ASN1 framework

Alejandro Perez Mendez alex at
Mon Aug 27 12:54:15 EDT 2012

El 27/08/12 16:45, Greg Hudson escribió:
> On 08/27/2012 07:49 AM, Alejandro Perez Mendez wrote:
>> for my GSS preauthentication plugin I should make use of ASN1 for the
>> encoding of the PA element. I've being advised to not encode DER by
>> hand, but use instead the ASN1 macros that are defined in MIT KRB code.
>> However, I've spent a while trying to understand how they work, without
>> much success. Is there any documentation available?
> lib/krb5/asn.1/README.asn1 contains my best effort at explaining those
> macros.

Thank you! That file seems to be greatly explained. I wasn't in my local 
copy, because I was using version 1.10.x, not from the GIT repository.
>> Am I supposed to modify the code in lib/krb5/asn1/ to define the
>> encoding of my PA element? (there are lots of PKINIT definitions there)
> While we would eventually like to have a plugin-visible ASN.1 layer,
> right now we do not.  This means that a plugin module designed to be
> built and packaged separately from the krb5 tree must use some other
> ASN.1 implementation (like asn1c or liblber), while a plugin module
> included in the krb5 sources must add to the definitions in
> lib/krb5/asn.1 and define internal functions.

Well, my plugin is intented to be built with the MIT kerberos tree. Only 
it was weird to have all the plugin code into /plugins, but having some 
ASN1 functions in other place.

>> Are encoding/decoding functions generated automatically based on the DEF
>> macros? (some structs have encoding and decoding functions, some only
>> have decoding functions, and some seem to have none of them).
> It sounds to me like you are looking at the 1.10.x release code.  Our
> ASN.1 support has changed significantly since then.  Since you are, to
> my understanding, hoping to produce an end product which will be part of
> MIT krb5 and not packaged separately, you should be working against the
> master branch and not against a specific release.

Indeed I am. I started working with the latest release at the moment, 
since I thought that including my plugin later into /plugins would not 
suppose any extra difficulty.

Actually, I already registered my brach in the GIT server, only I didn't 
start using it :). I will start tomorrow, and provide further feedback.


More information about the krbdev mailing list