fi
if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
K5_GEN_MAKEFILE(plugins/preauth/pkinit)
+ PKINIT=yes
elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
else
AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support])
AC_MSG_NOTICE([Disabling PKINIT support.])
+ PKINIT=no
fi
+AC_SUBST(PKINIT)
# for lib/apputils
AC_REPLACE_FUNCS(daemon)
export KRB5_CONFIG ;\
$(RUN_SETUP) $(VALGRIND) ./krb5_decode_test
-expected_encode.out: reference_encode.out ldap_encode.out
- if test "$(LDAP)" = yes; then \
- cat $(srcdir)/reference_encode.out $(srcdir)/ldap_encode.out > expected_encode.out; \
- else \
- cat $(srcdir)/reference_encode.out > expected_encode.out; \
- fi
-
-expected_trval.out: trval_reference.out ldap_trval.out
- if test "$(LDAP)" = yes; then \
- cat $(srcdir)/trval_reference.out $(srcdir)/ldap_trval.out > expected_trval.out; \
- else \
- cat $(srcdir)/trval_reference.out > expected_trval.out; \
- fi
+PKINIT_ENCODE_OUT=$(PKINIT_ENCODE_OUT-@PKINIT@)
+PKINIT_ENCODE_OUT-yes=$(srcdir)/pkinit_encode.out
+PKINIT_ENCODE_OUT-no=
+LDAP_ENCODE_OUT=$(LDAP_ENCODE_OUT-@LDAP@)
+LDAP_ENCODE_OUT-yes=$(srcdir)/ldap_encode.out
+LDAP_ENCODE_OUT-no=
+expected_encode.out: reference_encode.out pkinit_encode.out ldap_encode.out
+ cat $(srcdir)/reference_encode.out $(PKINIT_ENCODE_OUT) \
+ $(LDAP_ENCODE_OUT) > $@
+
+PKINIT_TRVAL_OUT=$(PKINIT_TRVAL_OUT-@PKINIT@)
+PKINIT_TRVAL_OUT-yes=$(srcdir)/pkinit_trval.out
+PKINIT_TRVAL_OUT-no=
+LDAP_TRVAL_OUT=$(LDAP_TRVAL_OUT-@LDAP@)
+LDAP_TRVAL_OUT-yes=$(srcdir)/ldap_trval.out
+LDAP_TRVAL_OUT-no=
+expected_trval.out: trval_reference.out pkinit_trval.out ldap_trval.out
+ cat $(srcdir)/trval_reference.out $(PKINIT_TRVAL_OUT) \
+ $(LDAP_TRVAL_OUT) > $@
check-encode: krb5_encode_test expected_encode.out
KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \
encode_krb5_iakerb_finished);
ktest_empty_iakerb_finished(&ih);
}
+#ifndef DISABLE_PKINIT
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_req */
+ {
+ krb5_pa_pk_as_req req;
+ ktest_make_sample_pa_pk_as_req(&req);
+ encode_run(req, krb5_pa_pk_as_req, "pa_pk_as_req", "",
+ acc.encode_krb5_pa_pk_as_req);
+ ktest_empty_pa_pk_as_req(&req);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_req_draft9 */
+ {
+ krb5_pa_pk_as_req_draft9 req;
+ ktest_make_sample_pa_pk_as_req_draft9(&req);
+ encode_run(req, krb5_pa_pk_as_req_draft9, "pa_pk_as_req_draft9", "",
+ acc.encode_krb5_pa_pk_as_req_draft9);
+ ktest_empty_pa_pk_as_req_draft9(&req);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_rep */
+ {
+ krb5_pa_pk_as_rep rep;
+ ktest_make_sample_pa_pk_as_rep_dhInfo(&rep);
+ encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(dhInfo)",
+ acc.encode_krb5_pa_pk_as_rep);
+ ktest_empty_pa_pk_as_rep(&rep);
+ ktest_make_sample_pa_pk_as_rep_encKeyPack(&rep);
+ encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(encKeyPack)",
+ acc.encode_krb5_pa_pk_as_rep);
+ ktest_empty_pa_pk_as_rep(&rep);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_rep_draft9 */
+ {
+ krb5_pa_pk_as_rep_draft9 rep;
+ ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep);
+ encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9",
+ "(dhSignedData)", acc.encode_krb5_pa_pk_as_rep_draft9);
+ ktest_empty_pa_pk_as_rep_draft9(&rep);
+ ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep);
+ encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9",
+ "(encKeyPack)", acc.encode_krb5_pa_pk_as_rep_draft9);
+ ktest_empty_pa_pk_as_rep_draft9(&rep);
+ }
+ /****************************************************************/
+ /* encode_krb5_auth_pack */
+ {
+ krb5_auth_pack pack;
+ ktest_make_sample_auth_pack(&pack);
+ encode_run(pack, krb5_auth_pack, "auth_pack", "",
+ acc.encode_krb5_auth_pack);
+ ktest_empty_auth_pack(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_auth_pack_draft9_draft9 */
+ {
+ krb5_auth_pack_draft9 pack;
+ ktest_make_sample_auth_pack_draft9(&pack);
+ encode_run(pack, krb5_auth_pack_draft9, "auth_pack_draft9", "",
+ acc.encode_krb5_auth_pack_draft9);
+ ktest_empty_auth_pack_draft9(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_kdc_dh_key_info */
+ {
+ krb5_kdc_dh_key_info ki;
+ ktest_make_sample_kdc_dh_key_info(&ki);
+ encode_run(ki, krb5_kdc_dh_key_info, "kdc_dh_key_info", "",
+ acc.encode_krb5_kdc_dh_key_info);
+ ktest_empty_kdc_dh_key_info(&ki);
+ }
+ /****************************************************************/
+ /* encode_krb5_reply_key_pack */
+ {
+ krb5_reply_key_pack pack;
+ ktest_make_sample_reply_key_pack(&pack);
+ encode_run(pack, krb5_reply_key_pack, "reply_key_pack", "",
+ acc.encode_krb5_reply_key_pack);
+ ktest_empty_reply_key_pack(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_reply_key_pack_draft9 */
+ {
+ krb5_reply_key_pack_draft9 pack;
+ ktest_make_sample_reply_key_pack_draft9(&pack);
+ encode_run(pack, krb5_reply_key_pack_draft9, "reply_key_pack_draft9",
+ "", acc.encode_krb5_reply_key_pack_draft9);
+ ktest_empty_reply_key_pack_draft9(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_sp80056a_other_info */
+ {
+ krb5_sp80056a_other_info info;
+ ktest_make_sample_sp80056a_other_info(&info);
+ encode_run(info, krb5_sp80056a_other_info, "sp80056a_other_info",
+ "", encode_krb5_sp80056a_other_info);
+ ktest_empty_sp80056a_other_info(&info);
+ }
+ /****************************************************************/
+ /* encode_krb5_pkinit_supp_pub_info */
+ {
+ krb5_pkinit_supp_pub_info info;
+ ktest_make_sample_pkinit_supp_pub_info(&info);
+ encode_run(info, krb5_pkinit_supp_pub_info, "pkinit_supp_pub_info",
+ "", encode_krb5_pkinit_supp_pub_info);
+ ktest_empty_pkinit_supp_pub_info(&info);
+ }
+#endif /* not DISABLE_PKINIT */
#ifdef ENABLE_LDAP
{
ldap_seqof_key_data skd;
ktest_make_sample_checksum(&ih->checksum);
}
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p)
+{
+ p->cusec = SAMPLE_USEC;
+ p->ctime = SAMPLE_TIME;
+ p->nonce = SAMPLE_NONCE;
+ ktest_make_sample_checksum(&p->paChecksum);
+}
+
+static void
+ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
+{
+ ktest_make_sample_principal(&p->kdcName);
+ ktest_make_sample_data(&p->kdcRealm);
+ p->cusec = SAMPLE_USEC;
+ p->ctime = SAMPLE_TIME;
+ p->nonce = SAMPLE_NONCE;
+}
+
+static void
+ktest_make_sample_oid(krb5_data *p)
+{
+ krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002");
+}
+
+static void
+ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+ ktest_make_sample_oid(&p->algorithm);
+ /* Need a valid DER encoding here; this is the OCTET STRING "params". */
+ krb5_data_parse(&p->parameters, "\x04\x06" "params");
+}
+
+static void
+ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p)
+{
+ ktest_make_sample_oid(&p->algorithm);
+ p->parameters = empty_data();
+}
+
+static void
+ktest_make_sample_subject_pk_info(krb5_subject_pk_info *p)
+{
+ ktest_make_sample_algorithm_identifier(&p->algorithm);
+ ktest_make_sample_data(&p->subjectPublicKey);
+}
+
+static void
+ktest_make_sample_external_principal_identifier(
+ krb5_external_principal_identifier *p)
+{
+ ktest_make_sample_data(&p->subjectName);
+ ktest_make_sample_data(&p->issuerAndSerialNumber);
+ ktest_make_sample_data(&p->subjectKeyIdentifier);
+}
+
+static void
+ktest_make_sample_trusted_ca_principalName(krb5_trusted_ca *p)
+{
+ p->choice = choice_trusted_cas_principalName;
+ ktest_make_sample_principal(&p->u.principalName);
+}
+
+static void
+ktest_make_sample_trusted_ca_caName(krb5_trusted_ca *p)
+{
+ p->choice = choice_trusted_cas_caName;
+ ktest_make_sample_data(&p->u.caName);
+}
+
+static void
+ktest_make_sample_trusted_ca_issuerAndSerial(krb5_trusted_ca *p)
+{
+ p->choice = choice_trusted_cas_issuerAndSerial;
+ ktest_make_sample_data(&p->u.issuerAndSerial);
+}
+
+void
+ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+ ktest_make_sample_data(&p->signedAuthPack);
+ p->trustedCertifiers =
+ ealloc(2 * sizeof(krb5_external_principal_identifier *));
+ p->trustedCertifiers[0] =
+ ealloc(sizeof(krb5_external_principal_identifier));
+ ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]);
+ p->trustedCertifiers[1] = NULL;
+ ktest_make_sample_data(&p->kdcPkId);
+}
+
+void
+ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
+{
+ int i;
+
+ ktest_make_sample_data(&p->signedAuthPack);
+ p->trustedCertifiers =
+ ealloc(4 * sizeof(krb5_external_principal_identifier *));
+ for (i = 0; i < 3; i++) {
+ p->trustedCertifiers[i] =
+ ealloc(sizeof(krb5_external_principal_identifier));
+ }
+ ktest_make_sample_trusted_ca_principalName(p->trustedCertifiers[0]);
+ ktest_make_sample_trusted_ca_caName(p->trustedCertifiers[1]);
+ ktest_make_sample_trusted_ca_issuerAndSerial(p->trustedCertifiers[2]);
+ p->trustedCertifiers[3] = NULL;
+ ktest_make_sample_data(&p->kdcCert);
+ ktest_make_sample_data(&p->encryptionCert);
+}
+
+static void
+ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
+{
+ ktest_make_sample_data(&p->dhSignedData);
+ ktest_make_sample_data(&p->serverDHNonce);
+ p->kdfID = ealloc(sizeof(krb5_data));
+ ktest_make_sample_data(p->kdfID);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p)
+{
+ p->choice = choice_pa_pk_as_rep_dhInfo;
+ ktest_make_sample_dh_rep_info(&p->u.dh_Info);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p)
+{
+ p->choice = choice_pa_pk_as_rep_encKeyPack;
+ ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p)
+{
+ p->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
+ ktest_make_sample_data(&p->u.dhSignedData);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p)
+{
+ p->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
+ ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_auth_pack(krb5_auth_pack *p)
+{
+ ktest_make_sample_pk_authenticator(&p->pkAuthenticator);
+ p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
+ ktest_make_sample_subject_pk_info(p->clientPublicValue);
+ p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *));
+ p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier));
+ ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]);
+ p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier));
+ ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]);
+ p->supportedCMSTypes[2] = NULL;
+ ktest_make_sample_data(&p->clientDHNonce);
+ p->supportedKDFs = ealloc(2 * sizeof(krb5_data ));
+ p->supportedKDFs[0] = ealloc(sizeof(krb5_data));
+ ktest_make_sample_data(p->supportedKDFs[0]);
+ p->supportedKDFs[1] = NULL;
+}
+
+void
+ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p)
+{
+ ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator);
+ p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
+ ktest_make_sample_subject_pk_info(p->clientPublicValue);
+}
+
+void
+ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+ ktest_make_sample_data(&p->subjectPublicKey);
+ p->nonce = SAMPLE_NONCE;
+ p->dhKeyExpiration = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p)
+{
+ ktest_make_sample_keyblock(&p->replyKey);
+ ktest_make_sample_checksum(&p->asChecksum);
+}
+
+void
+ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
+{
+ ktest_make_sample_keyblock(&p->replyKey);
+ p->nonce = SAMPLE_NONCE;
+}
+
+void
+ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+ ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier);
+ ktest_make_sample_principal(&p->party_u_info);
+ ktest_make_sample_principal(&p->party_v_info);
+ ktest_make_sample_data(&p->supp_pub_info);
+}
+
+void
+ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+ p->enctype = ENCTYPE_DES_CBC_CRC;
+ ktest_make_sample_data(&p->as_req);
+ ktest_make_sample_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
#ifdef ENABLE_LDAP
static void
ktest_make_sample_key_data(krb5_key_data *p, int i)
}
}
+static void
+ktest_empty_checksum(krb5_checksum *cs)
+{
+ free(cs->contents);
+ cs->contents = NULL;
+}
+
void
ktest_destroy_checksum(krb5_checksum **cs)
{
krb5_free_checksum_contents(NULL, &p->checksum);
}
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_empty_pk_authenticator(krb5_pk_authenticator *p)
+{
+ ktest_empty_checksum(&p->paChecksum);
+ p->paChecksum.contents = NULL;
+}
+
+static void
+ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
+{
+ ktest_destroy_principal(&p->kdcName);
+ ktest_empty_data(&p->kdcRealm);
+}
+
+static void
+ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+ ktest_empty_data(&p->algorithm);
+ ktest_empty_data(&p->parameters);
+}
+
+static void
+ktest_empty_subject_pk_info(krb5_subject_pk_info *p)
+{
+ ktest_empty_algorithm_identifier(&p->algorithm);
+ ktest_empty_data(&p->subjectPublicKey);
+}
+
+static void
+ktest_empty_external_principal_identifier(
+ krb5_external_principal_identifier *p)
+{
+ ktest_empty_data(&p->subjectName);
+ ktest_empty_data(&p->issuerAndSerialNumber);
+ ktest_empty_data(&p->subjectKeyIdentifier);
+}
+
+static void
+ktest_empty_trusted_ca(krb5_trusted_ca *p)
+{
+ if (p->choice == choice_trusted_cas_principalName)
+ ktest_destroy_principal(&p->u.principalName);
+ else if (p->choice == choice_trusted_cas_caName)
+ ktest_empty_data(&p->u.caName);
+ else if (p->choice == choice_trusted_cas_issuerAndSerial)
+ ktest_empty_data(&p->u.issuerAndSerial);
+ p->choice = choice_trusted_cas_UNKNOWN;
+}
+
+void
+ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+ krb5_external_principal_identifier **pi;
+
+ ktest_empty_data(&p->signedAuthPack);
+ for (pi = p->trustedCertifiers; *pi != NULL; pi++) {
+ ktest_empty_external_principal_identifier(*pi);
+ free(*pi);
+ }
+ free(p->trustedCertifiers);
+ p->trustedCertifiers = NULL;
+ ktest_empty_data(&p->kdcPkId);
+}
+
+void
+ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
+{
+ krb5_trusted_ca **ca;
+
+ ktest_empty_data(&p->signedAuthPack);
+ if (p->trustedCertifiers != NULL) {
+ for (ca = p->trustedCertifiers; *ca != NULL; ca++) {
+ ktest_empty_trusted_ca(*ca);
+ free(*ca);
+ }
+ free(p->trustedCertifiers);
+ p->trustedCertifiers = NULL;
+ }
+ ktest_empty_data(&p->kdcCert);
+ ktest_empty_data(&p->encryptionCert);
+}
+
+static void
+ktest_empty_dh_rep_info(krb5_dh_rep_info *p)
+{
+ ktest_empty_data(&p->dhSignedData);
+ ktest_empty_data(&p->serverDHNonce);
+ ktest_destroy_data(&p->kdfID);
+}
+
+void
+ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p)
+{
+ if (p->choice == choice_pa_pk_as_rep_dhInfo)
+ ktest_empty_dh_rep_info(&p->u.dh_Info);
+ else if (p->choice == choice_pa_pk_as_rep_encKeyPack)
+ ktest_empty_data(&p->u.encKeyPack);
+ p->choice = choice_pa_pk_as_rep_UNKNOWN;
+}
+
+void
+ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p)
+{
+ if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
+ ktest_empty_data(&p->u.dhSignedData);
+ else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
+ ktest_empty_data(&p->u.encKeyPack);
+ p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
+}
+
+void
+ktest_empty_auth_pack(krb5_auth_pack *p)
+{
+ krb5_algorithm_identifier **ai;
+ krb5_data **d;
+
+ ktest_empty_pk_authenticator(&p->pkAuthenticator);
+ if (p->clientPublicValue != NULL) {
+ ktest_empty_subject_pk_info(p->clientPublicValue);
+ free(p->clientPublicValue);
+ p->clientPublicValue = NULL;
+ }
+ if (p->supportedCMSTypes != NULL) {
+ for (ai = p->supportedCMSTypes; *ai != NULL; ai++) {
+ ktest_empty_algorithm_identifier(*ai);
+ free(*ai);
+ }
+ free(p->supportedCMSTypes);
+ p->supportedCMSTypes = NULL;
+ }
+ ktest_empty_data(&p->clientDHNonce);
+ if (p->supportedKDFs != NULL) {
+ for (d = p->supportedKDFs; *d != NULL; d++) {
+ ktest_empty_data(*d);
+ free(*d);
+ }
+ free(p->supportedKDFs);
+ p->supportedKDFs = NULL;
+ }
+}
+
+void
+ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p)
+{
+ ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator);
+ if (p->clientPublicValue != NULL) {
+ ktest_empty_subject_pk_info(p->clientPublicValue);
+ free(p->clientPublicValue);
+ p->clientPublicValue = NULL;
+ }
+}
+
+void
+ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+ ktest_empty_data(&p->subjectPublicKey);
+}
+
+void
+ktest_empty_reply_key_pack(krb5_reply_key_pack *p)
+{
+ ktest_empty_keyblock(&p->replyKey);
+ ktest_empty_checksum(&p->asChecksum);
+}
+
+void
+ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
+{
+ ktest_empty_keyblock(&p->replyKey);
+}
+
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+ ktest_empty_algorithm_identifier(&p->algorithm_identifier);
+ ktest_destroy_principal(&p->party_u_info);
+ ktest_destroy_principal(&p->party_v_info);
+ ktest_empty_data(&p->supp_pub_info);
+}
+
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+ ktest_empty_data(&p->as_req);
+ ktest_empty_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
#ifdef ENABLE_LDAP
void
ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p)
void ktest_make_sample_iakerb_header(krb5_iakerb_header *p);
void ktest_make_sample_iakerb_finished(krb5_iakerb_finished *p);
+#ifndef DISABLE_PKINIT
+void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
+void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(
+ krb5_pa_pk_as_rep_draft9 *p);
+void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(
+ krb5_pa_pk_as_rep_draft9 *p);
+void ktest_make_sample_auth_pack(krb5_auth_pack *p);
+void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p);
+void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
+void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
#ifdef ENABLE_LDAP
void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p);
#endif
void ktest_empty_iakerb_header(krb5_iakerb_header *p);
void ktest_empty_iakerb_finished(krb5_iakerb_finished *p);
+#ifndef DISABLE_PKINIT
+void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
+void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p);
+void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p);
+void ktest_empty_auth_pack(krb5_auth_pack *p);
+void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p);
+void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_empty_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
#ifdef ENABLE_LDAP
void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p);
#endif
--- /dev/null
+encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_req_draft9: 30 52 80 08 6B 72 62 35 64 61 74 61 A1 32 30 30 80 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 83 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(dhInfo): A0 26 30 24 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack: 30 81 93 A0 29 30 27 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61
+encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A
+encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 01 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
--- /dev/null
+encode_krb5_pa_pk_as_req:
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . . [1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . . [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_req_draft9:
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [1] [Sequence/Sequence Of]
+. . [0] <26>
+ 30 18 a0 03 02 01 01 a1 11 30 0f 1b 06 68 66 0........0...hf
+ 74 73 61 69 1b 05 65 78 74 72 61 tsai..extra
+. . [1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [3] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep(dhInfo):
+
+[CONT 0]
+. [Sequence/Sequence Of]
+. . [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . [1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . [2] [Sequence/Sequence Of]
+. . . [0] [Object Identifier] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep(encKeyPack):
+
+[CONT 1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep_draft9(dhSignedData):
+
+[CONT 0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep_draft9(encKeyPack):
+
+[CONT 1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_auth_pack:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 123456
+. . [1] [Generalized Time] "19940610060317Z"
+. . [2] [Integer] 42
+. . [3] [Octet String] "1234"
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. . . [Octet String] "params"
+. . [Bit String] <9>
+ 00 6b 72 62 35 64 61 74 61 .krb5data
+. [2] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. . . [Octet String] "params"
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. [3] [Octet String] "krb5data"
+. [4] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Object Identifier] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_auth_pack_draft9:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [1] [General string] "ATHENA.MIT.EDU"
+. . [2] [Integer] 123456
+. . [3] [Generalized Time] "19940610060317Z"
+. . [4] [Integer] 42
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. . . [Octet String] "params"
+. . [Bit String] <9>
+ 00 6b 72 62 35 64 61 74 61 .krb5data
+
+encode_krb5_kdc_dh_key_info:
+
+[Sequence/Sequence Of]
+. [0] [Bit String] <9>
+ 00 6b 72 62 35 64 61 74 61 .krb5data
+. [1] [Integer] 42
+. [2] [Generalized Time] "19940610060317Z"
+
+encode_krb5_reply_key_pack:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "12345678"
+. [1] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+
+encode_krb5_reply_key_pack_draft9:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "12345678"
+. [1] [Integer] 42
+
+encode_krb5_sp80056a_other_info:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. [0] [Octet String] <48>
+ 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT
+ 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0
+ 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra
+. [1] [Octet String] <48>
+ 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT
+ 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0
+ 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra
+. [2] [Octet String] "krb5data"
+
+encode_krb5_pkinit_supp_pub_info:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 1
+. [1] [Octet String] "krb5data"
+. [2] [Octet String] "krb5data"
+
print_tag_type(fp, eid, lev);
- if (print_context_shortcut &&
- ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) {
+ if (print_context_shortcut && (eid & ID_CLASS) == CLASS_CONT &&
+ (eid & ID_FORM) == FORM_CONS && lev > 0) {
rlen_ext += 2 + xlen;
enc += 2 + xlen;
goto context_restart;