diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-04-16 13:32:04 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2024-06-20 16:36:30 -0400 |
commit | 04f9c19c98aed91d96afa377557da86e04db6b44 (patch) | |
tree | 7b2dfffd2bc6174c4b0228188edcceea4d6d9862 /src/tests/asn.1/trval.c | |
parent | 13e97260e012c34b454fba66a8525b32fe21e438 (diff) | |
download | krb5-04f9c19c98aed91d96afa377557da86e04db6b44.zip krb5-04f9c19c98aed91d96afa377557da86e04db6b44.tar.gz krb5-04f9c19c98aed91d96afa377557da86e04db6b44.tar.bz2 |
Correct IAKERB protocol implementation
The initial implementation of IAKERB in MIT krb5 mistakenly used
draft-zhu-ws-kerb instead of draft-kitten-ietf-iakerb, and
additionally used the wrong ASN.1 tag value for the target-realm field
of the IAKERB-HEADER sequence. Correct the following aspects of the
protocol implementation:
* Require and use framing on all messages, not just the initial
context token.
* Use extension value 2 for the finish message instead of 1.
* Use key usage value 41 instead of 42 for the finish message
checksum.
* Use UTF8String (12) for target-realm instead of OCTET STRING (4).
With these changes, the IAKERB implementation is interoperable with
other krb5 implementations, but not with the implementation before
these changes.
ticket: 9123 (new)
Diffstat (limited to 'src/tests/asn.1/trval.c')
-rw-r--r-- | src/tests/asn.1/trval.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c index e0e58cc..f84c515 100644 --- a/src/tests/asn.1/trval.c +++ b/src/tests/asn.1/trval.c @@ -72,6 +72,7 @@ #define PRIM_REAL 0x09 /* Real */ #define PRIM_ENUM 0x0a /* Enumerated type */ #define PRIM_ENCR 0x0b /* Encrypted */ +#define PRIM_UTF8 0x0c /* UTF8String */ #define CONS_SEQ 0x10 /* SEQUENCE/SEQUENCE OF */ #define CONS_SET 0x11 /* SET/SET OF */ #define DEFN_NUMS 0x12 /* Numeric String */ @@ -321,7 +322,7 @@ do_prim_string(FILE *fp, int tag, unsigned char *enc, int len, int lev) /* * Only try this printing function with "reasonable" types */ - if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS)) + if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS) && (tag != PRIM_UTF8)) return 0; for (i=0; i < len; i++) @@ -433,6 +434,7 @@ struct typestring_table univ_types[] = { { PRIM_REAL, -1, "Real"}, { PRIM_ENUM, -1, "Enumerated type"}, { PRIM_ENCR, -1, "Encrypted"}, + { PRIM_UTF8, -1, "UTF8String"}, { CONS_SEQ, -1, "Sequence/Sequence Of"}, { CONS_SET, -1, "Set/Set Of"}, { DEFN_NUMS, -1, "Numeric String"}, |