Authenticator Functions (GNU Shishi 1.0.3)

5.11 Authenticator Functions

An “Authenticator” is an ASN.1 structure that work as a proof that an entity owns a ticket. It is usually embedded in the AP-REQ structure (see AP-REQ and AP-REP Functions), and you most likely want to use an AP-REQ instead of a Authenticator in normal applications. The following illustrates the Authenticator ASN.1 structure.

Authenticator	::= [APPLICATION 2] SEQUENCE  {
	authenticator-vno	[0] INTEGER (5),
	crealm			[1] Realm,
	cname			[2] PrincipalName,
	cksum			[3] Checksum OPTIONAL,
	cusec			[4] Microseconds,
	ctime			[5] KerberosTime,
	subkey			[6] EncryptionKey OPTIONAL,
	seq-number		[7] UInt32 OPTIONAL,
	authorization-data	[8] AuthorizationData OPTIONAL
}

shishi_authenticator

Function: Shishi_asn1 shishi_authenticator (Shishi * handle)

handle: shishi handle as allocated by shishi_init().

Description: This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields.

Return value: Returns the authenticator or NULL on failure.

shishi_authenticator_subkey

Function: Shishi_asn1 shishi_authenticator_subkey (Shishi * handle)

handle: shishi handle as allocated by shishi_init().

Description: This function creates a new Authenticator, populated with some default values. It uses the current time as returned by the system for the ctime and cusec fields. It adds a random subkey.

Return value: Returns the authenticator or NULL on failure.

shishi_authenticator_print

Function: int shishi_authenticator_print (Shishi * handle, FILE * fh, Shishi_asn1 authenticator)

handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
authenticator: authenticator as allocated by shishi_authenticator().

Description: Print ASCII armored DER encoding of authenticator to file.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_save

Function: int shishi_authenticator_save (Shishi * handle, FILE * fh, Shishi_asn1 authenticator)

handle: shishi handle as allocated by shishi_init().
fh: file handle open for writing.
authenticator: authenticator as allocated by shishi_authenticator().

Description: Save DER encoding of authenticator to file.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_to_file

Function: int shishi_authenticator_to_file (Shishi * handle, Shishi_asn1 authenticator, int filetype, const char * filename)

handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator to save.
filetype: input variable specifying type of file to be written, see Shishi_filetype.
filename: input variable with filename to write to.

Description: Write Authenticator to file in specified TYPE. The file will be truncated if it exists.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_parse

Function: int shishi_authenticator_parse (Shishi * handle, FILE * fh, Shishi_asn1 * authenticator)

handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
authenticator: output variable with newly allocated authenticator.

Description: Read ASCII armored DER encoded authenticator from file and populate given authenticator variable.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_read

Function: int shishi_authenticator_read (Shishi * handle, FILE * fh, Shishi_asn1 * authenticator)

handle: shishi handle as allocated by shishi_init().
fh: file handle open for reading.
authenticator: output variable with newly allocated authenticator.

Description: Read DER encoded authenticator from file and populate given authenticator variable.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_from_file

Function: int shishi_authenticator_from_file (Shishi * handle, Shishi_asn1 * authenticator, int filetype, const char * filename)

handle: shishi handle as allocated by shishi_init().
authenticator: output variable with newly allocated Authenticator.
filetype: input variable specifying type of file to be read, see Shishi_filetype.
filename: input variable with filename to read from.

Description: Read Authenticator from file in specified TYPE.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_set_crealm

Function: int shishi_authenticator_set_crealm (Shishi * handle, Shishi_asn1 authenticator, const char * crealm)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
crealm: input array with realm.

Description: Set realm field in authenticator to specified value.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_set_cname

Function: int shishi_authenticator_set_cname (Shishi * handle, Shishi_asn1 authenticator, Shishi_name_type name_type, const char * cname[])

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
name_type: type of principial, see Shishi_name_type, usually SHISHI_NT_UNKNOWN.
cname: input array with principal name.

Description: Set principal field in authenticator to specified value.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_client_set

Function: int shishi_authenticator_client_set (Shishi * handle, Shishi_asn1 authenticator, const char * client)

handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator to set client name field in.
client: zero-terminated string with principal name on RFC 1964 form.

Description: Set the client name field in the Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_ctime

Function: int shishi_authenticator_ctime (Shishi * handle, Shishi_asn1 authenticator, char ** t)

handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
t: newly allocated zero-terminated character array with client time.

Description: Extract client time from Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_ctime_set

Function: int shishi_authenticator_ctime_set (Shishi * handle, Shishi_asn1 authenticator, const char * t)

handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
t: string with generalized time value to store in Authenticator.

Description: Store client time in Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_cusec_get

Function: int shishi_authenticator_cusec_get (Shishi * handle, Shishi_asn1 authenticator, uint32_t * cusec)

handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().
cusec: output integer with client microseconds field.

Description: Extract client microseconds field from Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_cusec_set

Function: int shishi_authenticator_cusec_set (Shishi * handle, Shishi_asn1 authenticator, uint32_t cusec)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
cusec: client microseconds to set in authenticator, 0-999999.

Description: Set the cusec field in the Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_seqnumber_get

Function: int shishi_authenticator_seqnumber_get (Shishi * handle, Shishi_asn1 authenticator, uint32_t * seqnumber)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
seqnumber: output integer with sequence number field.

Description: Extract sequence number field from Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_seqnumber_remove

Function: int shishi_authenticator_seqnumber_remove (Shishi * handle, Shishi_asn1 authenticator)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().

Description: Remove sequence number field in Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_seqnumber_set

Function: int shishi_authenticator_seqnumber_set (Shishi * handle, Shishi_asn1 authenticator, uint32_t seqnumber)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
seqnumber: integer with sequence number field to store in Authenticator.

Description: Store sequence number field in Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_client

Function: int shishi_authenticator_client (Shishi * handle, Shishi_asn1 authenticator, char ** client, size_t * clientlen)

handle: Shishi library handle create by shishi_init().
authenticator: Authenticator variable to get client name from.
client: pointer to newly allocated zero terminated string containing principal name. May be NULL (to only populate clientlen).
clientlen: pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Description: Represent client principal name in Authenticator as zero-terminated string. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_clientrealm

Function: int shishi_authenticator_clientrealm (Shishi * handle, Shishi_asn1 authenticator, char ** client, size_t * clientlen)

handle: Shishi library handle create by shishi_init().
authenticator: Authenticator variable to get client name and realm from.
client: pointer to newly allocated zero terminated string containing principal name and realm. May be NULL (to only populate clientlen).
clientlen: pointer to length of client on output, excluding terminating zero. May be NULL (to only populate client).

Description: Convert cname and realm fields from Authenticator to printable principal name format. The string is allocate by this function, and it is the responsibility of the caller to deallocate it. Note that the output length clientlen does not include the terminating zero.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_cksum

Function: int shishi_authenticator_cksum (Shishi * handle, Shishi_asn1 authenticator, int32_t * cksumtype, char ** cksum, size_t * cksumlen)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
cksumtype: output checksum type.
cksum: newly allocated output checksum data from authenticator.
cksumlen: on output, actual size of allocated output checksum data buffer.

Description: Read checksum value from authenticator. cksum is allocated by this function, and it is the responsibility of caller to deallocate it.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_set_cksum

Function: int shishi_authenticator_set_cksum (Shishi * handle, Shishi_asn1 authenticator, int32_t cksumtype, char * cksum, size_t cksumlen)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
cksumtype: input checksum type to store in authenticator.
cksum: input checksum data to store in authenticator.
cksumlen: size of input checksum data to store in authenticator.

Description: Store checksum value in authenticator. A checksum is usually created by calling shishi_checksum() on some application specific data using the key from the ticket that is being used. To save time, you may want to use shishi_authenticator_add_cksum() instead, which calculates the checksum and calls this function in one step.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_add_cksum

Function: int shishi_authenticator_add_cksum (Shishi * handle, Shishi_asn1 authenticator, Shishi_key * key, int keyusage, char * data, size_t datalen)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
key: key to to use for encryption.
keyusage: cryptographic key usage value to use in encryption.
data: input array with data to calculate checksum on.
datalen: size of input array with data to calculate checksum on.

Description: Calculate checksum for data and store it in the authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_add_cksum_type

Function: int shishi_authenticator_add_cksum_type (Shishi * handle, Shishi_asn1 authenticator, Shishi_key * key, int keyusage, int cksumtype, char * data, size_t datalen)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
key: key to to use for encryption.
keyusage: cryptographic key usage value to use in encryption.
cksumtype: checksum to type to calculate checksum.
data: input array with data to calculate checksum on.
datalen: size of input array with data to calculate checksum on.

Description: Calculate checksum for data and store it in the authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_clear_authorizationdata

Function: int shishi_authenticator_clear_authorizationdata (Shishi * handle, Shishi_asn1 authenticator)

handle: shishi handle as allocated by shishi_init().
authenticator: Authenticator as allocated by shishi_authenticator().

Description: Remove the authorization-data field from Authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_add_authorizationdata

Function: int shishi_authenticator_add_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int32_t adtype, const char * addata, size_t addatalen)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
adtype: input authorization data type to add.
addata: input authorization data to add.
addatalen: size of input authorization data to add.

Description: Add authorization data to authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_authorizationdata

Function: int shishi_authenticator_authorizationdata (Shishi * handle, Shishi_asn1 authenticator, int32_t * adtype, char ** addata, size_t * addatalen, size_t nth)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
adtype: output authorization data type.
addata: newly allocated output authorization data.
addatalen: on output, actual size of newly allocated authorization data.
nth: element number of authorization-data to extract.

Extract n: th authorization data from authenticator. The first field is 1.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_remove_subkey

Function: int shishi_authenticator_remove_subkey (Shishi * handle, Shishi_asn1 authenticator)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().

Description: Remove subkey from the authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_get_subkey

Function: int shishi_authenticator_get_subkey (Shishi * handle, Shishi_asn1 authenticator, Shishi_key ** subkey)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
subkey: output newly allocated subkey from authenticator.

Description: Read subkey value from authenticator.

Return value: Returns SHISHI_OK if successful or SHISHI_ASN1_NO_ELEMENT if subkey is not present.

shishi_authenticator_set_subkey

Function: int shishi_authenticator_set_subkey (Shishi * handle, Shishi_asn1 authenticator, int32_t subkeytype, const char * subkey, size_t subkeylen)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
subkeytype: input subkey type to store in authenticator.
subkey: input subkey data to store in authenticator.
subkeylen: size of input subkey data to store in authenticator.

Description: Store subkey value in authenticator. A subkey is usually created by calling shishi_key_random() using the default encryption type of the key from the ticket that is being used. To save time, you may want to use shishi_authenticator_add_subkey() instead, which calculates the subkey and calls this function in one step.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_add_random_subkey

Function: int shishi_authenticator_add_random_subkey (Shishi * handle, Shishi_asn1 authenticator)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().

Description: Generate random subkey, of the default encryption type from configuration, and store it in the authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_add_random_subkey_etype

Function: int shishi_authenticator_add_random_subkey_etype (Shishi * handle, Shishi_asn1 authenticator, int etype)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
etype: encryption type of random key to generate.

Description: Generate random subkey of indicated encryption type, and store it in the authenticator.

Return value: Returns SHISHI_OK iff successful.

shishi_authenticator_add_subkey

Function: int shishi_authenticator_add_subkey (Shishi * handle, Shishi_asn1 authenticator, Shishi_key * subkey)

handle: shishi handle as allocated by shishi_init().
authenticator: authenticator as allocated by shishi_authenticator().
subkey: subkey to add to authenticator.

Description: Store subkey in the authenticator.

Return value: Returns SHISHI_OK iff successful.