2 * Copyright (C) 2002, 2003 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 Shishi_asn1 authenticator
;
32 Shishi_asn1 encapreppart
;
33 int authenticatorcksumkeyusage
;
34 int authenticatorkeyusage
;
35 int authenticatorcksumtype
;
36 char *authenticatorcksumdata
;
37 size_t authenticatorcksumdatalen
;
42 * @handle: shishi handle as allocated by shishi_init().
43 * @ap: pointer to new structure that holds information about AP exchange
45 * Create a new AP exchange.
47 * Return value: Returns SHISHI_OK iff successful.
50 shishi_ap (Shishi
* handle
, Shishi_ap
** ap
)
54 res
= shishi_ap_nosubkey (handle
, ap
);
57 shishi_error_printf (handle
, "Could not create Authenticator: %s\n",
58 shishi_error (handle
));
62 res
= shishi_authenticator_add_random_subkey (handle
, (*ap
)->authenticator
);
65 shishi_error_printf (handle
, "Could not add random subkey in AP: %s\n",
66 shishi_strerror (res
));
75 * @handle: shishi handle as allocated by shishi_init().
76 * @ap: pointer to new structure that holds information about AP exchange
78 * Create a new AP exchange without subkey in authenticator.
80 * Return value: Returns SHISHI_OK iff successful.
83 shishi_ap_nosubkey (Shishi
* handle
, Shishi_ap
** ap
)
87 *ap
= xcalloc (1, sizeof (**ap
));
91 lap
->authenticatorcksumtype
= SHISHI_NO_CKSUMTYPE
;
92 lap
->authenticatorcksumkeyusage
= SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR_CKSUM
;
93 lap
->authenticatorkeyusage
= SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR
;
95 lap
->authenticator
= shishi_authenticator (handle
);
96 if (lap
->authenticator
== NULL
)
98 shishi_error_printf (handle
, "Could not create Authenticator: %s\n",
99 shishi_error (handle
));
100 return SHISHI_ASN1_ERROR
;
103 lap
->apreq
= shishi_apreq (handle
);
104 if (lap
->apreq
== NULL
)
106 shishi_error_printf (handle
, "Could not create AP-REQ: %s\n",
107 shishi_error (handle
));
108 return SHISHI_ASN1_ERROR
;
111 lap
->aprep
= shishi_aprep (handle
);
112 if (lap
->aprep
== NULL
)
114 shishi_error_printf (handle
, "Could not create AP-REP: %s\n",
115 shishi_error (handle
));
116 return SHISHI_ASN1_ERROR
;
119 lap
->encapreppart
= shishi_encapreppart (handle
);
120 if (lap
->encapreppart
== NULL
)
122 shishi_error_printf (handle
, "Could not create EncAPRepPart: %s\n",
123 shishi_error (handle
));
124 return SHISHI_ASN1_ERROR
;
132 * @ap: structure that holds information about AP exchange
134 * Deallocate resources associated with AP exchange. This should be
135 * called by the application when it no longer need to utilize the AP
139 shishi_ap_done (Shishi_ap
* ap
)
141 shishi_asn1_done (ap
->handle
, ap
->authenticator
);
142 shishi_asn1_done (ap
->handle
, ap
->apreq
);
143 shishi_asn1_done (ap
->handle
, ap
->aprep
);
144 shishi_asn1_done (ap
->handle
, ap
->encapreppart
);
149 * shishi_ap_set_tktoptions:
150 * @ap: structure that holds information about AP exchange
151 * @tkt: ticket to set in AP.
152 * @options: AP-REQ options to set in AP.
154 * Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ
155 * apoptions (see shishi_apreq_options_set()).
157 * Return value: Returns SHISHI_OK iff successful.
160 shishi_ap_set_tktoptions (Shishi_ap
* ap
, Shishi_tkt
* tkt
, int options
)
164 shishi_ap_tkt_set (ap
, tkt
);
166 rc
= shishi_apreq_options_set (ap
->handle
, shishi_ap_req (ap
), options
);
169 printf ("Could not set AP-Options: %s", shishi_strerror (rc
));
177 * shishi_ap_set_tktoptionsdata:
178 * @ap: structure that holds information about AP exchange
179 * @tkt: ticket to set in AP.
180 * @options: AP-REQ options to set in AP.
181 * @data: input array with data to checksum in Authenticator.
182 * @len: length of input array with data to checksum in Authenticator.
184 * Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ
185 * apoptions (see shishi_apreq_options_set()) and set the
186 * Authenticator checksum data.
188 * Return value: Returns SHISHI_OK iff successful.
191 shishi_ap_set_tktoptionsdata (Shishi_ap
* ap
,
193 int options
, const char *data
, size_t len
)
197 shishi_ap_tkt_set (ap
, tkt
);
199 rc
= shishi_apreq_options_set (ap
->handle
, shishi_ap_req (ap
), options
);
202 printf ("Could not set AP-Options: %s", shishi_strerror (rc
));
206 shishi_ap_authenticator_cksumdata_set (ap
, data
, len
);
212 * shishi_ap_set_tktoptionsasn1usage:
213 * @ap: structure that holds information about AP exchange
214 * @tkt: ticket to set in AP.
215 * @options: AP-REQ options to set in AP.
216 * @node: input ASN.1 structure to store as authenticator checksum data.
217 * @field: field in ASN.1 structure to use.
218 * @authenticatorcksumkeyusage: key usage for checksum in authenticator.
219 * @authenticatorkeyusage: key usage for authenticator.
221 * Set ticket, options and authenticator checksum data using
222 * shishi_ap_set_tktoptionsdata(). The authenticator checksum data is
223 * the DER encoding of the ASN.1 field provided.
225 * Return value: Returns SHISHI_OK iff successful.
228 shishi_ap_set_tktoptionsasn1usage (Shishi_ap
* ap
,
233 int authenticatorcksumkeyusage
,
234 int authenticatorkeyusage
)
240 res
= shishi_a2d_new_field (ap
->handle
, node
, field
, &buf
, &buflen
);
241 if (res
!= SHISHI_OK
)
244 /* XXX what is this? */
245 memmove (buf
, buf
+ 2, buflen
- 2);
248 res
= shishi_ap_set_tktoptionsdata (ap
, tkt
, options
, buf
, buflen
);
249 if (res
!= SHISHI_OK
)
252 ap
->authenticatorcksumkeyusage
= authenticatorcksumkeyusage
;
253 ap
->authenticatorkeyusage
= authenticatorkeyusage
;
259 * shishi_ap_tktoptions:
260 * @handle: shishi handle as allocated by shishi_init().
261 * @ap: pointer to new structure that holds information about AP exchange
262 * @tkt: ticket to set in newly created AP.
263 * @options: AP-REQ options to set in newly created AP.
265 * Create a new AP exchange using shishi_ap(), and set the ticket and
266 * AP-REQ apoptions using shishi_ap_set_tktoption().
268 * Return value: Returns SHISHI_OK iff successful.
271 shishi_ap_tktoptions (Shishi
* handle
,
272 Shishi_ap
** ap
, Shishi_tkt
* tkt
, int options
)
276 rc
= shishi_ap (handle
, ap
);
280 rc
= shishi_ap_set_tktoptions (*ap
, tkt
, options
);
288 * shishi_ap_tktoptionsdata:
289 * @handle: shishi handle as allocated by shishi_init().
290 * @ap: pointer to new structure that holds information about AP exchange
291 * @tkt: ticket to set in newly created AP.
292 * @options: AP-REQ options to set in newly created AP.
293 * @data: input array with data to checksum in Authenticator.
294 * @len: length of input array with data to checksum in Authenticator.
296 * Create a new AP exchange using shishi_ap(), and set the ticket,
297 * AP-REQ apoptions and the Authenticator checksum data using
298 * shishi_ap_set_tktoptionsdata().
300 * Return value: Returns SHISHI_OK iff successful.
303 shishi_ap_tktoptionsdata (Shishi
* handle
,
305 Shishi_tkt
* tkt
, int options
,
306 const char *data
, size_t len
)
310 rc
= shishi_ap (handle
, ap
);
314 rc
= shishi_ap_set_tktoptionsdata (*ap
, tkt
, options
, data
, len
);
322 * shishi_ap_tktoptionsasn1usage:
323 * @handle: shishi handle as allocated by shishi_init().
324 * @ap: pointer to new structure that holds information about AP exchange
325 * @tkt: ticket to set in newly created AP.
326 * @options: AP-REQ options to set in newly created AP.
327 * @node: input ASN.1 structure to store as authenticator checksum data.
328 * @field: field in ASN.1 structure to use.
329 * @authenticatorcksumkeyusage: key usage for checksum in authenticator.
330 * @authenticatorkeyusage: key usage for authenticator.
332 * Create a new AP exchange using shishi_ap(), and set ticket, options
333 * and authenticator checksum data from the DER encoding of the ASN.1
334 * field using shishi_ap_set_tktoptionsasn1usage().
336 * Return value: Returns SHISHI_OK iff successful.
339 shishi_ap_tktoptionsasn1usage (Shishi
* handle
,
345 int authenticatorcksumkeyusage
,
346 int authenticatorkeyusage
)
350 rc
= shishi_ap (handle
, ap
);
354 rc
= shishi_ap_set_tktoptionsasn1usage (*ap
, tkt
, options
,
356 authenticatorcksumkeyusage
,
357 authenticatorkeyusage
);
366 * @ap: structure that holds information about AP exchange
368 * Return value: Returns the ticket from the AP exchange, or NULL if
369 * not yet set or an error occured.
372 shishi_ap_tkt (Shishi_ap
* ap
)
379 * @ap: structure that holds information about AP exchange
380 * @tkt: ticket to store in AP.
382 * Set the Ticket in the AP exchange.
385 shishi_ap_tkt_set (Shishi_ap
* ap
, Shishi_tkt
* tkt
)
391 * shishi_ap_authenticatorcksumdata:
392 * @ap: structure that holds information about AP exchange
393 * @out: output array that holds authenticator checksum data.
394 * @len: on input, maximum length of output array that holds
395 * authenticator checksum data, on output actual length of
396 * output array that holds authenticator checksum data.
398 * Return value: Returns SHISHI_OK if successful, or
399 * SHISHI_TOO_SMALL_BUFFER if buffer provided was too small.
402 shishi_ap_authenticator_cksumdata (Shishi_ap
* ap
, char *out
, size_t * len
)
404 if (*len
< ap
->authenticatorcksumdatalen
)
405 return SHISHI_TOO_SMALL_BUFFER
;
406 if (ap
->authenticatorcksumdata
)
407 memcpy (out
, ap
->authenticatorcksumdata
, ap
->authenticatorcksumdatalen
);
408 *len
= ap
->authenticatorcksumdatalen
;
413 * shishi_ap_authenticator_cksumdata_set:
414 * @ap: structure that holds information about AP exchange
415 * @authenticatorcksumdata: input array with authenticator checksum
417 * @authenticatorcksumdatalen: length of input array with authenticator
418 * checksum data to use in AP.
420 * Set the Authenticator Checksum Data in the AP exchange.
423 shishi_ap_authenticator_cksumdata_set (Shishi_ap
* ap
,
424 const char *authenticatorcksumdata
,
425 size_t authenticatorcksumdatalen
)
427 ap
->authenticatorcksumdata
= authenticatorcksumdata
;
428 ap
->authenticatorcksumdatalen
= authenticatorcksumdatalen
;
432 * shishi_ap_authenticatorcksumtype:
433 * @ap: structure that holds information about AP exchange
435 * Get the Authenticator Checksum Type in the AP exchange.
437 * Return value: Return the authenticator checksum type.
440 shishi_ap_authenticator_cksumtype (Shishi_ap
* ap
)
442 return ap
->authenticatorcksumtype
;
446 * shishi_ap_authenticator_cksumtype_set:
447 * @ap: structure that holds information about AP exchange
448 * @cksumtype: authenticator checksum type to set in AP.
450 * Set the Authenticator Checksum Type in the AP exchange.
453 shishi_ap_authenticator_cksumtype_set (Shishi_ap
* ap
, int cksumtype
)
455 ap
->authenticatorcksumtype
= cksumtype
;
459 * shishi_ap_authenticator:
460 * @ap: structure that holds information about AP exchange
462 * Return value: Returns the Authenticator from the AP exchange, or
463 * NULL if not yet set or an error occured.
467 shishi_ap_authenticator (Shishi_ap
* ap
)
469 return ap
->authenticator
;
473 * shishi_ap_authenticator_set:
474 * @ap: structure that holds information about AP exchange
475 * @authenticator: authenticator to store in AP.
477 * Set the Authenticator in the AP exchange.
480 shishi_ap_authenticator_set (Shishi_ap
* ap
, Shishi_asn1 authenticator
)
482 if (ap
->authenticator
)
483 shishi_asn1_done (ap
->handle
, ap
->authenticator
);
484 ap
->authenticator
= authenticator
;
489 * @ap: structure that holds information about AP exchange
491 * Return value: Returns the AP-REQ from the AP exchange, or NULL if
492 * not yet set or an error occured.
495 shishi_ap_req (Shishi_ap
* ap
)
503 * @ap: structure that holds information about AP exchange
504 * @apreq: apreq to store in AP.
506 * Set the AP-REQ in the AP exchange.
509 shishi_ap_req_set (Shishi_ap
* ap
, Shishi_asn1 apreq
)
512 shishi_asn1_done (ap
->handle
, ap
->apreq
);
518 * @ap: structure that holds information about AP exchange
519 * @out: pointer to output array with der encoding of AP-REQ.
520 * @outlen: pointer to length of output array with der encoding of AP-REQ.
522 * Build AP-REQ using shishi_ap_req_build() and DER encode it. @out
523 * is allocated by this function, and it is the responsibility of
524 * caller to deallocate it.
526 * Return value: Returns SHISHI_OK iff successful.
529 shishi_ap_req_der (Shishi_ap
* ap
, char **out
, size_t * outlen
)
533 rc
= shishi_ap_req_build (ap
);
537 rc
= shishi_new_a2d (ap
->handle
, ap
->apreq
, out
, outlen
);
545 * shishi_ap_req_der_set:
546 * @ap: structure that holds information about AP exchange
547 * @der: input array with DER encoded AP-REQ.
548 * @derlen: length of input array with DER encoded AP-REQ.
550 * DER decode AP-REQ and set it AP exchange. If decoding fails, the
551 * AP-REQ in the AP exchange is lost.
553 * Return value: Returns SHISHI_OK.
556 shishi_ap_req_der_set (Shishi_ap
* ap
, char *der
, size_t derlen
)
558 ap
->apreq
= shishi_der2asn1_apreq (ap
->handle
, der
, derlen
);
563 return SHISHI_ASN1_ERROR
;
567 * shishi_ap_req_build:
568 * @ap: structure that holds information about AP exchange
570 * Checksum data in authenticator and add ticket and authenticator to
573 * Return value: Returns SHISHI_OK iff successful.
576 shishi_ap_req_build (Shishi_ap
* ap
)
581 if (VERBOSE (ap
->handle
))
582 printf ("Building AP-REQ...\n");
584 res
= shishi_apreq_set_ticket (ap
->handle
, ap
->apreq
,
585 shishi_tkt_ticket (ap
->tkt
));
586 if (res
!= SHISHI_OK
)
588 shishi_error_printf (ap
->handle
, "Could not set ticket in AP-REQ: %s\n",
589 shishi_error (ap
->handle
));
593 cksumtype
= shishi_ap_authenticator_cksumtype (ap
);
594 if (cksumtype
== SHISHI_NO_CKSUMTYPE
)
595 res
= shishi_authenticator_add_cksum (ap
->handle
, ap
->authenticator
,
596 shishi_tkt_key (ap
->tkt
),
597 ap
->authenticatorcksumkeyusage
,
598 ap
->authenticatorcksumdata
,
599 ap
->authenticatorcksumdatalen
);
601 res
= shishi_authenticator_add_cksum_type (ap
->handle
, ap
->authenticator
,
602 shishi_tkt_key (ap
->tkt
),
603 ap
->authenticatorcksumkeyusage
,
605 ap
->authenticatorcksumdata
,
606 ap
->authenticatorcksumdatalen
);
607 if (res
!= SHISHI_OK
)
609 shishi_error_printf (ap
->handle
,
610 "Could not add checksum to authenticator: %s\n",
611 shishi_error (ap
->handle
));
615 if (VERBOSE (ap
->handle
))
616 printf ("Got Authenticator...\n");
618 if (VERBOSEASN1 (ap
->handle
))
619 shishi_authenticator_print (ap
->handle
, stdout
, ap
->authenticator
);
621 res
= shishi_apreq_add_authenticator (ap
->handle
, ap
->apreq
,
622 shishi_tkt_key (ap
->tkt
),
623 ap
->authenticatorkeyusage
,
625 if (res
!= SHISHI_OK
)
627 shishi_error_printf (ap
->handle
, "Could not set authenticator: %s\n",
628 shishi_error (ap
->handle
));
632 if (VERBOSEASN1 (ap
->handle
))
633 shishi_apreq_print (ap
->handle
, stdout
, ap
->apreq
);
639 * shishi_ap_req_process_keyusage:
640 * @ap: structure that holds information about AP exchange
641 * @key: cryptographic key used to decrypt ticket in AP-REQ.
642 * @keyusage: key usage to use during decryption, for normal
643 * AP-REQ's this is normally SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR,
644 * for AP-REQ's part of TGS-REQ's, this is normally
645 * SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR.
647 * Decrypt ticket in AP-REQ using supplied key and decrypt
648 * Authenticator in AP-REQ using key in decrypted ticket, and on
649 * success set the Ticket and Authenticator fields in the AP exchange.
651 * Return value: Returns SHISHI_OK iff successful.
654 shishi_ap_req_process_keyusage (Shishi_ap
* ap
,
655 Shishi_key
* key
, int32_t keyusage
)
657 Shishi_asn1 ticket
, authenticator
;
662 if (VERBOSEASN1 (ap
->handle
))
663 shishi_apreq_print (ap
->handle
, stdout
, ap
->apreq
);
665 rc
= shishi_apreq_get_ticket (ap
->handle
, ap
->apreq
, &ticket
);
668 shishi_error_printf (ap
->handle
,
669 "Could not extract ticket from AP-REQ: %s\n",
670 shishi_strerror (rc
));
674 if (VERBOSEASN1 (ap
->handle
))
675 shishi_ticket_print (ap
->handle
, stdout
, ticket
);
677 tkt
= shishi_tkt2 (ap
->handle
, ticket
, NULL
, NULL
);
679 rc
= shishi_tkt_decrypt (tkt
, key
);
682 shishi_error_printf (ap
->handle
, "Error decrypting ticket: %s\n",
683 shishi_strerror (rc
));
687 rc
= shishi_encticketpart_get_key (ap
->handle
,
688 shishi_tkt_encticketpart (tkt
), &tktkey
);
691 shishi_error_printf (ap
->handle
, "Could not get key from ticket: %s\n",
692 shishi_strerror (rc
));
696 if (VERBOSEASN1 (ap
->handle
))
697 shishi_encticketpart_print (ap
->handle
, stdout
,
698 shishi_tkt_encticketpart (tkt
));
700 rc
= shishi_apreq_decrypt (ap
->handle
, ap
->apreq
, tktkey
,
701 keyusage
, &authenticator
);
704 shishi_error_printf (ap
->handle
, "Error decrypting apreq: %s\n",
705 shishi_strerror (rc
));
709 /* XXX? verify checksum in authenticator. */
711 if (VERBOSEASN1 (ap
->handle
))
712 shishi_authenticator_print (ap
->handle
, stdout
, authenticator
);
715 ap
->authenticator
= authenticator
;
721 * shishi_ap_req_process:
722 * @ap: structure that holds information about AP exchange
723 * @key: cryptographic key used to decrypt ticket in AP-REQ.
725 * Decrypt ticket in AP-REQ using supplied key and decrypt
726 * Authenticator in AP-REQ using key in decrypted ticket, and on
727 * success set the Ticket and Authenticator fields in the AP exchange.
729 * Return value: Returns SHISHI_OK iff successful.
732 shishi_ap_req_process (Shishi_ap
* ap
, Shishi_key
* key
)
734 return shishi_ap_req_process_keyusage (ap
, key
,
735 SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR
);
739 * shishi_ap_req_asn1:
740 * @ap: structure that holds information about AP exchange
741 * @apreq: output AP-REQ variable.
743 * Build AP-REQ using shishi_ap_req_build() and return it.
745 * Return value: Returns SHISHI_OK iff successful.
748 shishi_ap_req_asn1 (Shishi_ap
* ap
, Shishi_asn1
* apreq
)
752 rc
= shishi_ap_req_build (ap
);
763 * @ap: structure that holds information about AP exchange
765 * Extract the application key from AP. If subkeys are used, it is
766 * taken from the Authenticator, otherwise the session key is used.
768 * Return value: Return application key from AP.
771 shishi_ap_key (Shishi_ap
* ap
)
775 /* XXX do real check if subkey is present, don't just assume error
778 rc
= shishi_authenticator_get_subkey (ap
->handle
, ap
->authenticator
,
781 ap
->key
= shishi_tkt_key (ap
->tkt
);
788 * @ap: structure that holds information about AP exchange
790 * Return value: Returns the AP-REP from the AP exchange, or NULL if
791 * not yet set or an error occured.
794 shishi_ap_rep (Shishi_ap
* ap
)
801 * @ap: structure that holds information about AP exchange
802 * @aprep: aprep to store in AP.
804 * Set the AP-REP in the AP exchange.
807 shishi_ap_rep_set (Shishi_ap
* ap
, Shishi_asn1 aprep
)
810 shishi_asn1_done (ap
->handle
, ap
->aprep
);
816 * @ap: structure that holds information about AP exchange
817 * @out: output array with newly allocated DER encoding of AP-REP.
818 * @outlen: length of output array with DER encoding of AP-REP.
820 * Build AP-REP using shishi_ap_rep_build() and DER encode it. @out
821 * is allocated by this function, and it is the responsibility of
822 * caller to deallocate it.
824 * Return value: Returns SHISHI_OK iff successful.
827 shishi_ap_rep_der (Shishi_ap
* ap
, char **out
, size_t * outlen
)
831 rc
= shishi_ap_rep_build (ap
);
835 rc
= shishi_new_a2d (ap
->handle
, ap
->aprep
, out
, outlen
);
843 * shishi_ap_rep_der_set:
844 * @ap: structure that holds information about AP exchange
845 * @der: input array with DER encoded AP-REP.
846 * @derlen: length of input array with DER encoded AP-REP.
848 * DER decode AP-REP and set it AP exchange. If decoding fails, the
849 * AP-REP in the AP exchange remains.
851 * Return value: Returns SHISHI_OK.
854 shishi_ap_rep_der_set (Shishi_ap
* ap
, char *der
, size_t derlen
)
858 aprep
= shishi_der2asn1_aprep (ap
->handle
, der
, derlen
);
861 return SHISHI_ASN1_ERROR
;
869 * shishi_ap_rep_build:
870 * @ap: structure that holds information about AP exchange
872 * Checksum data in authenticator and add ticket and authenticator to
875 * Return value: Returns SHISHI_OK iff successful.
878 shishi_ap_rep_build (Shishi_ap
* ap
)
883 if (VERBOSE (ap
->handle
))
884 printf ("Building AP-REP...\n");
886 aprep
= shishi_aprep (ap
->handle
);
887 rc
= shishi_aprep_enc_part_make (ap
->handle
, aprep
, ap
->authenticator
,
888 shishi_tkt_encticketpart (ap
->tkt
));
891 shishi_error_printf (ap
->handle
, "Error creating AP-REP: %s\n",
892 shishi_strerror (rc
));
896 if (VERBOSEASN1 (ap
->handle
))
897 shishi_aprep_print (ap
->handle
, stdout
, aprep
);
899 shishi_ap_rep_set (ap
, aprep
);
905 * shishi_ap_rep_asn1:
906 * @ap: structure that holds information about AP exchange
907 * @aprep: output AP-REP variable.
909 * Build AP-REP using shishi_ap_rep_build() and return it.
911 * Return value: Returns SHISHI_OK iff successful.
914 shishi_ap_rep_asn1 (Shishi_ap
* ap
, Shishi_asn1
* aprep
)
918 rc
= shishi_ap_rep_build (ap
);
928 * shishi_ap_rep_verify:
929 * @ap: structure that holds information about AP exchange
931 * Verify AP-REP compared to Authenticator.
933 * Return value: Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an
937 shishi_ap_rep_verify (Shishi_ap
* ap
)
941 if (VERBOSE (ap
->handle
))
942 printf ("Decrypting AP-REP...\n");
944 if (VERBOSEASN1 (ap
->handle
))
945 shishi_aprep_print (ap
->handle
, stdout
, ap
->aprep
);
947 res
= shishi_aprep_decrypt (ap
->handle
, ap
->aprep
,
948 shishi_tkt_key (ap
->tkt
),
949 SHISHI_KEYUSAGE_ENCAPREPPART
,
951 if (res
!= SHISHI_OK
)
954 if (VERBOSEASN1 (ap
->handle
))
955 shishi_encapreppart_print (ap
->handle
, stdout
, ap
->encapreppart
);
957 res
= shishi_aprep_verify (ap
->handle
, ap
->authenticator
, ap
->encapreppart
);
958 if (res
!= SHISHI_OK
)
961 if (VERBOSE (ap
->handle
))
962 printf ("Verified AP-REP successfully...\n");
968 * shishi_ap_rep_verify_der:
969 * @ap: structure that holds information about AP exchange
970 * @der: input array with DER encoded AP-REP.
971 * @derlen: length of input array with DER encoded AP-REP.
973 * DER decode AP-REP and set it in AP exchange using
974 * shishi_ap_rep_der_set() and verify it using shishi_ap_rep_verify().
976 * Return value: Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an
980 shishi_ap_rep_verify_der (Shishi_ap
* ap
, char *der
, size_t derlen
)
984 res
= shishi_ap_rep_der_set (ap
, der
, derlen
);
985 if (res
!= SHISHI_OK
)
988 res
= shishi_ap_rep_verify (ap
);
989 if (res
!= SHISHI_OK
)
996 * shishi_ap_rep_verify_asn1:
997 * @ap: structure that holds information about AP exchange
998 * @aprep: input AP-REP.
1000 * Set the AP-REP in the AP exchange using shishi_ap_rep_set() and
1001 * verify it using shishi_ap_rep_verify().
1003 * Return value: Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an
1007 shishi_ap_rep_verify_asn1 (Shishi_ap
* ap
, Shishi_asn1 aprep
)
1011 shishi_ap_rep_set (ap
, aprep
);
1013 res
= shishi_ap_rep_verify (ap
);
1014 if (res
!= SHISHI_OK
)
1022 * @ap: structure that holds information about AP exchange
1024 * Return value: Returns the EncAPREPPart from the AP exchange, or
1025 * NULL if not yet set or an error occured.
1028 shishi_ap_encapreppart (Shishi_ap
* ap
)
1030 return ap
->encapreppart
;
1034 * shishi_ap_encapreppart_set:
1035 * @ap: structure that holds information about AP exchange
1036 * @encapreppart: EncAPRepPart to store in AP.
1038 * Set the EncAPRepPart in the AP exchange.
1041 shishi_ap_encapreppart_set (Shishi_ap
* ap
, Shishi_asn1 encapreppart
)
1043 if (ap
->encapreppart
)
1044 shishi_asn1_done (ap
->handle
, ap
->encapreppart
);
1045 ap
->encapreppart
= encapreppart
;
1048 #define APOPTION_RESERVED "reserved"
1049 #define APOPTION_USE_SESSION_KEY "use-session-key"
1050 #define APOPTION_MUTUAL_REQUIRED "mutual-required"
1051 #define APOPTION_UNKNOWN "unknown"
1054 * shishi_ap_option2string:
1055 * @option: enumerated AP-Option type, see Shishi_apoptions.
1057 * Convert AP-Option type to AP-Option name string. Note that @option
1058 * must be just one of the AP-Option types, it cannot be an binary
1059 * ORed indicating several AP-Options.
1061 * Return value: Returns static string with name of AP-Option that
1062 * must not be deallocated, or "unknown" if AP-Option was not understood.
1065 shishi_ap_option2string (Shishi_apoptions option
)
1071 case SHISHI_APOPTIONS_RESERVED
:
1072 str
= APOPTION_RESERVED
;
1075 case SHISHI_APOPTIONS_USE_SESSION_KEY
:
1076 str
= APOPTION_USE_SESSION_KEY
;
1079 case SHISHI_APOPTIONS_MUTUAL_REQUIRED
:
1080 str
= APOPTION_MUTUAL_REQUIRED
;
1084 str
= APOPTION_UNKNOWN
;
1092 * shishi_ap_string2option:
1093 * @str: zero terminated character array with name of AP-Option,
1094 * e.g. "use-session-key".
1096 * Convert AP-Option name to AP-Option type.
1098 * Return value: Returns enumerated type member corresponding to AP-Option,
1099 * or 0 if string was not understood.
1102 shishi_ap_string2option (const char *str
)
1106 if (strcasecmp (str
, APOPTION_RESERVED
) == 0)
1107 option
= SHISHI_APOPTIONS_RESERVED
;
1108 else if (strcasecmp (str
, APOPTION_USE_SESSION_KEY
) == 0)
1109 option
= SHISHI_APOPTIONS_USE_SESSION_KEY
;
1110 else if (strcasecmp (str
, APOPTION_MUTUAL_REQUIRED
) == 0)
1111 option
= SHISHI_APOPTIONS_MUTUAL_REQUIRED
;
1113 option
= strtol (str
, (char **) NULL
, 0);