svn rev #25609: trunk/src/ tests/asn.1/

ghudson@MIT.EDU ghudson at MIT.EDU
Fri Jan 6 15:52:02 EST 2012


http://src.mit.edu/fisheye/changelog/krb5/?cs=25609
Commit By: ghudson
Log Message:
Add test cases for PKINIT ASN.1 encoders

Do not add decode tests, because those would trip some bugs in the
decoders, and we can't safely fix some of those bugs without interop
testing.  Encode tests are sufficient to detect when we
unintentionally change the output of the encoders.

Fix trval2() not to use the context shortcut on primitive context
tags.


Changed Files:
U   trunk/src/configure.in
U   trunk/src/tests/asn.1/Makefile.in
U   trunk/src/tests/asn.1/krb5_encode_test.c
U   trunk/src/tests/asn.1/ktest.c
U   trunk/src/tests/asn.1/ktest.h
A   trunk/src/tests/asn.1/pkinit_encode.out
A   trunk/src/tests/asn.1/pkinit_trval.out
U   trunk/src/tests/asn.1/trval.c
Modified: trunk/src/configure.in
===================================================================
--- trunk/src/configure.in	2012-01-06 20:51:57 UTC (rev 25608)
+++ trunk/src/configure.in	2012-01-06 20:52:02 UTC (rev 25609)
@@ -1015,12 +1015,15 @@
 fi
 if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
   K5_GEN_MAKEFILE(plugins/preauth/pkinit)
+  PKINIT=yes
 elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
   AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
 else
   AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support])
   AC_MSG_NOTICE([Disabling PKINIT support.])
+  PKINIT=no
 fi
+AC_SUBST(PKINIT)
 
 # for lib/apputils
 AC_REPLACE_FUNCS(daemon)

Modified: trunk/src/tests/asn.1/Makefile.in
===================================================================
--- trunk/src/tests/asn.1/Makefile.in	2012-01-06 20:51:57 UTC (rev 25608)
+++ trunk/src/tests/asn.1/Makefile.in	2012-01-06 20:52:02 UTC (rev 25609)
@@ -47,19 +47,25 @@
 		export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) ./krb5_decode_test
 
-expected_encode.out: reference_encode.out ldap_encode.out
-	if test "$(LDAP)" = yes; then \
-	  cat $(srcdir)/reference_encode.out $(srcdir)/ldap_encode.out > expected_encode.out; \
-	else \
-	  cat $(srcdir)/reference_encode.out > expected_encode.out; \
-	fi
+PKINIT_ENCODE_OUT=$(PKINIT_ENCODE_OUT- at PKINIT@)
+PKINIT_ENCODE_OUT-yes=$(srcdir)/pkinit_encode.out
+PKINIT_ENCODE_OUT-no=
+LDAP_ENCODE_OUT=$(LDAP_ENCODE_OUT- at LDAP@)
+LDAP_ENCODE_OUT-yes=$(srcdir)/ldap_encode.out
+LDAP_ENCODE_OUT-no=
+expected_encode.out: reference_encode.out pkinit_encode.out ldap_encode.out
+	cat $(srcdir)/reference_encode.out $(PKINIT_ENCODE_OUT) \
+		$(LDAP_ENCODE_OUT) > $@
 
-expected_trval.out: trval_reference.out ldap_trval.out
-	if test "$(LDAP)" = yes; then \
-	  cat $(srcdir)/trval_reference.out $(srcdir)/ldap_trval.out > expected_trval.out; \
-	else \
-	  cat $(srcdir)/trval_reference.out > expected_trval.out; \
-	fi
+PKINIT_TRVAL_OUT=$(PKINIT_TRVAL_OUT- at PKINIT@)
+PKINIT_TRVAL_OUT-yes=$(srcdir)/pkinit_trval.out
+PKINIT_TRVAL_OUT-no=
+LDAP_TRVAL_OUT=$(LDAP_TRVAL_OUT- at LDAP@)
+LDAP_TRVAL_OUT-yes=$(srcdir)/ldap_trval.out
+LDAP_TRVAL_OUT-no=
+expected_trval.out: trval_reference.out pkinit_trval.out ldap_trval.out
+	cat $(srcdir)/trval_reference.out $(PKINIT_TRVAL_OUT) \
+		$(LDAP_TRVAL_OUT) > $@
 
 check-encode: krb5_encode_test expected_encode.out
 	KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \

Modified: trunk/src/tests/asn.1/krb5_encode_test.c
===================================================================
--- trunk/src/tests/asn.1/krb5_encode_test.c	2012-01-06 20:51:57 UTC (rev 25608)
+++ trunk/src/tests/asn.1/krb5_encode_test.c	2012-01-06 20:52:02 UTC (rev 25609)
@@ -752,6 +752,115 @@
                    encode_krb5_iakerb_finished);
         ktest_empty_iakerb_finished(&ih);
     }
+#ifndef DISABLE_PKINIT
+    /****************************************************************/
+    /* encode_krb5_pa_pk_as_req */
+    {
+        krb5_pa_pk_as_req req;
+        ktest_make_sample_pa_pk_as_req(&req);
+        encode_run(req, krb5_pa_pk_as_req, "pa_pk_as_req", "",
+                   acc.encode_krb5_pa_pk_as_req);
+        ktest_empty_pa_pk_as_req(&req);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_pk_as_req_draft9 */
+    {
+        krb5_pa_pk_as_req_draft9 req;
+        ktest_make_sample_pa_pk_as_req_draft9(&req);
+        encode_run(req, krb5_pa_pk_as_req_draft9, "pa_pk_as_req_draft9", "",
+                   acc.encode_krb5_pa_pk_as_req_draft9);
+        ktest_empty_pa_pk_as_req_draft9(&req);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_pk_as_rep */
+    {
+        krb5_pa_pk_as_rep rep;
+        ktest_make_sample_pa_pk_as_rep_dhInfo(&rep);
+        encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(dhInfo)",
+                   acc.encode_krb5_pa_pk_as_rep);
+        ktest_empty_pa_pk_as_rep(&rep);
+        ktest_make_sample_pa_pk_as_rep_encKeyPack(&rep);
+        encode_run(rep, krb5_pa_pk_as_rep, "pa_pk_as_rep", "(encKeyPack)",
+                   acc.encode_krb5_pa_pk_as_rep);
+        ktest_empty_pa_pk_as_rep(&rep);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_pk_as_rep_draft9 */
+    {
+        krb5_pa_pk_as_rep_draft9 rep;
+        ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep);
+        encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9",
+                   "(dhSignedData)", acc.encode_krb5_pa_pk_as_rep_draft9);
+        ktest_empty_pa_pk_as_rep_draft9(&rep);
+        ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep);
+        encode_run(rep, krb5_pa_pk_as_rep_draft9, "pa_pk_as_rep_draft9",
+                   "(encKeyPack)", acc.encode_krb5_pa_pk_as_rep_draft9);
+        ktest_empty_pa_pk_as_rep_draft9(&rep);
+    }
+    /****************************************************************/
+    /* encode_krb5_auth_pack */
+    {
+        krb5_auth_pack pack;
+        ktest_make_sample_auth_pack(&pack);
+        encode_run(pack, krb5_auth_pack, "auth_pack", "",
+                   acc.encode_krb5_auth_pack);
+        ktest_empty_auth_pack(&pack);
+    }
+    /****************************************************************/
+    /* encode_krb5_auth_pack_draft9_draft9 */
+    {
+        krb5_auth_pack_draft9 pack;
+        ktest_make_sample_auth_pack_draft9(&pack);
+        encode_run(pack, krb5_auth_pack_draft9, "auth_pack_draft9", "",
+                   acc.encode_krb5_auth_pack_draft9);
+        ktest_empty_auth_pack_draft9(&pack);
+    }
+    /****************************************************************/
+    /* encode_krb5_kdc_dh_key_info */
+    {
+        krb5_kdc_dh_key_info ki;
+        ktest_make_sample_kdc_dh_key_info(&ki);
+        encode_run(ki, krb5_kdc_dh_key_info, "kdc_dh_key_info", "",
+                   acc.encode_krb5_kdc_dh_key_info);
+        ktest_empty_kdc_dh_key_info(&ki);
+    }
+    /****************************************************************/
+    /* encode_krb5_reply_key_pack */
+    {
+        krb5_reply_key_pack pack;
+        ktest_make_sample_reply_key_pack(&pack);
+        encode_run(pack, krb5_reply_key_pack, "reply_key_pack", "",
+                   acc.encode_krb5_reply_key_pack);
+        ktest_empty_reply_key_pack(&pack);
+    }
+    /****************************************************************/
+    /* encode_krb5_reply_key_pack_draft9 */
+    {
+        krb5_reply_key_pack_draft9 pack;
+        ktest_make_sample_reply_key_pack_draft9(&pack);
+        encode_run(pack, krb5_reply_key_pack_draft9, "reply_key_pack_draft9",
+                   "", acc.encode_krb5_reply_key_pack_draft9);
+        ktest_empty_reply_key_pack_draft9(&pack);
+    }
+    /****************************************************************/
+    /* encode_krb5_sp80056a_other_info */
+    {
+        krb5_sp80056a_other_info info;
+        ktest_make_sample_sp80056a_other_info(&info);
+        encode_run(info, krb5_sp80056a_other_info, "sp80056a_other_info",
+                   "", encode_krb5_sp80056a_other_info);
+        ktest_empty_sp80056a_other_info(&info);
+    }
+    /****************************************************************/
+    /* encode_krb5_pkinit_supp_pub_info */
+    {
+        krb5_pkinit_supp_pub_info info;
+        ktest_make_sample_pkinit_supp_pub_info(&info);
+        encode_run(info, krb5_pkinit_supp_pub_info, "pkinit_supp_pub_info",
+                   "", encode_krb5_pkinit_supp_pub_info);
+        ktest_empty_pkinit_supp_pub_info(&info);
+    }
+#endif /* not DISABLE_PKINIT */
 #ifdef ENABLE_LDAP
     {
         ldap_seqof_key_data skd;

Modified: trunk/src/tests/asn.1/ktest.c
===================================================================
--- trunk/src/tests/asn.1/ktest.c	2012-01-06 20:51:57 UTC (rev 25608)
+++ trunk/src/tests/asn.1/ktest.c	2012-01-06 20:52:02 UTC (rev 25609)
@@ -641,6 +641,223 @@
     ktest_make_sample_checksum(&ih->checksum);
 }
 
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p)
+{
+    p->cusec = SAMPLE_USEC;
+    p->ctime = SAMPLE_TIME;
+    p->nonce = SAMPLE_NONCE;
+    ktest_make_sample_checksum(&p->paChecksum);
+}
+
+static void
+ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
+{
+    ktest_make_sample_principal(&p->kdcName);
+    ktest_make_sample_data(&p->kdcRealm);
+    p->cusec = SAMPLE_USEC;
+    p->ctime = SAMPLE_TIME;
+    p->nonce = SAMPLE_NONCE;
+}
+
+static void
+ktest_make_sample_oid(krb5_data *p)
+{
+    krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002");
+}
+
+static void
+ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+    ktest_make_sample_oid(&p->algorithm);
+    /* Need a valid DER encoding here; this is the OCTET STRING "params". */
+    krb5_data_parse(&p->parameters, "\x04\x06" "params");
+}
+
+static void
+ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p)
+{
+    ktest_make_sample_oid(&p->algorithm);
+    p->parameters = empty_data();
+}
+
+static void
+ktest_make_sample_subject_pk_info(krb5_subject_pk_info *p)
+{
+    ktest_make_sample_algorithm_identifier(&p->algorithm);
+    ktest_make_sample_data(&p->subjectPublicKey);
+}
+
+static void
+ktest_make_sample_external_principal_identifier(
+    krb5_external_principal_identifier *p)
+{
+    ktest_make_sample_data(&p->subjectName);
+    ktest_make_sample_data(&p->issuerAndSerialNumber);
+    ktest_make_sample_data(&p->subjectKeyIdentifier);
+}
+
+static void
+ktest_make_sample_trusted_ca_principalName(krb5_trusted_ca *p)
+{
+    p->choice = choice_trusted_cas_principalName;
+    ktest_make_sample_principal(&p->u.principalName);
+}
+
+static void
+ktest_make_sample_trusted_ca_caName(krb5_trusted_ca *p)
+{
+    p->choice = choice_trusted_cas_caName;
+    ktest_make_sample_data(&p->u.caName);
+}
+
+static void
+ktest_make_sample_trusted_ca_issuerAndSerial(krb5_trusted_ca *p)
+{
+    p->choice = choice_trusted_cas_issuerAndSerial;
+    ktest_make_sample_data(&p->u.issuerAndSerial);
+}
+
+void
+ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+    ktest_make_sample_data(&p->signedAuthPack);
+    p->trustedCertifiers =
+        ealloc(2 * sizeof(krb5_external_principal_identifier *));
+    p->trustedCertifiers[0] =
+        ealloc(sizeof(krb5_external_principal_identifier));
+    ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]);
+    p->trustedCertifiers[1] = NULL;
+    ktest_make_sample_data(&p->kdcPkId);
+}
+
+void
+ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
+{
+    int i;
+
+    ktest_make_sample_data(&p->signedAuthPack);
+    p->trustedCertifiers =
+        ealloc(4 * sizeof(krb5_external_principal_identifier *));
+    for (i = 0; i < 3; i++) {
+        p->trustedCertifiers[i] =
+            ealloc(sizeof(krb5_external_principal_identifier));
+    }
+    ktest_make_sample_trusted_ca_principalName(p->trustedCertifiers[0]);
+    ktest_make_sample_trusted_ca_caName(p->trustedCertifiers[1]);
+    ktest_make_sample_trusted_ca_issuerAndSerial(p->trustedCertifiers[2]);
+    p->trustedCertifiers[3] = NULL;
+    ktest_make_sample_data(&p->kdcCert);
+    ktest_make_sample_data(&p->encryptionCert);
+}
+
+static void
+ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
+{
+    ktest_make_sample_data(&p->dhSignedData);
+    ktest_make_sample_data(&p->serverDHNonce);
+    p->kdfID = ealloc(sizeof(krb5_data));
+    ktest_make_sample_data(p->kdfID);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p)
+{
+    p->choice = choice_pa_pk_as_rep_dhInfo;
+    ktest_make_sample_dh_rep_info(&p->u.dh_Info);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p)
+{
+    p->choice = choice_pa_pk_as_rep_encKeyPack;
+    ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p)
+{
+    p->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
+    ktest_make_sample_data(&p->u.dhSignedData);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p)
+{
+    p->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
+    ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_auth_pack(krb5_auth_pack *p)
+{
+    ktest_make_sample_pk_authenticator(&p->pkAuthenticator);
+    p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
+    ktest_make_sample_subject_pk_info(p->clientPublicValue);
+    p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *));
+    p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier));
+    ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]);
+    p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier));
+    ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]);
+    p->supportedCMSTypes[2] = NULL;
+    ktest_make_sample_data(&p->clientDHNonce);
+    p->supportedKDFs = ealloc(2 * sizeof(krb5_data ));
+    p->supportedKDFs[0] = ealloc(sizeof(krb5_data));
+    ktest_make_sample_data(p->supportedKDFs[0]);
+    p->supportedKDFs[1] = NULL;
+}
+
+void
+ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p)
+{
+    ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator);
+    p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
+    ktest_make_sample_subject_pk_info(p->clientPublicValue);
+}
+
+void
+ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+    ktest_make_sample_data(&p->subjectPublicKey);
+    p->nonce = SAMPLE_NONCE;
+    p->dhKeyExpiration = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p)
+{
+    ktest_make_sample_keyblock(&p->replyKey);
+    ktest_make_sample_checksum(&p->asChecksum);
+}
+
+void
+ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
+{
+    ktest_make_sample_keyblock(&p->replyKey);
+    p->nonce = SAMPLE_NONCE;
+}
+
+void
+ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+    ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier);
+    ktest_make_sample_principal(&p->party_u_info);
+    ktest_make_sample_principal(&p->party_v_info);
+    ktest_make_sample_data(&p->supp_pub_info);
+}
+
+void
+ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+    p->enctype = ENCTYPE_DES_CBC_CRC;
+    ktest_make_sample_data(&p->as_req);
+    ktest_make_sample_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
 #ifdef ENABLE_LDAP
 static void
 ktest_make_sample_key_data(krb5_key_data *p, int i)
@@ -713,6 +930,13 @@
     }
 }
 
+static void
+ktest_empty_checksum(krb5_checksum *cs)
+{
+    free(cs->contents);
+    cs->contents = NULL;
+}
+
 void
 ktest_destroy_checksum(krb5_checksum **cs)
 {
@@ -1261,6 +1485,195 @@
     krb5_free_checksum_contents(NULL, &p->checksum);
 }
 
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_empty_pk_authenticator(krb5_pk_authenticator *p)
+{
+    ktest_empty_checksum(&p->paChecksum);
+    p->paChecksum.contents = NULL;
+}
+
+static void
+ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
+{
+    ktest_destroy_principal(&p->kdcName);
+    ktest_empty_data(&p->kdcRealm);
+}
+
+static void
+ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+    ktest_empty_data(&p->algorithm);
+    ktest_empty_data(&p->parameters);
+}
+
+static void
+ktest_empty_subject_pk_info(krb5_subject_pk_info *p)
+{
+    ktest_empty_algorithm_identifier(&p->algorithm);
+    ktest_empty_data(&p->subjectPublicKey);
+}
+
+static void
+ktest_empty_external_principal_identifier(
+    krb5_external_principal_identifier *p)
+{
+    ktest_empty_data(&p->subjectName);
+    ktest_empty_data(&p->issuerAndSerialNumber);
+    ktest_empty_data(&p->subjectKeyIdentifier);
+}
+
+static void
+ktest_empty_trusted_ca(krb5_trusted_ca *p)
+{
+    if (p->choice == choice_trusted_cas_principalName)
+        ktest_destroy_principal(&p->u.principalName);
+    else if (p->choice == choice_trusted_cas_caName)
+        ktest_empty_data(&p->u.caName);
+    else if (p->choice == choice_trusted_cas_issuerAndSerial)
+        ktest_empty_data(&p->u.issuerAndSerial);
+    p->choice = choice_trusted_cas_UNKNOWN;
+}
+
+void
+ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+    krb5_external_principal_identifier **pi;
+
+    ktest_empty_data(&p->signedAuthPack);
+    for (pi = p->trustedCertifiers; *pi != NULL; pi++) {
+        ktest_empty_external_principal_identifier(*pi);
+        free(*pi);
+    }
+    free(p->trustedCertifiers);
+    p->trustedCertifiers = NULL;
+    ktest_empty_data(&p->kdcPkId);
+}
+
+void
+ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
+{
+    krb5_trusted_ca **ca;
+
+    ktest_empty_data(&p->signedAuthPack);
+    if (p->trustedCertifiers != NULL) {
+        for (ca = p->trustedCertifiers; *ca != NULL; ca++) {
+            ktest_empty_trusted_ca(*ca);
+            free(*ca);
+        }
+        free(p->trustedCertifiers);
+        p->trustedCertifiers = NULL;
+    }
+    ktest_empty_data(&p->kdcCert);
+    ktest_empty_data(&p->encryptionCert);
+}
+
+static void
+ktest_empty_dh_rep_info(krb5_dh_rep_info *p)
+{
+    ktest_empty_data(&p->dhSignedData);
+    ktest_empty_data(&p->serverDHNonce);
+    ktest_destroy_data(&p->kdfID);
+}
+
+void
+ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p)
+{
+    if (p->choice == choice_pa_pk_as_rep_dhInfo)
+        ktest_empty_dh_rep_info(&p->u.dh_Info);
+    else if (p->choice == choice_pa_pk_as_rep_encKeyPack)
+        ktest_empty_data(&p->u.encKeyPack);
+    p->choice = choice_pa_pk_as_rep_UNKNOWN;
+}
+
+void
+ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p)
+{
+    if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
+        ktest_empty_data(&p->u.dhSignedData);
+    else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
+        ktest_empty_data(&p->u.encKeyPack);
+    p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
+}
+
+void
+ktest_empty_auth_pack(krb5_auth_pack *p)
+{
+    krb5_algorithm_identifier **ai;
+    krb5_data **d;
+
+    ktest_empty_pk_authenticator(&p->pkAuthenticator);
+    if (p->clientPublicValue != NULL) {
+        ktest_empty_subject_pk_info(p->clientPublicValue);
+        free(p->clientPublicValue);
+        p->clientPublicValue = NULL;
+    }
+    if (p->supportedCMSTypes != NULL) {
+        for (ai = p->supportedCMSTypes; *ai != NULL; ai++) {
+            ktest_empty_algorithm_identifier(*ai);
+            free(*ai);
+        }
+        free(p->supportedCMSTypes);
+        p->supportedCMSTypes = NULL;
+    }
+    ktest_empty_data(&p->clientDHNonce);
+    if (p->supportedKDFs != NULL) {
+        for (d = p->supportedKDFs; *d != NULL; d++) {
+            ktest_empty_data(*d);
+            free(*d);
+        }
+        free(p->supportedKDFs);
+        p->supportedKDFs = NULL;
+    }
+}
+
+void
+ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p)
+{
+    ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator);
+    if (p->clientPublicValue != NULL) {
+        ktest_empty_subject_pk_info(p->clientPublicValue);
+        free(p->clientPublicValue);
+        p->clientPublicValue = NULL;
+    }
+}
+
+void
+ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+    ktest_empty_data(&p->subjectPublicKey);
+}
+
+void
+ktest_empty_reply_key_pack(krb5_reply_key_pack *p)
+{
+    ktest_empty_keyblock(&p->replyKey);
+    ktest_empty_checksum(&p->asChecksum);
+}
+
+void
+ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
+{
+    ktest_empty_keyblock(&p->replyKey);
+}
+
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+    ktest_empty_algorithm_identifier(&p->algorithm_identifier);
+    ktest_destroy_principal(&p->party_u_info);
+    ktest_destroy_principal(&p->party_v_info);
+    ktest_empty_data(&p->supp_pub_info);
+}
+
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+    ktest_empty_data(&p->as_req);
+    ktest_empty_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
 #ifdef ENABLE_LDAP
 void
 ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p)

Modified: trunk/src/tests/asn.1/ktest.h
===================================================================
--- trunk/src/tests/asn.1/ktest.h	2012-01-06 20:51:57 UTC (rev 25608)
+++ trunk/src/tests/asn.1/ktest.h	2012-01-06 20:52:02 UTC (rev 25609)
@@ -94,6 +94,24 @@
 void ktest_make_sample_iakerb_header(krb5_iakerb_header *p);
 void ktest_make_sample_iakerb_finished(krb5_iakerb_finished *p);
 
+#ifndef DISABLE_PKINIT
+void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
+void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(
+    krb5_pa_pk_as_rep_draft9 *p);
+void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(
+    krb5_pa_pk_as_rep_draft9 *p);
+void ktest_make_sample_auth_pack(krb5_auth_pack *p);
+void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p);
+void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
+void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
 #ifdef ENABLE_LDAP
 void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p);
 #endif
@@ -161,6 +179,20 @@
 void ktest_empty_iakerb_header(krb5_iakerb_header *p);
 void ktest_empty_iakerb_finished(krb5_iakerb_finished *p);
 
+#ifndef DISABLE_PKINIT
+void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
+void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p);
+void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p);
+void ktest_empty_auth_pack(krb5_auth_pack *p);
+void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p);
+void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_empty_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
 #ifdef ENABLE_LDAP
 void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p);
 #endif

Added: trunk/src/tests/asn.1/pkinit_encode.out
===================================================================
--- trunk/src/tests/asn.1/pkinit_encode.out	                        (rev 0)
+++ trunk/src/tests/asn.1/pkinit_encode.out	2012-01-06 20:52:02 UTC (rev 25609)
@@ -0,0 +1,13 @@
+encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_req_draft9: 30 52 80 08 6B 72 62 35 64 61 74 61 A1 32 30 30 80 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 83 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(dhInfo): A0 26 30 24 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack: 30 81 93 A0 29 30 27 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61
+encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A
+encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 01 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61

Added: trunk/src/tests/asn.1/pkinit_trval.out
===================================================================
--- trunk/src/tests/asn.1/pkinit_trval.out	                        (rev 0)
+++ trunk/src/tests/asn.1/pkinit_trval.out	2012-01-06 20:52:02 UTC (rev 25609)
@@ -0,0 +1,160 @@
+encode_krb5_pa_pk_as_req:
+
+[Sequence/Sequence Of] 
+.  [0] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+.  [1] [Sequence/Sequence Of] 
+.  .  [Sequence/Sequence Of] 
+.  .  .  [0] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+.  .  .  [1] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+.  .  .  [2] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+.  [2] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+
+encode_krb5_pa_pk_as_req_draft9:
+
+[Sequence/Sequence Of] 
+.  [0] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+.  [1] [Sequence/Sequence Of] 
+.  .  [0] <26>
+         30 18 a0 03 02 01 01 a1 11 30 0f 1b 06 68 66     0........0...hf
+         74 73 61 69 1b 05 65 78 74 72 61                 tsai..extra
+.  .  [1] <8>
+         6b 72 62 35 64 61 74 61                          krb5data
+.  .  [2] <8>
+         6b 72 62 35 64 61 74 61                          krb5data
+.  [2] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+.  [3] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+
+encode_krb5_pa_pk_as_rep(dhInfo):
+
+[CONT 0] 
+.  [Sequence/Sequence Of] 
+.  .  [0] <8>
+         6b 72 62 35 64 61 74 61                          krb5data
+.  .  [1] <8>
+         6b 72 62 35 64 61 74 61                          krb5data
+.  .  [2] [Sequence/Sequence Of] 
+.  .  .  [0] [Object Identifier] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+
+encode_krb5_pa_pk_as_rep(encKeyPack):
+
+[CONT 1] <8>
+   6b 72 62 35 64 61 74 61                                krb5data
+
+encode_krb5_pa_pk_as_rep_draft9(dhSignedData):
+
+[CONT 0] <8>
+   6b 72 62 35 64 61 74 61                                krb5data
+
+encode_krb5_pa_pk_as_rep_draft9(encKeyPack):
+
+[CONT 1] <8>
+   6b 72 62 35 64 61 74 61                                krb5data
+
+encode_krb5_auth_pack:
+
+[Sequence/Sequence Of] 
+.  [0] [Sequence/Sequence Of] 
+.  .  [0] [Integer] 123456
+.  .  [1] [Generalized Time] "19940610060317Z"
+.  .  [2] [Integer] 42
+.  .  [3] [Octet String] "1234"
+.  [1] [Sequence/Sequence Of] 
+.  .  [Sequence/Sequence Of] 
+.  .  .  [Object Identifier] <9>
+            2a 86 48 86 f7 12 01 02 02                       *.H......
+.  .  .  [Octet String] "params"
+.  .  [Bit String] <9>
+         00 6b 72 62 35 64 61 74 61                       .krb5data
+.  [2] [Sequence/Sequence Of] 
+.  .  [Sequence/Sequence Of] 
+.  .  .  [Object Identifier] <9>
+            2a 86 48 86 f7 12 01 02 02                       *.H......
+.  .  .  [Octet String] "params"
+.  .  [Sequence/Sequence Of] 
+.  .  .  [Object Identifier] <9>
+            2a 86 48 86 f7 12 01 02 02                       *.H......
+.  [3] [Octet String] "krb5data"
+.  [4] [Sequence/Sequence Of] 
+.  .  [Sequence/Sequence Of] 
+.  .  .  [0] [Object Identifier] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+
+encode_krb5_auth_pack_draft9:
+
+[Sequence/Sequence Of] 
+.  [0] [Sequence/Sequence Of] 
+.  .  [0] [Sequence/Sequence Of] 
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Sequence/Sequence Of] 
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [1] [General string] "ATHENA.MIT.EDU"
+.  .  [2] [Integer] 123456
+.  .  [3] [Generalized Time] "19940610060317Z"
+.  .  [4] [Integer] 42
+.  [1] [Sequence/Sequence Of] 
+.  .  [Sequence/Sequence Of] 
+.  .  .  [Object Identifier] <9>
+            2a 86 48 86 f7 12 01 02 02                       *.H......
+.  .  .  [Octet String] "params"
+.  .  [Bit String] <9>
+         00 6b 72 62 35 64 61 74 61                       .krb5data
+
+encode_krb5_kdc_dh_key_info:
+
+[Sequence/Sequence Of] 
+.  [0] [Bit String] <9>
+      00 6b 72 62 35 64 61 74 61                          .krb5data
+.  [1] [Integer] 42
+.  [2] [Generalized Time] "19940610060317Z"
+
+encode_krb5_reply_key_pack:
+
+[Sequence/Sequence Of] 
+.  [0] [Sequence/Sequence Of] 
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "12345678"
+.  [1] [Sequence/Sequence Of] 
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+
+encode_krb5_reply_key_pack_draft9:
+
+[Sequence/Sequence Of] 
+.  [0] [Sequence/Sequence Of] 
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "12345678"
+.  [1] [Integer] 42
+
+encode_krb5_sp80056a_other_info:
+
+[Sequence/Sequence Of] 
+.  [Sequence/Sequence Of] 
+.  .  [Object Identifier] <9>
+         2a 86 48 86 f7 12 01 02 02                       *.H......
+.  [0] [Octet String] <48>
+      30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54     0.....ATHENA.MIT
+      2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30     .EDU..0........0
+      0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61     ...hftsai..extra
+.  [1] [Octet String] <48>
+      30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54     0.....ATHENA.MIT
+      2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30     .EDU..0........0
+      0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61     ...hftsai..extra
+.  [2] [Octet String] "krb5data"
+
+encode_krb5_pkinit_supp_pub_info:
+
+[Sequence/Sequence Of] 
+.  [0] [Integer] 1
+.  [1] [Octet String] "krb5data"
+.  [2] [Octet String] "krb5data"
+

Modified: trunk/src/tests/asn.1/trval.c
===================================================================
--- trunk/src/tests/asn.1/trval.c	2012-01-06 20:51:57 UTC (rev 25608)
+++ trunk/src/tests/asn.1/trval.c	2012-01-06 20:52:02 UTC (rev 25609)
@@ -221,8 +221,8 @@
 
     print_tag_type(fp, eid, lev);
 
-    if (print_context_shortcut &&
-        ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) {
+    if (print_context_shortcut && (eid & ID_CLASS) == CLASS_CONT &&
+        (eid & ID_FORM) == FORM_CONS && lev > 0) {
         rlen_ext += 2 + xlen;
         enc += 2 + xlen;
         goto context_restart;



More information about the cvs-krb5 mailing list