tests/krb5: Add methods for creating zeroed checksums and verifying checksums

Creating a zeroed checksum is needed for signing a PAC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index 398212409419cb46cf9fd7fb28343620318beaca..be49f16b1f78733b027579c8efead6f433577c47 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -232,12 +232,29 @@ class Krb5EncryptionKey:
         plaintext = kcrypto.decrypt(self.key, usage, ciphertext)
         return plaintext
 
+    def make_zeroed_checksum(self, ctype=None):
+        if ctype is None:
+            ctype = self.ctype
+
+        checksum_len = kcrypto.checksum_len(ctype)
+        return bytes(checksum_len)
+
     def make_checksum(self, usage, plaintext, ctype=None):
         if ctype is None:
             ctype = self.ctype
         cksum = kcrypto.make_checksum(ctype, self.key, usage, plaintext)
         return cksum
 
+    def verify_checksum(self, usage, plaintext, ctype, cksum):
+        if self.ctype != ctype:
+            raise AssertionError(f'{self.ctype} != {ctype}')
+
+        kcrypto.verify_checksum(ctype,
+                                self.key,
+                                usage,
+                                plaintext,
+                                cksum)
+
     def export_obj(self):
         EncryptionKey_obj = {
             'keytype': self.etype,