diff options
| author | Tom Yu <tlyu@mit.edu> | 2003-05-18 05:16:05 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2003-05-18 05:16:05 +0000 |
| commit | 4dbf3745bb68a87427a4044c846427d816a43bbc (patch) | |
| tree | 03980d6af55bb6003cafa954e1eebb5435cb8647 /src | |
| parent | 955e7a919ce821648b70497f3129a4697cdbe813 (diff) | |
| download | krb5-4dbf3745bb68a87427a4044c846427d816a43bbc.tar.gz krb5-4dbf3745bb68a87427a4044c846427d816a43bbc.tar.xz krb5-4dbf3745bb68a87427a4044c846427d816a43bbc.zip | |
Sequence numbers are now unsigned. Implement lenient parser for
sequence numbers which folds received negative sequence numbers into
positive unsigned numbers. Constrain the space of initial sequence
numbers to facilitate backwards compatibility.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15457 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ChangeLog | 6 | ||||
| -rw-r--r-- | src/include/k5-int.h | 4 | ||||
| -rw-r--r-- | src/include/krb5.hin | 6 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 22 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_decode.c | 46 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_decode.h | 2 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 11 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.h | 2 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/krb5_decode.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/krb5_encode.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/auth_con.h | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gen_seqnum.c | 19 | ||||
| -rw-r--r-- | src/tests/asn.1/ChangeLog | 8 | ||||
| -rw-r--r-- | src/tests/asn.1/krb5_decode_test.c | 168 | ||||
| -rw-r--r-- | src/tests/asn.1/utility.c | 56 |
16 files changed, 333 insertions, 41 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 123ba7ea0..05817aea1 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,9 @@ +2003-05-18 Tom Yu <tlyu@mit.edu> + + * k5-int.h: Sequence numbers are now unsigned. + + * krb5.hin: Sequence numbers are now unsigned. + 2003-05-16 Ken Raeburn <raeburn@mit.edu> * krb5.hin (KRB5_KPASSWD_ACCESSDENIED): New macro. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 086b7df71..08c7a7a4f 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1050,7 +1050,7 @@ typedef struct _krb5_safe { krb5_timestamp timestamp; /* client time, optional */ krb5_int32 usec; /* microsecond portion of time, optional */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_address *s_address; /* sender address */ krb5_address *r_address; /* recipient address, optional */ krb5_checksum *checksum; /* data integrity checksum */ @@ -1066,7 +1066,7 @@ typedef struct _krb5_priv_enc_part { krb5_data user_data; /* user data */ krb5_timestamp timestamp; /* client time, optional */ krb5_int32 usec; /* microsecond portion of time, opt. */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_address *s_address; /* sender address */ krb5_address *r_address; /* recipient address, optional */ } krb5_priv_enc_part; diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 310eb3976..0bf822e4a 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -974,7 +974,7 @@ typedef struct _krb5_authenticator { krb5_int32 cusec; /* client usec portion */ krb5_timestamp ctime; /* client sec portion */ krb5_keyblock *subkey; /* true session key, optional */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ krb5_authdata **authorization_data; /* New add by Ari, auth data */ } krb5_authenticator; @@ -1100,7 +1100,7 @@ typedef struct _krb5_ap_rep_enc_part { krb5_timestamp ctime; /* client time, seconds portion */ krb5_int32 cusec; /* client time, microseconds portion */ krb5_keyblock *subkey; /* true session key, optional */ - krb5_int32 seq_number; /* sequence #, optional */ + krb5_ui_4 seq_number; /* sequence #, optional */ } krb5_ap_rep_enc_part; typedef struct _krb5_response { @@ -1644,7 +1644,7 @@ krb5_error_code krb5_generate_subkey const krb5_keyblock *, krb5_keyblock **); krb5_error_code krb5_generate_seq_number (krb5_context, - const krb5_keyblock *, krb5_int32 *); + const krb5_keyblock *, krb5_ui_4 *); #endif krb5_error_code KRB5_CALLCONV krb5_get_server_rcache (krb5_context, diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index c4bd9bc08..dd85a3c7a 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,25 @@ +2003-05-18 Tom Yu <tlyu@mit.edu> + + * asn1_decode.c (asn1_decode_maybe_unsigned): New function; decode + negative 32-bit numbers into positive unsigned numbers for the + sake of backwards compatibility with old code. + + * asn1_decode.h: Add prototype for asn1_decode_maybe_unsigned. + + * asn1_k_decode.c (asn1_decode_seqnum): New function; wrapper + around asn1_decode_maybe_unsigned. + + * asn1_k_decode.h: Add prototype for asn1_decode_seqnum. + + * krb5_decode.c (decode_krb5_authenticator) + (decode_krb5_ap_rep_enc_part, decode_krb5_enc_priv_part): Sequence + numbers are now unsigned. Use asn1_decode_seqnum to handle + backwards compat with negative sequence numbers. + + * krb5_encode.c (encode_krb5_authenticator) + (encode_krb5_ap_rep_enc_part, encode_krb5_enc_priv_part): Sequence + numbers are now unsigned. + 2003-05-06 Sam Hartman <hartmans@mit.edu> * krb5_decode.c (decode_krb5_etype_info2): New function; currently diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index 56904c5ee..65863202a 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -1,7 +1,7 @@ /* * src/lib/krb5/asn.1/asn1_decode.c * - * Copyright 1994 by the Massachusetts Institute of Technology. + * Copyright 1994, 2003 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -106,6 +106,50 @@ asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *va cleanup(); } +/* + * asn1_decode_maybe_unsigned + * + * This is needed because older releases of MIT krb5 have signed + * sequence numbers. We want to accept both signed and unsigned + * sequence numbers, in the range -2^31..2^32-1, mapping negative + * numbers into their positive equivalents in the same way that C's + * normal integer conversions do, i.e., would preserve bits on a + * two's-complement architecture. + */ +asn1_error_code asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val) +{ + setup(); + asn1_octet o; + unsigned long n, bitsremain; + unsigned int i; + + tag(ASN1_INTEGER); + o = 0; + n = 0; + bitsremain = ~0UL; + for (i = 0; i < length; i++) { + /* Accounts for u_long width not being a multiple of 8. */ + if (bitsremain < 0xff) return ASN1_OVERFLOW; + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (bitsremain == ~0UL) { + if (i == 0) + n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */ + /* + * Skip leading zero or 0xFF octets to humor non-compliant encoders. + */ + if (n == 0 && o == 0) + continue; + if (n == ~0UL && o == 0xff) + continue; + } + n = (n << 8) | o; + bitsremain >>= 8; + } + *val = n; + cleanup(); +} + asn1_error_code asn1_decode_oid(asn1buf *buf, unsigned int *retlen, asn1_octet **val) { setup(); diff --git a/src/lib/krb5/asn.1/asn1_decode.h b/src/lib/krb5/asn.1/asn1_decode.h index 449a58900..cafbf3fd3 100644 --- a/src/lib/krb5/asn.1/asn1_decode.h +++ b/src/lib/krb5/asn.1/asn1_decode.h @@ -62,6 +62,8 @@ asn1_error_code asn1_decode_integer (asn1buf *buf, long *val); asn1_error_code asn1_decode_unsigned_integer (asn1buf *buf, unsigned long *val); +asn1_error_code asn1_decode_maybe_unsigned + (asn1buf *buf, unsigned long *val); asn1_error_code asn1_decode_null (asn1buf *buf); diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index e56832a7b..f00cb0161 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -320,6 +320,17 @@ integer_convert(asn1_decode_authdatatype,krb5_authdatatype) unsigned_integer_convert(asn1_decode_ui_2,krb5_ui_2) unsigned_integer_convert(asn1_decode_ui_4,krb5_ui_4) +asn1_error_code asn1_decode_seqnum(asn1buf *buf, krb5_ui_4 *val) +{ + asn1_error_code retval; + unsigned long n; + + retval = asn1_decode_maybe_unsigned(buf, &n); + if (retval) return retval; + *val = (krb5_ui_4)n & 0xffffffff; + return 0; +} + asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val) { asn1_error_code retval; diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index 8f8b0bcff..e2639dda3 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -89,6 +89,8 @@ asn1_error_code asn1_decode_ui_2 (asn1buf *buf, krb5_ui_2 *val); asn1_error_code asn1_decode_ui_4 (asn1buf *buf, krb5_ui_4 *val); +asn1_error_code asn1_decode_seqnum + (asn1buf *buf, krb5_ui_4 *val); asn1_error_code asn1_decode_kerberos_time (asn1buf *buf, krb5_timestamp *val); asn1_error_code asn1_decode_sam_flags diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index b39bae5c4..1ca57e930 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -219,7 +219,7 @@ krb5_error_code decode_krb5_authenticator(const krb5_data *code, krb5_authentica get_field((*rep)->ctime,5,asn1_decode_kerberos_time); if(tagnum == 6){ alloc_field((*rep)->subkey,krb5_keyblock); } opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,7,asn1_decode_int32); + opt_field((*rep)->seq_number,7,asn1_decode_seqnum); opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data); (*rep)->magic = KV5M_AUTHENTICATOR; end_structure(); @@ -440,7 +440,7 @@ krb5_error_code decode_krb5_ap_rep_enc_part(const krb5_data *code, krb5_ap_rep_e get_field((*rep)->cusec,1,asn1_decode_int32); if(tagnum == 2){ alloc_field((*rep)->subkey,krb5_keyblock); } opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,3,asn1_decode_int32); + opt_field((*rep)->seq_number,3,asn1_decode_seqnum); end_structure(); (*rep)->magic = KV5M_AP_REP_ENC_PART; } @@ -561,7 +561,7 @@ krb5_error_code decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_p get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring); opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time); opt_field((*rep)->usec,2,asn1_decode_int32); - opt_field((*rep)->seq_number,3,asn1_decode_int32); + opt_field((*rep)->seq_number,3,asn1_decode_seqnum); alloc_field((*rep)->s_address,krb5_address); get_field(*((*rep)->s_address),4,asn1_decode_host_address); if(tagnum == 5){ alloc_field((*rep)->r_address,krb5_address); } diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 7412209f6..eed6faf45 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -166,7 +166,7 @@ krb5_error_code encode_krb5_authenticator(const krb5_authenticator *rep, krb5_da /* seq-number[7] INTEGER OPTIONAL */ if(rep->seq_number != 0) - krb5_addfield(rep->seq_number,7,asn1_encode_integer); + krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer); /* subkey[6] EncryptionKey OPTIONAL */ if(rep->subkey != NULL) @@ -305,6 +305,7 @@ krb5_error_code encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep, k #ifdef KRB5_ENCKRB5KDCREPPART_COMPAT krb5_apptag(26); #else + /* XXX WRONG!!! Should use 25 || 26, not the outer KDC_REP tags! */ if (rep->msg_type == KRB5_AS_REP) { krb5_apptag(ASN1_KRB_AS_REP); } else if (rep->msg_type == KRB5_TGS_REP) { krb5_apptag(ASN1_KRB_TGS_REP); } else return KRB5_BADMSGTYPE; @@ -395,7 +396,7 @@ krb5_error_code encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb /* seq-number[3] INTEGER OPTIONAL */ if(rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_integer); + krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); /* subkey[2] EncryptionKey OPTIONAL */ if(rep->subkey != NULL) @@ -510,7 +511,7 @@ krb5_error_code encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_da /* seq-number[3] INTEGER OPTIONAL */ if(rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_integer); + krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); /* usec[2] INTEGER OPTIONAL */ if(rep->timestamp){ diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 5ceee6685..8f34cf0bb 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2003-05-18 Tom Yu <tlyu@mit.edu> + + * auth_con.h: Sequence numbers are now unsigned. + + * gen_seqnum.c (krb5_generate_seq_number): Constrain initial + sequence number space to facilitate backwards compatibility. + 2003-05-16 Ken Raeburn <raeburn@mit.edu> * ser_ctx.c (krb5_context_internalize): Copy read-in OS context diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h index 1dcfc89e7..362909ce7 100644 --- a/src/lib/krb5/krb/auth_con.h +++ b/src/lib/krb5/krb/auth_con.h @@ -13,8 +13,8 @@ struct _krb5_auth_context { krb5_keyblock * recv_subkey; krb5_int32 auth_context_flags; - krb5_int32 remote_seq_number; - krb5_int32 local_seq_number; + krb5_ui_4 remote_seq_number; + krb5_ui_4 local_seq_number; krb5_authenticator *authentp; /* mk_req, rd_req, mk_rep, ...*/ krb5_cksumtype req_cksumtype; /* mk_safe, ... */ krb5_cksumtype safe_cksumtype; /* mk_safe, ... */ diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c index 196a43744..1dc8a58b1 100644 --- a/src/lib/krb5/krb/gen_seqnum.c +++ b/src/lib/krb5/krb/gen_seqnum.c @@ -36,7 +36,7 @@ #endif krb5_error_code -krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_int32 *seqno) +krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno) { krb5_data seed; krb5_error_code retval; @@ -48,5 +48,20 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_in seed.length = sizeof(*seqno); seed.data = (char *) seqno; - return(krb5_c_random_make_octets(context, &seed)); + retval = krb5_c_random_make_octets(context, &seed); + if (retval) + return retval; + /* + * Work around implementation incompatibilities by not generating + * initial sequence numbers greater than 2^30. Previous MIT + * implementations use signed sequence numbers, so initial + * sequence numbers 2^31 to 2^32-1 inclusive will be rejected. + * Letting the maximum initial sequence number be 2^30-1 allows + * for about 2^30 messages to be sent before wrapping into + * "negative" numbers. + */ + *seqno &= 0x5ffffff; + if (*seqno == 0) + *seqno = 1; + return 0; } diff --git a/src/tests/asn.1/ChangeLog b/src/tests/asn.1/ChangeLog index 2fefd05f3..6bed2ccf6 100644 --- a/src/tests/asn.1/ChangeLog +++ b/src/tests/asn.1/ChangeLog @@ -1,3 +1,11 @@ +2003-05-18 Tom Yu <tlyu@mit.edu> + + * krb5_decode_test.c (main): Add new test cases for sequence + number compatibility. + + * utility.c (krb5_data_hex_parse): Rewrite to be more lenient + about whitespace. + 2003-05-12 Ezra Peisach <epeisach@mit.edu> * krb5_decode_test.c: Modify decode_run macro to take a cleanup diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c index b86c9fc8c..c205232d9 100644 --- a/src/tests/asn.1/krb5_decode_test.c +++ b/src/tests/asn.1/krb5_decode_test.c @@ -60,6 +60,174 @@ int main(argc, argv) decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + ref.seq_number = 0xffffff80; + decode_run("authenticator","(80 -> seq-number 0xffffff80)", + "62 81 A1 30 81 9E" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 03 02 01 80" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffffff; + decode_run("authenticator","(FF -> seq-number 0xffffffff)", + "62 81 A1 30 81 9E" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 03 02 01 FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xff; + decode_run("authenticator","(00FF -> seq-number 0xff)", + "62 81 A2 30 81 9F" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 04 02 02 00 FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffffff; + decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)", + "62 81 A5 30 81 A2" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 07 02 05 00 FF FF FF FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0x7fffffff; + decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)", + "62 81 A4 30 81 A1" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 06 02 04 7F FF FF FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffffff; + decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)", + "62 81 A4 30 81 A1" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 06 02 04 FF FF FF FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + ktest_destroy_checksum(&(ref.checksum)); ktest_destroy_keyblock(&(ref.subkey)); ref.seq_number = 0; diff --git a/src/tests/asn.1/utility.c b/src/tests/asn.1/utility.c index 76fa79ef8..526cdce2d 100644 --- a/src/tests/asn.1/utility.c +++ b/src/tests/asn.1/utility.c @@ -2,6 +2,7 @@ #include "utility.h" #include <stdlib.h> #include <stdio.h> +#include <ctype.h> char hexchar (const unsigned int digit); @@ -60,35 +61,40 @@ krb5_error_code krb5_data_parse(d, s) return 0; } -krb5_error_code krb5_data_hex_parse(d, s) - krb5_data * d; - const char * s; +krb5_error_code krb5_data_hex_parse(krb5_data *d, const char *s) { - int i, digit; - char *copy; - char *pos; + int lo; + long v; + const char *cp; + char *dp; + char buf[2]; - /* - * Do a strdup() and use that, because some systems can't handle non - * writeable strings being passed to sscanf() --proven. - */ - copy = strdup(s); - d->data = (char*)calloc((strlen(copy)+1)/3,sizeof(char)); - if(d->data == NULL) return ENOMEM; - d->length = (strlen(copy)+1)/3; - for(i=0,pos=(char*)copy; i<d->length; i++,pos+=3){ - if(!sscanf(pos,"%x",&digit)) { -#ifdef KRB5_USE_ISODE - return EINVAL; -#else + d->data = calloc((strlen(s) / 2 + 1), 1); + if (d->data == NULL) + return ENOMEM; + d->length = 0; + buf[1] = '\0'; + for (lo = 0, dp = d->data, cp = s; *cp; cp++) { + if (*cp < 0) return ASN1_PARSE_ERROR; -#endif + else if (isspace(*cp)) + continue; + else if (isxdigit(*cp)) { + buf[0] = *cp; + v = strtol(buf, NULL, 16); + } else + return ASN1_PARSE_ERROR; + if (lo) { + *dp++ |= v; + lo = 0; + } else { + *dp = v << 4; + lo = 1; + } } - d->data[i] = (char)digit; - } - if (copy) - free(copy); - return 0; + + d->length = dp - d->data; + return 0; } #if 0 |