search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix.
[shishi.git] / lib / ap.c
bloba5cbe3cfa3b6141caea9bbcb925999fa539d4c57
1 /* ap.c AP functions
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "internal.h"
23
24 struct Shishi_ap
25 {
26 Shishi *handle;
27 Shishi_tkt *tkt;
28 Shishi_asn1 authenticator;
29 Shishi_asn1 apreq;
30 Shishi_asn1 aprep;
31 Shishi_asn1 encapreppart;
32 int authenticatorcksumkeyusage;
33 int authenticatorkeyusage;
34 char *authenticatorcksumdata;
35 int authenticatorcksumdatalen;
36 };
37
38 /**
39 * shishi_ap:
40 * @handle: shishi handle as allocated by shishi_init().
41 * @ap: pointer to new structure that holds information about AP exchange
42 *
43 * Create a new AP exchange.
44 *
45 * Return value: Returns SHISHI_OK iff successful.
46 **/
47 int
48 shishi_ap (Shishi * handle, Shishi_ap ** ap)
49 {
50 Shishi_ap *lap;
51
52 *ap = malloc (sizeof (**ap));
53 if (*ap == NULL)
54 return SHISHI_MALLOC_ERROR;
55 lap = *ap;
56 memset (lap, 0, sizeof (*lap));
57
58 lap->handle = handle;
59 lap->authenticatorcksumkeyusage = SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR_CKSUM;
60 lap->authenticatorkeyusage = SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR;
61
62 lap->authenticator = shishi_authenticator (handle);
63 if (lap->authenticator == NULL)
64 {
65 shishi_error_printf (handle, "Could not create Authenticator: %s\n",
66 shishi_strerror_details (handle));
67 return SHISHI_ASN1_ERROR;
68 }
69
70 lap->apreq = shishi_apreq (handle);
71 if (lap->apreq == NULL)
72 {
73 shishi_error_printf (handle, "Could not create AP-REQ: %s\n",
74 shishi_strerror_details (handle));
75 return SHISHI_ASN1_ERROR;
76 }
77
78 lap->aprep = shishi_aprep (handle);
79 if (lap->aprep == NULL)
80 {
81 shishi_error_printf (handle, "Could not create AP-REP: %s\n",
82 shishi_strerror_details (handle));
83 return SHISHI_ASN1_ERROR;
84 }
85
86 lap->encapreppart = shishi_encapreppart (handle);
87 if (lap->encapreppart == NULL)
88 {
89 shishi_error_printf (handle, "Could not create EncAPRepPart: %s\n",
90 shishi_strerror_details (handle));
91 return SHISHI_ASN1_ERROR;
92 }
93
94 return SHISHI_OK;
95 }
96
97 /**
98 * shishi_ap_set_tktoptions:
99 * @ap: structure that holds information about AP exchange
100 * @tkt: ticket to set in AP.
101 * @options: AP-REQ options to set in AP.
102 *
103 * Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ
104 * apoptions (see shishi_apreq_options_set()).
105 *
106 * Return value: Returns SHISHI_OK iff successful.
107 **/
108 int
109 shishi_ap_set_tktoptions (Shishi_ap * ap, Shishi_tkt * tkt, int options)
110 {
111 int rc;
112
113 shishi_ap_tkt_set (ap, tkt);
114
115 rc = shishi_apreq_options_set (ap->handle, shishi_ap_req (ap), options);
116 if (rc != SHISHI_OK)
117 {
118 printf ("Could not set AP-Options: %s", shishi_strerror (rc));
119 return rc;
120 }
121
122 return SHISHI_OK;
123 }
124
125 /**
126 * shishi_ap_set_tktoptionsdata:
127 * @ap: structure that holds information about AP exchange
128 * @tkt: ticket to set in AP.
129 * @options: AP-REQ options to set in AP.
130 * @data: input array with data to checksum in Authenticator.
131 * @len: length of input array with data to checksum in Authenticator.
132 *
133 * Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ
134 * apoptions (see shishi_apreq_options_set()) and set the
135 * Authenticator checksum data.
136 *
137 * Return value: Returns SHISHI_OK iff successful.
138 **/
139 int
140 shishi_ap_set_tktoptionsdata (Shishi_ap * ap,
141 Shishi_tkt * tkt,
142 int options, char *data, int len)
143 {
144 int rc;
145
146 shishi_ap_tkt_set (ap, tkt);
147
148 rc = shishi_apreq_options_set (ap->handle, shishi_ap_req (ap), options);
149 if (rc != SHISHI_OK)
150 {
151 printf ("Could not set AP-Options: %s", shishi_strerror (rc));
152 return rc;
153 }
154
155 shishi_ap_authenticator_cksumdata_set (ap, data, len);
156
157 return SHISHI_OK;
158 }
159
160 /**
161 * shishi_ap_set_tktoptionsasn1:
162 * @ap: structure that holds information about AP exchange
163 * @tkt: ticket to set in AP.
164 * @options: AP-REQ options to set in AP.
165 * @node: input ASN.1 structure to store as authenticator checksum data.
166 *
167 * Set ticket, options and authenticator checksum data using
168 * shishi_ap_set_tktoptionsdata(). The authenticator checksum data is
169 * the DER encoding of the ASN.1 structure provided.
170 *
171 * Return value: Returns SHISHI_OK iff successful.
172 **/
173 int
174 shishi_ap_set_tktoptionsasn1usage (Shishi_ap * ap,
175 Shishi_tkt * tkt,
176 int options,
177 Shishi_asn1 node,
178 char *field,
179 int authenticatorcksumkeyusage,
180 int authenticatorkeyusage)
181 {
182 char *buf;
183 int buflen;
184 int res;
185
186 res = shishi_a2d_new_field (ap->handle, node, field, &buf, &buflen);
187 if (res != SHISHI_OK)
188 return res;
189
190 /* XXX what is this? */
191 memmove (buf, buf + 2, buflen - 2);
192 buflen -= 2;
193
194 res = shishi_ap_set_tktoptionsdata (ap, tkt, options, buf, buflen);
195 if (res != SHISHI_OK)
196 return res;
197
198 ap->authenticatorcksumkeyusage = authenticatorcksumkeyusage;
199 ap->authenticatorkeyusage = authenticatorkeyusage;
200
201 return SHISHI_OK;
202 }
203
204 /**
205 * shishi_ap_tktoptions:
206 * @handle: shishi handle as allocated by shishi_init().
207 * @ap: pointer to new structure that holds information about AP exchange
208 * @tkt: ticket to set in newly created AP.
209 * @options: AP-REQ options to set in newly created AP.
210 *
211 * Create a new AP exchange using shishi_ap(), and set the ticket and
212 * AP-REQ apoptions using shishi_ap_set_tktoption().
213 *
214 * Return value: Returns SHISHI_OK iff successful.
215 **/
216 int
217 shishi_ap_tktoptions (Shishi * handle,
218 Shishi_ap ** ap, Shishi_tkt * tkt, int options)
219 {
220 int rc;
221
222 rc = shishi_ap (handle, ap);
223 if (rc != SHISHI_OK)
224 return rc;
225
226 rc = shishi_ap_set_tktoptions (*ap, tkt, options);
227 if (rc != SHISHI_OK)
228 return rc;
229
230 return SHISHI_OK;
231 }
232
233 /**
234 * shishi_ap_tktoptionsdata:
235 * @handle: shishi handle as allocated by shishi_init().
236 * @ap: pointer to new structure that holds information about AP exchange
237 * @tkt: ticket to set in newly created AP.
238 * @options: AP-REQ options to set in newly created AP.
239 * @data: input array with data to checksum in Authenticator.
240 * @len: length of input array with data to checksum in Authenticator.
241 *
242 * Create a new AP exchange using shishi_ap(), and set the ticket,
243 * AP-REQ apoptions and the Authenticator checksum data using
244 * shishi_ap_set_tktoptionsdata().
245 *
246 * Return value: Returns SHISHI_OK iff successful.
247 **/
248 int
249 shishi_ap_tktoptionsdata (Shishi * handle,
250 Shishi_ap ** ap,
251 Shishi_tkt * tkt, int options, char *data, int len)
252 {
253 int rc;
254
255 rc = shishi_ap (handle, ap);
256 if (rc != SHISHI_OK)
257 return rc;
258
259 rc = shishi_ap_set_tktoptionsdata (*ap, tkt, options, data, len);
260 if (rc != SHISHI_OK)
261 return rc;
262
263 return SHISHI_OK;
264 }
265
266 /**
267 * shishi_ap_tktoptionsasn1:
268 * @handle: shishi handle as allocated by shishi_init().
269 * @ap: pointer to new structure that holds information about AP exchange
270 * @tkt: ticket to set in newly created AP.
271 * @options: AP-REQ options to set in newly created AP.
272 * @node: input ASN.1 structure to store as authenticator checksum data.
273 *
274 * Create a new AP exchange using shishi_ap(), and set ticket, options
275 * and authenticator checksum data from the DER encoding of the ASN.1
276 * field using shishi_ap_set_tktoptionsasn1usage().
277 *
278 * Return value: Returns SHISHI_OK iff successful.
279 **/
280 int
281 shishi_ap_tktoptionsasn1usage (Shishi * handle,
282 Shishi_ap ** ap,
283 Shishi_tkt * tkt,
284 int options,
285 Shishi_asn1 node,
286 char *field,
287 int authenticatorcksumkeyusage,
288 int authenticatorkeyusage)
289 {
290 int rc;
291
292 rc = shishi_ap (handle, ap);
293 if (rc != SHISHI_OK)
294 return rc;
295
296 rc = shishi_ap_set_tktoptionsasn1usage (*ap, tkt, options,
297 node, field,
298 authenticatorcksumkeyusage,
299 authenticatorkeyusage);
300 if (rc != SHISHI_OK)
301 return rc;
302
303 return SHISHI_OK;
304 }
305
306 /**
307 * shishi_ap_tkt:
308 * @ap: structure that holds information about AP exchange
309 *
310 * Return value: Returns the ticket from the AP exchange, or NULL if
311 * not yet set or an error occured.
312 **/
313 Shishi_tkt *
314 shishi_ap_tkt (Shishi_ap * ap)
315 {
316 return ap->tkt;
317 }
318
319 /**
320 * shishi_ap_tkt_set:
321 * @ap: structure that holds information about AP exchange
322 * @tkt: ticket to store in AP.
323 *
324 * Set the Ticket in the AP exchange.
325 **/
326 void
327 shishi_ap_tkt_set (Shishi_ap * ap, Shishi_tkt * tkt)
328 {
329 ap->tkt = tkt;
330 }
331
332 /**
333 * shishi_ap_authenticatorcksumdata:
334 * @ap: structure that holds information about AP exchange
335 * @out: output array that holds authenticator checksum data.
336 * @len: on input, maximum length of output array that holds
337 * authenticator checksum data, on output actual length of
338 * output array that holds authenticator checksum data.
339 *
340 * Return value: Returns SHISHI_OK if successful, or
341 * SHISHI_TOO_SMALL_BUFFER if buffer provided was too small.
342 **/
343 int
344 shishi_ap_authenticator_cksumdata (Shishi_ap * ap, char *out, int *len)
345 {
346 if (*len < ap->authenticatorcksumdatalen)
347 return SHISHI_TOO_SMALL_BUFFER;
348 if (ap->authenticatorcksumdata)
349 memcpy (out, ap->authenticatorcksumdata, ap->authenticatorcksumdatalen);
350 *len = ap->authenticatorcksumdatalen;
351 return SHISHI_OK;
352 }
353
354 /**
355 * shishi_ap_authenticator_cksumdata_set:
356 * @ap: structure that holds information about AP exchange
357 * @authenticatorcksumdata: input array with authenticator checksum
358 * data to use in AP.
359 * @authenticatorcksumdata: length of input array with authenticator
360 * checksum data to use in AP.
361 *
362 * Set the Authenticator Checksum Data in the AP exchange.
363 **/
364 void
365 shishi_ap_authenticator_cksumdata_set (Shishi_ap * ap,
366 char *authenticatorcksumdata,
367 int authenticatorcksumdatalen)
368 {
369 ap->authenticatorcksumdata = authenticatorcksumdata;
370 ap->authenticatorcksumdatalen = authenticatorcksumdatalen;
371 }
372
373 /**
374 * shishi_ap_authenticator:
375 * @ap: structure that holds information about AP exchange
376 *
377 * Return value: Returns the Authenticator from the AP exchange, or
378 * NULL if not yet set or an error occured.
379 **/
380 Shishi_asn1
381 shishi_ap_authenticator (Shishi_ap * ap)
382 {
383 return ap->authenticator;
384 }
385
386 /**
387 * shishi_ap_authenticator_set:
388 * @ap: structure that holds information about AP exchange
389 * @authenticator: authenticator to store in AP.
390 *
391 * Set the Authenticator in the AP exchange.
392 **/
393 void
394 shishi_ap_authenticator_set (Shishi_ap * ap, Shishi_asn1 authenticator)
395 {
396 if (ap->authenticator)
397 shishi_asn1_done (ap->handle, ap->authenticator);
398 ap->authenticator = authenticator;
399 }
400
401 /**
402 * shishi_ap_req:
403 * @ap: structure that holds information about AP exchange
404 *
405 * Return value: Returns the AP-REQ from the AP exchange, or NULL if
406 * not yet set or an error occured.
407 **/
408 Shishi_asn1
409 shishi_ap_req (Shishi_ap * ap)
410 {
411 return ap->apreq;
412 }
413
414
415 /**
416 * shishi_ap_req_set:
417 * @ap: structure that holds information about AP exchange
418 * @apreq: apreq to store in AP.
419 *
420 * Set the AP-REQ in the AP exchange.
421 **/
422 void
423 shishi_ap_req_set (Shishi_ap * ap, Shishi_asn1 apreq)
424 {
425 if (ap->apreq)
426 shishi_asn1_done (ap->handle, ap->apreq);
427 ap->apreq = apreq;
428 }
429
430 /**
431 * shishi_ap_req_der:
432 * @ap: structure that holds information about AP exchange
433 * @out: output array with der encoding of AP-REQ.
434 * @outlen: length of output array with der encoding of AP-REQ.
435 *
436 * Build AP-REQ using shishi_ap_req_build() and DER encode it.
437 *
438 * Return value: Returns SHISHI_OK iff successful.
439 **/
440 int
441 shishi_ap_req_der (Shishi_ap * ap, char *out, int *outlen)
442 {
443 int rc;
444
445 rc = shishi_ap_req_build (ap);
446 if (rc != SHISHI_OK)
447 return rc;
448
449 rc = shishi_a2d (ap->handle, ap->apreq, out, outlen);
450 if (rc != SHISHI_OK)
451 return rc;
452
453 return SHISHI_OK;
454 }
455
456 /**
457 * shishi_ap_req_der_new:
458 * @ap: structure that holds information about AP exchange
459 * @out: pointer to output array with der encoding of AP-REQ.
460 * @outlen: pointer to length of output array with der encoding of AP-REQ.
461 *
462 * Build AP-REQ using shishi_ap_req_build() and DER encode it. @out
463 * is allocated by this function, and it is the responsibility of
464 * caller to deallocate it.
465 *
466 * Return value: Returns SHISHI_OK iff successful.
467 **/
468 int
469 shishi_ap_req_der_new (Shishi_ap * ap, char **out, int *outlen)
470 {
471 int rc;
472
473 rc = shishi_ap_req_build (ap);
474 if (rc != SHISHI_OK)
475 return rc;
476
477 rc = shishi_new_a2d (ap->handle, ap->apreq, out, outlen);
478 if (rc != SHISHI_OK)
479 return rc;
480
481 return SHISHI_OK;
482 }
483
484 /**
485 * shishi_ap_req_der_set:
486 * @ap: structure that holds information about AP exchange
487 * @der: input array with DER encoded AP-REQ.
488 * @derlen: length of input array with DER encoded AP-REQ.
489 *
490 * DER decode AP-REQ and set it AP exchange. If decoding fails, the
491 * AP-REQ in the AP exchange is lost.
492 *
493 * Return value: Returns SHISHI_OK.
494 **/
495 int
496 shishi_ap_req_der_set (Shishi_ap * ap, char *der, size_t derlen)
497 {
498 ap->apreq = shishi_der2asn1_apreq (ap->handle, der, derlen);
499
500 if (ap->apreq)
501 return SHISHI_OK;
502 else
503 return SHISHI_ASN1_ERROR;
504 }
505
506 /**
507 * shishi_ap_req_build:
508 * @ap: structure that holds information about AP exchange
509 *
510 * Checksum data in authenticator and add ticket and authenticator to
511 * AP-REQ.
512 *
513 * Return value: Returns SHISHI_OK iff successful.
514 **/
515 int
516 shishi_ap_req_build (Shishi_ap * ap)
517 {
518 int res;
519
520 if (VERBOSE (ap->handle))
521 printf ("Building AP-REQ...\n");
522
523 res = shishi_apreq_set_ticket (ap->handle, ap->apreq,
524 shishi_tkt_ticket (ap->tkt));
525 if (res != SHISHI_OK)
526 {
527 shishi_error_printf (ap->handle, "Could not set ticket in AP-REQ: %s\n",
528 shishi_strerror_details (ap->handle));
529 return res;
530 }
531
532 res = shishi_authenticator_add_cksum (ap->handle, ap->authenticator,
533 shishi_tkt_key (ap->tkt),
534 ap->authenticatorcksumkeyusage,
535 ap->authenticatorcksumdata,
536 ap->authenticatorcksumdatalen);
537 if (res != SHISHI_OK)
538 {
539 shishi_error_printf (ap->handle,
540 "Could not add checksum to authenticator: %s\n",
541 shishi_strerror_details (ap->handle));
542 return res;
543 }
544
545 if (VERBOSE (ap->handle))
546 printf ("Got Authenticator...\n");
547
548 if (VERBOSEASN1 (ap->handle))
549 shishi_authenticator_print (ap->handle, stdout, ap->authenticator);
550
551 res = shishi_apreq_add_authenticator (ap->handle, ap->apreq,
552 shishi_tkt_key (ap->tkt),
553 ap->authenticatorkeyusage,
554 ap->authenticator);
555 if (res != SHISHI_OK)
556 {
557 shishi_error_printf (ap->handle, "Could not set authenticator: %s\n",
558 shishi_strerror_details (ap->handle));
559 return res;
560 }
561
562 if (VERBOSEASN1 (ap->handle))
563 shishi_apreq_print (ap->handle, stdout, ap->apreq);
564
565 return SHISHI_OK;
566 }
567
568 /**
569 * shishi_ap_req_process:
570 * @ap: structure that holds information about AP exchange
571 *
572 * Decrypt ticket in AP-REQ using supplied key and decrypt
573 * Authenticator in AP-REQ using key in decrypted ticket, and on
574 * success set the Ticket and Authenticator fields in the AP exchange.
575 *
576 * Return value: Returns SHISHI_OK iff successful.
577 **/
578 int
579 shishi_ap_req_process (Shishi_ap * ap, Shishi_key * key)
580 {
581 Shishi_asn1 ticket, authenticator;
582 Shishi_tkt *tkt;
583 Shishi_key *tktkey;
584 int rc;
585
586 if (VERBOSEASN1 (ap->handle))
587 shishi_apreq_print (ap->handle, stdout, ap->apreq);
588
589 rc = shishi_apreq_get_ticket (ap->handle, ap->apreq, &ticket);
590 if (rc != SHISHI_OK)
591 {
592 shishi_error_printf (ap->handle,
593 "Could not extract ticket from AP-REQ: %s\n",
594 shishi_strerror (rc));
595 return rc;
596 }
597
598 tkt = shishi_tkt2 (ap->handle, ticket, NULL, NULL);
599
600 rc = shishi_tkt_decrypt (tkt, key);
601 if (rc != SHISHI_OK)
602 {
603 shishi_error_printf (ap->handle, "Error decrypting ticket: %s\n",
604 shishi_strerror (rc));
605 return rc;
606 }
607
608 rc = shishi_encticketpart_get_key (ap->handle,
609 shishi_tkt_encticketpart (tkt), &tktkey);
610 if (rc != SHISHI_OK)
611 {
612 shishi_error_printf (ap->handle, "Could not get key from ticket: %s\n",
613 shishi_strerror (rc));
614 return rc;
615 }
616
617 if (VERBOSEASN1 (ap->handle))
618 shishi_encticketpart_print (ap->handle, stdout,
619 shishi_tkt_encticketpart (tkt));
620
621 rc = shishi_apreq_decrypt (ap->handle, ap->apreq, tktkey, SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR, /* XXX */
622 &authenticator);
623 if (rc != SHISHI_OK)
624 {
625 shishi_error_printf (ap->handle, "Error decrypting apreq: %s\n",
626 shishi_strerror (rc));
627 return rc;
628 }
629
630 if (VERBOSEASN1 (ap->handle))
631 shishi_authenticator_print (ap->handle, stdout, ap->authenticator);
632
633 ap->tkt = tkt;
634 ap->authenticator = authenticator;
635
636 return SHISHI_OK;
637 }
638
639 /**
640 * shishi_ap_req_asn1:
641 * @ap: structure that holds information about AP exchange
642 * @apreq: output AP-REQ variable.
643 *
644 * Build AP-REQ using shishi_ap_req_build() and return it.
645 *
646 * Return value: Returns SHISHI_OK iff successful.
647 **/
648 int
649 shishi_ap_req_asn1 (Shishi_ap * ap, Shishi_asn1 * apreq)
650 {
651 int rc;
652
653 rc = shishi_ap_req_build (ap);
654 if (rc != SHISHI_OK)
655 return rc;
656
657 *apreq = ap->apreq;
658
659 return SHISHI_OK;
660 }
661
662 /**
663 * shishi_ap_rep:
664 * @ap: structure that holds information about AP exchange
665 *
666 * Return value: Returns the AP-REP from the AP exchange, or NULL if
667 * not yet set or an error occured.
668 **/
669 Shishi_asn1
670 shishi_ap_rep (Shishi_ap * ap)
671 {
672 return ap->aprep;
673 }
674
675 /**
676 * shishi_ap_rep_set:
677 * @ap: structure that holds information about AP exchange
678 * @aprep: aprep to store in AP.
679 *
680 * Set the AP-REP in the AP exchange.
681 **/
682 void
683 shishi_ap_rep_set (Shishi_ap * ap, Shishi_asn1 aprep)
684 {
685 if (ap->aprep)
686 shishi_asn1_done (ap->handle, ap->aprep);
687 ap->aprep = aprep;
688 }
689
690 /**
691 * shishi_ap_rep_der:
692 * @ap: structure that holds information about AP exchange
693 * @out: output array with der encoding of AP-REP.
694 * @outlen: length of output array with der encoding of AP-REP.
695 *
696 * Build AP-REP using shishi_ap_rep_build() and DER encode it.
697 *
698 * Return value: Returns SHISHI_OK iff successful.
699 **/
700 int
701 shishi_ap_rep_der (Shishi_ap * ap, char *out, size_t * outlen)
702 {
703 int rc;
704
705 rc = shishi_ap_rep_build (ap);
706 if (rc != SHISHI_OK)
707 return rc;
708
709 rc = shishi_a2d (ap->handle, ap->aprep, out, outlen);
710 if (rc != SHISHI_OK)
711 return rc;
712
713 return SHISHI_OK;
714 }
715
716 /**
717 * shishi_ap_rep_der_set:
718 * @ap: structure that holds information about AP exchange
719 * @der: input array with DER encoded AP-REP.
720 * @derlen: length of input array with DER encoded AP-REP.
721 *
722 * DER decode AP-REP and set it AP exchange. If decoding fails, the
723 * AP-REP in the AP exchange remains.
724 *
725 * Return value: Returns SHISHI_OK.
726 **/
727 int
728 shishi_ap_rep_der_set (Shishi_ap * ap, char *der, size_t derlen)
729 {
730 Shishi_asn1 aprep;
731
732 aprep = shishi_der2asn1_aprep (ap->handle, der, derlen);
733
734 if (!aprep)
735 return SHISHI_ASN1_ERROR;
736
737 ap->aprep = aprep;
738
739 return SHISHI_OK;
740 }
741
742 /**
743 * shishi_ap_rep_build:
744 * @ap: structure that holds information about AP exchange
745 *
746 * Checksum data in authenticator and add ticket and authenticator to
747 * AP-REQ.
748 *
749 * Return value: Returns SHISHI_OK iff successful.
750 **/
751 int
752 shishi_ap_rep_build (Shishi_ap * ap)
753 {
754 Shishi_asn1 aprep;
755 int rc;
756
757 if (VERBOSE (ap->handle))
758 printf ("Building AP-REP...\n");
759
760 aprep = shishi_aprep (ap->handle);
761 rc = shishi_aprep_enc_part_make (ap->handle, aprep, ap->authenticator,
762 shishi_tkt_encticketpart (ap->tkt));
763 if (rc != SHISHI_OK)
764 {
765 shishi_error_printf (ap->handle, "Error creating AP-REP: %s\n",
766 shishi_strerror (rc));
767 return rc;
768 }
769
770 if (VERBOSEASN1 (ap->handle))
771 shishi_aprep_print (ap->handle, stdout, aprep);
772
773 shishi_ap_rep_set (ap, aprep);
774
775 return SHISHI_OK;
776 }
777
778 /**
779 * shishi_ap_rep_asn1:
780 * @ap: structure that holds information about AP exchange
781 * @apreq: output AP-REP variable.
782 *
783 * Build AP-REP using shishi_ap_rep_build() and return it.
784 *
785 * Return value: Returns SHISHI_OK iff successful.
786 **/
787 int
788 shishi_ap_rep_asn1 (Shishi_ap * ap, Shishi_asn1 * aprep)
789 {
790 int rc;
791
792 rc = shishi_ap_rep_build (ap);
793 if (rc != SHISHI_OK)
794 return rc;
795
796 *aprep = ap->aprep;
797
798 return SHISHI_OK;
799 }
800
801 /**
802 * shishi_ap_rep_verify:
803 * @ap: structure that holds information about AP exchange
804 *
805 * Verify AP-REP compared to Authenticator.
806 *
807 * Return value: Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an
808 * error.
809 **/
810 int
811 shishi_ap_rep_verify (Shishi_ap * ap)
812 {
813 int res;
814
815 if (VERBOSE (ap->handle))
816 printf ("Decrypting AP-REP...\n");
817
818 if (VERBOSEASN1 (ap->handle))
819 shishi_aprep_print (ap->handle, stdout, ap->aprep);
820
821 res = shishi_aprep_decrypt (ap->handle, ap->aprep,
822 shishi_tkt_key (ap->tkt),
823 SHISHI_KEYUSAGE_ENCAPREPPART,
824 &ap->encapreppart);
825 if (res != SHISHI_OK)
826 return res;
827
828 if (VERBOSEASN1 (ap->handle))
829 shishi_encapreppart_print (ap->handle, stdout, ap->encapreppart);
830
831 res = shishi_aprep_verify (ap->handle, ap->authenticator, ap->encapreppart);
832 if (res != SHISHI_OK)
833 return res;
834
835 if (VERBOSE (ap->handle))
836 printf ("Verified AP-REP successfully...\n");
837
838 return SHISHI_OK;
839 }
840
841 /**
842 * shishi_ap_rep_verify_der:
843 * @ap: structure that holds information about AP exchange
844 * @der: input array with DER encoded AP-REP.
845 * @derlen: length of input array with DER encoded AP-REP.
846 *
847 * DER decode AP-REP and set it in AP exchange using
848 * shishi_ap_rep_der_set() and verify it using shishi_ap_rep_verify().
849 *
850 * Return value: Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an
851 * error.
852 **/
853 int
854 shishi_ap_rep_verify_der (Shishi_ap * ap, char *der, size_t derlen)
855 {
856 int res;
857
858 res = shishi_ap_rep_der_set (ap, der, derlen);
859 if (res != SHISHI_OK)
860 return res;
861
862 res = shishi_ap_rep_verify (ap);
863 if (res != SHISHI_OK)
864 return res;
865
866 return SHISHI_OK;
867 }
868
869 /**
870 * shishi_ap_rep_verify_asn1:
871 * @ap: structure that holds information about AP exchange
872 * @aprep: input AP-REP.
873 *
874 * Set the AP-REP in the AP exchange using shishi_ap_rep_set() and
875 * verify it using shishi_ap_rep_verify().
876 *
877 * Return value: Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an
878 * error.
879 **/
880 int
881 shishi_ap_rep_verify_asn1 (Shishi_ap * ap, Shishi_asn1 aprep)
882 {
883 int res;
884
885 shishi_ap_rep_set (ap, aprep);
886
887 res = shishi_ap_rep_verify (ap);
888 if (res != SHISHI_OK)
889 return res;
890
891 return SHISHI_OK;
892 }
893
894 /**
895 * shishi_ap_rep:
896 * @ap: structure that holds information about AP exchange
897 *
898 * Return value: Returns the EncAPREPPart from the AP exchange, or
899 * NULL if not yet set or an error occured.
900 **/
901 Shishi_asn1
902 shishi_ap_encapreppart (Shishi_ap * ap)
903 {
904 return ap->encapreppart;
905 }
906
907 /**
908 * shishi_ap_encapreppart_set:
909 * @ap: structure that holds information about AP exchange
910 * @encapreppart: EncAPRepPart to store in AP.
911 *
912 * Set the EncAPRepPart in the AP exchange.
913 **/
914 void
915 shishi_ap_encapreppart_set (Shishi_ap * ap, Shishi_asn1 encapreppart)
916 {
917 if (ap->encapreppart)
918 shishi_asn1_done (ap->handle, ap->encapreppart);
919 ap->encapreppart = encapreppart;
920 }
921
922 #define APOPTION_RESERVED "reserved"
923 #define APOPTION_USE_SESSION_KEY "use-session-key"
924 #define APOPTION_MUTUAL_REQUIRED "mutual-required"
925 #define APOPTION_UNKNOWN "unknown"
926
927 const char *
928 shishi_ap_option2string (int option)
929 {
930 char *str;
931
932 switch (option)
933 {
934 case SHISHI_APOPTIONS_RESERVED:
935 str = APOPTION_RESERVED;
936 break;
937
938 case SHISHI_APOPTIONS_USE_SESSION_KEY:
939 str = APOPTION_USE_SESSION_KEY;
940 break;
941
942 case SHISHI_APOPTIONS_MUTUAL_REQUIRED:
943 str = APOPTION_MUTUAL_REQUIRED;
944 break;
945
946 default:
947 str = APOPTION_UNKNOWN;
948 break;
949 }
950
951 return str;
952 }
953
954 int
955 shishi_ap_string2option (const char *str)
956 {
957 int option;
958
959 if (strcasecmp (str, APOPTION_RESERVED) == 0)
960 option = SHISHI_APOPTIONS_RESERVED;
961 else if (strcasecmp (str, APOPTION_USE_SESSION_KEY) == 0)
962 option = SHISHI_APOPTIONS_USE_SESSION_KEY;
963 else if (strcasecmp (str, APOPTION_MUTUAL_REQUIRED) == 0)
964 option = SHISHI_APOPTIONS_MUTUAL_REQUIRED;
965 else
966 option = strtol (str, (char **) NULL, 0);
967
968 return option;
969 }
Free Kerberos V5 implementation