tests/krb5: Add TD_CMS_DIGEST_ALGORITHMS constant

Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index c87ea37b372b57383ad039224dba7671898f24d3..40ea854b9f740acd7a1978ebc6f196185a3144cd 100644 (file)
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -129,6 +129,7 @@ from samba.tests.krb5.rfc4120_constants import (
     PADATA_PW_SALT,
     PADATA_REQ_ENC_PA_REP,
     PADATA_SUPPORTED_ETYPES,
+    TD_CMS_DIGEST_ALGORITHMS,
 )
 import samba.tests.krb5.kcrypto as kcrypto
 
@@ -5378,7 +5379,6 @@ class RawKerberosTest(TestCase):
                 require_strict.add(PADATA_ENCRYPTED_CHALLENGE)
 
             got_patypes = tuple(pa['padata-type'] for pa in rep_padata)
-            TD_CMS_DIGEST_ALGORITHMS = 111
             self.assertSequenceElementsEqual(expected_patypes, got_patypes,
                                              require_strict=require_strict,
                                              unchecked={PADATA_PW_SALT,TD_CMS_DIGEST_ALGORITHMS})

diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1
index 79449d877add9ec078febe92d34a0ec754fa5a41..51684b50ba827044936b1ec03613c744628473f7 100644 (file)
--- a/python/samba/tests/krb5/rfc4120.asn1
+++ b/python/samba/tests/krb5/rfc4120.asn1
@@ -1505,6 +1505,15 @@ ReplyKeyPack-Win2k ::= SEQUENCE {
    ...
 }
 
+-- (from RFC 8636)
+
+TD-CMS-DIGEST-ALGORITHMS-DATA ::= SEQUENCE OF
+    AlgorithmIdentifier
+        -- Contains the list of CMS algorithm [RFC5652]
+        -- identifiers indicating the digest algorithms
+        -- acceptable to the KDC for signing CMS data in
+        -- decreasing order of preference.
+
 --
 
 id-pkinit-ms-san OBJECT IDENTIFIER ::= {

diff --git a/python/samba/tests/krb5/rfc4120_constants.py b/python/samba/tests/krb5/rfc4120_constants.py
index c42a38ffa5935bd04d1f5353f9e6061363006c69..2e2de74b21b9f99e29d26208110a012a52a23942 100644 (file)
--- a/python/samba/tests/krb5/rfc4120_constants.py
+++ b/python/samba/tests/krb5/rfc4120_constants.py
@@ -248,3 +248,5 @@ FX_FAST_ARMOR_AP_REQUEST = 1
 TD_TRUSTED_CERTIFIERS = 104
 TD_INVALID_CERTIFICATES = 105
 TD_DH_PARAMETERS = 109
+
+TD_CMS_DIGEST_ALGORITHMS = 111

diff --git a/python/samba/tests/krb5/rfc4120_pyasn1_generated.py b/python/samba/tests/krb5/rfc4120_pyasn1_generated.py
index 6949737bc158181de8ff81fadd193e63e9f8c9d8..7eaefe946ac22a575f37cf1b7831a57b90ce81c7 100644 (file)
--- a/python/samba/tests/krb5/rfc4120_pyasn1_generated.py
+++ b/python/samba/tests/krb5/rfc4120_pyasn1_generated.py
@@ -2456,6 +2456,13 @@ class SubjectAltName(GeneralNames):
     pass
 
 
+class TD_CMS_DIGEST_ALGORITHMS_DATA(univ.SequenceOf):
+    pass
+
+
+TD_CMS_DIGEST_ALGORITHMS_DATA.componentType = AlgorithmIdentifier()
+
+
 class TD_DH_PARAMETERS(univ.SequenceOf):
     pass