1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* ... copyright ... */
3
4 /*
5 * Novell key-format scheme:
6 *
7 * KrbKeySet ::= SEQUENCE {
8 * attribute-major-vno [0] UInt16,
9 * attribute-minor-vno [1] UInt16,
10 * kvno [2] UInt32,
11 * mkvno [3] UInt32 OPTIONAL,
12 * keys [4] SEQUENCE OF KrbKey,
13 * ...
14 * }
15 *
16 * KrbKey ::= SEQUENCE {
17 * salt [0] KrbSalt OPTIONAL,
18 * key [1] EncryptionKey,
19 * s2kparams [2] OCTET STRING OPTIONAL,
20 * ...
21 * }
22 *
23 * KrbSalt ::= SEQUENCE {
24 * type [0] Int32,
25 * salt [1] OCTET STRING OPTIONAL
26 * }
27 *
28 * EncryptionKey ::= SEQUENCE {
29 * keytype [0] Int32,
30 * keyvalue [1] OCTET STRING
31 * }
32 *
33 */
34
35 #include <k5-int.h>
36 #include <kdb.h>
37
38 #include "krbasn1.h"
39 #include "asn1_encode.h"
40
41 #ifdef ENABLE_LDAP
42
43 /************************************************************************/
44 /* Encode the Principal's keys */
45 /************************************************************************/
46
47 /*
48 * Imports from asn1_k_encode.c.
49 * XXX Must be manually synchronized for now.
50 */
51 IMPORT_TYPE(int32, int32_t);
52
53 DEFINTTYPE(int16, int16_t);
54 DEFINTTYPE(uint16, uint16_t);
55
56 DEFCOUNTEDSTRINGTYPE(ui2_octetstring, uint8_t *, uint16_t,
57 k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
58 ASN1_OCTETSTRING);
59
60 static int
is_value_present(const void * p)61 is_value_present(const void *p)
62 {
63 const krb5_key_data *val = p;
64 return (val->key_data_length[1] != 0);
65 }
66 DEFCOUNTEDTYPE(krbsalt_salt, krb5_key_data, key_data_contents[1],
67 key_data_length[1], ui2_octetstring);
68 DEFOPTIONALTYPE(krbsalt_salt_if_present, is_value_present, NULL, krbsalt_salt);
69 DEFFIELD(krbsalt_0, krb5_key_data, key_data_type[1], 0, int16);
70 DEFCTAGGEDTYPE(krbsalt_1, 1, krbsalt_salt_if_present);
71 static const struct atype_info *krbsalt_fields[] = {
72 &k5_atype_krbsalt_0, &k5_atype_krbsalt_1
73 };
74 DEFSEQTYPE(krbsalt, krb5_key_data, krbsalt_fields);
75
76 DEFFIELD(encryptionkey_0, krb5_key_data, key_data_type[0], 0, int16);
77 DEFCNFIELD(encryptionkey_1, krb5_key_data, key_data_contents[0],
78 key_data_length[0], 1, ui2_octetstring);
79 static const struct atype_info *encryptionkey_fields[] = {
80 &k5_atype_encryptionkey_0, &k5_atype_encryptionkey_1
81 };
82 DEFSEQTYPE(encryptionkey, krb5_key_data, encryptionkey_fields);
83
84 static int
is_salt_present(const void * p)85 is_salt_present(const void *p)
86 {
87 const krb5_key_data *val = p;
88 return val->key_data_ver > 1;
89 }
90 static void
no_salt(void * p)91 no_salt(void *p)
92 {
93 krb5_key_data *val = p;
94 val->key_data_ver = 1;
95 }
96 DEFOPTIONALTYPE(key_data_salt_if_present, is_salt_present, no_salt, krbsalt);
97 DEFCTAGGEDTYPE(key_data_0, 0, key_data_salt_if_present);
98 DEFCTAGGEDTYPE(key_data_1, 1, encryptionkey);
99 static const struct atype_info *key_data_fields[] = {
100 &k5_atype_key_data_0, &k5_atype_key_data_1
101 };
102 DEFSEQTYPE(key_data, krb5_key_data, key_data_fields);
103 DEFPTRTYPE(ptr_key_data, key_data);
104 DEFCOUNTEDSEQOFTYPE(cseqof_key_data, int16_t, ptr_key_data);
105
106 DEFINT_IMMEDIATE(one, 1, ASN1_BAD_FORMAT);
107 DEFCTAGGEDTYPE(ldap_key_seq_0, 0, one);
108 DEFCTAGGEDTYPE(ldap_key_seq_1, 1, one);
109 DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, uint16);
110 DEFFIELD(ldap_key_seq_3, ldap_seqof_key_data, mkvno, 3, int32);
111 DEFCNFIELD(ldap_key_seq_4, ldap_seqof_key_data, key_data, n_key_data, 4,
112 cseqof_key_data);
113 static const struct atype_info *ldap_key_seq_fields[] = {
114 &k5_atype_ldap_key_seq_0, &k5_atype_ldap_key_seq_1,
115 &k5_atype_ldap_key_seq_2, &k5_atype_ldap_key_seq_3,
116 &k5_atype_ldap_key_seq_4
117 };
118 DEFSEQTYPE(ldap_key_seq, ldap_seqof_key_data, ldap_key_seq_fields);
119
120 /* Export a function to do the whole encoding. */
121 MAKE_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq);
122 MAKE_DECODER(krb5int_ldap_decode_sequence_of_keys, ldap_key_seq);
123
124 #endif
125