padata question

Nicolas Williams Nicolas.Williams at sun.com
Wed Dec 7 11:19:36 EST 2005


On Wed, Dec 07, 2005 at 10:40:41AM -0500, Luke wrote:
> So my question is:
> Does the padata-value part of padata contain ASN.1 fields, or is it  
> simply a string of raw bytes?  If it is just a set of raw bytes, how  
> should i be parsing the padata-value field so that i get the  
> encryption type and timestamp separated?

Both :)

See RFC4120, which defines PA-DATA like so:

   PA-DATA         ::= SEQUENCE {
           -- NOTE: first tag is [1], not [0]
           padata-type     [1] Int32,
           padata-value    [2] OCTET STRING -- might be encoded AP-REQ
   }

and explains that the padata-value OCTET STRINGs contain encodings of
structured data according to the padata-type field.

This is known as a "typed hole" in ASN.1 parlance.

> If it is ASN.1 encoded, any reason the parser I'm using  
> (pyasn1.sourceforge.net) wouldn't be parsing this field correctly,  
> but the rest of the packets/fields are perfect?  When I tried to  
> parse it, i got an error saying i was 7 octets short...

Because of the PA-DATA OCTET STRING wrapper around the PA-ENC-TIMESTAMP.

If your ASN.1 compiler support the ASN.1 IOS, and if you had an ASN.1
module for RFC4120 that used the ASN.1 IOS properly, then your compiler
would be able to decode the contents of padata-values according to their
padata-types (whenever they are known a priori -- at module compilation
time).

> I was having a bit of difficulty following the source on this one...

Read the RFC.

Nico
-- 


More information about the Kerberos mailing list