diff options
author | Ken Hornstein <kenh@cmf.nrl.navy.mil> | 2002-10-30 18:41:24 +0000 |
---|---|---|
committer | Ken Hornstein <kenh@cmf.nrl.navy.mil> | 2002-10-30 18:41:24 +0000 |
commit | a02992087ea991bbd0793f21021f843af6df1ef7 (patch) | |
tree | e5f2a481d6134183de90175c08803546dcd59ab2 | |
parent | ea56e463282c6168f8ec0f7c5aff43302efc7234 (diff) | |
download | krb5-a02992087ea991bbd0793f21021f843af6df1ef7.tar.gz krb5-a02992087ea991bbd0793f21021f843af6df1ef7.tar.xz krb5-a02992087ea991bbd0793f21021f843af6df1ef7.zip |
Wrong ASN.1 definition and padata type for new hardware preauth
It turned out that early in the development cycle, one of our developers
picked the "next" PADATA type in krb5.hin, and we said, "We've got to
fix that when we get the real one assigned" ... and we never did. Noticed
by Ezra Peisach.
Also, the definition for sam-pk-for-sad was changed to OCTET STRING from
EncryptionKey in the draft and the code, but we never updated the ASN.1
definition. Also noticed by Ezra Peisach.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14945 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/include/ChangeLog | 5 | ||||
-rw-r--r-- | src/include/krb5.hin | 7 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 4 | ||||
-rw-r--r-- | src/lib/krb5/asn.1/KRB5-asn.py | 2 |
4 files changed, 15 insertions, 3 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog index bf8dbf6b3b..6c6e507429 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2002-10-30 Ken Hornstein <kenh@cmf.nrl.navy.mil> + + * krb5.hin: Change definitions of new SAM preauth types to + match kerberos-clarifications. + 2002-10-24 Ken Hornstein <kenh@cmf.nrl.navy.mil> * k5-int.h, krb5.hin: Add new protocols, definitions, and diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 5b8cb2c609..ceb5a47b8b 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -866,8 +866,11 @@ krb5_error_code krb5_decrypt_data #define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ #define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ #define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ -#define KRB5_PADATA_SAM_CHALLENGE_2 14 /* draft challenge system, updated */ -#define KRB5_PADATA_SAM_RESPONSE_2 15 /* draft challenge system, updated */ +#define KRB5_PADATA_PK_AS_REQ 14 /* PKINIT */ +#define KRB5_PADATA_PK_AS_REP 15 /* PKINIT */ + +#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ +#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index 577429d7e0..f5734ff7ca 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,7 @@ +2002-10-30 Ken Hornstein <kenh@cmf.nrl.navy.mil> + + * KRB5-asn.py: Fix definition for sam-pk-for-sad element. + 2002-10-24 Ken Hornstein <kenh@cmf.nrl.navy.mil> * KRB5-asn.py, asn1_k_decode.c, asn1_k_decode.h, asn1_k_encode.c, diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py index 867ac67717..e455fd9a19 100644 --- a/src/lib/krb5/asn.1/KRB5-asn.py +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -363,7 +363,7 @@ PA-SAM-CHALLENGE ::= SEQUENCE { sam-challenge-label[4] GeneralString OPTIONAL, sam-challenge[5] GeneralString OPTIONAL, sam-response-prompt[6] GeneralString OPTIONAL, - sam-pk-for-sad[7] EncryptionKey OPTIONAL, + sam-pk-for-sad[7] OCTET STRING OPTIONAL, sam-nonce[8] INTEGER OPTIONAL, sam-cksum[9] Checksum OPTIONAL } |