/* PKAuthenticator draft9 */
typedef struct _krb5_pk_authenticator_draft9 {
krb5_principal kdcName;
- krb5_octet_data kdcRealm;
krb5_int32 cusec; /* (0..999999) */
krb5_timestamp ctime;
krb5_int32 nonce; /* (0..4294967295) */
/* AlgorithmIdentifier */
typedef struct _krb5_algorithm_identifier {
- krb5_octet_data algorithm; /* OID */
- krb5_octet_data parameters; /* Optional */
+ krb5_data algorithm; /* OID */
+ krb5_data parameters; /* Optional */
} krb5_algorithm_identifier;
/* SubjectPublicKeyInfo */
typedef struct _krb5_subject_pk_info {
krb5_algorithm_identifier algorithm;
- krb5_octet_data subjectPublicKey; /* BIT STRING */
+ krb5_data subjectPublicKey; /* BIT STRING */
} krb5_subject_pk_info;
/** AuthPack from RFC 4556*/
krb5_pk_authenticator pkAuthenticator;
krb5_subject_pk_info *clientPublicValue; /* Optional */
krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
- krb5_octet_data clientDHNonce; /* Optional */
- krb5_octet_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
+ krb5_data clientDHNonce; /* Optional */
+ krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
} krb5_auth_pack;
/* AuthPack draft9 */
/* ExternalPrincipalIdentifier */
typedef struct _krb5_external_principal_identifier {
- krb5_octet_data subjectName; /* Optional */
- krb5_octet_data issuerAndSerialNumber; /* Optional */
- krb5_octet_data subjectKeyIdentifier; /* Optional */
+ krb5_data subjectName; /* Optional */
+ krb5_data issuerAndSerialNumber; /* Optional */
+ krb5_data subjectKeyIdentifier; /* Optional */
} krb5_external_principal_identifier;
-/* TrustedCas */
-typedef struct _krb5_trusted_ca {
- enum {
- choice_trusted_cas_UNKNOWN = -1,
- choice_trusted_cas_principalName = 0,
- choice_trusted_cas_caName = 1,
- choice_trusted_cas_issuerAndSerial = 2
- } choice;
- union {
- krb5_principal principalName;
- krb5_octet_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */
- krb5_octet_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */
- } u;
-} krb5_trusted_ca;
-
/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
+/* This has four fields, but we only care about the first and third for
+ * encoding, and the only about the first for decoding. */
typedef struct _krb5_pa_pk_as_req_draft9 {
- krb5_octet_data signedAuthPack;
- krb5_trusted_ca **trustedCertifiers; /* Optional array */
- krb5_octet_data kdcCert; /* Optional */
- krb5_octet_data encryptionCert;
+ krb5_data signedAuthPack;
+ krb5_data kdcCert; /* Optional */
} krb5_pa_pk_as_req_draft9;
/* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
typedef struct _krb5_pa_pk_as_req {
- krb5_octet_data signedAuthPack;
+ krb5_data signedAuthPack;
krb5_external_principal_identifier **trustedCertifiers; /* Optional array */
- krb5_octet_data kdcPkId; /* Optional */
+ krb5_data kdcPkId; /* Optional */
} krb5_pa_pk_as_req;
/** Pkinit DHRepInfo */
typedef struct _krb5_dh_rep_info {
- krb5_octet_data dhSignedData;
- krb5_octet_data serverDHNonce; /* Optional */
- krb5_octet_data *kdfID; /* OID of selected KDF OPTIONAL */
+ krb5_data dhSignedData;
+ krb5_data serverDHNonce; /* Optional */
+ krb5_data *kdfID; /* OID of selected KDF OPTIONAL */
} krb5_dh_rep_info;
/* KDCDHKeyInfo */
typedef struct _krb5_kdc_dh_key_info {
- krb5_octet_data subjectPublicKey; /* BIT STRING */
+ krb5_data subjectPublicKey; /* BIT STRING */
krb5_int32 nonce; /* (0..4294967295) */
krb5_timestamp dhKeyExpiration; /* Optional */
} krb5_kdc_dh_key_info;
/* KDCDHKeyInfo draft9*/
typedef struct _krb5_kdc_dh_key_info_draft9 {
- krb5_octet_data subjectPublicKey; /* BIT STRING */
+ krb5_data subjectPublicKey; /* BIT STRING */
krb5_int32 nonce; /* (0..4294967295) */
} krb5_kdc_dh_key_info_draft9;
/* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */
typedef struct _krb5_pa_pk_as_rep_draft9 {
- enum {
+ enum krb5_pa_pk_as_rep_draft9_selection {
choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
choice_pa_pk_as_rep_draft9_dhSignedData = 0,
choice_pa_pk_as_rep_draft9_encKeyPack = 1
} choice;
- union {
- krb5_octet_data dhSignedData;
- krb5_octet_data encKeyPack;
+ union krb5_pa_pk_as_rep_draft9_choices {
+ krb5_data dhSignedData;
+ krb5_data encKeyPack;
} u;
} krb5_pa_pk_as_rep_draft9;
/* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
typedef struct _krb5_pa_pk_as_rep {
- enum {
+ enum krb5_pa_pk_as_rep_selection {
choice_pa_pk_as_rep_UNKNOWN = -1,
choice_pa_pk_as_rep_dhInfo = 0,
choice_pa_pk_as_rep_encKeyPack = 1
} choice;
- union {
+ union krb5_pa_pk_as_rep_choices {
krb5_dh_rep_info dh_Info;
- krb5_octet_data encKeyPack;
+ krb5_data encKeyPack;
} u;
} krb5_pa_pk_as_rep;
/* PkinitSuppPubInfo, for pkinit algorithm agility */
typedef struct _krb5_pkinit_supp_pub_info {
krb5_enctype enctype;
- krb5_octet_data as_req;
- krb5_octet_data pk_as_rep;
+ krb5_data as_req;
+ krb5_data pk_as_rep;
} krb5_pkinit_supp_pub_info;
/*
krb5_data **code);
krb5_error_code
-encode_krb5_typed_data(const krb5_typed_data **, krb5_data **code);
-
-krb5_error_code
-encode_krb5_td_trusted_certifiers(const krb5_external_principal_identifier **,
+encode_krb5_td_trusted_certifiers(krb5_external_principal_identifier *const *,
krb5_data **code);
krb5_error_code
-encode_krb5_td_dh_parameters(const krb5_algorithm_identifier **,
+encode_krb5_td_dh_parameters(krb5_algorithm_identifier *const *,
krb5_data **code);
krb5_error_code
decode_krb5_pa_pk_as_rep(const krb5_data *, krb5_pa_pk_as_rep **);
krb5_error_code
-decode_krb5_pa_pk_as_rep_draft9(const krb5_data *,
- krb5_pa_pk_as_rep_draft9 **);
-
-krb5_error_code
decode_krb5_auth_pack(const krb5_data *, krb5_auth_pack **);
krb5_error_code
krb5_reply_key_pack_draft9 **);
krb5_error_code
-decode_krb5_typed_data(const krb5_data *, krb5_typed_data ***);
-
-krb5_error_code
decode_krb5_td_trusted_certifiers(const krb5_data *,
krb5_external_principal_identifier ***);
krb5_error_code
decode_krb5_td_dh_parameters(const krb5_data *, krb5_algorithm_identifier ***);
-void krb5_free_typed_data(krb5_context, krb5_typed_data **);
-
krb5_error_code
encode_krb5_enc_data(const krb5_enc_data *, krb5_data **);