diff options
| -rw-r--r-- | src/configure.in | 3 | ||||
| -rw-r--r-- | src/tests/asn.1/Makefile.in | 32 | ||||
| -rw-r--r-- | src/tests/asn.1/krb5_encode_test.c | 109 | ||||
| -rw-r--r-- | src/tests/asn.1/ktest.c | 413 | ||||
| -rw-r--r-- | src/tests/asn.1/ktest.h | 32 | ||||
| -rw-r--r-- | src/tests/asn.1/pkinit_encode.out | 13 | ||||
| -rw-r--r-- | src/tests/asn.1/pkinit_trval.out | 160 | ||||
| -rw-r--r-- | src/tests/asn.1/trval.c | 4 |
8 files changed, 751 insertions, 15 deletions
diff --git a/src/configure.in b/src/configure.in index 3101439fdb..67ccac2a2b 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1015,12 +1015,15 @@ int i = 1; fi if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then K5_GEN_MAKEFILE(plugins/preauth/pkinit) + PKINIT=yes elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.]) else AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support]) AC_MSG_NOTICE([Disabling PKINIT support.]) + PKINIT=no fi +AC_SUBST(PKINIT) # for lib/apputils AC_REPLACE_FUNCS(daemon) diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in index 3bb3858401..b2899d5f50 100644 --- a/src/tests/asn.1/Makefile.in +++ b/src/tests/asn.1/Makefile.in @@ -47,19 +47,25 @@ check-decode: krb5_decode_test export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) ./krb5_decode_test -expected_encode.out: reference_encode.out ldap_encode.out - if test "$(LDAP)" = yes; then \ - cat $(srcdir)/reference_encode.out $(srcdir)/ldap_encode.out > expected_encode.out; \ - else \ - cat $(srcdir)/reference_encode.out > expected_encode.out; \ - fi - -expected_trval.out: trval_reference.out ldap_trval.out - if test "$(LDAP)" = yes; then \ - cat $(srcdir)/trval_reference.out $(srcdir)/ldap_trval.out > expected_trval.out; \ - else \ - cat $(srcdir)/trval_reference.out > expected_trval.out; \ - fi +PKINIT_ENCODE_OUT=$(PKINIT_ENCODE_OUT-@PKINIT@) +PKINIT_ENCODE_OUT-yes=$(srcdir)/pkinit_encode.out +PKINIT_ENCODE_OUT-no= +LDAP_ENCODE_OUT=$(LDAP_ENCODE_OUT-@LDAP@) +LDAP_ENCODE_OUT-yes=$(srcdir)/ldap_encode.out +LDAP_ENCODE_OUT-no= +expected_encode.out: reference_encode.out pkinit_encode.out ldap_encode.out + cat $(srcdir)/reference_encode.out $(PKINIT_ENCODE_OUT) \ + $(LDAP_ENCODE_OUT) > $@ + +PKINIT_TRVAL_OUT=$(PKINIT_TRVAL_OUT-@PKINIT@) +PKINIT_TRVAL_OUT-yes=$(srcdir)/pkinit_trval.out +PKINIT_TRVAL_OUT-no= +LDAP_TRVAL_OUT=$(LDAP_TRVAL_OUT-@LDAP@) +LDAP_TRVAL_OUT-yes=$(srcdir)/ldap_trval.out +LDAP_TRVAL_OUT-no= +expected_trval.out: trval_reference.out pkinit_trval.out ldap_trval.out + cat $(srcdir)/trval_reference.out $(PKINIT_TRVAL_OUT) \ + $(LDAP_TRVAL_OUT) > $@ check-encode: krb5_encode_test expected_encode.out KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \ diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c index 8e76d17fd5..7c0bd68d79 100644 --- a/src/tests/asn.1/krb5_encode_test.c +++ b/src/tests/asn.1/krb5_encode_test.c @@ -752,6 +752,115 @@ main(argc, argv) encode_krb5_iakerb_finished); ktest_empty_iakerb_finished(&ih); } +#ifndef DISABLE_PKINIT + /****************************************************************/ + /* encode_krb5_pa_pk_as_req */ + { + krb5_pa_pk_as_req req; + ktest_make_sample_pa_pk_as_req(&req); + encode_run(req, krb5_pa_pk_as_req, "pa_pk_as_req", "", + acc.encode_krb5_pa_pk_as_req); + ktest_empty_pa_pk_as_req(&req); + } + /****************************************************************/ + /* encode_krb5_pa_pk_as_req_draft9 */ + { + krb5_pa_pk_as_req_draft9 req; + ktest_make_sample_pa_pk_as_req_draft9(&req); + encode_run(req, krb5_pa_pk_as_req_draft9, "pa_pk_as_req_draft9", "", + acc.encode_krb5_pa_pk_as_req_draft9); + ktest_empty_pa_pk_as_req_draft9(&req); + } + /****************************************************************/ + /* encode_krb5_pa_pk_as_rep */ + { + krb5_pa_pk_as_rep rep; + ktest_make_sample_pa_pk_as_rep_dhInfo(&rep); + encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(dhInfo)", + acc.encode_krb5_pa_pk_as_rep); + ktest_empty_pa_pk_as_rep(&rep); + ktest_make_sample_pa_pk_as_rep_encKeyPack(&rep); + encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(encKeyPack)", + acc.encode_krb5_pa_pk_as_rep); + ktest_empty_pa_pk_as_rep(&rep); + } + /****************************************************************/ + /* encode_krb5_pa_pk_as_rep_draft9 */ + { + krb5_pa_pk_as_rep_draft9 rep; + ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep); + encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9", + "(dhSignedData)", acc.encode_krb5_pa_pk_as_rep_draft9); + ktest_empty_pa_pk_as_rep_draft9(&rep); + ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep); + encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9", + "(encKeyPack)", acc.encode_krb5_pa_pk_as_rep_draft9); + ktest_empty_pa_pk_as_rep_draft9(&rep); + } + /****************************************************************/ + /* encode_krb5_auth_pack */ + { + krb5_auth_pack pack; + ktest_make_sample_auth_pack(&pack); + encode_run(pack, krb5_auth_pack, "auth_pack", "", + acc.encode_krb5_auth_pack); + ktest_empty_auth_pack(&pack); + } + /****************************************************************/ + /* encode_krb5_auth_pack_draft9_draft9 */ + { + krb5_auth_pack_draft9 pack; + ktest_make_sample_auth_pack_draft9(&pack); + encode_run(pack, krb5_auth_pack_draft9, "auth_pack_draft9", "", + acc.encode_krb5_auth_pack_draft9); + ktest_empty_auth_pack_draft9(&pack); + } + /****************************************************************/ + /* encode_krb5_kdc_dh_key_info */ + { + krb5_kdc_dh_key_info ki; + ktest_make_sample_kdc_dh_key_info(&ki); + encode_run(ki, krb5_kdc_dh_key_info, "kdc_dh_key_info", "", + acc.encode_krb5_kdc_dh_key_info); + ktest_empty_kdc_dh_key_info(&ki); + } + /****************************************************************/ + /* encode_krb5_reply_key_pack */ + { + krb5_reply_key_pack pack; + ktest_make_sample_reply_key_pack(&pack); + encode_run(pack, krb5_reply_key_pack, "reply_key_pack", "", + acc.encode_krb5_reply_key_pack); + ktest_empty_reply_key_pack(&pack); + } + /****************************************************************/ + /* encode_krb5_reply_key_pack_draft9 */ + { + krb5_reply_key_pack_draft9 pack; + ktest_make_sample_reply_key_pack_draft9(&pack); + encode_run(pack, krb5_reply_key_pack_draft9, "reply_key_pack_draft9", + "", acc.encode_krb5_reply_key_pack_draft9); + ktest_empty_reply_key_pack_draft9(&pack); + } + /****************************************************************/ + /* encode_krb5_sp80056a_other_info */ + { + krb5_sp80056a_other_info info; + ktest_make_sample_sp80056a_other_info(&info); + encode_run(info, krb5_sp80056a_other_info, "sp80056a_other_info", + "", encode_krb5_sp80056a_other_info); + ktest_empty_sp80056a_other_info(&info); + } + /****************************************************************/ + /* encode_krb5_pkinit_supp_pub_info */ + { + krb5_pkinit_supp_pub_info info; + ktest_make_sample_pkinit_supp_pub_info(&info); + encode_run(info, krb5_pkinit_supp_pub_info, "pkinit_supp_pub_info", + "", encode_krb5_pkinit_supp_pub_info); + ktest_empty_pkinit_supp_pub_info(&info); + } +#endif /* not DISABLE_PKINIT */ #ifdef ENABLE_LDAP { ldap_seqof_key_data skd; diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index 1580e22775..f89157c7bf 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -641,6 +641,223 @@ ktest_make_sample_iakerb_finished(krb5_iakerb_finished *ih) ktest_make_sample_checksum(&ih->checksum); } +#ifndef DISABLE_PKINIT + +static void +ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p) +{ + p->cusec = SAMPLE_USEC; + p->ctime = SAMPLE_TIME; + p->nonce = SAMPLE_NONCE; + ktest_make_sample_checksum(&p->paChecksum); +} + +static void +ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) +{ + ktest_make_sample_principal(&p->kdcName); + ktest_make_sample_data(&p->kdcRealm); + p->cusec = SAMPLE_USEC; + p->ctime = SAMPLE_TIME; + p->nonce = SAMPLE_NONCE; +} + +static void +ktest_make_sample_oid(krb5_data *p) +{ + krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002"); +} + +static void +ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p) +{ + ktest_make_sample_oid(&p->algorithm); + /* Need a valid DER encoding here; this is the OCTET STRING "params". */ + krb5_data_parse(&p->parameters, "\x04\x06" "params"); +} + +static void +ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p) +{ + ktest_make_sample_oid(&p->algorithm); + p->parameters = empty_data(); +} + +static void +ktest_make_sample_subject_pk_info(krb5_subject_pk_info *p) +{ + ktest_make_sample_algorithm_identifier(&p->algorithm); + ktest_make_sample_data(&p->subjectPublicKey); +} + +static void +ktest_make_sample_external_principal_identifier( + krb5_external_principal_identifier *p) +{ + ktest_make_sample_data(&p->subjectName); + ktest_make_sample_data(&p->issuerAndSerialNumber); + ktest_make_sample_data(&p->subjectKeyIdentifier); +} + +static void +ktest_make_sample_trusted_ca_principalName(krb5_trusted_ca *p) +{ + p->choice = choice_trusted_cas_principalName; + ktest_make_sample_principal(&p->u.principalName); +} + +static void +ktest_make_sample_trusted_ca_caName(krb5_trusted_ca *p) +{ + p->choice = choice_trusted_cas_caName; + ktest_make_sample_data(&p->u.caName); +} + +static void +ktest_make_sample_trusted_ca_issuerAndSerial(krb5_trusted_ca *p) +{ + p->choice = choice_trusted_cas_issuerAndSerial; + ktest_make_sample_data(&p->u.issuerAndSerial); +} + +void +ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p) +{ + ktest_make_sample_data(&p->signedAuthPack); + p->trustedCertifiers = + ealloc(2 * sizeof(krb5_external_principal_identifier *)); + p->trustedCertifiers[0] = + ealloc(sizeof(krb5_external_principal_identifier)); + ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]); + p->trustedCertifiers[1] = NULL; + ktest_make_sample_data(&p->kdcPkId); +} + +void +ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p) +{ + int i; + + ktest_make_sample_data(&p->signedAuthPack); + p->trustedCertifiers = + ealloc(4 * sizeof(krb5_external_principal_identifier *)); + for (i = 0; i < 3; i++) { + p->trustedCertifiers[i] = + ealloc(sizeof(krb5_external_principal_identifier)); + } + ktest_make_sample_trusted_ca_principalName(p->trustedCertifiers[0]); + ktest_make_sample_trusted_ca_caName(p->trustedCertifiers[1]); + ktest_make_sample_trusted_ca_issuerAndSerial(p->trustedCertifiers[2]); + p->trustedCertifiers[3] = NULL; + ktest_make_sample_data(&p->kdcCert); + ktest_make_sample_data(&p->encryptionCert); +} + +static void +ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p) +{ + ktest_make_sample_data(&p->dhSignedData); + ktest_make_sample_data(&p->serverDHNonce); + p->kdfID = ealloc(sizeof(krb5_data)); + ktest_make_sample_data(p->kdfID); +} + +void +ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p) +{ + p->choice = choice_pa_pk_as_rep_dhInfo; + ktest_make_sample_dh_rep_info(&p->u.dh_Info); +} + +void +ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p) +{ + p->choice = choice_pa_pk_as_rep_encKeyPack; + ktest_make_sample_data(&p->u.encKeyPack); +} + +void +ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p) +{ + p->choice = choice_pa_pk_as_rep_draft9_dhSignedData; + ktest_make_sample_data(&p->u.dhSignedData); +} + +void +ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p) +{ + p->choice = choice_pa_pk_as_rep_draft9_encKeyPack; + ktest_make_sample_data(&p->u.encKeyPack); +} + +void +ktest_make_sample_auth_pack(krb5_auth_pack *p) +{ + ktest_make_sample_pk_authenticator(&p->pkAuthenticator); + p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info)); + ktest_make_sample_subject_pk_info(p->clientPublicValue); + p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *)); + p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier)); + ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]); + p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier)); + ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]); + p->supportedCMSTypes[2] = NULL; + ktest_make_sample_data(&p->clientDHNonce); + p->supportedKDFs = ealloc(2 * sizeof(krb5_data )); + p->supportedKDFs[0] = ealloc(sizeof(krb5_data)); + ktest_make_sample_data(p->supportedKDFs[0]); + p->supportedKDFs[1] = NULL; +} + +void +ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p) +{ + ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator); + p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info)); + ktest_make_sample_subject_pk_info(p->clientPublicValue); +} + +void +ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p) +{ + ktest_make_sample_data(&p->subjectPublicKey); + p->nonce = SAMPLE_NONCE; + p->dhKeyExpiration = SAMPLE_TIME; +} + +void +ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p) +{ + ktest_make_sample_keyblock(&p->replyKey); + ktest_make_sample_checksum(&p->asChecksum); +} + +void +ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p) +{ + ktest_make_sample_keyblock(&p->replyKey); + p->nonce = SAMPLE_NONCE; +} + +void +ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p) +{ + ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier); + ktest_make_sample_principal(&p->party_u_info); + ktest_make_sample_principal(&p->party_v_info); + ktest_make_sample_data(&p->supp_pub_info); +} + +void +ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p) +{ + p->enctype = ENCTYPE_DES_CBC_CRC; + ktest_make_sample_data(&p->as_req); + ktest_make_sample_data(&p->pk_as_rep); +} + +#endif /* not DISABLE_PKINIT */ + #ifdef ENABLE_LDAP static void ktest_make_sample_key_data(krb5_key_data *p, int i) @@ -713,6 +930,13 @@ ktest_empty_data(krb5_data *d) } } +static void +ktest_empty_checksum(krb5_checksum *cs) +{ + free(cs->contents); + cs->contents = NULL; +} + void ktest_destroy_checksum(krb5_checksum **cs) { @@ -1261,6 +1485,195 @@ ktest_empty_iakerb_finished(krb5_iakerb_finished *p) krb5_free_checksum_contents(NULL, &p->checksum); } +#ifndef DISABLE_PKINIT + +static void +ktest_empty_pk_authenticator(krb5_pk_authenticator *p) +{ + ktest_empty_checksum(&p->paChecksum); + p->paChecksum.contents = NULL; +} + +static void +ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) +{ + ktest_destroy_principal(&p->kdcName); + ktest_empty_data(&p->kdcRealm); +} + +static void +ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p) +{ + ktest_empty_data(&p->algorithm); + ktest_empty_data(&p->parameters); +} + +static void +ktest_empty_subject_pk_info(krb5_subject_pk_info *p) +{ + ktest_empty_algorithm_identifier(&p->algorithm); + ktest_empty_data(&p->subjectPublicKey); +} + +static void +ktest_empty_external_principal_identifier( + krb5_external_principal_identifier *p) +{ + ktest_empty_data(&p->subjectName); + ktest_empty_data(&p->issuerAndSerialNumber); + ktest_empty_data(&p->subjectKeyIdentifier); +} + +static void +ktest_empty_trusted_ca(krb5_trusted_ca *p) +{ + if (p->choice == choice_trusted_cas_principalName) + ktest_destroy_principal(&p->u.principalName); + else if (p->choice == choice_trusted_cas_caName) + ktest_empty_data(&p->u.caName); + else if (p->choice == choice_trusted_cas_issuerAndSerial) + ktest_empty_data(&p->u.issuerAndSerial); + p->choice = choice_trusted_cas_UNKNOWN; +} + +void +ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p) +{ + krb5_external_principal_identifier **pi; + + ktest_empty_data(&p->signedAuthPack); + for (pi = p->trustedCertifiers; *pi != NULL; pi++) { + ktest_empty_external_principal_identifier(*pi); + free(*pi); + } + free(p->trustedCertifiers); + p->trustedCertifiers = NULL; + ktest_empty_data(&p->kdcPkId); +} + +void +ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p) +{ + krb5_trusted_ca **ca; + + ktest_empty_data(&p->signedAuthPack); + if (p->trustedCertifiers != NULL) { + for (ca = p->trustedCertifiers; *ca != NULL; ca++) { + ktest_empty_trusted_ca(*ca); + free(*ca); + } + free(p->trustedCertifiers); + p->trustedCertifiers = NULL; + } + ktest_empty_data(&p->kdcCert); + ktest_empty_data(&p->encryptionCert); +} + +static void +ktest_empty_dh_rep_info(krb5_dh_rep_info *p) +{ + ktest_empty_data(&p->dhSignedData); + ktest_empty_data(&p->serverDHNonce); + ktest_destroy_data(&p->kdfID); +} + +void +ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p) +{ + if (p->choice == choice_pa_pk_as_rep_dhInfo) + ktest_empty_dh_rep_info(&p->u.dh_Info); + else if (p->choice == choice_pa_pk_as_rep_encKeyPack) + ktest_empty_data(&p->u.encKeyPack); + p->choice = choice_pa_pk_as_rep_UNKNOWN; +} + +void +ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p) +{ + if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData) + ktest_empty_data(&p->u.dhSignedData); + else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack) + ktest_empty_data(&p->u.encKeyPack); + p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; +} + +void +ktest_empty_auth_pack(krb5_auth_pack *p) +{ + krb5_algorithm_identifier **ai; + krb5_data **d; + + ktest_empty_pk_authenticator(&p->pkAuthenticator); + if (p->clientPublicValue != NULL) { + ktest_empty_subject_pk_info(p->clientPublicValue); + free(p->clientPublicValue); + p->clientPublicValue = NULL; + } + if (p->supportedCMSTypes != NULL) { + for (ai = p->supportedCMSTypes; *ai != NULL; ai++) { + ktest_empty_algorithm_identifier(*ai); + free(*ai); + } + free(p->supportedCMSTypes); + p->supportedCMSTypes = NULL; + } + ktest_empty_data(&p->clientDHNonce); + if (p->supportedKDFs != NULL) { + for (d = p->supportedKDFs; *d != NULL; d++) { + ktest_empty_data(*d); + free(*d); + } + free(p->supportedKDFs); + p->supportedKDFs = NULL; + } +} + +void +ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p) +{ + ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator); + if (p->clientPublicValue != NULL) { + ktest_empty_subject_pk_info(p->clientPublicValue); + free(p->clientPublicValue); + p->clientPublicValue = NULL; + } +} + +void +ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p) +{ + ktest_empty_data(&p->subjectPublicKey); +} + +void +ktest_empty_reply_key_pack(krb5_reply_key_pack *p) +{ + ktest_empty_keyblock(&p->replyKey); + ktest_empty_checksum(&p->asChecksum); +} + +void +ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p) +{ + ktest_empty_keyblock(&p->replyKey); +} + +void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p) +{ + ktest_empty_algorithm_identifier(&p->algorithm_identifier); + ktest_destroy_principal(&p->party_u_info); + ktest_destroy_principal(&p->party_v_info); + ktest_empty_data(&p->supp_pub_info); +} + +void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p) +{ + ktest_empty_data(&p->as_req); + ktest_empty_data(&p->pk_as_rep); +} + +#endif /* not DISABLE_PKINIT */ + #ifdef ENABLE_LDAP void ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p) diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h index 70a5507f94..8deb39ac8f 100644 --- a/src/tests/asn.1/ktest.h +++ b/src/tests/asn.1/ktest.h @@ -94,6 +94,24 @@ void ktest_make_sample_ad_signedpath(krb5_ad_signedpath *p); void ktest_make_sample_iakerb_header(krb5_iakerb_header *p); void ktest_make_sample_iakerb_finished(krb5_iakerb_finished *p); +#ifndef DISABLE_PKINIT +void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p); +void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p); +void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p); +void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p); +void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData( + krb5_pa_pk_as_rep_draft9 *p); +void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack( + krb5_pa_pk_as_rep_draft9 *p); +void ktest_make_sample_auth_pack(krb5_auth_pack *p); +void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p); +void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p); +void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p); +void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p); +void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p); +void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p); +#endif + #ifdef ENABLE_LDAP void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p); #endif @@ -161,6 +179,20 @@ void ktest_empty_ad_signedpath(krb5_ad_signedpath *p); void ktest_empty_iakerb_header(krb5_iakerb_header *p); void ktest_empty_iakerb_finished(krb5_iakerb_finished *p); +#ifndef DISABLE_PKINIT +void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p); +void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p); +void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p); +void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p); +void ktest_empty_auth_pack(krb5_auth_pack *p); +void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p); +void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p); +void ktest_empty_reply_key_pack(krb5_reply_key_pack *p); +void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p); +void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p); +void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p); +#endif + #ifdef ENABLE_LDAP void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p); #endif diff --git a/src/tests/asn.1/pkinit_encode.out b/src/tests/asn.1/pkinit_encode.out new file mode 100644 index 0000000000..e613a9ab26 --- /dev/null +++ b/src/tests/asn.1/pkinit_encode.out @@ -0,0 +1,13 @@ +encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_req_draft9: 30 52 80 08 6B 72 62 35 64 61 74 61 A1 32 30 30 80 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 83 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep(dhInfo): A0 26 30 24 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61 +encode_krb5_auth_pack: 30 81 93 A0 29 30 27 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61 +encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 +encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A +encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 +encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A +encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61 +encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 01 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61 diff --git a/src/tests/asn.1/pkinit_trval.out b/src/tests/asn.1/pkinit_trval.out new file mode 100644 index 0000000000..9959afa9f0 --- /dev/null +++ b/src/tests/asn.1/pkinit_trval.out @@ -0,0 +1,160 @@ +encode_krb5_pa_pk_as_req: + +[Sequence/Sequence Of] +. [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [1] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . . [1] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . . [2] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [2] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_req_draft9: + +[Sequence/Sequence Of] +. [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [1] [Sequence/Sequence Of] +. . [0] <26> + 30 18 a0 03 02 01 01 a1 11 30 0f 1b 06 68 66 0........0...hf + 74 73 61 69 1b 05 65 78 74 72 61 tsai..extra +. . [1] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . [2] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [2] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [3] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep(dhInfo): + +[CONT 0] +. [Sequence/Sequence Of] +. . [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . [1] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . [2] [Sequence/Sequence Of] +. . . [0] [Object Identifier] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep(encKeyPack): + +[CONT 1] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep_draft9(dhSignedData): + +[CONT 0] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep_draft9(encKeyPack): + +[CONT 1] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_auth_pack: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 123456 +. . [1] [Generalized Time] "19940610060317Z" +. . [2] [Integer] 42 +. . [3] [Octet String] "1234" +. [1] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. . . [Octet String] "params" +. . [Bit String] <9> + 00 6b 72 62 35 64 61 74 61 .krb5data +. [2] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. . . [Octet String] "params" +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. [3] [Octet String] "krb5data" +. [4] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] [Object Identifier] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_auth_pack_draft9: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Sequence/Sequence Of] +. . . . [General string] "hftsai" +. . . . [General string] "extra" +. . [1] [General string] "ATHENA.MIT.EDU" +. . [2] [Integer] 123456 +. . [3] [Generalized Time] "19940610060317Z" +. . [4] [Integer] 42 +. [1] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. . . [Octet String] "params" +. . [Bit String] <9> + 00 6b 72 62 35 64 61 74 61 .krb5data + +encode_krb5_kdc_dh_key_info: + +[Sequence/Sequence Of] +. [0] [Bit String] <9> + 00 6b 72 62 35 64 61 74 61 .krb5data +. [1] [Integer] 42 +. [2] [Generalized Time] "19940610060317Z" + +encode_krb5_reply_key_pack: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "12345678" +. [1] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "1234" + +encode_krb5_reply_key_pack_draft9: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "12345678" +. [1] [Integer] 42 + +encode_krb5_sp80056a_other_info: + +[Sequence/Sequence Of] +. [Sequence/Sequence Of] +. . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. [0] [Octet String] <48> + 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT + 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0 + 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra +. [1] [Octet String] <48> + 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT + 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0 + 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra +. [2] [Octet String] "krb5data" + +encode_krb5_pkinit_supp_pub_info: + +[Sequence/Sequence Of] +. [0] [Integer] 1 +. [1] [Octet String] "krb5data" +. [2] [Octet String] "krb5data" + diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c index 780d60c7df..bdfea4e2f7 100644 --- a/src/tests/asn.1/trval.c +++ b/src/tests/asn.1/trval.c @@ -221,8 +221,8 @@ context_restart: print_tag_type(fp, eid, lev); - if (print_context_shortcut && - ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) { + if (print_context_shortcut && (eid & ID_CLASS) == CLASS_CONT && + (eid & ID_FORM) == FORM_CONS && lev > 0) { rlen_ext += 2 + xlen; enc += 2 + xlen; goto context_restart; |