krb5_data *freshnessToken;
} krb5_pk_authenticator;
-/* PKAuthenticator draft9 */
-typedef struct _krb5_pk_authenticator_draft9 {
- krb5_principal kdcName;
- krb5_int32 cusec; /* (0..999999) */
- krb5_timestamp ctime;
- krb5_int32 nonce; /* (0..4294967295) */
-} krb5_pk_authenticator_draft9;
-
/* AlgorithmIdentifier */
typedef struct _krb5_algorithm_identifier {
krb5_data algorithm; /* OID */
krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
} krb5_auth_pack;
-/* AuthPack draft9 */
-typedef struct _krb5_auth_pack_draft9 {
- krb5_pk_authenticator_draft9 pkAuthenticator;
- krb5_subject_pk_info *clientPublicValue; /* Optional */
-} krb5_auth_pack_draft9;
-
/* ExternalPrincipalIdentifier */
typedef struct _krb5_external_principal_identifier {
krb5_data subjectName; /* Optional */
krb5_data subjectKeyIdentifier; /* Optional */
} krb5_external_principal_identifier;
-/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
-/* This has four fields, but we only care about the first and third for
- * encoding, and the only about the first for decoding. */
-typedef struct _krb5_pa_pk_as_req_draft9 {
- krb5_data signedAuthPack;
- krb5_data kdcCert; /* Optional */
-} krb5_pa_pk_as_req_draft9;
-
/* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
typedef struct _krb5_pa_pk_as_req {
krb5_data signedAuthPack;
krb5_timestamp dhKeyExpiration; /* Optional */
} krb5_kdc_dh_key_info;
-/* KDCDHKeyInfo draft9*/
-typedef struct _krb5_kdc_dh_key_info_draft9 {
- krb5_data subjectPublicKey; /* BIT STRING */
- krb5_int32 nonce; /* (0..4294967295) */
-} krb5_kdc_dh_key_info_draft9;
-
/* ReplyKeyPack */
typedef struct _krb5_reply_key_pack {
krb5_keyblock replyKey;
krb5_checksum asChecksum;
} krb5_reply_key_pack;
-/* ReplyKeyPack */
-typedef struct _krb5_reply_key_pack_draft9 {
- krb5_keyblock replyKey;
- krb5_int32 nonce;
-} krb5_reply_key_pack_draft9;
-
-/* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */
-typedef struct _krb5_pa_pk_as_rep_draft9 {
- enum krb5_pa_pk_as_rep_draft9_selection {
- choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
- choice_pa_pk_as_rep_draft9_dhSignedData = 0,
- choice_pa_pk_as_rep_draft9_encKeyPack = 1
- } choice;
- union krb5_pa_pk_as_rep_draft9_choices {
- krb5_data dhSignedData;
- krb5_data encKeyPack;
- } u;
-} krb5_pa_pk_as_rep_draft9;
-
/* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
typedef struct _krb5_pa_pk_as_rep {
enum krb5_pa_pk_as_rep_selection {
krb5_error_code
encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code);
-krb5_error_code
-encode_krb5_pa_pk_as_req_draft9(const krb5_pa_pk_as_req_draft9 *rep,
- krb5_data **code);
-
krb5_error_code
encode_krb5_pa_pk_as_rep(const krb5_pa_pk_as_rep *rep, krb5_data **code);
-krb5_error_code
-encode_krb5_pa_pk_as_rep_draft9(const krb5_pa_pk_as_rep_draft9 *rep,
- krb5_data **code);
-
krb5_error_code
encode_krb5_auth_pack(const krb5_auth_pack *rep, krb5_data **code);
-krb5_error_code
-encode_krb5_auth_pack_draft9(const krb5_auth_pack_draft9 *rep,
- krb5_data **code);
-
krb5_error_code
encode_krb5_kdc_dh_key_info(const krb5_kdc_dh_key_info *rep, krb5_data **code);
krb5_error_code
encode_krb5_reply_key_pack(const krb5_reply_key_pack *, krb5_data **code);
-krb5_error_code
-encode_krb5_reply_key_pack_draft9(const krb5_reply_key_pack_draft9 *,
- krb5_data **code);
-
krb5_error_code
encode_krb5_td_trusted_certifiers(krb5_external_principal_identifier *const *,
krb5_data **code);
krb5_error_code
decode_krb5_pa_pk_as_req(const krb5_data *, krb5_pa_pk_as_req **);
-krb5_error_code
-decode_krb5_pa_pk_as_req_draft9(const krb5_data *,
- krb5_pa_pk_as_req_draft9 **);
-
krb5_error_code
decode_krb5_pa_pk_as_rep(const krb5_data *, krb5_pa_pk_as_rep **);
krb5_error_code
decode_krb5_auth_pack(const krb5_data *, krb5_auth_pack **);
-krb5_error_code
-decode_krb5_auth_pack_draft9(const krb5_data *, krb5_auth_pack_draft9 **);
-
krb5_error_code
decode_krb5_kdc_dh_key_info(const krb5_data *, krb5_kdc_dh_key_info **);
krb5_error_code
decode_krb5_reply_key_pack(const krb5_data *, krb5_reply_key_pack **);
-krb5_error_code
-decode_krb5_reply_key_pack_draft9(const krb5_data *,
- krb5_reply_key_pack_draft9 **);
-
krb5_error_code
decode_krb5_td_trusted_certifiers(const krb5_data *,
krb5_external_principal_identifier ***);
/* To keep happy libraries which are (for now) accessing internal stuff */
/* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 22
+#define KRB5INT_ACCESS_STRUCT_VERSION 23
typedef struct _krb5int_access {
krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
krb5_error_code
(*encode_krb5_auth_pack)(const krb5_auth_pack *rep, krb5_data **code);
- krb5_error_code
- (*encode_krb5_auth_pack_draft9)(const krb5_auth_pack_draft9 *rep,
- krb5_data **code);
-
krb5_error_code
(*encode_krb5_kdc_dh_key_info)(const krb5_kdc_dh_key_info *rep,
krb5_data **code);
(*encode_krb5_pa_pk_as_rep)(const krb5_pa_pk_as_rep *rep,
krb5_data **code);
- krb5_error_code
- (*encode_krb5_pa_pk_as_rep_draft9)(const krb5_pa_pk_as_rep_draft9 *rep,
- krb5_data **code);
-
krb5_error_code
(*encode_krb5_pa_pk_as_req)(const krb5_pa_pk_as_req *rep,
krb5_data **code);
- krb5_error_code
- (*encode_krb5_pa_pk_as_req_draft9)(const krb5_pa_pk_as_req_draft9 *rep,
- krb5_data **code);
-
krb5_error_code
(*encode_krb5_reply_key_pack)(const krb5_reply_key_pack *,
krb5_data **code);
- krb5_error_code
- (*encode_krb5_reply_key_pack_draft9)(const krb5_reply_key_pack_draft9 *,
- krb5_data **code);
-
krb5_error_code
(*encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
krb5_data **code);
krb5_error_code
(*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **);
- krb5_error_code
- (*decode_krb5_auth_pack_draft9)(const krb5_data *,
- krb5_auth_pack_draft9 **);
-
krb5_error_code
(*decode_krb5_pa_pk_as_req)(const krb5_data *, krb5_pa_pk_as_req **);
- krb5_error_code
- (*decode_krb5_pa_pk_as_req_draft9)(const krb5_data *,
- krb5_pa_pk_as_req_draft9 **);
-
krb5_error_code
(*decode_krb5_pa_pk_as_rep)(const krb5_data *, krb5_pa_pk_as_rep **);
krb5_error_code
(*decode_krb5_reply_key_pack)(const krb5_data *, krb5_reply_key_pack **);
- krb5_error_code
- (*decode_krb5_reply_key_pack_draft9)(const krb5_data *,
- krb5_reply_key_pack_draft9 **);
-
krb5_error_code
(*decode_krb5_td_dh_parameters)(const krb5_data *,
krb5_algorithm_identifier ***);
};
DEFSEQTYPE(pk_authenticator, krb5_pk_authenticator, pk_authenticator_fields);
-DEFFIELD(pkauth9_0, krb5_pk_authenticator_draft9, kdcName, 0, principal);
-DEFFIELD(pkauth9_1, krb5_pk_authenticator_draft9, kdcName, 1,
- realm_of_principal);
-DEFFIELD(pkauth9_2, krb5_pk_authenticator_draft9, cusec, 2, int32);
-DEFFIELD(pkauth9_3, krb5_pk_authenticator_draft9, ctime, 3, kerberos_time);
-DEFFIELD(pkauth9_4, krb5_pk_authenticator_draft9, nonce, 4, int32);
-static const struct atype_info *pk_authenticator_draft9_fields[] = {
- &k5_atype_pkauth9_0, &k5_atype_pkauth9_1, &k5_atype_pkauth9_2,
- &k5_atype_pkauth9_3, &k5_atype_pkauth9_4
-};
-DEFSEQTYPE(pk_authenticator_draft9, krb5_pk_authenticator_draft9,
- pk_authenticator_draft9_fields);
-
DEFCOUNTEDSTRINGTYPE(s_bitstring, char *, unsigned int,
k5_asn1_encode_bitstring, k5_asn1_decode_bitstring,
ASN1_BITSTRING);
};
DEFSEQTYPE(auth_pack, krb5_auth_pack, auth_pack_fields);
-DEFFIELD(auth_pack9_0, krb5_auth_pack_draft9, pkAuthenticator, 0,
- pk_authenticator_draft9);
-DEFFIELD(auth_pack9_1, krb5_auth_pack_draft9, clientPublicValue, 1,
- opt_subject_pk_info_ptr);
-static const struct atype_info *auth_pack_draft9_fields[] = {
- &k5_atype_auth_pack9_0, &k5_atype_auth_pack9_1
-};
-DEFSEQTYPE(auth_pack_draft9, krb5_auth_pack_draft9, auth_pack_draft9_fields);
-
DEFFIELD_IMPLICIT(extprinc_0, krb5_external_principal_identifier,
subjectName, 0, opt_ostring_data);
DEFFIELD_IMPLICIT(extprinc_1, krb5_external_principal_identifier,
};
DEFSEQTYPE(pa_pk_as_req, krb5_pa_pk_as_req, pa_pk_as_req_fields);
-/*
- * In draft-ietf-cat-kerberos-pk-init-09, this sequence has four fields, but we
- * only ever use the first and third. The fields are specified as explicitly
- * tagged, but our historical behavior is to pretend that they are wrapped in
- * IMPLICIT OCTET STRING (i.e., generate primitive context tags), and we don't
- * want to change that without interop testing.
- */
-DEFFIELD_IMPLICIT(pa_pk_as_req9_0, krb5_pa_pk_as_req_draft9, signedAuthPack, 0,
- ostring_data);
-DEFFIELD_IMPLICIT(pa_pk_as_req9_2, krb5_pa_pk_as_req_draft9, kdcCert, 2,
- opt_ostring_data);
-static const struct atype_info *pa_pk_as_req_draft9_fields[] = {
- &k5_atype_pa_pk_as_req9_0, &k5_atype_pa_pk_as_req9_2
-};
-DEFSEQTYPE(pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9,
- pa_pk_as_req_draft9_fields);
-/* For decoding, we only care about the first field; we can ignore the rest. */
-static const struct atype_info *pa_pk_as_req_draft9_decode_fields[] = {
- &k5_atype_pa_pk_as_req9_0
-};
-DEFSEQTYPE(pa_pk_as_req_draft9_decode, krb5_pa_pk_as_req_draft9,
- pa_pk_as_req_draft9_decode_fields);
-
DEFFIELD_IMPLICIT(dh_rep_info_0, krb5_dh_rep_info, dhSignedData, 0,
ostring_data);
DEFFIELD(dh_rep_info_1, krb5_dh_rep_info, serverDHNonce, 1, opt_ostring_data);
};
DEFSEQTYPE(reply_key_pack, krb5_reply_key_pack, reply_key_pack_fields);
-DEFFIELD(key_pack9_0, krb5_reply_key_pack_draft9, replyKey, 0, encryption_key);
-DEFFIELD(key_pack9_1, krb5_reply_key_pack_draft9, nonce, 1, int32);
-static const struct atype_info *reply_key_pack_draft9_fields[] = {
- &k5_atype_key_pack9_0, &k5_atype_key_pack9_1
-};
-DEFSEQTYPE(reply_key_pack_draft9, krb5_reply_key_pack_draft9,
- reply_key_pack_draft9_fields);
-
DEFCTAGGEDTYPE(pa_pk_as_rep_0, 0, dh_rep_info);
DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep_1, 1, ostring_data);
static const struct atype_info *pa_pk_as_rep_alternatives[] = {
DEFCOUNTEDTYPE_SIGNED(pa_pk_as_rep, krb5_pa_pk_as_rep, u, choice,
pa_pk_as_rep_choice);
-/*
- * draft-ietf-cat-kerberos-pk-init-09 specifies these alternatives as
- * explicitly tagged SignedData and EnvelopedData respectively, which means
- * they should have constructed context tags. However, our historical behavior
- * is to use primitive context tags, and we don't want to change that behavior
- * without interop testing. We have the encodings for each alternative in a
- * krb5_data object; pretend that they are wrapped in IMPLICIT OCTET STRING in
- * order to wrap them in primitive [0] and [1] tags.
- */
-DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep9_0, 0, ostring_data);
-DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep9_1, 1, ostring_data);
-static const struct atype_info *pa_pk_as_rep_draft9_alternatives[] = {
- &k5_atype_pa_pk_as_rep9_0, &k5_atype_pa_pk_as_rep9_1
-};
-DEFCHOICETYPE(pa_pk_as_rep_draft9_choice,
- union krb5_pa_pk_as_rep_draft9_choices,
- enum krb5_pa_pk_as_rep_draft9_selection,
- pa_pk_as_rep_draft9_alternatives);
-DEFCOUNTEDTYPE_SIGNED(pa_pk_as_rep_draft9, krb5_pa_pk_as_rep_draft9, u, choice,
- pa_pk_as_rep_draft9_choice);
-
MAKE_ENCODER(encode_krb5_pa_pk_as_req, pa_pk_as_req);
MAKE_DECODER(decode_krb5_pa_pk_as_req, pa_pk_as_req);
-MAKE_ENCODER(encode_krb5_pa_pk_as_req_draft9, pa_pk_as_req_draft9);
-MAKE_DECODER(decode_krb5_pa_pk_as_req_draft9, pa_pk_as_req_draft9_decode);
MAKE_ENCODER(encode_krb5_pa_pk_as_rep, pa_pk_as_rep);
MAKE_DECODER(decode_krb5_pa_pk_as_rep, pa_pk_as_rep);
-MAKE_ENCODER(encode_krb5_pa_pk_as_rep_draft9, pa_pk_as_rep_draft9);
MAKE_ENCODER(encode_krb5_auth_pack, auth_pack);
MAKE_DECODER(decode_krb5_auth_pack, auth_pack);
-MAKE_ENCODER(encode_krb5_auth_pack_draft9, auth_pack_draft9);
-MAKE_DECODER(decode_krb5_auth_pack_draft9, auth_pack_draft9);
MAKE_ENCODER(encode_krb5_kdc_dh_key_info, kdc_dh_key_info);
MAKE_DECODER(decode_krb5_kdc_dh_key_info, kdc_dh_key_info);
MAKE_ENCODER(encode_krb5_reply_key_pack, reply_key_pack);
MAKE_DECODER(decode_krb5_reply_key_pack, reply_key_pack);
-MAKE_ENCODER(encode_krb5_reply_key_pack_draft9, reply_key_pack_draft9);
-MAKE_DECODER(decode_krb5_reply_key_pack_draft9, reply_key_pack_draft9);
MAKE_ENCODER(encode_krb5_td_trusted_certifiers,
seqof_external_principal_identifier);
MAKE_DECODER(decode_krb5_td_trusted_certifiers,
#define SC(FIELD, VAL) S(FIELD, 0)
#endif
SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req),
- SC (encode_krb5_pa_pk_as_req_draft9, encode_krb5_pa_pk_as_req_draft9),
SC (encode_krb5_pa_pk_as_rep, encode_krb5_pa_pk_as_rep),
- SC (encode_krb5_pa_pk_as_rep_draft9, encode_krb5_pa_pk_as_rep_draft9),
SC (encode_krb5_auth_pack, encode_krb5_auth_pack),
- SC (encode_krb5_auth_pack_draft9, encode_krb5_auth_pack_draft9),
SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info),
SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack),
- SC (encode_krb5_reply_key_pack_draft9, encode_krb5_reply_key_pack_draft9),
SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers),
SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters),
SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req),
- SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9),
SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep),
SC (decode_krb5_auth_pack, decode_krb5_auth_pack),
- SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9),
SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info),
SC (decode_krb5_principal_name, decode_krb5_principal_name),
SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack),
- SC (decode_krb5_reply_key_pack_draft9, decode_krb5_reply_key_pack_draft9),
SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers),
SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),
#ifndef DISABLE_PKINIT
static int equal_principal(krb5_principal *ref, krb5_principal var);
static void ktest_free_auth_pack(krb5_context context, krb5_auth_pack *val);
-static void ktest_free_auth_pack_draft9(krb5_context context,
- krb5_auth_pack_draft9 *val);
static void ktest_free_kdc_dh_key_info(krb5_context context,
krb5_kdc_dh_key_info *val);
static void ktest_free_pa_pk_as_req(krb5_context context,
krb5_pa_pk_as_rep *val);
static void ktest_free_reply_key_pack(krb5_context context,
krb5_reply_key_pack *val);
-static void ktest_free_reply_key_pack_draft9(krb5_context context,
- krb5_reply_key_pack_draft9 *val);
#endif
static void ktest_free_kkdcp_message(krb5_context context,
krb5_kkdcp_message *val);
ktest_empty_auth_pack(&ref);
}
- /****************************************************************/
- /* decode_krb5_auth_pack_draft9 */
- {
- setup(krb5_auth_pack_draft9,ktest_make_sample_auth_pack_draft9);
- decode_run("krb5_auth_pack_draft9","","30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61",
- acc.decode_krb5_auth_pack_draft9,
- ktest_equal_auth_pack_draft9,ktest_free_auth_pack_draft9);
- ktest_empty_auth_pack_draft9(&ref);
- }
-
/****************************************************************/
/* decode_krb5_kdc_dh_key_info */
{
ktest_empty_reply_key_pack(&ref);
}
- /****************************************************************/
- /* decode_krb5_reply_key_pack_draft9 */
- {
- setup(krb5_reply_key_pack_draft9,ktest_make_sample_reply_key_pack_draft9);
- decode_run("krb5_reply_key_pack_draft9","","30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A",
- acc.decode_krb5_reply_key_pack_draft9,
- ktest_equal_reply_key_pack_draft9,ktest_free_reply_key_pack_draft9);
- ktest_empty_reply_key_pack_draft9(&ref);
- }
-
/****************************************************************/
/* decode_krb5_principal_name */
/* We have no encoder for this type (KerberosName from RFC 4556); the
free(val);
}
-static void
-ktest_free_auth_pack_draft9(krb5_context context, krb5_auth_pack_draft9 *val)
-{
- if (val)
- ktest_empty_auth_pack_draft9(val);
- free(val);
-}
-
static void
ktest_free_kdc_dh_key_info(krb5_context context, krb5_kdc_dh_key_info *val)
{
free(val);
}
-static void
-ktest_free_reply_key_pack_draft9(krb5_context context,
- krb5_reply_key_pack_draft9 *val)
-{
- if (val)
- ktest_empty_reply_key_pack_draft9(val);
- free(val);
-}
-
#endif /* not DISABLE_PKINIT */
static void
ktest_empty_pa_pk_as_req(&req);
}
/****************************************************************/
- /* encode_krb5_pa_pk_as_req_draft9 */
- {
- krb5_pa_pk_as_req_draft9 req;
- ktest_make_sample_pa_pk_as_req_draft9(&req);
- encode_run(req, "pa_pk_as_req_draft9", "",
- acc.encode_krb5_pa_pk_as_req_draft9);
- ktest_empty_pa_pk_as_req_draft9(&req);
- }
- /****************************************************************/
/* encode_krb5_pa_pk_as_rep */
{
krb5_pa_pk_as_rep rep;
ktest_empty_pa_pk_as_rep(&rep);
}
/****************************************************************/
- /* encode_krb5_pa_pk_as_rep_draft9 */
- {
- krb5_pa_pk_as_rep_draft9 rep;
- ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep);
- encode_run(rep, "pa_pk_as_rep_draft9", "(dhSignedData)",
- acc.encode_krb5_pa_pk_as_rep_draft9);
- ktest_empty_pa_pk_as_rep_draft9(&rep);
- ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep);
- encode_run(rep, "pa_pk_as_rep_draft9", "(encKeyPack)",
- acc.encode_krb5_pa_pk_as_rep_draft9);
- ktest_empty_pa_pk_as_rep_draft9(&rep);
- }
- /****************************************************************/
/* encode_krb5_auth_pack */
{
krb5_auth_pack pack;
ktest_empty_auth_pack(&pack);
}
/****************************************************************/
- /* encode_krb5_auth_pack_draft9_draft9 */
- {
- krb5_auth_pack_draft9 pack;
- ktest_make_sample_auth_pack_draft9(&pack);
- encode_run(pack, "auth_pack_draft9", "",
- acc.encode_krb5_auth_pack_draft9);
- ktest_empty_auth_pack_draft9(&pack);
- }
- /****************************************************************/
/* encode_krb5_kdc_dh_key_info */
{
krb5_kdc_dh_key_info ki;
ktest_empty_reply_key_pack(&pack);
}
/****************************************************************/
- /* encode_krb5_reply_key_pack_draft9 */
- {
- krb5_reply_key_pack_draft9 pack;
- ktest_make_sample_reply_key_pack_draft9(&pack);
- encode_run(pack, "reply_key_pack_draft9", "",
- acc.encode_krb5_reply_key_pack_draft9);
- ktest_empty_reply_key_pack_draft9(&pack);
- }
- /****************************************************************/
/* encode_krb5_sp80056a_other_info */
{
krb5_sp80056a_other_info info;
ktest_make_sample_data(p->freshnessToken);
}
-static void
-ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
-{
- ktest_make_sample_principal(&p->kdcName);
- p->cusec = SAMPLE_USEC;
- p->ctime = SAMPLE_TIME;
- p->nonce = SAMPLE_NONCE;
-}
-
static void
ktest_make_sample_oid(krb5_data *p)
{
ktest_make_sample_data(&p->kdcPkId);
}
-void
-ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
-{
- ktest_make_sample_data(&p->signedAuthPack);
- ktest_make_sample_data(&p->kdcCert);
-}
-
static void
ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
{
ktest_make_sample_data(&p->u.encKeyPack);
}
-void
-ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p)
-{
- p->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
- ktest_make_sample_data(&p->u.dhSignedData);
-}
-
-void
-ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p)
-{
- p->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
- ktest_make_sample_data(&p->u.encKeyPack);
-}
-
void
ktest_make_sample_auth_pack(krb5_auth_pack *p)
{
p->supportedKDFs[1] = NULL;
}
-void
-ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p)
-{
- ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator);
- p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
- ktest_make_sample_subject_pk_info(p->clientPublicValue);
-}
-
void
ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
{
ktest_make_sample_checksum(&p->asChecksum);
}
-void
-ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
-{
- ktest_make_sample_keyblock(&p->replyKey);
- p->nonce = SAMPLE_NONCE;
-}
-
void
ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p)
{
p->freshnessToken = NULL;
}
-static void
-ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
-{
- ktest_destroy_principal(&p->kdcName);
-}
-
static void
ktest_empty_subject_pk_info(krb5_subject_pk_info *p)
{
ktest_empty_data(&p->kdcPkId);
}
-void
-ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
-{
- ktest_empty_data(&p->signedAuthPack);
- ktest_empty_data(&p->kdcCert);
-}
-
static void
ktest_empty_dh_rep_info(krb5_dh_rep_info *p)
{
p->choice = choice_pa_pk_as_rep_UNKNOWN;
}
-void
-ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p)
-{
- if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
- ktest_empty_data(&p->u.dhSignedData);
- else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
- ktest_empty_data(&p->u.encKeyPack);
- p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
-}
-
void
ktest_empty_auth_pack(krb5_auth_pack *p)
{
}
}
-void
-ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p)
-{
- ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator);
- if (p->clientPublicValue != NULL) {
- ktest_empty_subject_pk_info(p->clientPublicValue);
- free(p->clientPublicValue);
- p->clientPublicValue = NULL;
- }
-}
-
void
ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
{
ktest_empty_checksum(&p->asChecksum);
}
-void
-ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
-{
- ktest_empty_keyblock(&p->replyKey);
-}
-
void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)
{
ktest_empty_algorithm_identifier(&p->algorithm_identifier);
#ifndef DISABLE_PKINIT
void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p);
-void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p);
void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p);
-void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(
- krb5_pa_pk_as_rep_draft9 *p);
-void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(
- krb5_pa_pk_as_rep_draft9 *p);
void ktest_make_sample_auth_pack(krb5_auth_pack *p);
-void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p);
void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p);
-void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p);
void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
#endif
#ifndef DISABLE_PKINIT
void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p);
-void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p);
-void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p);
void ktest_empty_auth_pack(krb5_auth_pack *p);
-void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p);
void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
void ktest_empty_reply_key_pack(krb5_reply_key_pack *p);
-void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p);
void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
#endif
return p;
}
-static int
-ktest_equal_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *ref,
- krb5_pk_authenticator_draft9 *var)
-{
- int p = TRUE;
- if (ref == var) return TRUE;
- else if (ref == NULL || var == NULL) return FALSE;
- p = p && ptr_equal(kdcName, ktest_equal_principal_data);
- p = p && scalar_equal(cusec);
- p = p && scalar_equal(ctime);
- p = p && scalar_equal(nonce);
- return p;
-}
-
static int
ktest_equal_subject_pk_info(krb5_subject_pk_info *ref,
krb5_subject_pk_info *var)
return p;
}
-int
-ktest_equal_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *ref,
- krb5_pa_pk_as_req_draft9 *var)
-{
- int p = TRUE;
- if (ref == var) return TRUE;
- else if (ref == NULL || var == NULL) return FALSE;
- p = p && equal_str(signedAuthPack);
- p = p && equal_str(kdcCert);
- return p;
-}
-
static int
ktest_equal_dh_rep_info(krb5_dh_rep_info *ref, krb5_dh_rep_info *var)
{
return p;
}
-int
-ktest_equal_auth_pack_draft9(krb5_auth_pack_draft9 *ref,
- krb5_auth_pack_draft9 *var)
-{
- int p = TRUE;
- if (ref == var) return TRUE;
- else if (ref == NULL || var == NULL) return FALSE;
- p = p && struct_equal(pkAuthenticator,
- ktest_equal_pk_authenticator_draft9);
- p = p && ptr_equal(clientPublicValue, ktest_equal_subject_pk_info);
- return p;
-}
-
int
ktest_equal_kdc_dh_key_info(krb5_kdc_dh_key_info *ref,
krb5_kdc_dh_key_info *var)
return p;
}
-int
-ktest_equal_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *ref,
- krb5_reply_key_pack_draft9 *var)
-{
- int p = TRUE;
- if (ref == var) return TRUE;
- else if (ref == NULL || var == NULL) return FALSE;
- p = p && struct_equal(replyKey, ktest_equal_keyblock);
- p = p && scalar_equal(nonce);
- return p;
-}
-
#endif /* not DISABLE_PKINIT */
int
#ifndef DISABLE_PKINIT
generic(ktest_equal_pa_pk_as_req, krb5_pa_pk_as_req);
-generic(ktest_equal_pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9);
generic(ktest_equal_pa_pk_as_rep, krb5_pa_pk_as_rep);
generic(ktest_equal_auth_pack, krb5_auth_pack);
-generic(ktest_equal_auth_pack_draft9, krb5_auth_pack_draft9);
generic(ktest_equal_kdc_dh_key_info, krb5_kdc_dh_key_info);
generic(ktest_equal_reply_key_pack, krb5_reply_key_pack);
-generic(ktest_equal_reply_key_pack_draft9, krb5_reply_key_pack_draft9);
#endif /* not DISABLE_PKINIT */
int ktest_equal_kkdcp_message(krb5_kkdcp_message *ref,
encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
-encode_krb5_pa_pk_as_req_draft9: 30 14 80 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
encode_krb5_pa_pk_as_rep(dhInfo): A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
-encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61
-encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
encode_krb5_auth_pack: 30 81 9F A0 35 30 33 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A4 0A 04 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
-encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61
encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
-encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A
encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 14 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
. [2] <8>
6b 72 62 35 64 61 74 61 krb5data
-encode_krb5_pa_pk_as_req_draft9:
-
-[Sequence/Sequence Of]
-. [0] <8>
- 6b 72 62 35 64 61 74 61 krb5data
-. [2] <8>
- 6b 72 62 35 64 61 74 61 krb5data
-
encode_krb5_pa_pk_as_rep(dhInfo):
[CONT 0]
encode_krb5_pa_pk_as_rep(encKeyPack):
-[CONT 1] <8>
- 6b 72 62 35 64 61 74 61 krb5data
-
-encode_krb5_pa_pk_as_rep_draft9(dhSignedData):
-
-[CONT 0] <8>
- 6b 72 62 35 64 61 74 61 krb5data
-
-encode_krb5_pa_pk_as_rep_draft9(encKeyPack):
-
[CONT 1] <8>
6b 72 62 35 64 61 74 61 krb5data
. . . [0] [Object Identifier] <8>
6b 72 62 35 64 61 74 61 krb5data
-encode_krb5_auth_pack_draft9:
-
-[Sequence/Sequence Of]
-. [0] [Sequence/Sequence Of]
-. . [0] [Sequence/Sequence Of]
-. . . [0] [Integer] 1
-. . . [1] [Sequence/Sequence Of]
-. . . . [General string] "hftsai"
-. . . . [General string] "extra"
-. . [1] [General string] "ATHENA.MIT.EDU"
-. . [2] [Integer] 123456
-. . [3] [Generalized Time] "19940610060317Z"
-. . [4] [Integer] 42
-. [1] [Sequence/Sequence Of]
-. . [Sequence/Sequence Of]
-. . . [Object Identifier] <9>
- 2a 86 48 86 f7 12 01 02 02 *.H......
-. . . [Octet String] "params"
-. . [Bit String] <9>
- 00 6b 72 62 35 64 61 74 61 .krb5data
-
encode_krb5_kdc_dh_key_info:
[Sequence/Sequence Of]
. . [0] [Integer] 1
. . [1] [Octet String] "1234"
-encode_krb5_reply_key_pack_draft9:
-
-[Sequence/Sequence Of]
-. [0] [Sequence/Sequence Of]
-. . [0] [Integer] 1
-. . [1] [Octet String] "12345678"
-. [1] [Integer] 42
-
encode_krb5_sp80056a_other_info:
[Sequence/Sequence Of]
projects / thirdparty / krb5.git / commitdiff
