1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* ... copyright ... */
/*
* Novell key-format scheme:
*
* KrbKeySet ::= SEQUENCE {
* attribute-major-vno [0] UInt16,
* attribute-minor-vno [1] UInt16,
* kvno [2] UInt32,
* mkvno [3] UInt32 OPTIONAL,
* keys [4] SEQUENCE OF KrbKey,
* ...
* }
*
* KrbKey ::= SEQUENCE {
* salt [0] KrbSalt OPTIONAL,
* key [1] EncryptionKey,
* s2kparams [2] OCTET STRING OPTIONAL,
* ...
* }
*
* KrbSalt ::= SEQUENCE {
* type [0] Int32,
* salt [1] OCTET STRING OPTIONAL
* }
*
* EncryptionKey ::= SEQUENCE {
* keytype [0] Int32,
* keyvalue [1] OCTET STRING
* }
*
*/
#include <k5-int.h>
#include <kdb.h>
#include "krbasn1.h"
#include "asn1_encode.h"
#ifdef ENABLE_LDAP
/************************************************************************/
/* Encode the Principal's keys */
/************************************************************************/
/*
* Imports from asn1_k_encode.c.
* XXX Must be manually synchronized for now.
*/
IMPORT_TYPE(int32, krb5_int32);
DEFINTTYPE(int16, krb5_int16);
DEFCOUNTEDSTRINGTYPE(ui2_octetstring, unsigned char *, krb5_ui_2,
k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
ASN1_OCTETSTRING);
static int
is_salt_present(const void *p)
{
const krb5_key_data *val = p;
return (val->key_data_length[1] != 0);
}
DEFCOUNTEDTYPE(krbsalt_salt, krb5_key_data, key_data_contents[1],
key_data_length[1], ui2_octetstring);
DEFOPTIONALTYPE(krbsalt_salt_if_present, is_salt_present, NULL, krbsalt_salt);
DEFFIELD(krbsalt_0, krb5_key_data, key_data_type[1], 0, int16);
DEFCTAGGEDTYPE(krbsalt_1, 1, krbsalt_salt_if_present);
static const struct atype_info *krbsalt_fields[] = {
&k5_atype_krbsalt_0, &k5_atype_krbsalt_1
};
DEFSEQTYPE(krbsalt, krb5_key_data, krbsalt_fields);
DEFFIELD(encryptionkey_0, krb5_key_data, key_data_type[0], 0, int16);
DEFCNFIELD(encryptionkey_1, krb5_key_data, key_data_contents[0],
key_data_length[0], 1, ui2_octetstring);
static const struct atype_info *encryptionkey_fields[] = {
&k5_atype_encryptionkey_0, &k5_atype_encryptionkey_1
};
DEFSEQTYPE(encryptionkey, krb5_key_data, encryptionkey_fields);
DEFCTAGGEDTYPE(key_data_0, 0, krbsalt);
DEFCTAGGEDTYPE(key_data_1, 1, encryptionkey);
#if 0 /* We don't support this field currently. */
DEFCTAGGEDTYPE(key_data_2, 2, s2kparams),
#endif
static const struct atype_info *key_data_fields[] = {
&k5_atype_key_data_0, &k5_atype_key_data_1
};
DEFSEQTYPE(key_data, krb5_key_data, key_data_fields);
DEFPTRTYPE(ptr_key_data, key_data);
DEFCOUNTEDSEQOFTYPE(cseqof_key_data, krb5_int16, ptr_key_data);
DEFINT_IMMEDIATE(one, 1, ASN1_BAD_FORMAT);
DEFCTAGGEDTYPE(ldap_key_seq_0, 0, one);
DEFCTAGGEDTYPE(ldap_key_seq_1, 1, one);
DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, int16);
DEFFIELD(ldap_key_seq_3, ldap_seqof_key_data, mkvno, 3, int32);
DEFCNFIELD(ldap_key_seq_4, ldap_seqof_key_data, key_data, n_key_data, 4,
cseqof_key_data);
static const struct atype_info *ldap_key_seq_fields[] = {
&k5_atype_ldap_key_seq_0, &k5_atype_ldap_key_seq_1,
&k5_atype_ldap_key_seq_2, &k5_atype_ldap_key_seq_3,
&k5_atype_ldap_key_seq_4
};
DEFSEQTYPE(ldap_key_seq, ldap_seqof_key_data, ldap_key_seq_fields);
/* Export a function to do the whole encoding. */
MAKE_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq);
MAKE_DECODER(krb5int_ldap_decode_sequence_of_keys, ldap_key_seq);
#endif
|