1 /* authenticator.c --- Functions for authenticators.
2 * Copyright (C) 2002, 2003, 2004, 2006 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
24 /* Get _shishi_print_armored_data, etc. */
28 * shishi_authenticator:
29 * @handle: shishi handle as allocated by shishi_init().
31 * This function creates a new Authenticator, populated with some
32 * default values. It uses the current time as returned by the system
33 * for the ctime and cusec fields.
35 * Return value: Returns the authenticator or NULL on
39 shishi_authenticator (Shishi
* handle
)
42 Shishi_asn1 node
= NULL
;
46 res
= gettimeofday (&tv
, NULL
);
50 node
= shishi_asn1_authenticator (handle
);
54 res
= shishi_asn1_write (handle
, node
, "authenticator-vno", "5", 0);
58 res
= shishi_authenticator_set_crealm (handle
, node
,
59 shishi_realm_default (handle
));
63 res
= shishi_authenticator_client_set (handle
, node
,
64 shishi_principal_default (handle
));
68 res
= shishi_authenticator_cusec_set (handle
, node
, tv
.tv_usec
% 1000000);
72 res
= shishi_asn1_write (handle
, node
, "ctime",
73 shishi_generalize_time (handle
, time (NULL
)), 0);
78 * For sequence numbers to adequately support the detection of
79 * replays they SHOULD be non-repeating, even across connection
80 * boundaries. The initial sequence number SHOULD be random and
81 * uniformly distributed across the full space of possible sequence
82 * numbers, so that it cannot be guessed by an attacker and so that
83 * it and the successive sequence numbers do not repeat other
86 shishi_randomize (handle
, 0, &seqnr
, sizeof (seqnr
));
88 /* XXX remove once libtasn1 _asn1_convert_integer is fixed. */
92 * Implementation note: as noted before, some implementations omit
93 * the optional sequence number when its value would be zero.
94 * Implementations MAY accept an omitted sequence number when
95 * expecting a value of zero, and SHOULD NOT transmit an
96 * Authenticator with a initial sequence number of zero.
101 res
= shishi_authenticator_seqnumber_set (handle
, node
, seqnr
);
102 if (res
!= SHISHI_OK
)
108 shishi_asn1_done (handle
, node
);
113 * shishi_authenticator_subkey:
114 * @handle: shishi handle as allocated by shishi_init().
116 * This function creates a new Authenticator, populated with some
117 * default values. It uses the current time as returned by the system
118 * for the ctime and cusec fields. It adds a random subkey.
120 * Return value: Returns the authenticator or NULL on
124 shishi_authenticator_subkey (Shishi
* handle
)
129 node
= shishi_authenticator (handle
);
133 res
= shishi_authenticator_add_random_subkey (handle
, node
);
134 if (res
!= SHISHI_OK
)
141 * shishi_authenticator_print:
142 * @handle: shishi handle as allocated by shishi_init().
143 * @fh: file handle open for writing.
144 * @authenticator: authenticator as allocated by shishi_authenticator().
146 * Print ASCII armored DER encoding of authenticator to file.
148 * Return value: Returns SHISHI_OK iff successful.
151 shishi_authenticator_print (Shishi
* handle
,
152 FILE * fh
, Shishi_asn1 authenticator
)
154 return _shishi_print_armored_data (handle
, fh
, authenticator
,
155 "Authenticator", NULL
);
159 * shishi_authenticator_save:
160 * @handle: shishi handle as allocated by shishi_init().
161 * @fh: file handle open for writing.
162 * @authenticator: authenticator as allocated by shishi_authenticator().
164 * Save DER encoding of authenticator to file.
166 * Return value: Returns SHISHI_OK iff successful.
169 shishi_authenticator_save (Shishi
* handle
,
170 FILE * fh
, Shishi_asn1 authenticator
)
172 return _shishi_save_data (handle
, fh
, authenticator
, "Authenticator");
176 * shishi_authenticator_to_file:
177 * @handle: shishi handle as allocated by shishi_init().
178 * @authenticator: Authenticator to save.
179 * @filetype: input variable specifying type of file to be written,
180 * see Shishi_filetype.
181 * @filename: input variable with filename to write to.
183 * Write Authenticator to file in specified TYPE. The file will be
184 * truncated if it exists.
186 * Return value: Returns SHISHI_OK iff successful.
189 shishi_authenticator_to_file (Shishi
* handle
, Shishi_asn1 authenticator
,
190 int filetype
, const char *filename
)
195 if (VERBOSE (handle
))
196 printf (_("Writing Authenticator to %s...\n"), filename
);
198 fh
= fopen (filename
, "w");
200 return SHISHI_FOPEN_ERROR
;
202 if (VERBOSE (handle
))
203 printf (_("Writing Authenticator in %s format...\n"),
204 filetype
== SHISHI_FILETYPE_TEXT
? "TEXT" : "DER");
206 if (filetype
== SHISHI_FILETYPE_TEXT
)
207 res
= shishi_authenticator_print (handle
, fh
, authenticator
);
209 res
= shishi_authenticator_save (handle
, fh
, authenticator
);
210 if (res
!= SHISHI_OK
)
215 return SHISHI_IO_ERROR
;
217 if (VERBOSE (handle
))
218 printf (_("Writing Authenticator to %s...done\n"), filename
);
224 * shishi_authenticator_parse:
225 * @handle: shishi handle as allocated by shishi_init().
226 * @fh: file handle open for reading.
227 * @authenticator: output variable with newly allocated authenticator.
229 * Read ASCII armored DER encoded authenticator from file and populate
230 * given authenticator variable.
232 * Return value: Returns SHISHI_OK iff successful.
235 shishi_authenticator_parse (Shishi
* handle
,
236 FILE * fh
, Shishi_asn1
* authenticator
)
238 return _shishi_authenticator_input (handle
, fh
, authenticator
, 0);
242 * shishi_authenticator_read:
243 * @handle: shishi handle as allocated by shishi_init().
244 * @fh: file handle open for reading.
245 * @authenticator: output variable with newly allocated authenticator.
247 * Read DER encoded authenticator from file and populate given
248 * authenticator variable.
250 * Return value: Returns SHISHI_OK iff successful.
253 shishi_authenticator_read (Shishi
* handle
,
254 FILE * fh
, Shishi_asn1
* authenticator
)
256 return _shishi_authenticator_input (handle
, fh
, authenticator
, 1);
260 * shishi_authenticator_from_file:
261 * @handle: shishi handle as allocated by shishi_init().
262 * @authenticator: output variable with newly allocated Authenticator.
263 * @filetype: input variable specifying type of file to be read,
264 * see Shishi_filetype.
265 * @filename: input variable with filename to read from.
267 * Read Authenticator from file in specified TYPE.
269 * Return value: Returns SHISHI_OK iff successful.
272 shishi_authenticator_from_file (Shishi
* handle
, Shishi_asn1
* authenticator
,
273 int filetype
, const char *filename
)
278 if (VERBOSE (handle
))
279 printf (_("Reading Authenticator from %s...\n"), filename
);
281 fh
= fopen (filename
, "r");
283 return SHISHI_FOPEN_ERROR
;
285 if (VERBOSE (handle
))
286 printf (_("Reading Authenticator in %s format...\n"),
287 filetype
== SHISHI_FILETYPE_TEXT
? "TEXT" : "DER");
289 if (filetype
== SHISHI_FILETYPE_TEXT
)
290 res
= shishi_authenticator_parse (handle
, fh
, authenticator
);
292 res
= shishi_authenticator_read (handle
, fh
, authenticator
);
293 if (res
!= SHISHI_OK
)
298 return SHISHI_IO_ERROR
;
300 if (VERBOSE (handle
))
301 printf (_("Reading Authenticator from %s...done\n"), filename
);
307 * shishi_authenticator_set_crealm:
308 * @handle: shishi handle as allocated by shishi_init().
309 * @authenticator: authenticator as allocated by shishi_authenticator().
310 * @crealm: input array with realm.
312 * Set realm field in authenticator to specified value.
314 * Return value: Returns SHISHI_OK iff successful.
317 shishi_authenticator_set_crealm (Shishi
* handle
,
318 Shishi_asn1 authenticator
,
323 res
= shishi_asn1_write (handle
, authenticator
, "crealm", crealm
, 0);
324 if (res
!= SHISHI_OK
)
331 * shishi_authenticator_set_cname:
332 * @handle: shishi handle as allocated by shishi_init().
333 * @authenticator: authenticator as allocated by shishi_authenticator().
334 * @name_type: type of principial, see Shishi_name_type, usually
336 * @cname: input array with principal name.
338 * Set principal field in authenticator to specified value.
340 * Return value: Returns SHISHI_OK iff successful.
343 shishi_authenticator_set_cname (Shishi
* handle
,
344 Shishi_asn1 authenticator
,
345 Shishi_name_type name_type
,
350 res
= shishi_principal_name_set (handle
, authenticator
, "cname",
352 if (res
!= SHISHI_OK
)
359 * shishi_authenticator_client_set:
360 * @handle: shishi handle as allocated by shishi_init().
361 * @authenticator: Authenticator to set client name field in.
362 * @client: zero-terminated string with principal name on RFC 1964 form.
364 * Set the client name field in the Authenticator.
366 * Return value: Returns SHISHI_OK iff successful.
369 shishi_authenticator_client_set (Shishi
* handle
,
370 Shishi_asn1 authenticator
,
375 res
= shishi_principal_set (handle
, authenticator
, "cname", client
);
376 if (res
!= SHISHI_OK
)
383 * shishi_authenticator_ctime:
384 * @handle: shishi handle as allocated by shishi_init().
385 * @authenticator: Authenticator as allocated by shishi_authenticator().
386 * @t: newly allocated zero-terminated character array with client time.
388 * Extract client time from Authenticator.
390 * Return value: Returns SHISHI_OK iff successful.
393 shishi_authenticator_ctime (Shishi
* handle
,
394 Shishi_asn1 authenticator
, char **t
)
396 return shishi_time (handle
, authenticator
, "ctime", t
);
400 * shishi_authenticator_ctime_set:
401 * @handle: shishi handle as allocated by shishi_init().
402 * @authenticator: Authenticator as allocated by shishi_authenticator().
403 * @t: string with generalized time value to store in Authenticator.
405 * Store client time in Authenticator.
407 * Return value: Returns SHISHI_OK iff successful.
410 shishi_authenticator_ctime_set (Shishi
* handle
,
411 Shishi_asn1 authenticator
, const char *t
)
415 res
= shishi_asn1_write (handle
, authenticator
, "ctime",
416 t
, SHISHI_GENERALIZEDTIME_LENGTH
);
417 if (res
!= SHISHI_OK
)
424 * shishi_authenticator_cusec_get:
425 * @handle: shishi handle as allocated by shishi_init().
426 * @authenticator: Authenticator as allocated by shishi_authenticator().
427 * @cusec: output integer with client microseconds field.
429 * Extract client microseconds field from Authenticator.
431 * Return value: Returns SHISHI_OK iff successful.
434 shishi_authenticator_cusec_get (Shishi
* handle
,
435 Shishi_asn1 authenticator
, uint32_t * cusec
)
439 res
= shishi_asn1_read_uint32 (handle
, authenticator
, "cusec", cusec
);
440 if (res
!= SHISHI_OK
)
447 * shishi_authenticator_cusec_set:
448 * @handle: shishi handle as allocated by shishi_init().
449 * @authenticator: authenticator as allocated by shishi_authenticator().
450 * @cusec: client microseconds to set in authenticator, 0-999999.
452 * Set the cusec field in the Authenticator.
454 * Return value: Returns SHISHI_OK iff successful.
457 shishi_authenticator_cusec_set (Shishi
* handle
,
458 Shishi_asn1 authenticator
, uint32_t cusec
)
462 res
= shishi_asn1_write_uint32 (handle
, authenticator
, "cusec", cusec
);
463 if (res
!= SHISHI_OK
)
470 * shishi_authenticator_seqnumber_get:
471 * @handle: shishi handle as allocated by shishi_init().
472 * @authenticator: authenticator as allocated by shishi_authenticator().
473 * @seqnumber: output integer with sequence number field.
475 * Extract sequence number field from Authenticator.
477 * Return value: Returns %SHISHI_OK iff successful.
480 shishi_authenticator_seqnumber_get (Shishi
* handle
,
481 Shishi_asn1 authenticator
,
482 uint32_t * seqnumber
)
486 res
= shishi_asn1_read_uint32 (handle
, authenticator
,
487 "seq-number", seqnumber
);
488 if (res
!= SHISHI_OK
)
495 * shishi_authenticator_seqnumber_remove:
496 * @handle: shishi handle as allocated by shishi_init().
497 * @authenticator: authenticator as allocated by shishi_authenticator().
499 * Remove sequence number field in Authenticator.
501 * Return value: Returns %SHISHI_OK iff successful.
504 shishi_authenticator_seqnumber_remove (Shishi
* handle
,
505 Shishi_asn1 authenticator
)
509 res
= shishi_asn1_write (handle
, authenticator
, "seq-number", NULL
, 0);
510 if (res
!= SHISHI_OK
)
517 * shishi_authenticator_seqnumber_set:
518 * @handle: shishi handle as allocated by shishi_init().
519 * @authenticator: authenticator as allocated by shishi_authenticator().
520 * @seqnumber: integer with sequence number field to store in Authenticator.
522 * Store sequence number field in Authenticator.
524 * Return value: Returns %SHISHI_OK iff successful.
527 shishi_authenticator_seqnumber_set (Shishi
* handle
,
528 Shishi_asn1 authenticator
,
533 res
= shishi_asn1_write_uint32 (handle
, authenticator
,
534 "seq-number", seqnumber
);
535 if (res
!= SHISHI_OK
)
542 * shishi_authenticator_client:
543 * @handle: Shishi library handle create by shishi_init().
544 * @authenticator: Authenticator variable to get client name from.
545 * @client: pointer to newly allocated zero terminated string containing
546 * principal name. May be %NULL (to only populate @clientlen).
547 * @clientlen: pointer to length of @client on output, excluding terminating
548 * zero. May be %NULL (to only populate @client).
550 * Represent client principal name in Authenticator as zero-terminated
551 * string. The string is allocate by this function, and it is the
552 * responsibility of the caller to deallocate it. Note that the
553 * output length @clientlen does not include the terminating zero.
555 * Return value: Returns SHISHI_OK iff successful.
558 shishi_authenticator_client (Shishi
* handle
,
559 Shishi_asn1 authenticator
,
560 char **client
, size_t * clientlen
)
562 return shishi_principal_name (handle
, authenticator
,
563 "cname", client
, clientlen
);
567 * shishi_authenticator_clientrealm:
568 * @handle: Shishi library handle create by shishi_init().
569 * @authenticator: Authenticator variable to get client name and realm from.
570 * @client: pointer to newly allocated zero terminated string containing
571 * principal name and realm. May be %NULL (to only populate @clientlen).
572 * @clientlen: pointer to length of @client on output, excluding terminating
573 * zero. May be %NULL (to only populate @client).
575 * Convert cname and realm fields from Authenticator to printable
576 * principal name format. The string is allocate by this function,
577 * and it is the responsibility of the caller to deallocate it. Note
578 * that the output length @clientlen does not include the terminating
581 * Return value: Returns SHISHI_OK iff successful.
584 shishi_authenticator_clientrealm (Shishi
* handle
,
585 Shishi_asn1 authenticator
,
586 char **client
, size_t * clientlen
)
588 return shishi_principal_name_realm (handle
,
589 authenticator
, "cname",
590 authenticator
, "crealm",
595 shishi_authenticator_remove_cksum (Shishi
* handle
, Shishi_asn1 authenticator
)
599 /* XXX remove this function */
601 res
= shishi_asn1_write (handle
, authenticator
, "cksum", NULL
, 0);
602 if (res
!= SHISHI_OK
)
609 * shishi_authenticator_cksum:
610 * @handle: shishi handle as allocated by shishi_init().
611 * @authenticator: authenticator as allocated by shishi_authenticator().
612 * @cksumtype: output checksum type.
613 * @cksum: newly allocated output checksum data from authenticator.
614 * @cksumlen: on output, actual size of allocated output checksum data buffer.
616 * Read checksum value from authenticator. @cksum is allocated by
617 * this function, and it is the responsibility of caller to deallocate
620 * Return value: Returns SHISHI_OK iff successful.
623 shishi_authenticator_cksum (Shishi
* handle
,
624 Shishi_asn1 authenticator
,
626 char **cksum
, size_t * cksumlen
)
630 res
= shishi_asn1_read_int32 (handle
, authenticator
,
631 "cksum.cksumtype", cksumtype
);
632 if (res
!= SHISHI_OK
)
635 res
= shishi_asn1_read (handle
, authenticator
, "cksum.checksum",
637 if (res
!= SHISHI_OK
)
644 * shishi_authenticator_set_cksum:
645 * @handle: shishi handle as allocated by shishi_init().
646 * @authenticator: authenticator as allocated by shishi_authenticator().
647 * @cksumtype: input checksum type to store in authenticator.
648 * @cksum: input checksum data to store in authenticator.
649 * @cksumlen: size of input checksum data to store in authenticator.
651 * Store checksum value in authenticator. A checksum is usually created
652 * by calling shishi_checksum() on some application specific data using
653 * the key from the ticket that is being used. To save time, you may
654 * want to use shishi_authenticator_add_cksum() instead, which calculates
655 * the checksum and calls this function in one step.
657 * Return value: Returns SHISHI_OK iff successful.
660 shishi_authenticator_set_cksum (Shishi
* handle
,
661 Shishi_asn1 authenticator
,
663 char *cksum
, size_t cksumlen
)
667 res
= shishi_asn1_write_int32 (handle
, authenticator
,
668 "cksum.cksumtype", cksumtype
);
669 if (res
!= SHISHI_OK
)
672 res
= shishi_asn1_write (handle
, authenticator
, "cksum.checksum",
674 if (res
!= SHISHI_OK
)
681 * shishi_authenticator_add_cksum:
682 * @handle: shishi handle as allocated by shishi_init().
683 * @authenticator: authenticator as allocated by shishi_authenticator().
684 * @key: key to to use for encryption.
685 * @keyusage: cryptographic key usage value to use in encryption.
686 * @data: input array with data to calculate checksum on.
687 * @datalen: size of input array with data to calculate checksum on.
689 * Calculate checksum for data and store it in the authenticator.
691 * Return value: Returns SHISHI_OK iff successful.
694 shishi_authenticator_add_cksum (Shishi
* handle
,
695 Shishi_asn1 authenticator
,
697 int keyusage
, char *data
, size_t datalen
)
699 return shishi_authenticator_add_cksum_type (handle
, authenticator
, key
,
701 shishi_cipher_defaultcksumtype
702 (shishi_key_type (key
)),
707 * shishi_authenticator_add_cksum_type:
708 * @handle: shishi handle as allocated by shishi_init().
709 * @authenticator: authenticator as allocated by shishi_authenticator().
710 * @key: key to to use for encryption.
711 * @keyusage: cryptographic key usage value to use in encryption.
712 * @cksumtype: checksum to type to calculate checksum.
713 * @data: input array with data to calculate checksum on.
714 * @datalen: size of input array with data to calculate checksum on.
716 * Calculate checksum for data and store it in the authenticator.
718 * Return value: Returns SHISHI_OK iff successful.
721 shishi_authenticator_add_cksum_type (Shishi
* handle
,
722 Shishi_asn1 authenticator
,
724 int keyusage
, int cksumtype
,
725 char *data
, size_t datalen
)
729 if (data
&& datalen
> 0)
734 res
= shishi_checksum (handle
, key
, keyusage
, cksumtype
,
735 data
, datalen
, &cksum
, &cksumlen
);
736 if (res
!= SHISHI_OK
)
739 res
= shishi_authenticator_set_cksum (handle
, authenticator
,
740 cksumtype
, cksum
, cksumlen
);
744 res
= shishi_authenticator_remove_cksum (handle
, authenticator
);
750 * shishi_authenticator_clear_authorizationdata:
751 * @handle: shishi handle as allocated by shishi_init().
752 * @authenticator: Authenticator as allocated by shishi_authenticator().
754 * Remove the authorization-data field from Authenticator.
756 * Return value: Returns SHISHI_OK iff successful.
759 shishi_authenticator_clear_authorizationdata (Shishi
* handle
,
760 Shishi_asn1 authenticator
)
764 res
= shishi_asn1_write (handle
, authenticator
,
765 "authorization-data", NULL
, 0);
766 if (res
!= SHISHI_OK
)
767 return SHISHI_ASN1_ERROR
;
773 * shishi_authenticator_add_authorizationdata:
774 * @handle: shishi handle as allocated by shishi_init().
775 * @authenticator: authenticator as allocated by shishi_authenticator().
776 * @adtype: input authorization data type to add.
777 * @addata: input authorization data to add.
778 * @addatalen: size of input authorization data to add.
780 * Add authorization data to authenticator.
782 * Return value: Returns SHISHI_OK iff successful.
785 shishi_authenticator_add_authorizationdata (Shishi
* handle
,
786 Shishi_asn1 authenticator
,
795 res
= shishi_asn1_write (handle
, authenticator
,
796 "authorization-data", "NEW", 1);
797 if (res
!= SHISHI_OK
)
800 res
= shishi_asn1_number_of_elements (handle
, authenticator
,
801 "authorization-data", &i
);
802 if (res
!= SHISHI_OK
)
805 asprintf (&format
, "authorization-data.?%d.ad-type", i
);
806 res
= shishi_asn1_write_integer (handle
, authenticator
, format
, adtype
);
807 if (res
!= SHISHI_OK
)
813 sprintf (format
, "authorization-data.?%d.ad-data", i
);
814 res
= shishi_asn1_write (handle
, authenticator
, format
, addata
, addatalen
);
816 if (res
!= SHISHI_OK
)
823 * shishi_authenticator_authorizationdata:
824 * @handle: shishi handle as allocated by shishi_init().
825 * @authenticator: authenticator as allocated by shishi_authenticator().
826 * @adtype: output authorization data type.
827 * @addata: newly allocated output authorization data.
828 * @addatalen: on output, actual size of newly allocated authorization data.
829 * @nth: element number of authorization-data to extract.
831 * Extract n:th authorization data from authenticator. The first
834 * Return value: Returns SHISHI_OK iff successful.
837 shishi_authenticator_authorizationdata (Shishi
* handle
,
838 Shishi_asn1 authenticator
,
840 char **addata
, size_t * addatalen
,
847 res
= shishi_asn1_number_of_elements (handle
, authenticator
,
848 "authorization-data", &i
);
849 if (res
!= SHISHI_OK
)
850 return SHISHI_ASN1_ERROR
;
853 return SHISHI_OUT_OF_RANGE
;
855 asprintf (&format
, "authorization-data.?%d.ad-type", nth
);
856 res
= shishi_asn1_read_int32 (handle
, authenticator
, format
, adtype
);
858 if (res
!= SHISHI_OK
)
861 asprintf (&format
, "authorization-data.?%d.ad-data", i
);
862 res
= shishi_asn1_read (handle
, authenticator
, format
, addata
, addatalen
);
864 if (res
!= SHISHI_OK
)
871 * shishi_authenticator_remove_subkey:
872 * @handle: shishi handle as allocated by shishi_init().
873 * @authenticator: authenticator as allocated by shishi_authenticator().
875 * Remove subkey from the authenticator.
877 * Return value: Returns SHISHI_OK iff successful.
880 shishi_authenticator_remove_subkey (Shishi
* handle
,
881 Shishi_asn1 authenticator
)
885 res
= shishi_asn1_write (handle
, authenticator
, "subkey", NULL
, 0);
886 if (res
!= SHISHI_OK
)
893 * shishi_authenticator_get_subkey:
894 * @handle: shishi handle as allocated by shishi_init().
895 * @authenticator: authenticator as allocated by shishi_authenticator().
896 * @subkey: output newly allocated subkey from authenticator.
898 * Read subkey value from authenticator.
900 * Return value: Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT
901 * if subkey is not present.
904 shishi_authenticator_get_subkey (Shishi
* handle
,
905 Shishi_asn1 authenticator
,
906 Shishi_key
** subkey
)
913 res
= shishi_asn1_read_int32 (handle
, authenticator
,
914 "subkey.keytype", &subkeytype
);
915 if (res
!= SHISHI_OK
)
918 res
= shishi_asn1_read (handle
, authenticator
, "subkey.keyvalue",
919 &subkeyvalue
, &subkeylen
);
920 if (res
!= SHISHI_OK
)
923 res
= shishi_key (handle
, subkey
);
924 if (res
!= SHISHI_OK
)
927 shishi_key_type_set (*subkey
, subkeytype
);
928 shishi_key_value_set (*subkey
, subkeyvalue
);
934 * shishi_authenticator_set_subkey:
935 * @handle: shishi handle as allocated by shishi_init().
936 * @authenticator: authenticator as allocated by shishi_authenticator().
937 * @subkeytype: input subkey type to store in authenticator.
938 * @subkey: input subkey data to store in authenticator.
939 * @subkeylen: size of input subkey data to store in authenticator.
941 * Store subkey value in authenticator. A subkey is usually created
942 * by calling shishi_key_random() using the default encryption type of
943 * the key from the ticket that is being used. To save time, you may
944 * want to use shishi_authenticator_add_subkey() instead, which calculates
945 * the subkey and calls this function in one step.
947 * Return value: Returns SHISHI_OK iff successful.
950 shishi_authenticator_set_subkey (Shishi
* handle
,
951 Shishi_asn1 authenticator
,
953 char *subkey
, size_t subkeylen
)
957 res
= shishi_asn1_write_int32 (handle
, authenticator
,
958 "subkey.keytype", subkeytype
);
959 if (res
!= SHISHI_OK
)
962 res
= shishi_asn1_write (handle
, authenticator
, "subkey.keyvalue",
964 if (res
!= SHISHI_OK
)
971 * shishi_authenticator_add_random_subkey:
972 * @handle: shishi handle as allocated by shishi_init().
973 * @authenticator: authenticator as allocated by shishi_authenticator().
975 * Generate random subkey, of the default encryption type from
976 * configuration, and store it in the authenticator.
978 * Return value: Returns SHISHI_OK iff successful.
981 shishi_authenticator_add_random_subkey (Shishi
* handle
,
982 Shishi_asn1 authenticator
)
988 n
= shishi_cfg_clientkdcetype (handle
, &etypes
);
990 return SHISHI_TICKET_BAD_KEYTYPE
; /* XXX */
992 res
= shishi_authenticator_add_random_subkey_etype (handle
, authenticator
,
994 if (res
!= SHISHI_OK
)
1001 * shishi_authenticator_add_random_subkey_etype:
1002 * @handle: shishi handle as allocated by shishi_init().
1003 * @authenticator: authenticator as allocated by shishi_authenticator().
1004 * @etype: encryption type of random key to generate.
1006 * Generate random subkey of indicated encryption type, and store it
1007 * in the authenticator.
1009 * Return value: Returns SHISHI_OK iff successful.
1012 shishi_authenticator_add_random_subkey_etype (Shishi
* handle
,
1013 Shishi_asn1 authenticator
,
1019 res
= shishi_key_random (handle
, etype
, &subkey
);
1020 if (res
!= SHISHI_OK
)
1023 res
= shishi_authenticator_add_subkey (handle
, authenticator
, subkey
);
1025 shishi_key_done (subkey
);
1031 * shishi_authenticator_add_subkey:
1032 * @handle: shishi handle as allocated by shishi_init().
1033 * @authenticator: authenticator as allocated by shishi_authenticator().
1034 * @subkey: subkey to add to authenticator.
1036 * Store subkey in the authenticator.
1038 * Return value: Returns SHISHI_OK iff successful.
1041 shishi_authenticator_add_subkey (Shishi
* handle
,
1042 Shishi_asn1 authenticator
,
1043 Shishi_key
* subkey
)
1047 res
= shishi_authenticator_set_subkey (handle
, authenticator
,
1048 shishi_key_type (subkey
),
1049 shishi_key_value (subkey
),
1050 shishi_key_length (subkey
));
1051 if (res
!= SHISHI_OK
)