/** * shishi_tgs_rep_process: * @tgs: structure that holds information about TGS exchange * * Process new TGS-REP and set ticket. The key to decrypt the TGS-REP * is taken from the EncKDCRepPart of the TGS tgticket. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_tgs_rep_process (Shishi_tgs * tgs) { Shishi_asn1 kdcreppart, ticket; int res; if (VERBOSE (tgs->handle)) printf ("Processing TGS-REQ and TGS-REP...\n"); res = shishi_tgs_process (tgs->handle, tgs->tgsreq, tgs->tgsrep, shishi_ap_authenticator (tgs->ap), shishi_tkt_enckdcreppart (tgs->tgtkt), &kdcreppart); if (res != SHISHI_OK) { shishi_error_printf (tgs->handle, "Could not process TGS: %s", shishi_strerror (res)); return res; } if (VERBOSE (tgs->handle)) printf ("Got EncKDCRepPart...\n"); if (VERBOSEASN1 (tgs->handle)) shishi_enckdcreppart_print (tgs->handle, stdout, kdcreppart); res = shishi_kdcrep_get_ticket (tgs->handle, tgs->tgsrep, &ticket); if (res != SHISHI_OK) { shishi_error_printf (tgs->handle, "Could not extract ticket from TGS-REP: %s", shishi_strerror (res)); return res; } if (VERBOSE (tgs->handle)) printf ("Got Ticket...\n"); if (VERBOSEASN1 (tgs->handle)) shishi_ticket_print (tgs->handle, stdout, ticket); /* XXX */ tgs->tkt = shishi_tkt2 (tgs->handle, ticket, kdcreppart, tgs->tgsrep); return SHISHI_OK; }
void test (Shishi * handle) { Shishi_asn1 req, rep; char *reqder, *repder; size_t reqderlen, repderlen; int rc; uint32_t nonce; if (!base64_decode_alloc (asreq, strlen (asreq), &reqder, &reqderlen)) fail ("base64 req\n"); if (!base64_decode_alloc (asreppart, strlen (asreppart), &repder, &repderlen)) fail ("base64 rep\n"); req = shishi_der2asn1_asreq (handle, reqder, reqderlen); if (!req) fail ("der2asn1 req\n"); rep = shishi_der2asn1_encasreppart (handle, repder, repderlen); if (!rep) fail ("der2asn1 rep\n"); if (debug) { shishi_kdcreq_print (handle, stdout, req); shishi_enckdcreppart_print (handle, stdout, rep); } /* Read and check req */ rc = shishi_asn1_read_uint32 (handle, req, "req-body.nonce", &nonce); if (rc) fail ("shishi_asn1_read_uint32\n"); printf ("req nonce: %x\n", nonce); if (nonce != 0x09575283) fail ("nonce mismatch low\n"); rc = shishi_kdcreq_nonce (handle, req, &nonce); if (rc) fail ("shishi_kdcreq_nonce\n"); printf ("req nonce: %x\n", nonce); if (nonce != 0x09575283) fail ("nonce mismatch high"); /* Read and check rep */ rc = shishi_asn1_read_uint32 (handle, rep, "nonce", &nonce); if (rc) fail ("read rep uint32"); printf ("old rep nonce: %x\n", nonce); if (nonce != 0x7fffffff) fail ("nonce mismatch high"); /* Copy nonce. */ rc = shishi_kdc_copy_nonce (handle, req, rep); if (rc) fail ("shishi_kdc_copy_nonce\n"); /* Read and check rep */ rc = shishi_asn1_read_uint32 (handle, rep, "nonce", &nonce); if (rc) fail ("read rep uint32"); printf ("new rep nonce: %x\n", nonce); if (nonce != 0x09575283) fail ("nonce mismatch high"); free (reqder); free (repder); shishi_asn1_done (handle, req); shishi_asn1_done (handle, rep); }