Permalink
Browse files

Bring ASN.1 code closer to draft-ietf-krb-wg-otp-preauth-18.

  • Loading branch information...
1 parent deb161b commit e5baf4255e69efec89acc8b6b706cf1d733c0c92 @ln5 committed Oct 13, 2011
View
@@ -953,22 +953,23 @@ krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
void krb5_free_etype_info(krb5_context, krb5_etype_info);
-typedef struct _krb5_otp_keyinfo {
+typedef struct _krb5_otp_tokeninfo {
krb5_int32 flags;
krb5_data otp_vendor;
- krb5_data otp_challenge;
+ krb5_octet_data otp_challenge;
krb5_int32 otp_length;
- krb5_data otp_keyid;
- krb5_data otp_algid;
- krb5_algorithm_identifier hash_alg;
+ krb5_octet_data otp_token_id;
+ krb5_data otp_alg_id;
+ krb5_algorithm_identifier supported_hash_alg; /* FIXME: SEQUENCE OF */
+ /* krb5_int16 n_supported_hash_alg; */
krb5_int32 iteration_count;
-} krb5_otp_keyinfo;
+} krb5_otp_tokeninfo;
typedef struct _krb5_pa_otp_challenge {
krb5_data nonce;
krb5_data otp_service;
- krb5_otp_keyinfo otp_keyinfo;
- krb5_int32 n_otp_keyinfo;
+ krb5_otp_tokeninfo *otp_tokeninfo;
+ krb5_int32 n_otp_tokeninfo;
krb5_data salt;
krb5_data s2kparams;
} krb5_pa_otp_challenge;
@@ -980,12 +981,13 @@ typedef struct _krb5_pa_otp_req {
krb5_algorithm_identifier hash_alg;
krb5_int32 iteration_count;
krb5_data otp_value;
+ krb5_data otp_pin;
krb5_data otp_challenge;
+ krb5_timestamp otp_time;
krb5_data otp_counter;
krb5_int32 otp_format;
- krb5_timestamp otp_time;
- krb5_data otp_keyid;
- krb5_data otp_algid;
+ krb5_data otp_token_id;
+ krb5_data otp_alg_id;
krb5_data otp_vendor;
} krb5_pa_otp_req;
@@ -1799,7 +1801,7 @@ krb5_error_code
encode_krb5_ad_signedpath_data(const krb5_ad_signedpath_data *, krb5_data **);
krb5_error_code
-encode_krb5_otp_keyinfo(const krb5_otp_keyinfo *, krb5_data **);
+encode_krb5_otp_tokeninfo(const krb5_otp_tokeninfo *, krb5_data **);
krb5_error_code
encode_krb5_pa_otp_challenge(const krb5_pa_otp_challenge *, krb5_data **);
@@ -1752,24 +1752,57 @@ asn1_decode_typed_data_ptr(asn1buf *buf, krb5_typed_data **valptr)
decode_ptr(krb5_typed_data *, asn1_decode_typed_data);
}
-/* Definitions for http://tools.ietf.org/html/draft-ietf-krb-wg-otp-preauth-14 */
+/* Definitions for draft-ietf-krb-wg-otp-preauth-18. */
+
+asn1_error_code
+asn1_decode_otp_tokeninfo(asn1buf *buf, krb5_otp_tokeninfo *val)
+{
+ setup();
+ val->flags = 0;
+ val->otp_vendor.data = NULL;
+ val->otp_challenge.data = NULL;
+ val->otp_length = 0;
+ val->otp_token_id.data = NULL;
+ val->otp_alg_id.data = NULL;
+ val->iteration_count = 0;
+ { begin_structure();
+ get_field(val->flags,0,asn1_decode_int32); /* FIXME: OTPFlags */
+ opt_lenfield(val->otp_vendor.length,val->otp_vendor.data,1,asn1_decode_generalstring); /* FIXME: UTF8String */
+ opt_lenfield(val->otp_challenge.length,val->otp_challenge.data,2,asn1_decode_octetstring); /* FIXME: OCTET STRING (SIZE(1..MAX)) */
+ get_field(val->otp_length,3,asn1_decode_int32);
+ opt_lenfield(val->otp_token_id.length,val->otp_token_id.data,4,asn1_decode_octetstring);
+ opt_lenfield(val->otp_alg_id.length,val->otp_alg_id.data,5,asn1_decode_charstring); /* FIXME: AnyURI */
+ /* TODO: supportedHashAlg [6] SEQUENCE OF AlgorithmIdentifier OPTIONAL
+ asn1_decode_sequence_of_algorithm_identifier() */
+ get_field(val->iteration_count,7,asn1_decode_int32);
+ end_structure();
+ }
+
+ return 0;
+ error_out:
+ krb5_free_data_contents(NULL, &val->otp_vendor);
+ free(val->otp_challenge.data); val->otp_challenge.data = 0;
+ free(val->otp_token_id.data); val->otp_token_id.data = 0;
+ krb5_free_data_contents(NULL, &val->otp_alg_id);
+ return retval;
+}
asn1_error_code
asn1_decode_pa_otp_challenge(asn1buf *buf, krb5_pa_otp_challenge *val)
{
setup();
val->nonce.data = NULL;
val->otp_service.data = NULL;
- val->otp_keyinfo.flags = -1;
+ val->otp_tokeninfo = NULL;
val->salt.data = NULL;
val->s2kparams.data = NULL;
{ begin_structure();
get_lenfield(val->nonce.length,val->nonce.data,0,asn1_decode_charstring);
opt_lenfield(val->otp_service.length,val->otp_service.data,1,asn1_decode_octetstring);
- /* TODO: otp_keyinfo */
+ /* TODO: otp_tokeninfo: otp-tokenInfo [2] SEQUENCE (SIZE(1..MAX)) OF OTP-TOKENINFO
+ asn1_decode_otp_tokeninfo() */
opt_lenfield(val->salt.length,val->salt.data,3,asn1_decode_generalstring);
opt_lenfield(val->s2kparams.length,val->s2kparams.data,4,asn1_decode_octetstring);
-
end_structure();
}
return 0;
@@ -1778,7 +1811,7 @@ asn1_decode_pa_otp_challenge(asn1buf *buf, krb5_pa_otp_challenge *val)
val->nonce.data = NULL;
krb5_free_data_contents(NULL, &val->otp_service);
val->otp_service.data = NULL;
- val->otp_keyinfo.flags = -1;
+ /* TODO: free val->otp_tokeninfo */
krb5_free_data_contents(NULL, &val->salt);
val->salt.data = NULL;
krb5_free_data_contents(NULL, &val->s2kparams);
@@ -1809,28 +1842,30 @@ asn1_decode_pa_otp_req(asn1buf *buf, krb5_pa_otp_req *val)
val->hash_alg.parameters.data = NULL;
val->iteration_count = 0;
val->otp_value.data = NULL;
+ val->otp_pin.data = NULL;
val->otp_challenge.data = NULL;
+ val->otp_time = 0;
val->otp_counter.data = NULL;
val->otp_format = 0;
- val->otp_time = 0;
- val->otp_keyid.data = NULL;
- val->otp_algid.data = NULL;
+ val->otp_token_id.data = NULL;
+ val->otp_alg_id.data = NULL;
val->otp_vendor.data = NULL;
{ begin_structure();
get_field(val->flags,0,asn1_decode_krb5_flags);
opt_lenfield(val->nonce.length,val->nonce.data,1,asn1_decode_charstring);
opt_encfield(val->enc_data,2,asn1_decode_encrypted_data);
- /* TODO: hash algorithms */
+ /* TODO: hash_alg: hashAlg [3] AlgorithmIdentifier OPTIONAL */
opt_field(val->iteration_count,4,asn1_decode_int32,0);
opt_lenfield(val->otp_value.length,val->otp_value.data,5,asn1_decode_charstring);
- opt_lenfield(val->otp_challenge.length,val->otp_challenge.data,6,asn1_decode_charstring);
- opt_lenfield(val->otp_counter.length,val->otp_counter.data,7,asn1_decode_charstring);
- opt_field(val->otp_format,8,asn1_decode_int32,0);
-
- opt_lenfield(val->otp_keyid.length,val->otp_keyid.data,10,asn1_decode_charstring);
- opt_lenfield(val->otp_algid.length,val->otp_algid.data,11,asn1_decode_charstring);
- opt_lenfield(val->otp_vendor.length,val->otp_vendor.data,12,asn1_decode_charstring);
+ opt_lenfield(val->otp_pin.length,val->otp_pin.data,6,asn1_decode_charstring);
+ opt_lenfield(val->otp_challenge.length,val->otp_challenge.data,7,asn1_decode_charstring);
+ opt_field(val->otp_time,8,asn1_decode_kerberos_time,0);
+ opt_lenfield(val->otp_counter.length,val->otp_counter.data,9,asn1_decode_charstring);
+ opt_field(val->otp_format,10,asn1_decode_int32,0); /* FIXME: Correct type is OTPFormat. */
+ opt_lenfield(val->otp_token_id.length,val->otp_token_id.data,11,asn1_decode_charstring);
+ opt_lenfield(val->otp_alg_id.length,val->otp_alg_id.data,12,asn1_decode_charstring);
+ opt_lenfield(val->otp_vendor.length,val->otp_vendor.data,13,asn1_decode_charstring);
end_structure();
}
return 0;
@@ -1840,3 +1875,4 @@ asn1_decode_pa_otp_req(asn1buf *buf, krb5_pa_otp_req *val)
/* FIXME: add more frees */
return retval;
}
+
@@ -276,6 +276,8 @@ asn1_error_code asn1_decode_iakerb_header(asn1buf *buf,
asn1_error_code asn1_decode_iakerb_finished(asn1buf *buf,
krb5_iakerb_finished *val);
+asn1_error_code asn1_decode_otp_tokeninfo(asn1buf *buf,
+ krb5_otp_tokeninfo *val);
asn1_error_code asn1_decode_pa_otp_challenge(asn1buf *buf,
krb5_pa_otp_challenge *val);
@@ -2160,7 +2160,7 @@ asn1_encode_typed_data(asn1buf *buf, const krb5_typed_data *val,
asn1_cleanup();
}
-/* Definitions for http://tools.ietf.org/html/draft-ietf-krb-wg-otp-preauth-14 */
+/* Definitions for draft-ietf-krb-wg-otp-preauth-18. */
DEFFNLENTYPE(oid, unsigned char *, asn1_encode_oid);
DEFFIELDTYPE(ostring_octet_data, krb5_octet_data,
@@ -2171,56 +2171,56 @@ static const struct field_info algorithm_identifier_fields[] = {
FIELDOF_NORM(krb5_algorithm_identifier, oid_data, algorithm, 0),
FIELDOF_OPT(krb5_algorithm_identifier, ostring_octet_data, parameters, 1, 1),
};
-static const struct field_info otp_keyinfo_fields[] = {
- FIELDOF_NORM(krb5_otp_keyinfo, krb5_flags, flags, 0),
- FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_vendor, 1, 1), /* FIXME: not the right type ?? */
- FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_challenge, 2, 1),
- FIELDOF_OPT(krb5_otp_keyinfo, int32, otp_length, 3, 3),
- FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_keyid, 4, 4),
- FIELDOF_OPT(krb5_otp_keyinfo, ostring_data, otp_algid, 5, 5), /* FIXME: not the right type ?? */
- FIELDOF_OPT(krb5_otp_keyinfo, algorithm_identifier, hash_alg, 6, 6),
- FIELDOF_OPT(krb5_otp_keyinfo, int32, iteration_count, 7, 7),
+static const struct field_info otp_tokeninfo_fields[] = {
+ FIELDOF_NORM(krb5_otp_tokeninfo, krb5_flags, flags, 0),
+ FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_vendor, 1, 1), /* FIXME: not the right type ?? */
+ FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_challenge, 2, 2),
+ FIELDOF_OPT(krb5_otp_tokeninfo, int32, otp_length, 3, 3),
+ FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_token_id, 4, 4),
+ FIELDOF_OPT(krb5_otp_tokeninfo, ostring_data, otp_alg_id, 5, 5), /* FIXME: not the right type ?? */
+ FIELDOF_OPT(krb5_otp_tokeninfo, algorithm_identifier, supported_hash_alg, 6, 6), /* FIXME: SEQUENCE OF (!) AlgorithmIdentifier. */
+ FIELDOF_OPT(krb5_otp_tokeninfo, int32, iteration_count, 7, 7),
};
+/* TODO: OTPFormat */
+/* OTPFormat ::= INTEGER {
+ decimal(0),
+ hexadecimal(1),
+ alphanumeric(2),
+ binary(3) } */
+
static unsigned int
-otp_keyinfo_optional (const void *p)
+otp_tokeninfo_optional (const void *p)
{
unsigned int optional = 0;
- const krb5_otp_keyinfo *val = p;
+ const krb5_otp_tokeninfo *val = p;
if (val->otp_vendor.data)
optional |= (1u<<1);
if (val->otp_challenge.data)
optional |= (1u<<2);
if (val->otp_length)
optional |= (1u<<3);
- if (val->otp_keyid.data)
+ if (val->otp_token_id.data)
optional |= (1u<<4);
- if (val->otp_algid.data)
+ if (val->otp_alg_id.data)
optional |= (1u<<5);
- if (val->hash_alg.algorithm.data)
+ if (val->supported_hash_alg.algorithm.data)
optional |= (1u<<6);
if (val->iteration_count)
optional |= (1u<<7);
return optional;
}
-DEFSEQTYPE( otp_keyinfo, krb5_otp_keyinfo, otp_keyinfo_fields, otp_keyinfo_optional);
-MAKE_FULL_ENCODER(encode_krb5_otp_keyinfo, otp_keyinfo);
-
-#define FIELDOF_OPTSEQOF_LEN(STYPE,DESC,PTRFIELD,LENFIELD,LENTYPE,TAG, OPT) \
- { \
- field_sequenceof_len, \
- OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \
- OFFOF(STYPE, LENFIELD, aux_typedefname_##LENTYPE), \
- TAG, OPT, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENTYPE \
- }
+DEFSEQTYPE(otp_tokeninfo, krb5_otp_tokeninfo, otp_tokeninfo_fields,
+ otp_tokeninfo_optional);
+DEFPTRTYPE(otp_tokeninfo_ptr, otp_tokeninfo);
+MAKE_FULL_ENCODER(encode_krb5_otp_tokeninfo, otp_tokeninfo);
static const struct field_info pa_otp_challenge_fields[] = {
FIELDOF_NORM(krb5_pa_otp_challenge, ostring_data, nonce, 0),
FIELDOF_OPT(krb5_pa_otp_challenge, ostring_data, otp_service, 1, 1), /* FIXME: not the right type ?? */
- /* OPTIONAL according to the description of the field */
- FIELDOF_OPTSEQOF_LEN(krb5_pa_otp_challenge, otp_keyinfo, otp_keyinfo, n_otp_keyinfo, int32, 2, 2),
+ FIELDOF_SEQOF_INT32(krb5_pa_otp_challenge, otp_tokeninfo_ptr, otp_tokeninfo, n_otp_tokeninfo, 2),
FIELDOF_OPT(krb5_pa_otp_challenge, gstring_data, salt, 3, 3),
FIELDOF_OPT(krb5_pa_otp_challenge, ostring_data, s2kparams, 4, 4),
};
@@ -2233,36 +2233,33 @@ pa_otp_challenge_optional (const void *p)
if (val->otp_service.data)
optional |= (1u<<1);
-/* flags is the only mandatory field of otp_keyinfo and the value 0 is marked
- * as reserved so we take -1 to indicate that otp_keyinfo is not set for
- * pa_otp_challenge */
- if (val->otp_keyinfo.flags > -1)
- optional |= (1u<<2);
if (val->salt.data)
optional |= (1u<<3);
if (val->s2kparams.data)
optional |= (1u<<4);
return optional;
}
-DEFSEQTYPE( pa_otp_challenge, krb5_pa_otp_challenge, pa_otp_challenge_fields, pa_otp_challenge_optional);
+DEFSEQTYPE(pa_otp_challenge, krb5_pa_otp_challenge, pa_otp_challenge_fields,
+ pa_otp_challenge_optional);
MAKE_FULL_ENCODER(encode_krb5_pa_otp_challenge, pa_otp_challenge);
static const struct field_info pa_otp_req_fields[] = {
FIELDOF_NORM(krb5_pa_otp_req, krb5_flags, flags, 0),
FIELDOF_OPT(krb5_pa_otp_req, ostring_data, nonce, 1, 1),
- FIELDOF_OPT(krb5_pa_otp_req, encrypted_data, enc_data, 2, 2), /* FIXME: not optional */
+ FIELDOF_NORM(krb5_pa_otp_req, encrypted_data, enc_data, 2),
FIELDOF_OPT(krb5_pa_otp_req, algorithm_identifier, hash_alg, 3, 3),
FIELDOF_OPT(krb5_pa_otp_req, int32, iteration_count, 4, 4),
FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_value, 5, 5),
- FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_challenge, 6, 6),
- FIELDOF_OPT(krb5_pa_otp_req, kerberos_time, otp_time, 7, 7),
- FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_counter, 8, 8),
- FIELDOF_OPT(krb5_pa_otp_req, int32, otp_format, 9, 9), /* FIXME: not the right type ?? */
- FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_keyid, 10, 10),
- FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_algid, 11, 11), /* FIXME: not the right type ?? */
- FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_vendor, 12, 12), /* FIXME: not the right type ?? */
+ FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_pin, 6, 6),
+ FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_challenge, 7, 7), /* FIXME: SIZE(1..MAX) */
+ FIELDOF_OPT(krb5_pa_otp_req, kerberos_time, otp_time, 8, 8),
+ FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_counter, 9, 9),
+ FIELDOF_OPT(krb5_pa_otp_req, int32, otp_format, 10, 10), /* FIXME: Correct type is OTPFormat. */
+ FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_token_id, 11, 11),
+ FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_alg_id, 12, 12), /* FIXME: Correct type is AnyURI. */
+ FIELDOF_OPT(krb5_pa_otp_req, ostring_data, otp_vendor, 13, 13), /* FIXME: Correct type is UTF8String. */
};
static unsigned int
@@ -2272,29 +2269,29 @@ pa_otp_req_optional (const void *p)
const krb5_pa_otp_req *val = p;
if (val->nonce.data)
- optional |= (1u <<1);
- if (val->enc_data.ciphertext.data)
- optional |= (1u<<2);
+ optional |= (1u<<1);
if (val->hash_alg.algorithm.data)
optional |= (1u<<3);
if (val->iteration_count)
optional |= (1u<<4);
if (val->otp_value.data)
optional |= (1u<<5);
- if (val->otp_challenge.data)
+ if (val->otp_pin.data)
optional |= (1u<<6);
- if (val->otp_time)
+ if (val->otp_challenge.data)
optional |= (1u<<7);
- if (val->otp_counter.data)
+ if (val->otp_time)
optional |= (1u<<8);
- if (val->otp_format)
+ if (val->otp_counter.data)
optional |= (1u<<9);
- if (val->otp_keyid.data)
+ if (val->otp_format)
optional |= (1u<<10);
- if (val->otp_algid.data)
+ if (val->otp_token_id.data)
optional |= (1u<<11);
- if (val->otp_vendor.data)
+ if (val->otp_alg_id.data)
optional |= (1u<<12);
+ if (val->otp_vendor.data)
+ optional |= (1u<<13);
return optional;
}
DEFSEQTYPE( pa_otp_req, krb5_pa_otp_req, pa_otp_req_fields, pa_otp_req_optional);
Oops, something went wrong.

0 comments on commit e5baf42

Please sign in to comment.