1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* plugins/preauth/pkinit/pkinit_constants.c */ 3 /* 4 * Copyright (C) 2011,2021 by the Massachusetts Institute of Technology. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * * Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 30 * OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "pkinit.h" 34 35 /* RFC 8636 id-pkinit-kdf-ah-sha1: iso(1) identified-organization(3) dod(6) 36 * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha1(1) */ 37 static char kdf_sha1[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x01 }; 38 /* RFC 8636 id-pkinit-kdf-ah-sha256: iso(1) identified-organization(3) dod(6) 39 * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha256(2) */ 40 static char kdf_sha256[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x02 }; 41 /* RFC 8636 id-pkinit-kdf-ah-sha512: iso(1) identified-organization(3) dod(6) 42 * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha512(3) */ 43 static char kdf_sha512[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x03 }; 44 45 const krb5_data kdf_sha1_id = { KV5M_DATA, sizeof(kdf_sha1), kdf_sha1 }; 46 const krb5_data kdf_sha256_id = { KV5M_DATA, sizeof(kdf_sha256), kdf_sha256 }; 47 const krb5_data kdf_sha512_id = { KV5M_DATA, sizeof(kdf_sha512), kdf_sha512 }; 48 49 krb5_data const * const supported_kdf_alg_ids[] = { 50 &kdf_sha256_id, 51 &kdf_sha1_id, 52 &kdf_sha512_id, 53 NULL 54 }; 55 56 /* RFC 3370 sha-1: iso(1) identified-organization(3) oiw(14) secsig(3) 57 * algorithm(2) 26 */ 58 static char cms_sha1[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a }; 59 /* RFC 5754 id-sha256: joint-iso-itu-t(2) country(16) us(840) organization(1) 60 * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 */ 61 static char cms_sha256[] = { 62 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 63 }; 64 /* RFC 5754 id-sha384: joint-iso-itu-t(2) country(16) us(840) organization(1) 65 * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 */ 66 static char cms_sha384[] = { 67 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 68 }; 69 /* RFC 5754 id-sha512: joint-iso-itu-t(2) country(16) us(840) organization(1) 70 * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 */ 71 static char cms_sha512[] = { 72 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 73 }; 74 75 const krb5_data cms_sha1_id = { KV5M_DATA, sizeof(cms_sha1), cms_sha1 }; 76 const krb5_data cms_sha256_id = { KV5M_DATA, sizeof(cms_sha256), cms_sha256 }; 77 const krb5_data cms_sha384_id = { KV5M_DATA, sizeof(cms_sha384), cms_sha384 }; 78 const krb5_data cms_sha512_id = { KV5M_DATA, sizeof(cms_sha512), cms_sha512 }; 79 80 /* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840) 81 * rsadsi(113549) pkcs(1) 1 11 */ 82 static char sha256WithRSAEncr_oid[9] = { 83 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b 84 }; 85 /* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840) 86 * rsadsi(113549) pkcs(1) 1 13 */ 87 static char sha512WithRSAEncr_oid[9] = { 88 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d 89 }; 90 91 /* RFC 3279 ecdsa-with-SHA1: iso(1) member-body(2) us(840) ansi-X9-62(10045) 92 * signatures(4) 1 */ 93 static char ecdsaWithSha1_oid[] = { 94 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01 95 }; 96 97 /* RFC 5758 ecdsa-with-SHA256: iso(1) member-body(2) us(840) ansi-X9-62(10045) 98 * signatures(4) ecdsa-with-SHA2(3) 2 */ 99 static char ecdsaWithSha256_oid[] = { 100 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02 101 }; 102 103 /* RFC 5758 ecdsa-with-SHA384: iso(1) member-body(2) us(840) ansi-X9-62(10045) 104 * signatures(4) ecdsa-with-SHA2(3) 3 */ 105 static char ecdsaWithSha384_oid[] = { 106 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03 107 }; 108 109 /* RFC 5758 ecdsa-with-SHA512: iso(1) member-body(2) us(840) ansi-X9-62(10045) 110 * signatures(4) ecdsa-with-SHA2(3) 4 */ 111 static char ecdsaWithSha512_oid[] = { 112 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04 113 }; 114 115 const krb5_data sha256WithRSAEncr_id = { 116 KV5M_DATA, sizeof(sha256WithRSAEncr_oid), sha256WithRSAEncr_oid 117 }; 118 const krb5_data sha512WithRSAEncr_id = { 119 KV5M_DATA, sizeof(sha512WithRSAEncr_oid), sha512WithRSAEncr_oid 120 }; 121 const krb5_data ecdsaWithSha1_id = { 122 KV5M_DATA, sizeof(ecdsaWithSha1_oid), ecdsaWithSha1_oid 123 }; 124 const krb5_data ecdsaWithSha256_id = { 125 KV5M_DATA, sizeof(ecdsaWithSha256_oid), ecdsaWithSha256_oid 126 }; 127 const krb5_data ecdsaWithSha384_id = { 128 KV5M_DATA, sizeof(ecdsaWithSha384_oid), ecdsaWithSha384_oid 129 }; 130 const krb5_data ecdsaWithSha512_id = { 131 KV5M_DATA, sizeof(ecdsaWithSha512_oid), ecdsaWithSha512_oid 132 }; 133 134 krb5_data const * const supported_cms_algs[] = { 135 &ecdsaWithSha512_id, 136 &ecdsaWithSha256_id, 137 &sha512WithRSAEncr_id, 138 &sha256WithRSAEncr_id, 139 NULL 140 }; 141 142 /* RFC 2412 section E.2 (well-known group 2) parameters, DER-encoded as 143 * DomainParameters (RFC 3279 section 2.3.3). */ 144 static const uint8_t o1024[] = { 145 0x30, 0x82, 0x01, 0x0A, 0x02, 0x81, 0x81, 0x00, 146 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 147 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 148 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 149 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 150 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 151 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 152 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 153 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 154 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 155 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 156 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 157 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 158 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 159 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, 160 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 161 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 162 0x02, 0x01, 0x02, 0x02, 0x81, 0x80, 0x7F, 0xFF, 163 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE4, 0x87, 164 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A, 0x62, 0x63, 165 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68, 0x94, 0x81, 166 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05, 167 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5, 168 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, 0xCA, 169 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, 0x98, 0x15, 170 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B, 0xA7, 0xF0, 171 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22, 0xF2, 0x42, 172 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63, 0x7A, 0x26, 173 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF, 174 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C, 175 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, 0x4F, 176 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, 0x24, 0x94, 177 0x33, 0x28, 0xF6, 0x73, 0x29, 0xC0, 0xFF, 0xFF, 178 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 179 }; 180 181 /* RFC 3526 section 3 (2048-bit MODP Group), RFC 3279 encoding */ 182 static const uint8_t o2048[] = { 183 0x30, 0x82, 0x02, 0x0C, 0x02, 0x82, 0x01, 0x01, 184 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 185 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 186 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 187 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 188 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 189 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 190 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 191 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 192 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 193 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 194 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 195 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 196 0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 197 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 198 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 199 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 200 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 201 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 202 0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 203 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 204 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 205 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 206 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 207 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 208 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 209 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 210 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 211 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 212 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 213 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 214 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 215 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 216 0xFF, 0x02, 0x01, 0x02, 0x02, 0x82, 0x01, 0x00, 217 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 218 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A, 219 0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68, 220 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A, 221 0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91, 222 0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 223 0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, 224 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B, 225 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22, 226 0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63, 227 0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5, 228 0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 229 0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 230 0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, 231 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E, 232 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82, 233 0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD, 234 0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF, 235 0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB, 236 0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 237 0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, 238 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02, 239 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE, 240 0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D, 241 0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01, 242 0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47, 243 0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 244 0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, 245 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72, 246 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88, 247 0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x56, 0x55, 0x34, 248 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 249 }; 250 251 /* RFC 3526 section 5 (4096-bit MODP Group), RFC 3279 encoding */ 252 static const uint8_t o4096[] = { 253 0x30, 0x82, 0x04, 0x0C, 0x02, 0x82, 0x02, 0x01, 254 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 255 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 256 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 257 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 258 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 259 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 260 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 261 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 262 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 263 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 264 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 265 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 266 0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 267 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 268 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 269 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 270 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 271 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 272 0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 273 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 274 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 275 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 276 0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 277 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 278 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 279 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 280 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 281 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 282 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 283 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 284 0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 285 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 286 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 287 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 288 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 289 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 290 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 291 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 292 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 293 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 294 0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 295 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 296 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 297 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 298 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 299 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 300 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 301 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 302 0xD7, 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 303 0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 304 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 305 0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 306 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 307 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 308 0xA6, 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 309 0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 310 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 311 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 312 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 313 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 314 0xA9, 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 315 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 316 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 317 0x99, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 318 0xFF, 0x02, 0x01, 0x02, 0x02, 0x82, 0x02, 0x00, 319 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 320 0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A, 321 0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68, 322 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A, 323 0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91, 324 0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 325 0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, 326 0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B, 327 0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22, 328 0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63, 329 0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5, 330 0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 331 0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 332 0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, 333 0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E, 334 0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82, 335 0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD, 336 0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF, 337 0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB, 338 0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D, 339 0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36, 340 0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02, 341 0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE, 342 0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D, 343 0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01, 344 0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47, 345 0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64, 346 0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C, 347 0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72, 348 0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88, 349 0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x55, 0x62, 0x16, 350 0xD6, 0x99, 0x8B, 0x86, 0x82, 0x28, 0x3D, 0x19, 351 0xD4, 0x2A, 0x90, 0xD5, 0xEF, 0x8E, 0x5D, 0x32, 352 0x76, 0x7D, 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85, 353 0x45, 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E, 354 0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, 0x63, 355 0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, 0x99, 0xEB, 356 0x8F, 0x46, 0x4A, 0x70, 0x25, 0x12, 0xB0, 0xCE, 357 0xE7, 0x71, 0xE9, 0x13, 0x0D, 0x69, 0x77, 0x35, 358 0xF8, 0x97, 0xFD, 0x03, 0x6C, 0xC5, 0x04, 0x32, 359 0x6C, 0x3B, 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32, 360 0x29, 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06, 361 0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, 0xB6, 362 0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, 0xA3, 0x71, 363 0x04, 0x71, 0x27, 0xD0, 0x3A, 0x72, 0xD5, 0x98, 364 0xA1, 0xED, 0xAD, 0xFE, 0x70, 0x7E, 0x88, 0x47, 365 0x25, 0xC1, 0x68, 0x90, 0x54, 0x90, 0x84, 0x00, 366 0x8D, 0x39, 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B, 367 0xC4, 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93, 368 0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, 0x1E, 369 0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, 0x85, 0xED, 370 0x12, 0xC1, 0xF4, 0xE5, 0x15, 0x6A, 0x26, 0x74, 371 0x6D, 0xDD, 0xE1, 0x6D, 0x82, 0x6F, 0x47, 0x7C, 372 0x97, 0x47, 0x7E, 0x0A, 0x0F, 0xDF, 0x65, 0x53, 373 0x14, 0x3E, 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E, 374 0xCC, 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1, 375 0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, 0xF6, 376 0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, 0x6B, 0xD7, 377 0xDC, 0x0D, 0xEE, 0xBB, 0x10, 0xB8, 0x24, 0x0E, 378 0x68, 0x03, 0x48, 0x93, 0xEA, 0xD8, 0x2D, 0x54, 379 0xC9, 0xDA, 0x75, 0x4C, 0x46, 0xC7, 0xEE, 0xE0, 380 0xC3, 0x7F, 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47, 381 0xA6, 0xFA, 0x1A, 0xE4, 0x9A, 0x03, 0x18, 0xCC, 382 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 383 }; 384 385 /* Named curve prime256v1 (1.2.840.10045.3.1.7) as parameters for RFC 3279 386 * section 2.3.5 id-ecPublicKey */ 387 static const uint8_t p256[] = { 388 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 389 }; 390 391 /* Named curve secp384r1 (1.3.132.0.34, from RFC 5480 section 2.1.1.1) as 392 * parameters for RFC 3279 section 2.3.5 id-ecPublicKey */ 393 static const uint8_t p384[] = { 394 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 395 }; 396 397 /* Named curve secp521r1 (1.3.132.0.35, from RFC 5480 section 2.1.1.1) as 398 * parameters for RFC 3279 section 2.3.5 id-ecPublicKey */ 399 static const uint8_t p521[] = { 400 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 401 }; 402 403 const krb5_data oakley_1024 = { KV5M_DATA, sizeof(o1024), (char *)o1024 }; 404 const krb5_data oakley_2048 = { KV5M_DATA, sizeof(o2048), (char *)o2048 }; 405 const krb5_data oakley_4096 = { KV5M_DATA, sizeof(o4096), (char *)o4096 }; 406 const krb5_data ec_p256 = { KV5M_DATA, sizeof(p256), (char *)p256 }; 407 const krb5_data ec_p384 = { KV5M_DATA, sizeof(p384), (char *)p384 }; 408 const krb5_data ec_p521 = { KV5M_DATA, sizeof(p521), (char *)p521 }; 409 410 /* RFC 3279 section 2.3.3 dhpublicnumber (1.2.840.10046.2.1) */ 411 const krb5_data dh_oid = { 0, 7, "\x2A\x86\x48\xce\x3e\x02\x01" }; 412 413 /* RFC 3279 section 2.3.5 id-ecPublicKey (1.2.840.10045.2.1) */ 414 const krb5_data ec_oid = { 0, 7, "\x2A\x86\x48\xCE\x3D\x02\x01" }; 415