Add asn1c test vectors for alg-agility types

For the test-vectors target in tests/asn.1, add ASN.1 modules from RFC
4556 and draft-ietf-krb-wg-pkinit-alg-agility-06.txt, and output test
encodings for PrincipalName, KRB5PrincipalName, OtherInfo, and
PkinitSuppPubInfo.  In the alg-agility module, AuthPack and DHRepInfo
are renamed, as asn1c otherwise rejects them as conflicting with the
RFC 4556 definitions.

4 files changed, 404 insertions, 2 deletions

diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in
index fe24c247d8..09d39a3e09 100644
--- a/src/tests/asn.1/Makefile.in
+++ b/src/tests/asn.1/Makefile.in
@@ -11,7 +11,8 @@ SRCS= $(srcdir)/krb5_encode_test.c $(srcdir)/krb5_decode_test.c \
 	$(srcdir)/ktest_equal.c $(srcdir)/utility.c \
 	$(srcdir)/trval.c $(srcdir)/t_trval.c
 
-ASN1SRCS= $(srcdir)/krb5.asn1 $(srcdir)/pkix.asn1 $(srcdir)/otp.asn1
+ASN1SRCS= $(srcdir)/krb5.asn1 $(srcdir)/pkix.asn1 $(srcdir)/otp.asn1 \
+	$(srcdir)/pkinit.asn1 $(srcdir)/pkinit-agility.asn1
 
 all:: krb5_encode_test krb5_decode_test krb5_decode_leak t_trval
 
diff --git a/src/tests/asn.1/make-vectors.c b/src/tests/asn.1/make-vectors.c
index fd7bd4824b..93a072ccd3 100644
--- a/src/tests/asn.1/make-vectors.c
+++ b/src/tests/asn.1/make-vectors.c
@@ -31,6 +31,10 @@
  * are only generated for OTP preauth objects.
  */
 
+#include <PrincipalName.h>
+#include <KRB5PrincipalName.h>
+#include <OtherInfo.h>
+#include <PkinitSuppPubInfo.h>
 #include <OTP-TOKENINFO.h>
 #include <PA-OTP-CHALLENGE.h>
 #include <PA-OTP-REQUEST.h>
@@ -39,6 +43,26 @@
 static unsigned char buf[8192];
 static size_t buf_pos;
 
+/* PrincipalName and KRB5PrincipalName */
+static KerberosString_t comp_1 = { "hftsai", 6 };
+static KerberosString_t comp_2 = { "extra", 5 };
+static KerberosString_t *comps[] = { &comp_1, &comp_2 };
+static PrincipalName_t princ = { 1, { comps, 2, 2 } };
+static KRB5PrincipalName_t krb5princ = { { "ATHENA.MIT.EDU", 14 },
+                                         { 1, { comps, 2, 2 } } };
+
+/* OtherInfo */
+static unsigned int krb5_arcs[] = { 1, 2, 840, 113554, 1, 2, 2 };
+static OCTET_STRING_t krb5data_ostring = { "krb5data", 8 };
+static OtherInfo_t other_info = {
+    { 0 }, { 0 }, { 0 },        /* Initialized in main() */
+    &krb5data_ostring, NULL
+};
+
+/* PkinitSuppPubInfo */
+static PkinitSuppPubInfo_t supp_pub_info = { 1, { "krb5data", 8 },
+                                             { "krb5data", 8 } };
+
 /* Minimal OTP-TOKENINFO */
 static OTP_TOKENINFO_t token_info_1 = { { "\0\0\0\0", 4, 0 } };
 
@@ -136,8 +160,33 @@ main()
     OBJECT_IDENTIFIER_set_arcs(&alg_sha1.algorithm, sha1_arcs,
                                sizeof(*sha1_arcs),
                                sizeof(sha1_arcs) / sizeof(*sha1_arcs));
+    OBJECT_IDENTIFIER_set_arcs(&other_info.algorithmID.algorithm, krb5_arcs,
+                               sizeof(*krb5_arcs),
+                               sizeof(krb5_arcs) / sizeof(*krb5_arcs));
+
+    printf("PrincipalName:\n");
+    der_encode(&asn_DEF_PrincipalName, &princ, consume, NULL);
+    printbuf();
+
+    /* Print this encoding and also use it to initialize two fields of
+     * other_info. */
+    printf("\nKRB5PrincipalName:\n");
+    der_encode(&asn_DEF_KRB5PrincipalName, &krb5princ, consume, NULL);
+    OCTET_STRING_fromBuf(&other_info.partyUInfo, buf, buf_pos);
+    OCTET_STRING_fromBuf(&other_info.partyVInfo, buf, buf_pos);
+    printbuf();
+
+    printf("\nOtherInfo:\n");
+    der_encode(&asn_DEF_OtherInfo, &other_info, consume, NULL);
+    printbuf();
+    free(other_info.partyUInfo.buf);
+    free(other_info.partyVInfo.buf);
+
+    printf("\nPkinitSuppPubInfo:\n");
+    der_encode(&asn_DEF_PkinitSuppPubInfo, &supp_pub_info, consume, NULL);
+    printbuf();
 
-    printf("Minimal OTP-TOKEN-INFO:\n");
+    printf("\nMinimal OTP-TOKEN-INFO:\n");
     der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_1, consume, NULL);
     printbuf();
 
diff --git a/src/tests/asn.1/pkinit-agility.asn1 b/src/tests/asn.1/pkinit-agility.asn1
new file mode 100644
index 0000000000..ea9095b043
--- /dev/null
+++ b/src/tests/asn.1/pkinit-agility.asn1
@@ -0,0 +1,99 @@
+KerberosV5-PK-INIT-Agility-SPEC {
+       iso(1) identified-organization(3) dod(6) internet(1)
+       security(5) kerberosV5(2) modules(4) pkinit(5) agility (1)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+   AlgorithmIdentifier, SubjectPublicKeyInfo
+       FROM PKIX1Explicit88 { iso (1)
+         identified-organization (3) dod (6) internet (1)
+         security (5) mechanisms (5) pkix (7) id-mod (0)
+         id-pkix1-explicit (18) }
+         -- As defined in RFC 3280.
+
+   Ticket, Int32, Realm, EncryptionKey, Checksum
+       FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+         dod(6) internet(1) security(5) kerberosV5(2)
+         modules(4) krb5spec2(2) }
+         -- as defined in RFC 4120.
+
+   PKAuthenticator, DHNonce
+       FROM KerberosV5-PK-INIT-SPEC {
+         iso(1) identified-organization(3) dod(6) internet(1)
+         security(5) kerberosV5(2) modules(4) pkinit(5) };
+         -- as defined in RFC 4556.
+
+TD-CMS-DIGEST-ALGORITHMS-DATA ::= SEQUENCE OF
+    AlgorithmIdentifier
+        -- Contains the list of CMS algorithm [RFC3852]
+        -- identifiers that identify the digest algorithms
+        -- acceptable by the KDC for signing CMS data in
+        -- the order of decreasing preference.
+
+TD-CERT-DIGEST-ALGORITHMS-DATA ::= SEQUENCE {
+       allowedAlgorithms [0] SEQUENCE OF AlgorithmIdentifier,
+           -- Contains the list of CMS algorithm [RFC3852]
+           -- identifiers that identify the digest algorithms
+           -- that are used by the CA to sign the client's
+           -- X.509 certificate and acceptable by the KDC in
+           -- the process of validating the client's X.509
+           -- certificate, in the order of decreasing
+           -- preference.
+       rejectedAlgorithm [1] AlgorithmIdentifier OPTIONAL,
+           -- This identifies the digest algorithm that was
+           -- used to sign the client's X.509 certificate and
+           -- has been rejected by the KDC in the process of
+           -- validating the client's X.509 certificate
+           -- [RFC3280].
+       ...
+}
+
+OtherInfo ::= SEQUENCE {
+        algorithmID   AlgorithmIdentifier,
+        partyUInfo     [0] OCTET STRING,
+        partyVInfo     [1] OCTET STRING,
+        suppPubInfo    [2] OCTET STRING OPTIONAL,
+        suppPrivInfo   [3] OCTET STRING OPTIONAL
+}
+
+PkinitSuppPubInfo ::= SEQUENCE {
+       enctype           [0] Int32,
+           -- The enctype of the AS reply key.
+       as-REQ            [1] OCTET STRING,
+           -- This contains the AS-REQ in the request.
+       pk-as-rep         [2] OCTET STRING,
+           -- Contains the DER encoding of the type
+           -- PA-PK-AS-REP [RFC4556] in the KDC reply.
+       ...
+}
+
+-- Renamed from AuthPack to allow asn1c to process this and pkinit.asn1
+AuthPack2 ::= SEQUENCE {
+       pkAuthenticator   [0] PKAuthenticator,
+       clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+       supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
+                OPTIONAL,
+       clientDHNonce     [3] DHNonce OPTIONAL,
+       ...,
+       supportedKDFs     [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
+           -- Contains an unordered set of KDFs supported by the
+           -- client.
+       ...
+}
+
+KDFAlgorithmId ::= SEQUENCE {
+       kdf-id            [0] OBJECT IDENTIFIER,
+           -- The object identifier of the KDF
+       ...
+}
+
+-- Renamed from DHRepInfo to allow asn1c to process this and pkinit.asn1
+DHRepInfo2 ::= SEQUENCE {
+       dhSignedData      [0] IMPLICIT OCTET STRING,
+       serverDHNonce     [1] DHNonce OPTIONAL,
+       ...,
+       kdf               [2] KDFAlgorithmId OPTIONAL,
+           -- The KDF picked by the KDC.
+       ...
+}
+END
diff --git a/src/tests/asn.1/pkinit.asn1 b/src/tests/asn.1/pkinit.asn1
new file mode 100644
index 0000000000..8f9d8dda27
--- /dev/null
+++ b/src/tests/asn.1/pkinit.asn1
@@ -0,0 +1,253 @@
+KerberosV5-PK-INIT-SPEC {
+        iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) kerberosV5(2) modules(4) pkinit(5)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+
+    SubjectPublicKeyInfo, AlgorithmIdentifier
+        FROM PKIX1Explicit88 { iso (1)
+          identified-organization (3) dod (6) internet (1)
+          security (5) mechanisms (5) pkix (7) id-mod (0)
+          id-pkix1-explicit (18) }
+          -- As defined in RFC 3280.
+
+    KerberosTime, PrincipalName, Realm, EncryptionKey, Checksum
+        FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+          dod(6) internet(1) security(5) kerberosV5(2)
+          modules(4) krb5spec2(2) };
+          -- as defined in RFC 4120.
+
+id-pkinit OBJECT IDENTIFIER ::=
+  { iso(1) identified-organization(3) dod(6) internet(1)
+    security(5) kerberosv5(2) pkinit (3) }
+
+id-pkinit-authData      OBJECT IDENTIFIER  ::= { id-pkinit 1 }
+id-pkinit-DHKeyData     OBJECT IDENTIFIER  ::= { id-pkinit 2 }
+id-pkinit-rkeyData      OBJECT IDENTIFIER  ::= { id-pkinit 3 }
+id-pkinit-KPClientAuth  OBJECT IDENTIFIER  ::= { id-pkinit 4 }
+id-pkinit-KPKdc         OBJECT IDENTIFIER  ::= { id-pkinit 5 }
+
+id-pkinit-san OBJECT IDENTIFIER ::=
+  { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+    x509SanAN (2) }
+
+pa-pk-as-req INTEGER ::=                  16
+pa-pk-as-rep INTEGER ::=                  17
+
+ad-initial-verified-cas INTEGER ::=        9
+
+td-trusted-certifiers INTEGER ::=        104
+td-invalid-certificates INTEGER ::=      105
+td-dh-parameters INTEGER ::=             109
+
+PA-PK-AS-REQ ::= SEQUENCE {
+   signedAuthPack          [0] IMPLICIT OCTET STRING,
+            -- Contains a CMS type ContentInfo encoded
+            -- according to [RFC3852].
+            -- The contentType field of the type ContentInfo
+            -- is id-signedData (1.2.840.113549.1.7.2),
+            -- and the content field is a SignedData.
+            -- The eContentType field for the type SignedData is
+            -- id-pkinit-authData (1.3.6.1.5.2.3.1), and the
+            -- eContent field contains the DER encoding of the
+            -- type AuthPack.
+            -- AuthPack is defined below.
+   trustedCertifiers       [1] SEQUENCE OF
+               ExternalPrincipalIdentifier OPTIONAL,
+            -- Contains a list of CAs, trusted by the client,
+            -- that can be used to certify the KDC.
+            -- Each ExternalPrincipalIdentifier identifies a CA
+            -- or a CA certificate (thereby its public key).
+            -- The information contained in the
+            -- trustedCertifiers SHOULD be used by the KDC as
+            -- hints to guide its selection of an appropriate
+            -- certificate chain to return to the client.
+   kdcPkId                 [2] IMPLICIT OCTET STRING
+                               OPTIONAL,
+            -- Contains a CMS type SignerIdentifier encoded
+            -- according to [RFC3852].
+            -- Identifies, if present, a particular KDC
+            -- public key that the client already has.
+   ...
+}
+
+DHNonce ::= OCTET STRING
+
+ExternalPrincipalIdentifier ::= SEQUENCE {
+   subjectName            [0] IMPLICIT OCTET STRING OPTIONAL,
+            -- Contains a PKIX type Name encoded according to
+            -- [RFC3280].
+            -- Identifies the certificate subject by the
+            -- distinguished subject name.
+            -- REQUIRED when there is a distinguished subject
+            -- name present in the certificate.
+  issuerAndSerialNumber   [1] IMPLICIT OCTET STRING OPTIONAL,
+            -- Contains a CMS type IssuerAndSerialNumber encoded
+            -- according to [RFC3852].
+            -- Identifies a certificate of the subject.
+            -- REQUIRED for TD-INVALID-CERTIFICATES and
+            -- TD-TRUSTED-CERTIFIERS.
+  subjectKeyIdentifier    [2] IMPLICIT OCTET STRING OPTIONAL,
+            -- Identifies the subject's public key by a key
+            -- identifier.  When an X.509 certificate is
+            -- referenced, this key identifier matches the X.509
+            -- subjectKeyIdentifier extension value.  When other
+            -- certificate formats are referenced, the documents
+            -- that specify the certificate format and their use
+            -- with the CMS must include details on matching the
+            -- key identifier to the appropriate certificate
+            -- field.
+            -- RECOMMENDED for TD-TRUSTED-CERTIFIERS.
+   ...
+}
+
+AuthPack ::= SEQUENCE {
+   pkAuthenticator         [0] PKAuthenticator,
+   clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
+            -- Type SubjectPublicKeyInfo is defined in
+            -- [RFC3280].
+            -- Specifies Diffie-Hellman domain parameters
+            -- and the client's public key value [IEEE1363].
+            -- The DH public key value is encoded as a BIT
+            -- STRING according to [RFC3279].
+            -- This field is present only if the client wishes
+            -- to use the Diffie-Hellman key agreement method.
+   supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier
+                               OPTIONAL,
+            -- Type AlgorithmIdentifier is defined in
+            -- [RFC3280].
+            -- List of CMS algorithm [RFC3370] identifiers
+            -- that identify key transport algorithms, or
+            -- content encryption algorithms, or signature
+            -- algorithms supported by the client in order of
+            -- (decreasing) preference.
+   clientDHNonce           [3] DHNonce OPTIONAL,
+            -- Present only if the client indicates that it
+            -- wishes to reuse DH keys or to allow the KDC to
+            -- do so.
+   ...
+}
+
+PKAuthenticator ::= SEQUENCE {
+   cusec                   [0] INTEGER (0..999999),
+   ctime                   [1] KerberosTime,
+            -- cusec and ctime are used as in [RFC4120], for
+            -- replay prevention.
+   nonce                   [2] INTEGER (0..4294967295),
+            -- Chosen randomly; this nonce does not need to
+            -- match with the nonce in the KDC-REQ-BODY.
+   paChecksum              [3] OCTET STRING OPTIONAL,
+            -- MUST be present.
+            -- Contains the SHA1 checksum, performed over
+            -- KDC-REQ-BODY.
+   ...
+}
+
+TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF
+               ExternalPrincipalIdentifier
+            -- Identifies a list of CAs trusted by the KDC.
+            -- Each ExternalPrincipalIdentifier identifies a CA
+            -- or a CA certificate (thereby its public key).
+
+TD-INVALID-CERTIFICATES ::= SEQUENCE OF
+               ExternalPrincipalIdentifier
+            -- Each ExternalPrincipalIdentifier identifies a
+            -- certificate (sent by the client) with an invalid
+            -- signature.
+
+KRB5PrincipalName ::= SEQUENCE {
+    realm                   [0] Realm,
+    principalName           [1] PrincipalName
+}
+
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF
+               ExternalPrincipalIdentifier
+            -- Identifies the certification path based on which
+            -- the client certificate was validated.
+            -- Each ExternalPrincipalIdentifier identifies a CA
+            -- or a CA certificate (thereby its public key).
+
+PA-PK-AS-REP ::= CHOICE {
+   dhInfo                  [0] DHRepInfo,
+            -- Selected when Diffie-Hellman key exchange is
+            -- used.
+   encKeyPack              [1] IMPLICIT OCTET STRING,
+            -- Selected when public key encryption is used.
+            -- Contains a CMS type ContentInfo encoded
+            -- according to [RFC3852].
+            -- The contentType field of the type ContentInfo is
+            -- id-envelopedData (1.2.840.113549.1.7.3).
+            -- The content field is an EnvelopedData.
+            -- The contentType field for the type EnvelopedData
+            -- is id-signedData (1.2.840.113549.1.7.2).
+            -- The eContentType field for the inner type
+            -- SignedData (when unencrypted) is
+            -- id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the
+            -- eContent field contains the DER encoding of the
+            -- type ReplyKeyPack.
+            -- ReplyKeyPack is defined below.
+   ...
+}
+
+DHRepInfo ::= SEQUENCE {
+   dhSignedData            [0] IMPLICIT OCTET STRING,
+            -- Contains a CMS type ContentInfo encoded according
+            -- to [RFC3852].
+            -- The contentType field of the type ContentInfo is
+            -- id-signedData (1.2.840.113549.1.7.2), and the
+            -- content field is a SignedData.
+            -- The eContentType field for the type SignedData is
+            -- id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the
+            -- eContent field contains the DER encoding of the
+            -- type KDCDHKeyInfo.
+            -- KDCDHKeyInfo is defined below.
+   serverDHNonce           [1] DHNonce OPTIONAL,
+            -- Present if and only if dhKeyExpiration is
+            -- present.
+   ...
+}
+
+KDCDHKeyInfo ::= SEQUENCE {
+   subjectPublicKey        [0] BIT STRING,
+            -- The KDC's DH public key.
+            -- The DH public key value is encoded as a BIT
+            -- STRING according to [RFC3279].
+   nonce                   [1] INTEGER (0..4294967295),
+            -- Contains the nonce in the pkAuthenticator field
+            -- in the request if the DH keys are NOT reused,
+            -- 0 otherwise.
+   dhKeyExpiration         [2] KerberosTime OPTIONAL,
+            -- Expiration time for KDC's key pair,
+            -- present if and only if the DH keys are reused.
+            -- If present, the KDC's DH public key MUST not be
+            -- used past the point of this expiration time.
+            -- If this field is omitted then the serverDHNonce
+            -- field MUST also be omitted.
+   ...
+}
+
+ReplyKeyPack ::= SEQUENCE {
+   replyKey                [0] EncryptionKey,
+            -- Contains the session key used to encrypt the
+            -- enc-part field in the AS-REP, i.e., the
+            -- AS reply key.
+   asChecksum              [1] Checksum,
+           -- Contains the checksum of the AS-REQ
+           -- corresponding to the containing AS-REP.
+           -- The checksum is performed over the type AS-REQ.
+           -- The protocol key [RFC3961] of the checksum is the
+           -- replyKey and the key usage number is 6.
+           -- If the replyKey's enctype is "newer" [RFC4120]
+           -- [RFC4121], the checksum is the required
+           -- checksum operation [RFC3961] for that enctype.
+           -- The client MUST verify this checksum upon receipt
+           -- of the AS-REP.
+   ...
+}
+
+TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+            -- Each AlgorithmIdentifier specifies a set of
+            -- Diffie-Hellman domain parameters [IEEE1363].
+            -- This list is in decreasing preference order.
+END