Home | History | Annotate | Download | only in include
      1 
      2 /*
      3  * COPYRIGHT (C) 2006
      4  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
      5  * ALL RIGHTS RESERVED
      6  *
      7  * Permission is granted to use, copy, create derivative works
      8  * and redistribute this software and such derivative works
      9  * for any purpose, so long as the name of The University of
     10  * Michigan is not used in any advertising or publicity
     11  * pertaining to the use of distribution of this software
     12  * without specific, written prior authorization.  If the
     13  * above copyright notice or any other identification of the
     14  * University of Michigan is included in any copy of any
     15  * portion of this software, then the disclaimer below must
     16  * also be included.
     17  *
     18  * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
     19  * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
     20  * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
     21  * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
     22  * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
     23  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
     24  * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
     25  * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
     26  * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
     27  * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
     28  * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
     29  * SUCH DAMAGES.
     30  */
     31 
     32 #ifndef _KRB5_INT_PKINIT_H
     33 #define _KRB5_INT_PKINIT_H
     34 
     35 /*
     36  * pkinit structures
     37  */
     38 
     39 /* PKAuthenticator */
     40 typedef struct _krb5_pk_authenticator {
     41 	krb5_int32	cusec;	/* (0..999999) */
     42 	krb5_timestamp	ctime;
     43 	krb5_int32	nonce;	/* (0..4294967295) */
     44 	krb5_checksum	paChecksum;
     45 } krb5_pk_authenticator;
     46 
     47 /* PKAuthenticator draft9 */
     48 typedef struct _krb5_pk_authenticator_draft9 {
     49 	krb5_principal  kdcName;
     50 	krb5_octet_data	kdcRealm;
     51 	krb5_int32	cusec;	/* (0..999999) */
     52 	krb5_timestamp	ctime;
     53 	krb5_int32	nonce;	/* (0..4294967295) */
     54 } krb5_pk_authenticator_draft9;
     55 
     56 /* AlgorithmIdentifier */
     57 typedef struct _krb5_algorithm_identifier {
     58 	krb5_octet_data	algorithm;	/* OID */
     59 	krb5_octet_data	parameters; /* Optional */
     60 } krb5_algorithm_identifier;
     61 
     62 /* SubjectPublicKeyInfo */
     63 typedef struct _krb5_subject_pk_info {
     64 	krb5_algorithm_identifier   algorithm;
     65 	krb5_octet_data		    subjectPublicKey; /* BIT STRING */
     66 } krb5_subject_pk_info;
     67 
     68 /* AuthPack */
     69 typedef struct _krb5_auth_pack {
     70 	krb5_pk_authenticator	    pkAuthenticator;
     71 	krb5_subject_pk_info	    *clientPublicValue; /* Optional */
     72 	krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
     73 	krb5_octet_data		    clientDHNonce; /* Optional */
     74 } krb5_auth_pack;
     75 
     76 /* AuthPack draft9 */
     77 typedef struct _krb5_auth_pack_draft9 {
     78 	krb5_pk_authenticator_draft9 pkAuthenticator;
     79 	krb5_subject_pk_info	    *clientPublicValue; /* Optional */
     80 } krb5_auth_pack_draft9;
     81 
     82 /* ExternalPrincipalIdentifier */
     83 typedef struct _krb5_external_principal_identifier {
     84 	krb5_octet_data	subjectName; /* Optional */
     85 	krb5_octet_data	issuerAndSerialNumber; /* Optional */
     86 	krb5_octet_data	subjectKeyIdentifier; /* Optional */
     87 } krb5_external_principal_identifier;
     88 
     89 /* TrustedCas */
     90 typedef struct _krb5_trusted_ca {
     91 	enum {
     92 		choice_trusted_cas_UNKNOWN = -1,
     93 		choice_trusted_cas_principalName = 0,
     94 		choice_trusted_cas_caName = 1,
     95 		choice_trusted_cas_issuerAndSerial = 2
     96 	} choice;
     97 	union {
     98 		krb5_principal	principalName;
     99 		krb5_octet_data	caName;	/* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */
    100 		krb5_octet_data	issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */
    101 	} u;
    102 } krb5_trusted_ca;
    103 
    104 /* typed data */
    105 typedef struct _krb5_typed_data {
    106     krb5_magic magic;
    107     krb5_int32  type;
    108     unsigned int length;
    109     krb5_octet *data;
    110 } krb5_typed_data;
    111 
    112 /* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
    113 typedef struct _krb5_pa_pk_as_req_draft9 {
    114 	krb5_octet_data	signedAuthPack;
    115 	krb5_trusted_ca **trustedCertifiers; /* Optional array */
    116 	krb5_octet_data kdcCert; /* Optional */
    117 	krb5_octet_data encryptionCert;
    118 } krb5_pa_pk_as_req_draft9;
    119 
    120 /* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
    121 typedef struct _krb5_pa_pk_as_req {
    122 	krb5_octet_data	signedAuthPack;
    123 	krb5_external_principal_identifier **trustedCertifiers; /* Optional array */
    124 	krb5_octet_data	kdcPkId; /* Optional */
    125 } krb5_pa_pk_as_req;
    126 
    127 /* DHRepInfo */
    128 typedef struct _krb5_dh_rep_info {
    129 	krb5_octet_data	dhSignedData;
    130 	krb5_octet_data	serverDHNonce; /* Optional */
    131 } krb5_dh_rep_info;
    132 
    133 /* KDCDHKeyInfo */
    134 typedef struct _krb5_kdc_dh_key_info {
    135 	krb5_octet_data	subjectPublicKey; /* BIT STRING */
    136 	krb5_int32	nonce;	/* (0..4294967295) */
    137 	krb5_timestamp	dhKeyExpiration; /* Optional */
    138 } krb5_kdc_dh_key_info;
    139 
    140 /* KDCDHKeyInfo draft9*/
    141 typedef struct _krb5_kdc_dh_key_info_draft9 {
    142 	krb5_octet_data	subjectPublicKey; /* BIT STRING */
    143 	krb5_int32	nonce;	/* (0..4294967295) */
    144 } krb5_kdc_dh_key_info_draft9;
    145 
    146 /* ReplyKeyPack */
    147 typedef struct _krb5_reply_key_pack {
    148 	krb5_keyblock	replyKey;
    149 	krb5_checksum	asChecksum;
    150 } krb5_reply_key_pack;
    151 
    152 /* ReplyKeyPack */
    153 typedef struct _krb5_reply_key_pack_draft9 {
    154 	krb5_keyblock	replyKey;
    155 	krb5_int32	nonce;
    156 } krb5_reply_key_pack_draft9;
    157 
    158 /* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */
    159 typedef struct _krb5_pa_pk_as_rep_draft9 {
    160 	enum {
    161 		choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
    162 		choice_pa_pk_as_rep_draft9_dhSignedData = 0,
    163 		choice_pa_pk_as_rep_draft9_encKeyPack = 1
    164 	} choice;
    165 	union {
    166 		krb5_octet_data dhSignedData;
    167 		krb5_octet_data encKeyPack;
    168 	} u;
    169 } krb5_pa_pk_as_rep_draft9;
    170 
    171 /* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
    172 typedef struct _krb5_pa_pk_as_rep {
    173 	enum {
    174 		choice_pa_pk_as_rep_UNKNOWN = -1,
    175 		choice_pa_pk_as_rep_dhInfo = 0,
    176 		choice_pa_pk_as_rep_encKeyPack = 1
    177 	} choice;
    178 	union {
    179 		krb5_dh_rep_info    dh_Info;
    180 		krb5_octet_data	    encKeyPack;
    181 	} u;
    182 } krb5_pa_pk_as_rep;
    183 
    184 /*
    185  * Begin "asn1.h"
    186  */
    187 
    188 /*************************************************************************
    189  * Prototypes for pkinit asn.1 encode routines
    190  *************************************************************************/
    191 
    192 krb5_error_code encode_krb5_pa_pk_as_req
    193 	(const krb5_pa_pk_as_req *rep, krb5_data **code);
    194 
    195 krb5_error_code encode_krb5_pa_pk_as_req_draft9
    196 	(const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code);
    197 
    198 krb5_error_code encode_krb5_pa_pk_as_rep
    199 	(const krb5_pa_pk_as_rep *rep, krb5_data **code);
    200 
    201 krb5_error_code encode_krb5_pa_pk_as_rep_draft9
    202 	(const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code);
    203 
    204 krb5_error_code encode_krb5_auth_pack
    205 	(const krb5_auth_pack *rep, krb5_data **code);
    206 
    207 krb5_error_code encode_krb5_auth_pack_draft9
    208 	(const krb5_auth_pack_draft9 *rep, krb5_data **code);
    209 
    210 krb5_error_code encode_krb5_kdc_dh_key_info
    211 	(const krb5_kdc_dh_key_info *rep, krb5_data **code);
    212 
    213 krb5_error_code encode_krb5_reply_key_pack
    214 	(const krb5_reply_key_pack *, krb5_data **code);
    215 
    216 krb5_error_code encode_krb5_reply_key_pack_draft9
    217 	(const krb5_reply_key_pack_draft9 *, krb5_data **code);
    218 
    219 krb5_error_code encode_krb5_typed_data
    220 	(const krb5_typed_data **, krb5_data **code);
    221 
    222 krb5_error_code encode_krb5_td_trusted_certifiers
    223 	(const krb5_external_principal_identifier **, krb5_data **code);
    224 
    225 krb5_error_code encode_krb5_td_dh_parameters
    226 	(const krb5_algorithm_identifier **, krb5_data **code);
    227 
    228 /*************************************************************************
    229  * Prototypes for pkinit asn.1 decode routines
    230  *************************************************************************/
    231 
    232 krb5_error_code decode_krb5_pa_pk_as_req
    233 	(const krb5_data *, krb5_pa_pk_as_req **);
    234 
    235 krb5_error_code decode_krb5_pa_pk_as_req_draft9
    236 	(const krb5_data *, krb5_pa_pk_as_req_draft9 **);
    237 
    238 krb5_error_code decode_krb5_pa_pk_as_rep
    239 	(const krb5_data *, krb5_pa_pk_as_rep **);
    240 
    241 krb5_error_code decode_krb5_pa_pk_as_rep_draft9
    242 	(const krb5_data *, krb5_pa_pk_as_rep_draft9 **);
    243 
    244 krb5_error_code decode_krb5_auth_pack
    245 	(const krb5_data *, krb5_auth_pack **);
    246 
    247 krb5_error_code decode_krb5_auth_pack_draft9
    248 	(const krb5_data *, krb5_auth_pack_draft9 **);
    249 
    250 krb5_error_code decode_krb5_kdc_dh_key_info
    251 	(const krb5_data *, krb5_kdc_dh_key_info **);
    252 
    253 krb5_error_code decode_krb5_principal_name
    254 	(const krb5_data *, krb5_principal_data **);
    255 
    256 krb5_error_code decode_krb5_reply_key_pack
    257 	(const krb5_data *, krb5_reply_key_pack **);
    258 
    259 krb5_error_code decode_krb5_reply_key_pack_draft9
    260 	(const krb5_data *, krb5_reply_key_pack_draft9 **);
    261 
    262 krb5_error_code decode_krb5_typed_data
    263 	(const krb5_data *, krb5_typed_data ***);
    264 
    265 krb5_error_code decode_krb5_td_trusted_certifiers
    266 	(const krb5_data *, krb5_external_principal_identifier ***);
    267 
    268 krb5_error_code decode_krb5_td_dh_parameters
    269 	(const krb5_data *, krb5_algorithm_identifier ***);
    270 
    271 #endif /* _KRB5_INT_PKINIT_H */
    272