search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix API.
[shishi.git] / lib / authenticator.c
blob49fe494e3659dacaa0096a8e130c6f9d78dcab1c
1 /* authenticator.c functions for authenticators
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "internal.h"
23
24 /**
25 * shishi_authenticator:
26 * @handle: shishi handle as allocated by shishi_init().
27 *
28 * This function creates a new Authenticator, populated with some
29 * default values. It uses the current time as returned by the system
30 * for the ctime and cusec fields.
31 *
32 * Return value: Returns the authenticator or NULL on
33 * failure.
34 **/
35 Shishi_asn1
36 shishi_authenticator (Shishi * handle)
37 {
38 int res;
39 Shishi_asn1 node = NULL;
40 struct timeval tv;
41 struct timezone tz;
42
43 node = shishi_asn1_authenticator (handle);
44 if (!node)
45 return NULL;
46
47 res = shishi_asn1_write (handle, node, "authenticator-vno", "5", 0);
48 if (res != SHISHI_OK)
49 goto error;
50
51 res = shishi_authenticator_set_crealm (handle, node,
52 shishi_realm_default (handle));
53 if (res != SHISHI_OK)
54 goto error;
55
56 res = shishi_authenticator_client_set (handle, node,
57 shishi_principal_default (handle));
58 if (res != SHISHI_OK)
59 goto error;
60
61 gettimeofday (&tv, &tz);
62 res = shishi_authenticator_cusec_set (handle, node, tv.tv_usec % 1000000);
63 if (res != SHISHI_OK)
64 goto error;
65
66 res = shishi_asn1_write (handle, node, "ctime",
67 shishi_generalize_time (handle, time (NULL)), 0);
68 if (res != SHISHI_OK)
69 goto error;
70
71 res = shishi_asn1_write (handle, node, "seq-number", NULL, 0);
72 if (res != SHISHI_OK)
73 goto error;
74
75 return node;
76
77 error:
78 shishi_asn1_done (handle, node);
79 return NULL;
80 }
81
82 /**
83 * shishi_authenticator_subkey:
84 * @handle: shishi handle as allocated by shishi_init().
85 *
86 * This function creates a new Authenticator, populated with some
87 * default values. It uses the current time as returned by the system
88 * for the ctime and cusec fields. It adds a random subkey.
89 *
90 * Return value: Returns the authenticator or NULL on
91 * failure.
92 **/
93 Shishi_asn1
94 shishi_authenticator_subkey (Shishi * handle)
95 {
96 Shishi_asn1 node;
97 int res;
98
99 node = shishi_authenticator (handle);
100 if (node == NULL)
101 return NULL;
102
103 res = shishi_authenticator_add_random_subkey (handle, node);
104 if (res != SHISHI_OK)
105 return NULL;
106
107 return node;
108 }
109
110 /**
111 * shishi_authenticator_print:
112 * @handle: shishi handle as allocated by shishi_init().
113 * @fh: file handle open for writing.
114 * @authenticator: authenticator as allocated by shishi_authenticator().
115 *
116 * Print ASCII armored DER encoding of authenticator to file.
117 *
118 * Return value: Returns SHISHI_OK iff successful.
119 **/
120 int
121 shishi_authenticator_print (Shishi * handle,
122 FILE * fh, Shishi_asn1 authenticator)
123 {
124 return _shishi_print_armored_data (handle, fh, authenticator,
125 "Authenticator", NULL);
126 }
127
128 /**
129 * shishi_authenticator_save:
130 * @handle: shishi handle as allocated by shishi_init().
131 * @fh: file handle open for writing.
132 * @authenticator: authenticator as allocated by shishi_authenticator().
133 *
134 * Save DER encoding of authenticator to file.
135 *
136 * Return value: Returns SHISHI_OK iff successful.
137 **/
138 int
139 shishi_authenticator_save (Shishi * handle,
140 FILE * fh, Shishi_asn1 authenticator)
141 {
142 return _shishi_save_data (handle, fh, authenticator, "Authenticator");
143 }
144
145 /**
146 * shishi_authenticator_to_file:
147 * @handle: shishi handle as allocated by shishi_init().
148 * @authenticator: Authenticator to save.
149 * @filetype: input variable specifying type of file to be written,
150 * see Shishi_filetype.
151 * @filename: input variable with filename to write to.
152 *
153 * Write Authenticator to file in specified TYPE. The file will be
154 * truncated if it exists.
155 *
156 * Return value: Returns SHISHI_OK iff successful.
157 **/
158 int
159 shishi_authenticator_to_file (Shishi * handle, Shishi_asn1 authenticator,
160 int filetype, char *filename)
161 {
162 FILE *fh;
163 int res;
164
165 if (VERBOSE (handle))
166 printf (_("Writing Authenticator to %s...\n"), filename);
167
168 fh = fopen (filename, "w");
169 if (fh == NULL)
170 return SHISHI_FOPEN_ERROR;
171
172 if (VERBOSE (handle))
173 printf (_("Writing Authenticator in %s format...\n"),
174 filetype == SHISHI_FILETYPE_TEXT ? "TEXT" : "DER");
175
176 if (filetype == SHISHI_FILETYPE_TEXT)
177 res = shishi_authenticator_print (handle, fh, authenticator);
178 else
179 res = shishi_authenticator_save (handle, fh, authenticator);
180 if (res != SHISHI_OK)
181 return res;
182
183 res = fclose (fh);
184 if (res != 0)
185 return SHISHI_FCLOSE_ERROR;
186
187 if (VERBOSE (handle))
188 printf (_("Writing Authenticator to %s...done\n"), filename);
189
190 return SHISHI_OK;
191 }
192
193 /**
194 * shishi_authenticator_parse:
195 * @handle: shishi handle as allocated by shishi_init().
196 * @fh: file handle open for reading.
197 * @authenticator: output variable with newly allocated authenticator.
198 *
199 * Read ASCII armored DER encoded authenticator from file and populate
200 * given authenticator variable.
201 *
202 * Return value: Returns SHISHI_OK iff successful.
203 **/
204 int
205 shishi_authenticator_parse (Shishi * handle,
206 FILE * fh, Shishi_asn1 * authenticator)
207 {
208 return _shishi_authenticator_input (handle, fh, authenticator, 0);
209 }
210
211 /**
212 * shishi_authenticator_read:
213 * @handle: shishi handle as allocated by shishi_init().
214 * @fh: file handle open for reading.
215 * @authenticator: output variable with newly allocated authenticator.
216 *
217 * Read DER encoded authenticator from file and populate given
218 * authenticator variable.
219 *
220 * Return value: Returns SHISHI_OK iff successful.
221 **/
222 int
223 shishi_authenticator_read (Shishi * handle,
224 FILE * fh, Shishi_asn1 * authenticator)
225 {
226 return _shishi_authenticator_input (handle, fh, authenticator, 1);
227 }
228
229 /**
230 * shishi_authenticator_from_file:
231 * @handle: shishi handle as allocated by shishi_init().
232 * @authenticator: output variable with newly allocated Authenticator.
233 * @filetype: input variable specifying type of file to be read,
234 * see Shishi_filetype.
235 * @filename: input variable with filename to read from.
236 *
237 * Read Authenticator from file in specified TYPE.
238 *
239 * Return value: Returns SHISHI_OK iff successful.
240 **/
241 int
242 shishi_authenticator_from_file (Shishi * handle, Shishi_asn1 * authenticator,
243 int filetype, char *filename)
244 {
245 int res;
246 FILE *fh;
247
248 if (VERBOSE (handle))
249 printf (_("Reading Authenticator from %s...\n"), filename);
250
251 fh = fopen (filename, "r");
252 if (fh == NULL)
253 return SHISHI_FOPEN_ERROR;
254
255 if (VERBOSE (handle))
256 printf (_("Reading Authenticator in %s format...\n"),
257 filetype == SHISHI_FILETYPE_TEXT ? "TEXT" : "DER");
258
259 if (filetype == SHISHI_FILETYPE_TEXT)
260 res = shishi_authenticator_parse (handle, fh, authenticator);
261 else
262 res = shishi_authenticator_read (handle, fh, authenticator);
263 if (res != SHISHI_OK)
264 return res;
265
266 res = fclose (fh);
267 if (res != 0)
268 return SHISHI_FCLOSE_ERROR;
269
270 if (VERBOSE (handle))
271 printf (_("Reading Authenticator from %s...done\n"), filename);
272
273 return SHISHI_OK;
274 }
275
276 /**
277 * shishi_authenticator_set_crealm:
278 * @handle: shishi handle as allocated by shishi_init().
279 * @authenticator: authenticator as allocated by shishi_authenticator().
280 * @crealm: input array with realm.
281 *
282 * Set realm field in authenticator to specified value.
283 *
284 * Return value: Returns SHISHI_OK iff successful.
285 **/
286 int
287 shishi_authenticator_set_crealm (Shishi * handle,
288 Shishi_asn1 authenticator,
289 const char *crealm)
290 {
291 int res;
292
293 res = shishi_asn1_write (handle, authenticator, "crealm", crealm, 0);
294 if (res != SHISHI_OK)
295 return res;
296
297 return SHISHI_OK;
298 }
299
300 /**
301 * shishi_authenticator_set_cname:
302 * @handle: shishi handle as allocated by shishi_init().
303 * @authenticator: authenticator as allocated by shishi_authenticator().
304 * @name_type: type of principial, see Shishi_name_type, usually
305 * SHISHI_NT_UNKNOWN.
306 * @cname: input array with principal name.
307 *
308 * Set principal field in authenticator to specified value.
309 *
310 * Return value: Returns SHISHI_OK iff successful.
311 **/
312 int
313 shishi_authenticator_set_cname (Shishi * handle,
314 Shishi_asn1 authenticator,
315 Shishi_name_type name_type,
316 const char *cname[])
317 {
318 int res;
319
320 res = shishi_principal_name_set (handle, authenticator, "cname",
321 name_type, cname);
322 if (res != SHISHI_OK)
323 return res;
324
325 return SHISHI_OK;
326 }
327
328 /**
329 * shishi_authenticator_client_set:
330 * @handle: shishi handle as allocated by shishi_init().
331 * @authenticator: Authenticator to set client name field in.
332 * @client: zero-terminated string with principal name on RFC 1964 form.
333 *
334 * Set the client name field in the Authenticator.
335 *
336 * Return value: Returns SHISHI_OK iff successful.
337 **/
338 int
339 shishi_authenticator_client_set (Shishi * handle,
340 Shishi_asn1 authenticator,
341 const char *client)
342 {
343 int res;
344
345 res = shishi_principal_set (handle, authenticator, "cname", client);
346 if (res != SHISHI_OK)
347 return res;
348
349 return SHISHI_OK;
350 }
351
352 int
353 shishi_authenticator_ctime_get (Shishi * handle,
354 Shishi_asn1 authenticator, char *ctime)
355 {
356 int len;
357 int res;
358
359 len = GENERALIZEDTIME_TIME_LEN + 1;
360 res = shishi_asn1_read (handle, authenticator, "ctime", ctime, &len);
361 if (res == SHISHI_OK && len == GENERALIZEDTIME_TIME_LEN)
362 ctime[len] = '\0';
363
364 return res;
365 }
366
367 /**
368 * shishi_authenticator_ctime_set:
369 * @handle: shishi handle as allocated by shishi_init().
370 * @authenticator: Authenticator as allocated by shishi_authenticator().
371 * @ctime: string with generalized time value to store in Authenticator.
372 *
373 * Store client time in Authenticator.
374 *
375 * Return value: Returns SHISHI_OK iff successful.
376 **/
377 int
378 shishi_authenticator_ctime_set (Shishi * handle,
379 Shishi_asn1 authenticator, char *ctime)
380 {
381 int res;
382
383 res = shishi_asn1_write (handle, authenticator, "ctime",
384 ctime, GENERALIZEDTIME_TIME_LEN);
385 if (res != SHISHI_OK)
386 return res;
387
388 return SHISHI_OK;
389 }
390
391 /**
392 * shishi_authenticator_cusec_get:
393 * @handle: shishi handle as allocated by shishi_init().
394 * @authenticator: Authenticator as allocated by shishi_authenticator().
395 * @cusec: output integer with client microseconds field.
396 *
397 * Extract client microseconds field from Authenticator.
398 *
399 * Return value: Returns SHISHI_OK iff successful.
400 **/
401 int
402 shishi_authenticator_cusec_get (Shishi * handle,
403 Shishi_asn1 authenticator, int *cusec)
404 {
405 int res;
406
407 res = shishi_asn1_read_uint32 (handle, authenticator, "cusec", cusec);
408 if (res != SHISHI_OK)
409 return res;
410
411 return SHISHI_OK;
412 }
413
414 /**
415 * shishi_authenticator_cusec_set:
416 * @handle: shishi handle as allocated by shishi_init().
417 * @authenticator: authenticator as allocated by shishi_authenticator().
418 * @cusec: client microseconds to set in authenticator, 0-999999.
419 *
420 * Set the cusec field in the Authenticator.
421 *
422 * Return value: Returns SHISHI_OK iff successful.
423 **/
424 int
425 shishi_authenticator_cusec_set (Shishi * handle,
426 Shishi_asn1 authenticator, int cusec)
427 {
428 int res;
429
430 res = shishi_asn1_write_uint32 (handle, authenticator, "cusec", cusec);
431 if (res != SHISHI_OK)
432 return res;
433
434 return SHISHI_OK;
435 }
436
437 int
438 shishi_authenticator_cname_get (Shishi * handle,
439 Shishi_asn1 authenticator,
440 char *cname, int *cnamelen)
441 {
442 return shishi_principal_name_get (handle, authenticator,
443 "cname", cname, cnamelen);
444 }
445
446 int
447 shishi_authenticator_cnamerealm_get (Shishi * handle,
448 Shishi_asn1 authenticator,
449 char *cnamerealm, int *cnamerealmlen)
450 {
451 return shishi_principal_name_realm_get (handle, authenticator,
452 "cname",
453 authenticator,
454 "crealm",
455 cnamerealm, cnamerealmlen);
456 }
457
458 int
459 shishi_authenticator_remove_cksum (Shishi * handle, Shishi_asn1 authenticator)
460 {
461 int res;
462
463 /* XXX remove this function */
464
465 res = shishi_asn1_write (handle, authenticator, "cksum", NULL, 0);
466 if (res != SHISHI_OK)
467 return res;
468
469 return SHISHI_OK;
470 }
471
472 /**
473 * shishi_authenticator_cksum:
474 * @handle: shishi handle as allocated by shishi_init().
475 * @authenticator: authenticator as allocated by shishi_authenticator().
476 * @cksumtype: output checksum type.
477 * @cksum: output checksum data from authenticator.
478 * @cksumlen: on input, maximum size of output checksum data buffer,
479 * on output, actual size of output checksum data buffer.
480 *
481 * Read checksum value from authenticator.
482 *
483 * Return value: Returns SHISHI_OK iff successful.
484 **/
485 int
486 shishi_authenticator_cksum (Shishi * handle,
487 Shishi_asn1 authenticator,
488 int32_t * cksumtype,
489 char *cksum, size_t * cksumlen)
490 {
491 int res;
492
493 res = shishi_asn1_read_int32 (handle, authenticator,
494 "cksum.cksumtype", cksumtype);
495 if (res != SHISHI_OK)
496 return res;
497
498 res = shishi_asn1_read (handle, authenticator, "cksum.checksum",
499 cksum, cksumlen);
500 if (res != SHISHI_OK)
501 return res;
502
503 return SHISHI_OK;
504 }
505
506 /**
507 * shishi_authenticator_set_cksum:
508 * @handle: shishi handle as allocated by shishi_init().
509 * @authenticator: authenticator as allocated by shishi_authenticator().
510 * @cksumtype: input checksum type to store in authenticator.
511 * @cksum: input checksum data to store in authenticator.
512 * @cksumlen: size of input checksum data to store in authenticator.
513 *
514 * Store checksum value in authenticator. A checksum is usually created
515 * by calling shishi_checksum() on some application specific data using
516 * the key from the ticket that is being used. To save time, you may
517 * want to use shishi_authenticator_add_cksum() instead, which calculates
518 * the checksum and calls this function in one step.
519 *
520 * Return value: Returns SHISHI_OK iff successful.
521 **/
522 int
523 shishi_authenticator_set_cksum (Shishi * handle,
524 Shishi_asn1 authenticator,
525 int32_t cksumtype,
526 char *cksum, size_t cksumlen)
527 {
528 int res;
529
530 res = shishi_asn1_write_int32 (handle, authenticator,
531 "cksum.cksumtype", cksumtype);
532 if (res != SHISHI_OK)
533 return res;
534
535 res = shishi_asn1_write (handle, authenticator, "cksum.checksum",
536 cksum, cksumlen);
537 if (res != SHISHI_OK)
538 return res;
539
540 return SHISHI_OK;
541 }
542
543 /**
544 * shishi_authenticator_add_cksum:
545 * @handle: shishi handle as allocated by shishi_init().
546 * @authenticator: authenticator as allocated by shishi_authenticator().
547 * @key: key to to use for encryption.
548 * @keyusage: kerberos key usage value to use in encryption.
549 * @data: input array with data to calculate checksum on.
550 * @datalen: size of input array with data to calculate checksum on.
551 *
552 * Calculate checksum for data and store it in the authenticator.
553 *
554 * Return value: Returns SHISHI_OK iff successful.
555 **/
556 int
557 shishi_authenticator_add_cksum (Shishi * handle,
558 Shishi_asn1 authenticator,
559 Shishi_key * key,
560 int keyusage, char *data, int datalen)
561 {
562 return shishi_authenticator_add_cksum_type (handle, authenticator, key,
563 keyusage,
564 shishi_cipher_defaultcksumtype
565 (shishi_key_type (key)),
566 data, datalen);
567 }
568
569 /**
570 * shishi_authenticator_add_cksum_type:
571 * @handle: shishi handle as allocated by shishi_init().
572 * @authenticator: authenticator as allocated by shishi_authenticator().
573 * @key: key to to use for encryption.
574 * @keyusage: kerberos key usage value to use in encryption.
575 * @cksumtype: checksum to type to calculate checksum.
576 * @data: input array with data to calculate checksum on.
577 * @datalen: size of input array with data to calculate checksum on.
578 *
579 * Calculate checksum for data and store it in the authenticator.
580 *
581 * Return value: Returns SHISHI_OK iff successful.
582 **/
583 int
584 shishi_authenticator_add_cksum_type (Shishi * handle,
585 Shishi_asn1 authenticator,
586 Shishi_key * key,
587 int keyusage, int cksumtype,
588 char *data, int datalen)
589 {
590 int res;
591
592 if (data && datalen > 0)
593 {
594 char *cksum;
595 int cksumlen;
596
597 res = shishi_checksum (handle, key, keyusage, cksumtype,
598 data, datalen, &cksum, &cksumlen);
599 if (res != SHISHI_OK)
600 return res;
601
602 res = shishi_authenticator_set_cksum (handle, authenticator,
603 cksumtype, cksum, cksumlen);
604 free (cksum);
605 }
606 else
607 res = shishi_authenticator_remove_cksum (handle, authenticator);
608
609 return res;
610 }
611
612 /**
613 * shishi_authenticator_clear_authorizationdata:
614 * @handle: shishi handle as allocated by shishi_init().
615 * @authenticator: Authenticator as allocated by shishi_authenticator().
616 *
617 * Remove the authorization-data field from Authenticator.
618 *
619 * Return value: Returns SHISHI_OK iff successful.
620 **/
621 int
622 shishi_authenticator_clear_authorizationdata (Shishi * handle,
623 Shishi_asn1 authenticator)
624 {
625 int res;
626
627 res = shishi_asn1_write (handle, authenticator,
628 "authorization-data", NULL, 0);
629 if (res != SHISHI_OK)
630 return SHISHI_ASN1_ERROR;
631
632 return SHISHI_OK;
633 }
634
635 /**
636 * shishi_authenticator_add_authorizationdata:
637 * @handle: shishi handle as allocated by shishi_init().
638 * @authenticator: authenticator as allocated by shishi_authenticator().
639 * @adtype: input authorization data type to add.
640 * @addata: input authorization data to add.
641 * @addatalen: size of input authorization data to add.
642 *
643 * Add authorization data to authenticator.
644 *
645 * Return value: Returns SHISHI_OK iff successful.
646 **/
647 int
648 shishi_authenticator_add_authorizationdata (Shishi * handle,
649 Shishi_asn1 authenticator,
650 int adtype,
651 char *addata, int addatalen)
652 {
653 char *format;
654 int res;
655 int i;
656
657 res = shishi_asn1_write (handle, authenticator,
658 "authorization-data", "NEW", 1);
659 if (res != SHISHI_OK)
660 return res;
661
662 res = shishi_asn1_number_of_elements (handle, authenticator,
663 "authorization-data", &i);
664 if (res != SHISHI_OK)
665 return res;
666
667 asprintf (&format, "authorization-data.?%d.ad-type", i);
668 res = shishi_asn1_write_integer (handle, authenticator, format, adtype);
669 if (res != SHISHI_OK)
670 {
671 free (format);
672 return res;
673 }
674
675 sprintf (format, "authorization-data.?%d.ad-data", i);
676 res = shishi_asn1_write (handle, authenticator, format, addata, addatalen);
677 free (format);
678 if (res != SHISHI_OK)
679 return res;
680
681 return SHISHI_OK;
682 }
683
684 /**
685 * shishi_authenticator_authorizationdata:
686 * @handle: shishi handle as allocated by shishi_init().
687 * @authenticator: authenticator as allocated by shishi_authenticator().
688 * @adtype: output authorization data type.
689 * @addata: output authorization data.
690 * @addatalen: on input, maximum size of output authorization data,
691 * on output, actual size of authorization data.
692 * @nth: element number of authorization-data to extract.
693 *
694 * Extract n:th authorization data from authenticator. The first
695 * field is 1.
696 *
697 * Return value: Returns SHISHI_OK iff successful.
698 **/
699 int
700 shishi_authenticator_authorizationdata (Shishi * handle,
701 Shishi_asn1 authenticator,
702 int *adtype,
703 char *addata, int *addatalen, int nth)
704 {
705 char *format;
706 int res;
707 int i;
708
709 res = shishi_asn1_number_of_elements (handle, authenticator,
710 "authorization-data", &i);
711 if (res != SHISHI_OK)
712 return SHISHI_ASN1_ERROR;
713
714 if (nth > i)
715 return SHISHI_OUT_OF_RANGE;
716
717 asprintf (&format, "authorization-data.?%d.ad-type", nth);
718 res = shishi_asn1_read_int32 (handle, authenticator, format, adtype);
719 free (format);
720 if (res != SHISHI_OK)
721 return res;
722
723 asprintf (&format, "authorization-data.?%d.ad-data", i);
724 res = shishi_asn1_read (handle, authenticator, format, addata, addatalen);
725 free (format);
726 if (res != SHISHI_OK)
727 return res;
728
729 return SHISHI_OK;
730 }
731
732 /**
733 * shishi_authenticator_remove_subkey:
734 * @handle: shishi handle as allocated by shishi_init().
735 * @authenticator: authenticator as allocated by shishi_authenticator().
736 *
737 * Remove subkey from the authenticator.
738 *
739 * Return value: Returns SHISHI_OK iff successful.
740 **/
741 int
742 shishi_authenticator_remove_subkey (Shishi * handle, Shishi_asn1 authenticator)
743 {
744 int res;
745
746 res = shishi_asn1_write (handle, authenticator, "subkey", NULL, 0);
747 if (res != SHISHI_OK)
748 return res;
749
750 return SHISHI_OK;
751 }
752
753 /**
754 * shishi_authenticator_get_subkey:
755 * @handle: shishi handle as allocated by shishi_init().
756 * @authenticator: authenticator as allocated by shishi_authenticator().
757 * @subkey: output newly allocated subkey from authenticator.
758 *
759 * Read subkey value from authenticator.
760 *
761 * Return value: Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT
762 * if subkey is not present.
763 **/
764 int
765 shishi_authenticator_get_subkey (Shishi * handle,
766 Shishi_asn1 authenticator,
767 Shishi_key ** subkey)
768 {
769 int res;
770 int subkeytype;
771 char * subkeyvalue;
772 size_t subkeylen;
773 int n;
774
775 res = shishi_asn1_number_of_elements (handle, authenticator,
776 "subkey", &n);
777 if (res != SHISHI_OK)
778 return res;
779
780 res = shishi_asn1_read_int32 (handle, authenticator,
781 "subkey.keytype", &subkeytype);
782 if (res != SHISHI_OK)
783 return res;
784
785 res = shishi_asn1_read2 (handle, authenticator, "subkey.keyvalue",
786 &subkeyvalue, &subkeylen);
787 if (res != SHISHI_OK)
788 return res;
789
790 res = shishi_key (handle, subkey);
791 if (res != SHISHI_OK)
792 return res;
793
794 shishi_key_type_set (*subkey, subkeytype);
795 shishi_key_value_set (*subkey, subkeyvalue);
796
797 return SHISHI_OK;
798 }
799
800 /**
801 * shishi_authenticator_set_subkey:
802 * @handle: shishi handle as allocated by shishi_init().
803 * @authenticator: authenticator as allocated by shishi_authenticator().
804 * @subkeytype: input subkey type to store in authenticator.
805 * @subkey: input subkey data to store in authenticator.
806 * @subkeylen: size of input subkey data to store in authenticator.
807 *
808 * Store subkey value in authenticator. A subkey is usually created
809 * by calling shishi_key_random() using the default encryption type of
810 * the key from the ticket that is being used. To save time, you may
811 * want to use shishi_authenticator_add_subkey() instead, which calculates
812 * the subkey and calls this function in one step.
813 *
814 * Return value: Returns SHISHI_OK iff successful.
815 **/
816 int
817 shishi_authenticator_set_subkey (Shishi * handle,
818 Shishi_asn1 authenticator,
819 int32_t subkeytype,
820 char *subkey, size_t subkeylen)
821 {
822 int res;
823
824 res = shishi_asn1_write_int32 (handle, authenticator,
825 "subkey.keytype", subkeytype);
826 if (res != SHISHI_OK)
827 return res;
828
829 res = shishi_asn1_write (handle, authenticator, "subkey.keyvalue",
830 subkey, subkeylen);
831 if (res != SHISHI_OK)
832 return res;
833
834 return SHISHI_OK;
835 }
836
837 /**
838 * shishi_authenticator_add_random_subkey:
839 * @handle: shishi handle as allocated by shishi_init().
840 * @authenticator: authenticator as allocated by shishi_authenticator().
841 *
842 * Generate random subkey and store it in the authenticator.
843 *
844 * Return value: Returns SHISHI_OK iff successful.
845 **/
846 int
847 shishi_authenticator_add_random_subkey (Shishi * handle,
848 Shishi_asn1 authenticator)
849 {
850 int res;
851 int * etypes;
852 Shishi_key * subkey;
853
854 res = shishi_cfg_clientkdcetype (handle, &etypes);
855 if (!res)
856 return res;
857
858 res = shishi_key_random (handle, etypes[0], &subkey);
859 if (res != SHISHI_OK)
860 return res;
861
862 res = shishi_authenticator_set_subkey (handle, authenticator,
863 shishi_key_type (subkey),
864 shishi_key_value (subkey),
865 shishi_key_length (subkey));
866
867 shishi_key_done (subkey);
868
869 return res;
870 }
871
872 /**
873 * shishi_authenticator_add_subkey:
874 * @handle: shishi handle as allocated by shishi_init().
875 * @authenticator: authenticator as allocated by shishi_authenticator().
876 * @subkey: subkey to add to authenticator.
877 *
878 * Store subkey in the authenticator.
879 *
880 * Return value: Returns SHISHI_OK iff successful.
881 **/
882 int
883 shishi_authenticator_add_subkey (Shishi * handle,
884 Shishi_asn1 authenticator,
885 Shishi_key * subkey)
886 {
887 int res;
888 int * etypes;
889
890 res = shishi_cfg_clientkdcetype (handle, &etypes);
891 if (res != SHISHI_OK)
892 return res;
893
894 res = shishi_authenticator_set_subkey (handle, authenticator,
895 shishi_key_type (subkey),
896 shishi_key_value (subkey),
897 shishi_key_length (subkey));
898
899 return res;
900 }
Free Kerberos V5 implementation