1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* tests/asn.1/make-vectors.c - Generate ASN.1 test vectors using asn1c */
/*
* Copyright (C) 2011 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/*
* This program generates test vectors using asn1c, to be included in other
* test programs which exercise the krb5 ASN.1 encoder and decoder functions.
* It is intended to be used via "make test-vectors". Currently, test vectors
* are only generated for OTP preauth objects.
*/
#include <PrincipalName.h>
#include <KRB5PrincipalName.h>
#include <OtherInfo.h>
#include <PkinitSuppPubInfo.h>
#include <OTP-TOKENINFO.h>
#include <PA-OTP-CHALLENGE.h>
#include <PA-OTP-REQUEST.h>
#include <PA-OTP-ENC-REQUEST.h>
static unsigned char buf[8192];
static size_t buf_pos;
/* PrincipalName and KRB5PrincipalName */
static KerberosString_t comp_1 = { "hftsai", 6 };
static KerberosString_t comp_2 = { "extra", 5 };
static KerberosString_t *comps[] = { &comp_1, &comp_2 };
static PrincipalName_t princ = { 1, { comps, 2, 2 } };
static KRB5PrincipalName_t krb5princ = { { "ATHENA.MIT.EDU", 14 },
{ 1, { comps, 2, 2 } } };
/* OtherInfo */
static unsigned int krb5_arcs[] = { 1, 2, 840, 113554, 1, 2, 2 };
static OCTET_STRING_t krb5data_ostring = { "krb5data", 8 };
static OtherInfo_t other_info = {
{ 0 }, { 0 }, { 0 }, /* Initialized in main() */
&krb5data_ostring, NULL
};
/* PkinitSuppPubInfo */
static PkinitSuppPubInfo_t supp_pub_info = { 1, { "krb5data", 8 },
{ "krb5data", 8 } };
/* Minimal OTP-TOKENINFO */
static OTP_TOKENINFO_t token_info_1 = { { "\0\0\0\0", 4, 0 } };
/* Maximal OTP-TOKENINFO */
static UTF8String_t vendor = { "Examplecorp", 11 };
static OCTET_STRING_t challenge = { "hark!", 5 };
static Int32_t otp_length = 10;
static OTPFormat_t otp_format; /* Initialized to 2 in main(). */
static OCTET_STRING_t token_id = { "yourtoken", 9 };
static AnyURI_t otp_alg = { "urn:ietf:params:xml:ns:keyprov:pskc:hotp", 40 };
static unsigned int sha256_arcs[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
static unsigned int sha1_arcs[] = { 1, 3, 14, 3, 2, 26 };
static AlgorithmIdentifier_t alg_sha256, alg_sha1; /* Initialized in main(). */
static AlgorithmIdentifier_t *algs[] = { &alg_sha256, &alg_sha1 };
static struct supportedHashAlg hash_algs = { algs, 2, 2 };
static Int32_t iter_count = 1000;
/* Flags are nextOTP | combine | collect-pin | must-encrypt-nonce |
* separate-pin-required | check-digit */
static OTP_TOKENINFO_t token_info_2 = { { "\x77\0\0\0", 4, 0 }, &vendor,
&challenge, &otp_length, &otp_format,
&token_id, &otp_alg, &hash_algs,
&iter_count };
/* Minimal PA-OTP-CHALLENGE */
static OTP_TOKENINFO_t *tinfo_1[] = { &token_info_1 };
static PA_OTP_CHALLENGE_t challenge_1 = { { "minnonce", 8 }, NULL,
{ { tinfo_1, 1, 1 } } };
/* Maximal PA-OTP-CHALLENGE */
static OTP_TOKENINFO_t *tinfo_2[] = { &token_info_1, &token_info_2 };
static UTF8String_t service = { "testservice", 11 };
static KerberosString_t salt = { "keysalt", 7 };
static OCTET_STRING_t s2kparams = { "1234", 4 };
static PA_OTP_CHALLENGE_t challenge_2 = { { "maxnonce", 8 }, &service,
{ { tinfo_2, 2, 2 } }, &salt,
&s2kparams };
/* Minimal PA-OTP-REQUEST */
static UInt32_t kvno; /* Initialized to 5 in main(). */
static PA_OTP_REQUEST_t request_1 = { { "\0\0\0\0", 4, 0 }, NULL,
{ 0, &kvno,
{ "krbASN.1 test message", 21 } } };
/* Maximal PA-OTP-REQUEST */
/* Flags are nextOTP | combine */
static OCTET_STRING_t nonce = { "nonce", 5 };
static OCTET_STRING_t otp_value = { "frogs", 5 };
static UTF8String_t otp_pin = { "myfirstpin", 10 };
/* Corresponds to Unix time 771228197 */
static KerberosTime_t otp_time = { "19940610060317Z", 15 };
static OCTET_STRING_t counter = { "346", 3 };
static PA_OTP_REQUEST_t request_2 = { { "\x60\0\0\0", 4, 0 }, &nonce,
{ 0, &kvno,
{ "krbASN.1 test message", 21 } },
&alg_sha256, &iter_count, &otp_value,
&otp_pin, &challenge, &otp_time,
&counter, &otp_format, &token_id,
&otp_alg, &vendor };
/* PA-OTP-ENC-REQUEST */
static PA_OTP_ENC_REQUEST_t enc_request = { { "krb5data", 8 } };
static int
consume(const void *data, size_t size, void *dummy)
{
memcpy(buf + buf_pos, data, size);
buf_pos += size;
return 0;
}
/* Display a C string literal representing the contents of buf, and
* reinitialize buf_pos for the next encoding operation. */
static void
printbuf(void)
{
size_t i;
for (i = 0; i < buf_pos; i++) {
printf("%02X", buf[i]);
if (i + 1 < buf_pos)
printf(" ");
}
buf_pos = 0;
}
int
main()
{
/* Initialize values which can't use static initializers. */
asn_long2INTEGER(&otp_format, 2); /* Alphanumeric */
asn_long2INTEGER(&kvno, 5);
OBJECT_IDENTIFIER_set_arcs(&alg_sha256.algorithm, sha256_arcs,
sizeof(*sha256_arcs),
sizeof(sha256_arcs) / sizeof(*sha256_arcs));
OBJECT_IDENTIFIER_set_arcs(&alg_sha1.algorithm, sha1_arcs,
sizeof(*sha1_arcs),
sizeof(sha1_arcs) / sizeof(*sha1_arcs));
OBJECT_IDENTIFIER_set_arcs(&other_info.algorithmID.algorithm, krb5_arcs,
sizeof(*krb5_arcs),
sizeof(krb5_arcs) / sizeof(*krb5_arcs));
printf("PrincipalName:\n");
der_encode(&asn_DEF_PrincipalName, &princ, consume, NULL);
printbuf();
/* Print this encoding and also use it to initialize two fields of
* other_info. */
printf("\nKRB5PrincipalName:\n");
der_encode(&asn_DEF_KRB5PrincipalName, &krb5princ, consume, NULL);
OCTET_STRING_fromBuf(&other_info.partyUInfo, buf, buf_pos);
OCTET_STRING_fromBuf(&other_info.partyVInfo, buf, buf_pos);
printbuf();
printf("\nOtherInfo:\n");
der_encode(&asn_DEF_OtherInfo, &other_info, consume, NULL);
printbuf();
free(other_info.partyUInfo.buf);
free(other_info.partyVInfo.buf);
printf("\nPkinitSuppPubInfo:\n");
der_encode(&asn_DEF_PkinitSuppPubInfo, &supp_pub_info, consume, NULL);
printbuf();
printf("\nMinimal OTP-TOKEN-INFO:\n");
der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_1, consume, NULL);
printbuf();
printf("\nMaximal OTP-TOKEN-INFO:\n");
der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_2, consume, NULL);
printbuf();
printf("\nMinimal PA-OTP-CHALLENGE:\n");
der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_1, consume, NULL);
printbuf();
printf("\nMaximal PA-OTP-CHALLENGE:\n");
der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_2, consume, NULL);
printbuf();
printf("\nMinimal PA-OTP-REQUEST:\n");
der_encode(&asn_DEF_PA_OTP_REQUEST, &request_1, consume, NULL);
printbuf();
printf("\nMaximal PA-OTP-REQUEST:\n");
der_encode(&asn_DEF_PA_OTP_REQUEST, &request_2, consume, NULL);
printbuf();
printf("\nPA-OTP-ENC-REQUEST:\n");
der_encode(&asn_DEF_PA_OTP_ENC_REQUEST, &enc_request, consume, NULL);
printbuf();
printf("\n");
return 0;
}
|
