1 /* $OpenBSD: krb5_asn.c,v 1.3 2015/02/09 16:04:46 jsing Exp $ */
2 /* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
3 ** using ocsp/{*.h,*asn*.c} as a starting point
5 /* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
58 #include <openssl/asn1.h>
59 #include <openssl/asn1t.h>
60 #include <openssl/krb5_asn.h>
63 static const ASN1_TEMPLATE KRB5_ENCDATA_seq_tt[] = {
65 .flags = ASN1_TFLG_EXPLICIT,
67 .offset = offsetof(KRB5_ENCDATA, etype),
68 .field_name = "etype",
69 .item = &ASN1_INTEGER_it,
72 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
74 .offset = offsetof(KRB5_ENCDATA, kvno),
76 .item = &ASN1_INTEGER_it,
79 .flags = ASN1_TFLG_EXPLICIT,
81 .offset = offsetof(KRB5_ENCDATA, cipher),
82 .field_name = "cipher",
83 .item = &ASN1_OCTET_STRING_it,
87 const ASN1_ITEM KRB5_ENCDATA_it = {
88 .itype = ASN1_ITYPE_SEQUENCE,
89 .utype = V_ASN1_SEQUENCE,
90 .templates = KRB5_ENCDATA_seq_tt,
91 .tcount = sizeof(KRB5_ENCDATA_seq_tt) / sizeof(ASN1_TEMPLATE),
93 .size = sizeof(KRB5_ENCDATA),
94 .sname = "KRB5_ENCDATA",
99 d2i_KRB5_ENCDATA(KRB5_ENCDATA **a, const unsigned char **in, long len)
101 return (KRB5_ENCDATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
106 i2d_KRB5_ENCDATA(KRB5_ENCDATA *a, unsigned char **out)
108 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_ENCDATA_it);
112 KRB5_ENCDATA_new(void)
114 return (KRB5_ENCDATA *)ASN1_item_new(&KRB5_ENCDATA_it);
118 KRB5_ENCDATA_free(KRB5_ENCDATA *a)
120 ASN1_item_free((ASN1_VALUE *)a, &KRB5_ENCDATA_it);
124 static const ASN1_TEMPLATE KRB5_PRINCNAME_seq_tt[] = {
126 .flags = ASN1_TFLG_EXPLICIT,
128 .offset = offsetof(KRB5_PRINCNAME, nametype),
129 .field_name = "nametype",
130 .item = &ASN1_INTEGER_it,
133 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
135 .offset = offsetof(KRB5_PRINCNAME, namestring),
136 .field_name = "namestring",
137 .item = &ASN1_GENERALSTRING_it,
141 const ASN1_ITEM KRB5_PRINCNAME_it = {
142 .itype = ASN1_ITYPE_SEQUENCE,
143 .utype = V_ASN1_SEQUENCE,
144 .templates = KRB5_PRINCNAME_seq_tt,
145 .tcount = sizeof(KRB5_PRINCNAME_seq_tt) / sizeof(ASN1_TEMPLATE),
147 .size = sizeof(KRB5_PRINCNAME),
148 .sname = "KRB5_PRINCNAME",
153 d2i_KRB5_PRINCNAME(KRB5_PRINCNAME **a, const unsigned char **in, long len)
155 return (KRB5_PRINCNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
160 i2d_KRB5_PRINCNAME(KRB5_PRINCNAME *a, unsigned char **out)
162 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_PRINCNAME_it);
166 KRB5_PRINCNAME_new(void)
168 return (KRB5_PRINCNAME *)ASN1_item_new(&KRB5_PRINCNAME_it);
172 KRB5_PRINCNAME_free(KRB5_PRINCNAME *a)
174 ASN1_item_free((ASN1_VALUE *)a, &KRB5_PRINCNAME_it);
178 /* [APPLICATION 1] = 0x61 */
179 static const ASN1_TEMPLATE KRB5_TKTBODY_seq_tt[] = {
181 .flags = ASN1_TFLG_EXPLICIT,
183 .offset = offsetof(KRB5_TKTBODY, tktvno),
184 .field_name = "tktvno",
185 .item = &ASN1_INTEGER_it,
188 .flags = ASN1_TFLG_EXPLICIT,
190 .offset = offsetof(KRB5_TKTBODY, realm),
191 .field_name = "realm",
192 .item = &ASN1_GENERALSTRING_it,
195 .flags = ASN1_TFLG_EXPLICIT,
197 .offset = offsetof(KRB5_TKTBODY, sname),
198 .field_name = "sname",
199 .item = &KRB5_PRINCNAME_it,
202 .flags = ASN1_TFLG_EXPLICIT,
204 .offset = offsetof(KRB5_TKTBODY, encdata),
205 .field_name = "encdata",
206 .item = &KRB5_ENCDATA_it,
210 const ASN1_ITEM KRB5_TKTBODY_it = {
211 .itype = ASN1_ITYPE_SEQUENCE,
212 .utype = V_ASN1_SEQUENCE,
213 .templates = KRB5_TKTBODY_seq_tt,
214 .tcount = sizeof(KRB5_TKTBODY_seq_tt) / sizeof(ASN1_TEMPLATE),
216 .size = sizeof(KRB5_TKTBODY),
217 .sname = "KRB5_TKTBODY",
222 d2i_KRB5_TKTBODY(KRB5_TKTBODY **a, const unsigned char **in, long len)
224 return (KRB5_TKTBODY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
229 i2d_KRB5_TKTBODY(KRB5_TKTBODY *a, unsigned char **out)
231 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_TKTBODY_it);
235 KRB5_TKTBODY_new(void)
237 return (KRB5_TKTBODY *)ASN1_item_new(&KRB5_TKTBODY_it);
241 KRB5_TKTBODY_free(KRB5_TKTBODY *a)
243 ASN1_item_free((ASN1_VALUE *)a, &KRB5_TKTBODY_it);
247 static const ASN1_TEMPLATE KRB5_TICKET_item_tt = {
248 .flags = ASN1_TFLG_EXPTAG | ASN1_TFLG_APPLICATION,
251 .field_name = "KRB5_TICKET",
252 .item = &KRB5_TKTBODY_it,
255 const ASN1_ITEM KRB5_TICKET_it = {
256 .itype = ASN1_ITYPE_PRIMITIVE,
258 .templates = &KRB5_TICKET_item_tt,
262 .sname = "KRB5_TICKET",
267 d2i_KRB5_TICKET(KRB5_TICKET **a, const unsigned char **in, long len)
269 return (KRB5_TICKET *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
274 i2d_KRB5_TICKET(KRB5_TICKET *a, unsigned char **out)
276 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_TICKET_it);
280 KRB5_TICKET_new(void)
282 return (KRB5_TICKET *)ASN1_item_new(&KRB5_TICKET_it);
286 KRB5_TICKET_free(KRB5_TICKET *a)
288 ASN1_item_free((ASN1_VALUE *)a, &KRB5_TICKET_it);
292 /* [APPLICATION 14] = 0x6e */
293 static const ASN1_TEMPLATE KRB5_APREQBODY_seq_tt[] = {
295 .flags = ASN1_TFLG_EXPLICIT,
297 .offset = offsetof(KRB5_APREQBODY, pvno),
298 .field_name = "pvno",
299 .item = &ASN1_INTEGER_it,
302 .flags = ASN1_TFLG_EXPLICIT,
304 .offset = offsetof(KRB5_APREQBODY, msgtype),
305 .field_name = "msgtype",
306 .item = &ASN1_INTEGER_it,
309 .flags = ASN1_TFLG_EXPLICIT,
311 .offset = offsetof(KRB5_APREQBODY, apoptions),
312 .field_name = "apoptions",
313 .item = &ASN1_BIT_STRING_it,
316 .flags = ASN1_TFLG_EXPLICIT,
318 .offset = offsetof(KRB5_APREQBODY, ticket),
319 .field_name = "ticket",
320 .item = &KRB5_TICKET_it,
323 .flags = ASN1_TFLG_EXPLICIT,
325 .offset = offsetof(KRB5_APREQBODY, authenticator),
326 .field_name = "authenticator",
327 .item = &KRB5_ENCDATA_it,
331 const ASN1_ITEM KRB5_APREQBODY_it = {
332 .itype = ASN1_ITYPE_SEQUENCE,
333 .utype = V_ASN1_SEQUENCE,
334 .templates = KRB5_APREQBODY_seq_tt,
335 .tcount = sizeof(KRB5_APREQBODY_seq_tt) / sizeof(ASN1_TEMPLATE),
337 .size = sizeof(KRB5_APREQBODY),
338 .sname = "KRB5_APREQBODY",
343 d2i_KRB5_APREQBODY(KRB5_APREQBODY **a, const unsigned char **in, long len)
345 return (KRB5_APREQBODY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
350 i2d_KRB5_APREQBODY(KRB5_APREQBODY *a, unsigned char **out)
352 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_APREQBODY_it);
356 KRB5_APREQBODY_new(void)
358 return (KRB5_APREQBODY *)ASN1_item_new(&KRB5_APREQBODY_it);
362 KRB5_APREQBODY_free(KRB5_APREQBODY *a)
364 ASN1_item_free((ASN1_VALUE *)a, &KRB5_APREQBODY_it);
367 static const ASN1_TEMPLATE KRB5_APREQ_item_tt = {
368 .flags = ASN1_TFLG_EXPTAG | ASN1_TFLG_APPLICATION,
371 .field_name = "KRB5_APREQ",
372 .item = &KRB5_APREQBODY_it,
375 const ASN1_ITEM KRB5_APREQ_it = {
376 .itype = ASN1_ITYPE_PRIMITIVE,
378 .templates = &KRB5_APREQ_item_tt,
382 .sname = "KRB5_APREQ",
387 d2i_KRB5_APREQ(KRB5_APREQ **a, const unsigned char **in, long len)
389 return (KRB5_APREQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
394 i2d_KRB5_APREQ(KRB5_APREQ *a, unsigned char **out)
396 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_APREQ_it);
402 return (KRB5_APREQ *)ASN1_item_new(&KRB5_APREQ_it);
406 KRB5_APREQ_free(KRB5_APREQ *a)
408 ASN1_item_free((ASN1_VALUE *)a, &KRB5_APREQ_it);
412 /* Authenticator stuff */
414 static const ASN1_TEMPLATE KRB5_CHECKSUM_seq_tt[] = {
416 .flags = ASN1_TFLG_EXPLICIT,
418 .offset = offsetof(KRB5_CHECKSUM, ctype),
419 .field_name = "ctype",
420 .item = &ASN1_INTEGER_it,
423 .flags = ASN1_TFLG_EXPLICIT,
425 .offset = offsetof(KRB5_CHECKSUM, checksum),
426 .field_name = "checksum",
427 .item = &ASN1_OCTET_STRING_it,
431 const ASN1_ITEM KRB5_CHECKSUM_it = {
432 .itype = ASN1_ITYPE_SEQUENCE,
433 .utype = V_ASN1_SEQUENCE,
434 .templates = KRB5_CHECKSUM_seq_tt,
435 .tcount = sizeof(KRB5_CHECKSUM_seq_tt) / sizeof(ASN1_TEMPLATE),
437 .size = sizeof(KRB5_CHECKSUM),
438 .sname = "KRB5_CHECKSUM",
443 d2i_KRB5_CHECKSUM(KRB5_CHECKSUM **a, const unsigned char **in, long len)
445 return (KRB5_CHECKSUM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
450 i2d_KRB5_CHECKSUM(KRB5_CHECKSUM *a, unsigned char **out)
452 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_CHECKSUM_it);
456 KRB5_CHECKSUM_new(void)
458 return (KRB5_CHECKSUM *)ASN1_item_new(&KRB5_CHECKSUM_it);
462 KRB5_CHECKSUM_free(KRB5_CHECKSUM *a)
464 ASN1_item_free((ASN1_VALUE *)a, &KRB5_CHECKSUM_it);
468 static const ASN1_TEMPLATE KRB5_ENCKEY_seq_tt[] = {
470 .flags = ASN1_TFLG_EXPLICIT,
472 .offset = offsetof(KRB5_ENCKEY, ktype),
473 .field_name = "ktype",
474 .item = &ASN1_INTEGER_it,
477 .flags = ASN1_TFLG_EXPLICIT,
479 .offset = offsetof(KRB5_ENCKEY, keyvalue),
480 .field_name = "keyvalue",
481 .item = &ASN1_OCTET_STRING_it,
485 const ASN1_ITEM KRB5_ENCKEY_it = {
486 .itype = ASN1_ITYPE_SEQUENCE,
487 .utype = V_ASN1_SEQUENCE,
488 .templates = KRB5_ENCKEY_seq_tt,
489 .tcount = sizeof(KRB5_ENCKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
491 .size = sizeof(KRB5_ENCKEY),
492 .sname = "KRB5_ENCKEY",
497 d2i_KRB5_ENCKEY(KRB5_ENCKEY **a, const unsigned char **in, long len)
499 return (KRB5_ENCKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
504 i2d_KRB5_ENCKEY(KRB5_ENCKEY *a, unsigned char **out)
506 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_ENCKEY_it);
510 KRB5_ENCKEY_new(void)
512 return (KRB5_ENCKEY *)ASN1_item_new(&KRB5_ENCKEY_it);
516 KRB5_ENCKEY_free(KRB5_ENCKEY *a)
518 ASN1_item_free((ASN1_VALUE *)a, &KRB5_ENCKEY_it);
522 /* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
523 static const ASN1_TEMPLATE KRB5_AUTHDATA_seq_tt[] = {
525 .flags = ASN1_TFLG_EXPLICIT,
527 .offset = offsetof(KRB5_AUTHDATA, adtype),
528 .field_name = "adtype",
529 .item = &ASN1_INTEGER_it,
532 .flags = ASN1_TFLG_EXPLICIT,
534 .offset = offsetof(KRB5_AUTHDATA, addata),
535 .field_name = "addata",
536 .item = &ASN1_OCTET_STRING_it,
540 const ASN1_ITEM KRB5_AUTHDATA_it = {
541 .itype = ASN1_ITYPE_SEQUENCE,
542 .utype = V_ASN1_SEQUENCE,
543 .templates = KRB5_AUTHDATA_seq_tt,
544 .tcount = sizeof(KRB5_AUTHDATA_seq_tt) / sizeof(ASN1_TEMPLATE),
546 .size = sizeof(KRB5_AUTHDATA),
547 .sname = "KRB5_AUTHDATA",
552 d2i_KRB5_AUTHDATA(KRB5_AUTHDATA **a, const unsigned char **in, long len)
554 return (KRB5_AUTHDATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
559 i2d_KRB5_AUTHDATA(KRB5_AUTHDATA *a, unsigned char **out)
561 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_AUTHDATA_it);
565 KRB5_AUTHDATA_new(void)
567 return (KRB5_AUTHDATA *)ASN1_item_new(&KRB5_AUTHDATA_it);
571 KRB5_AUTHDATA_free(KRB5_AUTHDATA *a)
573 ASN1_item_free((ASN1_VALUE *)a, &KRB5_AUTHDATA_it);
577 /* [APPLICATION 2] = 0x62 */
578 static const ASN1_TEMPLATE KRB5_AUTHENTBODY_seq_tt[] = {
580 .flags = ASN1_TFLG_EXPLICIT,
582 .offset = offsetof(KRB5_AUTHENTBODY, avno),
583 .field_name = "avno",
584 .item = &ASN1_INTEGER_it,
587 .flags = ASN1_TFLG_EXPLICIT,
589 .offset = offsetof(KRB5_AUTHENTBODY, crealm),
590 .field_name = "crealm",
591 .item = &ASN1_GENERALSTRING_it,
594 .flags = ASN1_TFLG_EXPLICIT,
596 .offset = offsetof(KRB5_AUTHENTBODY, cname),
597 .field_name = "cname",
598 .item = &KRB5_PRINCNAME_it,
601 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
603 .offset = offsetof(KRB5_AUTHENTBODY, cksum),
604 .field_name = "cksum",
605 .item = &KRB5_CHECKSUM_it,
608 .flags = ASN1_TFLG_EXPLICIT,
610 .offset = offsetof(KRB5_AUTHENTBODY, cusec),
611 .field_name = "cusec",
612 .item = &ASN1_INTEGER_it,
615 .flags = ASN1_TFLG_EXPLICIT,
617 .offset = offsetof(KRB5_AUTHENTBODY, ctime),
618 .field_name = "ctime",
619 .item = &ASN1_GENERALIZEDTIME_it,
622 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
624 .offset = offsetof(KRB5_AUTHENTBODY, subkey),
625 .field_name = "subkey",
626 .item = &KRB5_ENCKEY_it,
629 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
631 .offset = offsetof(KRB5_AUTHENTBODY, seqnum),
632 .field_name = "seqnum",
633 .item = &ASN1_INTEGER_it,
636 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
638 .offset = offsetof(KRB5_AUTHENTBODY, authorization),
639 .field_name = "authorization",
640 .item = &KRB5_AUTHDATA_it,
644 const ASN1_ITEM KRB5_AUTHENTBODY_it = {
645 .itype = ASN1_ITYPE_SEQUENCE,
646 .utype = V_ASN1_SEQUENCE,
647 .templates = KRB5_AUTHENTBODY_seq_tt,
648 .tcount = sizeof(KRB5_AUTHENTBODY_seq_tt) / sizeof(ASN1_TEMPLATE),
650 .size = sizeof(KRB5_AUTHENTBODY),
651 .sname = "KRB5_AUTHENTBODY",
656 d2i_KRB5_AUTHENTBODY(KRB5_AUTHENTBODY **a, const unsigned char **in, long len)
658 return (KRB5_AUTHENTBODY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
659 &KRB5_AUTHENTBODY_it);
663 i2d_KRB5_AUTHENTBODY(KRB5_AUTHENTBODY *a, unsigned char **out)
665 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_AUTHENTBODY_it);
669 KRB5_AUTHENTBODY_new(void)
671 return (KRB5_AUTHENTBODY *)ASN1_item_new(&KRB5_AUTHENTBODY_it);
675 KRB5_AUTHENTBODY_free(KRB5_AUTHENTBODY *a)
677 ASN1_item_free((ASN1_VALUE *)a, &KRB5_AUTHENTBODY_it);
680 static const ASN1_TEMPLATE KRB5_AUTHENT_item_tt = {
681 .flags = ASN1_TFLG_EXPTAG | ASN1_TFLG_APPLICATION,
684 .field_name = "KRB5_AUTHENT",
685 .item = &KRB5_AUTHENTBODY_it,
688 const ASN1_ITEM KRB5_AUTHENT_it = {
689 .itype = ASN1_ITYPE_PRIMITIVE,
691 .templates = &KRB5_AUTHENT_item_tt,
695 .sname = "KRB5_AUTHENT",
700 d2i_KRB5_AUTHENT(KRB5_AUTHENT **a, const unsigned char **in, long len)
702 return (KRB5_AUTHENT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
707 i2d_KRB5_AUTHENT(KRB5_AUTHENT *a, unsigned char **out)
709 return ASN1_item_i2d((ASN1_VALUE *)a, out, &KRB5_AUTHENT_it);
713 KRB5_AUTHENT_new(void)
715 return (KRB5_AUTHENT *)ASN1_item_new(&KRB5_AUTHENT_it);
719 KRB5_AUTHENT_free(KRB5_AUTHENT *a)
721 ASN1_item_free((ASN1_VALUE *)a, &KRB5_AUTHENT_it);