shishi

shishi

Synopsis

#define             SHISHI_DNS_IN
#define             SHISHI_DNS_SRV
#define             SHISHI_DNS_TXT
#define             SHISHI_GENERALIZEDTIMEZ_LENGTH
#define             SHISHI_GENERALIZEDTIME_LENGTH
#define             SHISHI_VERSION
typedef             Shishi;
enum                Shishi_KDCOptions;
typedef             Shishi_ap;
enum                Shishi_apoptions;
typedef             Shishi_as;
typedef             Shishi_asn1;
enum                Shishi_authorization;
enum                Shishi_cksumtype;
typedef             Shishi_crypto;
typedef             Shishi_dns;
typedef             Shishi_dns_srv;
enum                Shishi_etype;
enum                Shishi_filetype;
typedef             Shishi_key;
typedef             Shishi_keys;
enum                Shishi_keyusage;
enum                Shishi_krb_error;
enum                Shishi_lrtype;
enum                Shishi_msgtype;
enum                Shishi_name_type;
enum                Shishi_outputtype;
enum                Shishi_padata_type;
typedef             Shishi_priv;
enum                Shishi_rc;
typedef             Shishi_safe;
typedef             Shishi_tgs;
enum                Shishi_ticketflags;
typedef             Shishi_tkt;
typedef             Shishi_tkts;
typedef             Shishi_tkts_hint;
enum                Shishi_tkts_hintflags;
enum                Shishi_tr_type;
Shishi *            shishi                              (void);
int                 shishi_3des                         (Shishi *handle,
                                                         int decryptp,
                                                         const char key[24],
                                                         const char iv[8],
                                                         char *ivout[8],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);
int                 shishi_aes_cts                      (Shishi *handle,
                                                         int decryptp,
                                                         const char *key,
                                                         size_t keylen,
                                                         const char iv[16],
                                                         char *ivout[16],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);
void                (*shishi_alloc_fail_function)       (void);
int                 shishi_ap                           (Shishi *handle,
                                                         Shishi_ap **ap);
Shishi_asn1         shishi_ap_authenticator             (Shishi_ap *ap);
int                 shishi_ap_authenticator_cksumdata   (Shishi_ap *ap,
                                                         char *out,
                                                         size_t *len);
void                shishi_ap_authenticator_cksumdata_set
                                                        (Shishi_ap *ap,
                                                         const char *authenticatorcksumdata,
                                                         size_t authenticatorcksumdatalen);
void                shishi_ap_authenticator_cksumraw_set
                                                        (Shishi_ap *ap,
                                                         int32_t authenticatorcksumtype,
                                                         const char *authenticatorcksumraw,
                                                         size_t authenticatorcksumrawlen);
int32_t             shishi_ap_authenticator_cksumtype   (Shishi_ap *ap);
void                shishi_ap_authenticator_cksumtype_set
                                                        (Shishi_ap *ap,
                                                         int32_t cksumtype);
void                shishi_ap_authenticator_set         (Shishi_ap *ap,
                                                         Shishi_asn1 authenticator);
void                shishi_ap_done                      (Shishi_ap *ap);
Shishi_asn1         shishi_ap_encapreppart              (Shishi_ap *ap);
void                shishi_ap_encapreppart_set          (Shishi_ap *ap,
                                                         Shishi_asn1 encapreppart);
int                 shishi_ap_etype                     (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         int etype);
int                 shishi_ap_etype_tktoptionsdata      (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         int32_t etype,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         const char *data,
                                                         size_t len);
Shishi_key *        shishi_ap_key                       (Shishi_ap *ap);
int                 shishi_ap_nosubkey                  (Shishi *handle,
                                                         Shishi_ap **ap);
const char *        shishi_ap_option2string             (Shishi_apoptions option);
Shishi_asn1         shishi_ap_rep                       (Shishi_ap *ap);
int                 shishi_ap_rep_asn1                  (Shishi_ap *ap,
                                                         Shishi_asn1 *aprep);
int                 shishi_ap_rep_build                 (Shishi_ap *ap);
int                 shishi_ap_rep_der                   (Shishi_ap *ap,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_ap_rep_der_set               (Shishi_ap *ap,
                                                         char *der,
                                                         size_t derlen);
void                shishi_ap_rep_set                   (Shishi_ap *ap,
                                                         Shishi_asn1 aprep);
int                 shishi_ap_rep_verify                (Shishi_ap *ap);
int                 shishi_ap_rep_verify_asn1           (Shishi_ap *ap,
                                                         Shishi_asn1 aprep);
int                 shishi_ap_rep_verify_der            (Shishi_ap *ap,
                                                         char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_ap_req                       (Shishi_ap *ap);
int                 shishi_ap_req_asn1                  (Shishi_ap *ap,
                                                         Shishi_asn1 *apreq);
int                 shishi_ap_req_build                 (Shishi_ap *ap);
int                 shishi_ap_req_decode                (Shishi_ap *ap);
int                 shishi_ap_req_der                   (Shishi_ap *ap,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_ap_req_der_set               (Shishi_ap *ap,
                                                         char *der,
                                                         size_t derlen);
int                 shishi_ap_req_process               (Shishi_ap *ap,
                                                         Shishi_key *key);
int                 shishi_ap_req_process_keyusage      (Shishi_ap *ap,
                                                         Shishi_key *key,
                                                         int32_t keyusage);
void                shishi_ap_req_set                   (Shishi_ap *ap,
                                                         Shishi_asn1 apreq);
int                 shishi_ap_set_tktoptions            (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options);
int                 shishi_ap_set_tktoptionsasn1usage   (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int authenticatorcksumkeyusage,
                                                         int authenticatorkeyusage);
int                 shishi_ap_set_tktoptionsdata        (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         const char *data,
                                                         size_t len);
int                 shishi_ap_set_tktoptionsraw         (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         int32_t cksumtype,
                                                         const char *data,
                                                         size_t len);
Shishi_apoptions    shishi_ap_string2option             (const char *str);
Shishi_tkt *        shishi_ap_tkt                       (Shishi_ap *ap);
void                shishi_ap_tkt_set                   (Shishi_ap *ap,
                                                         Shishi_tkt *tkt);
int                 shishi_ap_tktoptions                (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options);
int                 shishi_ap_tktoptionsasn1usage       (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int authenticatorcksumkeyusage,
                                                         int authenticatorkeyusage);
int                 shishi_ap_tktoptionsdata            (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         const char *data,
                                                         size_t len);
int                 shishi_ap_tktoptionsraw             (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         int32_t cksumtype,
                                                         const char *data,
                                                         size_t len);
Shishi_asn1         shishi_aprep                        (Shishi *handle);
int                 shishi_aprep_decrypt                (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 *encapreppart);
int                 shishi_aprep_enc_part_add           (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_asn1 encapreppart);
int                 shishi_aprep_enc_part_make          (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         Shishi_asn1 encapreppart,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_asn1 encticketpart);
int                 shishi_aprep_enc_part_set           (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         int etype,
                                                         const char *buf,
                                                         size_t buflen);
int                 shishi_aprep_from_file              (Shishi *handle,
                                                         Shishi_asn1 *aprep,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_aprep_get_enc_part_etype     (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         int32_t *etype);
int                 shishi_aprep_parse                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *aprep);
int                 shishi_aprep_print                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 aprep);
int                 shishi_aprep_read                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *aprep);
int                 shishi_aprep_save                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 aprep);
int                 shishi_aprep_to_file                (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_aprep_verify                 (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_asn1 encapreppart);
Shishi_asn1         shishi_apreq                        (Shishi *handle);
int                 shishi_apreq_add_authenticator      (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 authenticator);
int                 shishi_apreq_decrypt                (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 *authenticator);
int                 shishi_apreq_from_file              (Shishi *handle,
                                                         Shishi_asn1 *apreq,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_apreq_get_authenticator_etype
                                                        (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         int32_t *etype);
int                 shishi_apreq_get_ticket             (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_asn1 *ticket);
int                 shishi_apreq_mutual_required_p      (Shishi *handle,
                                                         Shishi_asn1 apreq);
int                 shishi_apreq_options                (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t *flags);
int                 shishi_apreq_options_add            (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t option);
int                 shishi_apreq_options_remove         (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t option);
int                 shishi_apreq_options_set            (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t options);
int                 shishi_apreq_parse                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *apreq);
int                 shishi_apreq_print                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 apreq);
int                 shishi_apreq_read                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *apreq);
int                 shishi_apreq_save                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 apreq);
int                 shishi_apreq_set_authenticator      (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         int32_t etype,
                                                         uint32_t kvno,
                                                         const char *buf,
                                                         size_t buflen);
int                 shishi_apreq_set_ticket             (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_asn1 ticket);
int                 shishi_apreq_to_file                (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_apreq_use_session_key_p      (Shishi *handle,
                                                         Shishi_asn1 apreq);
int                 shishi_arcfour                      (Shishi *handle,
                                                         int decryptp,
                                                         const char *key,
                                                         size_t keylen,
                                                         const char iv[258],
                                                         char *ivout[258],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);
int                 shishi_as                           (Shishi *handle,
                                                         Shishi_as **as);
int                 shishi_as_check_cname               (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep);
int                 shishi_as_check_crealm              (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep);
int                 shishi_as_derive_salt               (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep,
                                                         char **salt,
                                                         size_t *saltlen);
void                shishi_as_done                      (Shishi_as *as);
Shishi_asn1         shishi_as_krberror                  (Shishi_as *as);
int                 shishi_as_krberror_der              (Shishi_as *as,
                                                         char **out,
                                                         size_t *outlen);
void                shishi_as_krberror_set              (Shishi_as *as,
                                                         Shishi_asn1 krberror);
int                 shishi_as_process                   (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep,
                                                         const char *string,
                                                         Shishi_asn1 *enckdcreppart);
Shishi_asn1         shishi_as_rep                       (Shishi_as *as);
int                 shishi_as_rep_build                 (Shishi_as *as,
                                                         Shishi_key *key);
int                 shishi_as_rep_der                   (Shishi_as *as,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_as_rep_der_set               (Shishi_as *as,
                                                         char *der,
                                                         size_t derlen);
int                 shishi_as_rep_process               (Shishi_as *as,
                                                         Shishi_key *key,
                                                         const char *password);
void                shishi_as_rep_set                   (Shishi_as *as,
                                                         Shishi_asn1 asrep);
Shishi_asn1         shishi_as_req                       (Shishi_as *as);
int                 shishi_as_req_build                 (Shishi_as *as);
int                 shishi_as_req_der                   (Shishi_as *as,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_as_req_der_set               (Shishi_as *as,
                                                         char *der,
                                                         size_t derlen);
void                shishi_as_req_set                   (Shishi_as *as,
                                                         Shishi_asn1 asreq);
int                 shishi_as_sendrecv                  (Shishi_as *as);
int                 shishi_as_sendrecv_hint             (Shishi_as *as,
                                                         Shishi_tkts_hint *hint);
Shishi_tkt *        shishi_as_tkt                       (Shishi_as *as);
void                shishi_as_tkt_set                   (Shishi_as *as,
                                                         Shishi_tkt *tkt);
Shishi_asn1         shishi_asn1_aprep                   (Shishi *handle);
Shishi_asn1         shishi_asn1_apreq                   (Shishi *handle);
Shishi_asn1         shishi_asn1_asrep                   (Shishi *handle);
Shishi_asn1         shishi_asn1_asreq                   (Shishi *handle);
Shishi_asn1         shishi_asn1_authenticator           (Shishi *handle);
void                shishi_asn1_done                    (Shishi *handle,
                                                         Shishi_asn1 node);
int                 shishi_asn1_empty_p                 (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field);
Shishi_asn1         shishi_asn1_encapreppart            (Shishi *handle);
Shishi_asn1         shishi_asn1_encasreppart            (Shishi *handle);
Shishi_asn1         shishi_asn1_enckdcreppart           (Shishi *handle);
Shishi_asn1         shishi_asn1_encprivpart             (Shishi *handle);
Shishi_asn1         shishi_asn1_encrypteddata           (Shishi *handle);
Shishi_asn1         shishi_asn1_encticketpart           (Shishi *handle);
Shishi_asn1         shishi_asn1_etype_info              (Shishi *handle);
Shishi_asn1         shishi_asn1_etype_info2             (Shishi *handle);
Shishi_asn1         shishi_asn1_krberror                (Shishi *handle);
Shishi_asn1         shishi_asn1_krbsafe                 (Shishi *handle);
Shishi_asn1         shishi_asn1_methoddata              (Shishi *handle);
Shishi_msgtype      shishi_asn1_msgtype                 (Shishi *handle,
                                                         Shishi_asn1 node);
int                 shishi_asn1_number_of_elements      (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         size_t *n);
Shishi_asn1         shishi_asn1_pa_enc_ts_enc           (Shishi *handle);
Shishi_asn1         shishi_asn1_padata                  (Shishi *handle);
void                shishi_asn1_print                   (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         FILE *fh);
Shishi_asn1         shishi_asn1_priv                    (Shishi *handle);
int                 shishi_asn1_read                    (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **data,
                                                         size_t *datalen);
int                 shishi_asn1_read_bitstring          (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t *flags);
int                 shishi_asn1_read_inline             (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char *data,
                                                         size_t *datalen);
int                 shishi_asn1_read_int32              (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int32_t *i);
int                 shishi_asn1_read_integer            (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int *i);
int                 shishi_asn1_read_optional           (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **data,
                                                         size_t *datalen);
int                 shishi_asn1_read_uint32             (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t *i);
Shishi_asn1         shishi_asn1_tgsrep                  (Shishi *handle);
Shishi_asn1         shishi_asn1_tgsreq                  (Shishi *handle);
Shishi_asn1         shishi_asn1_ticket                  (Shishi *handle);
int                 shishi_asn1_to_der                  (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         char **der,
                                                         size_t *len);
int                 shishi_asn1_to_der_field            (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **der,
                                                         size_t *len);
int                 shishi_asn1_write                   (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         const char *data,
                                                         size_t datalen);
int                 shishi_asn1_write_bitstring         (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t flags);
int                 shishi_asn1_write_int32             (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int32_t n);
int                 shishi_asn1_write_integer           (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int n);
int                 shishi_asn1_write_uint32            (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t n);
Shishi_asn1         shishi_asrep                        (Shishi *handle);
Shishi_asn1         shishi_asreq                        (Shishi *handle);
int                 shishi_asreq_clientrealm            (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         char **client,
                                                         size_t *clientlen);
Shishi_asn1         shishi_asreq_rsc                    (Shishi *handle,
                                                         char *realm,
                                                         char *server,
                                                         char *client);
Shishi_asn1         shishi_authenticator                (Shishi *handle);
int                 shishi_authenticator_add_authorizationdata
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t adtype,
                                                         const char *addata,
                                                         size_t addatalen);
int                 shishi_authenticator_add_cksum      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         char *data,
                                                         size_t datalen);
int                 shishi_authenticator_add_cksum_type (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int cksumtype,
                                                         char *data,
                                                         size_t datalen);
int                 shishi_authenticator_add_random_subkey
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_add_random_subkey_etype
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int etype);
int                 shishi_authenticator_add_subkey     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key *subkey);
int                 shishi_authenticator_authorizationdata
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t *adtype,
                                                         char **addata,
                                                         size_t *addatalen,
                                                         size_t nth);
int                 shishi_authenticator_cksum          (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t *cksumtype,
                                                         char **cksum,
                                                         size_t *cksumlen);
int                 shishi_authenticator_clear_authorizationdata
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_client         (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_authenticator_client_set     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         const char *client);
int                 shishi_authenticator_clientrealm    (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_authenticator_ctime          (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         char **t);
int                 shishi_authenticator_ctime_set      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         const char *t);
int                 shishi_authenticator_cusec_get      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t *cusec);
int                 shishi_authenticator_cusec_set      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t cusec);
int                 shishi_authenticator_from_file      (Shishi *handle,
                                                         Shishi_asn1 *authenticator,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_authenticator_get_subkey     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key **subkey);
int                 shishi_authenticator_parse          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *authenticator);
int                 shishi_authenticator_print          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_read           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *authenticator);
int                 shishi_authenticator_remove_cksum   (Shishi *handle,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_remove_subkey  (Shishi *handle,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_save           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_seqnumber_get  (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t *seqnumber);
int                 shishi_authenticator_seqnumber_remove
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator);
int                 shishi_authenticator_seqnumber_set  (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t seqnumber);
int                 shishi_authenticator_set_cksum      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int cksumtype,
                                                         char *cksum,
                                                         size_t cksumlen);
int                 shishi_authenticator_set_cname      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_name_type name_type,
                                                         const char *cname[]);
int                 shishi_authenticator_set_crealm     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         const char *crealm);
int                 shishi_authenticator_set_subkey     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t subkeytype,
                                                         const char *subkey,
                                                         size_t subkeylen);
Shishi_asn1         shishi_authenticator_subkey         (Shishi *handle);
int                 shishi_authenticator_to_file        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_authorization_parse          (const char *authorization);
int                 shishi_authorize_k5login            (Shishi *handle,
                                                         const char *principal,
                                                         const char *authzname);
int                 shishi_authorize_strcmp             (Shishi *handle,
                                                         const char *principal,
                                                         const char *authzname);
int                 shishi_authorized_p                 (Shishi *handle,
                                                         Shishi_tkt *tkt,
                                                         const char *authzname);
int                 shishi_cfg                          (Shishi *handle,
                                                         const char *option);
int                 shishi_cfg_authorizationtype_set    (Shishi *handle,
                                                         char *value);
int                 shishi_cfg_clientkdcetype           (Shishi *handle,
                                                         int32_t **etypes);
int32_t             shishi_cfg_clientkdcetype_fast      (Shishi *handle);
int                 shishi_cfg_clientkdcetype_set       (Shishi *handle,
                                                         char *value);
const char *        shishi_cfg_default_systemfile       (Shishi *handle);
const char *        shishi_cfg_default_userdirectory    (Shishi *handle);
const char *        shishi_cfg_default_userfile         (Shishi *handle);
int                 shishi_cfg_from_file                (Shishi *handle,
                                                         const char *cfg);
int                 shishi_cfg_print                    (Shishi *handle,
                                                         FILE *fh);
char *              shishi_cfg_userdirectory_file       (Shishi *handle,
                                                         const char *file);
const char *        shishi_check_version                (const char *req_version);
int                 shishi_checksum                     (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t cksumtype,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
size_t              shishi_checksum_cksumlen            (int32_t type);
const char *        shishi_checksum_name                (int32_t type);
int                 shishi_checksum_parse               (const char *checksum);
int                 shishi_checksum_supported_p         (int32_t type);
int                 shishi_cipher_blocksize             (int type);
int                 shishi_cipher_confoundersize        (int type);
int                 shishi_cipher_defaultcksumtype      (int32_t type);
size_t              shishi_cipher_keylen                (int type);
const char *        shishi_cipher_name                  (int type);
int                 shishi_cipher_parse                 (const char *cipher);
size_t              shishi_cipher_randomlen             (int type);
int                 shishi_cipher_supported_p           (int type);
int                 shishi_crc                          (Shishi *handle,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out[4]);
Shishi_crypto *     shishi_crypto                       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen);
void                shishi_crypto_close                 (Shishi_crypto *ctx);
int                 shishi_crypto_decrypt               (Shishi_crypto *ctx,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_crypto_encrypt               (Shishi_crypto *ctx,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_ctime                        (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         time_t *t);
int                 shishi_decrypt                      (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_decrypt_etype                (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_decrypt_iv                   (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_decrypt_iv_etype             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_decrypt_ivupdate             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_decrypt_ivupdate_etype       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
Shishi_asn1         shishi_der2asn1                     (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_aprep               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_apreq               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_asrep               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_asreq               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_authenticator       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_encapreppart        (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_encasreppart        (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_enckdcreppart       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_encprivpart         (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_enctgsreppart       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_encticketpart       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_etype_info          (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_etype_info2         (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_kdcrep              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_kdcreq              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_krberror            (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_krbsafe             (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_methoddata          (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_padata              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_priv                (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_tgsrep              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_tgsreq              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_asn1         shishi_der2asn1_ticket              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
Shishi_msgtype      shishi_der_msgtype                  (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);
int                 shishi_derive_default_salt          (Shishi *handle,
                                                         const char *name,
                                                         char **salt);
int                 shishi_des                          (Shishi *handle,
                                                         int decryptp,
                                                         const char key[8],
                                                         const char iv[8],
                                                         char *ivout[8],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);
int                 shishi_des_cbc_mac                  (Shishi *handle,
                                                         const char key[8],
                                                         const char iv[8],
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out[8]);
int                 shishi_dk                           (Shishi *handle,
                                                         Shishi_key *key,
                                                         const char *prfconstant,
                                                         size_t prfconstantlen,
                                                         Shishi_key *derivedkey);
void                shishi_done                         (Shishi *handle);
int                 shishi_dr                           (Shishi *handle,
                                                         Shishi_key *key,
                                                         const char *prfconstant,
                                                         size_t prfconstantlen,
                                                         char *derivedrandom,
                                                         size_t derivedrandomlen);
Shishi_asn1         shishi_encapreppart                 (Shishi *handle);
int                 shishi_encapreppart_ctime           (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         char **t);
int                 shishi_encapreppart_ctime_set       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         const char *t);
int                 shishi_encapreppart_cusec_get       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t *cusec);
int                 shishi_encapreppart_cusec_set       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t cusec);
int                 shishi_encapreppart_from_file       (Shishi *handle,
                                                         Shishi_asn1 *encapreppart,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_encapreppart_get_key         (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         Shishi_key **key);
int                 shishi_encapreppart_parse           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *encapreppart);
int                 shishi_encapreppart_print           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 encapreppart);
int                 shishi_encapreppart_read            (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *encapreppart);
int                 shishi_encapreppart_save            (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 encapreppart);
int                 shishi_encapreppart_seqnumber_get   (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t *seqnumber);
int                 shishi_encapreppart_seqnumber_remove
                                                        (Shishi *handle,
                                                         Shishi_asn1 encapreppart);
int                 shishi_encapreppart_seqnumber_set   (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t seqnumber);
int                 shishi_encapreppart_time_copy       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         Shishi_asn1 authenticator);
int                 shishi_encapreppart_to_file         (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         int filetype,
                                                         const char *filename);
Shishi_asn1         shishi_encasreppart                 (Shishi *handle);
Shishi_asn1         shishi_enckdcreppart                (Shishi *handle);
int                 shishi_enckdcreppart_authtime_set   (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *authtime);
int                 shishi_enckdcreppart_endtime_set    (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *endtime);
int                 shishi_enckdcreppart_flags_set      (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         int flags);
int                 shishi_enckdcreppart_get_key        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_key **key);
int                 shishi_enckdcreppart_key_set        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_key *key);
int                 shishi_enckdcreppart_nonce_set      (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         uint32_t nonce);
int                 shishi_enckdcreppart_parse          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *enckdcreppart);
int                 shishi_enckdcreppart_populate_encticketpart
                                                        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_asn1 encticketpart);
int                 shishi_enckdcreppart_print          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 enckdcreppart);
int                 shishi_enckdcreppart_read           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *enckdcreppart);
int                 shishi_enckdcreppart_renew_till_set (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *renew_till);
int                 shishi_enckdcreppart_save           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 enckdcreppart);
int                 shishi_enckdcreppart_server_set     (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *server);
int                 shishi_enckdcreppart_sname_set      (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_name_type name_type,
                                                         char *sname[]);
int                 shishi_enckdcreppart_srealm_set     (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *srealm);
int                 shishi_enckdcreppart_srealmserver_set
                                                        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *srealm,
                                                         const char *server);
int                 shishi_enckdcreppart_starttime_set  (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *starttime);
int                 shishi_encprivpart_set_user_data    (Shishi *handle,
                                                         Shishi_asn1 encprivpart,
                                                         const char *userdata,
                                                         size_t userdatalen);
int                 shishi_encprivpart_user_data        (Shishi *handle,
                                                         Shishi_asn1 encprivpart,
                                                         char **userdata,
                                                         size_t *userdatalen);
int                 shishi_encrypt                      (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_encrypt_etype                (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_encrypt_iv                   (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_encrypt_iv_etype             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_encrypt_ivupdate             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_encrypt_ivupdate_etype       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);
Shishi_asn1         shishi_encticketpart                (Shishi *handle);
time_t              shishi_encticketpart_authctime      (Shishi *handle,
                                                         Shishi_asn1 encticketpart);
int                 shishi_encticketpart_authtime       (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char *authtime,
                                                         size_t *authtimelen);
int                 shishi_encticketpart_authtime_set   (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         const char *authtime);
int                 shishi_encticketpart_client         (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_encticketpart_clientrealm    (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_encticketpart_cname_set      (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_name_type name_type,
                                                         const char *principal);
int                 shishi_encticketpart_crealm         (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char **crealm,
                                                         size_t *crealmlen);
int                 shishi_encticketpart_crealm_set     (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         const char *realm);
int                 shishi_encticketpart_endtime_set    (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         const char *endtime);
int                 shishi_encticketpart_flags_set      (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         int flags);
int                 shishi_encticketpart_get_key        (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_key **key);
int                 shishi_encticketpart_key_set        (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_key *key);
int                 shishi_encticketpart_print          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 encticketpart);
int                 shishi_encticketpart_transited_set  (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         int32_t trtype,
                                                         const char *trdata,
                                                         size_t trdatalen);
const char *        shishi_error                        (Shishi *handle);
void                shishi_error_clear                  (Shishi *handle);
int                 shishi_error_outputtype             (Shishi *handle);
void                shishi_error_printf                 (Shishi *handle,
                                                         const char *format,
                                                         ...);
void                shishi_error_set                    (Shishi *handle,
                                                         const char *errstr);
void                shishi_error_set_outputtype         (Shishi *handle,
                                                         int type);
int                 shishi_etype_info2_print            (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 etypeinfo2);
int                 shishi_etype_info_print             (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 etypeinfo);
time_t              shishi_generalize_ctime             (Shishi *handle,
                                                         const char *t);
const char *        shishi_generalize_now               (Shishi *handle);
const char *        shishi_generalize_time              (Shishi *handle,
                                                         time_t t);
time_t              shishi_get_date                     (const char *p,
                                                         const time_t *now);
int                 shishi_hmac_md5                     (Shishi *handle,
                                                         const char *key,
                                                         size_t keylen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *outhash[16]);
int                 shishi_hmac_sha1                    (Shishi *handle,
                                                         const char *key,
                                                         size_t keylen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *outhash[20]);
const char *        shishi_hostkeys_default_file        (Shishi *handle);
void                shishi_hostkeys_default_file_set    (Shishi *handle,
                                                         const char *hostkeysfile);
Shishi_key *        shishi_hostkeys_for_localservice    (Shishi *handle,
                                                         const char *service);
Shishi_key *        shishi_hostkeys_for_localservicerealm
                                                        (Shishi *handle,
                                                         const char *service,
                                                         const char *realm);
Shishi_key *        shishi_hostkeys_for_server          (Shishi *handle,
                                                         const char *server);
Shishi_key *        shishi_hostkeys_for_serverrealm     (Shishi *handle,
                                                         const char *server,
                                                         const char *realm);
void                shishi_info                         (Shishi *handle,
                                                         const char *format,
                                                         ...);
int                 shishi_init                         (Shishi **handle);
int                 shishi_init_server                  (Shishi **handle);
int                 shishi_init_server_with_paths       (Shishi **handle,
                                                         const char *systemcfgfile);
int                 shishi_init_with_paths              (Shishi **handle,
                                                         const char *tktsfile,
                                                         const char *systemcfgfile,
                                                         const char *usercfgfile);
int                 shishi_kdc_check_nonce              (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 enckdcreppart);
int                 shishi_kdc_copy_cname               (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_asn1 encticketpart);
int                 shishi_kdc_copy_crealm              (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_asn1 encticketpart);
int                 shishi_kdc_copy_nonce               (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 enckdcreppart);
int                 shishi_kdc_print                    (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep,
                                                         Shishi_asn1 encasreppart);
int                 shishi_kdc_process                  (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 *enckdcreppart);
int                 shishi_kdc_sendrecv                 (Shishi *handle,
                                                         const char *realm,
                                                         const char *indata,
                                                         size_t inlen,
                                                         char **outdata,
                                                         size_t *outlen);
int                 shishi_kdc_sendrecv_hint            (Shishi *handle,
                                                         const char *realm,
                                                         const char *indata,
                                                         size_t inlen,
                                                         char **outdata,
                                                         size_t *outlen,
                                                         Shishi_tkts_hint *hint);
int                 shishi_kdcrep_add_enc_part          (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 enckdcreppart);
int                 shishi_kdcrep_clear_padata          (Shishi *handle,
                                                         Shishi_asn1 kdcrep);
int                 shishi_kdcrep_client_set            (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         const char *client);
int                 shishi_kdcrep_cname_set             (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_name_type name_type,
                                                         const char *cname[]);
int                 shishi_kdcrep_crealm_set            (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         const char *crealm);
int                 shishi_kdcrep_crealmserver_set      (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         const char *crealm,
                                                         const char *client);
int                 shishi_kdcrep_decrypt               (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 *enckdcreppart);
int                 shishi_kdcrep_from_file             (Shishi *handle,
                                                         Shishi_asn1 *kdcrep,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_kdcrep_get_enc_part_etype    (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         int32_t *etype);
int                 shishi_kdcrep_get_ticket            (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_asn1 *ticket);
int                 shishi_kdcrep_parse                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *kdcrep);
int                 shishi_kdcrep_print                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 kdcrep);
int                 shishi_kdcrep_read                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *kdcrep);
int                 shishi_kdcrep_save                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 kdcrep);
int                 shishi_kdcrep_set_enc_part          (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         int32_t etype,
                                                         uint32_t kvno,
                                                         const char *buf,
                                                         size_t buflen);
int                 shishi_kdcrep_set_ticket            (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         Shishi_asn1 ticket);
int                 shishi_kdcrep_to_file               (Shishi *handle,
                                                         Shishi_asn1 kdcrep,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_kdcreq                       (Shishi *handle,
                                                         char *realm,
                                                         char *service,
                                                         Shishi_asn1 *req);
int                 shishi_kdcreq_add_padata            (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         int padatatype,
                                                         const char *data,
                                                         size_t datalen);
int                 shishi_kdcreq_add_padata_preauth    (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_key *key);
int                 shishi_kdcreq_add_padata_tgs        (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 apreq);
int                 shishi_kdcreq_allow_postdate_p      (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_build                 (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_clear_padata          (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_client                (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_kdcreq_disable_transited_check_p
                                                        (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_enc_tkt_in_skey_p     (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_etype                 (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         int32_t *etype,
                                                         int netype);
int                 shishi_kdcreq_forwardable_p         (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_forwarded_p           (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_from_file             (Shishi *handle,
                                                         Shishi_asn1 *kdcreq,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_kdcreq_get_padata            (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_padata_type padatatype,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_kdcreq_get_padata_tgs        (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 *apreq);
int                 shishi_kdcreq_nonce                 (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         uint32_t *nonce);
int                 shishi_kdcreq_nonce_set             (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         uint32_t nonce);
int                 shishi_kdcreq_options               (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         uint32_t *flags);
int                 shishi_kdcreq_options_add           (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         uint32_t option);
int                 shishi_kdcreq_options_set           (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         uint32_t options);
int                 shishi_kdcreq_parse                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *kdcreq);
int                 shishi_kdcreq_postdated_p           (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_print                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_proxiable_p           (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_proxy_p               (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_read                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *kdcreq);
int                 shishi_kdcreq_realm                 (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         char **realm,
                                                         size_t *realmlen);
int                 shishi_kdcreq_realm_get             (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         char **realm,
                                                         size_t *realmlen);
int                 shishi_kdcreq_renew_p               (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_renewable_ok_p        (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_renewable_p           (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_save                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_sendrecv              (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 *kdcrep);
int                 shishi_kdcreq_sendrecv_hint         (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_asn1 *kdcrep,
                                                         Shishi_tkts_hint *hint);
int                 shishi_kdcreq_server                (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         char **server,
                                                         size_t *serverlen);
int                 shishi_kdcreq_set_cname             (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_name_type name_type,
                                                         const char *principal);
int                 shishi_kdcreq_set_etype             (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         int32_t *etype,
                                                         int netype);
int                 shishi_kdcreq_set_realm             (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         const char *realm);
int                 shishi_kdcreq_set_realmserver       (Shishi *handle,
                                                         Shishi_asn1 req,
                                                         char *realm,
                                                         char *service);
int                 shishi_kdcreq_set_server            (Shishi *handle,
                                                         Shishi_asn1 req,
                                                         const char *service);
int                 shishi_kdcreq_set_sname             (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         Shishi_name_type name_type,
                                                         const char *sname[]);
int                 shishi_kdcreq_till                  (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         char **till,
                                                         size_t *tilllen);
time_t              shishi_kdcreq_tillc                 (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_kdcreq_to_file               (Shishi *handle,
                                                         Shishi_asn1 kdcreq,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_kdcreq_validate_p            (Shishi *handle,
                                                         Shishi_asn1 kdcreq);
int                 shishi_key                          (Shishi *handle,
                                                         Shishi_key **key);
void                shishi_key_copy                     (Shishi_key *dstkey,
                                                         Shishi_key *srckey);
void                shishi_key_done                     (Shishi_key *key);
int                 shishi_key_from_base64              (Shishi *handle,
                                                         int32_t type,
                                                         const char *value,
                                                         Shishi_key **key);
int                 shishi_key_from_name                (Shishi *handle,
                                                         int32_t type,
                                                         const char *name,
                                                         const char *password,
                                                         size_t passwordlen,
                                                         const char *parameter,
                                                         Shishi_key **outkey);
int                 shishi_key_from_random              (Shishi *handle,
                                                         int32_t type,
                                                         const char *rnd,
                                                         size_t rndlen,
                                                         Shishi_key **outkey);
int                 shishi_key_from_string              (Shishi *handle,
                                                         int32_t type,
                                                         const char *password,
                                                         size_t passwordlen,
                                                         const char *salt,
                                                         size_t saltlen,
                                                         const char *parameter,
                                                         Shishi_key **outkey);
int                 shishi_key_from_value               (Shishi *handle,
                                                         int32_t type,
                                                         const char *value,
                                                         Shishi_key **key);
size_t              shishi_key_length                   (const Shishi_key *key);
const char *        shishi_key_name                     (Shishi_key *key);
int                 shishi_key_parse                    (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_key **key);
const char *        shishi_key_principal                (const Shishi_key *key);
void                shishi_key_principal_set            (Shishi_key *key,
                                                         const char *principal);
int                 shishi_key_print                    (Shishi *handle,
                                                         FILE *fh,
                                                         const Shishi_key *key);
int                 shishi_key_random                   (Shishi *handle,
                                                         int32_t type,
                                                         Shishi_key **key);
const char *        shishi_key_realm                    (const Shishi_key *key);
void                shishi_key_realm_set                (Shishi_key *key,
                                                         const char *realm);
time_t              shishi_key_timestamp                (const Shishi_key *key);
void                shishi_key_timestamp_set            (Shishi_key *key,
                                                         time_t timestamp);
int                 shishi_key_to_file                  (Shishi *handle,
                                                         const char *filename,
                                                         Shishi_key *key);
int                 shishi_key_type                     (const Shishi_key *key);
void                shishi_key_type_set                 (Shishi_key *key,
                                                         int32_t type);
const char *        shishi_key_value                    (const Shishi_key *key);
void                shishi_key_value_set                (Shishi_key *key,
                                                         const char *value);
uint32_t            shishi_key_version                  (const Shishi_key *key);
void                shishi_key_version_set              (Shishi_key *key,
                                                         uint32_t kvno);
int                 shishi_keys                         (Shishi *handle,
                                                         Shishi_keys **keys);
int                 shishi_keys_add                     (Shishi_keys *keys,
                                                         Shishi_key *key);
int                 shishi_keys_add_keytab_file         (Shishi *handle,
                                                         const char *filename,
                                                         Shishi_keys *keys);
int                 shishi_keys_add_keytab_mem          (Shishi *handle,
                                                         const char *data,
                                                         size_t len,
                                                         Shishi_keys *keys);
void                shishi_keys_done                    (Shishi_keys **keys);
Shishi_key *        shishi_keys_for_localservicerealm_in_file
                                                        (Shishi *handle,
                                                         const char *filename,
                                                         const char *service,
                                                         const char *realm);
Shishi_key *        shishi_keys_for_server_in_file      (Shishi *handle,
                                                         const char *filename,
                                                         const char *server);
Shishi_key *        shishi_keys_for_serverrealm_in_file (Shishi *handle,
                                                         const char *filename,
                                                         const char *server,
                                                         const char *realm);
int                 shishi_keys_from_file               (Shishi_keys *keys,
                                                         const char *filename);
int                 shishi_keys_from_keytab_file        (Shishi *handle,
                                                         const char *filename,
                                                         Shishi_keys **outkeys);
int                 shishi_keys_from_keytab_mem         (Shishi *handle,
                                                         const char *data,
                                                         size_t len,
                                                         Shishi_keys **outkeys);
const Shishi_key *  shishi_keys_nth                     (Shishi_keys *keys,
                                                         int keyno);
int                 shishi_keys_print                   (Shishi_keys *keys,
                                                         FILE *fh);
void                shishi_keys_remove                  (Shishi_keys *keys,
                                                         int keyno);
int                 shishi_keys_size                    (Shishi_keys *keys);
int                 shishi_keys_to_file                 (Shishi *handle,
                                                         const char *filename,
                                                         Shishi_keys *keys);
int                 shishi_keys_to_keytab_file          (Shishi *handle,
                                                         Shishi_keys *keys,
                                                         const char *filename);
int                 shishi_keys_to_keytab_mem           (Shishi *handle,
                                                         Shishi_keys *keys,
                                                         char **out,
                                                         size_t *len);
Shishi_asn1         shishi_krberror                     (Shishi *handle);
int                 shishi_krberror_build               (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_client              (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_krberror_client_set          (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *client);
int                 shishi_krberror_crealm              (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **realm,
                                                         size_t *realmlen);
int                 shishi_krberror_ctime               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **t);
int                 shishi_krberror_ctime_set           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *t);
int                 shishi_krberror_cusec               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         uint32_t *cusec);
int                 shishi_krberror_cusec_set           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         uint32_t cusec);
int                 shishi_krberror_der                 (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_krberror_edata               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **edata,
                                                         size_t *edatalen);
int                 shishi_krberror_errorcode           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         int *errorcode);
int                 shishi_krberror_errorcode_fast      (Shishi *handle,
                                                         Shishi_asn1 krberror);
const char *        shishi_krberror_errorcode_message   (Shishi *handle,
                                                         int errorcode);
int                 shishi_krberror_errorcode_set       (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         int errorcode);
int                 shishi_krberror_etext               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **etext,
                                                         size_t *etextlen);
int                 shishi_krberror_from_file           (Shishi *handle,
                                                         Shishi_asn1 *krberror,
                                                         int filetype,
                                                         const char *filename);
const char *        shishi_krberror_message             (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_methoddata          (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         Shishi_asn1 *methoddata);
int                 shishi_krberror_parse               (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *krberror);
int                 shishi_krberror_pretty_print        (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_print               (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_read                (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *krberror);
int                 shishi_krberror_realm               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **realm,
                                                         size_t *realmlen);
int                 shishi_krberror_remove_cname        (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_remove_crealm       (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_remove_ctime        (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_remove_cusec        (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_remove_edata        (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_remove_etext        (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_remove_sname        (Shishi *handle,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_save                (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 krberror);
int                 shishi_krberror_server              (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **server,
                                                         size_t *serverlen);
int                 shishi_krberror_server_set          (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *server);
int                 shishi_krberror_set_cname           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         Shishi_name_type name_type,
                                                         const char *cname[]);
int                 shishi_krberror_set_crealm          (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *crealm);
int                 shishi_krberror_set_edata           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *edata);
int                 shishi_krberror_set_etext           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *etext);
int                 shishi_krberror_set_realm           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *realm);
int                 shishi_krberror_set_sname           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         Shishi_name_type name_type,
                                                         const char *sname[]);
int                 shishi_krberror_stime               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         char **t);
int                 shishi_krberror_stime_set           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         const char *t);
int                 shishi_krberror_susec               (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         uint32_t *susec);
int                 shishi_krberror_susec_set           (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         uint32_t susec);
int                 shishi_krberror_to_file             (Shishi *handle,
                                                         Shishi_asn1 krberror,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_md4                          (Shishi *handle,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out[16]);
int                 shishi_md5                          (Shishi *handle,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out[16]);
int                 shishi_methoddata_print             (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 methoddata);
int                 shishi_n_fold                       (Shishi *handle,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out,
                                                         size_t outlen);
int                 shishi_padata_print                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 padata);
int                 shishi_parse_name                   (Shishi *handle,
                                                         const char *name,
                                                         char **principal,
                                                         char **realm);
int                 shishi_pbkdf2_sha1                  (Shishi *handle,
                                                         const char *P,
                                                         size_t Plen,
                                                         const char *S,
                                                         size_t Slen,
                                                         unsigned int c,
                                                         unsigned int dkLen,
                                                         char *DK);
const char *        shishi_principal_default            (Shishi *handle);
char *              shishi_principal_default_guess      (void);
void                shishi_principal_default_set        (Shishi *handle,
                                                         const char *principal);
int                 shishi_principal_name               (Shishi *handle,
                                                         Shishi_asn1 namenode,
                                                         const char *namefield,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_principal_name_realm         (Shishi *handle,
                                                         Shishi_asn1 namenode,
                                                         const char *namefield,
                                                         Shishi_asn1 realmnode,
                                                         const char *realmfield,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_principal_name_set           (Shishi *handle,
                                                         Shishi_asn1 namenode,
                                                         const char *namefield,
                                                         Shishi_name_type name_type,
                                                         const char *name[]);
int                 shishi_principal_set                (Shishi *handle,
                                                         Shishi_asn1 namenode,
                                                         const char *namefield,
                                                         const char *name);
int                 shishi_priv                         (Shishi *handle,
                                                         Shishi_priv **priv);
int                 shishi_priv_build                   (Shishi_priv *priv,
                                                         Shishi_key *key);
void                shishi_priv_done                    (Shishi_priv *priv);
int                 shishi_priv_enc_part_etype          (Shishi *handle,
                                                         Shishi_asn1 priv,
                                                         int32_t *etype);
Shishi_asn1         shishi_priv_encprivpart             (Shishi_priv *priv);
int                 shishi_priv_encprivpart_der         (Shishi_priv *priv,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_priv_encprivpart_der_set     (Shishi_priv *priv,
                                                         char *der,
                                                         size_t derlen);
void                shishi_priv_encprivpart_set         (Shishi_priv *priv,
                                                         Shishi_asn1 asn1encprivpart);
int                 shishi_priv_from_file               (Shishi *handle,
                                                         Shishi_asn1 *priv,
                                                         int filetype,
                                                         const char *filename);
Shishi_key *        shishi_priv_key                     (Shishi_priv *priv);
void                shishi_priv_key_set                 (Shishi_priv *priv,
                                                         Shishi_key *key);
int                 shishi_priv_parse                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *priv);
int                 shishi_priv_print                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 priv);
Shishi_asn1         shishi_priv_priv                    (Shishi_priv *priv);
int                 shishi_priv_priv_der                (Shishi_priv *priv,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_priv_priv_der_set            (Shishi_priv *priv,
                                                         char *der,
                                                         size_t derlen);
void                shishi_priv_priv_set                (Shishi_priv *priv,
                                                         Shishi_asn1 asn1priv);
int                 shishi_priv_process                 (Shishi_priv *priv,
                                                         Shishi_key *key);
int                 shishi_priv_read                    (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *priv);
int                 shishi_priv_save                    (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 priv);
int                 shishi_priv_set_enc_part            (Shishi *handle,
                                                         Shishi_asn1 priv,
                                                         int32_t etype,
                                                         const char *encpart,
                                                         size_t encpartlen);
int                 shishi_priv_to_file                 (Shishi *handle,
                                                         Shishi_asn1 priv,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_prompt_password              (Shishi *handle,
                                                         char **s,
                                                         const char *format,
                                                         ...);
shishi_prompt_password_func shishi_prompt_password_callback_get
                                                        (Shishi *handle);
void                shishi_prompt_password_callback_set (Shishi *handle,
                                                         shishi_prompt_password_func cb);
int                 (*shishi_prompt_password_func)      (Shishi *handle,
                                                         char **s,
                                                         const char *format,
                                                         va_list ap);
int                 shishi_random_to_key                (Shishi *handle,
                                                         int32_t keytype,
                                                         const char *rnd,
                                                         size_t rndlen,
                                                         Shishi_key *outkey);
int                 shishi_randomize                    (Shishi *handle,
                                                         int strong,
                                                         void *data,
                                                         size_t datalen);
const char *        shishi_realm_default                (Shishi *handle);
char *              shishi_realm_default_guess          (void);
void                shishi_realm_default_set            (Shishi *handle,
                                                         const char *realm);
char *              shishi_realm_for_server             (Shishi *handle,
                                                         char *server);
char *              shishi_realm_for_server_dns         (Shishi *handle,
                                                         char *server);
char *              shishi_realm_for_server_file        (Shishi *handle,
                                                         char *server);
Shishi_dns          shishi_resolv                       (const char *zone,
                                                         uint16_t querytype);
void                shishi_resolv_free                  (Shishi_dns rrs);
int                 shishi_safe                         (Shishi *handle,
                                                         Shishi_safe **safe);
int                 shishi_safe_build                   (Shishi_safe *safe,
                                                         Shishi_key *key);
int                 shishi_safe_cksum                   (Shishi *handle,
                                                         Shishi_asn1 safe,
                                                         int32_t *cksumtype,
                                                         char **cksum,
                                                         size_t *cksumlen);
void                shishi_safe_done                    (Shishi_safe *safe);
int                 shishi_safe_from_file               (Shishi *handle,
                                                         Shishi_asn1 *safe,
                                                         int filetype,
                                                         const char *filename);
Shishi_key *        shishi_safe_key                     (Shishi_safe *safe);
void                shishi_safe_key_set                 (Shishi_safe *safe,
                                                         Shishi_key *key);
int                 shishi_safe_parse                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *safe);
int                 shishi_safe_print                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 safe);
int                 shishi_safe_read                    (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *safe);
Shishi_asn1         shishi_safe_safe                    (Shishi_safe *safe);
int                 shishi_safe_safe_der                (Shishi_safe *safe,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_safe_safe_der_set            (Shishi_safe *safe,
                                                         char *der,
                                                         size_t derlen);
void                shishi_safe_safe_set                (Shishi_safe *safe,
                                                         Shishi_asn1 asn1safe);
int                 shishi_safe_save                    (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 safe);
int                 shishi_safe_set_cksum               (Shishi *handle,
                                                         Shishi_asn1 safe,
                                                         int32_t cksumtype,
                                                         const char *cksum,
                                                         size_t cksumlen);
int                 shishi_safe_set_user_data           (Shishi *handle,
                                                         Shishi_asn1 safe,
                                                         const char *userdata,
                                                         size_t userdatalen);
int                 shishi_safe_to_file                 (Shishi *handle,
                                                         Shishi_asn1 safe,
                                                         int filetype,
                                                         const char *filename);
int                 shishi_safe_user_data               (Shishi *handle,
                                                         Shishi_asn1 safe,
                                                         char **userdata,
                                                         size_t *userdatalen);
int                 shishi_safe_verify                  (Shishi_safe *safe,
                                                         Shishi_key *key);
Shishi *            shishi_server                       (void);
char *              shishi_server_for_local_service     (Shishi *handle,
                                                         const char *service);
const char *        shishi_strerror                     (int err);
int                 shishi_string_to_key                (Shishi *handle,
                                                         int32_t keytype,
                                                         const char *password,
                                                         size_t passwordlen,
                                                         const char *salt,
                                                         size_t saltlen,
                                                         const char *parameter,
                                                         Shishi_key *outkey);
int                 shishi_tgs                          (Shishi *handle,
                                                         Shishi_tgs **tgs);
Shishi_ap *         shishi_tgs_ap                       (Shishi_tgs *tgs);
void                shishi_tgs_done                     (Shishi_tgs *tgs);
Shishi_asn1         shishi_tgs_krberror                 (Shishi_tgs *tgs);
int                 shishi_tgs_krberror_der             (Shishi_tgs *tgs,
                                                         char **out,
                                                         size_t *outlen);
void                shishi_tgs_krberror_set             (Shishi_tgs *tgs,
                                                         Shishi_asn1 krberror);
int                 shishi_tgs_process                  (Shishi *handle,
                                                         Shishi_asn1 tgsreq,
                                                         Shishi_asn1 tgsrep,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_asn1 oldenckdcreppart,
                                                         Shishi_asn1 *enckdcreppart);
Shishi_asn1         shishi_tgs_rep                      (Shishi_tgs *tgs);
int                 shishi_tgs_rep_build                (Shishi_tgs *tgs,
                                                         int keyusage,
                                                         Shishi_key *key);
int                 shishi_tgs_rep_der                  (Shishi_tgs *tgs,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_tgs_rep_process              (Shishi_tgs *tgs);
Shishi_asn1         shishi_tgs_req                      (Shishi_tgs *tgs);
int                 shishi_tgs_req_build                (Shishi_tgs *tgs);
int                 shishi_tgs_req_der                  (Shishi_tgs *tgs,
                                                         char **out,
                                                         size_t *outlen);
int                 shishi_tgs_req_der_set              (Shishi_tgs *tgs,
                                                         char *der,
                                                         size_t derlen);
int                 shishi_tgs_req_process              (Shishi_tgs *tgs);
void                shishi_tgs_req_set                  (Shishi_tgs *tgs,
                                                         Shishi_asn1 tgsreq);
int                 shishi_tgs_sendrecv                 (Shishi_tgs *tgs);
int                 shishi_tgs_sendrecv_hint            (Shishi_tgs *tgs,
                                                         Shishi_tkts_hint *hint);
int                 shishi_tgs_set_realm                (Shishi_tgs *tgs,
                                                         const char *realm);
int                 shishi_tgs_set_realmserver          (Shishi_tgs *tgs,
                                                         const char *realm,
                                                         const char *server);
int                 shishi_tgs_set_server               (Shishi_tgs *tgs,
                                                         const char *server);
Shishi_tkt *        shishi_tgs_tgtkt                    (Shishi_tgs *tgs);
void                shishi_tgs_tgtkt_set                (Shishi_tgs *tgs,
                                                         Shishi_tkt *tgtkt);
Shishi_tkt *        shishi_tgs_tkt                      (Shishi_tgs *tgs);
void                shishi_tgs_tkt_set                  (Shishi_tgs *tgs,
                                                         Shishi_tkt *tkt);
Shishi_asn1         shishi_tgsrep                       (Shishi *handle);
Shishi_asn1         shishi_tgsreq                       (Shishi *handle);
Shishi_asn1         shishi_tgsreq_rst                   (Shishi *handle,
                                                         char *realm,
                                                         char *server,
                                                         Shishi_tkt *tkt);
Shishi_asn1         shishi_ticket                       (Shishi *handle);
int                 shishi_ticket_add_enc_part          (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         Shishi_key *key,
                                                         Shishi_asn1 encticketpart);
int                 shishi_ticket_decrypt               (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         Shishi_key *key,
                                                         Shishi_asn1 *encticketpart);
int                 shishi_ticket_get_enc_part_etype    (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         int32_t *etype);
int                 shishi_ticket_parse                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *ticket);
int                 shishi_ticket_print                 (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 ticket);
int                 shishi_ticket_read                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *ticket);
int                 shishi_ticket_realm_get             (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         char **realm,
                                                         size_t *realmlen);
int                 shishi_ticket_realm_set             (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         const char *realm);
int                 shishi_ticket_save                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 ticket);
int                 shishi_ticket_server                (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         char **server,
                                                         size_t *serverlen);
int                 shishi_ticket_set_enc_part          (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         int32_t etype,
                                                         uint32_t kvno,
                                                         const char *buf,
                                                         size_t buflen);
int                 shishi_ticket_set_server            (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         const char *server);
int                 shishi_ticket_sname_set             (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         Shishi_name_type name_type,
                                                         char *sname[]);
int                 shishi_ticket_srealmserver_set      (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         const char *realm,
                                                         const char *server);
int                 shishi_time                         (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **t);
int                 shishi_tkt                          (Shishi *handle,
                                                         Shishi_tkt **tkt);
Shishi_tkt *        shishi_tkt2                         (Shishi *handle,
                                                         Shishi_asn1 ticket,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_asn1 kdcrep);
time_t              shishi_tkt_authctime                (Shishi_tkt *tkt);
int                 shishi_tkt_authtime                 (Shishi_tkt *tkt,
                                                         char **authtime,
                                                         size_t *authtimelen);
int                 shishi_tkt_build                    (Shishi_tkt *tkt,
                                                         Shishi_key *key);
int                 shishi_tkt_client                   (Shishi_tkt *tkt,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_tkt_client_p                 (Shishi_tkt *tkt,
                                                         const char *client);
int                 shishi_tkt_clientrealm              (Shishi_tkt *tkt,
                                                         char **client,
                                                         size_t *clientlen);
int                 shishi_tkt_clientrealm_p            (Shishi_tkt *tkt,
                                                         const char *client);
int                 shishi_tkt_clientrealm_set          (Shishi_tkt *tkt,
                                                         const char *realm,
                                                         const char *client);
int                 shishi_tkt_decrypt                  (Shishi_tkt *tkt,
                                                         Shishi_key *key);
void                shishi_tkt_done                     (Shishi_tkt *tkt);
Shishi_asn1         shishi_tkt_enckdcreppart            (Shishi_tkt *tkt);
void                shishi_tkt_enckdcreppart_set        (Shishi_tkt *tkt,
                                                         Shishi_asn1 enckdcreppart);
Shishi_asn1         shishi_tkt_encticketpart            (Shishi_tkt *tkt);
void                shishi_tkt_encticketpart_set        (Shishi_tkt *tkt,
                                                         Shishi_asn1 encticketpart);
time_t              shishi_tkt_endctime                 (Shishi_tkt *tkt);
int                 shishi_tkt_endtime                  (Shishi_tkt *tkt,
                                                         char **endtime,
                                                         size_t *endtimelen);
int                 shishi_tkt_expired_p                (Shishi_tkt *tkt);
int                 shishi_tkt_flags                    (Shishi_tkt *tkt,
                                                         uint32_t *flags);
int                 shishi_tkt_flags_add                (Shishi_tkt *tkt,
                                                         uint32_t flag);
int                 shishi_tkt_flags_set                (Shishi_tkt *tkt,
                                                         uint32_t flags);
int                 shishi_tkt_forwardable_p            (Shishi_tkt *tkt);
int                 shishi_tkt_forwarded_p              (Shishi_tkt *tkt);
int                 shishi_tkt_hw_authent_p             (Shishi_tkt *tkt);
int                 shishi_tkt_initial_p                (Shishi_tkt *tkt);
int                 shishi_tkt_invalid_p                (Shishi_tkt *tkt);
Shishi_asn1         shishi_tkt_kdcrep                   (Shishi_tkt *tkt);
Shishi_key *        shishi_tkt_key                      (Shishi_tkt *tkt);
int                 shishi_tkt_key_set                  (Shishi_tkt *tkt,
                                                         Shishi_key *key);
int                 shishi_tkt_keytype                  (Shishi_tkt *tkt,
                                                         int32_t *etype);
int32_t             shishi_tkt_keytype_fast             (Shishi_tkt *tkt);
int                 shishi_tkt_keytype_p                (Shishi_tkt *tkt,
                                                         int32_t etype);
int                 shishi_tkt_lastreq                  (Shishi_tkt *tkt,
                                                         char **lrtime,
                                                         size_t *lrtimelen,
                                                         int32_t lrtype);
void                shishi_tkt_lastreq_pretty_print     (Shishi_tkt *tkt,
                                                         FILE *fh);
time_t              shishi_tkt_lastreqc                 (Shishi_tkt *tkt,
                                                         Shishi_lrtype lrtype);
int                 shishi_tkt_match_p                  (Shishi_tkt *tkt,
                                                         Shishi_tkts_hint *hint);
int                 shishi_tkt_may_postdate_p           (Shishi_tkt *tkt);
int                 shishi_tkt_ok_as_delegate_p         (Shishi_tkt *tkt);
int                 shishi_tkt_postdated_p              (Shishi_tkt *tkt);
int                 shishi_tkt_pre_authent_p            (Shishi_tkt *tkt);
void                shishi_tkt_pretty_print             (Shishi_tkt *tkt,
                                                         FILE *fh);
int                 shishi_tkt_proxiable_p              (Shishi_tkt *tkt);
int                 shishi_tkt_proxy_p                  (Shishi_tkt *tkt);
int                 shishi_tkt_realm                    (Shishi_tkt *tkt,
                                                         char **realm,
                                                         size_t *realmlen);
int                 shishi_tkt_renew_till               (Shishi_tkt *tkt,
                                                         char **renewtilltime,
                                                         size_t *renewtilllen);
time_t              shishi_tkt_renew_tillc              (Shishi_tkt *tkt);
int                 shishi_tkt_renewable_p              (Shishi_tkt *tkt);
int                 shishi_tkt_server                   (Shishi_tkt *tkt,
                                                         char **server,
                                                         size_t *serverlen);
int                 shishi_tkt_server_p                 (Shishi_tkt *tkt,
                                                         const char *server);
int                 shishi_tkt_serverrealm_set          (Shishi_tkt *tkt,
                                                         const char *realm,
                                                         const char *server);
time_t              shishi_tkt_startctime               (Shishi_tkt *tkt);
int                 shishi_tkt_starttime                (Shishi_tkt *tkt,
                                                         char **starttime,
                                                         size_t *starttimelen);
Shishi_asn1         shishi_tkt_ticket                   (Shishi_tkt *tkt);
void                shishi_tkt_ticket_set               (Shishi_tkt *tkt,
                                                         Shishi_asn1 ticket);
int                 shishi_tkt_transited_policy_checked_p
                                                        (Shishi_tkt *tkt);
int                 shishi_tkt_valid_at_time_p          (Shishi_tkt *tkt,
                                                         time_t now);
int                 shishi_tkt_valid_now_p              (Shishi_tkt *tkt);
int                 shishi_tkts                         (Shishi *handle,
                                                         Shishi_tkts **tkts);
int                 shishi_tkts_add                     (Shishi_tkts *tkts,
                                                         Shishi_tkt *tkt);
int                 shishi_tkts_add_ccache_file         (Shishi *handle,
                                                         const char *filename,
                                                         Shishi_tkts *tkts);
int                 shishi_tkts_add_ccache_mem          (Shishi *handle,
                                                         const char *data,
                                                         size_t len,
                                                         Shishi_tkts *tkts);
Shishi_tkts *       shishi_tkts_default                 (Shishi *handle);
const char *        shishi_tkts_default_ccache          (Shishi *handle);
char *              shishi_tkts_default_ccache_guess    (Shishi *handle);
void                shishi_tkts_default_ccache_set      (Shishi *handle,
                                                         const char *ccache);
const char *        shishi_tkts_default_file            (Shishi *handle);
char *              shishi_tkts_default_file_guess      (Shishi *handle);
void                shishi_tkts_default_file_set        (Shishi *handle,
                                                         const char *tktsfile);
int                 shishi_tkts_default_to_file         (Shishi_tkts *tkts);
void                shishi_tkts_done                    (Shishi_tkts **tkts);
int                 shishi_tkts_expire                  (Shishi_tkts *tkts);
Shishi_tkt *        shishi_tkts_find                    (Shishi_tkts *tkts,
                                                         Shishi_tkts_hint *hint);
Shishi_tkt *        shishi_tkts_find_for_clientserver   (Shishi_tkts *tkts,
                                                         const char *client,
                                                         const char *server);
Shishi_tkt *        shishi_tkts_find_for_server         (Shishi_tkts *tkts,
                                                         const char *server);
int                 shishi_tkts_from_ccache_file        (Shishi *handle,
                                                         const char *filename,
                                                         Shishi_tkts **outtkts);
int                 shishi_tkts_from_ccache_mem         (Shishi *handle,
                                                         const char *data,
                                                         size_t len,
                                                         Shishi_tkts **outtkts);
int                 shishi_tkts_from_file               (Shishi_tkts *tkts,
                                                         const char *filename);
Shishi_tkt *        shishi_tkts_get                     (Shishi_tkts *tkts,
                                                         Shishi_tkts_hint *hint);
Shishi_tkt *        shishi_tkts_get_for_clientserver    (Shishi_tkts *tkts,
                                                         const char *client,
                                                         const char *server);
Shishi_tkt *        shishi_tkts_get_for_localservicepasswd
                                                        (Shishi_tkts *tkts,
                                                         const char *service,
                                                         const char *passwd);
Shishi_tkt *        shishi_tkts_get_for_server          (Shishi_tkts *tkts,
                                                         const char *server);
Shishi_tkt *        shishi_tkts_get_tgs                 (Shishi_tkts *tkts,
                                                         Shishi_tkts_hint *hint,
                                                         Shishi_tkt *tgt);
Shishi_tkt *        shishi_tkts_get_tgt                 (Shishi_tkts *tkts,
                                                         Shishi_tkts_hint *hint);
int                 shishi_tkts_new                     (Shishi_tkts *tkts,
                                                         Shishi_asn1 ticket,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_asn1 kdcrep);
Shishi_tkt *        shishi_tkts_nth                     (Shishi_tkts *tkts,
                                                         int ticketno);
int                 shishi_tkts_print                   (Shishi_tkts *tkts,
                                                         FILE *fh);
int                 shishi_tkts_print_for_service       (Shishi_tkts *tkts,
                                                         FILE *fh,
                                                         const char *service);
int                 shishi_tkts_read                    (Shishi_tkts *tkts,
                                                         FILE *fh);
int                 shishi_tkts_remove                  (Shishi_tkts *tkts,
                                                         int ticketno);
int                 shishi_tkts_size                    (Shishi_tkts *tkts);
int                 shishi_tkts_to_file                 (Shishi_tkts *tkts,
                                                         const char *filename);
int                 shishi_tkts_write                   (Shishi_tkts *tkts,
                                                         FILE *fh);
void                shishi_verbose                      (Shishi *handle,
                                                         const char *format,
                                                         ...);
int                 shishi_verify                       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int cksumtype,
                                                         const char *in,
                                                         size_t inlen,
                                                         const char *cksum,
                                                         size_t cksumlen);
void                shishi_warn                         (Shishi *handle,
                                                         const char *format,
                                                         ...);
const char *        shishi_x509ca_default_file          (Shishi *handle);
char *              shishi_x509ca_default_file_guess    (Shishi *handle);
void                shishi_x509ca_default_file_set      (Shishi *handle,
                                                         const char *x509cafile);
const char *        shishi_x509cert_default_file        (Shishi *handle);
char *              shishi_x509cert_default_file_guess  (Shishi *handle);
void                shishi_x509cert_default_file_set    (Shishi *handle,
                                                         const char *x509certfile);
const char *        shishi_x509key_default_file         (Shishi *handle);
char *              shishi_x509key_default_file_guess   (Shishi *handle);
void                shishi_x509key_default_file_set     (Shishi *handle,
                                                         const char *x509keyfile);
void                shishi_xalloc_die                   (void);

Description

Details

SHISHI_DNS_IN

#define SHISHI_DNS_IN 1


SHISHI_DNS_SRV

#define SHISHI_DNS_SRV 33


SHISHI_DNS_TXT

#define SHISHI_DNS_TXT 16


SHISHI_GENERALIZEDTIMEZ_LENGTH

#define SHISHI_GENERALIZEDTIMEZ_LENGTH (SHISHI_GENERALIZEDTIME_LENGTH + 1)


SHISHI_GENERALIZEDTIME_LENGTH

#define SHISHI_GENERALIZEDTIME_LENGTH 15


SHISHI_VERSION

#define SHISHI_VERSION "1.0.2"


Shishi

  typedef struct Shishi Shishi;


enum Shishi_KDCOptions

typedef enum {
    SHISHI_KDCOPTIONS_RESERVED = 0x1, /* bit 0 */
    SHISHI_KDCOPTIONS_FORWARDABLE = 0x2, /* bit 1 */
    SHISHI_KDCOPTIONS_FORWARDED = 0x4, /* bit 2 */
    SHISHI_KDCOPTIONS_PROXIABLE = 0x8, /* bit 3 */
    SHISHI_KDCOPTIONS_PROXY = 0x10, /* bit 4 */
    SHISHI_KDCOPTIONS_ALLOW_POSTDATE = 0x20, /* bit 5 */
    SHISHI_KDCOPTIONS_POSTDATED = 0x40, /* bit 6 */
    SHISHI_KDCOPTIONS_UNUSED7 = 0x80, /* bit 7 */
    SHISHI_KDCOPTIONS_RENEWABLE = 0x100, /* bit 8 */
    SHISHI_KDCOPTIONS_UNUSED9 = 0x200, /* bit 9 */
    SHISHI_KDCOPTIONS_UNUSED10 = 0x400, /* bit 10 */
    SHISHI_KDCOPTIONS_UNUSED11 = 0x800 /* bit 11 */
#define SHISHI_KDCOPTIONS_DISABLE_TRANSITED_CHECK 0x4000000 /* bit 26 */
#define SHISHI_KDCOPTIONS_RENEWABLE_OK		  0x8000000 /* bit 27 */
#define SHISHI_KDCOPTIONS_ENC_TKT_IN_SKEY	  0x10000000 /* bit 28 */
#define SHISHI_KDCOPTIONS_RENEW			  0x40000000 /* bit 30 */
#define SHISHI_KDCOPTIONS_VALIDATE		  0x80000000 /* bit 31 */
} Shishi_KDCOptions;


Shishi_ap

  typedef struct Shishi_ap Shishi_ap;


enum Shishi_apoptions

typedef enum {
    SHISHI_APOPTIONS_RESERVED = 0x1, /* bit 0 */
    SHISHI_APOPTIONS_USE_SESSION_KEY = 0x2, /* bit 1 */
    SHISHI_APOPTIONS_MUTUAL_REQUIRED = 0x4 /* bit 2 */
} Shishi_apoptions;


Shishi_as

  typedef struct Shishi_as Shishi_as;


Shishi_asn1

  typedef ASN1_TYPE Shishi_asn1;


enum Shishi_authorization

typedef enum {
    SHISHI_AUTHORIZATION_BASIC = 0,
    SHISHI_AUTHORIZATION_K5LOGIN
} Shishi_authorization;


enum Shishi_cksumtype

typedef enum {
    SHISHI_CRC32 = 1,
    SHISHI_RSA_MD4 = 2,
    SHISHI_RSA_MD4_DES = 3,
    SHISHI_DES_MAC = 4,
    SHISHI_DES_MAC_K = 5,
    SHISHI_RSA_MD4_DES_K = 6,
    SHISHI_RSA_MD5 = 7,
    SHISHI_RSA_MD5_DES = 8,
    SHISHI_RSA_MD5_DES_GSS = 9, /* XXX */
    SHISHI_HMAC_SHA1_DES3_KD = 12,
    SHISHI_HMAC_SHA1_96_AES128 = 15,
    SHISHI_HMAC_SHA1_96_AES256 = 16,
    SHISHI_ARCFOUR_HMAC_MD5 = -138,
    SHISHI_KRB5_GSSAPI_CKSUM = 8003,
    SHISHI_NO_CKSUMTYPE = -1
} Shishi_cksumtype;


Shishi_crypto

  typedef struct Shishi_crypto Shishi_crypto;


Shishi_dns

  typedef struct Shishi_dns_st *Shishi_dns;


Shishi_dns_srv

  typedef struct Shishi_dns_srv_st *Shishi_dns_srv;


enum Shishi_etype

typedef enum {
    SHISHI_NULL = 0,
    SHISHI_DES_CBC_CRC = 1,
    SHISHI_DES_CBC_MD4 = 2,
    SHISHI_DES_CBC_MD5 = 3,
    SHISHI_DES_CBC_NONE = 4,
    SHISHI_DES3_CBC_NONE = 6,
    SHISHI_DES3_CBC_HMAC_SHA1_KD = 16,
    SHISHI_AES128_CTS_HMAC_SHA1_96 = 17,
    SHISHI_AES256_CTS_HMAC_SHA1_96 = 18,
    SHISHI_ARCFOUR_HMAC = 23,
    SHISHI_ARCFOUR_HMAC_EXP = 24
} Shishi_etype;


enum Shishi_filetype

typedef enum {
    SHISHI_FILETYPE_TEXT = 0,
    SHISHI_FILETYPE_DER,
    SHISHI_FILETYPE_HEX,
    SHISHI_FILETYPE_BASE64,
    SHISHI_FILETYPE_BINARY
} Shishi_filetype;


Shishi_key

  typedef struct Shishi_key Shishi_key;


Shishi_keys

  typedef struct Shishi_keys Shishi_keys;


enum Shishi_keyusage

typedef enum {
    /* 1. AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
       client key */
    SHISHI_KEYUSAGE_ASREQ_PA_ENC_TIMESTAMP = 1,
    /* 2. AS-REP Ticket and TGS-REP Ticket (includes TGS session key or
       application session key), encrypted with the service key  */
    SHISHI_KEYUSAGE_ENCTICKETPART = 2,
    /* 3. AS-REP encrypted part (includes TGS session key or application
       session key), encrypted with the client key */
    SHISHI_KEYUSAGE_ENCASREPPART = 3,
    /* 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS
       session key  */
    SHISHI_KEYUSAGE_TGSREQ_AUTHORIZATIONDATA_TGS_SESSION_KEY = 4,
    /* 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS
       authenticator subkey (section 5.4.1) */
    SHISHI_KEYUSAGE_TGSREQ_AUTHORIZATIONDATA_TGS_AUTHENTICATOR_KEY = 5,
    /* 6. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the
       TGS session key  */
    SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR_CKSUM = 6,
    /* 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS
       authenticator subkey), encrypted with the TGS session key */
    SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR = 7,
    /* 8. TGS-REP encrypted part (includes application session key), encrypted
       with the TGS session key */
    SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY = 8,
    /* 9. TGS-REP encrypted part (includes application session key), encrypted
       with the TGS authenticator subkey */
    SHISHI_KEYUSAGE_ENCTGSREPPART_AUTHENTICATOR_KEY = 9,
    /* 10. AP-REQ Authenticator cksum, keyed with the application
       session key */
    SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR_CKSUM = 10,
    /* 11. AP-REQ Authenticator (includes application authenticator subkey),
       encrypted with the application session key */
    SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR = 11,
    /* 12. AP-REP encrypted part (includes application session subkey),
       encrypted with the application session key */
    SHISHI_KEYUSAGE_ENCAPREPPART = 12,
    /* 13. KRB-PRIV encrypted part, encrypted with a key chosen by the
       application */
    SHISHI_KEYUSAGE_KRB_PRIV = 13,
    /* 14. KRB-CRED encrypted part, encrypted with a key chosen by the
       application */
    SHISHI_KEYUSAGE_KRB_CRED = 14,
    /* 15. KRB-SAFE cksum, keyed with a key chosen by the application */
    SHISHI_KEYUSAGE_KRB_SAFE = 15,
    /* 18. KRB-ERROR checksum (e-cksum) */
    SHISHI_KEYUSAGE_KRB_ERROR = 18,
    /* 19. AD-KDCIssued checksum (ad-checksum) */
    SHISHI_KEYUSAGE_AD_KDCISSUED = 19,
    /* 20. Checksum for Mandatory Ticket Extensions */
    SHISHI_KEYUSAGE_TICKET_EXTENSION = 20,
    /* 21. Checksum in Authorization Data in Ticket Extensions */
    SHISHI_KEYUSAGE_TICKET_EXTENSION_AUTHORIZATION = 21,
    /* 22-24. Reserved for use in GSSAPI mechanisms derived from RFC 1964.
       (raeburn/MIT) */
    SHISHI_KEYUSAGE_GSS_R1 = 22,
    SHISHI_KEYUSAGE_GSS_R2 = 23,
    SHISHI_KEYUSAGE_GSS_R3 = 24,
    /* draft-ietf-krb-wg-gssapi-cfx */
    SHISHI_KEYUSAGE_ACCEPTOR_SEAL = 22,
    SHISHI_KEYUSAGE_ACCEPTOR_SIGN = 23,
    SHISHI_KEYUSAGE_INITIATOR_SEAL = 24,
    SHISHI_KEYUSAGE_INITIATOR_SIGN = 25,
    /* 16-18,20-21,25-511. Reserved for future use. */
    /* 512-1023.  Reserved for uses internal implementations. */
    /* 1024.         Encryption for application use in protocols that
       do not specify key usage values */
    /* 1025.         Checksums for application use in protocols that
       do not specify key usage values */
    /* 1026-2047.      Reserved for application use.
       1026,1028,1030,1032,1034 used in KCMD protocol */
    SHISHI_KEYUSAGE_KCMD_DES = 1026,
    SHISHI_KEYUSAGE_KCMD_INPUT = 1028,
    SHISHI_KEYUSAGE_KCMD_OUTPUT = 1030,
    SHISHI_KEYUSAGE_KCMD_STDERR_INPUT = 1032,
    SHISHI_KEYUSAGE_KCMD_STDERR_OUTPUT = 1034
} Shishi_keyusage;


enum Shishi_krb_error

typedef enum {
    /* No error */
    SHISHI_KDC_ERR_NONE = 0,
    /* Client's entry in database has expired */
    SHISHI_KDC_ERR_NAME_EXP = 1,
    /* Server's entry in database has expired */
    SHISHI_KDC_ERR_SERVICE_EXP = 2,
    /* Requested protocol version number  - not supported */
    SHISHI_KDC_ERR_BAD_PVNO = 3,
    /* Client's key encrypted in old master key */
    SHISHI_KDC_ERR_C_OLD_MAST_KVNO = 4,
    /* Server's key encrypted in old master key */
    SHISHI_KDC_ERR_S_OLD_MAST_KVNO = 5,
    /* Client not found in database */
    SHISHI_KDC_ERR_C_PRINCIPAL_UNKNOWN = 6,
    /* Server not found in database */
    SHISHI_KDC_ERR_S_PRINCIPAL_UNKNOWN = 7,
    /* Multiple principal entries in database */
    SHISHI_KDC_ERR_PRINCIPAL_NOT_UNIQUE = 8,
    /* The client or server has a null key */
    SHISHI_KDC_ERR_NULL_KEY = 9,
    /* Ticket not eligible for postdating */
    SHISHI_KDC_ERR_CANNOT_POSTDATE = 10,
    /* Requested start time is later than end time */
    SHISHI_KDC_ERR_NEVER_VALID = 11,
    /* KDC policy rejects request */
    SHISHI_KDC_ERR_POLICY = 12,
    /* KDC cannot accommodate requested option */
    SHISHI_KDC_ERR_BADOPTION = 13,
    /* KDC has no support for encryption type */
    SHISHI_KDC_ERR_ETYPE_NOSUPP = 14,
    /* KDC has no support for checksum type */
    SHISHI_KDC_ERR_SUMTYPE_NOSUPP = 15,
    /* KDC has no support for padata type */
    SHISHI_KDC_ERR_PADATA_TYPE_NOSUPP = 16,
    /* KDC has no support for transited type */
    SHISHI_KDC_ERR_TRTYPE_NOSUPP = 17,
    /* Clients credentials have been revoked */
    SHISHI_KDC_ERR_CLIENT_REVOKED = 18,
    /* Credentials for server have been revoked */
    SHISHI_KDC_ERR_SERVICE_REVOKED = 19,
    /* TGT has been revoked */
    SHISHI_KDC_ERR_TGT_REVOKED = 20,
    /* Client not yet valid - try again later */
    SHISHI_KDC_ERR_CLIENT_NOTYET = 21,
    /* Server not yet valid - try again later */
    SHISHI_KDC_ERR_SERVICE_NOTYET = 22,
    /* Password has expired - change password to reset */
    SHISHI_KDC_ERR_KEY_EXPIRED = 23,
    /* Pre-authentication information was invalid */
    SHISHI_KDC_ERR_PREAUTH_FAILED = 24,
    /* Additional pre-authenticationrequired */
    SHISHI_KDC_ERR_PREAUTH_REQUIRED = 25,
    /* Requested server and ticket don't match */
    SHISHI_KDC_ERR_SERVER_NOMATCH = 26,
    /* Server principal valid for user = 2,user only */
    SHISHI_KDC_ERR_MUST_USE_USER2USER = 27,
    /* KDC Policy rejects transited path */
    SHISHI_KDC_ERR_PATH_NOT_ACCPETED = 28,
    /* A service is not available */
    SHISHI_KDC_ERR_SVC_UNAVAILABLE = 29,
    /* Integrity check on decrypted field failed */
    SHISHI_KRB_AP_ERR_BAD_INTEGRITY = 31,
    /* Ticket expired */
    SHISHI_KRB_AP_ERR_TKT_EXPIRED = 32,
    /* Ticket not yet valid */
    SHISHI_KRB_AP_ERR_TKT_NYV = 33,
    /* Request is a replay */
    SHISHI_KRB_AP_ERR_REPEAT = 34,
    /* The ticket isn't for us */
    SHISHI_KRB_AP_ERR_NOT_US = 35,
    /* Ticket and authenticator don't match */
    SHISHI_KRB_AP_ERR_BADMATCH = 36,
    /* Clock skew too great */
    SHISHI_KRB_AP_ERR_SKEW = 37,
    /* Incorrect net address */
    SHISHI_KRB_AP_ERR_BADADDR = 38,
    /* Protocol version mismatch */
    SHISHI_KRB_AP_ERR_BADVERSION = 39,
    /* Invalid msg type */
    SHISHI_KRB_AP_ERR_MSG_TYPE = 40,
    /* Message stream modified */
    SHISHI_KRB_AP_ERR_MODIFIED = 41,
    /* Message out of order */
    SHISHI_KRB_AP_ERR_BADORDER = 42,
    /* Specified version of key is not available */
    SHISHI_KRB_AP_ERR_BADKEYVER = 44,
    /* Service key not available */
    SHISHI_KRB_AP_ERR_NOKEY = 45,
    /* Mutual authentication failed */
    SHISHI_KRB_AP_ERR_MUT_FAIL = 46,
    /* Incorrect message direction */
    SHISHI_KRB_AP_ERR_BADDIRECTION = 47,
    /* Alternative authentication method required */
    SHISHI_KRB_AP_ERR_METHOD = 48,
    /* Incorrect sequence number in message */
    SHISHI_KRB_AP_ERR_BADSEQ = 49,
    /* Inappropriate type of checksum in message */
    SHISHI_KRB_AP_ERR_INAPP_CKSUM = 50,
    /* Policy rejects transited path */
    SHISHI_KRB_AP_PATH_NOT_ACCEPTED = 51,
    /* Response too big for UDP, retry with TCP */
    SHISHI_KRB_ERR_RESPONSE_TOO_BIG = 52,
    /* Generic error (description in e-text) */
    SHISHI_KRB_ERR_GENERIC = 60,
    /* Field is too long for this implementation */
    SHISHI_KRB_ERR_FIELD_TOOLONG = 61,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERROR_CLIENT_NOT_TRUSTED = 62,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERROR_KDC_NOT_TRUSTED = 63,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERROR_INVALID_SIG = 64,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_KEY_TOO_WEAK = 65,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_CERTIFICATE_MISMATCH = 66,
    /* No TGT available to validate USER-TO-USER */
    SHISHI_KRB_AP_ERR_NO_TGT = 67,
    /* USER-TO-USER TGT issued different KDC */
    SHISHI_KDC_ERR_WRONG_REALM = 68,
    /* Ticket must be for USER-TO-USER */
    SHISHI_KRB_AP_ERR_USER_TO_USER_REQUIRED = 69,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_CANT_VERIFY_CERTIFICATE = 70,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_INVALID_CERTIFICATE = 71,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_REVOKED_CERTIFICATE = 72,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_REVOCATION_STATUS_UNKNOWN = 73,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE = 74,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_CLIENT_NAME_MISMATCH = 75,
    /* Reserved for PKINIT */
    SHISHI_KDC_ERR_KDC_NAME_MISMATCH = 76,
    SHISHI_LAST_ERROR_CODE = 76
} Shishi_krb_error;


enum Shishi_lrtype

typedef enum {
    SHISHI_LRTYPE_LAST_INITIAL_TGT_REQUEST = 1,
    SHISHI_LRTYPE_LAST_INITIAL_REQUEST = 2,
    SHISHI_LRTYPE_NEWEST_TGT_ISSUE = 3,
    SHISHI_LRTYPE_LAST_RENEWAL = 4,
    SHISHI_LRTYPE_LAST_REQUEST = 5
} Shishi_lrtype;


enum Shishi_msgtype

typedef enum {
    /* 0                             unused */
    /* 1              Ticket         PDU */
    /* 2              Authenticator  non-PDU */
    /* 3              EncTicketPart  non-PDU */
    /* 4-9                           unused */
    /* Request for initial authentication */
    SHISHI_MSGTYPE_AS_REQ = 10,
    /* Response to SHISHI_MSGTYPE_AS_REQ request */
    SHISHI_MSGTYPE_AS_REP = 11,
    /* Request for authentication based on TGT */
    SHISHI_MSGTYPE_TGS_REQ = 12,
    /* Response to SHISHI_MSGTYPE_TGS_REQ request */
    SHISHI_MSGTYPE_TGS_REP = 13,
    /* application request to server */
    SHISHI_MSGTYPE_AP_REQ = 14,
    /* Response to SHISHI_MSGTYPE_AP_REQ_MUTUAL */
    SHISHI_MSGTYPE_AP_REP = 15,
    /* Reserved for user-to-user krb_tgt_request */
    SHISHI_MSGTYPE_RESERVED16 = 16,
    /* Reserved for user-to-user krb_tgt_reply */
    SHISHI_MSGTYPE_RESERVED17 = 17,
    /* 18-19                         unused */
    /* Safe (checksummed) application message */
    SHISHI_MSGTYPE_SAFE = 20,
    /* Private (encrypted) application message */
    SHISHI_MSGTYPE_PRIV = 21,
    /* Private (encrypted) message to forward credentials */
    SHISHI_MSGTYPE_CRED = 22,
    /* 23-24                         unused */
    /* 25             EncASRepPart   non-PDU */
    /* 26             EncTGSRepPart  non-PDU */
    /* 27             EncApRepPart   non-PDU */
    /* 28             EncKrbPrivPart non-PDU */
    /* 29             EncKrbCredPart non-PDU */
    /* Error response */
    SHISHI_MSGTYPE_ERROR = 30
} Shishi_msgtype;


enum Shishi_name_type

typedef enum {
    /* Name type not known */
    SHISHI_NT_UNKNOWN = 0,
    /* Just the name of the principal as in DCE, or for users */
    SHISHI_NT_PRINCIPAL = 1,
    /* Service and other unique instance (krbtgt) */
    SHISHI_NT_SRV_INST = 2,
    /* Service with host name as instance (telnet, rcommands) */
    SHISHI_NT_SRV_HST = 3,
    /* Service with host as remaining components */
    SHISHI_NT_SRV_XHST = 4,
    /* Unique ID */
    SHISHI_NT_UID = 5,
    /* Encoded X.509 Distingished name [RFC 2253] */
    SHISHI_NT_X500_PRINCIPAL = 6,
    /* Name in form of SMTP email name (e.g. user@foo.com) */
    SHISHI_NT_SMTP_NAME = 7,
    /*  Enterprise name - may be mapped to principal name */
    SHISHI_NT_ENTERPRISE = 10
} Shishi_name_type;


enum Shishi_outputtype

typedef enum {
    SHISHI_OUTPUTTYPE_NULL = 0,
    SHISHI_OUTPUTTYPE_STDERR,
    SHISHI_OUTPUTTYPE_SYSLOG
} Shishi_outputtype;


enum Shishi_padata_type

typedef enum {
    SHISHI_PA_TGS_REQ = 1,
    SHISHI_PA_ENC_TIMESTAMP = 2,
    SHISHI_PA_PW_SALT = 3,
    SHISHI_PA_RESERVED = 4,
    SHISHI_PA_ENC_UNIX_TIME = 5, /* (deprecated) */
    SHISHI_PA_SANDIA_SECUREID = 6,
    SHISHI_PA_SESAME = 7,
    SHISHI_PA_OSF_DCE = 8,
    SHISHI_PA_CYBERSAFE_SECUREID = 9,
    SHISHI_PA_AFS3_SALT = 10,
    SHISHI_PA_ETYPE_INFO = 11,
    SHISHI_PA_SAM_CHALLENGE = 12, /* (sam/otp) */
    SHISHI_PA_SAM_RESPONSE = 13, /* (sam/otp) */
    SHISHI_PA_PK_AS_REQ = 14, /* (pkinit) */
    SHISHI_PA_PK_AS_REP = 15, /* (pkinit) */
    SHISHI_PA_ETYPE_INFO2 = 19, /* (replaces pa_etype_info) */
    SHISHI_PA_USE_SPECIFIED_KVNO = 20,
    SHISHI_PA_SAM_REDIRECT = 21, /* (sam/otp) */
    SHISHI_PA_GET_FROM_TYPED_DATA = 22, /* (embedded in typed data) */
    SHISHI_TD_PADATA = 22, /* (embeds padata) */
    SHISHI_PA_SAM_ETYPE_INFO = 23, /* (sam/otp) */
    SHISHI_PA_ALT_PRINC = 24, /* (crawdad@fnal.gov) */
    SHISHI_PA_SAM_CHALLENGE2 = 30, /* (kenh@pobox.com) */
    SHISHI_PA_SAM_RESPONSE2 = 31, /* (kenh@pobox.com) */
    SHISHI_PA_EXTRA_TGT = 41, /* Reserved extra TGT */
    SHISHI_TD_PKINIT_CMS_CERTIFICATES = 101, /* CertificateSet from CMS */
    SHISHI_TD_KRB_PRINCIPAL = 102, /* PrincipalName */
    SHISHI_TD_KRB_REALM = 103, /* Realm */
    SHISHI_TD_TRUSTED_CERTIFIERS = 104, /* from PKINIT */
    SHISHI_TD_CERTIFICATE_INDEX = 105, /* from PKINIT */
    SHISHI_TD_APP_DEFINED_ERROR = 106, /* application specific */
    SHISHI_TD_REQ_NONCE = 107, /* INTEGER */
    SHISHI_TD_REQ_SEQ = 108, /* INTEGER */
    SHISHI_PA_PAC_REQUEST = 128 /* (jbrezak@exchange.microsoft.com) */
} Shishi_padata_type;


Shishi_priv

  typedef struct Shishi_priv Shishi_priv;


enum Shishi_rc

typedef enum {
    SHISHI_OK = 0,
    SHISHI_ASN1_ERROR = 1,
    SHISHI_FOPEN_ERROR = 2,
    SHISHI_IO_ERROR = 3,
    SHISHI_MALLOC_ERROR = 4,
    SHISHI_BASE64_ERROR = 5,
    SHISHI_REALM_MISMATCH = 6,
    SHISHI_CNAME_MISMATCH = 7,
    SHISHI_NONCE_MISMATCH = 8,
    SHISHI_TGSREP_BAD_KEYTYPE = 9,
    SHISHI_KDCREP_BAD_KEYTYPE = 10,
    SHISHI_APREP_BAD_KEYTYPE = 11,
    SHISHI_APREP_VERIFY_FAILED = 12,
    SHISHI_APREQ_BAD_KEYTYPE = 13,
    SHISHI_TOO_SMALL_BUFFER = 14,
    SHISHI_DERIVEDKEY_TOO_SMALL = 15,
    SHISHI_KEY_TOO_LARGE = 16,
    SHISHI_CRYPTO_ERROR = 17,
    SHISHI_CRYPTO_INTERNAL_ERROR = 18,
    SHISHI_SOCKET_ERROR = 19,
    SHISHI_BIND_ERROR = 20,
    SHISHI_SENDTO_ERROR = 21,
    SHISHI_RECVFROM_ERROR = 22,
    SHISHI_CLOSE_ERROR = 23,
    SHISHI_KDC_TIMEOUT = 24,
    SHISHI_KDC_NOT_KNOWN_FOR_REALM = 25,
    SHISHI_TTY_ERROR = 26,
    SHISHI_GOT_KRBERROR = 27,
    SHISHI_HANDLE_ERROR = 28,
    SHISHI_INVALID_TKTS = 29,
    SHISHI_TICKET_BAD_KEYTYPE = 30,
    SHISHI_INVALID_KEY = 31,
    SHISHI_APREQ_DECRYPT_FAILED = 32,
    SHISHI_TICKET_DECRYPT_FAILED = 33,
    SHISHI_INVALID_TICKET = 34,
    SHISHI_OUT_OF_RANGE = 35,
    SHISHI_ASN1_NO_ELEMENT = 36,
    SHISHI_SAFE_BAD_KEYTYPE = 37,
    SHISHI_SAFE_VERIFY_FAILED = 38,
    SHISHI_PKCS5_INVALID_PRF = 39,
    SHISHI_PKCS5_INVALID_ITERATION_COUNT = 40,
    SHISHI_PKCS5_INVALID_DERIVED_KEY_LENGTH = 41,
    SHISHI_PKCS5_DERIVED_KEY_TOO_LONG = 42,
    SHISHI_INVALID_PRINCIPAL_NAME = 43,
    SHISHI_INVALID_ARGUMENT = 44,
    SHISHI_ASN1_NO_VALUE = 45,
    SHISHI_CONNECT_ERROR = 46,
    SHISHI_VERIFY_FAILED = 47,
    SHISHI_PRIV_BAD_KEYTYPE = 48,
    SHISHI_FILE_ERROR = 49,
    SHISHI_ENCAPREPPART_BAD_KEYTYPE = 50,
    SHISHI_GETTIMEOFDAY_ERROR = 51,
    SHISHI_KEYTAB_ERROR = 52,
    SHISHI_CCACHE_ERROR = 53,
    SHISHI_LAST_ERROR = 53
} Shishi_rc;


Shishi_safe

  typedef struct Shishi_safe Shishi_safe;


Shishi_tgs

  typedef struct Shishi_tgs Shishi_tgs;


enum Shishi_ticketflags

typedef enum {
    SHISHI_TICKETFLAGS_RESERVED = 0x1, /* bit 0 */
    SHISHI_TICKETFLAGS_FORWARDABLE = 0x2, /* bit 1 */
    SHISHI_TICKETFLAGS_FORWARDED = 0x4, /* bit 2 */
    SHISHI_TICKETFLAGS_PROXIABLE = 0x8, /* bit 3 */
    SHISHI_TICKETFLAGS_PROXY = 0x10, /* bit 4 */
    SHISHI_TICKETFLAGS_MAY_POSTDATE = 0x20, /* bit 5 */
    SHISHI_TICKETFLAGS_POSTDATED = 0x40, /* bit 6 */
    SHISHI_TICKETFLAGS_INVALID = 0x80, /* bit 7 */
    SHISHI_TICKETFLAGS_RENEWABLE = 0x100, /* bit 8 */
    SHISHI_TICKETFLAGS_INITIAL = 0x200, /* bit 9 */
    SHISHI_TICKETFLAGS_PRE_AUTHENT = 0x400, /* bit 10 */
    SHISHI_TICKETFLAGS_HW_AUTHENT = 0x800, /* bit 11 */
    SHISHI_TICKETFLAGS_TRANSITED_POLICY_CHECKED = 0x1000, /* bit 12 */
    SHISHI_TICKETFLAGS_OK_AS_DELEGATE = 0x2000 /* bit 13 */
} Shishi_ticketflags;


Shishi_tkt

  typedef struct Shishi_tkt Shishi_tkt;


Shishi_tkts

  typedef struct Shishi_tkts Shishi_tkts;


Shishi_tkts_hint

  typedef struct Shishi_tkts_hint Shishi_tkts_hint;


enum Shishi_tkts_hintflags

typedef enum {
    SHISHI_TKTSHINTFLAGS_ACCEPT_EXPIRED = 1,
    SHISHI_TKTSHINTFLAGS_NON_INTERACTIVE = 2
} Shishi_tkts_hintflags;


enum Shishi_tr_type

typedef enum {
    SHISHI_TR_DOMAIN_X500_COMPRESS = 1
} Shishi_tr_type;


shishi ()

Shishi *            shishi                              (void);

Initializes the Shishi library, and set up, using shishi_error_set_outputtype(), the library so that future warnings and informational messages are printed to stderr. If this function fails, it may print diagnostic errors to stderr.

Returns :

Returns Shishi library handle, or NULL on error.

shishi_3des ()

int                 shishi_3des                         (Shishi *handle,
                                                         int decryptp,
                                                         const char key[24],
                                                         const char iv[8],
                                                         char *ivout[8],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);

Encrypt or decrypt data (depending on decryptp) using 3DES in CBC mode. The out buffer must be deallocated by the caller.

handle :

shishi handle as allocated by shishi_init().

decryptp :

0 to indicate encryption, non-0 to indicate decryption.

key :

input character array with key to use.

iv :

input character array with initialization vector to use, or NULL.

ivout :

output character array with updated initialization vector, or NULL.

in :

input character array of data to encrypt/decrypt.

inlen :

length of input character array of data to encrypt/decrypt.

out :

newly allocated character array with encrypted/decrypted data.

Returns :

Returns SHISHI_OK iff successful.

shishi_aes_cts ()

int                 shishi_aes_cts                      (Shishi *handle,
                                                         int decryptp,
                                                         const char *key,
                                                         size_t keylen,
                                                         const char iv[16],
                                                         char *ivout[16],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);

Encrypt or decrypt data (depending on decryptp) using AES in CBC-CTS mode. The length of the key, keylen, decide if AES 128 or AES 256 should be used. The out buffer must be deallocated by the caller.

handle :

shishi handle as allocated by shishi_init().

decryptp :

0 to indicate encryption, non-0 to indicate decryption.

key :

input character array with key to use.

keylen :

length of input character array with key to use.

iv :

input character array with initialization vector to use, or NULL.

ivout :

output character array with updated initialization vector, or NULL.

in :

input character array of data to encrypt/decrypt.

inlen :

length of input character array of data to encrypt/decrypt.

out :

newly allocated character array with encrypted/decrypted data.

Returns :

Returns SHISHI_OK iff successful.

shishi_alloc_fail_function ()

void                (*shishi_alloc_fail_function)       (void);


shishi_ap ()

int                 shishi_ap                           (Shishi *handle,
                                                         Shishi_ap **ap);

Create a new AP exchange with a random subkey of the default encryption type from configuration. Note that there is no guarantee that the receiver will understand that key type, you should probably use shishi_ap_etype() or shishi_ap_nosubkey() instead. In the future, this function will likely behave as shishi_ap_nosubkey() and shishi_ap_nosubkey() will be removed.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_authenticator ()

Shishi_asn1         shishi_ap_authenticator             (Shishi_ap *ap);

Get ASN.1 Authenticator structure from AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Returns the Authenticator from the AP exchange, or NULL if not yet set or an error occured.

shishi_ap_authenticator_cksumdata ()

int                 shishi_ap_authenticator_cksumdata   (Shishi_ap *ap,
                                                         char *out,
                                                         size_t *len);

Get checksum data from Authenticator.

ap :

structure that holds information about AP exchange

out :

output array that holds authenticator checksum data.

len :

on input, maximum length of output array that holds authenticator checksum data, on output actual length of output array that holds authenticator checksum data.

Returns :

Returns SHISHI_OK if successful, or SHISHI_TOO_SMALL_BUFFER if buffer provided was too small (then len will hold necessary buffer size).

shishi_ap_authenticator_cksumdata_set ()

void                shishi_ap_authenticator_cksumdata_set
                                                        (Shishi_ap *ap,
                                                         const char *authenticatorcksumdata,
                                                         size_t authenticatorcksumdatalen);

Set the Authenticator Checksum Data in the AP exchange. This is the data that will be checksumed, and the checksum placed in the checksum field. It is not the actual checksum field. See also shishi_ap_authenticator_cksumraw_set.

ap :

structure that holds information about AP exchange

authenticatorcksumdata :

input array with data to compute checksum on and store in Authenticator in AP-REQ.

authenticatorcksumdatalen :

length of input array with data to compute checksum on and store in Authenticator in AP-REQ.

shishi_ap_authenticator_cksumraw_set ()

void                shishi_ap_authenticator_cksumraw_set
                                                        (Shishi_ap *ap,
                                                         int32_t authenticatorcksumtype,
                                                         const char *authenticatorcksumraw,
                                                         size_t authenticatorcksumrawlen);

Set the Authenticator Checksum Data in the AP exchange. This is the actual checksum field, not data to compute checksum on and then store in the checksum field. See also shishi_ap_authenticator_cksumdata_set.

ap :

structure that holds information about AP exchange

authenticatorcksumtype :

authenticator checksum type to set in AP.

authenticatorcksumraw :

input array with authenticator checksum field value to set in Authenticator in AP-REQ.

authenticatorcksumrawlen :

length of input array with authenticator checksum field value to set in Authenticator in AP-REQ.

shishi_ap_authenticator_cksumtype ()

int32_t             shishi_ap_authenticator_cksumtype   (Shishi_ap *ap);

Get the Authenticator Checksum Type in the AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Return the authenticator checksum type.

shishi_ap_authenticator_cksumtype_set ()

void                shishi_ap_authenticator_cksumtype_set
                                                        (Shishi_ap *ap,
                                                         int32_t cksumtype);

Set the Authenticator Checksum Type in the AP exchange.

ap :

structure that holds information about AP exchange

cksumtype :

authenticator checksum type to set in AP.

shishi_ap_authenticator_set ()

void                shishi_ap_authenticator_set         (Shishi_ap *ap,
                                                         Shishi_asn1 authenticator);

Set the Authenticator in the AP exchange.

ap :

structure that holds information about AP exchange

authenticator :

authenticator to store in AP.

shishi_ap_done ()

void                shishi_ap_done                      (Shishi_ap *ap);

Deallocate resources associated with AP exchange. This should be called by the application when it no longer need to utilize the AP exchange handle.

ap :

structure that holds information about AP exchange

shishi_ap_encapreppart ()

Shishi_asn1         shishi_ap_encapreppart              (Shishi_ap *ap);

Get ASN.1 EncAPRepPart structure from AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Returns the EncAPREPPart from the AP exchange, or NULL if not yet set or an error occured.

shishi_ap_encapreppart_set ()

void                shishi_ap_encapreppart_set          (Shishi_ap *ap,
                                                         Shishi_asn1 encapreppart);

Set the EncAPRepPart in the AP exchange.

ap :

structure that holds information about AP exchange

encapreppart :

EncAPRepPart to store in AP.

shishi_ap_etype ()

int                 shishi_ap_etype                     (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         int etype);

Create a new AP exchange with a random subkey of indicated encryption type.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

etype :

encryption type of newly generated random subkey.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_etype_tktoptionsdata ()

int                 shishi_ap_etype_tktoptionsdata      (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         int32_t etype,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         const char *data,
                                                         size_t len);

Create a new AP exchange using shishi_ap(), and set the ticket, AP-REQ apoptions and the Authenticator checksum data using shishi_ap_set_tktoptionsdata(). A random session key is added to the authenticator, using the same keytype as the ticket.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

etype :

encryption type of newly generated random subkey.

tkt :

ticket to set in newly created AP.

options :

AP-REQ options to set in newly created AP.

data :

input array with data to checksum in Authenticator.

len :

length of input array with data to checksum in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_key ()

Shishi_key *        shishi_ap_key                       (Shishi_ap *ap);

Extract the application key from AP. If subkeys are used, it is taken from the Authenticator, otherwise the session key is used.

ap :

structure that holds information about AP exchange

Returns :

Return application key from AP.

shishi_ap_nosubkey ()

int                 shishi_ap_nosubkey                  (Shishi *handle,
                                                         Shishi_ap **ap);

Create a new AP exchange without subkey in authenticator.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_option2string ()

const char *        shishi_ap_option2string             (Shishi_apoptions option);

Convert AP-Option type to AP-Option name string. Note that option must be just one of the AP-Option types, it cannot be an binary ORed indicating several AP-Options.

option :

enumerated AP-Option type, see Shishi_apoptions.

Returns :

Returns static string with name of AP-Option that must not be deallocated, or "unknown" if AP-Option was not understood.

shishi_ap_rep ()

Shishi_asn1         shishi_ap_rep                       (Shishi_ap *ap);

Get ASN.1 AP-REP structure from AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Returns the AP-REP from the AP exchange, or NULL if not yet set or an error occured.

shishi_ap_rep_asn1 ()

int                 shishi_ap_rep_asn1                  (Shishi_ap *ap,
                                                         Shishi_asn1 *aprep);

Build AP-REP using shishi_ap_rep_build() and return it.

ap :

structure that holds information about AP exchange

aprep :

output AP-REP variable.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_rep_build ()

int                 shishi_ap_rep_build                 (Shishi_ap *ap);

Checksum data in authenticator and add ticket and authenticator to AP-REP.

ap :

structure that holds information about AP exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_rep_der ()

int                 shishi_ap_rep_der                   (Shishi_ap *ap,
                                                         char **out,
                                                         size_t *outlen);

Build AP-REP using shishi_ap_rep_build() and DER encode it. out is allocated by this function, and it is the responsibility of caller to deallocate it.

ap :

structure that holds information about AP exchange

out :

output array with newly allocated DER encoding of AP-REP.

outlen :

length of output array with DER encoding of AP-REP.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_rep_der_set ()

int                 shishi_ap_rep_der_set               (Shishi_ap *ap,
                                                         char *der,
                                                         size_t derlen);

DER decode AP-REP and set it AP exchange. If decoding fails, the AP-REP in the AP exchange remains.

ap :

structure that holds information about AP exchange

der :

input array with DER encoded AP-REP.

derlen :

length of input array with DER encoded AP-REP.

Returns :

Returns SHISHI_OK.

shishi_ap_rep_set ()

void                shishi_ap_rep_set                   (Shishi_ap *ap,
                                                         Shishi_asn1 aprep);

Set the AP-REP in the AP exchange.

ap :

structure that holds information about AP exchange

aprep :

aprep to store in AP.

shishi_ap_rep_verify ()

int                 shishi_ap_rep_verify                (Shishi_ap *ap);

Verify AP-REP compared to Authenticator.

ap :

structure that holds information about AP exchange

Returns :

Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an error.

shishi_ap_rep_verify_asn1 ()

int                 shishi_ap_rep_verify_asn1           (Shishi_ap *ap,
                                                         Shishi_asn1 aprep);

Set the AP-REP in the AP exchange using shishi_ap_rep_set() and verify it using shishi_ap_rep_verify().

ap :

structure that holds information about AP exchange

aprep :

input AP-REP.

Returns :

Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an error.

shishi_ap_rep_verify_der ()

int                 shishi_ap_rep_verify_der            (Shishi_ap *ap,
                                                         char *der,
                                                         size_t derlen);

DER decode AP-REP and set it in AP exchange using shishi_ap_rep_der_set() and verify it using shishi_ap_rep_verify().

ap :

structure that holds information about AP exchange

der :

input array with DER encoded AP-REP.

derlen :

length of input array with DER encoded AP-REP.

Returns :

Returns SHISHI_OK, SHISHI_APREP_VERIFY_FAILED or an error.

shishi_ap_req ()

Shishi_asn1         shishi_ap_req                       (Shishi_ap *ap);

Get ASN.1 AP-REQ structure from AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Returns the AP-REQ from the AP exchange, or NULL if not yet set or an error occured.

shishi_ap_req_asn1 ()

int                 shishi_ap_req_asn1                  (Shishi_ap *ap,
                                                         Shishi_asn1 *apreq);

Build AP-REQ using shishi_ap_req_build() and return it.

ap :

structure that holds information about AP exchange

apreq :

output AP-REQ variable.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_req_build ()

int                 shishi_ap_req_build                 (Shishi_ap *ap);

Checksum data in authenticator and add ticket and authenticator to AP-REQ.

ap :

structure that holds information about AP exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_req_decode ()

int                 shishi_ap_req_decode                (Shishi_ap *ap);

Decode ticket in AP-REQ and set the Ticket fields in the AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_req_der ()

int                 shishi_ap_req_der                   (Shishi_ap *ap,
                                                         char **out,
                                                         size_t *outlen);

Build AP-REQ using shishi_ap_req_build() and DER encode it. out is allocated by this function, and it is the responsibility of caller to deallocate it.

ap :

structure that holds information about AP exchange

out :

pointer to output array with der encoding of AP-REQ.

outlen :

pointer to length of output array with der encoding of AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_req_der_set ()

int                 shishi_ap_req_der_set               (Shishi_ap *ap,
                                                         char *der,
                                                         size_t derlen);

DER decode AP-REQ and set it AP exchange. If decoding fails, the AP-REQ in the AP exchange is lost.

ap :

structure that holds information about AP exchange

der :

input array with DER encoded AP-REQ.

derlen :

length of input array with DER encoded AP-REQ.

Returns :

Returns SHISHI_OK.

shishi_ap_req_process ()

int                 shishi_ap_req_process               (Shishi_ap *ap,
                                                         Shishi_key *key);

Decrypt ticket in AP-REQ using supplied key and decrypt Authenticator in AP-REQ using key in decrypted ticket, and on success set the Ticket and Authenticator fields in the AP exchange.

ap :

structure that holds information about AP exchange

key :

cryptographic key used to decrypt ticket in AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_req_process_keyusage ()

int                 shishi_ap_req_process_keyusage      (Shishi_ap *ap,
                                                         Shishi_key *key,
                                                         int32_t keyusage);

Decrypt ticket in AP-REQ using supplied key and decrypt Authenticator in AP-REQ using key in decrypted ticket, and on success set the Ticket and Authenticator fields in the AP exchange.

ap :

structure that holds information about AP exchange

key :

cryptographic key used to decrypt ticket in AP-REQ.

keyusage :

key usage to use during decryption, for normal AP-REQ's this is normally SHISHI_KEYUSAGE_APREQ_AUTHENTICATOR, for AP-REQ's part of TGS-REQ's, this is normally SHISHI_KEYUSAGE_TGSREQ_APREQ_AUTHENTICATOR.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_req_set ()

void                shishi_ap_req_set                   (Shishi_ap *ap,
                                                         Shishi_asn1 apreq);

Set the AP-REQ in the AP exchange.

ap :

structure that holds information about AP exchange

apreq :

apreq to store in AP.

shishi_ap_set_tktoptions ()

int                 shishi_ap_set_tktoptions            (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options);

Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ apoptions (see shishi_apreq_options_set()).

ap :

structure that holds information about AP exchange

tkt :

ticket to set in AP.

options :

AP-REQ options to set in AP.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_set_tktoptionsasn1usage ()

int                 shishi_ap_set_tktoptionsasn1usage   (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int authenticatorcksumkeyusage,
                                                         int authenticatorkeyusage);

Set ticket, options and authenticator checksum data using shishi_ap_set_tktoptionsdata(). The authenticator checksum data is the DER encoding of the ASN.1 field provided.

ap :

structure that holds information about AP exchange

tkt :

ticket to set in AP.

options :

AP-REQ options to set in AP.

node :

input ASN.1 structure to store as authenticator checksum data.

field :

field in ASN.1 structure to use.

authenticatorcksumkeyusage :

key usage for checksum in authenticator.

authenticatorkeyusage :

key usage for authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_set_tktoptionsdata ()

int                 shishi_ap_set_tktoptionsdata        (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         const char *data,
                                                         size_t len);

Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ apoptions (see shishi_apreq_options_set()) and set the Authenticator checksum data.

ap :

structure that holds information about AP exchange

tkt :

ticket to set in AP.

options :

AP-REQ options to set in AP.

data :

input array with data to checksum in Authenticator.

len :

length of input array with data to checksum in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_set_tktoptionsraw ()

int                 shishi_ap_set_tktoptionsraw         (Shishi_ap *ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         int32_t cksumtype,
                                                         const char *data,
                                                         size_t len);

Set the ticket (see shishi_ap_tkt_set()) and set the AP-REQ apoptions (see shishi_apreq_options_set()) and set the raw Authenticator checksum data.

ap :

structure that holds information about AP exchange

tkt :

ticket to set in AP.

options :

AP-REQ options to set in AP.

cksumtype :

authenticator checksum type to set in AP.

data :

input array with data to store in checksum field in Authenticator.

len :

length of input array with data to store in checksum field in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_string2option ()

Shishi_apoptions    shishi_ap_string2option             (const char *str);

Convert AP-Option name to AP-Option type.

str :

zero terminated character array with name of AP-Option, e.g. "use-session-key".

Returns :

Returns enumerated type member corresponding to AP-Option, or 0 if string was not understood.

shishi_ap_tkt ()

Shishi_tkt *        shishi_ap_tkt                       (Shishi_ap *ap);

Get Ticket from AP exchange.

ap :

structure that holds information about AP exchange

Returns :

Returns the ticket from the AP exchange, or NULL if not yet set or an error occured.

shishi_ap_tkt_set ()

void                shishi_ap_tkt_set                   (Shishi_ap *ap,
                                                         Shishi_tkt *tkt);

Set the Ticket in the AP exchange.

ap :

structure that holds information about AP exchange

tkt :

ticket to store in AP.

shishi_ap_tktoptions ()

int                 shishi_ap_tktoptions                (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options);

Create a new AP exchange using shishi_ap(), and set the ticket and AP-REQ apoptions using shishi_ap_set_tktoptions(). A random session key is added to the authenticator, using the same keytype as the ticket.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

tkt :

ticket to set in newly created AP.

options :

AP-REQ options to set in newly created AP.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_tktoptionsasn1usage ()

int                 shishi_ap_tktoptionsasn1usage       (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int authenticatorcksumkeyusage,
                                                         int authenticatorkeyusage);

Create a new AP exchange using shishi_ap(), and set ticket, options and authenticator checksum data from the DER encoding of the ASN.1 field using shishi_ap_set_tktoptionsasn1usage(). A random session key is added to the authenticator, using the same keytype as the ticket.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

tkt :

ticket to set in newly created AP.

options :

AP-REQ options to set in newly created AP.

node :

input ASN.1 structure to store as authenticator checksum data.

field :

field in ASN.1 structure to use.

authenticatorcksumkeyusage :

key usage for checksum in authenticator.

authenticatorkeyusage :

key usage for authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_tktoptionsdata ()

int                 shishi_ap_tktoptionsdata            (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         const char *data,
                                                         size_t len);

Create a new AP exchange using shishi_ap(), and set the ticket, AP-REQ apoptions and the Authenticator checksum data using shishi_ap_set_tktoptionsdata(). A random session key is added to the authenticator, using the same keytype as the ticket.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

tkt :

ticket to set in newly created AP.

options :

AP-REQ options to set in newly created AP.

data :

input array with data to checksum in Authenticator.

len :

length of input array with data to checksum in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_ap_tktoptionsraw ()

int                 shishi_ap_tktoptionsraw             (Shishi *handle,
                                                         Shishi_ap **ap,
                                                         Shishi_tkt *tkt,
                                                         int options,
                                                         int32_t cksumtype,
                                                         const char *data,
                                                         size_t len);

Create a new AP exchange using shishi_ap(), and set the ticket, AP-REQ apoptions and the raw Authenticator checksum data field using shishi_ap_set_tktoptionsraw(). A random session key is added to the authenticator, using the same keytype as the ticket.

handle :

shishi handle as allocated by shishi_init().

ap :

pointer to new structure that holds information about AP exchange

tkt :

ticket to set in newly created AP.

options :

AP-REQ options to set in newly created AP.

cksumtype :

authenticator checksum type to set in AP.

data :

input array with data to store in checksum field in Authenticator.

len :

length of input array with data to store in checksum field in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep ()

Shishi_asn1         shishi_aprep                        (Shishi *handle);

This function creates a new AP-REP, populated with some default values.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the authenticator or NULL on failure.

shishi_aprep_decrypt ()

int                 shishi_aprep_decrypt                (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 *encapreppart);


shishi_aprep_enc_part_add ()

int                 shishi_aprep_enc_part_add           (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_asn1 encapreppart);


shishi_aprep_enc_part_make ()

int                 shishi_aprep_enc_part_make          (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         Shishi_asn1 encapreppart,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_asn1 encticketpart);


shishi_aprep_enc_part_set ()

int                 shishi_aprep_enc_part_set           (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         int etype,
                                                         const char *buf,
                                                         size_t buflen);


shishi_aprep_from_file ()

int                 shishi_aprep_from_file              (Shishi *handle,
                                                         Shishi_asn1 *aprep,
                                                         int filetype,
                                                         const char *filename);

Read AP-REP from file in specified TYPE.

handle :

shishi handle as allocated by shishi_init().

aprep :

output variable with newly allocated AP-REP.

filetype :

input variable specifying type of file to be read, see Shishi_filetype.

filename :

input variable with filename to read from.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_get_enc_part_etype ()

int                 shishi_aprep_get_enc_part_etype     (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         int32_t *etype);

Extract AP-REP.enc-part.etype.

handle :

shishi handle as allocated by shishi_init().

aprep :

AP-REP variable to get value from.

etype :

output variable that holds the value.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_parse ()

int                 shishi_aprep_parse                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *aprep);

Read ASCII armored DER encoded AP-REP from file and populate given variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

aprep :

output variable with newly allocated AP-REP.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_print ()

int                 shishi_aprep_print                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 aprep);

Print ASCII armored DER encoding of AP-REP to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

aprep :

AP-REP to print.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_read ()

int                 shishi_aprep_read                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *aprep);

Read DER encoded AP-REP from file and populate given variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

aprep :

output variable with newly allocated AP-REP.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_save ()

int                 shishi_aprep_save                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 aprep);

Save DER encoding of AP-REP to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

aprep :

AP-REP to save.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_to_file ()

int                 shishi_aprep_to_file                (Shishi *handle,
                                                         Shishi_asn1 aprep,
                                                         int filetype,
                                                         const char *filename);

Write AP-REP to file in specified TYPE. The file will be truncated if it exists.

handle :

shishi handle as allocated by shishi_init().

aprep :

AP-REP to save.

filetype :

input variable specifying type of file to be written, see Shishi_filetype.

filename :

input variable with filename to write to.

Returns :

Returns SHISHI_OK iff successful.

shishi_aprep_verify ()

int                 shishi_aprep_verify                 (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_asn1 encapreppart);


shishi_apreq ()

Shishi_asn1         shishi_apreq                        (Shishi *handle);

This function creates a new AP-REQ, populated with some default values.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the AP-REQ or NULL on failure.

shishi_apreq_add_authenticator ()

int                 shishi_apreq_add_authenticator      (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 authenticator);

Encrypts DER encoded authenticator using key and store it in the AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ to add authenticator field to.

key :

key to to use for encryption.

keyusage :

cryptographic key usage value to use in encryption.

authenticator :

authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_decrypt ()

int                 shishi_apreq_decrypt                (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         Shishi_asn1 *authenticator);


shishi_apreq_from_file ()

int                 shishi_apreq_from_file              (Shishi *handle,
                                                         Shishi_asn1 *apreq,
                                                         int filetype,
                                                         const char *filename);

Read AP-REQ from file in specified TYPE.

handle :

shishi handle as allocated by shishi_init().

apreq :

output variable with newly allocated AP-REQ.

filetype :

input variable specifying type of file to be read, see Shishi_filetype.

filename :

input variable with filename to read from.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_get_authenticator_etype ()

int                 shishi_apreq_get_authenticator_etype
                                                        (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         int32_t *etype);

Extract AP-REQ.authenticator.etype.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ variable to get value from.

etype :

output variable that holds the value.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_get_ticket ()

int                 shishi_apreq_get_ticket             (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_asn1 *ticket);

Extract ticket from AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ variable to get ticket from.

ticket :

output variable to hold extracted ticket.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_mutual_required_p ()

int                 shishi_apreq_mutual_required_p      (Shishi *handle,
                                                         Shishi_asn1 apreq);

Return non-0 iff the "Mutual required" option is set in the AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ as allocated by shishi_apreq().

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_options ()

int                 shishi_apreq_options                (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t *flags);

Extract the AP-Options from AP-REQ into output integer.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ to get options from.

flags :

Output integer containing options from AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_options_add ()

int                 shishi_apreq_options_add            (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t option);

Add the AP-Options in AP-REQ. Options not set in input parameter option are preserved in the AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ as allocated by shishi_apreq().

option :

Options to add in AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_options_remove ()

int                 shishi_apreq_options_remove         (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t option);

Remove the AP-Options from AP-REQ. Options not set in input parameter option are preserved in the AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ as allocated by shishi_apreq().

option :

Options to remove from AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_options_set ()

int                 shishi_apreq_options_set            (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         uint32_t options);

Set the AP-Options in AP-REQ to indicate integer.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ as allocated by shishi_apreq().

options :

Options to set in AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_parse ()

int                 shishi_apreq_parse                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *apreq);

Read ASCII armored DER encoded AP-REQ from file and populate given variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

apreq :

output variable with newly allocated AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_print ()

int                 shishi_apreq_print                  (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 apreq);

Print ASCII armored DER encoding of AP-REQ to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

apreq :

AP-REQ to print.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_read ()

int                 shishi_apreq_read                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *apreq);

Read DER encoded AP-REQ from file and populate given variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

apreq :

output variable with newly allocated AP-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_save ()

int                 shishi_apreq_save                   (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 apreq);

Save DER encoding of AP-REQ to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

apreq :

AP-REQ to save.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_set_authenticator ()

int                 shishi_apreq_set_authenticator      (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         int32_t etype,
                                                         uint32_t kvno,
                                                         const char *buf,
                                                         size_t buflen);

Set the encrypted authenticator field in the AP-REP. The encrypted data is usually created by calling shishi_encrypt() on the DER encoded authenticator. To save time, you may want to use shishi_apreq_add_authenticator() instead, which calculates the encrypted data and calls this function in one step.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ to add authenticator field to.

etype :

encryption type used to encrypt authenticator.

kvno :

version of the key used to encrypt authenticator.

buf :

input array with encrypted authenticator.

buflen :

size of input array with encrypted authenticator.

Returns :

Returns SHISHI_OK on success.

shishi_apreq_set_ticket ()

int                 shishi_apreq_set_ticket             (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         Shishi_asn1 ticket);

Copy ticket into AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ to add ticket field to.

ticket :

input ticket to copy into AP-REQ ticket field.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_to_file ()

int                 shishi_apreq_to_file                (Shishi *handle,
                                                         Shishi_asn1 apreq,
                                                         int filetype,
                                                         const char *filename);

Write AP-REQ to file in specified TYPE. The file will be truncated if it exists.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ to save.

filetype :

input variable specifying type of file to be written, see Shishi_filetype.

filename :

input variable with filename to write to.

Returns :

Returns SHISHI_OK iff successful.

shishi_apreq_use_session_key_p ()

int                 shishi_apreq_use_session_key_p      (Shishi *handle,
                                                         Shishi_asn1 apreq);

Return non-0 iff the "Use session key" option is set in the AP-REQ.

handle :

shishi handle as allocated by shishi_init().

apreq :

AP-REQ as allocated by shishi_apreq().

Returns :

Returns SHISHI_OK iff successful.

shishi_arcfour ()

int                 shishi_arcfour                      (Shishi *handle,
                                                         int decryptp,
                                                         const char *key,
                                                         size_t keylen,
                                                         const char iv[258],
                                                         char *ivout[258],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);

Encrypt or decrypt data (depending on decryptp) using ARCFOUR. The out buffer must be deallocated by the caller.

The "initialization vector" used here is the concatenation of the sbox and i and j, and is thus always of size 256 + 1 + 1. This is a slight abuse of terminology, and assumes you know what you are doing. Don't use it if you can avoid to.

handle :

shishi handle as allocated by shishi_init().

decryptp :

0 to indicate encryption, non-0 to indicate decryption.

key :

input character array with key to use.

keylen :

length of input key array.

iv :

input character array with initialization vector to use, or NULL.

ivout :

output character array with updated initialization vector, or NULL.

in :

input character array of data to encrypt/decrypt.

inlen :

length of input character array of data to encrypt/decrypt.

out :

newly allocated character array with encrypted/decrypted data.

Returns :

Returns SHISHI_OK iff successful.

shishi_as ()

int                 shishi_as                           (Shishi *handle,
                                                         Shishi_as **as);

Allocate a new AS exchange variable.

handle :

shishi handle as allocated by shishi_init().

as :

holds pointer to newly allocate Shishi_as structure.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_check_cname ()

int                 shishi_as_check_cname               (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep);

Verify that AS-REQ.req-body.realm and AS-REP.crealm fields matches. This is one of the steps that has to be performed when processing a AS-REQ and AS-REP exchange, see shishi_kdc_process().

handle :

shishi handle as allocated by shishi_init().

asreq :

AS-REQ to compare client name field in.

asrep :

AS-REP to compare client name field in.

Returns :

Returns SHISHI_OK if successful, SHISHI_CNAME_MISMATCH if the values differ, or an error code.

shishi_as_check_crealm ()

int                 shishi_as_check_crealm              (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep);

Verify that AS-REQ.req-body.realm and AS-REP.crealm fields matches. This is one of the steps that has to be performed when processing a AS-REQ and AS-REP exchange, see shishi_kdc_process().

handle :

shishi handle as allocated by shishi_init().

asreq :

AS-REQ to compare realm field in.

asrep :

AS-REP to compare realm field in.

Returns :

Returns SHISHI_OK if successful, SHISHI_REALM_MISMATCH if the values differ, or an error code.

shishi_as_derive_salt ()

int                 shishi_as_derive_salt               (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep,
                                                         char **salt,
                                                         size_t *saltlen);

Derive the salt that should be used when deriving a key via shishi_string_to_key() for an AS exchange. Currently this searches for PA-DATA of type SHISHI_PA_PW_SALT in the AS-REP and returns it if found, otherwise the salt is derived from the client name and realm in AS-REQ.

handle :

shishi handle as allocated by shishi_init().

asreq :

input AS-REQ variable.

asrep :

input AS-REP variable.

salt :

newly allocated output array with salt.

saltlen :

holds actual size of output array with salt.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_done ()

void                shishi_as_done                      (Shishi_as *as);

Deallocate resources associated with AS exchange. This should be called by the application when it no longer need to utilize the AS exchange handle.

as :

structure that holds information about AS exchange

shishi_as_krberror ()

Shishi_asn1         shishi_as_krberror                  (Shishi_as *as);

Get ASN.1 KRB-ERROR structure from AS exchange.

as :

structure that holds information about AS exchange

Returns :

Returns the received KRB-ERROR packet from the AS exchange, or NULL if not yet set or an error occured.

shishi_as_krberror_der ()

int                 shishi_as_krberror_der              (Shishi_as *as,
                                                         char **out,
                                                         size_t *outlen);

DER encode KRB-ERROR. out is allocated by this function, and it is the responsibility of caller to deallocate it.

as :

structure that holds information about AS exchange

out :

output array with newly allocated DER encoding of KRB-ERROR.

outlen :

length of output array with DER encoding of KRB-ERROR.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_krberror_set ()

void                shishi_as_krberror_set              (Shishi_as *as,
                                                         Shishi_asn1 krberror);

Set the KRB-ERROR in the AS exchange.

as :

structure that holds information about AS exchange

krberror :

krberror to store in AS.

shishi_as_process ()

int                 shishi_as_process                   (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         Shishi_asn1 asrep,
                                                         const char *string,
                                                         Shishi_asn1 *enckdcreppart);

Process an AS client exchange and output decrypted EncKDCRepPart which holds details for the new ticket received. This function simply derives the encryption key from the password and calls shishi_kdc_process(), which see.

handle :

shishi handle as allocated by shishi_init().

asreq :

input variable that holds the sent KDC-REQ.

asrep :

input variable that holds the received KDC-REP.

string :

input variable with zero terminated password.

enckdcreppart :

output variable that holds new EncKDCRepPart.

Returns :

Returns SHISHI_OK iff the AS client exchange was successful.

shishi_as_rep ()

Shishi_asn1         shishi_as_rep                       (Shishi_as *as);

Get ASN.1 AS-REP structure from AS exchange.

as :

structure that holds information about AS exchange

Returns :

Returns the received AS-REP packet from the AS exchange, or NULL if not yet set or an error occured.

shishi_as_rep_build ()

int                 shishi_as_rep_build                 (Shishi_as *as,
                                                         Shishi_key *key);

Build AS-REP.

as :

structure that holds information about AS exchange

key :

user's key, used to encrypt the encrypted part of the AS-REP.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_rep_der ()

int                 shishi_as_rep_der                   (Shishi_as *as,
                                                         char **out,
                                                         size_t *outlen);

DER encode AS-REP. out is allocated by this function, and it is the responsibility of caller to deallocate it.

as :

structure that holds information about AS exchange

out :

output array with newly allocated DER encoding of AS-REP.

outlen :

length of output array with DER encoding of AS-REP.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_rep_der_set ()

int                 shishi_as_rep_der_set               (Shishi_as *as,
                                                         char *der,
                                                         size_t derlen);

DER decode AS-REP and set it AS exchange. If decoding fails, the AS-REP in the AS exchange remains.

as :

structure that holds information about AS exchange

der :

input array with DER encoded AP-REP.

derlen :

length of input array with DER encoded AP-REP.

Returns :

Returns SHISHI_OK.

shishi_as_rep_process ()

int                 shishi_as_rep_process               (Shishi_as *as,
                                                         Shishi_key *key,
                                                         const char *password);

Process new AS-REP and set ticket. The key is used to decrypt the AP-REP. If both key and password is NULL, the user is queried for it.

as :

structure that holds information about AS exchange

key :

user's key, used to encrypt the encrypted part of the AS-REP.

password :

user's password, used if key is NULL.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_rep_set ()

void                shishi_as_rep_set                   (Shishi_as *as,
                                                         Shishi_asn1 asrep);

Set the AS-REP in the AS exchange.

as :

structure that holds information about AS exchange

asrep :

asrep to store in AS.

shishi_as_req ()

Shishi_asn1         shishi_as_req                       (Shishi_as *as);

Get ASN.1 AS-REQ structure from AS exchange.

as :

structure that holds information about AS exchange

Returns :

Returns the generated AS-REQ packet from the AS exchange, or NULL if not yet set or an error occured.

shishi_as_req_build ()

int                 shishi_as_req_build                 (Shishi_as *as);

Possibly remove unset fields (e.g., rtime).

as :

structure that holds information about AS exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_as_req_der ()

int                 shishi_as_req_der                   (Shishi_as *as,
                                                         char **out,
                                                         size_t *outlen);

DER encode AS-REQ. out is allocated by this function, and it is the responsibility of caller to deallocate it.

as :

structure that holds information about AS exchange

out :

output array with newly allocated DER encoding of AS-REQ.

outlen :

length of output array with DER encoding of AS-REQ.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_req_der_set ()

int                 shishi_as_req_der_set               (Shishi_as *as,
                                                         char *der,
                                                         size_t derlen);

DER decode AS-REQ and set it AS exchange. If decoding fails, the AS-REQ in the AS exchange remains.

as :

structure that holds information about AS exchange

der :

input array with DER encoded AP-REQ.

derlen :

length of input array with DER encoded AP-REQ.

Returns :

Returns SHISHI_OK.

shishi_as_req_set ()

void                shishi_as_req_set                   (Shishi_as *as,
                                                         Shishi_asn1 asreq);

Set the AS-REQ in the AS exchange.

as :

structure that holds information about AS exchange

asreq :

asreq to store in AS.

shishi_as_sendrecv ()

int                 shishi_as_sendrecv                  (Shishi_as *as);

Send AS-REQ and receive AS-REP or KRB-ERROR. This is the initial authentication, usually used to acquire a Ticket Granting Ticket.

as :

structure that holds information about AS exchange

Returns :

Returns SHISHI_OK iff successful.

shishi_as_sendrecv_hint ()

int                 shishi_as_sendrecv_hint             (Shishi_as *as,
                                                         Shishi_tkts_hint *hint);

Send AS-REQ and receive AS-REP or KRB-ERROR. This is the initial authentication, usually used to acquire a Ticket Granting Ticket. The hint structure can be used to set, e.g., parameters for TLS authentication.

as :

structure that holds information about AS exchange

hint :

additional parameters that modify connection behaviour, or NULL.

Returns :

Returns SHISHI_OK iff successful.

shishi_as_tkt ()

Shishi_tkt *        shishi_as_tkt                       (Shishi_as *as);

Get Ticket in AS exchange.

as :

structure that holds information about AS exchange

Returns :

Returns the newly acquired tkt from the AS exchange, or NULL if not yet set or an error occured.

shishi_as_tkt_set ()

void                shishi_as_tkt_set                   (Shishi_as *as,
                                                         Shishi_tkt *tkt);

Set the Tkt in the AS exchange.

as :

structure that holds information about AS exchange

tkt :

tkt to store in AS.

shishi_asn1_aprep ()

Shishi_asn1         shishi_asn1_aprep                   (Shishi *handle);

Create new ASN.1 structure for AP-REP.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_apreq ()

Shishi_asn1         shishi_asn1_apreq                   (Shishi *handle);

Create new ASN.1 structure for AP-REQ.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_asrep ()

Shishi_asn1         shishi_asn1_asrep                   (Shishi *handle);

Create new ASN.1 structure for AS-REP.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_asreq ()

Shishi_asn1         shishi_asn1_asreq                   (Shishi *handle);

Create new ASN.1 structure for AS-REQ.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_authenticator ()

Shishi_asn1         shishi_asn1_authenticator           (Shishi *handle);

Create new ASN.1 structure for Authenticator.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_done ()

void                shishi_asn1_done                    (Shishi *handle,
                                                         Shishi_asn1 node);

Deallocate resources associated with ASN.1 structure. Note that the node must not be used after this call.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 node to dellocate.

shishi_asn1_empty_p ()

int                 shishi_asn1_empty_p                 (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field);


shishi_asn1_encapreppart ()

Shishi_asn1         shishi_asn1_encapreppart            (Shishi *handle);

Create new ASN.1 structure for AP-REP.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_encasreppart ()

Shishi_asn1         shishi_asn1_encasreppart            (Shishi *handle);

Create new ASN.1 structure for EncASRepPart.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_enckdcreppart ()

Shishi_asn1         shishi_asn1_enckdcreppart           (Shishi *handle);

Create new ASN.1 structure for EncKDCRepPart.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_encprivpart ()

Shishi_asn1         shishi_asn1_encprivpart             (Shishi *handle);

Create new ASN.1 structure for EncKrbPrivPart.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_encrypteddata ()

Shishi_asn1         shishi_asn1_encrypteddata           (Shishi *handle);

Create new ASN.1 structure for EncryptedData

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_encticketpart ()

Shishi_asn1         shishi_asn1_encticketpart           (Shishi *handle);

Create new ASN.1 structure for EncTicketPart.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_etype_info ()

Shishi_asn1         shishi_asn1_etype_info              (Shishi *handle);

Create new ASN.1 structure for ETYPE-INFO.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_etype_info2 ()

Shishi_asn1         shishi_asn1_etype_info2             (Shishi *handle);

Create new ASN.1 structure for ETYPE-INFO2.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_krberror ()

Shishi_asn1         shishi_asn1_krberror                (Shishi *handle);

Create new ASN.1 structure for KRB-ERROR.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_krbsafe ()

Shishi_asn1         shishi_asn1_krbsafe                 (Shishi *handle);

Create new ASN.1 structure for KRB-SAFE.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_methoddata ()

Shishi_asn1         shishi_asn1_methoddata              (Shishi *handle);

Create new ASN.1 structure for METHOD-DATA.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_msgtype ()

Shishi_msgtype      shishi_asn1_msgtype                 (Shishi *handle,
                                                         Shishi_asn1 node);

Determine msg-type of ASN.1 type of a packet. Currently this uses the msg-type field instead of the APPLICATION tag, but this may be changed in the future.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 type to get msg type for.

Returns :

Returns msg-type of ASN.1 type, 0 on failure.

shishi_asn1_number_of_elements ()

int                 shishi_asn1_number_of_elements      (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         size_t *n);


shishi_asn1_pa_enc_ts_enc ()

Shishi_asn1         shishi_asn1_pa_enc_ts_enc           (Shishi *handle);

Create new ASN.1 structure for PA-ENC-TS-ENC.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_padata ()

Shishi_asn1         shishi_asn1_padata                  (Shishi *handle);

Create new ASN.1 structure for PA-DATA.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_print ()

void                shishi_asn1_print                   (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         FILE *fh);

Print ASN.1 structure in human readable form, typically for debugging purposes.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 data that have field to extract.

fh :

file descriptor to print to, e.g. stdout.

shishi_asn1_priv ()

Shishi_asn1         shishi_asn1_priv                    (Shishi *handle);

Create new ASN.1 structure for KRB-PRIV.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_read ()

int                 shishi_asn1_read                    (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **data,
                                                         size_t *datalen);

Extract data stored in a ASN.1 field into a newly allocated buffer. The buffer will always be zero terminated, even though datalen will not include the added zero.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 variable to read field from.

field :

name of field in node to read.

data :

newly allocated output buffer that will hold ASN.1 field data.

datalen :

actual size of output buffer.

Returns :

Returns SHISHI_OK if successful, SHISHI_ASN1_NO_ELEMENT if the element do not exist, SHISHI_ASN1_NO_VALUE if the field has no value, ot SHISHI_ASN1_ERROR otherwise.

shishi_asn1_read_bitstring ()

int                 shishi_asn1_read_bitstring          (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t *flags);


shishi_asn1_read_inline ()

int                 shishi_asn1_read_inline             (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char *data,
                                                         size_t *datalen);

Extract data stored in a ASN.1 field into a fixed size buffer allocated by caller.

Note that since it is difficult to predict the length of the field, it is often better to use shishi_asn1_read() instead.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 variable to read field from.

field :

name of field in node to read.

data :

pre-allocated output buffer that will hold ASN.1 field data.

datalen :

on input, maximum size of output buffer, on output, actual size of output buffer.

Returns :

Returns SHISHI_OK if successful, SHISHI_ASN1_NO_ELEMENT if the element do not exist, SHISHI_ASN1_NO_VALUE if the field has no value, ot SHISHI_ASN1_ERROR otherwise.

shishi_asn1_read_int32 ()

int                 shishi_asn1_read_int32              (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int32_t *i);


shishi_asn1_read_integer ()

int                 shishi_asn1_read_integer            (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int *i);


shishi_asn1_read_optional ()

int                 shishi_asn1_read_optional           (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **data,
                                                         size_t *datalen);

Extract data stored in a ASN.1 field into a newly allocated buffer. If the field does not exist (i.e., SHISHI_ASN1_NO_ELEMENT), this function set datalen to 0 and succeeds. Can be useful to read ASN.1 fields which are marked OPTIONAL in the grammar, if you want to avoid special error handling in your code.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 variable to read field from.

field :

name of field in node to read.

data :

newly allocated output buffer that will hold ASN.1 field data.

datalen :

actual size of output buffer.

Returns :

Returns SHISHI_OK if successful, SHISHI_ASN1_NO_VALUE if the field has no value, ot SHISHI_ASN1_ERROR otherwise.

shishi_asn1_read_uint32 ()

int                 shishi_asn1_read_uint32             (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t *i);


shishi_asn1_tgsrep ()

Shishi_asn1         shishi_asn1_tgsrep                  (Shishi *handle);

Create new ASN.1 structure for TGS-REP.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_tgsreq ()

Shishi_asn1         shishi_asn1_tgsreq                  (Shishi *handle);

Create new ASN.1 structure for TGS-REQ.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_ticket ()

Shishi_asn1         shishi_asn1_ticket                  (Shishi *handle);

Create new ASN.1 structure for Ticket.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns ASN.1 structure.

shishi_asn1_to_der ()

int                 shishi_asn1_to_der                  (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         char **der,
                                                         size_t *len);

Extract newly allocated DER representation of specified ASN.1 data.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 data to convert to DER.

der :

output array that holds DER encoding of node.

len :

output variable with length of der output array.

Returns :

Returns SHISHI_OK if successful, or SHISHI_ASN1_ERROR if DER encoding fails (common reasons for this is that the ASN.1 is missing required values).

shishi_asn1_to_der_field ()

int                 shishi_asn1_to_der_field            (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         char **der,
                                                         size_t *len);

Extract newly allocated DER representation of specified ASN.1 field.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 data that have field to extract.

field :

name of field in node to extract.

der :

output array that holds DER encoding of field in node.

len :

output variable with length of der output array.

Returns :

Returns SHISHI_OK if successful, or SHISHI_ASN1_ERROR if DER encoding fails (common reasons for this is that the ASN.1 is missing required values).

shishi_asn1_write ()

int                 shishi_asn1_write                   (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         const char *data,
                                                         size_t datalen);


shishi_asn1_write_bitstring ()

int                 shishi_asn1_write_bitstring         (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t flags);


shishi_asn1_write_int32 ()

int                 shishi_asn1_write_int32             (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int32_t n);


shishi_asn1_write_integer ()

int                 shishi_asn1_write_integer           (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         int n);


shishi_asn1_write_uint32 ()

int                 shishi_asn1_write_uint32            (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         uint32_t n);


shishi_asrep ()

Shishi_asn1         shishi_asrep                        (Shishi *handle);

This function creates a new AS-REP, populated with some default values.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the AS-REP or NULL on failure.

shishi_asreq ()

Shishi_asn1         shishi_asreq                        (Shishi *handle);

This function creates a new AS-REQ, populated with some default values.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the AS-REQ or NULL on failure.

shishi_asreq_clientrealm ()

int                 shishi_asreq_clientrealm            (Shishi *handle,
                                                         Shishi_asn1 asreq,
                                                         char **client,
                                                         size_t *clientlen);

Convert cname and realm fields from AS-REQ to printable principal name format. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

handle :

Shishi library handle create by shishi_init().

asreq :

AS-REQ variable to get client name and realm from.

client :

pointer to newly allocated zero terminated string containing principal name and realm. May be NULL (to only populate clientlen).

clientlen :

pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Returns :

Returns SHISHI_OK iff successful.

shishi_asreq_rsc ()

Shishi_asn1         shishi_asreq_rsc                    (Shishi *handle,
                                                         char *realm,
                                                         char *server,
                                                         char *client);


shishi_authenticator ()

Shishi_asn1         shishi_authenticator                (Shishi *handle);

This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the authenticator or NULL on failure.

shishi_authenticator_add_authorizationdata ()

int                 shishi_authenticator_add_authorizationdata
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t adtype,
                                                         const char *addata,
                                                         size_t addatalen);

Add authorization data to authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

adtype :

input authorization data type to add.

addata :

input authorization data to add.

addatalen :

size of input authorization data to add.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_add_cksum ()

int                 shishi_authenticator_add_cksum      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         char *data,
                                                         size_t datalen);

Calculate checksum for data and store it in the authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

key :

key to to use for encryption.

keyusage :

cryptographic key usage value to use in encryption.

data :

input array with data to calculate checksum on.

datalen :

size of input array with data to calculate checksum on.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_add_cksum_type ()

int                 shishi_authenticator_add_cksum_type (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int cksumtype,
                                                         char *data,
                                                         size_t datalen);

Calculate checksum for data and store it in the authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

key :

key to to use for encryption.

keyusage :

cryptographic key usage value to use in encryption.

cksumtype :

checksum to type to calculate checksum.

data :

input array with data to calculate checksum on.

datalen :

size of input array with data to calculate checksum on.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_add_random_subkey ()

int                 shishi_authenticator_add_random_subkey
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator);

Generate random subkey, of the default encryption type from configuration, and store it in the authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_add_random_subkey_etype ()

int                 shishi_authenticator_add_random_subkey_etype
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int etype);

Generate random subkey of indicated encryption type, and store it in the authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

etype :

encryption type of random key to generate.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_add_subkey ()

int                 shishi_authenticator_add_subkey     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key *subkey);

Store subkey in the authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

subkey :

subkey to add to authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_authorizationdata ()

int                 shishi_authenticator_authorizationdata
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t *adtype,
                                                         char **addata,
                                                         size_t *addatalen,
                                                         size_t nth);

Extract n:th authorization data from authenticator. The first field is 1.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

adtype :

output authorization data type.

addata :

newly allocated output authorization data.

addatalen :

on output, actual size of newly allocated authorization data.

nth :

element number of authorization-data to extract.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_cksum ()

int                 shishi_authenticator_cksum          (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t *cksumtype,
                                                         char **cksum,
                                                         size_t *cksumlen);

Read checksum value from authenticator. cksum is allocated by this function, and it is the responsibility of caller to deallocate it.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

cksumtype :

output checksum type.

cksum :

newly allocated output checksum data from authenticator.

cksumlen :

on output, actual size of allocated output checksum data buffer.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_clear_authorizationdata ()

int                 shishi_authenticator_clear_authorizationdata
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator);

Remove the authorization-data field from Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

Authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_client ()

int                 shishi_authenticator_client         (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         char **client,
                                                         size_t *clientlen);

Represent client principal name in Authenticator as zero-terminated string. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

handle :

Shishi library handle create by shishi_init().

authenticator :

Authenticator variable to get client name from.

client :

pointer to newly allocated zero terminated string containing principal name. May be NULL (to only populate clientlen).

clientlen :

pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_client_set ()

int                 shishi_authenticator_client_set     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         const char *client);

Set the client name field in the Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

Authenticator to set client name field in.

client :

zero-terminated string with principal name on RFC 1964 form.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_clientrealm ()

int                 shishi_authenticator_clientrealm    (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         char **client,
                                                         size_t *clientlen);

Convert cname and realm fields from Authenticator to printable principal name format. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

handle :

Shishi library handle create by shishi_init().

authenticator :

Authenticator variable to get client name and realm from.

client :

pointer to newly allocated zero terminated string containing principal name and realm. May be NULL (to only populate clientlen).

clientlen :

pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_ctime ()

int                 shishi_authenticator_ctime          (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         char **t);

Extract client time from Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

Authenticator as allocated by shishi_authenticator().

t :

newly allocated zero-terminated character array with client time.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_ctime_set ()

int                 shishi_authenticator_ctime_set      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         const char *t);

Store client time in Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

Authenticator as allocated by shishi_authenticator().

t :

string with generalized time value to store in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_cusec_get ()

int                 shishi_authenticator_cusec_get      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t *cusec);

Extract client microseconds field from Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

Authenticator as allocated by shishi_authenticator().

cusec :

output integer with client microseconds field.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_cusec_set ()

int                 shishi_authenticator_cusec_set      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t cusec);

Set the cusec field in the Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

cusec :

client microseconds to set in authenticator, 0-999999.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_from_file ()

int                 shishi_authenticator_from_file      (Shishi *handle,
                                                         Shishi_asn1 *authenticator,
                                                         int filetype,
                                                         const char *filename);

Read Authenticator from file in specified TYPE.

handle :

shishi handle as allocated by shishi_init().

authenticator :

output variable with newly allocated Authenticator.

filetype :

input variable specifying type of file to be read, see Shishi_filetype.

filename :

input variable with filename to read from.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_get_subkey ()

int                 shishi_authenticator_get_subkey     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_key **subkey);

Read subkey value from authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

subkey :

output newly allocated subkey from authenticator.

Returns :

Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT if subkey is not present.

shishi_authenticator_parse ()

int                 shishi_authenticator_parse          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *authenticator);

Read ASCII armored DER encoded authenticator from file and populate given authenticator variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

authenticator :

output variable with newly allocated authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_print ()

int                 shishi_authenticator_print          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 authenticator);

Print ASCII armored DER encoding of authenticator to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

authenticator :

authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_read ()

int                 shishi_authenticator_read           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *authenticator);

Read DER encoded authenticator from file and populate given authenticator variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

authenticator :

output variable with newly allocated authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_remove_cksum ()

int                 shishi_authenticator_remove_cksum   (Shishi *handle,
                                                         Shishi_asn1 authenticator);


shishi_authenticator_remove_subkey ()

int                 shishi_authenticator_remove_subkey  (Shishi *handle,
                                                         Shishi_asn1 authenticator);

Remove subkey from the authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_save ()

int                 shishi_authenticator_save           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 authenticator);

Save DER encoding of authenticator to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

authenticator :

authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_seqnumber_get ()

int                 shishi_authenticator_seqnumber_get  (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t *seqnumber);

Extract sequence number field from Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

seqnumber :

output integer with sequence number field.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_seqnumber_remove ()

int                 shishi_authenticator_seqnumber_remove
                                                        (Shishi *handle,
                                                         Shishi_asn1 authenticator);

Remove sequence number field in Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_seqnumber_set ()

int                 shishi_authenticator_seqnumber_set  (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         uint32_t seqnumber);

Store sequence number field in Authenticator.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

seqnumber :

integer with sequence number field to store in Authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_set_cksum ()

int                 shishi_authenticator_set_cksum      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int cksumtype,
                                                         char *cksum,
                                                         size_t cksumlen);

Store checksum value in authenticator. A checksum is usually created by calling shishi_checksum() on some application specific data using the key from the ticket that is being used. To save time, you may want to use shishi_authenticator_add_cksum() instead, which calculates the checksum and calls this function in one step.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

cksumtype :

input checksum type to store in authenticator.

cksum :

input checksum data to store in authenticator.

cksumlen :

size of input checksum data to store in authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_set_cname ()

int                 shishi_authenticator_set_cname      (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         Shishi_name_type name_type,
                                                         const char *cname[]);

Set principal field in authenticator to specified value.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

name_type :

type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.

cname :

input array with principal name.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_set_crealm ()

int                 shishi_authenticator_set_crealm     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         const char *crealm);

Set realm field in authenticator to specified value.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

crealm :

input array with realm.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_set_subkey ()

int                 shishi_authenticator_set_subkey     (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int32_t subkeytype,
                                                         const char *subkey,
                                                         size_t subkeylen);

Store subkey value in authenticator. A subkey is usually created by calling shishi_key_random() using the default encryption type of the key from the ticket that is being used. To save time, you may want to use shishi_authenticator_add_subkey() instead, which calculates the subkey and calls this function in one step.

handle :

shishi handle as allocated by shishi_init().

authenticator :

authenticator as allocated by shishi_authenticator().

subkeytype :

input subkey type to store in authenticator.

subkey :

input subkey data to store in authenticator.

subkeylen :

size of input subkey data to store in authenticator.

Returns :

Returns SHISHI_OK iff successful.

shishi_authenticator_subkey ()

Shishi_asn1         shishi_authenticator_subkey         (Shishi *handle);

This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields. It adds a random subkey.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the authenticator or NULL on failure.

shishi_authenticator_to_file ()

int                 shishi_authenticator_to_file        (Shishi *handle,
                                                         Shishi_asn1 authenticator,
                                                         int filetype,
                                                         const char *filename);

Write Authenticator to file in specified TYPE. The file will be truncated if it exists.

handle :

shishi handle as allocated by shishi_init().

authenticator :

Authenticator to save.

filetype :

input variable specifying type of file to be written, see Shishi_filetype.

filename :

input variable with filename to write to.

Returns :

Returns SHISHI_OK iff successful.

shishi_authorization_parse ()

int                 shishi_authorization_parse          (const char *authorization);

Parse authorization type name.

authorization :

name of authorization type, "basic" or "k5login".

Returns :

Returns authorization type corresponding to a string.

shishi_authorize_k5login ()

int                 shishi_authorize_k5login            (Shishi *handle,
                                                         const char *principal,
                                                         const char *authzname);

Authorization of authzname against desired principal in accordance with the MIT/Heimdal authorization method.

handle :

shishi handle allocated by shishi_init().

principal :

string with desired principal name and realm.

authzname :

authorization name.

Returns :

Returns 1 if authzname is authorized for services by principal, and returns 0 otherwise.

shishi_authorize_strcmp ()

int                 shishi_authorize_strcmp             (Shishi *handle,
                                                         const char *principal,
                                                         const char *authzname);

Authorization of authzname against desired principal according to "basic" authentication, i.e., testing for identical strings.

handle :

shishi handle allocated by shishi_init().

principal :

string with desired principal name.

authzname :

authorization name.

Returns :

Returns 1 if authzname is authorized for services by the encrypted principal, and 0 otherwise.

shishi_authorized_p ()

int                 shishi_authorized_p                 (Shishi *handle,
                                                         Shishi_tkt *tkt,
                                                         const char *authzname);

Simplistic authorization of authzname against encrypted client principal name inside ticket. For "basic" authentication type, the principal name must coincide with authzname. The "k5login" authentication type attempts the MIT/Heimdal method of parsing the file "~/.k5login" for additional equivalence names.

handle :

shishi handle allocated by shishi_init().

tkt :

input variable with ticket info.

authzname :

authorization name.

Returns :

Returns 1 if authzname is authorized for services by the encrypted principal, and 0 otherwise.

shishi_cfg ()

int                 shishi_cfg                          (Shishi *handle,
                                                         const char *option);

Configure shishi library with given option.

handle :

Shishi library handle create by shishi_init().

option :

string with shishi library option.

Returns :

Returns SHISHI_OK if option was valid.

shishi_cfg_authorizationtype_set ()

int                 shishi_cfg_authorizationtype_set    (Shishi *handle,
                                                         char *value);

Set the "authorization-types" configuration option from given string. The string contains authorization types (integer or names) separated by comma or whitespace, e.g. "basic k5login".

handle :

Shishi library handle created by shishi_init().

value :

string with authorization types.

Returns :

Returns SHISHI_OK if successful.

shishi_cfg_clientkdcetype ()

int                 shishi_cfg_clientkdcetype           (Shishi *handle,
                                                         int32_t **etypes);

Set the etypes variable to the array of preferred client etypes.

handle :

Shishi library handle create by shishi_init().

etypes :

output array with encryption types.

Returns :

Return the number of encryption types in the array, 0 means none.

shishi_cfg_clientkdcetype_fast ()

int32_t             shishi_cfg_clientkdcetype_fast      (Shishi *handle);

Extract the default etype from the list of preferred client etypes.

handle :

Shishi library handle create by shishi_init().

Returns :

Return the default encryption types.

shishi_cfg_clientkdcetype_set ()

int                 shishi_cfg_clientkdcetype_set       (Shishi *handle,
                                                         char *value);

Set the "client-kdc-etypes" configuration option from given string. The string contains encryption types (integer or names) separated by comma or whitespace, e.g. "aes256-cts-hmac-sha1-96 des3-cbc-sha1-kd des-cbc-md5".

handle :

Shishi library handle created by shishi_init().

value :

string with encryption types.

Returns :

Returns SHISHI_OK if successful.

shishi_cfg_default_systemfile ()

const char *        shishi_cfg_default_systemfile       (Shishi *handle);

The system configuration file name is decided at compile-time, but may be overridden by the environment variable SHISHI_CONFIG.

handle :

Shishi library handle create by shishi_init().

Returns :

Return system configuration file name.

shishi_cfg_default_userdirectory ()

const char *        shishi_cfg_default_userdirectory    (Shishi *handle);

The default user directory (used for, e.g. Shishi ticket cache) is normally computed by appending BASE_DIR ("/.shishi") to the content of the environment variable $HOME, but can be overridden by specifying the complete path in the environment variable SHISHI_HOME.

handle :

Shishi library handle create by shishi_init().

Returns :

Return directory with configuration files etc.

shishi_cfg_default_userfile ()

const char *        shishi_cfg_default_userfile         (Shishi *handle);

Get filename of default user configuration file, typically $HOME/shishi.conf.

handle :

Shishi library handle create by shishi_init().

Returns :

Return user configuration filename.

shishi_cfg_from_file ()

int                 shishi_cfg_from_file                (Shishi *handle,
                                                         const char *cfg);

Configure shishi library using configuration file.

handle :

Shishi library handle create by shishi_init().

cfg :

filename to read configuration from.

Returns :

Returns SHISHI_OK iff successful.

shishi_cfg_print ()

int                 shishi_cfg_print                    (Shishi *handle,
                                                         FILE *fh);

Print library configuration status, mostly for debugging purposes.

handle :

Shishi library handle create by shishi_init().

fh :

file descriptor opened for writing.

Returns :

Returns SHISHI_OK.

shishi_cfg_userdirectory_file ()

char *              shishi_cfg_userdirectory_file       (Shishi *handle,
                                                         const char *file);

Get the full path to specified file in the users' configuration directory.

handle :

Shishi library handle create by shishi_init().

file :

basename of file to find in user directory.

Returns :

Return full path to given relative filename, relative to the user specific Shishi configuration directory as returned by shishi_cfg_default_userdirectory() (typically $HOME/.shishi).

shishi_check_version ()

const char *        shishi_check_version                (const char *req_version);

Check that the version of the library is at minimum the one given as a string in req_version.

req_version :

version string to compare with, or NULL

Returns :

the actual version string of the library; NULL if the condition is not met. If NULL is passed to this function no check is done and only the version string is returned.

shishi_checksum ()

int                 shishi_checksum                     (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t cksumtype,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Integrity protect data using key, possibly altered by supplied key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller.

handle :

shishi handle as allocated by shishi_init().

key :

key to compute checksum with.

keyusage :

integer specifying what this key is used for.

cksumtype :

the checksum algorithm to use.

in :

input array with data to integrity protect.

inlen :

size of input array with data to integrity protect.

out :

output array with newly allocated integrity protected data.

outlen :

output variable with length of output array with checksum.

Returns :

Returns SHISHI_OK iff successful.

shishi_checksum_cksumlen ()

size_t              shishi_checksum_cksumlen            (int32_t type);

Get length of checksum output.

type :

checksum type, see Shishi_cksumtype.

Returns :

Return length of checksum used for the checksum type, as defined in the standards.

shishi_checksum_name ()

const char *        shishi_checksum_name                (int32_t type);

Get name of checksum.

type :

checksum type, see Shishi_cksumtype.

Returns :

Return name of checksum type, e.g. "hmac-sha1-96-aes256", as defined in the standards.

shishi_checksum_parse ()

int                 shishi_checksum_parse               (const char *checksum);

Get checksum number by parsing a string.

checksum :

name of checksum type, e.g. "hmac-sha1-96-aes256".

Returns :

Return checksum type, see Shishi_cksumtype, corresponding to a string.

shishi_checksum_supported_p ()

int                 shishi_checksum_supported_p         (int32_t type);

Find out whether checksum is supported.

type :

checksum type, see Shishi_cksumtype.

Returns :

Return 0 iff checksum is unsupported.

shishi_cipher_blocksize ()

int                 shishi_cipher_blocksize             (int type);

Get block size for cipher.

type :

encryption type, see Shishi_etype.

Returns :

Return block size for encryption type, as defined in the standards.

shishi_cipher_confoundersize ()

int                 shishi_cipher_confoundersize        (int type);

Get length of confounder for cipher.

type :

encryption type, see Shishi_etype.

Returns :

Returns the size of the confounder (random data) for encryption type, as defined in the standards, or (size_t)-1 on error (e.g., unsupported encryption type).

shishi_cipher_defaultcksumtype ()

int                 shishi_cipher_defaultcksumtype      (int32_t type);

Get the default checksum associated with cipher.

type :

encryption type, see Shishi_etype.

Returns :

Return associated checksum mechanism for the encryption type, as defined in the standards.

shishi_cipher_keylen ()

size_t              shishi_cipher_keylen                (int type);

Get key length for cipher.

type :

encryption type, see Shishi_etype.

Returns :

Return length of key used for the encryption type, as defined in the standards.

shishi_cipher_name ()

const char *        shishi_cipher_name                  (int type);

Read humanly readable string for cipher.

type :

encryption type, see Shishi_etype.

Returns :

Return name of encryption type, e.g. "des3-cbc-sha1-kd", as defined in the standards.

shishi_cipher_parse ()

int                 shishi_cipher_parse                 (const char *cipher);

Get cipher number by parsing string.

cipher :

name of encryption type, e.g. "des3-cbc-sha1-kd".

Returns :

Return encryption type corresponding to a string.

shishi_cipher_randomlen ()

size_t              shishi_cipher_randomlen             (int type);

Get length of random data for cipher.

type :

encryption type, see Shishi_etype.

Returns :

Return length of random used for the encryption type, as defined in the standards, or (size_t)-1 on error (e.g., unsupported encryption type).

shishi_cipher_supported_p ()

int                 shishi_cipher_supported_p           (int type);

Find out if cipher is supported.

type :

encryption type, see Shishi_etype.

Returns :

Return 0 iff cipher is unsupported.

shishi_crc ()

int                 shishi_crc                          (Shishi *handle,
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out[4]);

Compute checksum of data using CRC32 modified according to RFC 1510. The out buffer must be deallocated by the caller.

The modifications compared to standard CRC32 is that no initial and final XOR is performed, and that the output is returned in LSB-first order.

handle :

shishi handle as allocated by shishi_init().

in :

input character array of data to checksum.

inlen :

length of input character array of data to checksum.

out :

newly allocated character array with checksum of data.

Returns :

Returns SHISHI_OK iff successful.

shishi_crypto ()

Shishi_crypto *     shishi_crypto                       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen);

Initialize a crypto context. This store a key, keyusage, encryption type and initialization vector in a "context", and the caller can then use this context to perform encryption via shishi_crypto_encrypt() and decryption via shishi_crypto_encrypt() without supplying all those details again. The functions also takes care of propagating the IV between calls.

When the application no longer need to use the context, it should deallocate resources associated with it by calling shishi_crypto_close().

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key will encrypt/decrypt.

etype :

integer specifying what cipher to use.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

Returns :

Return a newly allocated crypto context.

shishi_crypto_close ()

void                shishi_crypto_close                 (Shishi_crypto *ctx);

Deallocate resources associated with the crypto context.

ctx :

crypto context as returned by shishi_crypto().

shishi_crypto_decrypt ()

int                 shishi_crypto_decrypt               (Shishi_crypto *ctx,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypt data, using information (e.g., key and initialization vector) from context. The IV is updated inside the context after this call.

When the application no longer need to use the context, it should deallocate resources associated with it by calling shishi_crypto_close().

ctx :

crypto context as returned by shishi_crypto().

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_crypto_encrypt ()

int                 shishi_crypto_encrypt               (Shishi_crypto *ctx,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypt data, using information (e.g., key and initialization vector) from context. The IV is updated inside the context after this call.

When the application no longer need to use the context, it should deallocate resources associated with it by calling shishi_crypto_close().

ctx :

crypto context as returned by shishi_crypto().

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_ctime ()

int                 shishi_ctime                        (Shishi *handle,
                                                         Shishi_asn1 node,
                                                         const char *field,
                                                         time_t *t);

Extract time from ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

node :

ASN.1 variable to read field from.

field :

name of field in node to read.

t :

pointer to time field to set.

Returns :

Returns SHISHI_OK if successful, SHISHI_ASN1_NO_ELEMENT if the element do not exist, SHISHI_ASN1_NO_VALUE if the field has no value, ot SHISHI_ASN1_ERROR otherwise.

shishi_decrypt ()

int                 shishi_decrypt                      (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypts data specified key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The default IV is used, see shishi_decrypt_iv if you need to alter it. The next IV is lost, see shishi_decrypt_ivupdate if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to decrypt with.

keyusage :

integer specifying what this key is decrypting.

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_decrypt_etype ()

int                 shishi_decrypt_etype                (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypts data as per encryption method using specified key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The default IV is used, see shishi_decrypt_iv_etype if you need to alter it. The next IV is lost, see shishi_decrypt_ivupdate_etype if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to decrypt with.

keyusage :

integer specifying what this key is decrypting.

etype :

integer specifying what cipher to use.

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_decrypt_iv ()

int                 shishi_decrypt_iv                   (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypts data using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The next IV is lost, see shishi_decrypt_ivupdate_etype if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to decrypt with.

keyusage :

integer specifying what this key is decrypting.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_decrypt_iv_etype ()

int                 shishi_decrypt_iv_etype             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypts data as per encryption method using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The next IV is lost, see shishi_decrypt_ivupdate_etype if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to decrypt with.

keyusage :

integer specifying what this key is decrypting.

etype :

integer specifying what cipher to use.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_decrypt_ivupdate ()

int                 shishi_decrypt_ivupdate             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypts data using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not saved anywhere.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to decrypt with.

keyusage :

integer specifying what this key is decrypting.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

ivout :

output array with newly allocated updated initialization vector.

ivoutlen :

size of output array with updated initialization vector.

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_decrypt_ivupdate_etype ()

int                 shishi_decrypt_ivupdate_etype       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Decrypts data as per encryption method using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not saved anywhere.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to decrypt with.

keyusage :

integer specifying what this key is decrypting.

etype :

integer specifying what cipher to use.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

ivout :

output array with newly allocated updated initialization vector.

ivoutlen :

size of output array with updated initialization vector.

in :

input array with data to decrypt.

inlen :

size of input array with data to decrypt.

out :

output array with newly allocated decrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_der2asn1 ()

Shishi_asn1         shishi_der2asn1                     (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Convert arbitrary DER data of a packet to a ASN.1 type.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns newly allocate ASN.1 corresponding to DER data, or NULL on failure.

shishi_der2asn1_aprep ()

Shishi_asn1         shishi_der2asn1_aprep               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of AP-REP and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_apreq ()

Shishi_asn1         shishi_der2asn1_apreq               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of AP-REQ and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_asrep ()

Shishi_asn1         shishi_der2asn1_asrep               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of AS-REP and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_asreq ()

Shishi_asn1         shishi_der2asn1_asreq               (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of AS-REQ and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_authenticator ()

Shishi_asn1         shishi_der2asn1_authenticator       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of Authenticator and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_encapreppart ()

Shishi_asn1         shishi_der2asn1_encapreppart        (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of EncAPRepPart and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_encasreppart ()

Shishi_asn1         shishi_der2asn1_encasreppart        (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of EncASRepPart and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_enckdcreppart ()

Shishi_asn1         shishi_der2asn1_enckdcreppart       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of EncKDCRepPart and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_encprivpart ()

Shishi_asn1         shishi_der2asn1_encprivpart         (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of EncKrbPrivPart and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_enctgsreppart ()

Shishi_asn1         shishi_der2asn1_enctgsreppart       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of EncTGSRepPart and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_encticketpart ()

Shishi_asn1         shishi_der2asn1_encticketpart       (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of EncTicketPart and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_etype_info ()

Shishi_asn1         shishi_der2asn1_etype_info          (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of ETYPE-INFO and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_etype_info2 ()

Shishi_asn1         shishi_der2asn1_etype_info2         (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of ETYPE-INFO2 and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_kdcrep ()

Shishi_asn1         shishi_der2asn1_kdcrep              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of KDC-REP and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_kdcreq ()

Shishi_asn1         shishi_der2asn1_kdcreq              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of AS-REQ, TGS-REQ or KDC-REQ and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_krberror ()

Shishi_asn1         shishi_der2asn1_krberror            (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of KRB-ERROR and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_krbsafe ()

Shishi_asn1         shishi_der2asn1_krbsafe             (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of KRB-SAFE and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_methoddata ()

Shishi_asn1         shishi_der2asn1_methoddata          (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of METHOD-DATA and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_padata ()

Shishi_asn1         shishi_der2asn1_padata              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of PA-DATA and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_priv ()

Shishi_asn1         shishi_der2asn1_priv                (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of KRB-PRIV and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_tgsrep ()

Shishi_asn1         shishi_der2asn1_tgsrep              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of TGS-REP and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_tgsreq ()

Shishi_asn1         shishi_der2asn1_tgsreq              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of TGS-REQ and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der2asn1_ticket ()

Shishi_asn1         shishi_der2asn1_ticket              (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Decode DER encoding of Ticket and create a ASN.1 structure.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns ASN.1 structure corresponding to DER data.

shishi_der_msgtype ()

Shishi_msgtype      shishi_der_msgtype                  (Shishi *handle,
                                                         const char *der,
                                                         size_t derlen);

Determine msg-type of DER coded data of a packet.

handle :

shishi handle as allocated by shishi_init().

der :

input character array with DER encoding.

derlen :

length of input character array with DER encoding.

Returns :

Returns msg-type of DER data, 0 on failure.

shishi_derive_default_salt ()

int                 shishi_derive_default_salt          (Shishi *handle,
                                                         const char *name,
                                                         char **salt);

Derive the default salt from a principal. The default salt is the concatenation of the decoded realm and the principal.

handle :

shishi handle as allocated by shishi_init().

name :

principal name of user.

salt :

output variable with newly allocated salt string.

Returns :

Return SHISHI_OK if successful.

shishi_des ()

int                 shishi_des                          (Shishi *handle,
                                                         int decryptp,
                                                         const char key[8],
                                                         const char iv[8],
                                                         char *ivout[8],
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out);

Encrypt or decrypt data (depending on decryptp) using DES in CBC mode. The out buffer must be deallocated by the caller.

handle :

shishi handle as allocated by shishi_init().

decryptp :

0 to indicate encryption, non-0 to indicate decryption.

key :

input character array with key to use.

iv :

input character array with initialization vector to use, or NULL.

ivout :

output character array with updated initialization vector, or NULL.

in :

input character array of data to encrypt/decrypt.

inlen :

length of input character array of data to encrypt/decrypt.

out :

newly allocated character array with encrypted/decrypted data.

Returns :

Returns SHISHI_OK iff successful.

shishi_des_cbc_mac ()

int                 shishi_des_cbc_mac                  (Shishi *handle,
                                                         const char key[8],
                                                         const char iv[8],
                                                         const char *in,
                                                         size_t inlen,
                                                         char *out[8]);

Computed keyed checksum of data using DES-CBC-MAC. The out buffer must be deallocated by the caller.

handle :

shishi handle as allocated by shishi_init().

key :

input character array with key to use.

iv :

input character array with initialization vector to use, can be NULL.

in :

input character array of data to hash.

inlen :

length of input character array of data to hash.

out :

newly allocated character array with keyed hash of data.

Returns :

Returns SHISHI_OK iff successful.

shishi_dk ()

int                 shishi_dk                           (Shishi *handle,
                                                         Shishi_key *key,
                                                         const char *prfconstant,
                                                         size_t prfconstantlen,
                                                         Shishi_key *derivedkey);

Derive a key from a key and a constant thusly: DK(KEY, PRFCONSTANT) = SHISHI_RANDOM-TO-KEY(SHISHI_DR(KEY, PRFCONSTANT)).

handle :

shishi handle as allocated by shishi_init().

key :

input cryptographic key to use.

prfconstant :

input array with the constant string.

prfconstantlen :

size of input array with the constant string.

derivedkey :

pointer to derived key (allocated by caller).

Returns :

Returns SHISHI_OK iff successful.

shishi_done ()

void                shishi_done                         (Shishi *handle);

Deallocates the shishi library handle. The handle must not be used in any calls to shishi functions after this.

If there is a default tkts, it is written to the default tkts file (call shishi_tkts_default_file_set() to change the default tkts file). If you do not wish to write the default tkts file, close the default tkts with shishi_tkts_done(handle, NULL) before calling this function.

handle :

shishi handle as allocated by shishi_init().

shishi_dr ()

int                 shishi_dr                           (Shishi *handle,
                                                         Shishi_key *key,
                                                         const char *prfconstant,
                                                         size_t prfconstantlen,
                                                         char *derivedrandom,
                                                         size_t derivedrandomlen);

Derive "random" data from a key and a constant thusly: DR(KEY, PRFCONSTANT) = TRUNCATE(DERIVEDRANDOMLEN, SHISHI_ENCRYPT(KEY, PRFCONSTANT)).

handle :

shishi handle as allocated by shishi_init().

key :

input array with cryptographic key to use.

prfconstant :

input array with the constant string.

prfconstantlen :

size of input array with the constant string.

derivedrandom :

output array with derived random data.

derivedrandomlen :

size of output array with derived random data.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart ()

Shishi_asn1         shishi_encapreppart                 (Shishi *handle);

This function creates a new EncAPRepPart, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns the encapreppart or NULL on failure.

shishi_encapreppart_ctime ()

int                 shishi_encapreppart_ctime           (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         char **t);

Extract client time from EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart as allocated by shishi_encapreppart().

t :

newly allocated zero-terminated character array with client time.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_ctime_set ()

int                 shishi_encapreppart_ctime_set       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         const char *t);

Store client time in EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart as allocated by shishi_encapreppart().

t :

string with generalized time value to store in EncAPRepPart.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_cusec_get ()

int                 shishi_encapreppart_cusec_get       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t *cusec);

Extract client microseconds field from EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart as allocated by shishi_encapreppart().

cusec :

output integer with client microseconds field.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_cusec_set ()

int                 shishi_encapreppart_cusec_set       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t cusec);

Set the cusec field in the Authenticator.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart as allocated by shishi_encapreppart().

cusec :

client microseconds to set in authenticator, 0-999999.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_from_file ()

int                 shishi_encapreppart_from_file       (Shishi *handle,
                                                         Shishi_asn1 *encapreppart,
                                                         int filetype,
                                                         const char *filename);

Read EncAPRepPart from file in specified TYPE.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

output variable with newly allocated EncAPRepPart.

filetype :

input variable specifying type of file to be read, see Shishi_filetype.

filename :

input variable with filename to read from.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_get_key ()

int                 shishi_encapreppart_get_key         (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         Shishi_key **key);

Extract the subkey from the encrypted AP-REP part.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

input EncAPRepPart variable.

key :

newly allocated key.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_parse ()

int                 shishi_encapreppart_parse           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *encapreppart);

Read ASCII armored DER encoded EncAPRepPart from file and populate given variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

encapreppart :

output variable with newly allocated EncAPRepPart.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_print ()

int                 shishi_encapreppart_print           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 encapreppart);

Print ASCII armored DER encoding of EncAPRepPart to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

encapreppart :

EncAPRepPart to print.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_read ()

int                 shishi_encapreppart_read            (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *encapreppart);

Read DER encoded EncAPRepPart from file and populate given variable.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for reading.

encapreppart :

output variable with newly allocated EncAPRepPart.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_save ()

int                 shishi_encapreppart_save            (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 encapreppart);

Save DER encoding of EncAPRepPart to file.

handle :

shishi handle as allocated by shishi_init().

fh :

file handle open for writing.

encapreppart :

EncAPRepPart to save.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_seqnumber_get ()

int                 shishi_encapreppart_seqnumber_get   (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t *seqnumber);

Extract sequence number field from EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart as allocated by shishi_encapreppart().

seqnumber :

output integer with sequence number field.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_seqnumber_remove ()

int                 shishi_encapreppart_seqnumber_remove
                                                        (Shishi *handle,
                                                         Shishi_asn1 encapreppart);

Remove sequence number field in EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

encapreppart as allocated by shishi_encapreppart().

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_seqnumber_set ()

int                 shishi_encapreppart_seqnumber_set   (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         uint32_t seqnumber);

Store sequence number field in EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

encapreppart as allocated by shishi_encapreppart().

seqnumber :

integer with sequence number field to store in encapreppart.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_time_copy ()

int                 shishi_encapreppart_time_copy       (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         Shishi_asn1 authenticator);

Copy time fields from Authenticator into EncAPRepPart.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart as allocated by shishi_encapreppart().

authenticator :

Authenticator to copy time fields from.

Returns :

Returns SHISHI_OK iff successful.

shishi_encapreppart_to_file ()

int                 shishi_encapreppart_to_file         (Shishi *handle,
                                                         Shishi_asn1 encapreppart,
                                                         int filetype,
                                                         const char *filename);

Write EncAPRepPart to file in specified TYPE. The file will be truncated if it exists.

handle :

shishi handle as allocated by shishi_init().

encapreppart :

EncAPRepPart to save.

filetype :

input variable specifying type of file to be written, see Shishi_filetype.

filename :

input variable with filename to write to.

Returns :

Returns SHISHI_OK iff successful.

shishi_encasreppart ()

Shishi_asn1         shishi_encasreppart                 (Shishi *handle);


shishi_enckdcreppart ()

Shishi_asn1         shishi_enckdcreppart                (Shishi *handle);


shishi_enckdcreppart_authtime_set ()

int                 shishi_enckdcreppart_authtime_set   (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *authtime);

Set the EncTicketPart.authtime to supplied value.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

authtime :

character buffer containing a generalized time string.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_endtime_set ()

int                 shishi_enckdcreppart_endtime_set    (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *endtime);

Set the EncTicketPart.endtime to supplied value.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

endtime :

character buffer containing a generalized time string.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_flags_set ()

int                 shishi_enckdcreppart_flags_set      (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         int flags);

Set the EncKDCRepPart.flags field.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

flags :

flags to set in EncKDCRepPart.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_get_key ()

int                 shishi_enckdcreppart_get_key        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_key **key);

Extract the key to use with the ticket sent in the KDC-REP associated with the EncKDCRepPart input variable.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

key :

newly allocated encryption key handle.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_key_set ()

int                 shishi_enckdcreppart_key_set        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_key *key);

Set the EncKDCRepPart.key field to key type and value of supplied key.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

key :

key handle with information to store in enckdcreppart.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_nonce_set ()

int                 shishi_enckdcreppart_nonce_set      (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         uint32_t nonce);

Set the EncKDCRepPart.nonce field.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

nonce :

nonce to set in EncKDCRepPart.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_parse ()

int                 shishi_enckdcreppart_parse          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *enckdcreppart);


shishi_enckdcreppart_populate_encticketpart ()

int                 shishi_enckdcreppart_populate_encticketpart
                                                        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_asn1 encticketpart);

Set the flags, authtime, starttime, endtime, renew-till and caddr fields of the EncKDCRepPart to the corresponding values in the EncTicketPart.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

encticketpart :

input EncTicketPart variable.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_print ()

int                 shishi_enckdcreppart_print          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 enckdcreppart);


shishi_enckdcreppart_read ()

int                 shishi_enckdcreppart_read           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 *enckdcreppart);


shishi_enckdcreppart_renew_till_set ()

int                 shishi_enckdcreppart_renew_till_set (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *renew_till);

Set the EncTicketPart.renew-till to supplied value. Use a NULL value for renew_till to remove the field.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

renew_till :

character buffer containing a generalized time string.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_save ()

int                 shishi_enckdcreppart_save           (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 enckdcreppart);


shishi_enckdcreppart_server_set ()

int                 shishi_enckdcreppart_server_set     (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *server);


shishi_enckdcreppart_sname_set ()

int                 shishi_enckdcreppart_sname_set      (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         Shishi_name_type name_type,
                                                         char *sname[]);

Set the server name field in the EncKDCRepPart.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

EncKDCRepPart variable to set server name field in.

name_type :

type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.

sname :

input array with principal name.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_srealm_set ()

int                 shishi_enckdcreppart_srealm_set     (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *srealm);

Set the server realm field in the EncKDCRepPart.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

EncKDCRepPart variable to set realm field in.

srealm :

input array with name of realm.

Returns :

Returns SHISHI_OK iff successful.

shishi_enckdcreppart_srealmserver_set ()

int                 shishi_enckdcreppart_srealmserver_set
                                                        (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *srealm,
                                                         const char *server);


shishi_enckdcreppart_starttime_set ()

int                 shishi_enckdcreppart_starttime_set  (Shishi *handle,
                                                         Shishi_asn1 enckdcreppart,
                                                         const char *starttime);

Set the EncTicketPart.starttime to supplied value. Use a NULL value for starttime to remove the field.

handle :

shishi handle as allocated by shishi_init().

enckdcreppart :

input EncKDCRepPart variable.

starttime :

character buffer containing a generalized time string.

Returns :

Returns SHISHI_OK iff successful.

shishi_encprivpart_set_user_data ()

int                 shishi_encprivpart_set_user_data    (Shishi *handle,
                                                         Shishi_asn1 encprivpart,
                                                         const char *userdata,
                                                         size_t userdatalen);

Set the application data in PRIV.

handle :

shishi handle as allocated by shishi_init().

encprivpart :

encprivpart as allocated by shishi_priv().

userdata :

input user application to store in PRIV.

userdatalen :

size of input user application to store in PRIV.

Returns :

Returns SHISHI_OK iff successful.

shishi_encprivpart_user_data ()

int                 shishi_encprivpart_user_data        (Shishi *handle,
                                                         Shishi_asn1 encprivpart,
                                                         char **userdata,
                                                         size_t *userdatalen);

Read user data value from KRB-PRIV. userdata is allocated by this function, and it is the responsibility of caller to deallocate it.

handle :

shishi handle as allocated by shishi_init().

encprivpart :

encprivpart as allocated by shishi_priv().

userdata :

output array with newly allocated user data from KRB-PRIV.

userdatalen :

output size of output user data buffer.

Returns :

Returns SHISHI_OK iff successful.

shishi_encrypt ()

int                 shishi_encrypt                      (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypts data using specified key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The default IV is used, see shishi_encrypt_iv if you need to alter it. The next IV is lost, see shishi_encrypt_ivupdate if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key is encrypting.

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_encrypt_etype ()

int                 shishi_encrypt_etype                (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypts data as per encryption method using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The default IV is used, see shishi_encrypt_iv_etype if you need to alter it. The next IV is lost, see shishi_encrypt_ivupdate_etype if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key is encrypting.

etype :

integer specifying what cipher to use.

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_encrypt_iv ()

int                 shishi_encrypt_iv                   (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypts data using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The next IV is lost, see shishi_encrypt_ivupdate if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key is encrypting.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_encrypt_iv_etype ()

int                 shishi_encrypt_iv_etype             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypts data as per encryption method using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. The next IV is lost, see shishi_encrypt_ivupdate_etype if you need it.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key is encrypting.

etype :

integer specifying what cipher to use.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_encrypt_ivupdate ()

int                 shishi_encrypt_ivupdate             (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypts data using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not saved anywhere.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key is encrypting.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

ivout :

output array with newly allocated updated initialization vector.

ivoutlen :

size of output array with updated initialization vector.

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_encrypt_ivupdate_etype ()

int                 shishi_encrypt_ivupdate_etype       (Shishi *handle,
                                                         Shishi_key *key,
                                                         int keyusage,
                                                         int32_t etype,
                                                         const char *iv,
                                                         size_t ivlen,
                                                         char **ivout,
                                                         size_t *ivoutlen,
                                                         const char *in,
                                                         size_t inlen,
                                                         char **out,
                                                         size_t *outlen);

Encrypts data as per encryption method using specified initialization vector and key. The key actually used is derived using the key usage. If key usage is 0, no key derivation is used. The OUT buffer must be deallocated by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not saved anywhere.

Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data exactly. Some encryption types add pad to make the data fit into the block size of the encryption algorithm. Furthermore, the pad is not guaranteed to look in any special way, although existing implementations often pad with the zero byte. This means that you may have to "frame" data, so it is possible to infer the original length after decryption. Compare ASN.1 DER which contains such information.

handle :

shishi handle as allocated by shishi_init().

key :

key to encrypt with.

keyusage :

integer specifying what this key is encrypting.

etype :

integer specifying what cipher to use.

iv :

input array with initialization vector

ivlen :

size of input array with initialization vector.

ivout :

output array with newly allocated updated initialization vector.

ivoutlen :

size of output array with updated initialization vector.

in :

input array with data to encrypt.

inlen :

size of input array with data to encrypt.

out :

output array with newly allocated encrypted data.

outlen :

output variable with size of newly allocated output array.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart ()

Shishi_asn1         shishi_encticketpart                (Shishi *handle);


shishi_encticketpart_authctime ()

time_t              shishi_encticketpart_authctime      (Shishi *handle,
                                                         Shishi_asn1 encticketpart);


shishi_encticketpart_authtime ()

int                 shishi_encticketpart_authtime       (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char *authtime,
                                                         size_t *authtimelen);


shishi_encticketpart_authtime_set ()

int                 shishi_encticketpart_authtime_set   (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         const char *authtime);

Set the EncTicketPart.authtime to supplied value.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

authtime :

character buffer containing a generalized time string.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_client ()

int                 shishi_encticketpart_client         (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char **client,
                                                         size_t *clientlen);

Represent client principal name in EncTicketPart as zero-terminated string. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

handle :

Shishi library handle create by shishi_init().

encticketpart :

EncTicketPart variable to get client name from.

client :

pointer to newly allocated zero terminated string containing principal name. May be NULL (to only populate clientlen).

clientlen :

pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_clientrealm ()

int                 shishi_encticketpart_clientrealm    (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char **client,
                                                         size_t *clientlen);

Convert cname and realm fields from EncTicketPart to printable principal name format. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

handle :

Shishi library handle create by shishi_init().

encticketpart :

EncTicketPart variable to get client name and realm from.

client :

pointer to newly allocated zero terminated string containing principal name and realm. May be NULL (to only populate clientlen).

clientlen :

pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_cname_set ()

int                 shishi_encticketpart_cname_set      (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_name_type name_type,
                                                         const char *principal);

Set the client name field in the EncTicketPart.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

name_type :

type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.

principal :

input array with principal name.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_crealm ()

int                 shishi_encticketpart_crealm         (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         char **crealm,
                                                         size_t *crealmlen);


shishi_encticketpart_crealm_set ()

int                 shishi_encticketpart_crealm_set     (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         const char *realm);

Set the realm field in the KDC-REQ.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

realm :

input array with name of realm.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_endtime_set ()

int                 shishi_encticketpart_endtime_set    (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         const char *endtime);

Set the EncTicketPart.endtime to supplied value.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

endtime :

character buffer containing a generalized time string.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_flags_set ()

int                 shishi_encticketpart_flags_set      (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         int flags);

Set the EncTicketPart.flags to supplied value.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

flags :

flags to set in encticketpart.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_get_key ()

int                 shishi_encticketpart_get_key        (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_key **key);

Extract the session key in the Ticket.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

key :

newly allocated key.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_key_set ()

int                 shishi_encticketpart_key_set        (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         Shishi_key *key);

Set the EncTicketPart.key field to key type and value of supplied key.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

key :

key handle with information to store in encticketpart.

Returns :

Returns SHISHI_OK iff successful.

shishi_encticketpart_print ()

int                 shishi_encticketpart_print          (Shishi *handle,
                                                         FILE *fh,
                                                         Shishi_asn1 encticketpart);


shishi_encticketpart_transited_set ()

int                 shishi_encticketpart_transited_set  (Shishi *handle,
                                                         Shishi_asn1 encticketpart,
                                                         int32_t trtype,
                                                         const char *trdata,
                                                         size_t trdatalen);

Set the EncTicketPart.transited field to supplied value.

handle :

shishi handle as allocated by shishi_init().

encticketpart :

input EncTicketPart variable.

trtype :

transitedencoding type, e.g. SHISHI_TR_DOMAIN_X500_COMPRESS.

trdata :

actual transited realm data.

trdatalen :

length of actual transited realm data.

Returns :

Returns SHISHI_OK iff successful.

shishi_error ()

const char *        shishi_error                        (Shishi *handle);

Extract detailed error information string. Note that the memory is managed by the Shishi library, so you must not deallocate the string.

handle :

shishi handle as allocated by shishi_init().

Returns :

Returns pointer to error information string, that must not be deallocate by caller.

shishi_error_clear ()

void                shishi_error_clear                  (Shishi *handle);

Clear the detailed error information string. See shishi_error() for how to access the error string, and shishi_error_set() and shishi_error_printf() for how to set the error string. This function is mostly for Shishi internal use, but if you develop an extension of Shishi, it may be useful to use the same error handling infrastructure.

handle :

shishi handle as allocated by shishi_init().

shishi_error_outputtype ()

int                 shishi_error_outputtype             (Shishi *handle);

Get the current output type for logging messages.