54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#pragma ident "%Z%%M% %I% %E% SMI"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* ... copyright ... */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Novell key-format scheme:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf KrbKeySet ::= SEQUENCE {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf attribute-major-vno [0] UInt16,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf attribute-minor-vno [1] UInt16,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf kvno [2] UInt32,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf mkvno [3] UInt32 OPTIONAL,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf keys [4] SEQUENCE OF KrbKey,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf KrbKey ::= SEQUENCE {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf salt [0] KrbSalt OPTIONAL,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf key [1] EncryptionKey,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf s2kparams [2] OCTET STRING OPTIONAL,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf KrbSalt ::= SEQUENCE {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf type [0] Int32,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf salt [1] OCTET STRING OPTIONAL
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf EncryptionKey ::= SEQUENCE {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf keytype [0] Int32,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf keyvalue [1] OCTET STRING
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define asn1_encode_sequence_of_keys krb5int_ldap_encode_sequence_of_keys
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define asn1_decode_sequence_of_keys krb5int_ldap_decode_sequence_of_keys
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (ret != 0) \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/************************************************************************/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Encode the Principal's keys */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/************************************************************************/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf unsigned int *retlen)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Encode the key type and value. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* key value */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* key type */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_integer (buf, key_data.key_data_type[0], &length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_sequence(buf, key_len, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, key_len, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Encode the salt type and value (optional) */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* salt value (optional) */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* salt type */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_integer (buf, key_data.key_data_type[1], &length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_sequence(buf, salt_len, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, salt_len, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_sequence(buf, sum, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Major version and minor version are both '1' - first version */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* asn1_error_code asn1_encode_sequence_of_keys (krb5_key_data *key_data, */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Allocate the buffer */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Sequence of keys */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_key (buf, key_data[i], &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_sequence(buf, seq_len, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 4, seq_len, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* mkvno */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_unsigned_integer (buf, tmp_ul, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 3, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* kvno (assuming all keys in array have same version) */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_unsigned_integer (buf, tmp_ul, &length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 2, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* attribute-minor-vno == 1 */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_unsigned_integer (buf, 1, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* attribute-major-vno == 1 */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_encode_unsigned_integer (buf, 1, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_make_sequence(buf, sum, &length); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* The reverse encoding is straightened out here */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/************************************************************************/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Decode the Principal's keys */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/************************************************************************/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfdecode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Work on a copy of 'buf' */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if 0 /* not currently used */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfdecode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *val)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Work on a copy of 'buf' */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_decode_unsigned_integer(&subbuf, val); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfdecode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Work on a copy of 'buf' */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_decode_octetstring (&subbuf, len, val); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstatic asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_get_sequence(buf, &length, &seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&subbuf, buf, length, seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (t.tagnum == 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = decode_tagged_integer (&slt, 0, (long *) &keytype);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf key->key_data_type[1] = keytype; /* XXX range check?? */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf key->key_data_length[1] = keylen; /* XXX range check?? */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf key->key_data_length[0] = ival; /* XXX range check? */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (ret != 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* asn1_error_code asn1_decode_sequence_of_keys (krb5_data *in, */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code asn1_decode_sequence_of_keys (krb5_data *in,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_get_sequence(&buf, &length, &seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&subbuf, &buf, length, seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* attribute-major-vno */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = decode_tagged_integer (&subbuf, 0, &lval); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* attribute-minor-vno */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = decode_tagged_integer (&subbuf, 1, &lval); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* kvno (assuming all keys in array have same version) */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = decode_tagged_integer (&subbuf, 2, &lval); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* mkvno (optional) */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = decode_tagged_integer (&subbuf, 3, &lval); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Sequence of keys */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf tmp = (krb5_key_data *) realloc (*out, i * sizeof (krb5_key_data));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ret = asn1_decode_key(&keyseq, &(*out)[i - 1]); checkerr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf break; /* Not freeing the last key structure */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * There could be other data inside the outermost sequence ... tags we don't
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * know about. So, not invoking "safe_syncbuf(&buf,&subbuf)"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (ret != 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (i = 0; i < *n_key_data; i++) {