1*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 2*7c478bd9Sstevel@tonic-gate 3*7c478bd9Sstevel@tonic-gate /* 4*7c478bd9Sstevel@tonic-gate * src/lib/krb5/asn.1/asn1_k_encode.c 5*7c478bd9Sstevel@tonic-gate * 6*7c478bd9Sstevel@tonic-gate * Copyright 1994 by the Massachusetts Institute of Technology. 7*7c478bd9Sstevel@tonic-gate * All Rights Reserved. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 10*7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 11*7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 12*7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 15*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 16*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 17*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 18*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 19*7c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 20*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 21*7c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 22*7c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 23*7c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 24*7c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 25*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 26*7c478bd9Sstevel@tonic-gate * or implied warranty. 27*7c478bd9Sstevel@tonic-gate */ 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include "asn1_k_encode.h" 30*7c478bd9Sstevel@tonic-gate #include "asn1_make.h" 31*7c478bd9Sstevel@tonic-gate #include "asn1_encode.h" 32*7c478bd9Sstevel@tonic-gate #include <assert.h> 33*7c478bd9Sstevel@tonic-gate 34*7c478bd9Sstevel@tonic-gate /**** asn1 macros ****/ 35*7c478bd9Sstevel@tonic-gate #if 0 36*7c478bd9Sstevel@tonic-gate How to write an asn1 encoder function using these macros: 37*7c478bd9Sstevel@tonic-gate 38*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_krb5_substructure(asn1buf *buf, 39*7c478bd9Sstevel@tonic-gate const krb5_type *val, 40*7c478bd9Sstevel@tonic-gate int *retlen) 41*7c478bd9Sstevel@tonic-gate { 42*7c478bd9Sstevel@tonic-gate asn1_setup(); 43*7c478bd9Sstevel@tonic-gate 44*7c478bd9Sstevel@tonic-gate asn1_addfield(val->last_field, n, asn1_type); 45*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->next_to_last_field, n-1, asn1_type); 46*7c478bd9Sstevel@tonic-gate ... 47*7c478bd9Sstevel@tonic-gate 48*7c478bd9Sstevel@tonic-gate /* for OPTIONAL fields */ 49*7c478bd9Sstevel@tonic-gate if(rep->field_i == should_not_be_omitted) 50*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->field_i, i, asn1_type); 51*7c478bd9Sstevel@tonic-gate 52*7c478bd9Sstevel@tonic-gate /* for string fields (these encoders take an additional argument, 53*7c478bd9Sstevel@tonic-gate the length of the string) */ 54*7c478bd9Sstevel@tonic-gate addlenfield(rep->field_length, rep->field, i-1, asn1_type); 55*7c478bd9Sstevel@tonic-gate 56*7c478bd9Sstevel@tonic-gate /* if you really have to do things yourself... */ 57*7c478bd9Sstevel@tonic-gate retval = asn1_encode_asn1_type(buf,rep->field,&length); 58*7c478bd9Sstevel@tonic-gate if(retval) return retval; 59*7c478bd9Sstevel@tonic-gate sum += length; 60*7c478bd9Sstevel@tonic-gate retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, 61*7c478bd9Sstevel@tonic-gate &length); 62*7c478bd9Sstevel@tonic-gate if(retval) return retval; 63*7c478bd9Sstevel@tonic-gate sum += length; 64*7c478bd9Sstevel@tonic-gate 65*7c478bd9Sstevel@tonic-gate ... 66*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->second_field, 1, asn1_type); 67*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->first_field, 0, asn1_type); 68*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 69*7c478bd9Sstevel@tonic-gate 70*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 71*7c478bd9Sstevel@tonic-gate } 72*7c478bd9Sstevel@tonic-gate #endif 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate /* setup() -- create and initialize bookkeeping variables 75*7c478bd9Sstevel@tonic-gate retval: stores error codes returned from subroutines 76*7c478bd9Sstevel@tonic-gate length: length of the most-recently produced encoding 77*7c478bd9Sstevel@tonic-gate sum: cumulative length of the entire encoding */ 78*7c478bd9Sstevel@tonic-gate #define asn1_setup()\ 79*7c478bd9Sstevel@tonic-gate asn1_error_code retval;\ 80*7c478bd9Sstevel@tonic-gate unsigned int length, sum=0 81*7c478bd9Sstevel@tonic-gate 82*7c478bd9Sstevel@tonic-gate /* asn1_addfield -- add a field, or component, to the encoding */ 83*7c478bd9Sstevel@tonic-gate #define asn1_addfield(value,tag,encoder)\ 84*7c478bd9Sstevel@tonic-gate { retval = encoder(buf,value,&length);\ 85*7c478bd9Sstevel@tonic-gate if(retval){\ 86*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf);\ 87*7c478bd9Sstevel@tonic-gate return retval; }\ 88*7c478bd9Sstevel@tonic-gate sum += length;\ 89*7c478bd9Sstevel@tonic-gate retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ 90*7c478bd9Sstevel@tonic-gate if(retval){\ 91*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf);\ 92*7c478bd9Sstevel@tonic-gate return retval; }\ 93*7c478bd9Sstevel@tonic-gate sum += length; } 94*7c478bd9Sstevel@tonic-gate 95*7c478bd9Sstevel@tonic-gate /* asn1_addlenfield -- add a field whose length must be separately specified */ 96*7c478bd9Sstevel@tonic-gate #define asn1_addlenfield(len,value,tag,encoder)\ 97*7c478bd9Sstevel@tonic-gate { retval = encoder(buf,len,value,&length);\ 98*7c478bd9Sstevel@tonic-gate if(retval){\ 99*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf);\ 100*7c478bd9Sstevel@tonic-gate return retval; }\ 101*7c478bd9Sstevel@tonic-gate sum += length;\ 102*7c478bd9Sstevel@tonic-gate retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ 103*7c478bd9Sstevel@tonic-gate if(retval){\ 104*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf);\ 105*7c478bd9Sstevel@tonic-gate return retval; }\ 106*7c478bd9Sstevel@tonic-gate sum += length; } 107*7c478bd9Sstevel@tonic-gate 108*7c478bd9Sstevel@tonic-gate /* form a sequence (by adding a sequence header to the current encoding) */ 109*7c478bd9Sstevel@tonic-gate #define asn1_makeseq()\ 110*7c478bd9Sstevel@tonic-gate retval = asn1_make_sequence(buf,sum,&length);\ 111*7c478bd9Sstevel@tonic-gate if(retval){\ 112*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf);\ 113*7c478bd9Sstevel@tonic-gate return retval; }\ 114*7c478bd9Sstevel@tonic-gate sum += length 115*7c478bd9Sstevel@tonic-gate 116*7c478bd9Sstevel@tonic-gate /* add an APPLICATION class tag to the current encoding */ 117*7c478bd9Sstevel@tonic-gate #define asn1_apptag(num)\ 118*7c478bd9Sstevel@tonic-gate retval = asn1_make_etag(buf,APPLICATION,num,sum,&length);\ 119*7c478bd9Sstevel@tonic-gate if(retval){\ 120*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf);\ 121*7c478bd9Sstevel@tonic-gate return retval; }\ 122*7c478bd9Sstevel@tonic-gate sum += length 123*7c478bd9Sstevel@tonic-gate 124*7c478bd9Sstevel@tonic-gate /* produce the final output and clean up the workspace */ 125*7c478bd9Sstevel@tonic-gate #define asn1_cleanup()\ 126*7c478bd9Sstevel@tonic-gate *retlen = sum;\ 127*7c478bd9Sstevel@tonic-gate return 0 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_ui_4(asn1buf *buf, const krb5_ui_4 val, unsigned int *retlen) 130*7c478bd9Sstevel@tonic-gate { 131*7c478bd9Sstevel@tonic-gate return asn1_encode_unsigned_integer(buf,val,retlen); 132*7c478bd9Sstevel@tonic-gate } 133*7c478bd9Sstevel@tonic-gate 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_realm(asn1buf *buf, const krb5_principal val, unsigned int *retlen) 136*7c478bd9Sstevel@tonic-gate { 137*7c478bd9Sstevel@tonic-gate if (val == NULL || 138*7c478bd9Sstevel@tonic-gate (val->realm.length && val->realm.data == NULL)) 139*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 140*7c478bd9Sstevel@tonic-gate return asn1_encode_generalstring(buf,val->realm.length,val->realm.data, 141*7c478bd9Sstevel@tonic-gate retlen); 142*7c478bd9Sstevel@tonic-gate } 143*7c478bd9Sstevel@tonic-gate 144*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_principal_name(asn1buf *buf, const krb5_principal val, unsigned int *retlen) 145*7c478bd9Sstevel@tonic-gate { 146*7c478bd9Sstevel@tonic-gate asn1_setup(); 147*7c478bd9Sstevel@tonic-gate int n; 148*7c478bd9Sstevel@tonic-gate 149*7c478bd9Sstevel@tonic-gate if (val == NULL || val->data == NULL) return ASN1_MISSING_FIELD; 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gate for(n = (int) ((val->length)-1); n >= 0; n--){ 152*7c478bd9Sstevel@tonic-gate if (val->data[n].length && 153*7c478bd9Sstevel@tonic-gate val->data[n].data == NULL) 154*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 155*7c478bd9Sstevel@tonic-gate retval = asn1_encode_generalstring(buf, 156*7c478bd9Sstevel@tonic-gate (val->data)[n].length, 157*7c478bd9Sstevel@tonic-gate (val->data)[n].data, 158*7c478bd9Sstevel@tonic-gate &length); 159*7c478bd9Sstevel@tonic-gate if(retval) return retval; 160*7c478bd9Sstevel@tonic-gate sum += length; 161*7c478bd9Sstevel@tonic-gate } 162*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 163*7c478bd9Sstevel@tonic-gate retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,1,sum,&length); 164*7c478bd9Sstevel@tonic-gate if(retval) return retval; 165*7c478bd9Sstevel@tonic-gate sum += length; 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gate asn1_addfield(val->type,0,asn1_encode_integer); 168*7c478bd9Sstevel@tonic-gate 169*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 172*7c478bd9Sstevel@tonic-gate } 173*7c478bd9Sstevel@tonic-gate 174*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_kerberos_time(asn1buf *buf, const krb5_timestamp val, unsigned int *retlen) 175*7c478bd9Sstevel@tonic-gate { 176*7c478bd9Sstevel@tonic-gate return asn1_encode_generaltime(buf,val,retlen); 177*7c478bd9Sstevel@tonic-gate } 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_host_address(asn1buf *buf, const krb5_address *val, unsigned int *retlen) 180*7c478bd9Sstevel@tonic-gate { 181*7c478bd9Sstevel@tonic-gate asn1_setup(); 182*7c478bd9Sstevel@tonic-gate 183*7c478bd9Sstevel@tonic-gate if (val == NULL || val->contents == NULL) return ASN1_MISSING_FIELD; 184*7c478bd9Sstevel@tonic-gate 185*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); 186*7c478bd9Sstevel@tonic-gate asn1_addfield(val->addrtype,0,asn1_encode_integer); 187*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 190*7c478bd9Sstevel@tonic-gate } 191*7c478bd9Sstevel@tonic-gate 192*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_host_addresses(asn1buf *buf, const krb5_address **val, unsigned int *retlen) 193*7c478bd9Sstevel@tonic-gate { 194*7c478bd9Sstevel@tonic-gate asn1_setup(); 195*7c478bd9Sstevel@tonic-gate int i; 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; 198*7c478bd9Sstevel@tonic-gate 199*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); /* go to end of array */ 200*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 201*7c478bd9Sstevel@tonic-gate retval = asn1_encode_host_address(buf,val[i],&length); 202*7c478bd9Sstevel@tonic-gate if(retval) return retval; 203*7c478bd9Sstevel@tonic-gate sum += length; 204*7c478bd9Sstevel@tonic-gate } 205*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 206*7c478bd9Sstevel@tonic-gate 207*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 208*7c478bd9Sstevel@tonic-gate } 209*7c478bd9Sstevel@tonic-gate 210*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_encrypted_data(asn1buf *buf, const krb5_enc_data *val, unsigned int *retlen) 211*7c478bd9Sstevel@tonic-gate { 212*7c478bd9Sstevel@tonic-gate asn1_setup(); 213*7c478bd9Sstevel@tonic-gate 214*7c478bd9Sstevel@tonic-gate if(val == NULL || 215*7c478bd9Sstevel@tonic-gate (val->ciphertext.length && val->ciphertext.data == NULL)) 216*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 217*7c478bd9Sstevel@tonic-gate 218*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring); 219*7c478bd9Sstevel@tonic-gate /* krb5_kvno should be int */ 220*7c478bd9Sstevel@tonic-gate if(val->kvno) 221*7c478bd9Sstevel@tonic-gate asn1_addfield((int) val->kvno,1,asn1_encode_integer); 222*7c478bd9Sstevel@tonic-gate asn1_addfield(val->enctype,0,asn1_encode_integer); 223*7c478bd9Sstevel@tonic-gate 224*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 225*7c478bd9Sstevel@tonic-gate 226*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 227*7c478bd9Sstevel@tonic-gate } 228*7c478bd9Sstevel@tonic-gate 229*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_krb5_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) 230*7c478bd9Sstevel@tonic-gate { 231*7c478bd9Sstevel@tonic-gate asn1_setup(); 232*7c478bd9Sstevel@tonic-gate krb5_flags valcopy = val; 233*7c478bd9Sstevel@tonic-gate int i; 234*7c478bd9Sstevel@tonic-gate 235*7c478bd9Sstevel@tonic-gate for(i=0; i<4; i++){ 236*7c478bd9Sstevel@tonic-gate retval = asn1buf_insert_octet(buf,(asn1_octet) (valcopy&0xFF)); 237*7c478bd9Sstevel@tonic-gate if(retval) return retval; 238*7c478bd9Sstevel@tonic-gate valcopy >>= 8; 239*7c478bd9Sstevel@tonic-gate } 240*7c478bd9Sstevel@tonic-gate retval = asn1buf_insert_octet(buf,0); /* 0 padding bits */ 241*7c478bd9Sstevel@tonic-gate if(retval) return retval; 242*7c478bd9Sstevel@tonic-gate sum = 5; 243*7c478bd9Sstevel@tonic-gate 244*7c478bd9Sstevel@tonic-gate retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_BITSTRING,sum, 245*7c478bd9Sstevel@tonic-gate &length); 246*7c478bd9Sstevel@tonic-gate if(retval) return retval; 247*7c478bd9Sstevel@tonic-gate sum += length; 248*7c478bd9Sstevel@tonic-gate 249*7c478bd9Sstevel@tonic-gate *retlen = sum; 250*7c478bd9Sstevel@tonic-gate return 0; 251*7c478bd9Sstevel@tonic-gate } 252*7c478bd9Sstevel@tonic-gate 253*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_ap_options(asn1buf *buf, const krb5_flags val, unsigned int *retlen) 254*7c478bd9Sstevel@tonic-gate { 255*7c478bd9Sstevel@tonic-gate return asn1_encode_krb5_flags(buf,val,retlen); 256*7c478bd9Sstevel@tonic-gate } 257*7c478bd9Sstevel@tonic-gate 258*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_ticket_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) 259*7c478bd9Sstevel@tonic-gate { 260*7c478bd9Sstevel@tonic-gate return asn1_encode_krb5_flags(buf,val,retlen); 261*7c478bd9Sstevel@tonic-gate } 262*7c478bd9Sstevel@tonic-gate 263*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_kdc_options(asn1buf *buf, const krb5_flags val, unsigned int *retlen) 264*7c478bd9Sstevel@tonic-gate { 265*7c478bd9Sstevel@tonic-gate return asn1_encode_krb5_flags(buf,val,retlen); 266*7c478bd9Sstevel@tonic-gate } 267*7c478bd9Sstevel@tonic-gate 268*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_authorization_data(asn1buf *buf, const krb5_authdata **val, unsigned int *retlen) 269*7c478bd9Sstevel@tonic-gate { 270*7c478bd9Sstevel@tonic-gate asn1_setup(); 271*7c478bd9Sstevel@tonic-gate int i; 272*7c478bd9Sstevel@tonic-gate 273*7c478bd9Sstevel@tonic-gate if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; 274*7c478bd9Sstevel@tonic-gate 275*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); /* get to the end of the array */ 276*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 277*7c478bd9Sstevel@tonic-gate retval = asn1_encode_krb5_authdata_elt(buf,val[i],&length); 278*7c478bd9Sstevel@tonic-gate if(retval) return retval; 279*7c478bd9Sstevel@tonic-gate sum += length; 280*7c478bd9Sstevel@tonic-gate } 281*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 282*7c478bd9Sstevel@tonic-gate 283*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 284*7c478bd9Sstevel@tonic-gate } 285*7c478bd9Sstevel@tonic-gate 286*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_krb5_authdata_elt(asn1buf *buf, const krb5_authdata *val, unsigned int *retlen) 287*7c478bd9Sstevel@tonic-gate { 288*7c478bd9Sstevel@tonic-gate asn1_setup(); 289*7c478bd9Sstevel@tonic-gate 290*7c478bd9Sstevel@tonic-gate if (val == NULL || 291*7c478bd9Sstevel@tonic-gate (val->length && val->contents == NULL)) 292*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 293*7c478bd9Sstevel@tonic-gate 294*7c478bd9Sstevel@tonic-gate /* ad-data[1] OCTET STRING */ 295*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); 296*7c478bd9Sstevel@tonic-gate /* ad-type[0] INTEGER */ 297*7c478bd9Sstevel@tonic-gate asn1_addfield(val->ad_type,0,asn1_encode_integer); 298*7c478bd9Sstevel@tonic-gate /* SEQUENCE */ 299*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 300*7c478bd9Sstevel@tonic-gate 301*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 302*7c478bd9Sstevel@tonic-gate } 303*7c478bd9Sstevel@tonic-gate 304*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_kdc_rep(int msg_type, asn1buf *buf, const krb5_kdc_rep *val, unsigned int *retlen) 305*7c478bd9Sstevel@tonic-gate { 306*7c478bd9Sstevel@tonic-gate asn1_setup(); 307*7c478bd9Sstevel@tonic-gate 308*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 309*7c478bd9Sstevel@tonic-gate 310*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->enc_part),6,asn1_encode_encrypted_data); 311*7c478bd9Sstevel@tonic-gate asn1_addfield(val->ticket,5,asn1_encode_ticket); 312*7c478bd9Sstevel@tonic-gate asn1_addfield(val->client,4,asn1_encode_principal_name); 313*7c478bd9Sstevel@tonic-gate asn1_addfield(val->client,3,asn1_encode_realm); 314*7c478bd9Sstevel@tonic-gate if(val->padata != NULL && val->padata[0] != NULL) 315*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_pa_data**)val->padata,2,asn1_encode_sequence_of_pa_data); 316*7c478bd9Sstevel@tonic-gate if (msg_type != KRB5_AS_REP && msg_type != KRB5_TGS_REP) 317*7c478bd9Sstevel@tonic-gate return KRB5_BADMSGTYPE; 318*7c478bd9Sstevel@tonic-gate asn1_addfield(msg_type,1,asn1_encode_integer); 319*7c478bd9Sstevel@tonic-gate asn1_addfield(KVNO,0,asn1_encode_integer); 320*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 321*7c478bd9Sstevel@tonic-gate 322*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 323*7c478bd9Sstevel@tonic-gate } 324*7c478bd9Sstevel@tonic-gate 325*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_enc_kdc_rep_part(asn1buf *buf, const krb5_enc_kdc_rep_part *val, unsigned int *retlen) 326*7c478bd9Sstevel@tonic-gate { 327*7c478bd9Sstevel@tonic-gate asn1_setup(); 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 330*7c478bd9Sstevel@tonic-gate 331*7c478bd9Sstevel@tonic-gate /* caddr[11] HostAddresses OPTIONAL */ 332*7c478bd9Sstevel@tonic-gate if(val->caddrs != NULL && val->caddrs[0] != NULL) 333*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_address**)(val->caddrs),11,asn1_encode_host_addresses); 334*7c478bd9Sstevel@tonic-gate 335*7c478bd9Sstevel@tonic-gate /* sname[10] PrincipalName */ 336*7c478bd9Sstevel@tonic-gate asn1_addfield(val->server,10,asn1_encode_principal_name); 337*7c478bd9Sstevel@tonic-gate 338*7c478bd9Sstevel@tonic-gate /* srealm[9] Realm */ 339*7c478bd9Sstevel@tonic-gate asn1_addfield(val->server,9,asn1_encode_realm); 340*7c478bd9Sstevel@tonic-gate 341*7c478bd9Sstevel@tonic-gate /* renew-till[8] KerberosTime OPTIONAL */ 342*7c478bd9Sstevel@tonic-gate if(val->flags & TKT_FLG_RENEWABLE) 343*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.renew_till,8,asn1_encode_kerberos_time); 344*7c478bd9Sstevel@tonic-gate 345*7c478bd9Sstevel@tonic-gate /* endtime[7] KerberosTime */ 346*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.endtime,7,asn1_encode_kerberos_time); 347*7c478bd9Sstevel@tonic-gate 348*7c478bd9Sstevel@tonic-gate /* starttime[6] KerberosTime OPTIONAL */ 349*7c478bd9Sstevel@tonic-gate if(val->times.starttime) 350*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.starttime,6,asn1_encode_kerberos_time); 351*7c478bd9Sstevel@tonic-gate 352*7c478bd9Sstevel@tonic-gate /* authtime[5] KerberosTime */ 353*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.authtime,5,asn1_encode_kerberos_time); 354*7c478bd9Sstevel@tonic-gate 355*7c478bd9Sstevel@tonic-gate /* flags[4] TicketFlags */ 356*7c478bd9Sstevel@tonic-gate asn1_addfield(val->flags,4,asn1_encode_ticket_flags); 357*7c478bd9Sstevel@tonic-gate 358*7c478bd9Sstevel@tonic-gate /* key-expiration[3] KerberosTime OPTIONAL */ 359*7c478bd9Sstevel@tonic-gate if(val->key_exp) 360*7c478bd9Sstevel@tonic-gate asn1_addfield(val->key_exp,3,asn1_encode_kerberos_time); 361*7c478bd9Sstevel@tonic-gate 362*7c478bd9Sstevel@tonic-gate /* nonce[2] INTEGER */ 363*7c478bd9Sstevel@tonic-gate asn1_addfield(val->nonce,2,asn1_encode_integer); 364*7c478bd9Sstevel@tonic-gate 365*7c478bd9Sstevel@tonic-gate /* last-req[1] LastReq */ 366*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_last_req_entry**)val->last_req,1,asn1_encode_last_req); 367*7c478bd9Sstevel@tonic-gate 368*7c478bd9Sstevel@tonic-gate /* key[0] EncryptionKey */ 369*7c478bd9Sstevel@tonic-gate asn1_addfield(val->session,0,asn1_encode_encryption_key); 370*7c478bd9Sstevel@tonic-gate 371*7c478bd9Sstevel@tonic-gate /* EncKDCRepPart ::= SEQUENCE */ 372*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 373*7c478bd9Sstevel@tonic-gate 374*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 375*7c478bd9Sstevel@tonic-gate } 376*7c478bd9Sstevel@tonic-gate 377*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sequence_of_checksum(asn1buf *buf, const krb5_checksum ** val, unsigned int *retlen) 378*7c478bd9Sstevel@tonic-gate { 379*7c478bd9Sstevel@tonic-gate asn1_setup(); 380*7c478bd9Sstevel@tonic-gate int i; 381*7c478bd9Sstevel@tonic-gate 382*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 383*7c478bd9Sstevel@tonic-gate 384*7c478bd9Sstevel@tonic-gate for (i=0; val[i] != NULL; i++); 385*7c478bd9Sstevel@tonic-gate for (i--; i>=0; i--){ 386*7c478bd9Sstevel@tonic-gate retval = asn1_encode_checksum(buf,val[i],&length); 387*7c478bd9Sstevel@tonic-gate if(retval) return retval; 388*7c478bd9Sstevel@tonic-gate sum += length; 389*7c478bd9Sstevel@tonic-gate } 390*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 391*7c478bd9Sstevel@tonic-gate 392*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 393*7c478bd9Sstevel@tonic-gate } 394*7c478bd9Sstevel@tonic-gate 395*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_kdc_req_body(asn1buf *buf, const krb5_kdc_req *rep, unsigned int *retlen) 396*7c478bd9Sstevel@tonic-gate { 397*7c478bd9Sstevel@tonic-gate asn1_setup(); 398*7c478bd9Sstevel@tonic-gate 399*7c478bd9Sstevel@tonic-gate if(rep == NULL) return ASN1_MISSING_FIELD; 400*7c478bd9Sstevel@tonic-gate 401*7c478bd9Sstevel@tonic-gate /* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL */ 402*7c478bd9Sstevel@tonic-gate if(rep->second_ticket != NULL && rep->second_ticket[0] != NULL) 403*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_ticket**)rep->second_ticket, 404*7c478bd9Sstevel@tonic-gate 11,asn1_encode_sequence_of_ticket); 405*7c478bd9Sstevel@tonic-gate 406*7c478bd9Sstevel@tonic-gate /* enc-authorization-data[10] EncryptedData OPTIONAL, */ 407*7c478bd9Sstevel@tonic-gate /* -- Encrypted AuthorizationData encoding */ 408*7c478bd9Sstevel@tonic-gate if(rep->authorization_data.ciphertext.data != NULL) 409*7c478bd9Sstevel@tonic-gate asn1_addfield(&(rep->authorization_data),10,asn1_encode_encrypted_data); 410*7c478bd9Sstevel@tonic-gate 411*7c478bd9Sstevel@tonic-gate /* addresses[9] HostAddresses OPTIONAL, */ 412*7c478bd9Sstevel@tonic-gate if(rep->addresses != NULL && rep->addresses[0] != NULL) 413*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_address**)rep->addresses,9,asn1_encode_host_addresses); 414*7c478bd9Sstevel@tonic-gate 415*7c478bd9Sstevel@tonic-gate /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ 416*7c478bd9Sstevel@tonic-gate /* -- in preference order */ 417*7c478bd9Sstevel@tonic-gate asn1_addlenfield(rep->nktypes,rep->ktype,8,asn1_encode_sequence_of_enctype); 418*7c478bd9Sstevel@tonic-gate 419*7c478bd9Sstevel@tonic-gate /* nonce[7] INTEGER, */ 420*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->nonce,7,asn1_encode_integer); 421*7c478bd9Sstevel@tonic-gate 422*7c478bd9Sstevel@tonic-gate /* rtime[6] KerberosTime OPTIONAL, */ 423*7c478bd9Sstevel@tonic-gate if(rep->rtime) 424*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->rtime,6,asn1_encode_kerberos_time); 425*7c478bd9Sstevel@tonic-gate 426*7c478bd9Sstevel@tonic-gate /* till[5] KerberosTime, */ 427*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->till,5,asn1_encode_kerberos_time); 428*7c478bd9Sstevel@tonic-gate 429*7c478bd9Sstevel@tonic-gate /* from[4] KerberosTime OPTIONAL, */ 430*7c478bd9Sstevel@tonic-gate if(rep->from) 431*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->from,4,asn1_encode_kerberos_time); 432*7c478bd9Sstevel@tonic-gate 433*7c478bd9Sstevel@tonic-gate /* sname[3] PrincipalName OPTIONAL, */ 434*7c478bd9Sstevel@tonic-gate if(rep->server != NULL) 435*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->server,3,asn1_encode_principal_name); 436*7c478bd9Sstevel@tonic-gate 437*7c478bd9Sstevel@tonic-gate /* realm[2] Realm, -- Server's realm */ 438*7c478bd9Sstevel@tonic-gate /* -- Also client's in AS-REQ */ 439*7c478bd9Sstevel@tonic-gate if(rep->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY){ 440*7c478bd9Sstevel@tonic-gate if(rep->second_ticket != NULL && rep->second_ticket[0] != NULL){ 441*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->second_ticket[0]->server,2,asn1_encode_realm) 442*7c478bd9Sstevel@tonic-gate } else return ASN1_MISSING_FIELD; 443*7c478bd9Sstevel@tonic-gate }else if(rep->server != NULL){ 444*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->server,2,asn1_encode_realm); 445*7c478bd9Sstevel@tonic-gate }else return ASN1_MISSING_FIELD; 446*7c478bd9Sstevel@tonic-gate 447*7c478bd9Sstevel@tonic-gate /* cname[1] PrincipalName OPTIONAL, */ 448*7c478bd9Sstevel@tonic-gate /* -- Used only in AS-REQ */ 449*7c478bd9Sstevel@tonic-gate if(rep->client != NULL) 450*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->client,1,asn1_encode_principal_name); 451*7c478bd9Sstevel@tonic-gate 452*7c478bd9Sstevel@tonic-gate /* kdc-options[0] KDCOptions, */ 453*7c478bd9Sstevel@tonic-gate asn1_addfield(rep->kdc_options,0,asn1_encode_kdc_options); 454*7c478bd9Sstevel@tonic-gate 455*7c478bd9Sstevel@tonic-gate /* KDC-REQ-BODY ::= SEQUENCE */ 456*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 457*7c478bd9Sstevel@tonic-gate 458*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 459*7c478bd9Sstevel@tonic-gate } 460*7c478bd9Sstevel@tonic-gate 461*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_encryption_key(asn1buf *buf, const krb5_keyblock *val, unsigned int *retlen) 462*7c478bd9Sstevel@tonic-gate { 463*7c478bd9Sstevel@tonic-gate asn1_setup(); 464*7c478bd9Sstevel@tonic-gate 465*7c478bd9Sstevel@tonic-gate if (val == NULL || 466*7c478bd9Sstevel@tonic-gate (val->length && val->contents == NULL)) 467*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 468*7c478bd9Sstevel@tonic-gate 469*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); 470*7c478bd9Sstevel@tonic-gate asn1_addfield(val->enctype,0,asn1_encode_integer); 471*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 472*7c478bd9Sstevel@tonic-gate 473*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 474*7c478bd9Sstevel@tonic-gate } 475*7c478bd9Sstevel@tonic-gate 476*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_checksum(asn1buf *buf, const krb5_checksum *val, unsigned int *retlen) 477*7c478bd9Sstevel@tonic-gate { 478*7c478bd9Sstevel@tonic-gate asn1_setup(); 479*7c478bd9Sstevel@tonic-gate 480*7c478bd9Sstevel@tonic-gate if (val == NULL || 481*7c478bd9Sstevel@tonic-gate (val->length && val->contents == NULL)) 482*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 483*7c478bd9Sstevel@tonic-gate 484*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); 485*7c478bd9Sstevel@tonic-gate asn1_addfield(val->checksum_type,0,asn1_encode_integer); 486*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 487*7c478bd9Sstevel@tonic-gate 488*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 489*7c478bd9Sstevel@tonic-gate } 490*7c478bd9Sstevel@tonic-gate 491*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_transited_encoding(asn1buf *buf, const krb5_transited *val, unsigned int *retlen) 492*7c478bd9Sstevel@tonic-gate { 493*7c478bd9Sstevel@tonic-gate asn1_setup(); 494*7c478bd9Sstevel@tonic-gate 495*7c478bd9Sstevel@tonic-gate if(val == NULL || 496*7c478bd9Sstevel@tonic-gate (val->tr_contents.length != 0 && val->tr_contents.data == NULL)) 497*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 498*7c478bd9Sstevel@tonic-gate 499*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->tr_contents.length,val->tr_contents.data, 500*7c478bd9Sstevel@tonic-gate 1,asn1_encode_charstring); 501*7c478bd9Sstevel@tonic-gate asn1_addfield(val->tr_type,0,asn1_encode_integer); 502*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 503*7c478bd9Sstevel@tonic-gate 504*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 505*7c478bd9Sstevel@tonic-gate } 506*7c478bd9Sstevel@tonic-gate 507*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_last_req(asn1buf *buf, const krb5_last_req_entry **val, unsigned int *retlen) 508*7c478bd9Sstevel@tonic-gate { 509*7c478bd9Sstevel@tonic-gate asn1_setup(); 510*7c478bd9Sstevel@tonic-gate int i; 511*7c478bd9Sstevel@tonic-gate 512*7c478bd9Sstevel@tonic-gate if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; 513*7c478bd9Sstevel@tonic-gate 514*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); /* go to end of array */ 515*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 516*7c478bd9Sstevel@tonic-gate retval = asn1_encode_last_req_entry(buf,val[i],&length); 517*7c478bd9Sstevel@tonic-gate if(retval) return retval; 518*7c478bd9Sstevel@tonic-gate sum += length; 519*7c478bd9Sstevel@tonic-gate } 520*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 521*7c478bd9Sstevel@tonic-gate 522*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 523*7c478bd9Sstevel@tonic-gate } 524*7c478bd9Sstevel@tonic-gate 525*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_last_req_entry(asn1buf *buf, const krb5_last_req_entry *val, unsigned int *retlen) 526*7c478bd9Sstevel@tonic-gate { 527*7c478bd9Sstevel@tonic-gate asn1_setup(); 528*7c478bd9Sstevel@tonic-gate 529*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 530*7c478bd9Sstevel@tonic-gate 531*7c478bd9Sstevel@tonic-gate asn1_addfield(val->value,1,asn1_encode_kerberos_time); 532*7c478bd9Sstevel@tonic-gate asn1_addfield(val->lr_type,0,asn1_encode_integer); 533*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 534*7c478bd9Sstevel@tonic-gate 535*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 536*7c478bd9Sstevel@tonic-gate } 537*7c478bd9Sstevel@tonic-gate 538*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sequence_of_pa_data(asn1buf *buf, const krb5_pa_data **val, unsigned int *retlen) 539*7c478bd9Sstevel@tonic-gate { 540*7c478bd9Sstevel@tonic-gate asn1_setup(); 541*7c478bd9Sstevel@tonic-gate int i; 542*7c478bd9Sstevel@tonic-gate 543*7c478bd9Sstevel@tonic-gate if (val == NULL) return ASN1_MISSING_FIELD; 544*7c478bd9Sstevel@tonic-gate 545*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); 546*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 547*7c478bd9Sstevel@tonic-gate retval = asn1_encode_pa_data(buf,val[i],&length); 548*7c478bd9Sstevel@tonic-gate if(retval) return retval; 549*7c478bd9Sstevel@tonic-gate sum += length; 550*7c478bd9Sstevel@tonic-gate } 551*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 552*7c478bd9Sstevel@tonic-gate 553*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 554*7c478bd9Sstevel@tonic-gate } 555*7c478bd9Sstevel@tonic-gate 556*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_pa_data(asn1buf *buf, const krb5_pa_data *val, unsigned int *retlen) 557*7c478bd9Sstevel@tonic-gate { 558*7c478bd9Sstevel@tonic-gate asn1_setup(); 559*7c478bd9Sstevel@tonic-gate 560*7c478bd9Sstevel@tonic-gate if(val == NULL || (val->length != 0 && val->contents == NULL)) 561*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 562*7c478bd9Sstevel@tonic-gate 563*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->length,val->contents,2,asn1_encode_octetstring); 564*7c478bd9Sstevel@tonic-gate asn1_addfield(val->pa_type,1,asn1_encode_integer); 565*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 566*7c478bd9Sstevel@tonic-gate 567*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 568*7c478bd9Sstevel@tonic-gate } 569*7c478bd9Sstevel@tonic-gate 570*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sequence_of_ticket(asn1buf *buf, const krb5_ticket **val, unsigned int *retlen) 571*7c478bd9Sstevel@tonic-gate { 572*7c478bd9Sstevel@tonic-gate asn1_setup(); 573*7c478bd9Sstevel@tonic-gate int i; 574*7c478bd9Sstevel@tonic-gate 575*7c478bd9Sstevel@tonic-gate if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; 576*7c478bd9Sstevel@tonic-gate 577*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); 578*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 579*7c478bd9Sstevel@tonic-gate retval = asn1_encode_ticket(buf,val[i],&length); 580*7c478bd9Sstevel@tonic-gate if(retval) return retval; 581*7c478bd9Sstevel@tonic-gate sum += length; 582*7c478bd9Sstevel@tonic-gate } 583*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 584*7c478bd9Sstevel@tonic-gate 585*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 586*7c478bd9Sstevel@tonic-gate } 587*7c478bd9Sstevel@tonic-gate 588*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_ticket(asn1buf *buf, const krb5_ticket *val, unsigned int *retlen) 589*7c478bd9Sstevel@tonic-gate { 590*7c478bd9Sstevel@tonic-gate asn1_setup(); 591*7c478bd9Sstevel@tonic-gate 592*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 593*7c478bd9Sstevel@tonic-gate 594*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->enc_part),3,asn1_encode_encrypted_data); 595*7c478bd9Sstevel@tonic-gate asn1_addfield(val->server,2,asn1_encode_principal_name); 596*7c478bd9Sstevel@tonic-gate asn1_addfield(val->server,1,asn1_encode_realm); 597*7c478bd9Sstevel@tonic-gate asn1_addfield(KVNO,0,asn1_encode_integer); 598*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 599*7c478bd9Sstevel@tonic-gate asn1_apptag(1); 600*7c478bd9Sstevel@tonic-gate 601*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 602*7c478bd9Sstevel@tonic-gate } 603*7c478bd9Sstevel@tonic-gate 604*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sequence_of_enctype(asn1buf *buf, const int len, const krb5_enctype *val, unsigned int *retlen) 605*7c478bd9Sstevel@tonic-gate { 606*7c478bd9Sstevel@tonic-gate asn1_setup(); 607*7c478bd9Sstevel@tonic-gate int i; 608*7c478bd9Sstevel@tonic-gate 609*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 610*7c478bd9Sstevel@tonic-gate 611*7c478bd9Sstevel@tonic-gate for(i=len-1; i>=0; i--){ 612*7c478bd9Sstevel@tonic-gate retval = asn1_encode_integer(buf,val[i],&length); 613*7c478bd9Sstevel@tonic-gate if(retval) return retval; 614*7c478bd9Sstevel@tonic-gate sum += length; 615*7c478bd9Sstevel@tonic-gate } 616*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 617*7c478bd9Sstevel@tonic-gate 618*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 619*7c478bd9Sstevel@tonic-gate } 620*7c478bd9Sstevel@tonic-gate 621*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_kdc_req(int msg_type, asn1buf *buf, const krb5_kdc_req *val, unsigned int *retlen) 622*7c478bd9Sstevel@tonic-gate { 623*7c478bd9Sstevel@tonic-gate asn1_setup(); 624*7c478bd9Sstevel@tonic-gate 625*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 626*7c478bd9Sstevel@tonic-gate 627*7c478bd9Sstevel@tonic-gate asn1_addfield(val,4,asn1_encode_kdc_req_body); 628*7c478bd9Sstevel@tonic-gate if(val->padata != NULL && val->padata[0] != NULL) 629*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_pa_data**)val->padata,3,asn1_encode_sequence_of_pa_data); 630*7c478bd9Sstevel@tonic-gate if (msg_type != KRB5_AS_REQ && msg_type != KRB5_TGS_REQ) 631*7c478bd9Sstevel@tonic-gate return KRB5_BADMSGTYPE; 632*7c478bd9Sstevel@tonic-gate asn1_addfield(msg_type,2,asn1_encode_integer); 633*7c478bd9Sstevel@tonic-gate asn1_addfield(KVNO,1,asn1_encode_integer); 634*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 635*7c478bd9Sstevel@tonic-gate 636*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 637*7c478bd9Sstevel@tonic-gate } 638*7c478bd9Sstevel@tonic-gate 639*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_krb_safe_body(asn1buf *buf, const krb5_safe *val, unsigned int *retlen) 640*7c478bd9Sstevel@tonic-gate { 641*7c478bd9Sstevel@tonic-gate asn1_setup(); 642*7c478bd9Sstevel@tonic-gate 643*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 644*7c478bd9Sstevel@tonic-gate 645*7c478bd9Sstevel@tonic-gate if(val->r_address != NULL) 646*7c478bd9Sstevel@tonic-gate asn1_addfield(val->r_address,5,asn1_encode_host_address); 647*7c478bd9Sstevel@tonic-gate asn1_addfield(val->s_address,4,asn1_encode_host_address); 648*7c478bd9Sstevel@tonic-gate if(val->seq_number) 649*7c478bd9Sstevel@tonic-gate asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer); 650*7c478bd9Sstevel@tonic-gate if(val->timestamp){ 651*7c478bd9Sstevel@tonic-gate asn1_addfield(val->usec,2,asn1_encode_integer); 652*7c478bd9Sstevel@tonic-gate asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time); 653*7c478bd9Sstevel@tonic-gate } 654*7c478bd9Sstevel@tonic-gate if (val->user_data.length && val->user_data.data == NULL) 655*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 656*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->user_data.length,val->user_data.data,0,asn1_encode_charstring) 657*7c478bd9Sstevel@tonic-gate ; 658*7c478bd9Sstevel@tonic-gate 659*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 660*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 661*7c478bd9Sstevel@tonic-gate } 662*7c478bd9Sstevel@tonic-gate 663*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sequence_of_krb_cred_info(asn1buf *buf, const krb5_cred_info **val, unsigned int *retlen) 664*7c478bd9Sstevel@tonic-gate { 665*7c478bd9Sstevel@tonic-gate asn1_setup(); 666*7c478bd9Sstevel@tonic-gate int i; 667*7c478bd9Sstevel@tonic-gate 668*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 669*7c478bd9Sstevel@tonic-gate 670*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); 671*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 672*7c478bd9Sstevel@tonic-gate retval = asn1_encode_krb_cred_info(buf,val[i],&length); 673*7c478bd9Sstevel@tonic-gate if(retval) return retval; 674*7c478bd9Sstevel@tonic-gate sum += length; 675*7c478bd9Sstevel@tonic-gate } 676*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 677*7c478bd9Sstevel@tonic-gate 678*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 679*7c478bd9Sstevel@tonic-gate } 680*7c478bd9Sstevel@tonic-gate 681*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *val, unsigned int *retlen) 682*7c478bd9Sstevel@tonic-gate { 683*7c478bd9Sstevel@tonic-gate asn1_setup(); 684*7c478bd9Sstevel@tonic-gate 685*7c478bd9Sstevel@tonic-gate if(val == NULL) return ASN1_MISSING_FIELD; 686*7c478bd9Sstevel@tonic-gate 687*7c478bd9Sstevel@tonic-gate if(val->caddrs != NULL && val->caddrs[0] != NULL) 688*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_address**)val->caddrs,10,asn1_encode_host_addresses); 689*7c478bd9Sstevel@tonic-gate if(val->server != NULL){ 690*7c478bd9Sstevel@tonic-gate asn1_addfield(val->server,9,asn1_encode_principal_name); 691*7c478bd9Sstevel@tonic-gate asn1_addfield(val->server,8,asn1_encode_realm); 692*7c478bd9Sstevel@tonic-gate } 693*7c478bd9Sstevel@tonic-gate if(val->times.renew_till) 694*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.renew_till,7,asn1_encode_kerberos_time); 695*7c478bd9Sstevel@tonic-gate if(val->times.endtime) 696*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.endtime,6,asn1_encode_kerberos_time); 697*7c478bd9Sstevel@tonic-gate if(val->times.starttime) 698*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.starttime,5,asn1_encode_kerberos_time); 699*7c478bd9Sstevel@tonic-gate if(val->times.authtime) 700*7c478bd9Sstevel@tonic-gate asn1_addfield(val->times.authtime,4,asn1_encode_kerberos_time); 701*7c478bd9Sstevel@tonic-gate if(val->flags) 702*7c478bd9Sstevel@tonic-gate asn1_addfield(val->flags,3,asn1_encode_ticket_flags); 703*7c478bd9Sstevel@tonic-gate if(val->client != NULL){ 704*7c478bd9Sstevel@tonic-gate asn1_addfield(val->client,2,asn1_encode_principal_name); 705*7c478bd9Sstevel@tonic-gate asn1_addfield(val->client,1,asn1_encode_realm); 706*7c478bd9Sstevel@tonic-gate } 707*7c478bd9Sstevel@tonic-gate asn1_addfield(val->session,0,asn1_encode_encryption_key); 708*7c478bd9Sstevel@tonic-gate 709*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 710*7c478bd9Sstevel@tonic-gate 711*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 712*7c478bd9Sstevel@tonic-gate } 713*7c478bd9Sstevel@tonic-gate 714*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, 715*7c478bd9Sstevel@tonic-gate unsigned int *retlen, int etype_info2) 716*7c478bd9Sstevel@tonic-gate { 717*7c478bd9Sstevel@tonic-gate asn1_setup(); 718*7c478bd9Sstevel@tonic-gate 719*7c478bd9Sstevel@tonic-gate assert(val->s2kparams.data == NULL || etype_info2); 720*7c478bd9Sstevel@tonic-gate if(val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT && 721*7c478bd9Sstevel@tonic-gate val->salt == NULL)) 722*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 723*7c478bd9Sstevel@tonic-gate if(val->s2kparams.data != NULL) 724*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->s2kparams.length, (const uchar_t *)val->s2kparams.data, 2, 725*7c478bd9Sstevel@tonic-gate asn1_encode_octetstring); 726*7c478bd9Sstevel@tonic-gate if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT){ 727*7c478bd9Sstevel@tonic-gate if (etype_info2) 728*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->length, (const char *)val->salt,1, 729*7c478bd9Sstevel@tonic-gate asn1_encode_generalstring) 730*7c478bd9Sstevel@tonic-gate else asn1_addlenfield(val->length,val->salt,1, 731*7c478bd9Sstevel@tonic-gate asn1_encode_octetstring); 732*7c478bd9Sstevel@tonic-gate } 733*7c478bd9Sstevel@tonic-gate asn1_addfield(val->etype,0,asn1_encode_integer); 734*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 735*7c478bd9Sstevel@tonic-gate 736*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 737*7c478bd9Sstevel@tonic-gate } 738*7c478bd9Sstevel@tonic-gate 739*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, 740*7c478bd9Sstevel@tonic-gate unsigned int *retlen, int etype_info2) 741*7c478bd9Sstevel@tonic-gate { 742*7c478bd9Sstevel@tonic-gate asn1_setup(); 743*7c478bd9Sstevel@tonic-gate int i; 744*7c478bd9Sstevel@tonic-gate 745*7c478bd9Sstevel@tonic-gate if (val == NULL) return ASN1_MISSING_FIELD; 746*7c478bd9Sstevel@tonic-gate 747*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); /* get to the end of the array */ 748*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 749*7c478bd9Sstevel@tonic-gate retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2); 750*7c478bd9Sstevel@tonic-gate if(retval) return retval; 751*7c478bd9Sstevel@tonic-gate sum += length; 752*7c478bd9Sstevel@tonic-gate } 753*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 754*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 755*7c478bd9Sstevel@tonic-gate } 756*7c478bd9Sstevel@tonic-gate 757*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sequence_of_passwdsequence(asn1buf *buf, const passwd_phrase_element **val, unsigned int *retlen) 758*7c478bd9Sstevel@tonic-gate { 759*7c478bd9Sstevel@tonic-gate asn1_setup(); 760*7c478bd9Sstevel@tonic-gate int i; 761*7c478bd9Sstevel@tonic-gate 762*7c478bd9Sstevel@tonic-gate if(val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; 763*7c478bd9Sstevel@tonic-gate 764*7c478bd9Sstevel@tonic-gate for(i=0; val[i] != NULL; i++); /* get to the end of the array */ 765*7c478bd9Sstevel@tonic-gate for(i--; i>=0; i--){ 766*7c478bd9Sstevel@tonic-gate retval = asn1_encode_passwdsequence(buf,val[i],&length); 767*7c478bd9Sstevel@tonic-gate if(retval) return retval; 768*7c478bd9Sstevel@tonic-gate sum += length; 769*7c478bd9Sstevel@tonic-gate } 770*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 771*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 772*7c478bd9Sstevel@tonic-gate } 773*7c478bd9Sstevel@tonic-gate 774*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_passwdsequence(asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen) 775*7c478bd9Sstevel@tonic-gate { 776*7c478bd9Sstevel@tonic-gate asn1_setup(); 777*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->phrase->length,val->phrase->data,1,asn1_encode_charstring); 778*7c478bd9Sstevel@tonic-gate asn1_addlenfield(val->passwd->length,val->passwd->data,0,asn1_encode_charstring); 779*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 780*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 781*7c478bd9Sstevel@tonic-gate } 782*7c478bd9Sstevel@tonic-gate 783*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) 784*7c478bd9Sstevel@tonic-gate { 785*7c478bd9Sstevel@tonic-gate return asn1_encode_krb5_flags(buf,val,retlen); 786*7c478bd9Sstevel@tonic-gate } 787*7c478bd9Sstevel@tonic-gate 788*7c478bd9Sstevel@tonic-gate #define add_optstring(val,n,fn) \ 789*7c478bd9Sstevel@tonic-gate if ((val).length > 0) {asn1_addlenfield((val).length,(val).data,n,fn);} 790*7c478bd9Sstevel@tonic-gate 791*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_challenge(asn1buf *buf, const krb5_sam_challenge *val, unsigned int *retlen) 792*7c478bd9Sstevel@tonic-gate { 793*7c478bd9Sstevel@tonic-gate asn1_setup(); 794*7c478bd9Sstevel@tonic-gate /* possibly wrong */ 795*7c478bd9Sstevel@tonic-gate if (val->sam_cksum.length) 796*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); 797*7c478bd9Sstevel@tonic-gate 798*7c478bd9Sstevel@tonic-gate if (val->sam_nonce) 799*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_nonce,8,asn1_encode_integer); 800*7c478bd9Sstevel@tonic-gate 801*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); 802*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); 803*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_challenge,5,asn1_encode_charstring); 804*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); 805*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_track_id,3,asn1_encode_charstring); 806*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_type_name,2,asn1_encode_charstring); 807*7c478bd9Sstevel@tonic-gate 808*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); 809*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_type,0,asn1_encode_integer); 810*7c478bd9Sstevel@tonic-gate 811*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 812*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 813*7c478bd9Sstevel@tonic-gate } 814*7c478bd9Sstevel@tonic-gate 815*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_challenge_2(asn1buf *buf, const krb5_sam_challenge_2 *val, unsigned int *retlen) 816*7c478bd9Sstevel@tonic-gate { 817*7c478bd9Sstevel@tonic-gate asn1_setup(); 818*7c478bd9Sstevel@tonic-gate if ( (!val) || (!val->sam_cksum) || (!val->sam_cksum[0])) 819*7c478bd9Sstevel@tonic-gate return ASN1_MISSING_FIELD; 820*7c478bd9Sstevel@tonic-gate 821*7c478bd9Sstevel@tonic-gate asn1_addfield((const krb5_checksum **) val->sam_cksum, 1, asn1_encode_sequence_of_checksum); 822*7c478bd9Sstevel@tonic-gate retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length, 823*7c478bd9Sstevel@tonic-gate (unsigned char *)val->sam_challenge_2_body.data); 824*7c478bd9Sstevel@tonic-gate if(retval){ 825*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf); 826*7c478bd9Sstevel@tonic-gate return retval; 827*7c478bd9Sstevel@tonic-gate } 828*7c478bd9Sstevel@tonic-gate sum += val->sam_challenge_2_body.length; 829*7c478bd9Sstevel@tonic-gate retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, 830*7c478bd9Sstevel@tonic-gate val->sam_challenge_2_body.length, &length); 831*7c478bd9Sstevel@tonic-gate if(retval) { 832*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf); 833*7c478bd9Sstevel@tonic-gate return retval; 834*7c478bd9Sstevel@tonic-gate } 835*7c478bd9Sstevel@tonic-gate sum += length; 836*7c478bd9Sstevel@tonic-gate 837*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 838*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 839*7c478bd9Sstevel@tonic-gate } 840*7c478bd9Sstevel@tonic-gate 841*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_challenge_2_body(asn1buf *buf, const krb5_sam_challenge_2_body *val, unsigned int *retlen) 842*7c478bd9Sstevel@tonic-gate { 843*7c478bd9Sstevel@tonic-gate asn1_setup(); 844*7c478bd9Sstevel@tonic-gate 845*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_etype, 9, asn1_encode_integer); 846*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_nonce,8,asn1_encode_integer); 847*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); 848*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); 849*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_challenge,5,asn1_encode_charstring); 850*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); 851*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_track_id,3,asn1_encode_charstring); 852*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_type_name,2,asn1_encode_charstring); 853*7c478bd9Sstevel@tonic-gate 854*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); 855*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_type,0,asn1_encode_integer); 856*7c478bd9Sstevel@tonic-gate 857*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 858*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 859*7c478bd9Sstevel@tonic-gate } 860*7c478bd9Sstevel@tonic-gate 861*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_key(asn1buf *buf, const krb5_sam_key *val, unsigned int *retlen) 862*7c478bd9Sstevel@tonic-gate { 863*7c478bd9Sstevel@tonic-gate asn1_setup(); 864*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); 865*7c478bd9Sstevel@tonic-gate 866*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 867*7c478bd9Sstevel@tonic-gate 868*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 869*7c478bd9Sstevel@tonic-gate } 870*7c478bd9Sstevel@tonic-gate 871*7c478bd9Sstevel@tonic-gate 872*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_enc_sam_response_enc(asn1buf *buf, const krb5_enc_sam_response_enc *val, unsigned int *retlen) 873*7c478bd9Sstevel@tonic-gate { 874*7c478bd9Sstevel@tonic-gate asn1_setup(); 875*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_sad,3,asn1_encode_charstring); 876*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_usec,2,asn1_encode_integer); 877*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time); 878*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_nonce,0,asn1_encode_integer); 879*7c478bd9Sstevel@tonic-gate 880*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 881*7c478bd9Sstevel@tonic-gate 882*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 883*7c478bd9Sstevel@tonic-gate } 884*7c478bd9Sstevel@tonic-gate 885*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_enc_sam_response_enc_2(asn1buf *buf, const krb5_enc_sam_response_enc_2 *val, unsigned int *retlen) 886*7c478bd9Sstevel@tonic-gate { 887*7c478bd9Sstevel@tonic-gate asn1_setup(); 888*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_sad,1,asn1_encode_charstring); 889*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_nonce,0,asn1_encode_integer); 890*7c478bd9Sstevel@tonic-gate 891*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 892*7c478bd9Sstevel@tonic-gate 893*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 894*7c478bd9Sstevel@tonic-gate } 895*7c478bd9Sstevel@tonic-gate 896*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_response(asn1buf *buf, const krb5_sam_response *val, unsigned int *retlen) 897*7c478bd9Sstevel@tonic-gate { 898*7c478bd9Sstevel@tonic-gate asn1_setup(); 899*7c478bd9Sstevel@tonic-gate 900*7c478bd9Sstevel@tonic-gate if (val->sam_patimestamp) 901*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); 902*7c478bd9Sstevel@tonic-gate if (val->sam_nonce) 903*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_nonce,5,asn1_encode_integer); 904*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data); 905*7c478bd9Sstevel@tonic-gate if (val->sam_enc_key.ciphertext.length) 906*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); 907*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_track_id,2,asn1_encode_charstring); 908*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); 909*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_type,0,asn1_encode_integer); 910*7c478bd9Sstevel@tonic-gate 911*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 912*7c478bd9Sstevel@tonic-gate 913*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 914*7c478bd9Sstevel@tonic-gate } 915*7c478bd9Sstevel@tonic-gate 916*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_sam_response_2(asn1buf *buf, const krb5_sam_response_2 *val, unsigned int *retlen) 917*7c478bd9Sstevel@tonic-gate { 918*7c478bd9Sstevel@tonic-gate asn1_setup(); 919*7c478bd9Sstevel@tonic-gate 920*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_nonce,4,asn1_encode_integer); 921*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->sam_enc_nonce_or_sad),3,asn1_encode_encrypted_data); 922*7c478bd9Sstevel@tonic-gate add_optstring(val->sam_track_id,2,asn1_encode_charstring); 923*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); 924*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_type,0,asn1_encode_integer); 925*7c478bd9Sstevel@tonic-gate 926*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 927*7c478bd9Sstevel@tonic-gate 928*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 929*7c478bd9Sstevel@tonic-gate } 930*7c478bd9Sstevel@tonic-gate 931*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_predicted_sam_response(asn1buf *buf, const krb5_predicted_sam_response *val, unsigned int *retlen) 932*7c478bd9Sstevel@tonic-gate { 933*7c478bd9Sstevel@tonic-gate asn1_setup(); 934*7c478bd9Sstevel@tonic-gate 935*7c478bd9Sstevel@tonic-gate add_optstring(val->msd,6,asn1_encode_charstring); 936*7c478bd9Sstevel@tonic-gate asn1_addfield(val->client,5,asn1_encode_principal_name); 937*7c478bd9Sstevel@tonic-gate asn1_addfield(val->client,4,asn1_encode_realm); 938*7c478bd9Sstevel@tonic-gate asn1_addfield(val->susec,3,asn1_encode_integer); 939*7c478bd9Sstevel@tonic-gate asn1_addfield(val->stime,2,asn1_encode_kerberos_time); 940*7c478bd9Sstevel@tonic-gate asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); 941*7c478bd9Sstevel@tonic-gate asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); 942*7c478bd9Sstevel@tonic-gate 943*7c478bd9Sstevel@tonic-gate asn1_makeseq(); 944*7c478bd9Sstevel@tonic-gate 945*7c478bd9Sstevel@tonic-gate asn1_cleanup(); 946*7c478bd9Sstevel@tonic-gate } 947*7c478bd9Sstevel@tonic-gate 948*7c478bd9Sstevel@tonic-gate /* 949*7c478bd9Sstevel@tonic-gate * Do some ugliness to insert a raw pre-encoded KRB-SAFE-BODY. 950*7c478bd9Sstevel@tonic-gate */ 951*7c478bd9Sstevel@tonic-gate asn1_error_code asn1_encode_krb_saved_safe_body(asn1buf *buf, const krb5_data *body, unsigned int *retlen) 952*7c478bd9Sstevel@tonic-gate { 953*7c478bd9Sstevel@tonic-gate asn1_error_code retval; 954*7c478bd9Sstevel@tonic-gate 955*7c478bd9Sstevel@tonic-gate retval = asn1buf_insert_octetstring(buf, body->length, 956*7c478bd9Sstevel@tonic-gate (krb5_octet *)body->data); 957*7c478bd9Sstevel@tonic-gate if (retval){ 958*7c478bd9Sstevel@tonic-gate asn1buf_destroy(&buf); 959*7c478bd9Sstevel@tonic-gate return retval; 960*7c478bd9Sstevel@tonic-gate } 961*7c478bd9Sstevel@tonic-gate *retlen = body->length; 962*7c478bd9Sstevel@tonic-gate return 0; 963*7c478bd9Sstevel@tonic-gate } 964