tests/krb5: Add ASN.1 definitions for Windows 2000 PK-INIT

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 103 insertions, 1 deletions

diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1
index 2b63a729327..62af4207d61 100644
--- a/python/samba/tests/krb5/rfc4120.asn1
+++ b/python/samba/tests/krb5/rfc4120.asn1
@@ -1476,6 +1476,44 @@ encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}
 
 des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}
 
+-- Windows 2000 PK-INIT definitions
+
+PKAuthenticator-Win2k ::= SEQUENCE {
+   kdcName                 [0] PrincipalName,
+   kdcRealm                [1] Realm,
+   cusec                   [2] INTEGER (0..4294967295),
+   ctime                   [3] KerberosTime,
+   nonce                   [4] INTEGER (-2147483648..2147483647)
+}
+
+AuthPack-Win2k ::= SEQUENCE {
+   pkAuthenticator         [0] PKAuthenticator-Win2k
+}
+
+TrustedCA-Win2k ::= CHOICE {
+   caName                  [1] ANY,
+   issuerAndSerial         [2] IssuerAndSerialNumber
+}
+
+PA-PK-AS-REQ-Win2k ::= SEQUENCE {
+   signedAuthPack          [0] IMPLICIT OCTET STRING,
+   trustedCertifiers       [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
+   kdcCert                 [3] IMPLICIT OCTET STRING OPTIONAL,
+   encryptionCert          [4] IMPLICIT OCTET STRING OPTIONAL,
+   ...
+}
+
+PA-PK-AS-REP-Win2k ::= CHOICE {
+   dhSignedData            [0] IMPLICIT OCTET STRING,
+   encKeyPack              [1] IMPLICIT OCTET STRING
+}
+
+ReplyKeyPack-Win2k ::= SEQUENCE {
+   replyKey                [0] EncryptionKey,
+   nonce                   [1] INTEGER (-2147483648..2147483647),
+   ...
+}
+
 --
 
 id-pkinit-ms-san OBJECT IDENTIFIER ::= {
diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py
index 8bebba681b3..8bf7e3fb66a 100644
--- a/python/samba/tests/krb5/rfc4120_pyasn1.py
+++ b/python/samba/tests/krb5/rfc4120_pyasn1.py
@@ -1,5 +1,5 @@
 # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
-# (last modified on 2023-07-03 09:37:15.502641)
+# (last modified on 2023-07-04 13:41:26.112349)
 
 # KerberosV5Spec2
 from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
@@ -900,6 +900,28 @@ AuthPack.componentType = namedtype.NamedTypes(
 )
 
 
+class PKAuthenticator_Win2k(univ.Sequence):
+    pass
+
+
+PKAuthenticator_Win2k.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('kdcName', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('kdcRealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('cusec', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 4294967295)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.NamedType('nonce', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(-2147483648, 2147483647)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
+class AuthPack_Win2k(univ.Sequence):
+    pass
+
+
+AuthPack_Win2k.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkAuthenticator', PKAuthenticator_Win2k().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
 class EncryptionKey(univ.Sequence):
     pass
 
@@ -2185,6 +2207,16 @@ PA_PK_AS_REP.componentType = namedtype.NamedTypes(
 )
 
 
+class PA_PK_AS_REP_Win2k(univ.Choice):
+    pass
+
+
+PA_PK_AS_REP_Win2k.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('dhSignedData', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('encKeyPack', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
 class PA_PK_AS_REQ(univ.Sequence):
     pass
 
@@ -2196,6 +2228,28 @@ PA_PK_AS_REQ.componentType = namedtype.NamedTypes(
 )
 
 
+class TrustedCA_Win2k(univ.Choice):
+    pass
+
+
+TrustedCA_Win2k.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('caName', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('issuerAndSerial', IssuerAndSerialNumber().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+class PA_PK_AS_REQ_Win2k(univ.Sequence):
+    pass
+
+
+PA_PK_AS_REQ_Win2k.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('signedAuthPack', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('trustedCertifiers', univ.SequenceOf(componentType=TrustedCA_Win2k()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('kdcCert', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('encryptionCert', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
 class PA_S4U2Self(univ.Sequence):
     pass
 
@@ -2318,6 +2372,16 @@ ReplyKeyPack.componentType = namedtype.NamedTypes(
 )
 
 
+class ReplyKeyPack_Win2k(univ.Sequence):
+    pass
+
+
+ReplyKeyPack_Win2k.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('replyKey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('nonce', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(-2147483648, 2147483647)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
 class SignatureValue(univ.OctetString):
     pass