULL_ENCODER(encode_krb5_sam_challenge_2_body,
1229 sam_challenge_2_body);
1231 MAKE_FULL_ENCODER(encode_krb5_sam_key, sam_key);
1232 MAKE_FULL_ENCODER(encode_krb5_enc_sam_response_enc,
1233 enc_sam_response_enc);
1234 MAKE_FULL_ENCODER(encode_krb5_enc_sam_response_enc_2,
1235 enc_sam_response_enc_2);
1236 MAKE_FULL_ENCODER(encode_krb5_sam_response, sam_response);
1237 MAKE_FULL_ENCODER(encode_krb5_sam_response_2, sam_response_2);
1238 MAKE_FULL_ENCODER(encode_krb5_predicted_sam_response,
1239 predicted_sam_response);
1240 MAKE_FULL_ENCODER(encode_krb5_setpw_req, setpw_req);
1241 MAKE_FULL_ENCODER(encode_krb5_pa_for_user, pa_for_user);
1242 MAKE_FULL_ENCODER(encode_krb5_pa_svr_referral_data, pa_svr_referral_data);
1243 MAKE_FULL_ENCODER(encode_krb5_pa_server_referral_data, pa_server_referral_data);
1244 MAKE_FULL_ENCODER(encode_krb5_etype_list, etype_list);
1252 #ifndef DISABLE_PKINIT
1257 /* This code hasn't been converted to use the above framework yet,
1258 because we currently have no test cases to validate the new
1259 version. It *also* appears that some of the encodings may disagree
1260 with the specifications, but that's a separate problem. */
1262 /**** asn1 macros ****/
1264 How to write an asn1 encoder function using these macros:
1266 asn1_error_code asn1_encode_krb5_substructure(asn1buf *buf,
1267 const krb5_type *val,
1272 asn1_addfield(val->last_field, n, asn1_type);
1273 asn1_addfield(rep->next_to_last_field, n-1, asn1_type);
1276 /* for OPTIONAL fields */
1277 if (rep->field_i == should_not_be_omitted)
1278 asn1_addfield(rep->field_i, i, asn1_type);
1280 /* for string fields (these encoders take an additional argument,
1281 the length of the string) */
1282 addlenfield(rep->field_length, rep->field, i-1, asn1_type);
1284 /* if you really have to do things yourself... */
1285 retval = asn1_encode_asn1_type(buf,rep->field,&length);
1286 if (retval) return retval;
1288 retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length,
1290 if (retval) return retval;
1294 asn1_addfield(rep->second_field, 1, asn1_type);
1295 asn1_addfield(rep->first_field, 0, asn1_type);
1302 /* asn1_addlenfield -- add a field whose length must be separately specified */
1303 #define asn1_addlenfield(len,value,tag,encoder)\
1304 { unsigned int length; \
1305 retval = encoder(buf,len,value,&length); \
1307 asn1buf_destroy(&buf);\
1310 retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\
1312 asn1buf_destroy(&buf);\
1316 /* asn1_addfield_implicit -- add an implicitly tagged field, or component, to the encoding */
1317 #define asn1_addfield_implicit(value,tag,encoder)\
1318 { unsigned int length;\
1319 retval = encoder(buf,value,&length);\
1323 retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,length,&length); \
1328 /* asn1_insert_implicit_octetstring -- add an octet string with implicit tagging */
1329 #define asn1_insert_implicit_octetstring(len,value,tag)\
1330 { unsigned int length;\
1331 retval = asn1buf_insert_octetstring(buf,len,value);\
1335 retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,len,&length); \
1340 /* asn1_insert_implicit_bitstring -- add a bitstring with implicit tagging */
1341 /* needs "length" declared in enclosing context */
1342 #define asn1_insert_implicit_bitstring(len,value,tag)\
1343 { retval = asn1buf_insert_octetstring(buf,len,value); \
1347 retval = asn1buf_insert_octet(buf, 0);\
1351 retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,tag,len+1,&length); \
1356 /* Callable encoders for the types defined above, until the PKINIT
1357 encoders get converted. */
1358 MAKE_ENCFN(asn1_encode_realm, realm_of_principal_data);
1359 MAKE_ENCFN(asn1_encode_principal_name, principal_data);
1360 MAKE_ENCFN(asn1_encode_encryption_key, encryption_key);
1361 MAKE_ENCFN(asn1_encode_checksum, checksum);
1363 static asn1_error_code
1364 asn1_encode_kerberos_time(asn1buf *buf, const krb5_timestamp val,
1365 unsigned int *retlen)
1367 return asn1_encode_kerberos_time_at(buf,&val,retlen);
1370 /* Now the real PKINIT encoder functions. */
1371 asn1_error_code asn1_encode_pk_authenticator(asn1buf *buf, const krb5_pk_authenticator *val, unsigned int *retlen)
1374 asn1_addlenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_encode_octetstring);
1375 asn1_addfield(val->nonce, 2, asn1_encode_integer);
1376 asn1_addfield(val->ctime, 1, asn1_encode_kerberos_time);
1377 asn1_addfield(val->cusec, 0, asn1_encode_integer);
1383 asn1_error_code asn1_encode_pk_authenticator_draft9(asn1buf *buf, const krb5_pk_authenticator_draft9 *val, unsigned int *retlen)
1387 asn1_addfield(val->nonce, 4, asn1_encode_integer);
1388 asn1_addfield(val->ctime, 3, asn1_encode_kerberos_time);
1389 asn1_addfield(val->cusec, 2, asn1_encode_integer);
1390 asn1_addfield(val->kdcName, 1, asn1_encode_realm);
1391 asn1_addfield(val->kdcName, 0, asn1_encode_principal_name);
1398 asn1_error_code asn1_encode_algorithm_identifier(asn1buf *buf, const krb5_algorithm_identifier *val, unsigned int *retlen)
1402 if (val->parameters.length != 0) {
1403 retval = asn1buf_insert_octetstring(buf, val->parameters.length,
1404 val->parameters.data);
1406 asn1buf_destroy(&buf);
1409 sum += val->parameters.length;
1413 unsigned int length;
1414 retval = asn1_encode_oid(buf, val->algorithm.length,
1415 val->algorithm.data,
1419 asn1buf_destroy(&buf);
1429 asn1_error_code asn1_encode_subject_pk_info(asn1buf *buf, const krb5_subject_pk_info *val, unsigned int *retlen)
1434 unsigned int length;
1435 asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,ASN1_BITSTRING);
1438 if (val->algorithm.parameters.length != 0) {
1439 unsigned int length;
1441 retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length,
1442 val->algorithm.parameters.data);
1444 asn1buf_destroy(&buf);
1447 sum += val->algorithm.parameters.length;
1449 retval = asn1_encode_oid(buf, val->algorithm.algorithm.length,
1450 val->algorithm.algorithm.data,
1454 asn1buf_destroy(&buf);
1460 retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE,
1461 val->algorithm.parameters.length + length,
1465 asn1buf_destroy(&buf);
1475 asn1_error_code asn1_encode_sequence_of_algorithm_identifier(asn1buf *buf, const krb5_algorithm_identifier **val, unsigned int *retlen)
1480 if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD;
1482 for (i=0; val[i] != NULL; i++);
1483 for (i--; i>=0; i--) {
1484 unsigned int length;
1485 retval = asn1_encode_algorithm_identifier(buf,val[i],&length);
1486 if (retval) return retval;
1494 asn1_error_code asn1_encode_auth_pack(asn1buf *buf, const krb5_auth_pack *val, unsigned int *retlen)
1498 if (val->clientDHNonce.length != 0)
1499 asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring);
1500 if (val->supportedCMSTypes != NULL)
1501 asn1_addfield((const krb5_algorithm_identifier **)val->supportedCMSTypes,2,asn1_encode_sequence_of_algorithm_identifier);
1502 if (val->clientPublicValue != NULL)
1503 asn1_addfield(val->clientPublicValue,1,asn1_encode_subject_pk_info);
1504 asn1_addfield(&(val->pkAuthenticator),0,asn1_encode_pk_authenticator);
1510 asn1_error_code asn1_encode_auth_pack_draft9(asn1buf *buf, const krb5_auth_pack_draft9 *val, unsigned int *retlen)
1514 if (val->clientPublicValue != NULL)
1515 asn1_addfield(val->clientPublicValue, 1, asn1_encode_subject_pk_info);
1516 asn1_addfield(&(val->pkAuthenticator), 0, asn1_encode_pk_authenticator_draft9);
1522 asn1_error_code asn1_encode_external_principal_identifier(asn1buf *buf, const krb5_external_principal_identifier *val, unsigned int *retlen)
1526 /* Verify there is something to encode */
1527 if (val->subjectKeyIdentifier.length == 0 && val->issuerAndSerialNumber.length == 0 && val->subjectName.length == 0)
1528 return ASN1_MISSING_FIELD;
1530 if (val->subjectKeyIdentifier.length != 0)
1531 asn1_insert_implicit_octetstring(val->subjectKeyIdentifier.length,val->subjectKeyIdentifier.data,2);
1533 if (val->issuerAndSerialNumber.length != 0)
1534 asn1_insert_implicit_octetstring(val->issuerAndSerialNumber.length,val->issuerAndSerialNumber.data,1);
1536 if (val->subjectName.length != 0)
1537 asn1_insert_implicit_octetstring(val->subjectName.length,val->subjectName.data,0);
1543 asn1_error_code asn1_encode_sequence_of_external_principal_identifier(asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen)
1548 if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD;
1550 for (i=0; val[i] != NULL; i++);
1551 for (i--; i>=0; i--) {
1552 unsigned int length;
1553 retval = asn1_encode_external_principal_identifier(buf,val[i],&length);
1554 if (retval) return retval;
1562 asn1_error_code asn1_encode_pa_pk_as_req(asn1buf *buf, const krb5_pa_pk_as_req *val, unsigned int *retlen)
1566 if (val->kdcPkId.length != 0)
1567 asn1_insert_implicit_octetstring(val->kdcPkId.length,val->kdcPkId.data,2);
1569 if (val->trustedCertifiers != NULL)
1570 asn1_addfield((const krb5_external_principal_identifier **)val->trustedCertifiers,1,asn1_encode_sequence_of_external_principal_identifier);
1572 asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0);
1578 asn1_error_code asn1_encode_trusted_ca(asn1buf *buf, const krb5_trusted_ca *val, unsigned int *retlen)
1582 switch (val->choice) {
1583 case choice_trusted_cas_issuerAndSerial:
1584 asn1_insert_implicit_octetstring(val->u.issuerAndSerial.length,val->u.issuerAndSerial.data,2);
1586 case choice_trusted_cas_caName:
1587 asn1_insert_implicit_octetstring(val->u.caName.length,val->u.caName.data,1);
1589 case choice_trusted_cas_principalName:
1590 asn1_addfield_implicit(val->u.principalName,0,asn1_encode_principal_name);
1593 return ASN1_MISSING_FIELD;
1599 asn1_error_code asn1_encode_sequence_of_trusted_ca(asn1buf *buf, const krb5_trusted_ca **val, unsigned int *retlen)
1604 if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD;
1606 for (i=0; val[i] != NULL; i++);
1607 for (i--; i>=0; i--) {
1608 unsigned int length;
1609 retval = asn1_encode_trusted_ca(buf,val[i],&length);
1610 if (retval) return retval;
1617 asn1_error_code asn1_encode_pa_pk_as_req_draft9(asn1buf *buf, const krb5_pa_pk_as_req_draft9 *val, unsigned int *retlen)
1621 if (val->encryptionCert.length != 0)
1622 asn1_insert_implicit_octetstring(val->encryptionCert.length,val->encryptionCert.data,3);
1624 if (val->kdcCert.length != 0)
1625 asn1_insert_implicit_octetstring(val->kdcCert.length,val->kdcCert.data,2);
1627 if (val->trustedCertifiers != NULL)
1628 asn1_addfield((const krb5_trusted_ca **)val->trustedCertifiers,1,asn1_encode_sequence_of_trusted_ca);
1630 asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0);
1636 asn1_error_code asn1_encode_dh_rep_info(asn1buf *buf, const krb5_dh_rep_info *val, unsigned int *retlen)
1640 if (val->serverDHNonce.length != 0)
1641 asn1_insert_implicit_octetstring(val->serverDHNonce.length,val->serverDHNonce.data,1);
1643 asn1_insert_implicit_octetstring(val->dhSignedData.length,val->dhSignedData.data,0);
1649 asn1_error_code asn1_encode_kdc_dh_key_info(asn1buf *buf, const krb5_kdc_dh_key_info *val, unsigned int *retlen)
1653 if (val->dhKeyExpiration != 0)
1654 asn1_addfield(val->dhKeyExpiration, 2, asn1_encode_kerberos_time);
1655 asn1_addfield(val->nonce, 1, asn1_encode_integer);
1658 unsigned int length;
1660 asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,3);
1661 retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0,
1662 val->subjectPublicKey.length + 1 + length,
1665 asn1buf_destroy(&buf);
1675 asn1_error_code asn1_encode_reply_key_pack(asn1buf *buf, const krb5_reply_key_pack *val, unsigned int *retlen)
1679 asn1_addfield(&(val->asChecksum), 1, asn1_encode_checksum);
1680 asn1_addfield(&(val->replyKey), 0, asn1_encode_encryption_key);
1686 asn1_error_code asn1_encode_reply_key_pack_draft9(asn1buf *buf, const krb5_reply_key_pack_draft9 *val, unsigned int *retlen)
1690 asn1_addfield(val->nonce, 1, asn1_encode_integer);
1691 asn1_addfield(&(val->replyKey), 0, asn1_encode_encryption_key);
1697 asn1_error_code asn1_encode_pa_pk_as_rep(asn1buf *buf, const krb5_pa_pk_as_rep *val, unsigned int *retlen)
1701 switch (val->choice)
1703 case choice_pa_pk_as_rep_dhInfo:
1704 asn1_addfield(&(val->u.dh_Info), choice_pa_pk_as_rep_dhInfo, asn1_encode_dh_rep_info);
1706 case choice_pa_pk_as_rep_encKeyPack:
1707 asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1);
1710 return ASN1_MISSING_FIELD;
1716 asn1_error_code asn1_encode_pa_pk_as_rep_draft9(asn1buf *buf, const krb5_pa_pk_as_rep_draft9 *val, unsigned int *retlen)
1720 switch (val->choice)
1722 case choice_pa_pk_as_rep_draft9_dhSignedData:
1723 asn1_insert_implicit_octetstring(val->u.dhSignedData.length,val->u.dhSignedData.data,0);
1725 case choice_pa_pk_as_rep_encKeyPack:
1726 asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1);
1729 return ASN1_MISSING_FIELD;
1735 asn1_error_code asn1_encode_td_trusted_certifiers(asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen)
1739 unsigned int length;
1740 retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length);
1742 asn1buf_destroy(&buf);
1745 /* length set but ignored? sum not updated? */
1750 asn1_error_code asn1_encode_sequence_of_typed_data(asn1buf *buf, const krb5_typed_data **val, unsigned int *retlen)
1755 if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD;
1757 for (i=0; val[i] != NULL; i++);
1758 for (i--; i>=0; i--) {
1759 unsigned int length;
1761 retval = asn1_encode_typed_data(buf,val[i],&length);
1762 if (retval) return retval;
1770 asn1_error_code asn1_encode_typed_data(asn1buf *buf, const krb5_typed_data *val, unsigned int *retlen)
1773 asn1_addlenfield(val->length, val->data, 1, asn1_encode_octetstring);
1774 asn1_addfield(val->type, 0, asn1_encode_integer);
1778 #endif /* DISABLE_PKINIT */