From: Greg Hudson Date: Fri, 6 Jan 2012 20:52:02 +0000 (+0000) Subject: Add test cases for PKINIT ASN.1 encoders X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=138db9ebba7d0d2f69ce47584f0f1d33d7eeb348;p=krb5.git Add test cases for PKINIT ASN.1 encoders Do not add decode tests, because those would trip some bugs in the decoders, and we can't safely fix some of those bugs without interop testing. Encode tests are sufficient to detect when we unintentionally change the output of the encoders. Fix trval2() not to use the context shortcut on primitive context tags. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25609 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/configure.in b/src/configure.in index 3101439fd..67ccac2a2 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1015,12 +1015,15 @@ int i = 1; fi if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then K5_GEN_MAKEFILE(plugins/preauth/pkinit) + PKINIT=yes elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.]) else AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support]) AC_MSG_NOTICE([Disabling PKINIT support.]) + PKINIT=no fi +AC_SUBST(PKINIT) # for lib/apputils AC_REPLACE_FUNCS(daemon) diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in index 3bb385840..b2899d5f5 100644 --- a/src/tests/asn.1/Makefile.in +++ b/src/tests/asn.1/Makefile.in @@ -47,19 +47,25 @@ check-decode: krb5_decode_test export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) ./krb5_decode_test -expected_encode.out: reference_encode.out ldap_encode.out - if test "$(LDAP)" = yes; then \ - cat $(srcdir)/reference_encode.out $(srcdir)/ldap_encode.out > expected_encode.out; \ - else \ - cat $(srcdir)/reference_encode.out > expected_encode.out; \ - fi - -expected_trval.out: trval_reference.out ldap_trval.out - if test "$(LDAP)" = yes; then \ - cat $(srcdir)/trval_reference.out $(srcdir)/ldap_trval.out > expected_trval.out; \ - else \ - cat $(srcdir)/trval_reference.out > expected_trval.out; \ - fi +PKINIT_ENCODE_OUT=$(PKINIT_ENCODE_OUT-@PKINIT@) +PKINIT_ENCODE_OUT-yes=$(srcdir)/pkinit_encode.out +PKINIT_ENCODE_OUT-no= +LDAP_ENCODE_OUT=$(LDAP_ENCODE_OUT-@LDAP@) +LDAP_ENCODE_OUT-yes=$(srcdir)/ldap_encode.out +LDAP_ENCODE_OUT-no= +expected_encode.out: reference_encode.out pkinit_encode.out ldap_encode.out + cat $(srcdir)/reference_encode.out $(PKINIT_ENCODE_OUT) \ + $(LDAP_ENCODE_OUT) > $@ + +PKINIT_TRVAL_OUT=$(PKINIT_TRVAL_OUT-@PKINIT@) +PKINIT_TRVAL_OUT-yes=$(srcdir)/pkinit_trval.out +PKINIT_TRVAL_OUT-no= +LDAP_TRVAL_OUT=$(LDAP_TRVAL_OUT-@LDAP@) +LDAP_TRVAL_OUT-yes=$(srcdir)/ldap_trval.out +LDAP_TRVAL_OUT-no= +expected_trval.out: trval_reference.out pkinit_trval.out ldap_trval.out + cat $(srcdir)/trval_reference.out $(PKINIT_TRVAL_OUT) \ + $(LDAP_TRVAL_OUT) > $@ check-encode: krb5_encode_test expected_encode.out KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \ diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c index 8e76d17fd..7c0bd68d7 100644 --- a/src/tests/asn.1/krb5_encode_test.c +++ b/src/tests/asn.1/krb5_encode_test.c @@ -752,6 +752,115 @@ main(argc, argv) encode_krb5_iakerb_finished); ktest_empty_iakerb_finished(&ih); } +#ifndef DISABLE_PKINIT + /****************************************************************/ + /* encode_krb5_pa_pk_as_req */ + { + krb5_pa_pk_as_req req; + ktest_make_sample_pa_pk_as_req(&req); + encode_run(req, krb5_pa_pk_as_req, "pa_pk_as_req", "", + acc.encode_krb5_pa_pk_as_req); + ktest_empty_pa_pk_as_req(&req); + } + /****************************************************************/ + /* encode_krb5_pa_pk_as_req_draft9 */ + { + krb5_pa_pk_as_req_draft9 req; + ktest_make_sample_pa_pk_as_req_draft9(&req); + encode_run(req, krb5_pa_pk_as_req_draft9, "pa_pk_as_req_draft9", "", + acc.encode_krb5_pa_pk_as_req_draft9); + ktest_empty_pa_pk_as_req_draft9(&req); + } + /****************************************************************/ + /* encode_krb5_pa_pk_as_rep */ + { + krb5_pa_pk_as_rep rep; + ktest_make_sample_pa_pk_as_rep_dhInfo(&rep); + encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(dhInfo)", + acc.encode_krb5_pa_pk_as_rep); + ktest_empty_pa_pk_as_rep(&rep); + ktest_make_sample_pa_pk_as_rep_encKeyPack(&rep); + encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(encKeyPack)", + acc.encode_krb5_pa_pk_as_rep); + ktest_empty_pa_pk_as_rep(&rep); + } + /****************************************************************/ + /* encode_krb5_pa_pk_as_rep_draft9 */ + { + krb5_pa_pk_as_rep_draft9 rep; + ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep); + encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9", + "(dhSignedData)", acc.encode_krb5_pa_pk_as_rep_draft9); + ktest_empty_pa_pk_as_rep_draft9(&rep); + ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep); + encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9", + "(encKeyPack)", acc.encode_krb5_pa_pk_as_rep_draft9); + ktest_empty_pa_pk_as_rep_draft9(&rep); + } + /****************************************************************/ + /* encode_krb5_auth_pack */ + { + krb5_auth_pack pack; + ktest_make_sample_auth_pack(&pack); + encode_run(pack, krb5_auth_pack, "auth_pack", "", + acc.encode_krb5_auth_pack); + ktest_empty_auth_pack(&pack); + } + /****************************************************************/ + /* encode_krb5_auth_pack_draft9_draft9 */ + { + krb5_auth_pack_draft9 pack; + ktest_make_sample_auth_pack_draft9(&pack); + encode_run(pack, krb5_auth_pack_draft9, "auth_pack_draft9", "", + acc.encode_krb5_auth_pack_draft9); + ktest_empty_auth_pack_draft9(&pack); + } + /****************************************************************/ + /* encode_krb5_kdc_dh_key_info */ + { + krb5_kdc_dh_key_info ki; + ktest_make_sample_kdc_dh_key_info(&ki); + encode_run(ki, krb5_kdc_dh_key_info, "kdc_dh_key_info", "", + acc.encode_krb5_kdc_dh_key_info); + ktest_empty_kdc_dh_key_info(&ki); + } + /****************************************************************/ + /* encode_krb5_reply_key_pack */ + { + krb5_reply_key_pack pack; + ktest_make_sample_reply_key_pack(&pack); + encode_run(pack, krb5_reply_key_pack, "reply_key_pack", "", + acc.encode_krb5_reply_key_pack); + ktest_empty_reply_key_pack(&pack); + } + /****************************************************************/ + /* encode_krb5_reply_key_pack_draft9 */ + { + krb5_reply_key_pack_draft9 pack; + ktest_make_sample_reply_key_pack_draft9(&pack); + encode_run(pack, krb5_reply_key_pack_draft9, "reply_key_pack_draft9", + "", acc.encode_krb5_reply_key_pack_draft9); + ktest_empty_reply_key_pack_draft9(&pack); + } + /****************************************************************/ + /* encode_krb5_sp80056a_other_info */ + { + krb5_sp80056a_other_info info; + ktest_make_sample_sp80056a_other_info(&info); + encode_run(info, krb5_sp80056a_other_info, "sp80056a_other_info", + "", encode_krb5_sp80056a_other_info); + ktest_empty_sp80056a_other_info(&info); + } + /****************************************************************/ + /* encode_krb5_pkinit_supp_pub_info */ + { + krb5_pkinit_supp_pub_info info; + ktest_make_sample_pkinit_supp_pub_info(&info); + encode_run(info, krb5_pkinit_supp_pub_info, "pkinit_supp_pub_info", + "", encode_krb5_pkinit_supp_pub_info); + ktest_empty_pkinit_supp_pub_info(&info); + } +#endif /* not DISABLE_PKINIT */ #ifdef ENABLE_LDAP { ldap_seqof_key_data skd; diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index 1580e2277..f89157c7b 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -641,6 +641,223 @@ ktest_make_sample_iakerb_finished(krb5_iakerb_finished *ih) ktest_make_sample_checksum(&ih->checksum); } +#ifndef DISABLE_PKINIT + +static void +ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p) +{ + p->cusec = SAMPLE_USEC; + p->ctime = SAMPLE_TIME; + p->nonce = SAMPLE_NONCE; + ktest_make_sample_checksum(&p->paChecksum); +} + +static void +ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) +{ + ktest_make_sample_principal(&p->kdcName); + ktest_make_sample_data(&p->kdcRealm); + p->cusec = SAMPLE_USEC; + p->ctime = SAMPLE_TIME; + p->nonce = SAMPLE_NONCE; +} + +static void +ktest_make_sample_oid(krb5_data *p) +{ + krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002"); +} + +static void +ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p) +{ + ktest_make_sample_oid(&p->algorithm); + /* Need a valid DER encoding here; this is the OCTET STRING "params". */ + krb5_data_parse(&p->parameters, "\x04\x06" "params"); +} + +static void +ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p) +{ + ktest_make_sample_oid(&p->algorithm); + p->parameters = empty_data(); +} + +static void +ktest_make_sample_subject_pk_info(krb5_subject_pk_info *p) +{ + ktest_make_sample_algorithm_identifier(&p->algorithm); + ktest_make_sample_data(&p->subjectPublicKey); +} + +static void +ktest_make_sample_external_principal_identifier( + krb5_external_principal_identifier *p) +{ + ktest_make_sample_data(&p->subjectName); + ktest_make_sample_data(&p->issuerAndSerialNumber); + ktest_make_sample_data(&p->subjectKeyIdentifier); +} + +static void +ktest_make_sample_trusted_ca_principalName(krb5_trusted_ca *p) +{ + p->choice = choice_trusted_cas_principalName; + ktest_make_sample_principal(&p->u.principalName); +} + +static void +ktest_make_sample_trusted_ca_caName(krb5_trusted_ca *p) +{ + p->choice = choice_trusted_cas_caName; + ktest_make_sample_data(&p->u.caName); +} + +static void +ktest_make_sample_trusted_ca_issuerAndSerial(krb5_trusted_ca *p) +{ + p->choice = choice_trusted_cas_issuerAndSerial; + ktest_make_sample_data(&p->u.issuerAndSerial); +} + +void +ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p) +{ + ktest_make_sample_data(&p->signedAuthPack); + p->trustedCertifiers = + ealloc(2 * sizeof(krb5_external_principal_identifier *)); + p->trustedCertifiers[0] = + ealloc(sizeof(krb5_external_principal_identifier)); + ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]); + p->trustedCertifiers[1] = NULL; + ktest_make_sample_data(&p->kdcPkId); +} + +void +ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p) +{ + int i; + + ktest_make_sample_data(&p->signedAuthPack); + p->trustedCertifiers = + ealloc(4 * sizeof(krb5_external_principal_identifier *)); + for (i = 0; i < 3; i++) { + p->trustedCertifiers[i] = + ealloc(sizeof(krb5_external_principal_identifier)); + } + ktest_make_sample_trusted_ca_principalName(p->trustedCertifiers[0]); + ktest_make_sample_trusted_ca_caName(p->trustedCertifiers[1]); + ktest_make_sample_trusted_ca_issuerAndSerial(p->trustedCertifiers[2]); + p->trustedCertifiers[3] = NULL; + ktest_make_sample_data(&p->kdcCert); + ktest_make_sample_data(&p->encryptionCert); +} + +static void +ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p) +{ + ktest_make_sample_data(&p->dhSignedData); + ktest_make_sample_data(&p->serverDHNonce); + p->kdfID = ealloc(sizeof(krb5_data)); + ktest_make_sample_data(p->kdfID); +} + +void +ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p) +{ + p->choice = choice_pa_pk_as_rep_dhInfo; + ktest_make_sample_dh_rep_info(&p->u.dh_Info); +} + +void +ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p) +{ + p->choice = choice_pa_pk_as_rep_encKeyPack; + ktest_make_sample_data(&p->u.encKeyPack); +} + +void +ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p) +{ + p->choice = choice_pa_pk_as_rep_draft9_dhSignedData; + ktest_make_sample_data(&p->u.dhSignedData); +} + +void +ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p) +{ + p->choice = choice_pa_pk_as_rep_draft9_encKeyPack; + ktest_make_sample_data(&p->u.encKeyPack); +} + +void +ktest_make_sample_auth_pack(krb5_auth_pack *p) +{ + ktest_make_sample_pk_authenticator(&p->pkAuthenticator); + p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info)); + ktest_make_sample_subject_pk_info(p->clientPublicValue); + p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *)); + p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier)); + ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]); + p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier)); + ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]); + p->supportedCMSTypes[2] = NULL; + ktest_make_sample_data(&p->clientDHNonce); + p->supportedKDFs = ealloc(2 * sizeof(krb5_data )); + p->supportedKDFs[0] = ealloc(sizeof(krb5_data)); + ktest_make_sample_data(p->supportedKDFs[0]); + p->supportedKDFs[1] = NULL; +} + +void +ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p) +{ + ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator); + p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info)); + ktest_make_sample_subject_pk_info(p->clientPublicValue); +} + +void +ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p) +{ + ktest_make_sample_data(&p->subjectPublicKey); + p->nonce = SAMPLE_NONCE; + p->dhKeyExpiration = SAMPLE_TIME; +} + +void +ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p) +{ + ktest_make_sample_keyblock(&p->replyKey); + ktest_make_sample_checksum(&p->asChecksum); +} + +void +ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p) +{ + ktest_make_sample_keyblock(&p->replyKey); + p->nonce = SAMPLE_NONCE; +} + +void +ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p) +{ + ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier); + ktest_make_sample_principal(&p->party_u_info); + ktest_make_sample_principal(&p->party_v_info); + ktest_make_sample_data(&p->supp_pub_info); +} + +void +ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p) +{ + p->enctype = ENCTYPE_DES_CBC_CRC; + ktest_make_sample_data(&p->as_req); + ktest_make_sample_data(&p->pk_as_rep); +} + +#endif /* not DISABLE_PKINIT */ + #ifdef ENABLE_LDAP static void ktest_make_sample_key_data(krb5_key_data *p, int i) @@ -713,6 +930,13 @@ ktest_empty_data(krb5_data *d) } } +static void +ktest_empty_checksum(krb5_checksum *cs) +{ + free(cs->contents); + cs->contents = NULL; +} + void ktest_destroy_checksum(krb5_checksum **cs) { @@ -1261,6 +1485,195 @@ ktest_empty_iakerb_finished(krb5_iakerb_finished *p) krb5_free_checksum_contents(NULL, &p->checksum); } +#ifndef DISABLE_PKINIT + +static void +ktest_empty_pk_authenticator(krb5_pk_authenticator *p) +{ + ktest_empty_checksum(&p->paChecksum); + p->paChecksum.contents = NULL; +} + +static void +ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p) +{ + ktest_destroy_principal(&p->kdcName); + ktest_empty_data(&p->kdcRealm); +} + +static void +ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p) +{ + ktest_empty_data(&p->algorithm); + ktest_empty_data(&p->parameters); +} + +static void +ktest_empty_subject_pk_info(krb5_subject_pk_info *p) +{ + ktest_empty_algorithm_identifier(&p->algorithm); + ktest_empty_data(&p->subjectPublicKey); +} + +static void +ktest_empty_external_principal_identifier( + krb5_external_principal_identifier *p) +{ + ktest_empty_data(&p->subjectName); + ktest_empty_data(&p->issuerAndSerialNumber); + ktest_empty_data(&p->subjectKeyIdentifier); +} + +static void +ktest_empty_trusted_ca(krb5_trusted_ca *p) +{ + if (p->choice == choice_trusted_cas_principalName) + ktest_destroy_principal(&p->u.principalName); + else if (p->choice == choice_trusted_cas_caName) + ktest_empty_data(&p->u.caName); + else if (p->choice == choice_trusted_cas_issuerAndSerial) + ktest_empty_data(&p->u.issuerAndSerial); + p->choice = choice_trusted_cas_UNKNOWN; +} + +void +ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p) +{ + krb5_external_principal_identifier **pi; + + ktest_empty_data(&p->signedAuthPack); + for (pi = p->trustedCertifiers; *pi != NULL; pi++) { + ktest_empty_external_principal_identifier(*pi); + free(*pi); + } + free(p->trustedCertifiers); + p->trustedCertifiers = NULL; + ktest_empty_data(&p->kdcPkId); +} + +void +ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p) +{ + krb5_trusted_ca **ca; + + ktest_empty_data(&p->signedAuthPack); + if (p->trustedCertifiers != NULL) { + for (ca = p->trustedCertifiers; *ca != NULL; ca++) { + ktest_empty_trusted_ca(*ca); + free(*ca); + } + free(p->trustedCertifiers); + p->trustedCertifiers = NULL; + } + ktest_empty_data(&p->kdcCert); + ktest_empty_data(&p->encryptionCert); +} + +static void +ktest_empty_dh_rep_info(krb5_dh_rep_info *p) +{ + ktest_empty_data(&p->dhSignedData); + ktest_empty_data(&p->serverDHNonce); + ktest_destroy_data(&p->kdfID); +} + +void +ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p) +{ + if (p->choice == choice_pa_pk_as_rep_dhInfo) + ktest_empty_dh_rep_info(&p->u.dh_Info); + else if (p->choice == choice_pa_pk_as_rep_encKeyPack) + ktest_empty_data(&p->u.encKeyPack); + p->choice = choice_pa_pk_as_rep_UNKNOWN; +} + +void +ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p) +{ + if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData) + ktest_empty_data(&p->u.dhSignedData); + else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack) + ktest_empty_data(&p->u.encKeyPack); + p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; +} + +void +ktest_empty_auth_pack(krb5_auth_pack *p) +{ + krb5_algorithm_identifier **ai; + krb5_data **d; + + ktest_empty_pk_authenticator(&p->pkAuthenticator); + if (p->clientPublicValue != NULL) { + ktest_empty_subject_pk_info(p->clientPublicValue); + free(p->clientPublicValue); + p->clientPublicValue = NULL; + } + if (p->supportedCMSTypes != NULL) { + for (ai = p->supportedCMSTypes; *ai != NULL; ai++) { + ktest_empty_algorithm_identifier(*ai); + free(*ai); + } + free(p->supportedCMSTypes); + p->supportedCMSTypes = NULL; + } + ktest_empty_data(&p->clientDHNonce); + if (p->supportedKDFs != NULL) { + for (d = p->supportedKDFs; *d != NULL; d++) { + ktest_empty_data(*d); + free(*d); + } + free(p->supportedKDFs); + p->supportedKDFs = NULL; + } +} + +void +ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p) +{ + ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator); + if (p->clientPublicValue != NULL) { + ktest_empty_subject_pk_info(p->clientPublicValue); + free(p->clientPublicValue); + p->clientPublicValue = NULL; + } +} + +void +ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p) +{ + ktest_empty_data(&p->subjectPublicKey); +} + +void +ktest_empty_reply_key_pack(krb5_reply_key_pack *p) +{ + ktest_empty_keyblock(&p->replyKey); + ktest_empty_checksum(&p->asChecksum); +} + +void +ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p) +{ + ktest_empty_keyblock(&p->replyKey); +} + +void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p) +{ + ktest_empty_algorithm_identifier(&p->algorithm_identifier); + ktest_destroy_principal(&p->party_u_info); + ktest_destroy_principal(&p->party_v_info); + ktest_empty_data(&p->supp_pub_info); +} + +void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p) +{ + ktest_empty_data(&p->as_req); + ktest_empty_data(&p->pk_as_rep); +} + +#endif /* not DISABLE_PKINIT */ + #ifdef ENABLE_LDAP void ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p) diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h index 70a5507f9..8deb39ac8 100644 --- a/src/tests/asn.1/ktest.h +++ b/src/tests/asn.1/ktest.h @@ -94,6 +94,24 @@ void ktest_make_sample_ad_signedpath(krb5_ad_signedpath *p); void ktest_make_sample_iakerb_header(krb5_iakerb_header *p); void ktest_make_sample_iakerb_finished(krb5_iakerb_finished *p); +#ifndef DISABLE_PKINIT +void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p); +void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p); +void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p); +void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p); +void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData( + krb5_pa_pk_as_rep_draft9 *p); +void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack( + krb5_pa_pk_as_rep_draft9 *p); +void ktest_make_sample_auth_pack(krb5_auth_pack *p); +void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p); +void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p); +void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p); +void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p); +void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p); +void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p); +#endif + #ifdef ENABLE_LDAP void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p); #endif @@ -161,6 +179,20 @@ void ktest_empty_ad_signedpath(krb5_ad_signedpath *p); void ktest_empty_iakerb_header(krb5_iakerb_header *p); void ktest_empty_iakerb_finished(krb5_iakerb_finished *p); +#ifndef DISABLE_PKINIT +void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p); +void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p); +void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p); +void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p); +void ktest_empty_auth_pack(krb5_auth_pack *p); +void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p); +void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p); +void ktest_empty_reply_key_pack(krb5_reply_key_pack *p); +void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p); +void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p); +void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p); +#endif + #ifdef ENABLE_LDAP void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p); #endif diff --git a/src/tests/asn.1/pkinit_encode.out b/src/tests/asn.1/pkinit_encode.out new file mode 100644 index 000000000..e613a9ab2 --- /dev/null +++ b/src/tests/asn.1/pkinit_encode.out @@ -0,0 +1,13 @@ +encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_req_draft9: 30 52 80 08 6B 72 62 35 64 61 74 61 A1 32 30 30 80 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 83 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep(dhInfo): A0 26 30 24 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61 +encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61 +encode_krb5_auth_pack: 30 81 93 A0 29 30 27 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61 +encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 +encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A +encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 +encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A +encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61 +encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 01 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61 diff --git a/src/tests/asn.1/pkinit_trval.out b/src/tests/asn.1/pkinit_trval.out new file mode 100644 index 000000000..9959afa9f --- /dev/null +++ b/src/tests/asn.1/pkinit_trval.out @@ -0,0 +1,160 @@ +encode_krb5_pa_pk_as_req: + +[Sequence/Sequence Of] +. [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [1] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . . [1] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . . [2] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [2] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_req_draft9: + +[Sequence/Sequence Of] +. [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [1] [Sequence/Sequence Of] +. . [0] <26> + 30 18 a0 03 02 01 01 a1 11 30 0f 1b 06 68 66 0........0...hf + 74 73 61 69 1b 05 65 78 74 72 61 tsai..extra +. . [1] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . [2] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [2] <8> + 6b 72 62 35 64 61 74 61 krb5data +. [3] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep(dhInfo): + +[CONT 0] +. [Sequence/Sequence Of] +. . [0] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . [1] <8> + 6b 72 62 35 64 61 74 61 krb5data +. . [2] [Sequence/Sequence Of] +. . . [0] [Object Identifier] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep(encKeyPack): + +[CONT 1] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep_draft9(dhSignedData): + +[CONT 0] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_pa_pk_as_rep_draft9(encKeyPack): + +[CONT 1] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_auth_pack: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 123456 +. . [1] [Generalized Time] "19940610060317Z" +. . [2] [Integer] 42 +. . [3] [Octet String] "1234" +. [1] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. . . [Octet String] "params" +. . [Bit String] <9> + 00 6b 72 62 35 64 61 74 61 .krb5data +. [2] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. . . [Octet String] "params" +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. [3] [Octet String] "krb5data" +. [4] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] [Object Identifier] <8> + 6b 72 62 35 64 61 74 61 krb5data + +encode_krb5_auth_pack_draft9: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Sequence/Sequence Of] +. . . . [General string] "hftsai" +. . . . [General string] "extra" +. . [1] [General string] "ATHENA.MIT.EDU" +. . [2] [Integer] 123456 +. . [3] [Generalized Time] "19940610060317Z" +. . [4] [Integer] 42 +. [1] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. . . [Octet String] "params" +. . [Bit String] <9> + 00 6b 72 62 35 64 61 74 61 .krb5data + +encode_krb5_kdc_dh_key_info: + +[Sequence/Sequence Of] +. [0] [Bit String] <9> + 00 6b 72 62 35 64 61 74 61 .krb5data +. [1] [Integer] 42 +. [2] [Generalized Time] "19940610060317Z" + +encode_krb5_reply_key_pack: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "12345678" +. [1] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "1234" + +encode_krb5_reply_key_pack_draft9: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "12345678" +. [1] [Integer] 42 + +encode_krb5_sp80056a_other_info: + +[Sequence/Sequence Of] +. [Sequence/Sequence Of] +. . [Object Identifier] <9> + 2a 86 48 86 f7 12 01 02 02 *.H...... +. [0] [Octet String] <48> + 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT + 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0 + 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra +. [1] [Octet String] <48> + 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT + 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0 + 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra +. [2] [Octet String] "krb5data" + +encode_krb5_pkinit_supp_pub_info: + +[Sequence/Sequence Of] +. [0] [Integer] 1 +. [1] [Octet String] "krb5data" +. [2] [Octet String] "krb5data" + diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c index 780d60c7d..bdfea4e2f 100644 --- a/src/tests/asn.1/trval.c +++ b/src/tests/asn.1/trval.c @@ -221,8 +221,8 @@ context_restart: print_tag_type(fp, eid, lev); - if (print_context_shortcut && - ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) { + if (print_context_shortcut && (eid & ID_CLASS) == CLASS_CONT && + (eid & ID_FORM) == FORM_CONS && lev > 0) { rlen_ext += 2 + xlen; enc += 2 + xlen; goto context_restart;