Fix.

[shishi.git] / doc / shishi.texi

\input texinfo                  @c -*- Texinfo -*-
@c Copyright (C) 2002, 2003 Simon Josefsson
@c
@c This file is part of the shishi
@c Permission is granted to copy, distribute and/or modify this document
@c under the terms of the GNU Free Documentation License, Version 1.1
@c or any later version published by the Free Software Foundation;
@c with the Invariant Sections being with no Invariant Sections, with the
@c no Front-Cover Texts, and with the no Back-Cover Texts.
@c A copy of the license is included in the section entitled ``GNU
@c Free Documentation License'' in the file 'fdl.texi'.
@c
@setfilename shishi.info
@include version.texi
@settitle The Shishi Manual

@c Unify some of the indices.
@syncodeindex tp fn
@syncodeindex pg fn

@copying
This is @cite{The Shishi Manual}, last updated
@value{UPDATED}, for Version @value{VERSION} of the @acronym{Shishi}
library.

Copyright @copyright{} 2002 Simon Josefsson.

@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.1 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with the Front-Cover texts being ``A GNU Manual,''
and with the Back-Cover Texts as in (a) below.  A copy of the license
is included in the section entitled ``GNU Free Documentation
License.''

(a) The FSF's Back-Cover Text is: ``You have freedom to copy and
modify this GNU Manual, like GNU software.  Copies published by the
Free Software Foundation raise funds for GNU development.''
@end quotation
@end copying

@dircategory Net Utilities
@direntry
* shishi: (shishi).             An RFC 1510 implementation
@end direntry

@titlepage
@title The Shishi Manual
@subtitle for version @value{VERSION}, @value{UPDATED}
@author Simon Josefsson (@email{bug-shishi@@josefsson.org})
@page
@vskip 0pt plus 1filll
@insertcopying
@end titlepage

@contents

@ifnottex
@node Top
@top Shishi
@insertcopying
@end ifnottex

@menu
* Introduction::                How to use this manual.
* User Manual::                 Using Shishi as end-user.
* Administration Manual::       Administrating server aspects of Shishi.
* Programming Manual::          Calling Shishi from a programming language.
* Acknowledgements::            Whom to blame.

Appendices

* Copying This Manual::         How you can copy and share this manual.
* Copying::                     How you can copy and share the source.

Indices

* Concept Index::               Index of concepts and programs.
* Function and Data Index::     Index of functions, variables and data types.
@end menu


@c **********************************************************
@c ********************  Introduction  **********************
@c **********************************************************
@node Introduction
@chapter Introduction

Shishi implements the RFC 1510 network security system, also known as
Kerberos 5.

@menu
* Getting Started::
* Features and Status::
* Overview::
* Cryptographic Overview::
* Supported Platforms::
* Bug Reports::
@end menu

@node Getting Started
@section Getting Started

This manual documents the Shishi application and library programming
interface.  All commands, functions and data types provided by Shishi
are explained.

The reader is assumed to possess basic familiarity with network
security and the RFC 1510 security system.

This manual can be used in several ways.  If read from the beginning
to the end, it gives a good introduction into the library and how it
can be used in an application.  Forward references are included where
necessary.  Later on, the manual can be used as a reference manual to
get just the information needed about any particular interface of the
library.  Experienced programmers might want to start looking at the
examples at the end of the manual, and then only read up those parts
of the interface which are unclear.

@node Features and Status
@section Features and Status

Shishi might have a couple of advantages over other packages doing a
similar job.

@table @asis
@item It's Free Software
Anybody can use, modify, and redistribute it under the terms of the GNU
General Public License (@pxref{Copying}).

@item It's thread-safe
The library uses no global variables.

@item It's internationalized
It handles non-ASCII username and passwords and user visible strings
used in the library (error messages) can be translated into the users'
language.

@item It's portable
It should work on all Unix like operating systems, including Windows.

@end table

Shishi is far from feature complete, it is not even a full RFC 1510
implementation yet.  However, some basic functionality is implemented.
A few implemented feature are mentioned below.

@itemize @bullet

@item Initial authentication (AS) from raw key or password.
This step is typically used to acquire a ticket granting ticket and,
less commonly, a server ticket.

@item Subsequent authentication (TGS).
This step is typically used to acquire a server ticket, by
authenticating yourself using the ticket granting ticket.

@item Client-Server authentication (AP).
This step is used by clients and servers to prove to each other who
they are, using negotiated tickets.

@item Integrity protected communication (SAFE).
This step is used by clients and servers to exchange integrity
protected data with each other.  The key is typically agreed on using
the Client-Server authentication step.

@item Ticket cache, supporting multiple principals and realms.
As tickets have a life time of typically several hours, they are
managed in disk files.  There can be multiple ticket caches, and each
ticket cache can store tickets for multiple clients (users), servers,
encryption types, etc.  Functionality is provided for locating the
proper ticket for every use.

@item Most standard cryptographic primitives.
The believed most secure algorithms are supported
(@pxref{Cryptographic Overview}).

@item Telnet client and server.
This is used to remotely login to other machines, after authenticating
yourself with a ticket.

@item PAM module.
This is used to login locally on a machine.

@item KDC addresses located using DNS SRV RRs.

@end itemize

The following table summarize what the current objectives are (i.e.,
the todo list) and an estimate on how long it will take to implement
the feature.  If you like to start working on anything, please let me
know so work duplication can be avoided.

@itemize @bullet

@item Cross-realm support (week).

@item Session keys in AP (week).

@item PKINIT (use libksba, weeks)

@item Finish GSSAPI support via GPL GSS (weeks)
Shishi will not support GSS, but a separate project ``GPL GSS'' is
under way to produce a generic GSS implementation, and it will use
Shishi to implement the Kerberos 5 mechanism.

@item Port to cyclone (cyclone need to mature first)

@item Modularize ASN.1 library so it can be replaced (days)

@item Modularize Crypto library so it can be replaced (days)

@item KDC (initiated, weeks)

@item PAM module (week)
Finished.

@item Set/Change password protocol (weeks?)

@item Port applications to use Shishi (indefinite)

@item Improve documentation

@item Improve internationalization

@item Fix fixed size buffers.

@end itemize

@node Overview
@section Overview

This section describes RFC 1510 from a protocol point of
view@footnote{The text is a lightly adapted version of the
introduction section from RFC 1510 by J. Kohl and C. Neuman, September
1993, unclear copyrights, but presumably owned by The Internet
Society.}.

Kerberos provides a means of verifying the identities of principals,
(e.g., a workstation user or a network server) on an open
(unprotected) network.  This is accomplished without relying on
authentication by the host operating system, without basing trust on
host addresses, without requiring physical security of all the hosts
on the network, and under the assumption that packets traveling along
the network can be read, modified, and inserted at will. (Note,
however, that many applications use Kerberos' functions only upon the
initiation of a stream-based network connection, and assume the
absence of any "hijackers" who might subvert such a connection.  Such
use implicitly trusts the host addresses involved.)  Kerberos performs
authentication under these conditions as a trusted third- party
authentication service by using conventional cryptography, i.e.,
shared secret key.  (shared secret key - Secret and private are often
used interchangeably in the literature.  In our usage, it takes two
(or more) to share a secret, thus a shared DES key is a secret key.
Something is only private when no one but its owner knows it.  Thus,
in public key cryptosystems, one has a public and a private key.)

The authentication process proceeds as follows: A client sends a
request to the authentication server (AS) requesting "credentials" for
a given server.  The AS responds with these credentials, encrypted in
the client's key.  The credentials consist of 1) a "ticket" for the
server and 2) a temporary encryption key (often called a "session
key").  The client transmits the ticket (which contains the client's
identity and a copy of the session key, all encrypted in the server's
key) to the server.  The session key (now shared by the client and
server) is used to authenticate the client, and may optionally be used
to authenticate the server.  It may also be used to encrypt further
communication between the two parties or to exchange a separate
sub-session key to be used to encrypt further communication.

The implementation consists of one or more authentication servers
running on physically secure hosts.  The authentication servers
maintain a database of principals (i.e., users and servers) and their
secret keys. Code libraries provide encryption and implement the
Kerberos protocol.  In order to add authentication to its
transactions, a typical network application adds one or two calls to
the Kerberos library, which results in the transmission of the
necessary messages to achieve authentication.

The Kerberos protocol consists of several sub-protocols (or
exchanges).  There are two methods by which a client can ask a
Kerberos server for credentials.  In the first approach, the client
sends a cleartext request for a ticket for the desired server to the
AS. The reply is sent encrypted in the client's secret key. Usually
this request is for a ticket-granting ticket (TGT) which can later be
used with the ticket-granting server (TGS).  In the second method, the
client sends a request to the TGS.  The client sends the TGT to the
TGS in the same manner as if it were contacting any other application
server which requires Kerberos credentials.  The reply is encrypted in
the session key from the TGT.

Once obtained, credentials may be used to verify the identity of the
principals in a transaction, to ensure the integrity of messages
exchanged between them, or to preserve privacy of the messages.  The
application is free to choose whatever protection may be necessary.

To verify the identities of the principals in a transaction, the
client transmits the ticket to the server.  Since the ticket is sent
"in the clear" (parts of it are encrypted, but this encryption doesn't
thwart replay) and might be intercepted and reused by an attacker,
additional information is sent to prove that the message was
originated by the principal to whom the ticket was issued.  This
information (called the authenticator) is encrypted in the session
key, and includes a timestamp.  The timestamp proves that the message
was recently generated and is not a replay.  Encrypting the
authenticator in the session key proves that it was generated by a
party possessing the session key.  Since no one except the requesting
principal and the server know the session key (it is never sent over
the network in the clear) this guarantees the identity of the client.

The integrity of the messages exchanged between principals can also be
guaranteed using the session key (passed in the ticket and contained
in the credentials).  This approach provides detection of both replay
attacks and message stream modification attacks.  It is accomplished
by generating and transmitting a collision-proof checksum (elsewhere
called a hash or digest function) of the client's message, keyed with
the session key.  Privacy and integrity of the messages exchanged
between principals can be secured by encrypting the data to be passed
using the session key passed in the ticket, and contained in the
credentials.

@node Cryptographic Overview
@section Cryptographic Overview

Shishi implements several of the standard cryptographic primitives.
Here are the names of the supported encryption suites, with some notes
on their status and there associated checksum suite.  They are ordered
by increased security as perceived by the author.

@cindex DES
@cindex 3DES
@cindex AES

@table @code

@item NULL

@code{NULL} is a dummy encryption suite for debugging.  Encryption and
decryption are identity functions.  No integrity protection.  It is
weak.  It is associated with the @code{NULL} checksum.

@item des-cbc-crc

@code{des-cbc-crc} is DES encryption and decryption with 56 bit keys
and 8 byte blocks in CBC mode. The keys can be derived from passwords
by an obscure application specific algorithm. Data is integrity
protected with an unkeyed but encrypted @code{CRC32}-like checksum.
It is weak. It is associated with the @code{rsa-md5-des} checksum.

@item des-cbc-md4

@code{des-cbc-md4} is DES encryption and decryption with 56 bit keys
and 8 byte blocks in CBC mode. The keys can be derived from passwords
by an obscure application specific algorithm. Data is integrity
protected with an unkeyed but encrypted MD4 hash.  It is weak. It is
associated with the @code{rsa-md4-des} checksum.

@item des-cbc-md5

@code{des-cbc-md5} is DES encryption and decryption with 56 bit keys
and 8 byte blocks in CBC mode.  The keys can be derived from passwords
by an obscure application specific algorithm. Data is integrity
protected with an unkeyed but encrypted MD5 hash.  It is weak.  It is
associated with the @code{rsa-md5-des} checksum.  This is the
strongest RFC 1510 interoperable mechanism.

@item des3-cbc-sha1-kd

@code{des3-cbc-sha1-kd} is DES encryption and decryption with three 56
bit keys (effective key size 112 bits) and 8 byte blocks in CBC
mode. The keys can be derived from passwords by a algorithm based on
the paper "A Better Key Schedule For DES-like Ciphers"
@footnote{@url{http://www.research.att.com/~smb/papers/ides.pdf}} by
Uri Blumenthal and Steven M. Bellovin (it is not clear if the
algorithm, and the way it is used, is used by any other protocols,
although it seems unlikely).  Data is integrity protected with a keyed
(HMAC) SHA1 hash.  It has no security proof, but is assumed to provide
adequate security in the sense that knowledge on how to crack it is
not known to the public.  It is associated with the
@code{hmac-sha1-des3-kd} checksum.

@item aes128-cts-hmac-sha1-96
@item aes256-cts-hmac-sha1-96.

@code{aes128-cts-hmac-sha1-96} and @code{aes256-cts-hmac-sha1-96} is
AES encryption and decryption with 128 bit and 256 bit key,
respectively, and 16 byte blocks in CBC mode with Cipher Text
Stealing.  Cipher Text Stealing means data length of encrypted data is
preserved (pure CBC add up to 7 pad characters).  The keys can be
derived from passwords with RSA Laboratories PKCS#5 Password Based Key
Derivation Function
2@footnote{@url{http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/}},
which is allegedly provably secure in a random oracle model.  Data is
integrity protected with a keyed (HMAC) SHA1 hash truncated to 96
bits.  There is no security proof, but the schemes are assumed to
provide good security, but has, as AES itself, yet to receive the test
of time.  It is associated with the @code{hmac-sha1-96-aes128} and
@code{hmac-sha1-96-aes256} checksums, respectively.

@end table

The protocol do not include any way to negotiate which checksum
mechanisms to use, so in most cases the associated checksum will be
used.  However, checksum mechanisms can be used with other encryption
mechanisms, as long as they are compatible in terms of key format etc.
Here are the names of the supported checksum mechanisms, with some
notes on their status and the compatible encryption mechanisms. They
are ordered by increased security as perceived by the author.

@table @code

@item NULL

@code{NULL} is a dummy checksum suite for debugging.  It provides no
integrity.  It is weak.  It is compatible with the @code{NULL}
encryption mechanism.

@item rsa-md4-des

@code{rsa-md4-des} is a DES CBC encryption of one block of random data
and a unkeyed MD4 hash computed over the random data and the message
to integrity protect.  The key used is derived from the base protocol
key by XOR with a constant.  It is weak. It is compatible with the
@code{des-cbc-crc}, @code{des-cbc-md4}, @code{des-cbc-md5} encryption
mechanisms.

@item rsa-md5-des

@code{rsa-md5-des} is a DES CBC encryption of one block of random data
and a unkeyed MD5 hash computed over the random data and the message
to integrity protect.  The key used is derived from the base protocol
key by XOR with a constant.  It is weak.  It is compatible with the
@code{des-cbc-crc}, @code{des-cbc-md4}, @code{des-cbc-md5} encryption
mechanisms.

@item hmac-sha1-des3-kd

@code{hmac-sha1-des3-kd} is a keyed (HMAC) SHA1 hash computed over the
message.  The key is derived from the base protocol by the simplified
key derivation function (similar to the password key derivation
functions of @code{des3-cbc-sha1-kd}).  It has no security proof, but
is assumed to provide good security.  It is compatible with the
@code{des3-cbc-sha1-kd} encryption mechanism.

@item hmac-sha1-96-aes128
@item hmac-sha1-96-aes256

@code{hmac-sha1-96-aes*} are keyed (HMAC) SHA1 hashes computed over
the message and then truncated to 96 bits.  The key is derived from
the base protocol by the simplified key derivation function (similar
to the password key derivation functions of @code{des3-cbc-sha1-kd}).
It has no security proof, but is assumed to provide good security.  It
is compatible with the @code{des3-cbc-sha1-kd} encryption mechanism.

@end table


@node Supported Platforms
@section Supported Platforms

Shishi has at some point in time been tested on the following
platforms.

@enumerate

@item Debian GNU/Linux 3.0r0 (Woody)
@cindex Debian

GCC 2.95.4 and GNU Make. alphaev67-unknown-linux-gnu,
alphaev6-unknown-linux-gnu, hppa64-unknown-linux-gnu,
i686-pc-linux-gnu, ia64-unknown-linux-gnu.

@item Tru64 UNIX
@cindex Tru64

Tru64 UNIX C compiler and Tru64 Make. alphaev68-dec-osf5.1.

@item SuSE Linux 7.1
@cindex SuSE

GCC 2.96 and GNU Make. alphaev67-unknown-linux-gnu.

@item SuSE Linux 7.2a
@cindex SuSE Linux

GCC 3.0 and GNU Make. ia64-unknown-linux-gnu.

@item RedHat Linux 7.2
@cindex RedHat

GCC 2.96 and GNU Make. i686-pc-linux-gnu.

@item RedHat Linux 8.0
@cindex RedHat

GCC 3.2 and GNU Make. i686-pc-linux-gnu.

@c @item IRIX 6.5
@c @cindex IRIX
@c
@c mips-sgi-irix6.5, MIPS C compiler, IRIX Make.

@c @item AIX 4.3.2
@c @cindex AIX
@c
@c rs6000-ibm-aix4.3.2.0, IBM C for AIX compiler, AIX Make.

@c @item Microsoft Windows 2000
@c @cindex Windows
@c
@c GCC 2.95.2-6, GNU make. i686-pc-cygwin

@c @item HP-UX 11.11
@c @cindex HP-UX
@c
@c HP-UX C compiler and HP Make. hppa2.0w-hp-hpux11.11.

@item SUN Solaris 2.8
@cindex Solaris

Sun WorkShop Compiler C 6.0 and SUN Make. sparc-sun-solaris2.8.

@item NetBSD 1.6
@cindex NetBSD

GCC 2.95.3 and GNU Make. alpha-unknown-netbsd1.6,
i386-unknown-netbsdelf1.6.

@item OpenBSD 3.1
@cindex OpenBSD

GCC 2.95.3 and GNU Make.
@c alpha-unknown-openbsd3.1, (alignment problems)
i386-unknown-openbsd3.1.

@item FreeBSD 4.7
@cindex FreeBSD

GCC 2.95.4 and GNU Make. alpha-unknown-freebsd4.7,
i386-unknown-freebsd4.7.

@end enumerate

If you use Shishi on, or port Shishi to, a new platform please report
it to the author (@pxref{Bug Reports}).

@node Bug Reports
@section Bug Reports
@cindex Reporting Bugs

If you think you have found a bug in Shishi, please investigate it and
report it.

@itemize @bullet

@item Please make sure that the bug is really in Shishi, and
preferably also check that it hasn't already been fixed in the latest
version.

@item You have to send us a test case that makes it possible for us to
reproduce the bug.

@item You also have to explain what is wrong; if you get a crash, or
if the results printed are not good and in that case, in what way.
Make sure that the bug report includes all information you would need
to fix this kind of bug for someone else.

@end itemize

Please make an effort to produce a self-contained report, with
something definite that can be tested or debugged.  Vague queries or
piecemeal messages are difficult to act on and don't help the
development effort.

If your bug report is good, we will do our best to help you to get a
corrected version of the software; if the bug report is poor, we won't
do anything about it (apart from asking you to send better bug
reports).

If you think something in this manual is unclear, or downright
incorrect, or if the language needs to be improved, please also send a
note.

Send your bug report to:

@center @samp{bug-shishi@@josefsson.org}


@c **********************************************************
@c ********************  User Manual  **********************
@c **********************************************************
@node User Manual
@chapter User Manual
@cindex End-user Shishi usage

Usually Shishi interacts with you to get some initial authentication
information like a password, and then contacts a server to receive a
so called ticket granting ticket.  From now on, you rarely interacts
with Shishi directly.  Applications that needs security services
instruct the Shishi library to use the ticket granting ticket to get
new tickets for various servers.  An example could be if you log on to
a host remotely; the host usually requires authentication before
permitting you in.  The @samp{telnet} application uses the ticket
granting ticket to get a ticket for the server, and then use this
ticket to authenticate you to the server (and usually also
authenticating the server to you, so you know who you are talking with
the right host).  You perform the initial authentication by typing
@command{shishi as} at the prompt.  The @samp{as} command is the
default command for Shishi, so you can type only @command{shishi} if
you want to save a few key strokes.  Sometimes it is necessary to
supply options telling Shishi what your principal (username) or realm
is.  @xref{as}, for the details.  In the example, I need to specify my
name and realm.

@example
@cartouche
jas@@latte:~/src/shishi$ shishi as --client-name \
        simon --realm JOSEFSSON.ORG
Unknown option `read-krb5conf=/etc/krb5.conf'
Unknown option `server-realm=lab.josefsson.org'
Unknown option `.josefsson.org'
Sending to latte.josefsson.org (217.208.172.73)...
Enter password for `simon@@JOSEFSSON.ORG':
Warning: using insecure memory!
simon@@JOSEFSSON.ORG:
Authtime:       Fri Nov 22 23:44:02 2002
Endtime:        Sat Nov 23 00:00:42 2002        valid
Service:        krbtgt/JOSEFSSON.ORG
Key type:       des3-cbc-sha1-kd (16)
Flags:  16384
jas@@latte:~/src/shishi$
@end cartouche
@end example

As you can see, Shishi also prints a short description of the ticket
received.

A logical next step is to display all tickets you have received (by
the way, the tickets are usually stored as text in
@file{~/.shishi/tickets}).  This is achieved by typing @command{shishi
list}.

@example
@cartouche
jas@@latte:~/src/shishi$ shishi list
Unknown option `read-krb5conf=/etc/krb5.conf'
Unknown option `server-realm=lab.josefsson.org'
Unknown option `.josefsson.org'
Tickets in `/home/jas/.shishi/tickets':

jas@@JOSEFSSON.ORG:
Authtime:       Fri Nov 22 23:46:18 2002
Endtime:        Sat Nov 23 00:02:58 2002        valid
Service:        krbtgt/JOSEFSSON.ORG
Key type:       des3-cbc-sha1-kd (16)
Flags:  16384

jas@@JOSEFSSON.ORG:
Authtime:       Fri Nov 22 23:46:18 2002
Endtime:        Sat Nov 23 00:02:58 2002        valid
Service:        host/h73n1c1o299.bredband.skanova.com
Key type:       des3-cbc-sha1-kd (16)
Flags:  0

2 tickets found.
jas@@latte:~/src/shishi$
@end cartouche
@end example

As you can see, I had a ticket for the server
@samp{host/h73n1c1o299.bredband.skanova.com} which was generated by
@samp{telnet}:ing to that host.  The observant reader might notice
that it now says the tickets are owned by @samp{jas@@JOSEFSSON.ORG}
instead of @samp{simon@@JOSEFSSON.ORG}.  This is because the identity
of the ticket owner is not stored in the ticket file, but must be set
every time with @samp{--client-name} parameter.  Since the parameter
was not given, Shishi defaults to using the username on the system.
Perhaps this has been fixed in your version of Shishi, if not you are
very welcome to fix the problem.

If, for some weird reason, you want to manually get a ticket for a
specific server, you can use the @command{shishi tgs} command
(@pxref{tgs}).  Normally, however, the application that uses Shishi
will take care of getting a ticket for the appropriate server, so you
don't need this command.  But maybe you just want to tinker with
things.  Or maybe you are bored.  What do I know.  (If you read this
far you really must be bored though.) Anyway.

@example
@cartouche
jas@@latte:~/src/shishi$ src/shishi tgs \
        --server-name user/billg  --client-name simon \
        -e des-cbc-md5
Unknown option `read-krb5conf=/etc/krb5.conf'
Unknown option `server-realm=lab.josefsson.org'
Unknown option `.josefsson.org'
Searching tickets for client `simon' and server `krbtgt/JOSEFSSON.ORG'
Warning: using insecure memory!
Sending to latte.josefsson.org (217.208.172.73)...
jas@@JOSEFSSON.ORG:
Authtime:       Fri Nov 22 23:46:18 2002
Endtime:        Sat Nov 23 00:02:58 2002        valid
Service:        user/billg
Key type:       des-cbc-md5 (3)
Flags:  0
jas@@latte:~/src/shishi$
@end cartouche
@end example

As you can see, I received a ticket for @samp{user/billg} with a
@samp{des-cbc-md5} (@pxref{Cryptographic Overview}) encryption key
specified with the @samp{-e} parameter.

The rest of the commands are rather esoteric, so I think it is better
if you read the following reference sections instead of trying to
understand any weird examples I may come up with.  If you can think of
something neat that the other commands can be used for, feel free to
suggest a paragraph or two here.

@menu
* as::                          Initial Authentication.
* list::                        Listing tickets in cache.
* tgs::                         Getting subsequent tickets manually.
* client::                      Simple Client.
* server::                      Simple Server.
* ap::                          Low-level client-server authentication.
* crypto::                      Low-level cryptographic functions.
* kdc::                         Low-level AS/TGS exchange.
* miscellaneous::               Various options.
@end menu

@node as
@section as

@example
  as                         Acquire ticket granting ticket using password and
                             the Authentication Service (AS) exchange.

 Options for Authentication Service (AS-OPTIONS):
      --client-name=NAME     Client name. Default is login username.
  -e, --encryption-type=ETYPE,[ETYPE...]
                             Encryption types to use.  ETYPE is either
                             registered name or integer.
  -r, --realm=REALM          Realm of client and server. Default is DNS domain
                             of local host.
      --string-to-key=PASSWORD   Password to decrypt response (discouraged).
                             Default is to prompt user.
@end example


@node list
@section list

@example
  list                       List tickets.

 Options for the List command (LIST-OPTIONS):
      --server-name=NAME     Restrict list to tickets for specified server.
@end example


@node tgs
@section tgs

@example
  tgs                        Acquire ticket using the ticket granting ticket
                             and the Ticket-Granting Service (TGS) exchange.

 Options for Ticket Granting Service (TGS-OPTIONS):
      --client-name=NAME     Client name. Default is login username. Used to
                             locate ticket granting ticket.
      --encryption-type=ETYPE,[ETYPE...]
                             Encryption types to use.  ETYPE is either
                             registered name or integer.
      --realm=REALM          Realm of server. Default is DNS domain of local
                             host.
      --server-name=NAME     Name of server.
      --ticket-granter=NAME  Name of server field in the ticket to use as the
                             ticket granter. Defaults to "krbtgt/REALM@@REALM"
                             where REALM is server realm (see --realm).
@end example


@node client
@section client

@example
  client                     Kerberos client.

 Options for Network Client (CLIENT-OPTIONS):
      --options=OPTION[,OPTION...]
                             Indicate AP-OPTIONS separated by comma (,) or
                             whitespace. Options are integers (ORed together)
                             or the pre-defined strings "use-session-key"
                             indicating that the ticket is encrypted in the
                             server's TGT key rather than its own key (not
                             implemented) or "mutual-required" indicating that
                             mutual authentication is required.
      --realm=REALM          Realm of server. Defaults to DNS domain of local
                             host.
      --server-name=NAME     Name of server. Defaults to "sample/REALM" where
                             REALM is realm of server (see --realm).
@end example


@node server
@section server

@example
  server                     Kerberos server.

 Options for Network Server (SERVER-OPTIONS):
      --client-name=NAME     Client name. Default is login username.
      --key-value=KEY        Cipher key of server.
      --realm=REALM          Realm of server. Defaults to DNS domain of local
                             host.
      --server-name=NAME     Name of server. Defaults to "sample/REALM" where
                             REALM is realm of server (see --realm).
      --string-to-key=PASSWORD   Password to decrypt response (discouraged).
@end example


@node ap
@section ap

@example
  ap                         Kerberos Client/Server Authentication (AP-REQ and
                             AP-REP).

 Options for low-level Client/Server Authentication (AP-OPTIONS):
      --data=B64STRING       Base64 encoded data to checksum in generated
                             authenticator. By default checksum is omitted
                             (indicating no application payload).
      --read-ap-request-file=[TYPE,]FILE
                             Read AP-REQ from FILE in format TYPE; TEXT
                             (default) or DER. Default is to generate it.
      --read-data-file=[TYPE,]FILE
                             Read data to checksum in generated authenticator
                             from FILE in format TYPE, BASE64, HEX or BINARY
                             (default). By default checksum is omitted
                             (indicating no application payload).
      --realm=REALM          Realm of server. Defaults to DNS domain of local
                             host. Used for locating the ticket to use.
      --server-name=NAME     Name of server. Defaults to "krbtgt.DEFAULTREALM"
                             where DEFAULTREALM is realm of server. Used for
                             locating the ticket to use.
      --write-ap-request-file=[TYPE,]FILE
                             Write AP-REQ to FILE in format TYPE; TEXT
                             (default) or DER.  Default is stdout.
      --write-authenticator-file=[TYPE,]FILE
                             Write authenticator to FILE in format TYPE; TEXT
                             (default) or DER. Not written by default.
@end example


@node crypto
@section crypto

@example
  crypto                     Cryptographic functions.

 Options for low-level cryptography (CRYPTO-OPTIONS):
      --algorithm=ALGORITHM  Use ciphering algorithm, expressed either as the
                             etype integer or the registered name.
      --client-name=NAME     Client name. Default is login username. Used for
                             generating cipher key.
      --decrypt              Decrypt data
      --encrypt              Encrypt data
      --input-file=[TYPE,]FILE   Read data from FILE in TYPE, BASE64, HEX or
                             BINARY (default).
      --key-file=[TYPE,]FILE Read/write cipher key from/to FILE in TYPE
      --key-value=KEY        Specify cipher key directly (discouraged)
      --output-file=[TYPE,]FILE   Write data to FILE in TYPE, BASE64, HEX or
                             BINARY (default).
      --realm=REALM          Realm of principal. Defaults to DNS domain of
                             local host. Used for generating cipher key.
      --string-to-key=PASSWORD   Convert password to key.  Client-name and
                             realm also modify the key.
@end example


@node kdc
@section kdc

@example
  kdc                        Key Distribution Center Services; Authentication
                             Service (AS) and Ticket-Granting Service (TGS).

 Options for low-level Key Distribution Services (KDC-OPTIONS):
      --client-name=NAME     Client name. Default is login username. Only for
                             AS.
      --encryption-type=ETYPE,[ETYPE...]
                             Encryption types to use.  ETYPE is either
                             registered name or integer.
      --force-as             Force AS mode. Default is to use TGS iff a TGT is
                             found.
      --force-tgs            Force TGS mode. Default is to use TGS iff a TGT is
                             found.
      --key-value=KEY        Cipher key to decrypt response (discouraged).
      --read-kdc-request-file=[TYPE,]FILE
                             Read KDC-REQ from FILE in format TYPE; TEXT
                             (default) or DER. Default is to generate it.
      --read-kdc-response-file=[TYPE,]FILE
                             Read KDC-REP from FILE in format TYPE; TEXT
                             (default) or DER. Default is to receive it from
                             server.
      --realm=REALM          Realm of server. Default is DNS domain of local
                             host. For AS, this also indicates realm of
                             client.
      --request              Only generate the request.
      --response             Only parse request and response and output ticket.

      --sendrecv             Only send request and receive response.
      --server=HOST          Send request to HOST. Default uses address from
                             configuration file.
      --server-name=NAME     Server name. Default is "krbtgt/REALM" where REALM
                             is server realm (see --realm).
      --short-nonce          Use a 4 byte nonce. Required by some buggy
                             servers.
      --string-to-key=PASSWORD   Password to decrypt response (discouraged).
                             Only for AS.
      --ticket-granter=NAME  Service name in ticket to use for authenticating
                             request. Only for TGS. Defaults to
                             "krbtgt/REALM@@REALM" where REALM is server realm
                             (see --realm).
      --write-ap-request-file=[TYPE,]FILE
                             Write AP-REQ to FILE in TYPE, either TEXT
                             (default) or DER. Only for TGS. Not written by
                             default.
      --write-authenticator-file=[TYPE,]FILE
                             Write Authenticator to FILE in TYPE, either TEXT
                             (default) or DER. Only for TGS. Not written by
                             default.
      --write-kdc-request-file=[TYPE,]FILE
                             Write KDC-REQ to FILE in format TYPE; TEXT
                             (default) or DER. Not written by default.
      --write-kdc-response-file=[TYPE,]FILE
                             Write KDC-REP to FILE in format TYPE; TEXT
                             (default) or DER. Not written by default.
@end example


@node miscellaneous
@section miscellaneous

These parameters are applicable to all commands.

@example
      --configuration-file=FILE   Read user configuration from file.  Default
                             is ~/.shishi/config.
  -o, --library-options=STRING   Parse STRING as a configuration file
                             statement.
  -q, --quiet, --silent      Don't produce any output.
  -s, --system-configuration-file=FILE
                             Read system wide configuration from file.  Default
                             is /usr/local/etc/shishi.conf.
  -t, --ticket-file=FILE     Read tickets from FILE. Default is
                             $HOME/.shishi/tickets.
  -v, --verbose              Produce verbose output.
  -w, --ticket-write-file=FILE   Write tickets to FILE.  Default is to write
                             them back to ticket file.
  -?, --help                 Give this help list
      --usage                Give a short usage message
  -V, --version              Print program version
@end example


@c **********************************************************
@c ****************  Administration Manual  *****************
@c **********************************************************
@node Administration Manual
@chapter Administration Manual

TBW.


@c **********************************************************
@c ***************  Programming Manual  *********************
@c **********************************************************
@node Programming Manual
@chapter Programming Manual
@cindex Application Programming Interface (API)

This chapter describes all the publicly available functions in the
library.

@menu
* Preparation::                 What you should do before using the library.
* Initialization Functions::    Creating library handle, configuration file.
* Ticket Set Functions::        High-level ticket management functions.
* AP-REQ and AP-REP Functions:: Client/Server authentication functions.
* SAFE and PRIV Functions::     Client/Server session data functions.
* Ticket Functions::            Medium-level ticket manipulation functions.
* AS Functions::                Medium-level initial authentication functions.
* TGS Functions::               Medium-level authentication functions.
* Ticket (ASN.1) Functions::    Low-level Ticket functions.
* AS/TGS Functions::            Low-level KDC functions; AS and TGS.
* Authenticator Functions::     Low-level authenticator functions.
* Cryptographic Functions::     Low-level cryptographic functions.
* Utility Functions::           Utilities for use in the global context.
* Error Handling::              Error codes and such.
* Examples::                    Example code.
* Generic Security Service::    If you want to use the GSS API instead.
@end menu

@node Preparation
@section Preparation

To use `Libshishi', you have to perform some changes to your sources
and the build system.  The necessary changes are small and explained
in the following sections.  At the end of this chapter, it is
described how the library is initialized, and how the requirements of
the library are verified.

A faster way to find out how to adapt your application for use with
`Libshishi' may be to look at the examples at the end of this manual
(@pxref{Examples}).

@menu
* Header::
* Initialization::
* Version Check::
* Building the source::
@end menu

@node Header
@subsection Header

All interfaces (data types and functions) of the library are defined
in the header file `shishi.h'.  You must include this in all programs
using the library, either directly or through some other header file,
like this:

@example
#include <shishi.h>
@end example

The name space of `Libshishi' is @code{shishi_*} for function names,
@code{Shishi*} for data types and @code{SHISHI_*} for other symbols.  In
addition the same name prefixes with one prepended underscore are
reserved for internal use and should never be used by an application.

@node Initialization
@subsection Initialization

`Libshishi' must be initialized before it can be used.  The library is
initialized by calling @code{shishi_init()} (@pxref{Initialization
Functions}).  The resources allocated by the initialization process
can be released if the application no longer has a need to call
`Libshishi' functions, this is done by calling @code{shishi_done()}.

In order to take advantage of the internationalisation features in
`Libshishi', such as translated error messages, the application must
set the current locale using @code{setlocale()} before initializing
`Libshishi'.

@node Version Check
@subsection Version Check

It is often desirable to check that the version of `Libshishi' used is
indeed one which fits all requirements.  Even with binary
compatibility new features may have been introduced but due to problem
with the dynamic linker an old version is actually used.  So you may
want to check that the version is okay right after program startup.

@include shishi-api-version.texi

The normal way to use the function is to put something similar to the
following early in your @code{main()}:

@example
  if (!shishi_check_version (SHISHI_VERSION))
    @{
      printf ("shishi_check_version() failed:\n"
              "Header file incompatible with shared library.\n");
      exit(1);
    @}
@end example

@node Building the source
@subsection Building the source
@cindex Compiling your application

If you want to compile a source file including the `shishi.h' header
file, you must make sure that the compiler can find it in the
directory hierarchy.  This is accomplished by adding the path to the
directory in which the header file is located to the compilers include
file search path (via the @option{-I} option).

However, the path to the include file is determined at the time the
source is configured.  To solve this problem, `Libshishi' uses the
external package @command{pkg-config} that knows the path to the
include file and other configuration options.  The options that need
to be added to the compiler invocation at compile time are output by
the @option{--cflags} option to @command{pkg-config shishi}.  The
following example shows how it can be used at the command line:

@example
gcc -c foo.c `pkg-config shishi --cflags`
@end example

Adding the output of @samp{pkg-config shishi --cflags} to the
compilers command line will ensure that the compiler can find the
`Libshishi' header file.

A similar problem occurs when linking the program with the library.
Again, the compiler has to find the library files.  For this to work,
the path to the library files has to be added to the library search path
(via the @option{-L} option).  For this, the option @option{--libs} to
@command{pkg-config shishi} can be used.  For convenience, this option
also outputs all other options that are required to link the program
with the `Libshishi' libararies (in particular, the @samp{-lshishi}
option).  The example shows how to link @file{foo.o} with the `Libshishi'
library to a program @command{foo}.

@example
gcc -o foo foo.o `pkg-config shishi --libs`
@end example

Of course you can also combine both examples to a single command by
specifying both options to @command{pkg-config}:

@example
gcc -o foo foo.c `pkg-config shishi --cflags --libs`
@end example

@node Initialization Functions
@section Initialization Functions

@include shishi-api-init.texi


@node Ticket Set Functions
@section Ticket Set Functions

A ``ticket set'' is, as the name implies, a collection of tickets.
Functions are provided to read tickets from file into a ticket set, to
query number of tickets in the set, to extract a given ticket from the
set, to search the ticket set for tickets matching certain criterium,
to write the ticket set to a file, etc.  High level functions for
performing a initial authentication (@pxref{AS Functions}) or
subsequent authentication (@pxref{TGS Functions}) and storing the new
ticket in the ticket set are also provided.

To manipulate each individual ticket, @xref{Ticket Functions}.  For
low-level ASN.1 manipulation see @xref{Ticket (ASN.1) Functions}.

@include shishi-api-tkts.texi


@node AP-REQ and AP-REP Functions
@section AP-REQ and AP-REP Functions

The ``AP-REQ'' and ``AP-REP'' are ASN.1 structures used by application
client and servers to prove to each other who they are.  The
structures contain auxilliary information, together with an
authenticator (@pxref{Authenticator Functions}) which is the real
cryptographic proof.  The following illustrates the AP-REQ and AP-REP
ASN.1 structures.

@verbatim
AP-REQ          ::= [APPLICATION 14] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (14),
        ap-options      [2] APOptions,
        ticket          [3] Ticket,
        authenticator   [4] EncryptedData {Authenticator,
                                { keyuse-pa-TGSReq-authenticator
                                  | keyuse-APReq-authenticator }}
}

AP-REP          ::= [APPLICATION 15] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (15),
        enc-part        [2] EncryptedData {EncAPRepPart,
                                { keyuse-EncAPRepPart }}
}

EncAPRepPart    ::= [APPLICATION 27] SEQUENCE {
        ctime           [0] KerberosTime,
        cusec           [1] Microseconds,
        subkey          [2] EncryptionKey OPTIONAL,
        seq-number      [3] UInt32 OPTIONAL
}
@end verbatim

@include shishi-api-ap.texi


@node SAFE and PRIV Functions
@section SAFE and PRIV Functions

The ``KRB-SAFE'' is an ASN.1 structure used by application client and
servers to exchange integrity protected data.  The integrity
protection is keyed, usually with a key agreed on via the AP exchange
(@pxref{AP-REQ and AP-REP Functions}).  The following illustrates the
KRB-SAFE ASN.1 structure.

@verbatim
   KRB-SAFE        ::= [APPLICATION 20] SEQUENCE {
           pvno            [0] INTEGER (5),
           msg-type        [1] INTEGER (20),
           safe-body       [2] KRB-SAFE-BODY,
           cksum           [3] Checksum
   }

   KRB-SAFE-BODY   ::= SEQUENCE {
           user-data       [0] OCTET STRING,
           timestamp       [1] KerberosTime OPTIONAL,
           usec            [2] Microseconds OPTIONAL,
           seq-number      [3] UInt32 OPTIONAL,
           s-address       [4] HostAddress,
           r-address       [5] HostAddress OPTIONAL
   }
@end verbatim

@include shishi-api-safe.texi

The ``KRB-PRIV'' is an ASN.1 structure used by application client and
servers to exchange confidential data.  The confidentiality is keyed,
usually with a key agreed on via the AP exchange (@pxref{AP-REQ and
AP-REP Functions}).  The following illustrates the KRB-PRIV ASN.1
structure.

@verbatim
   KRB-PRIV        ::= [APPLICATION 21] SEQUENCE {
           pvno            [0] INTEGER (5),
           msg-type        [1] INTEGER (21),
                           -- NOTE: there is no [2] tag
           enc-part        [3] EncryptedData -- EncKrbPrivPart
   }

   EncKrbPrivPart  ::= [APPLICATION 28] SEQUENCE {
           user-data       [0] OCTET STRING,
           timestamp       [1] KerberosTime OPTIONAL,
           usec            [2] Microseconds OPTIONAL,
           seq-number      [3] UInt32 OPTIONAL,
           s-address       [4] HostAddress -- sender's addr --,
           r-address       [5] HostAddress OPTIONAL -- recip's addr
   }
@end verbatim

@c @include shishi-api-safe.texi


@node Ticket Functions
@section Ticket Functions

@include shishi-api-tkt.texi


@node AS Functions
@section AS Functions

The Authentication Service (AS) is used to get an initial ticket using
e.g. your password.  The following illustrates the AS-REQ and AS-REP
ASN.1 structures.

@verbatim
-- Request --

AS-REQ          ::= KDC-REQ {10}

KDC-REQ {INTEGER:tagnum}        ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [1] INTEGER (5) -- first tag is [1], not [0] --,
        msg-type        [2] INTEGER (tagnum),
        padata          [3] SEQUENCE OF PA-DATA OPTIONAL,
        req-body        [4] KDC-REQ-BODY
}

KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData {
                                        AuthorizationData,
                                        { keyuse-TGSReqAuthData-sesskey
                                          | keyuse-TGSReqAuthData-subkey }
                                     } OPTIONAL,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
}

-- Reply --

AS-REP          ::= KDC-REP {11, EncASRepPart, {keyuse-EncASRepPart}}

KDC-REP {INTEGER:tagnum,
         TypeToEncrypt,
         UInt32:KeyUsages}      ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (tagnum),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL,
        crealm          [3] Realm,
        cname           [4] PrincipalName,
        ticket          [5] Ticket,
        enc-part        [6] EncryptedData {TypeToEncrypt, KeyUsages}
}

EncASRepPart    ::= [APPLICATION 25] EncKDCRepPart

EncKDCRepPart   ::= SEQUENCE {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}
@end verbatim

@include shishi-api-as.texi


@node TGS Functions
@section TGS Functions

The Ticket Granting Service (TGS) is used to get subsequent tickets,
authenticated by other tickets (so called ticket granting tickets).
The following illustrates the TGS-REQ and TGS-REP ASN.1 structures.

@verbatim
-- Request --

TGS-REQ         ::= KDC-REQ {12}

KDC-REQ {INTEGER:tagnum}        ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [1] INTEGER (5) -- first tag is [1], not [0] --,
        msg-type        [2] INTEGER (tagnum),
        padata          [3] SEQUENCE OF PA-DATA OPTIONAL,
        req-body        [4] KDC-REQ-BODY
}

KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData {
                                        AuthorizationData,
                                        { keyuse-TGSReqAuthData-sesskey
                                          | keyuse-TGSReqAuthData-subkey }
                                     } OPTIONAL,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
}

-- Reply --

TGS-REP         ::= KDC-REP {13, EncTGSRepPart,
                        { keyuse-EncTGSRepPart-sesskey
                          | keyuse-EncTGSRepPart-subkey }}

KDC-REP {INTEGER:tagnum,
         TypeToEncrypt,
         UInt32:KeyUsages}      ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (tagnum),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL,
        crealm          [3] Realm,
        cname           [4] PrincipalName,
        ticket          [5] Ticket,
        enc-part        [6] EncryptedData {TypeToEncrypt, KeyUsages}
}

EncTGSRepPart   ::= [APPLICATION 26] EncKDCRepPart

EncKDCRepPart   ::= SEQUENCE {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}
@end verbatim

@include shishi-api-tgs.texi


@node Ticket (ASN.1) Functions
@section Ticket (ASN.1) Functions

@include shishi-api-ticket.texi

@node AS/TGS Functions
@section AS/TGS Functions

The Authentication Service (AS) is used to get an initial ticket using
e.g. your password.  The Ticket Granting Service (TGS) is used to get
subsequent tickets using other tickets.  Protocol wise the procedures
are very similar, which is the reason they are described together.
The following illustrates the AS-REQ, TGS-REQ and AS-REP, TGS-REP
ASN.1 structures.  Most of the functions use the mnemonic ``KDC''
instead of either AS or TGS, which means the function operates on both
AS and TGS types.  Only where the distinction between AS and TGS is
important are the AS and TGS names used.  Remember, these are
low-level functions, and normal applications will likely be satisfied
with the AS (@pxref{AS Functions}) and TGS (@pxref{TGS Functions})
interfaces, or the even more high-level Ticket Set (@pxref{Ticket Set
Functions}) interface.

@verbatim
-- Request --

AS-REQ          ::= KDC-REQ {10}
TGS-REQ         ::= KDC-REQ {12}

KDC-REQ {INTEGER:tagnum}        ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [1] INTEGER (5) -- first tag is [1], not [0] --,
        msg-type        [2] INTEGER (tagnum),
        padata          [3] SEQUENCE OF PA-DATA OPTIONAL,
        req-body        [4] KDC-REQ-BODY
}

KDC-REQ-BODY    ::= SEQUENCE {
        kdc-options             [0] KDCOptions,
        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server's realm
                                    -- Also client's in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData {
                                        AuthorizationData,
                                        { keyuse-TGSReqAuthData-sesskey
                                          | keyuse-TGSReqAuthData-subkey }
                                     } OPTIONAL,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
}

-- Reply --

AS-REP          ::= KDC-REP {11, EncASRepPart, {keyuse-EncASRepPart}}
TGS-REP         ::= KDC-REP {13, EncTGSRepPart,
                        { keyuse-EncTGSRepPart-sesskey
                          | keyuse-EncTGSRepPart-subkey }}

KDC-REP {INTEGER:tagnum,
         TypeToEncrypt,
         UInt32:KeyUsages}      ::= [APPLICATION tagnum] SEQUENCE {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (tagnum),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL,
        crealm          [3] Realm,
        cname           [4] PrincipalName,
        ticket          [5] Ticket,
        enc-part        [6] EncryptedData {TypeToEncrypt, KeyUsages}
}

EncASRepPart    ::= [APPLICATION 25] EncKDCRepPart
EncTGSRepPart   ::= [APPLICATION 26] EncKDCRepPart

EncKDCRepPart   ::= SEQUENCE {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}
@end verbatim

@include shishi-api-kdc.texi


@node Authenticator Functions
@section Authenticator Functions

An ``Authenticator'' is a ASN.1 structure that work as a proof that an
entity owns a ticket.  It is usually embedded in the AP-REQ structure
(@pxref{AP-REQ and AP-REP Functions}), and you most likely want to use
an AP-REQ instead of a Authenticator in normal applications.  The
following illustrates the Authenticator ASN.1 structure.

@verbatim
Authenticator   ::= [APPLICATION 2] SEQUENCE  {
        authenticator-vno       [0] INTEGER (5),
        crealm                  [1] Realm,
        cname                   [2] PrincipalName,
        cksum                   [3] Checksum OPTIONAL,
        cusec                   [4] Microseconds,
        ctime                   [5] KerberosTime,
        subkey                  [6] EncryptionKey OPTIONAL,
        seq-number              [7] UInt32 OPTIONAL,
        authorization-data      [8] AuthorizationData OPTIONAL
}
@end verbatim

@include shishi-api-authenticator.texi


@node Cryptographic Functions
@section Cryptographic Functions

Underneath the high-level functions described earlier, cryptographic
operations are happening.  If you need to access these cryptographic
primitives directly, this section describes the functions available.

Most cryptographic operations need keying material, and cryptographic
keys have been isolated into it's own data structure
@code{Shishi_key}.  The following illustrates it's contents, but note
that you cannot access it's elements directly but must use the
accessor functions described below.

@verbatim
struct Shishi_key
{
  int type;    /* RFC 1510 encryption integer type */
  char *value; /* Cryptographic key data */
  int version; /* RFC 1510 ``kvno'' */
};
@end verbatim

All functions that operate on this data structure are described now.

@include shishi-api-key.texi

Many servers run uninteractively but still need keying material, and
when they do they are normally read from a file stored on the local
host.  The file should be protected from unauthorized access.  The
file is in ASCII format and contains keys as outputed by
@code{shishi_key_print()}.  All functions that handle these hostkeys
file are described now.

@include shishi-api-hostkeys.texi

After creating the key structure, it can be used to encrypt and
decrypt data, calculate checksum on data etc.  All available functions
are described now.

@include shishi-api-crypto.texi


@node Utility Functions
@section Utility Functions

@include shishi-api-utility.texi


@node Error Handling
@section Error Handling
@cindex Error Handling

Most functions in `Libshishi' are returning an error if they fail.
For this reason, the application should always catch the error
condition and take appropriate measures, for example by releasing the
resources and passing the error up to the caller, or by displaying a
descriptive message to the user and cancelling the operation.

Some error values do not indicate a system error or an error in the
operation, but the result of an operation that failed properly.

@menu
* Error values::                A list of all error values used.
* Error strings::               How to get a descriptive string from a value.
@end menu

@node Error values
@subsection Error values

Errors are returned as an @code{int}.  Except for the SHISHI_OK case,
an application should always use the constants instead of their
numeric value.  Applications are encouraged to use the constants even
for SHISHI_OK as it improves readability.  Possible values are:

@table @code
@item SHISHI_OK
This value indicates success.  The value of this error is guaranteed
to always be @code{0} so you may use it in boolean constructs.

@include shishi-api-error-labels.texi

@end table

@node Error strings
@subsection Error strings

@include shishi-api-error.texi

@node Examples
@section Examples
@cindex Examples

This chapter does not contain example code which illustrate how
`Shishi' can be used when writing your own application.

@node Generic Security Service
@section Generic Security Service
@cindex Generic Security Service (GSS)

As an alternative to the native Shishi programming API, it is possible
to program Shishi through the Generic Security Services (GSS) API.
The advantage of using GSS-API in your security application, instead
of the native Shishi API, is that it will be easier to port your
application between different Kerberos 5 implementations, and even
beyond Kerberos 5 to different security systems, that support GSS-API.
In the free software world, however, the only widely used security
system that supports GSS-API is Kerberos 5, so the last advantage is
somewhat academic.  But if you are porting applications using GSS-API
for other Kerberos 5 implementations, or want a more mature and stable
API than the native Shishi API, you may find using Shishi's GSS-API
interface compelling.  Note that GSS-API only offer basic services,
for more advanced uses you must use the native API.

Since the GSS is not specific to Shishi, it is distributed
independently from Shishi.  Further information on the GSS project can
be found at @url{http://josefsson.org/gss/}.

@c **********************************************************
@c *******************  Acknowledgements  *******************
@c **********************************************************
@node Acknowledgements
@chapter Acknowledgements

Shishi uses Libgcrypt and Libgpg-error by Werner Koch et al, Libtasn1
by Fabio Fiorina et al.

@c **********************************************************
@c *******************  Appendices  *************************
@c **********************************************************

@node Copying This Manual
@appendix Copying This Manual

@menu
* GNU Free Documentation License::  License for copying this manual.
@end menu

@include fdl.texi

@include gpl.texi

@node Concept Index
@unnumbered Concept Index

@printindex cp

@node Function and Data Index
@unnumbered Function and Data Index

@printindex fn

@summarycontents
@contents
@bye