/** * shishi_tgs_done: * @tgs: structure that holds information about AS exchange * * Deallocate resources associated with TGS exchange. This should be * called by the application when it no longer need to utilize the TGS * exchange handle. **/ void shishi_tgs_done (Shishi_tgs * tgs) { shishi_asn1_done (tgs->handle, tgs->tgsreq); shishi_asn1_done (tgs->handle, tgs->tgsrep); shishi_asn1_done (tgs->handle, tgs->krberror); shishi_ap_done (tgs->ap); shishi_tkt_done (tgs->tkt); free (tgs); }
/** * shishi_encapreppart: * @handle: shishi handle as allocated by shishi_init(). * * This function creates a new EncAPRepPart, populated with some * default values. It uses the current time as returned by the system * for the ctime and cusec fields. * * Return value: Returns the encapreppart or NULL on failure. **/ Shishi_asn1 shishi_encapreppart (Shishi * handle) { int res; Shishi_asn1 node = NULL; struct timeval tv; uint32_t seqnr; res = gettimeofday (&tv, NULL); if (res) return NULL; node = shishi_asn1_encapreppart (handle); if (!node) return NULL; res = shishi_asn1_write (handle, node, "ctime", shishi_generalize_time (handle, time (NULL)), 0); if (res != SHISHI_OK) goto error; res = shishi_encapreppart_cusec_set (handle, node, tv.tv_usec % 1000000); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "subkey", NULL, 0); if (res != SHISHI_OK) goto error; /* * For sequence numbers to adequately support the detection of * replays they SHOULD be non-repeating, even across connection * boundaries. The initial sequence number SHOULD be random and * uniformly distributed across the full space of possible sequence * numbers, so that it cannot be guessed by an attacker and so that * it and the successive sequence numbers do not repeat other * sequences. */ shishi_randomize (handle, 0, &seqnr, sizeof (seqnr)); /* * Implementation note: as noted before, some implementations omit * the optional sequence number when its value would be zero. * Implementations MAY accept an omitted sequence number when * expecting a value of zero, and SHOULD NOT transmit an * Authenticator with a initial sequence number of zero. */ if (seqnr == 0) seqnr++; res = shishi_encapreppart_seqnumber_set (handle, node, seqnr); if (res != SHISHI_OK) goto error; return node; error: shishi_asn1_done (handle, node); return NULL; }
/** * shishi_tgs_krberror_set: * @tgs: structure that holds information about TGS exchange * @krberror: krberror to store in TGS. * * Set the KRB-ERROR in the TGS exchange. **/ void shishi_tgs_krberror_set (Shishi_tgs * tgs, Shishi_asn1 krberror) { if (tgs->krberror) shishi_asn1_done (tgs->handle, tgs->krberror); tgs->krberror = krberror; }
/** * shishi_tgs_req_set: * @tgs: structure that holds information about TGS exchange * @tgsreq: tgsreq to store in TGS. * * Set the TGS-REQ in the TGS exchange. **/ void shishi_tgs_req_set (Shishi_tgs * tgs, Shishi_asn1 tgsreq) { if (tgs->tgsreq) shishi_asn1_done (tgs->handle, tgs->tgsreq); tgs->tgsreq = tgsreq; }
Shishi_asn1 shishi_encticketpart (Shishi * handle) { Shishi_asn1 node; int res; node = shishi_asn1_encticketpart (handle); res = shishi_asn1_write (handle, node, "starttime", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_asn1_write (handle, node, "renew-till", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_asn1_write (handle, node, "caddr", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_asn1_write (handle, node, "authorization-data", NULL, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } res = shishi_encticketpart_flags_set (handle, node, 0); if (res != SHISHI_OK) { shishi_asn1_done (handle, node); return NULL; } return node; }
/** * shishi_done: * @handle: Shishi handle as allocated by shishi_init(). * * Deallocates the Shishi library handle. The handle must not be used * in any call to a shishi function after an execution of shishi_done(). * * If there is a default #tkts, it is written to the default tkts file. * If you do not wish to write the default tkts file, close the * default file before calling this function. It is closed with a * simple #shishi_tkts_done(@handle, %NULL). For related information, * see shishi_tkts_default_file_set(). **/ void shishi_done (Shishi * handle) { int rc; if (handle->tkts) { shishi_tkts_to_file (handle->tkts, shishi_tkts_default_file (handle)); shishi_tkts_done (&handle->tkts); } shishi_principal_default_set (handle, NULL); shishi_tkts_default_file_set (handle, NULL); #ifdef USE_STARTTLS rc = _shishi_tls_done (handle); if (rc != SHISHI_OK) shishi_warn (handle, "Cannot deinitialize TLS library"); #endif if (handle->realminfos) { size_t i, j; for (i = 0; i < handle->nrealminfos; i++) { /* XXX free each address */ free (handle->realminfos[i].kdcaddresses); free (handle->realminfos[i].name); for (j = 0; j < handle->realminfos[i].nserverwildcards; j++) free (handle->realminfos[i].serverwildcards[j]); } } free (handle->default_realm); free (handle->usercfgfile); free (handle->hostkeysdefaultfile); free (handle->clientkdcetypes); free (handle->authorizationtypes); free (handle->stringprocess); free (handle->userdirectory); if (handle->asn1) shishi_asn1_done (handle, handle->asn1); free (handle); }
void test (Shishi * handle) { Shishi_asn1 req, rep; char *reqder, *repder; size_t reqderlen, repderlen; int rc; uint32_t nonce; if (!base64_decode_alloc (asreq, strlen (asreq), &reqder, &reqderlen)) fail ("base64 req\n"); if (!base64_decode_alloc (asreppart, strlen (asreppart), &repder, &repderlen)) fail ("base64 rep\n"); req = shishi_der2asn1_asreq (handle, reqder, reqderlen); if (!req) fail ("der2asn1 req\n"); rep = shishi_der2asn1_encasreppart (handle, repder, repderlen); if (!rep) fail ("der2asn1 rep\n"); if (debug) { shishi_kdcreq_print (handle, stdout, req); shishi_enckdcreppart_print (handle, stdout, rep); } /* Read and check req */ rc = shishi_asn1_read_uint32 (handle, req, "req-body.nonce", &nonce); if (rc) fail ("shishi_asn1_read_uint32\n"); printf ("req nonce: %x\n", nonce); if (nonce != 0x09575283) fail ("nonce mismatch low\n"); rc = shishi_kdcreq_nonce (handle, req, &nonce); if (rc) fail ("shishi_kdcreq_nonce\n"); printf ("req nonce: %x\n", nonce); if (nonce != 0x09575283) fail ("nonce mismatch high"); /* Read and check rep */ rc = shishi_asn1_read_uint32 (handle, rep, "nonce", &nonce); if (rc) fail ("read rep uint32"); printf ("old rep nonce: %x\n", nonce); if (nonce != 0x7fffffff) fail ("nonce mismatch high"); /* Copy nonce. */ rc = shishi_kdc_copy_nonce (handle, req, rep); if (rc) fail ("shishi_kdc_copy_nonce\n"); /* Read and check rep */ rc = shishi_asn1_read_uint32 (handle, rep, "nonce", &nonce); if (rc) fail ("read rep uint32"); printf ("new rep nonce: %x\n", nonce); if (nonce != 0x09575283) fail ("nonce mismatch high"); free (reqder); free (repder); shishi_asn1_done (handle, req); shishi_asn1_done (handle, rep); }
static Shishi_asn1 _shishi_kdcreq (Shishi * handle, int as) { int res; Shishi_asn1 node; const char *servicebuf[3]; uint32_t nonce; if (as) node = shishi_asn1_asreq (handle); else node = shishi_asn1_tgsreq (handle); if (!node) return NULL; res = shishi_asn1_write (handle, node, "pvno", SHISHI_KDCREQ_DEFAULT_PVNO, SHISHI_KDCREQ_DEFAULT_PVNO_LEN); if (res != SHISHI_OK) goto error; if (as) res = shishi_asn1_write (handle, node, "msg-type", SHISHI_AS_REQ_DEFAULT_MSG_TYPE, SHISHI_AS_REQ_DEFAULT_MSG_TYPE_LEN); else res = shishi_asn1_write (handle, node, "msg-type", SHISHI_TGS_REQ_DEFAULT_MSG_TYPE, SHISHI_TGS_REQ_DEFAULT_MSG_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.kdc-options", SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS, SHISHI_KDCREQ_DEFAULT_REQ_BODY_KDC_OPTIONS_LEN); if (res != SHISHI_OK) goto error; if (as) res = shishi_kdcreq_set_cname (handle, node, SHISHI_NT_PRINCIPAL, shishi_principal_default (handle)); else res = shishi_asn1_write (handle, node, "req-body.cname", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_kdcreq_set_realm (handle, node, shishi_realm_default (handle)); if (res != SHISHI_OK) goto error; servicebuf[0] = "krbtgt"; servicebuf[1] = shishi_realm_default (handle); servicebuf[2] = NULL; res = shishi_kdcreq_set_sname (handle, node, SHISHI_NT_PRINCIPAL, servicebuf); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.sname.name-type", SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE, SHISHI_KDCREQ_DEFAULT_REQ_BODY_SNAME_NAME_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.till", shishi_generalize_time (handle, time (NULL) + handle->ticketlife), 0); if (res != SHISHI_OK) goto error; shishi_randomize (handle, 0, &nonce, sizeof (nonce)); nonce &= 0x7FFFFFFF; /* XXX fix _libtasn1_convert_integer. */ res = shishi_kdcreq_nonce_set (handle, node, nonce); if (res != SHISHI_OK) goto error; res = shishi_kdcreq_set_etype (handle, node, handle->clientkdcetypes, handle->nclientkdcetypes); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.addresses", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.enc-authorization-data", NULL, 0); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "req-body.additional-tickets", NULL, 0); if (res != SHISHI_OK) goto error; return node; error: shishi_asn1_done (handle, node); return NULL; }
/** * shishi_apreq_get_ticket: * @handle: shishi handle as allocated by shishi_init(). * @apreq: AP-REQ variable to get ticket from. * @ticket: output variable to hold extracted ticket. * * Extract ticket from AP-REQ. * * Return value: Returns SHISHI_OK iff successful. **/ int shishi_apreq_get_ticket (Shishi * handle, Shishi_asn1 apreq, Shishi_asn1 * ticket) { char *buf; char *format; size_t buflen, i, n; int res; /* there's GOT to be an easier way to do this */ *ticket = shishi_ticket (handle); if (!*ticket) return SHISHI_ASN1_ERROR; res = shishi_asn1_read (handle, apreq, "ticket.tkt-vno", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "tkt-vno", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.realm", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "realm", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.sname.name-type", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "sname.name-type", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_number_of_elements (handle, apreq, "ticket.sname.name-string", &n); if (res != SHISHI_OK) goto error; for (i = 1; i <= n; i++) { res = shishi_asn1_write (handle, *ticket, "sname.name-string", "NEW", 1); if (res != SHISHI_OK) goto error; asprintf (&format, "ticket.sname.name-string.?%d", i); res = shishi_asn1_read (handle, apreq, format, &buf, &buflen); free (format); if (res != SHISHI_OK) goto error; asprintf (&format, "sname.name-string.?%d", i); res = shishi_asn1_write (handle, *ticket, format, buf, buflen); free (format); free (buf); if (res != SHISHI_OK) goto error; } res = shishi_asn1_read (handle, apreq, "ticket.enc-part.etype", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "enc-part.etype", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.enc-part.kvno", &buf, &buflen); if (res != SHISHI_OK && res != SHISHI_ASN1_NO_ELEMENT) goto error; if (res == SHISHI_ASN1_NO_ELEMENT) res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", NULL, 0); else { res = shishi_asn1_write (handle, *ticket, "enc-part.kvno", buf, buflen); free (buf); } if (res != SHISHI_OK) goto error; res = shishi_asn1_read (handle, apreq, "ticket.enc-part.cipher", &buf, &buflen); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, *ticket, "enc-part.cipher", buf, buflen); free (buf); if (res != SHISHI_OK) goto error; return SHISHI_OK; error: shishi_asn1_done (handle, *ticket); return res; }
/** * shishi_apreq: * @handle: shishi handle as allocated by shishi_init(). * * This function creates a new AP-REQ, populated with some default * values. * * Return value: Returns the AP-REQ or NULL on failure. **/ Shishi_asn1 shishi_apreq (Shishi * handle) { Shishi_asn1 node; int res; node = shishi_asn1_apreq (handle); if (!node) goto error; res = shishi_asn1_write (handle, node, "pvno", SHISHI_APREQ_DEFAULT_PVNO, SHISHI_APREQ_DEFAULT_PVNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "msg-type", SHISHI_APREQ_DEFAULT_MSG_TYPE, SHISHI_APREQ_DEFAULT_MSG_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ap-options", SHISHI_APREQ_DEFAULT_AP_OPTIONS, SHISHI_APREQ_DEFAULT_AP_OPTIONS_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.tkt-vno", SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO, SHISHI_APREQ_DEFAULT_TICKET_TKT_VNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.realm", SHISHI_APREQ_DEFAULT_TICKET_REALM, SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.realm", SHISHI_APREQ_DEFAULT_TICKET_REALM, SHISHI_APREQ_DEFAULT_TICKET_REALM_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.sname.name-type", SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE, SHISHI_APREQ_DEFAULT_TICKET_SNAME_NAME_TYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.enc-part.etype", SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE, SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_ETYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.enc-part.kvno", SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO, SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_KVNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "ticket.enc-part.cipher", SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER, SHISHI_APREQ_DEFAULT_TICKET_ENC_PART_CIPHER_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "authenticator.etype", SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE, SHISHI_APREQ_DEFAULT_AUTHENTICATOR_ETYPE_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "authenticator.kvno", SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO, SHISHI_APREQ_DEFAULT_AUTHENTICATOR_KVNO_LEN); if (res != SHISHI_OK) goto error; res = shishi_asn1_write (handle, node, "authenticator.cipher", SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER, SHISHI_APREQ_DEFAULT_AUTHENTICATOR_CIPHER_LEN); if (res != SHISHI_OK) goto error; return node; error: if (node) shishi_asn1_done (handle, node); return NULL; }
void test (Shishi * handle) { Shishi_asn1 a; char *p, *buf, *buf2; int res; size_t n, m; int32_t t; uint32_t s; /* shishi_authenticator */ a = shishi_authenticator (handle); if (debug) printf ("shishi_authenticator () => `%p'.\n", a); if (a) success ("shishi_authenticator() OK\n"); else fail ("shishi_authenticator() failed\n"); if (debug) shishi_authenticator_print (handle, stdout, a); res = shishi_authenticator_remove_subkey (handle, a); if (res == SHISHI_OK) success ("shishi_authenticator_remove_subkey() OK\n"); else fail ("shishi_authenticator_remove_subkey() failed\n"); /* shishi_authenticator_seqnumber_get */ res = shishi_authenticator_seqnumber_get (handle, a, &s); if (res == SHISHI_OK) success ("shishi_authenticator_seqnumber_get() OK\n"); else fail ("shishi_authenticator_seqnumber_get() failed\n"); /* shishi_authenticator_seqnumber_set */ res = shishi_authenticator_seqnumber_set (handle, a, 42); if (res == SHISHI_OK) success ("shishi_authenticator_seqnumber_set() OK\n"); else fail ("shishi_authenticator_seqnumber_set() failed\n"); /* shishi_authenticator_seqnumber_get */ res = shishi_authenticator_seqnumber_get (handle, a, &s); if (res == SHISHI_OK && s == 42) success ("shishi_authenticator_seqnumber_get() OK\n"); else fail ("shishi_authenticator_seqnumber_get() failed\n"); /* shishi_authenticator_seqnumber_remove */ res = shishi_authenticator_seqnumber_remove (handle, a); if (res == SHISHI_OK) success ("shishi_authenticator_seqnumber_remove() OK\n"); else fail ("shishi_authenticator_seqnumber_remove() failed\n"); /* shishi_authenticator_set_crealm */ res = shishi_authenticator_set_crealm (handle, a, "foo"); if (res == SHISHI_OK) success ("shishi_authenticator_set_crealm() OK\n"); else fail ("shishi_authenticator_set_crealm() failed\n"); /* shishi_authenticator_client_set */ res = shishi_authenticator_client_set (handle, a, "foo/bar/baz"); if (res == SHISHI_OK) success ("shishi_authenticator_client_set() OK\n"); else fail ("shishi_authenticator_client_set() failed\n"); /* shishi_authenticator_client */ res = shishi_authenticator_client (handle, a, &buf, &n); if (debug) escapeprint (buf, n); if (res == SHISHI_OK && n == strlen ("foo/bar/baz") && memcmp (buf, "foo/bar/baz", n) == 0) success ("shishi_authenticator_client() OK\n"); else fail ("shishi_authenticator_client() failed\n"); if (res == SHISHI_OK) free (buf); /* shishi_authenticator_client_set */ res = shishi_authenticator_client_set (handle, a, "foo"); if (res == SHISHI_OK) success ("shishi_authenticator_client_set() OK\n"); else fail ("shishi_authenticator_client_set() failed\n"); /* shishi_authenticator_client */ res = shishi_authenticator_client (handle, a, &buf, &n); if (debug) escapeprint (buf, n); if (res == SHISHI_OK && n == strlen ("foo") && memcmp (buf, "foo", n) == 0) success ("shishi_authenticator_client() OK\n"); else fail ("shishi_authenticator_client() failed\n"); if (res == SHISHI_OK) free (buf); /* shishi_authenticator_set_crealm */ res = shishi_authenticator_set_crealm (handle, a, "bar"); if (res == SHISHI_OK) success ("shishi_authenticator_set_crealm() OK\n"); else fail ("shishi_authenticator_set_crealm() failed\n"); /* shishi_authenticator_clientrealm */ res = shishi_authenticator_clientrealm (handle, a, &buf, &n); if (debug) escapeprint (buf, n); if (res == SHISHI_OK && n == strlen ("foo@bar") && memcmp (buf, "foo@bar", n) == 0) success ("shishi_authenticator_clientrealm() OK\n"); else fail ("shishi_authenticator_clientrealm() failed\n"); if (res == SHISHI_OK) free (buf); /* shishi_authenticator_add_authorizationdata */ res = shishi_authenticator_add_authorizationdata (handle, a, 42, "baz", 3); if (res == SHISHI_OK) success ("shishi_authenticator_add_authorizationdata() OK\n"); else fail ("shishi_authenticator_add_authorizationdata() failed\n"); /* shishi_authenticator_authorizationdata */ res = shishi_authenticator_authorizationdata (handle, a, &t, &buf, &m, 1); if (debug) escapeprint (buf, m); if (res == SHISHI_OK && t == 42 && m == 3 && memcmp (buf, "baz", 3) == 0) success ("shishi_authenticator_authorizationdata() OK\n"); else fail ("shishi_authenticator_authorizationdata() failed\n"); if (res == SHISHI_OK) free (buf); /* shishi_authenticator_authorizationdata */ res = shishi_authenticator_authorizationdata (handle, a, &t, &buf, &m, 2); if (res == SHISHI_OK) free (buf); if (res == SHISHI_OUT_OF_RANGE) success ("shishi_authenticator_authorizationdata() OK\n"); else fail ("shishi_authenticator_authorizationdata() failed\n"); /* shishi_authenticator_remove_cksum */ res = shishi_authenticator_remove_cksum (handle, a); if (res == SHISHI_OK) success ("shishi_authenticator_remove_cksum() OK\n"); else fail ("shishi_authenticator_remove_cksum() failed\n"); /* shishi_asn1_to_der */ res = shishi_asn1_to_der (handle, a, &buf, &n); if (res == SHISHI_OK) success ("shishi_asn1_to_der() OK\n"); else n = 0, fail ("shishi_asn1_to_der() failed\n"); /* shishi_authenticator_to_file */ res = shishi_authenticator_to_file (handle, a, SHISHI_FILETYPE_TEXT, "authenticator.tmp"); if (res == SHISHI_OK) success ("shishi_authenticator_to_file() OK\n"); else fail ("shishi_authenticator_to_file() failed\n"); /* shishi_asn1_done */ shishi_asn1_done (handle, a); success ("shishi_asn1_done() OK\n"); a = NULL; /* shishi_authenticator_from_file */ res = shishi_authenticator_from_file (handle, &a, SHISHI_FILETYPE_TEXT, "authenticator.tmp"); if (res == SHISHI_OK) success ("shishi_authenticator_from_file() OK\n"); else fail ("shishi_authenticator_from_file() failed\n"); if (debug) { /* shishi_authenticator_print */ res = shishi_authenticator_print (handle, stdout, a); if (res == SHISHI_OK) success ("shishi_authenticator_print() OK\n"); else fail ("shishi_authenticator_print() failed\n"); } /* shishi_asn1_to_der */ res = shishi_asn1_to_der (handle, a, &buf2, &m); if (res == SHISHI_OK) success ("shishi_asn1_to_der() OK\n"); else n = 0, fail ("shishi_asn1_to_der() failed\n"); /* Compare DER encodings of authenticators */ if (n > 0 && m > 0 && n == m && memcmp (buf, buf2, n) == 0) success ("DER comparison OK\n"); else fail ("DER comparison failed\n"); free (buf); free (buf2); /* shishi_authenticator_cusec_set */ res = shishi_authenticator_cusec_set (handle, a, 4711); if (res == SHISHI_OK) success ("shishi_authenticator_cusec_set() OK\n"); else fail ("shishi_authenticator_cusec_set() failed\n"); /* shishi_authenticator_cusec_get */ res = shishi_authenticator_cusec_get (handle, a, &s); if (debug) printf ("shishi_authenticator_cusec_get () => `%d'.\n", t); if (res == SHISHI_OK && s == 4711) success ("shishi_authenticator_cusec_get() OK\n"); else fail ("shishi_authenticator_cusec_get() failed\n"); /* shishi_authenticator_ctime_set */ res = shishi_authenticator_ctime_set (handle, a, "19700101011831Z"); if (res == SHISHI_OK) success ("shishi_authenticator_ctime_set() OK\n"); else fail ("shishi_authenticator_ctime_set() failed\n"); /* shishi_authenticator_ctime */ res = shishi_authenticator_ctime (handle, a, &p); if (debug) escapeprint (p, strlen (p)); if (res == SHISHI_OK && memcmp (p, "19700101011831Z", 15) == 0) success ("shishi_authenticator_ctime() OK\n"); else fail ("shishi_authenticator_ctime() failed\n"); if (res == SHISHI_OK) free (p); /* shishi_asn1_to_der */ res = shishi_asn1_to_der (handle, a, &buf, &n); if (res == SHISHI_OK) success ("shishi_asn1_to_der() OK\n"); else n = 0, fail ("shishi_asn1_to_der() failed\n"); if (debug) { shishi_authenticator_print (handle, stdout, a); hexprint (buf, n); puts (""); hexprint (authenticator, sizeof (authenticator)); puts (""); } if (n == sizeof (authenticator) && n == AUTHENTICATOR_LEN && memcmp (authenticator, buf, n) == 0) success ("DER comparison OK\n"); else fail ("DER comparison failed\n"); free (buf); /* shishi_authenticator_clear_authorizationdata */ res = shishi_authenticator_clear_authorizationdata (handle, a); if (res == SHISHI_OK) success ("shishi_authenticator_clear_authorizationdata() OK\n"); else fail ("shishi_authenticator_clear_authorizationdata() failed\n"); /* shishi_asn1_to_der */ res = shishi_asn1_to_der (handle, a, &buf, &n); if (res == SHISHI_OK) success ("shishi_asn1_to_der() OK\n"); else n = 0, fail ("shishi_asn1_to_der() failed\n"); if (debug) { shishi_authenticator_print (handle, stdout, a); hexprint (buf, n); puts (""); hexprint (authenticator2, sizeof (authenticator2)); puts (""); } if (n == sizeof (authenticator2) && n == AUTHENTICATOR2_LEN && memcmp (authenticator2, buf, n) == 0) success ("DER comparison OK\n"); else fail ("DER comparison failed\n"); free (buf); /* unlink */ res = unlink ("authenticator.tmp"); if (res == 0) success ("unlink() OK\n"); else fail ("unlink() failed\n"); /* shishi_asn1_done */ shishi_asn1_done (handle, a); success ("shishi_asn1_done() OK\n"); }