1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* tests/asn.1/make-vectors.c - Generate ASN.1 test vectors using asn1c */
3 /*
4 * Copyright (C) 2011 by the Massachusetts Institute of Technology.
5 * All rights reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 /*
28 * This program generates test vectors using asn1c, to be included in other
29 * test programs which exercise the krb5 ASN.1 encoder and decoder functions.
30 * It is intended to be used via "make test-vectors". Currently, test vectors
31 * are only generated for a subset of newer ASN.1 objects.
32 */
33
34 #include <PrincipalName.h>
35 #include <KRB5PrincipalName.h>
36 #include <OtherInfo.h>
37 #include <PkinitSuppPubInfo.h>
38 #include <OTP-TOKENINFO.h>
39 #include <PA-OTP-CHALLENGE.h>
40 #include <PA-OTP-REQUEST.h>
41 #include <PA-OTP-ENC-REQUEST.h>
42 #include <AD-CAMMAC.h>
43 #include <SPAKESecondFactor.h>
44 #include <PA-SPAKE.h>
45
46 static unsigned char buf[8192];
47 static size_t buf_pos;
48
49 /* PrincipalName and KRB5PrincipalName */
50 static KerberosString_t comp_1 = { "hftsai", 6 };
51 static KerberosString_t comp_2 = { "extra", 5 };
52 static KerberosString_t *comps[] = { &comp_1, &comp_2 };
53 static PrincipalName_t princ = { 1, { comps, 2, 2 } };
54 static KRB5PrincipalName_t krb5princ = { { "ATHENA.MIT.EDU", 14 },
55 { 1, { comps, 2, 2 } } };
56
57 /* OtherInfo */
58 static unsigned int krb5_arcs[] = { 1, 2, 840, 113554, 1, 2, 2 };
59 static OCTET_STRING_t krb5data_ostring = { "krb5data", 8 };
60 static OtherInfo_t other_info = {
61 { 0 }, { 0 }, { 0 }, /* Initialized in main() */
62 &krb5data_ostring, NULL
63 };
64
65 /* PkinitSuppPubInfo */
66 static PkinitSuppPubInfo_t supp_pub_info = { 1, { "krb5data", 8 },
67 { "krb5data", 8 } };
68
69 /* Minimal OTP-TOKENINFO */
70 static OTP_TOKENINFO_t token_info_1 = { { "\0\0\0\0", 4, 0 } };
71
72 /* Maximal OTP-TOKENINFO */
73 static UTF8String_t vendor = { "Examplecorp", 11 };
74 static OCTET_STRING_t challenge = { "hark!", 5 };
75 static Int32_t otp_length = 10;
76 static OTPFormat_t otp_format; /* Initialized to 2 in main(). */
77 static OCTET_STRING_t token_id = { "yourtoken", 9 };
78 static AnyURI_t otp_alg = { "urn:ietf:params:xml:ns:keyprov:pskc:hotp", 40 };
79 static unsigned int sha256_arcs[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
80 static unsigned int sha1_arcs[] = { 1, 3, 14, 3, 2, 26 };
81 static AlgorithmIdentifier_t alg_sha256, alg_sha1; /* Initialized in main(). */
82 static AlgorithmIdentifier_t *algs[] = { &alg_sha256, &alg_sha1 };
83 static struct supportedHashAlg hash_algs = { algs, 2, 2 };
84 static Int32_t iter_count = 1000;
85 /* Flags are nextOTP | combine | collect-pin | must-encrypt-nonce |
86 * separate-pin-required | check-digit */
87 static OTP_TOKENINFO_t token_info_2 = { { "\x77\0\0\0", 4, 0 }, &vendor,
88 &challenge, &otp_length, &otp_format,
89 &token_id, &otp_alg, &hash_algs,
90 &iter_count };
91
92 /* Minimal PA-OTP-CHALLENGE */
93 static OTP_TOKENINFO_t *tinfo_1[] = { &token_info_1 };
94 static PA_OTP_CHALLENGE_t challenge_1 = { { "minnonce", 8 }, NULL,
95 { { tinfo_1, 1, 1 } } };
96
97 /* Maximal PA-OTP-CHALLENGE */
98 static OTP_TOKENINFO_t *tinfo_2[] = { &token_info_1, &token_info_2 };
99 static UTF8String_t service = { "testservice", 11 };
100 static KerberosString_t salt = { "keysalt", 7 };
101 static OCTET_STRING_t s2kparams = { "1234", 4 };
102 static PA_OTP_CHALLENGE_t challenge_2 = { { "maxnonce", 8 }, &service,
103 { { tinfo_2, 2, 2 } }, &salt,
104 &s2kparams };
105
106 /* Minimal PA-OTP-REQUEST */
107 static UInt32_t kvno = 5;
108 static PA_OTP_REQUEST_t request_1 = { { "\0\0\0\0", 4, 0 }, NULL,
109 { 0, &kvno,
110 { "krbASN.1 test message", 21 } } };
111
112 /* Maximal PA-OTP-REQUEST */
113 /* Flags are nextOTP | combine */
114 static OCTET_STRING_t nonce = { "nonce", 5 };
115 static OCTET_STRING_t otp_value = { "frogs", 5 };
116 static UTF8String_t otp_pin = { "myfirstpin", 10 };
117 /* Corresponds to Unix time 771228197 */
118 static KerberosTime_t otp_time = { "19940610060317Z", 15 };
119 static OCTET_STRING_t counter = { "346", 3 };
120 static PA_OTP_REQUEST_t request_2 = { { "\x60\0\0\0", 4, 0 }, &nonce,
121 { 0, &kvno,
122 { "krbASN.1 test message", 21 } },
123 &alg_sha256, &iter_count, &otp_value,
124 &otp_pin, &challenge, &otp_time,
125 &counter, &otp_format, &token_id,
126 &otp_alg, &vendor };
127
128 /* PA-OTP-ENC-REQUEST */
129 static PA_OTP_ENC_REQUEST_t enc_request = { { "krb5data", 8 } };
130
131 /*
132 * There is no ASN.1 name for a single authorization data element, so asn1c
133 * declares it as "struct Member" in an inner scope. This structure must be
134 * laid out identically to that one.
135 */
136 struct ad_element {
137 Int32_t ad_type;
138 OCTET_STRING_t ad_data;
139 asn_struct_ctx_t _asn_ctx;
140 };
141
142 /* Authorization data elements and lists, for use in CAMMAC */
143 static struct ad_element ad_1 = { 1, { "ad1", 3 } };
144 static struct ad_element ad_2 = { 2, { "ad2", 3 } };
145 static struct ad_element *adlist_1[] = { &ad_1 };
146 static struct ad_element *adlist_2[] = { &ad_1, &ad_2 };
147
148 /* Minimal Verifier */
149 static Verifier_t verifier_1 = { Verifier_PR_mac,
150 { { NULL, NULL, NULL,
151 { 1, { "cksum1", 6 } } } } };
152
153 /* Maximal Verifier */
154 static Int32_t enctype = 16;
155 static Verifier_t verifier_2 = { Verifier_PR_mac,
156 { { &princ, &kvno, &enctype,
157 { 1, { "cksum2", 6 } } } } };
158
159 /* Minimal CAMMAC */
160 static AD_CAMMAC_t cammac_1 = { { { (void *)adlist_1, 1, 1 } },
161 NULL, NULL, NULL };
162
163 /* Maximal CAMMAC */
164 static Verifier_MAC_t vmac_1 = { &princ, &kvno, &enctype,
165 { 1, { "cksumkdc", 8 } } };
166 static Verifier_MAC_t vmac_2 = { &princ, &kvno, &enctype,
167 { 1, { "cksumsvc", 8 } } };
168 static Verifier_t *verifiers[] = { &verifier_1, &verifier_2 };
169 static struct other_verifiers overfs = { { verifiers, 2, 2 } };
170 static AD_CAMMAC_t cammac_2 = { { { (void *)adlist_2, 2, 2 } },
171 &vmac_1, &vmac_2, &overfs };
172
173 /* SPAKESecondFactor */
174 static SPAKESecondFactor_t factor_1 = { 1, NULL };
175 static OCTET_STRING_t factor_data = { "fdata", 5 };
176 static SPAKESecondFactor_t factor_2 = { 2, &factor_data };
177
178 /* PA-SPAKE (support) */
179 static Int32_t group_1 = 1, group_2 = 2, *groups[] = { &group_1, &group_2 };
180 static PA_SPAKE_t pa_spake_1 = { PA_SPAKE_PR_support,
181 { .support = { { groups, 2, 2 } } } };
182
183 /* PA-SPAKE (challenge) */
184 static SPAKESecondFactor_t *factors[2] = { &factor_1, &factor_2 };
185 static PA_SPAKE_t pa_spake_2 = { PA_SPAKE_PR_challenge,
186 { .challenge = { 1, { "T value", 7 },
187 { factors, 2, 2 } } } };
188
189 /* PA-SPAKE (response) */
190 UInt32_t enctype_5 = 5;
191 static PA_SPAKE_t pa_spake_3 = { PA_SPAKE_PR_response,
192 { .response = { { "S value", 7 },
193 { 0, &enctype_5,
194 { "krbASN.1 test message",
195 21 } } } } };
196
197 /* PA-SPAKE (encdata) */
198 static PA_SPAKE_t pa_spake_4 = { PA_SPAKE_PR_encdata,
199 { .encdata = { 0, &enctype_5,
200 { "krbASN.1 test message",
201 21 } } } };
202
203 static int
consume(const void * data,size_t size,void * dummy)204 consume(const void *data, size_t size, void *dummy)
205 {
206 memcpy(buf + buf_pos, data, size);
207 buf_pos += size;
208 return 0;
209 }
210
211 /* Display a C string literal representing the contents of buf, and
212 * reinitialize buf_pos for the next encoding operation. */
213 static void
printbuf(void)214 printbuf(void)
215 {
216 size_t i;
217
218 for (i = 0; i < buf_pos; i++) {
219 printf("%02X", buf[i]);
220 if (i + 1 < buf_pos)
221 printf(" ");
222 }
223 buf_pos = 0;
224 }
225
226 int
main()227 main()
228 {
229 /* Initialize values which can't use static initializers. */
230 asn_long2INTEGER(&otp_format, 2); /* Alphanumeric */
231 OBJECT_IDENTIFIER_set_arcs(&alg_sha256.algorithm, sha256_arcs,
232 sizeof(*sha256_arcs),
233 sizeof(sha256_arcs) / sizeof(*sha256_arcs));
234 OBJECT_IDENTIFIER_set_arcs(&alg_sha1.algorithm, sha1_arcs,
235 sizeof(*sha1_arcs),
236 sizeof(sha1_arcs) / sizeof(*sha1_arcs));
237 OBJECT_IDENTIFIER_set_arcs(&other_info.algorithmID.algorithm, krb5_arcs,
238 sizeof(*krb5_arcs),
239 sizeof(krb5_arcs) / sizeof(*krb5_arcs));
240
241 printf("PrincipalName:\n");
242 der_encode(&asn_DEF_PrincipalName, &princ, consume, NULL);
243 printbuf();
244
245 /* Print this encoding and also use it to initialize two fields of
246 * other_info. */
247 printf("\nKRB5PrincipalName:\n");
248 der_encode(&asn_DEF_KRB5PrincipalName, &krb5princ, consume, NULL);
249 OCTET_STRING_fromBuf(&other_info.partyUInfo, buf, buf_pos);
250 OCTET_STRING_fromBuf(&other_info.partyVInfo, buf, buf_pos);
251 printbuf();
252
253 printf("\nOtherInfo:\n");
254 der_encode(&asn_DEF_OtherInfo, &other_info, consume, NULL);
255 printbuf();
256 free(other_info.partyUInfo.buf);
257 free(other_info.partyVInfo.buf);
258
259 printf("\nPkinitSuppPubInfo:\n");
260 der_encode(&asn_DEF_PkinitSuppPubInfo, &supp_pub_info, consume, NULL);
261 printbuf();
262
263 printf("\nMinimal OTP-TOKEN-INFO:\n");
264 der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_1, consume, NULL);
265 printbuf();
266
267 printf("\nMaximal OTP-TOKEN-INFO:\n");
268 der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_2, consume, NULL);
269 printbuf();
270
271 printf("\nMinimal PA-OTP-CHALLENGE:\n");
272 der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_1, consume, NULL);
273 printbuf();
274
275 printf("\nMaximal PA-OTP-CHALLENGE:\n");
276 der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_2, consume, NULL);
277 printbuf();
278
279 printf("\nMinimal PA-OTP-REQUEST:\n");
280 der_encode(&asn_DEF_PA_OTP_REQUEST, &request_1, consume, NULL);
281 printbuf();
282
283 printf("\nMaximal PA-OTP-REQUEST:\n");
284 der_encode(&asn_DEF_PA_OTP_REQUEST, &request_2, consume, NULL);
285 printbuf();
286
287 printf("\nPA-OTP-ENC-REQUEST:\n");
288 der_encode(&asn_DEF_PA_OTP_ENC_REQUEST, &enc_request, consume, NULL);
289 printbuf();
290
291 printf("\nMinimal Verifier:\n");
292 der_encode(&asn_DEF_Verifier, &verifier_1, consume, NULL);
293 printbuf();
294
295 printf("\nMaximal Verifier:\n");
296 der_encode(&asn_DEF_Verifier, &verifier_2, consume, NULL);
297 printbuf();
298
299 printf("\nMinimal AD-CAMMAC:\n");
300 der_encode(&asn_DEF_AD_CAMMAC, &cammac_1, consume, NULL);
301 printbuf();
302
303 printf("\nMaximal AD-CAMMAC:\n");
304 der_encode(&asn_DEF_AD_CAMMAC, &cammac_2, consume, NULL);
305 printbuf();
306
307 printf("\nMinimal SPAKESecondFactor:\n");
308 der_encode(&asn_DEF_SPAKESecondFactor, &factor_1, consume, NULL);
309 printbuf();
310
311 printf("\nMaximal SPAKESecondFactor:\n");
312 der_encode(&asn_DEF_SPAKESecondFactor, &factor_2, consume, NULL);
313 printbuf();
314
315 printf("\nPA-SPAKE (support):\n");
316 der_encode(&asn_DEF_PA_SPAKE, &pa_spake_1, consume, NULL);
317 printbuf();
318
319 printf("\nPA-SPAKE (challenge):\n");
320 der_encode(&asn_DEF_PA_SPAKE, &pa_spake_2, consume, NULL);
321 printbuf();
322
323 printf("\nPA-SPAKE (response):\n");
324 der_encode(&asn_DEF_PA_SPAKE, &pa_spake_3, consume, NULL);
325 printbuf();
326
327 printf("\nPA-SPAKE (encdata):\n");
328 der_encode(&asn_DEF_PA_SPAKE, &pa_spake_4, consume, NULL);
329 printbuf();
330
331 printf("\n");
332 return 0;
333 }
334