The Authentication Service (AS) is used to get an initial ticket using e.g. your password. The Ticket Granting Service (TGS) is used to get subsequent tickets using other tickets. Protocol wise the procedures are very similar, which is the reason they are described together. The following illustrates the AS-REQ, TGS-REQ and AS-REP, TGS-REP ASN.1 structures. Most of the functions use the mnemonic "KDC" instead of either AS or TGS, which means the function operates on both AS and TGS types. Only where the distinction between AS and TGS is important are the AS and TGS names used. Remember, these are low-level functions, and normal applications will likely be satisfied with the AS (Section 6.7) and TGS (Section 6.8) interfaces, or the even more high-level Ticket Set (Section 6.3) interface.
-- Request --
AS-REQ ::= KDC-REQ {10}
TGS-REQ ::= KDC-REQ {12}
KDC-REQ {INTEGER:tagnum} ::= [APPLICATION tagnum] SEQUENCE {
pvno [1] INTEGER (5) -- first tag is [1], not [0] --,
msg-type [2] INTEGER (tagnum),
padata [3] SEQUENCE OF PA-DATA OPTIONAL,
req-body [4] KDC-REQ-BODY
}
KDC-REQ-BODY ::= SEQUENCE {
kdc-options [0] KDCOptions,
cname [1] PrincipalName OPTIONAL
-- Used only in AS-REQ --,
realm [2] Realm
-- Server's realm
-- Also client's in AS-REQ --,
sname [3] PrincipalName OPTIONAL,
from [4] KerberosTime OPTIONAL,
till [5] KerberosTime,
rtime [6] KerberosTime OPTIONAL,
nonce [7] UInt32,
etype [8] SEQUENCE OF Int32 -- EncryptionType
-- in preference order --,
addresses [9] HostAddresses OPTIONAL,
enc-authorization-data [10] EncryptedData {
AuthorizationData,
{ keyuse-TGSReqAuthData-sesskey
| keyuse-TGSReqAuthData-subkey }
} OPTIONAL,
additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
}
-- Reply --
AS-REP ::= KDC-REP {11, EncASRepPart, {keyuse-EncASRepPart}}
TGS-REP ::= KDC-REP {13, EncTGSRepPart,
{ keyuse-EncTGSRepPart-sesskey
| keyuse-EncTGSRepPart-subkey }}
KDC-REP {INTEGER:tagnum,
TypeToEncrypt,
UInt32:KeyUsages} ::= [APPLICATION tagnum] SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] INTEGER (tagnum),
padata [2] SEQUENCE OF PA-DATA OPTIONAL,
crealm [3] Realm,
cname [4] PrincipalName,
ticket [5] Ticket,
enc-part [6] EncryptedData {TypeToEncrypt, KeyUsages}
}
EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
EncKDCRepPart ::= SEQUENCE {
key [0] EncryptionKey,
last-req [1] LastReq,
nonce [2] UInt32,
key-expiration [3] KerberosTime OPTIONAL,
flags [4] TicketFlags,
authtime [5] KerberosTime,
starttime [6] KerberosTime OPTIONAL,
endtime [7] KerberosTime,
renew-till [8] KerberosTime OPTIONAL,
srealm [9] Realm,
sname [10] PrincipalName,
caddr [11] HostAddresses OPTIONAL
}int shishi_as_derive_salt (Shishi * handle, Shishi_asn1 asreq, Shishi_asn1 asrep, char * salt, size_t * saltlen)
handle: shishi handle as allocated by shishi_init().
asreq: input AS-REQ variable.
asrep: input AS-REP variable.
salt: output array with salt.
saltlen: on input, maximum size of output array with salt, on output, holds actual size of output array with salt.
Derive the salt that should be used when deriving a key via shishi_string_to_key() for an AS exchange. Currently this searches for PA-DATA of type SHISHI_PA_PW_SALT in the AS-REP and returns it if found, otherwise the salt is derived from the client name and realm in AS-REQ.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdc_copy_crealm (Shishi * handle, Shishi_asn1 kdcrep, Shishi_asn1 encticketpart)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP to read crealm from.
encticketpart: EncTicketPart to set crealm in.
Set crealm in KDC-REP to value in EncTicketPart.
Return value: Returns SHISHI_OK if successful.
int shishi_as_check_crealm (Shishi * handle, Shishi_asn1 asreq, Shishi_asn1 asrep)
handle: shishi handle as allocated by shishi_init().
asreq: AS-REQ to compare realm field in.
asrep: AS-REP to compare realm field in.
Verify that AS-REQ.req-body.realm and AS-REP.crealm fields matches. This is one of the steps that has to be performed when processing a AS-REQ and AS-REP exchange, see shishi_kdc_process().
Return value: Returns SHISHI_OK if successful, SHISHI_REALM_MISMATCH if the values differ, or an error code.
int shishi_kdc_copy_cname (Shishi * handle, Shishi_asn1 kdcrep, Shishi_asn1 encticketpart)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REQ to read cname from.
encticketpart: EncTicketPart to set cname in.
Set cname in KDC-REP to value in EncTicketPart.
Return value: Returns SHISHI_OK if successful.
int shishi_as_check_cname (Shishi * handle, Shishi_asn1 asreq, Shishi_asn1 asrep)
handle: shishi handle as allocated by shishi_init().
asreq: AS-REQ to compare client name field in.
asrep: AS-REP to compare client name field in.
Verify that AS-REQ.req-body.realm and AS-REP.crealm fields matches. This is one of the steps that has to be performed when processing a AS-REQ and AS-REP exchange, see shishi_kdc_process().
Return value: Returns SHISHI_OK if successful, SHISHI_CNAME_MISMATCH if the values differ, or an error code.
int shishi_kdc_copy_nonce (Shishi * handle, Shishi_asn1 kdcreq, Shishi_asn1 enckdcreppart)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to read nonce from.
enckdcreppart: EncKDCRepPart to set nonce in.
Set nonce in EncKDCRepPart to value in KDC-REQ.
Return value: Returns SHISHI_OK if successful.
int shishi_kdc_check_nonce (Shishi * handle, Shishi_asn1 kdcreq, Shishi_asn1 enckdcreppart)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to compare nonce field in.
enckdcreppart: Encrypted KDC-REP part to compare nonce field in.
Verify that KDC-REQ.req-body.nonce and EncKDCRepPart.nonce fields matches. This is one of the steps that has to be performed when processing a KDC-REQ and KDC-REP exchange.
Return value: Returns SHISHI_OK if successful, SHISHI_NONCE_LENGTH_MISMATCH if the nonces have different lengths (usually indicates that buggy server truncated nonce to 4 bytes), SHISHI_NONCE_MISMATCH if the values differ, or an error code.
int shishi_tgs_process (Shishi * handle, Shishi_asn1 tgsreq, Shishi_asn1 tgsrep, Shishi_asn1 authenticator, Shishi_asn1 oldenckdcreppart, Shishi_asn1 * enckdcreppart)
handle: shishi handle as allocated by shishi_init().
tgsreq: input variable that holds the sent KDC-REQ.
tgsrep: input variable that holds the received KDC-REP.
authenticator: input variable with Authenticator from AP-REQ in KDC-REQ.
oldenckdcreppart: input variable with EncKDCRepPart used in request.
enckdcreppart: output variable that holds new EncKDCRepPart.
Process a TGS client exchange and output decrypted EncKDCRepPart which holds details for the new ticket received. This function simply derives the encryption key from the ticket used to construct the TGS request and calls shishi_kdc_process(), which see.
Return value: Returns SHISHI_OK iff the TGS client exchange was successful.
int shishi_as_process (Shishi * handle, Shishi_asn1 asreq, Shishi_asn1 asrep, const char * string, Shishi_asn1 * enckdcreppart)
handle: shishi handle as allocated by shishi_init().
asreq: input variable that holds the sent KDC-REQ.
asrep: input variable that holds the received KDC-REP.
string: input variable with zero terminated password.
enckdcreppart: output variable that holds new EncKDCRepPart.
Process an AS client exchange and output decrypted EncKDCRepPart which holds details for the new ticket received. This function simply derives the encryption key from the password and calls shishi_kdc_process(), which see.
Return value: Returns SHISHI_OK iff the AS client exchange was successful.
int shishi_kdc_process (Shishi * handle, Shishi_asn1 kdcreq, Shishi_asn1 kdcrep, Shishi_key * key, int keyusage, Shishi_asn1 * enckdcreppart)
handle: shishi handle as allocated by shishi_init().
kdcreq: input variable that holds the sent KDC-REQ.
kdcrep: input variable that holds the received KDC-REP.
key: input array with key to decrypt encrypted part of KDC-REP with.
keyusage: kereros key usage value.
enckdcreppart: output variable that holds new EncKDCRepPart.
Process a KDC client exchange and output decrypted EncKDCRepPart which holds details for the new ticket received. Use shishi_kdcrep_get_ticket() to extract the ticket. This function verifies the various conditions that must hold if the response is to be considered valid, specifically it compares nonces (shishi_check_nonces()) and if the exchange was a AS exchange, it also compares cname and crealm (shishi_check_cname() and shishi_check_crealm()).
Usually the shishi_as_process() and shishi_tgs_process() functions should be used instead, since they simplify the decryption key computation.
Return value: Returns SHISHI_OK iff the KDC client exchange was successful.
Shishi_asn1 shishi_asreq (Shishi * handle)
handle: shishi handle as allocated by shishi_init().
This function creates a new AS-REQ, populated with some default values.
Return value: Returns the AS-REQ or NULL on failure.
Shishi_asn1 shishi_tgsreq (Shishi * handle)
handle: shishi handle as allocated by shishi_init().
This function creates a new TGS-REQ, populated with some default values.
Return value: Returns the TGS-REQ or NULL on failure.
int shishi_kdcreq_print (Shishi * handle, FILE * fh, Shishi_asn1 kdcreq)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
kdcreq: KDC-REQ to print.
Print ASCII armored DER encoding of KDC-REQ to file.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_save (Shishi * handle, FILE * fh, Shishi_asn1 kdcreq)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
kdcreq: KDC-REQ to save.
Print DER encoding of KDC-REQ to file.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_to_file (Shishi * handle, Shishi_asn1 kdcreq, int filetype, char * filename)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to save.
filetype: input variable specifying type of file to be written, see Shishi_filetype.
filename: input variable with filename to write to.
Write KDC-REQ to file in specified TYPE. The file will be truncated if it exists.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_parse (Shishi * handle, FILE * fh, Shishi_asn1 * kdcreq)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
kdcreq: output variable with newly allocated KDC-REQ.
Read ASCII armored DER encoded KDC-REQ from file and populate given variable.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_read (Shishi * handle, FILE * fh, Shishi_asn1 * kdcreq)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
kdcreq: output variable with newly allocated KDC-REQ.
Read DER encoded KDC-REQ from file and populate given variable.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_from_file (Shishi * handle, Shishi_asn1 * kdcreq, int filetype, char * filename)
handle: shishi handle as allocated by shishi_init().
kdcreq: output variable with newly allocated KDC-REQ.
filetype: input variable specifying type of file to be read, see Shishi_filetype.
filename: input variable with filename to read from.
Read KDC-REQ from file in specified TYPE.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_set_cname (Shishi * handle, Shishi_asn1 kdcreq, Shishi_name_type name_type, const char * principal)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set client name field in.
name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
principal: input array with principal name.
Set the client name field in the KDC-REQ.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_set_realm (Shishi * handle, Shishi_asn1 kdcreq, const char * realm)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set realm field in.
realm: input array with name of realm.
Set the realm field in the KDC-REQ.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_set_sname (Shishi * handle, Shishi_asn1 kdcreq, Shishi_name_type name_type, const char * [] sname)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set server name field in.
name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
sname: input array with principal name.
Set the server name field in the KDC-REQ.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_etype (Shishi * handle, Shishi_asn1 kdcreq, int32_t * etype, int netype)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to get etype field from.
etype: output encryption type.
netype: element number to return.
Return the netype: th encryption type from KDC-REQ. The first etype is number 1.
Return value: Returns SHISHI_OK iff etype successful set.
int shishi_kdcreq_set_etype (Shishi * handle, Shishi_asn1 kdcreq, int32_t * etype, int netype)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set etype field in.
etype: input array with encryption types.
netype: number of elements in input array with encryption types.
Set the list of supported or wanted encryption types in the request. The list should be sorted in priority order.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_options (Shishi * handle, Shishi_asn1 kdcreq, uint32_t * flags)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set etype field in.
flags: pointer to output integer with flags.
Extract KDC-Options from KDC-REQ.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_renewable_p (Shishi * handle, Shishi_asn1 kdcreq)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set etype field in.
Determine if KDC-Option renewable flag is set.
The RENEWABLE option indicates that the ticket to be issued is to have its RENEWABLE flag set. It may only be set on the initial request, or when the ticket-granting ticket on which the request is based is also renewable. If this option is requested, then the rtime field in the request contains the desired absolute expiration time for the ticket.
Return value: Returns non-0 iff renewable flag is set in KDC-REQ.
int shishi_kdcreq_options_set (Shishi * handle, Shishi_asn1 kdcreq, uint32_t options)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set etype field in.
options: integer with flags to store in KDC-REQ.
Set options in KDC-REQ. Note that this reset any already existing flags.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_options_add (Shishi * handle, Shishi_asn1 kdcreq, uint32_t option)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ variable to set etype field in.
option: integer with options to add in KDC-REQ.
Add KDC-Option to KDC-REQ. This preserves all existing options.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_clear_padata (Shishi * handle, Shishi_asn1 kdcreq)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to remove PA-DATA from.
Remove the padata field from KDC-REQ.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_get_padata (Shishi * handle, Shishi_asn1 kdcreq, Shishi_padata_type padatatype, char ** out, size_t * outlen)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to get PA-DATA from.
padatatype: type of PA-DATA, see Shishi_padata_type.
out: output array with newly allocated PA-DATA value.
outlen: size of output array with PA-DATA value.
Get pre authentication data (PA-DATA) from KDC-REQ. Pre authentication data is used to pass various information to KDC, such as in case of a SHISHI_PA_TGS_REQ padatatype the AP-REQ that authenticates the user to get the ticket.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_get_padata_tgs (Shishi * handle, Shishi_asn1 kdcreq, Shishi_asn1 * apreq)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to get PA-TGS-REQ from.
apreq: Output variable with newly allocated AP-REQ.
Extract TGS pre-authentication data from KDC-REQ. The data is an AP-REQ that authenticates the request. This function call shishi_kdcreq_get_padata() with a SHISHI_PA_TGS_REQ padatatype and DER decode the result (if any).
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_add_padata (Shishi * handle, Shishi_asn1 kdcreq, int padatatype, const char * data, size_t datalen)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to add PA-DATA to.
padatatype: type of PA-DATA, see Shishi_padata_type.
data: input array with PA-DATA value.
datalen: size of input array with PA-DATA value.
Add new pre authentication data (PA-DATA) to KDC-REQ. This is used to pass various information to KDC, such as in case of a SHISHI_PA_TGS_REQ padatatype the AP-REQ that authenticates the user to get the ticket. (But also see shishi_kdcreq_add_padata_tgs() which takes an AP-REQ directly.)
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcreq_add_padata_tgs (Shishi * handle, Shishi_asn1 kdcreq, Shishi_asn1 apreq)
handle: shishi handle as allocated by shishi_init().
kdcreq: KDC-REQ to add PA-DATA to.
apreq: AP-REQ to add as PA-DATA.
Add TGS pre-authentication data to KDC-REQ. The data is an AP-REQ that authenticates the request. This functions simply DER encodes the AP-REQ and calls shishi_kdcreq_add_padata() with a SHISHI_PA_TGS_REQ padatatype.
Return value: Returns SHISHI_OK iff successful.
Shishi_asn1 shishi_asrep (Shishi * handle)
handle: shishi handle as allocated by shishi_init().
This function creates a new AS-REP, populated with some default values.
Return value: Returns the AS-REP or NULL on failure.
Shishi_asn1 shishi_tgsrep (Shishi * handle)
handle: shishi handle as allocated by shishi_init().
This function creates a new TGS-REP, populated with some default values.
Return value: Returns the TGS-REP or NULL on failure.
int shishi_kdcrep_print (Shishi * handle, FILE * fh, Shishi_asn1 kdcrep)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
kdcrep: KDC-REP to print.
Print ASCII armored DER encoding of KDC-REP to file.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_save (Shishi * handle, FILE * fh, Shishi_asn1 kdcrep)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
kdcrep: KDC-REP to save.
Print DER encoding of KDC-REP to file.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_to_file (Shishi * handle, Shishi_asn1 kdcrep, int filetype, char * filename)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP to save.
filetype: input variable specifying type of file to be written, see Shishi_filetype.
filename: input variable with filename to write to.
Write KDC-REP to file in specified TYPE. The file will be truncated if it exists.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_parse (Shishi * handle, FILE * fh, Shishi_asn1 * kdcrep)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
kdcrep: output variable with newly allocated KDC-REP.
Read ASCII armored DER encoded KDC-REP from file and populate given variable.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_read (Shishi * handle, FILE * fh, Shishi_asn1 * kdcrep)
handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
kdcrep: output variable with newly allocated KDC-REP.
Read DER encoded KDC-REP from file and populate given variable.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_from_file (Shishi * handle, Shishi_asn1 * kdcrep, int filetype, char * filename)
handle: shishi handle as allocated by shishi_init().
kdcrep: output variable with newly allocated KDC-REP.
filetype: input variable specifying type of file to be read, see Shishi_filetype.
filename: input variable with filename to read from.
Read KDC-REP from file in specified TYPE.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_crealm_set (Shishi * handle, Shishi_asn1 kdcrep, const char * crealm)
handle: shishi handle as allocated by shishi_init().
kdcrep: Kdcrep variable to set realm field in.
crealm: input array with name of realm.
Set the client realm field in the KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_cname_set (Shishi * handle, Shishi_asn1 kdcrep, Shishi_name_type name_type, const char * [] cname)
handle: shishi handle as allocated by shishi_init().
kdcrep: Kdcrep variable to set server name field in.
name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
cname: input array with principal name.
Set the server name field in the KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_client_set (Shishi * handle, Shishi_asn1 kdcrep, const char * client)
handle: shishi handle as allocated by shishi_init().
kdcrep: Kdcrep variable to set server name field in.
client: zero-terminated string with principal name on RFC 1964 form.
Set the client name field in the KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_get_enc_part_etype (Shishi * handle, Shishi_asn1 kdcrep, int32_t * etype)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP variable to get value from.
etype: output variable that holds the value.
Extract KDC-REP.enc-part.etype.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_get_ticket (Shishi * handle, Shishi_asn1 kdcrep, Shishi_asn1 * ticket)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP variable to get ticket from.
ticket: output variable to hold extracted ticket.
Extract ticket from KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_set_ticket (Shishi * handle, Shishi_asn1 kdcrep, Shishi_asn1 ticket)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP to add ticket field to.
ticket: input ticket to copy into KDC-REP ticket field.
Copy ticket into KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_set_enc_part (Shishi * handle, Shishi_asn1 kdcrep, int etype, int kvno, const char * buf, size_t buflen)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP to add enc-part field to.
etype: encryption type used to encrypt enc-part.
kvno: key version number.
buf: input array with encrypted enc-part.
buflen: size of input array with encrypted enc-part.
Set the encrypted enc-part field in the KDC-REP. The encrypted data is usually created by calling shishi_encrypt() on the DER encoded enc-part. To save time, you may want to use shishi_kdcrep_add_enc_part() instead, which calculates the encrypted data and calls this function in one step.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_add_enc_part (Shishi * handle, Shishi_asn1 kdcrep, Shishi_key * key, int keyusage, Shishi_asn1 enckdcreppart)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP to add enc-part field to.
key: key used to encrypt enc-part.
keyusage: key usage to use, normally SHISHI_KEYUSAGE_ENCASREPPART, SHISHI_KEYUSAGE_ENCTGSREPPART_SESSION_KEY or SHISHI_KEYUSAGE_ENCTGSREPPART_AUTHENTICATOR_KEY.
enckdcreppart: EncKDCRepPart to add.
Encrypts DER encoded EncKDCRepPart using key and stores it in the KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_kdcrep_clear_padata (Shishi * handle, Shishi_asn1 kdcrep)
handle: shishi handle as allocated by shishi_init().
kdcrep: KDC-REP to remove PA-DATA from.
Remove the padata field from KDC-REP.
Return value: Returns SHISHI_OK iff successful.
int shishi_enckdcreppart_get_key (Shishi * handle, Shishi_asn1 enckdcreppart, Shishi_key ** key)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: input EncKDCRepPart variable.
key: newly allocated encryption key handle.
Extract the key to use with the ticket sent in the KDC-REP associated with the EndKDCRepPart input variable.
Return value: Returns SHISHI_OK iff succesful.
int shishi_enckdcreppart_key_set (Shishi * handle, Shishi_asn1 enckdcreppart, Shishi_key * key)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: input EncKDCRepPart variable.
key: key handle with information to store in enckdcreppart.
Set the EncKDCRepPart.key field to key type and value of supplied key.
Return value: Returns SHISHI_OK iff succesful.
int shishi_enckdcreppart_nonce_set (Shishi * handle, Shishi_asn1 enckdcreppart, uint32_t nonce)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: input EncKDCRepPart variable.
nonce: nonce to set in EncKDCRepPart.
Set the EncKDCRepPart.nonce field.
Return value: Returns SHISHI_OK iff succesful.
int shishi_enckdcreppart_flags_set (Shishi * handle, Shishi_asn1 enckdcreppart, int flags)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: input EncKDCRepPart variable.
flags: flags to set in EncKDCRepPart.
Set the EncKDCRepPart.flags field.
Return value: Returns SHISHI_OK iff succesful.
int shishi_enckdcreppart_populate_encticketpart (Shishi * handle, Shishi_asn1 enckdcreppart, Shishi_asn1 encticketpart)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: input EncKDCRepPart variable.
encticketpart: input EncTicketPart variable.
Set the flags, authtime, starttime, endtime, renew-till and caddr fields of the EncKDCRepPart to the corresponding values in the EncTicketPart.
Return value: Returns SHISHI_OK iff succesful.
int shishi_enckdcreppart_srealm_set (Shishi * handle, Shishi_asn1 enckdcreppart, const char * srealm)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: EncKDCRepPart variable to set realm field in.
srealm: input array with name of realm.
Set the server realm field in the EncKDCRepPart.
Return value: Returns SHISHI_OK iff successful.
int shishi_enckdcreppart_sname_set (Shishi * handle, Shishi_asn1 enckdcreppart, Shishi_name_type name_type, char * [] sname)
handle: shishi handle as allocated by shishi_init().
enckdcreppart: EncKDCRepPart variable to set server name field in.
name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
sname: input array with principal name.
Set the server name field in the EncKDCRepPart.
Return value: Returns SHISHI_OK iff successful.