From: Greg Hudson Date: Fri, 24 Oct 2014 20:56:47 +0000 (-0400) Subject: Add ASN.1 encoder and decoder for CAMMAC X-Git-Tag: krb5-1.14-alpha1~73 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F231%2Fhead;p=thirdparty%2Fkrb5.git Add ASN.1 encoder and decoder for CAMMAC Add internal type declarations for krb5_verifier_mac and krb5_cammac. Add ASN.1 encoder and decoder functions and an internal free function for krb5_cammac. Add ASN.1 tests for krb5_cammac as well as asn1c test vectors for Verifier and AD-CAMMAC. --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index c14f7de3cb..bde084203d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -844,6 +844,26 @@ typedef struct _krb5_iakerb_finished { krb5_checksum checksum; } krb5_iakerb_finished; +typedef struct _krb5_verifier_mac { + krb5_principal princ; + krb5_kvno kvno; + krb5_enctype enctype; + krb5_checksum checksum; +} krb5_verifier_mac; + +/* + * AD-CAMMAC's other-verifiers field is a sequence of Verifier, which is an + * extensible choice with only one selection, Verifier-MAC. For the time being + * we will represent this field directly as an array of krb5_verifier_mac. + * That will have to change if other selections are added. + */ +typedef struct _krb5_cammac { + krb5_authdata **elements; + krb5_verifier_mac *kdc_verifier; + krb5_verifier_mac *svc_verifier; + krb5_verifier_mac **other_verifiers; +} krb5_cammac; + krb5_pa_data * krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype); /* Does not return a copy; original padata sequence responsible for freeing*/ @@ -920,6 +940,7 @@ void k5_free_pa_otp_challenge(krb5_context context, krb5_pa_otp_challenge *val); void k5_free_pa_otp_req(krb5_context context, krb5_pa_otp_req *val); void k5_free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val); +void k5_free_cammac(krb5_context context, krb5_cammac *val); /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ #include "com_err.h" @@ -1470,6 +1491,9 @@ encode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **); krb5_error_code encode_krb5_kkdcp_message(const krb5_kkdcp_message *, krb5_data **); +krb5_error_code +encode_krb5_cammac(const krb5_cammac *, krb5_data **); + /************************************************************************* * End of prototypes for krb5_encode.c *************************************************************************/ @@ -1643,6 +1667,9 @@ decode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **); krb5_error_code decode_krb5_kkdcp_message(const krb5_data *, krb5_kkdcp_message **); +krb5_error_code +decode_krb5_cammac(const krb5_data *, krb5_cammac **); + struct _krb5_key_data; /* kdb.h */ struct ldap_seqof_key_data { diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 25b825c096..e173797ab7 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1766,3 +1766,30 @@ DEFSEQTYPE(kkdcp_message, krb5_kkdcp_message, kkdcp_message_fields); MAKE_ENCODER(encode_krb5_kkdcp_message, kkdcp_message); MAKE_DECODER(decode_krb5_kkdcp_message, kkdcp_message); + +DEFFIELD(vmac_0, krb5_verifier_mac, princ, 0, opt_principal); +DEFFIELD(vmac_1, krb5_verifier_mac, kvno, 1, opt_kvno); +DEFFIELD(vmac_2, krb5_verifier_mac, enctype, 2, opt_int32); +DEFFIELD(vmac_3, krb5_verifier_mac, checksum, 3, checksum); +static const struct atype_info *vmac_fields[] = { + &k5_atype_vmac_0, &k5_atype_vmac_1, &k5_atype_vmac_2, &k5_atype_vmac_3 +}; +DEFSEQTYPE(vmac, krb5_verifier_mac, vmac_fields); +DEFPTRTYPE(vmac_ptr, vmac); +DEFOPTIONALZEROTYPE(opt_vmac_ptr, vmac_ptr); +DEFNONEMPTYNULLTERMSEQOFTYPE(vmacs, vmac_ptr); +DEFPTRTYPE(vmacs_ptr, vmacs); +DEFOPTIONALEMPTYTYPE(opt_vmacs_ptr, vmacs_ptr); + +DEFFIELD(cammac_0, krb5_cammac, elements, 0, auth_data_ptr); +DEFFIELD(cammac_1, krb5_cammac, kdc_verifier, 1, opt_vmac_ptr); +DEFFIELD(cammac_2, krb5_cammac, svc_verifier, 2, opt_vmac_ptr); +DEFFIELD(cammac_3, krb5_cammac, other_verifiers, 3, opt_vmacs_ptr); +static const struct atype_info *cammac_fields[] = { + &k5_atype_cammac_0, &k5_atype_cammac_1, &k5_atype_cammac_2, + &k5_atype_cammac_3 +}; +DEFSEQTYPE(cammac, krb5_cammac, cammac_fields); + +MAKE_ENCODER(encode_krb5_cammac, cammac); +MAKE_DECODER(decode_krb5_cammac, cammac); diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index f86c619b25..26200dabee 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -831,3 +831,28 @@ k5_free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val) free(val->kerb_message.data); free(val); } + +static void +free_vmac(krb5_context context, krb5_verifier_mac *val) +{ + if (val == NULL) + return; + krb5_free_principal(context, val->princ); + krb5_free_checksum_contents(context, &val->checksum); +} + +void +k5_free_cammac(krb5_context context, krb5_cammac *val) +{ + krb5_verifier_mac **vp; + + if (val == NULL) + return; + krb5_free_authdata(context, val->elements); + free_vmac(context, val->kdc_verifier); + free_vmac(context, val->svc_verifier); + for (vp = val->other_verifiers; vp != NULL && *vp != NULL; vp++) + free_vmac(context, *vp); + free(val->other_verifiers); + free(val); +} diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index c119a34e26..e25158c6b7 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -8,6 +8,7 @@ decode_krb5_as_rep decode_krb5_as_req decode_krb5_authdata decode_krb5_authenticator +decode_krb5_cammac decode_krb5_cred decode_krb5_enc_cred_part decode_krb5_enc_data @@ -56,6 +57,7 @@ encode_krb5_as_rep encode_krb5_as_req encode_krb5_authdata encode_krb5_authenticator +encode_krb5_cammac encode_krb5_checksum encode_krb5_cred encode_krb5_enc_cred_part @@ -114,6 +116,7 @@ k5_etypes_contains k5_expand_path_tokens k5_expand_path_tokens_extra k5_free_algorithm_identifier +k5_free_cammac k5_free_otp_tokeninfo k5_free_kkdcp_message k5_free_pa_otp_challenge diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in index 112a55e09d..6d766edb8f 100644 --- a/src/tests/asn.1/Makefile.in +++ b/src/tests/asn.1/Makefile.in @@ -8,7 +8,8 @@ SRCS= $(srcdir)/krb5_encode_test.c $(srcdir)/krb5_decode_test.c \ $(srcdir)/trval.c $(srcdir)/t_trval.c ASN1SRCS= $(srcdir)/krb5.asn1 $(srcdir)/pkix.asn1 $(srcdir)/otp.asn1 \ - $(srcdir)/pkinit.asn1 $(srcdir)/pkinit-agility.asn1 + $(srcdir)/pkinit.asn1 $(srcdir)/pkinit-agility.asn1 \ + $(srcdir)/cammac.asn1 all:: krb5_encode_test krb5_decode_test krb5_decode_leak t_trval diff --git a/src/tests/asn.1/cammac.asn1 b/src/tests/asn.1/cammac.asn1 new file mode 100644 index 0000000000..2fc997606a --- /dev/null +++ b/src/tests/asn.1/cammac.asn1 @@ -0,0 +1,30 @@ +KerberosV5CAMMAC DEFINITIONS EXPLICIT TAGS ::= BEGIN + +IMPORTS + AuthorizationData, PrincipalName, Checksum, UInt32, Int32 + FROM KerberosV5Spec2 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) kerberosV5(2) + modules(4) krb5spec2(2) }; + -- as defined in RFC 4120. + +AD-CAMMAC ::= SEQUENCE { + elements [0] AuthorizationData, + kdc-verifier [1] Verifier-MAC OPTIONAL, + svc-verifier [2] Verifier-MAC OPTIONAL, + other-verifiers [3] SEQUENCE (SIZE (1..MAX)) + OF Verifier OPTIONAL +} + +Verifier ::= CHOICE { + mac Verifier-MAC, + ... +} + +Verifier-MAC ::= SEQUENCE { + identifier [0] PrincipalName OPTIONAL, + kvno [1] UInt32 OPTIONAL, + enctype [2] Int32 OPTIONAL, + mac [3] Checksum +} + +END diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c index 4d1acfae34..1a99b0e4e2 100644 --- a/src/tests/asn.1/krb5_decode_test.c +++ b/src/tests/asn.1/krb5_decode_test.c @@ -1085,6 +1085,19 @@ int main(argc, argv) decode_run("kkdcp_message","","30 82 01 FC A0 82 01 EC 04 82 01 E8 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 98 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A1 0A 1B 08 6B 72 62 35 64 61 74 61",decode_krb5_kkdcp_message,ktest_equal_kkdcp_message,ktest_free_kkdcp_message); } + /****************************************************************/ + /* decode_krb5_cammac */ + { + setup(krb5_cammac,ktest_make_minimal_cammac); + decode_run("cammac","(optionals NULL)","30 12 A0 10 30 0E 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31",decode_krb5_cammac,ktest_equal_cammac,k5_free_cammac); + ktest_empty_cammac(&ref); + } + { + setup(krb5_cammac,ktest_make_maximal_cammac); + decode_run("cammac","","30 81 F2 A0 1E 30 1C 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 30 0C A0 03 02 01 02 A1 05 04 03 61 64 32 A1 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 6B 64 63 A2 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 73 76 63 A3 52 30 50 30 13 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 31 30 39 A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 32",decode_krb5_cammac,ktest_equal_cammac,k5_free_cammac); + ktest_empty_cammac(&ref); + } + #ifndef DISABLE_PKINIT /****************************************************************/ diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c index 6c142a21dc..633d8a9367 100644 --- a/src/tests/asn.1/krb5_encode_test.c +++ b/src/tests/asn.1/krb5_encode_test.c @@ -741,6 +741,16 @@ main(argc, argv) encode_run(info, "kkdcp_message", "", encode_krb5_kkdcp_message); ktest_empty_kkdcp_message(&info); } + /* encode_krb5_cammac */ + { + krb5_cammac req; + ktest_make_minimal_cammac(&req); + encode_run(req, "cammac", "(optionals NULL)", encode_krb5_cammac); + ktest_empty_cammac(&req); + ktest_make_maximal_cammac(&req); + encode_run(req, "cammac", "", encode_krb5_cammac); + ktest_empty_cammac(&req); + } #ifndef DISABLE_PKINIT /****************************************************************/ /* encode_krb5_pa_pk_as_req */ diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index e4b37643cf..340b6bd086 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -950,6 +950,65 @@ ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p) p->dclocator_hint = 0; } +static krb5_authdata * +make_ad_element(krb5_authdatatype ad_type, const char *str) +{ + krb5_authdata *ad; + + ad = ealloc(sizeof(*ad)); + ad->ad_type = ad_type; + ad->length = strlen(str); + ad->contents = ealloc(ad->length); + memcpy(ad->contents, str, ad->length); + return ad; +} + +static krb5_verifier_mac * +make_vmac(krb5_boolean include_princ, krb5_kvno kvno, krb5_enctype enctype, + const char *cksumstr) +{ + krb5_verifier_mac *vmac; + + vmac = ealloc(sizeof(*vmac)); + if (include_princ) { + ktest_make_sample_principal(&vmac->princ); + (void)krb5_set_principal_realm(NULL, vmac->princ, ""); + } else { + vmac->princ = NULL; + } + vmac->kvno = kvno; + vmac->enctype = enctype; + vmac->checksum.checksum_type = 1; + vmac->checksum.length = strlen(cksumstr); + vmac->checksum.contents = ealloc(vmac->checksum.length); + memcpy(vmac->checksum.contents, cksumstr, vmac->checksum.length); + return vmac; +} + +void +ktest_make_minimal_cammac(krb5_cammac *p) +{ + memset(p, 0, sizeof(*p)); + p->elements = ealloc(2 * sizeof(*p->elements)); + p->elements[0] = make_ad_element(1, "ad1"); + p->elements[1] = NULL; +} + +void +ktest_make_maximal_cammac(krb5_cammac *p) +{ + p->elements = ealloc(3 * sizeof(*p->elements)); + p->elements[0] = make_ad_element(1, "ad1"); + p->elements[1] = make_ad_element(2, "ad2"); + p->elements[2] = NULL; + p->kdc_verifier = make_vmac(TRUE, 5, 16, "cksumkdc"); + p->svc_verifier = make_vmac(TRUE, 5, 16, "cksumsvc"); + p->other_verifiers = ealloc(3 * sizeof(*p->other_verifiers)); + p->other_verifiers[0] = make_vmac(FALSE, 0, 0, "cksum1"); + p->other_verifiers[1] = make_vmac(TRUE, 5, 16, "cksum2"); + p->other_verifiers[2] = NULL; +} + /****************************************************************/ /* destructors */ @@ -1099,6 +1158,8 @@ ktest_destroy_principal(krb5_principal *p) { int i; + if (*p == NULL) + return; for (i=0; i<(*p)->length; i++) ktest_empty_data(&(*p)->data[i]); ktest_empty_data(&(*p)->realm); @@ -1755,3 +1816,28 @@ ktest_empty_kkdcp_message(krb5_kkdcp_message *p) ktest_empty_data(&p->target_domain); p->dclocator_hint = -1; } + +static void +destroy_verifier_mac(krb5_verifier_mac **vmac) +{ + if (*vmac == NULL) + return; + ktest_destroy_principal(&(*vmac)->princ); + ktest_empty_checksum(&(*vmac)->checksum); + free(*vmac); + *vmac = NULL; +} + +void +ktest_empty_cammac(krb5_cammac *p) +{ + krb5_verifier_mac **vmacp; + + ktest_destroy_authorization_data(&p->elements); + destroy_verifier_mac(&p->kdc_verifier); + destroy_verifier_mac(&p->svc_verifier); + for (vmacp = p->other_verifiers; vmacp != NULL && *vmacp != NULL; vmacp++) + destroy_verifier_mac(vmacp); + free(p->other_verifiers); + p->other_verifiers = NULL; +} diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h index a9ebb77e66..9c11040baf 100644 --- a/src/tests/asn.1/ktest.h +++ b/src/tests/asn.1/ktest.h @@ -121,6 +121,8 @@ void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p); #endif void ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p); +void ktest_make_minimal_cammac(krb5_cammac *p); +void ktest_make_maximal_cammac(krb5_cammac *p); /*----------------------------------------------------------------------*/ @@ -204,6 +206,7 @@ void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p); #endif void ktest_empty_kkdcp_message(krb5_kkdcp_message *p); +void ktest_empty_cammac(krb5_cammac *p); extern krb5_context test_context; extern char *sample_principal_name; diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c index 39c35b5f57..7ecdbcd603 100644 --- a/src/tests/asn.1/ktest_equal.c +++ b/src/tests/asn.1/ktest_equal.c @@ -729,7 +729,7 @@ ktest_equal_array_of_data(int length, krb5_data *ref, krb5_data *var) { int i,p = TRUE; - if (ref == var) return TRUE; + if (length == 0 || ref == var) return TRUE; else if (ref == NULL || var == NULL) return FALSE; for (i=0; i<(length); i++) { p = p && ktest_equal_data(&(ref[i]),&(var[i])); @@ -743,7 +743,7 @@ ktest_equal_array_of_octet(unsigned int length, krb5_octet *ref, { unsigned int i, p = TRUE; - if (ref == var) return TRUE; + if (length == 0 || ref == var) return TRUE; else if (ref == NULL || var == NULL) return FALSE; for (i=0; idclocator_hint == var->dclocator_hint); return p; } + +static int +vmac_eq(krb5_verifier_mac *ref, krb5_verifier_mac *var) +{ + int p = TRUE; + if (ref == var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && ptr_equal(princ, ktest_equal_principal_data); + p = p && scalar_equal(kvno); + p = p && scalar_equal(enctype); + p = p && struct_equal(checksum, ktest_equal_checksum); + return p; +} + +static int +vmac_list_eq(krb5_verifier_mac **ref, krb5_verifier_mac **var) +{ + array_compare(vmac_eq); +} + +int +ktest_equal_cammac(krb5_cammac *ref, krb5_cammac *var) +{ + int p = TRUE; + if (ref == var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && ptr_equal(elements, ktest_equal_authorization_data); + p = p && ptr_equal(kdc_verifier, vmac_eq); + p = p && ptr_equal(svc_verifier, vmac_eq); + p = p && ptr_equal(other_verifiers, vmac_list_eq); + return p; +} diff --git a/src/tests/asn.1/ktest_equal.h b/src/tests/asn.1/ktest_equal.h index 491653f1df..6d04246639 100644 --- a/src/tests/asn.1/ktest_equal.h +++ b/src/tests/asn.1/ktest_equal.h @@ -147,5 +147,6 @@ generic(ktest_equal_reply_key_pack_draft9, krb5_reply_key_pack_draft9); int ktest_equal_kkdcp_message(krb5_kkdcp_message *ref, krb5_kkdcp_message *var); +int ktest_equal_cammac(krb5_cammac *ref, krb5_cammac *var); #endif diff --git a/src/tests/asn.1/make-vectors.c b/src/tests/asn.1/make-vectors.c index c5aa5b3855..3cb8a45baf 100644 --- a/src/tests/asn.1/make-vectors.c +++ b/src/tests/asn.1/make-vectors.c @@ -28,7 +28,7 @@ * This program generates test vectors using asn1c, to be included in other * test programs which exercise the krb5 ASN.1 encoder and decoder functions. * It is intended to be used via "make test-vectors". Currently, test vectors - * are only generated for OTP preauth objects. + * are only generated for a subset of newer ASN.1 objects. */ #include @@ -39,6 +39,7 @@ #include #include #include +#include static unsigned char buf[8192]; static size_t buf_pos; @@ -125,6 +126,48 @@ static PA_OTP_REQUEST_t request_2 = { { "\x60\0\0\0", 4, 0 }, &nonce, /* PA-OTP-ENC-REQUEST */ static PA_OTP_ENC_REQUEST_t enc_request = { { "krb5data", 8 } }; +/* + * There is no ASN.1 name for a single authorization data element, so asn1c + * declares it as "struct Member" in an inner scope. This structure must be + * laid out identically to that one. + */ +struct ad_element { + Int32_t ad_type; + OCTET_STRING_t ad_data; + asn_struct_ctx_t _asn_ctx; +}; + +/* Authorization data elements and lists, for use in CAMMAC */ +static struct ad_element ad_1 = { 1, { "ad1", 3 } }; +static struct ad_element ad_2 = { 2, { "ad2", 3 } }; +static struct ad_element *adlist_1[] = { &ad_1 }; +static struct ad_element *adlist_2[] = { &ad_1, &ad_2 }; + +/* Minimal Verifier */ +static Verifier_t verifier_1 = { Verifier_PR_mac, + { { NULL, NULL, NULL, + { 1, { "cksum1", 6 } } } } }; + +/* Maximal Verifier */ +static Int32_t enctype = 16; +static Verifier_t verifier_2 = { Verifier_PR_mac, + { { &princ, &kvno, &enctype, + { 1, { "cksum2", 6 } } } } }; + +/* Minimal CAMMAC */ +static AD_CAMMAC_t cammac_1 = { { { (void *)adlist_1, 1, 1 } }, + NULL, NULL, NULL }; + +/* Maximal CAMMAC */ +static Verifier_MAC_t vmac_1 = { &princ, &kvno, &enctype, + { 1, { "cksumkdc", 8 } } }; +static Verifier_MAC_t vmac_2 = { &princ, &kvno, &enctype, + { 1, { "cksumsvc", 8 } } }; +static Verifier_t *verifiers[] = { &verifier_1, &verifier_2 }; +static struct other_verifiers overfs = { { verifiers, 2, 2 } }; +static AD_CAMMAC_t cammac_2 = { { { (void *)adlist_2, 2, 2 } }, + &vmac_1, &vmac_2, &overfs }; + static int consume(const void *data, size_t size, void *dummy) { @@ -213,6 +256,22 @@ main() der_encode(&asn_DEF_PA_OTP_ENC_REQUEST, &enc_request, consume, NULL); printbuf(); + printf("\nMinimal Verifier:\n"); + der_encode(&asn_DEF_Verifier, &verifier_1, consume, NULL); + printbuf(); + + printf("\nMaximal Verifier:\n"); + der_encode(&asn_DEF_Verifier, &verifier_2, consume, NULL); + printbuf(); + + printf("\nMinimal AD-CAMMAC:\n"); + der_encode(&asn_DEF_AD_CAMMAC, &cammac_1, consume, NULL); + printbuf(); + + printf("\nMaximal AD-CAMMAC:\n"); + der_encode(&asn_DEF_AD_CAMMAC, &cammac_2, consume, NULL); + printbuf(); + printf("\n"); return 0; } diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out index b737da336a..491fd576d0 100644 --- a/src/tests/asn.1/reference_encode.out +++ b/src/tests/asn.1/reference_encode.out @@ -69,3 +69,5 @@ encode_krb5_pa_otp_req(optionals NULL): 30 2C 80 05 00 00 00 00 00 A2 23 A0 03 0 encode_krb5_pa_otp_req: 30 81 B9 80 05 00 60 00 00 00 81 05 6E 6F 6E 63 65 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 0B 06 09 60 86 48 01 65 03 04 02 01 84 02 03 E8 85 05 66 72 6F 67 73 86 0A 6D 79 66 69 72 73 74 70 69 6E 87 05 68 61 72 6B 21 88 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 89 03 33 34 36 8A 01 02 8B 09 79 6F 75 72 74 6F 6B 65 6E 8C 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 8D 0B 45 78 61 6D 70 6C 65 63 6F 72 70 encode_krb5_pa_otp_enc_req: 30 0A 80 08 6B 72 62 35 64 61 74 61 encode_krb5_kkdcp_message: 30 82 01 FC A0 82 01 EC 04 82 01 E8 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 98 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A1 0A 1B 08 6B 72 62 35 64 61 74 61 +encode_krb5_cammac(optionals NULL): 30 12 A0 10 30 0E 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 +encode_krb5_cammac: 30 81 F2 A0 1E 30 1C 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 30 0C A0 03 02 01 02 A1 05 04 03 61 64 32 A1 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 6B 64 63 A2 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 73 76 63 A3 52 30 50 30 13 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 31 30 39 A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 32 diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out index 599580cc3b..ec3f17cead 100644 --- a/src/tests/asn.1/trval_reference.out +++ b/src/tests/asn.1/trval_reference.out @@ -1515,3 +1515,60 @@ encode_krb5_kkdcp_message: 17 04 15 6b 72 62 41 53 4e 2e 31 20 74 65 73 74 ...krbASN.1 test 20 6d 65 73 73 61 67 65 message . [1] [General string] "krb5data" + +encode_krb5_cammac(optionals NULL): + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Octet String] "ad1" + +encode_krb5_cammac: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Octet String] "ad1" +. . [Sequence/Sequence Of] +. . . [0] [Integer] 2 +. . . [1] [Octet String] "ad2" +. [1] [Sequence/Sequence Of] +. . [0] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Sequence/Sequence Of] +. . . . [General string] "hftsai" +. . . . [General string] "extra" +. . [1] [Integer] 5 +. . [2] [Integer] 16 +. . [3] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Octet String] "cksumkdc" +. [2] [Sequence/Sequence Of] +. . [0] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Sequence/Sequence Of] +. . . . [General string] "hftsai" +. . . . [General string] "extra" +. . [1] [Integer] 5 +. . [2] [Integer] 16 +. . [3] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Octet String] "cksumsvc" +. [3] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [3] [Sequence/Sequence Of] +. . . . [0] [Integer] 1 +. . . . [1] [Octet String] "cksum1" +. . [Sequence/Sequence Of] +. . . [0] [Sequence/Sequence Of] +. . . . [0] [Integer] 1 +. . . . [1] [Sequence/Sequence Of] +. . . . . [General string] "hftsai" +. . . . . [General string] "extra" +. . . [1] [Integer] 5 +. . . [2] [Integer] 16 +. . . [3] [Sequence/Sequence Of] +. . . . [0] [Integer] 1 +. . . . [1] [Octet String] "cksum2"