tests/asn.1/ktest.c

/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* tests/asn.1/ktest.c */
/*
 * Copyright (C) 1994 by the Massachusetts Institute of Technology.
 * All rights reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */

#include "ktest.h"
#include "utility.h"
#include <stdlib.h>

char *sample_principal_name = "hftsai/extra@ATHENA.MIT.EDU";

void
ktest_make_sample_authenticator(krb5_authenticator *a)
{
    ktest_make_sample_principal(&a->client);
    a->checksum = ealloc(sizeof(krb5_checksum));
    ktest_make_sample_checksum(a->checksum);
    a->cusec = SAMPLE_USEC;
    a->ctime = SAMPLE_TIME;
    a->subkey = ealloc(sizeof(krb5_keyblock));
    ktest_make_sample_keyblock(a->subkey);
    a->seq_number = SAMPLE_SEQ_NUMBER;
    ktest_make_sample_authorization_data(&a->authorization_data);
}

void
ktest_make_sample_principal(krb5_principal *p)
{
    if (krb5_parse_name(test_context, sample_principal_name, p))
        abort();
}

void
ktest_make_sample_checksum(krb5_checksum *cs)
{
    cs->checksum_type = 1;
    cs->length = 4;
    cs->contents = ealloc(4);
    memcpy(cs->contents,"1234",4);
}

void
ktest_make_sample_keyblock(krb5_keyblock *kb)
{
    kb->magic = KV5M_KEYBLOCK;
    kb->enctype = 1;
    kb->length = 8;
    kb->contents = ealloc(8);
    memcpy(kb->contents,"12345678",8);
}

void
ktest_make_sample_ticket(krb5_ticket *tkt)
{
    ktest_make_sample_principal(&tkt->server);
    ktest_make_sample_enc_data(&tkt->enc_part);
    tkt->enc_part2 = NULL;
}

void
ktest_make_sample_enc_data(krb5_enc_data *ed)
{
    ed->kvno = 5;
    ed->enctype = 0;
    krb5_data_parse(&ed->ciphertext, "krbASN.1 test message");
}

void
ktest_make_sample_enc_tkt_part(krb5_enc_tkt_part *etp)
{
    etp->flags = SAMPLE_FLAGS;
    etp->session = ealloc(sizeof(krb5_keyblock));
    ktest_make_sample_keyblock(etp->session);
    ktest_make_sample_principal(&etp->client);
    ktest_make_sample_transited(&etp->transited);
    ktest_make_sample_ticket_times(&etp->times);
    ktest_make_sample_addresses(&etp->caddrs);
    ktest_make_sample_authorization_data(&etp->authorization_data);
}

void
ktest_make_sample_addresses(krb5_address ***caddrs)
{
    int i;

    *caddrs = ealloc(3 * sizeof(krb5_address *));
    for (i = 0; i < 2; i++) {
        (*caddrs)[i] = ealloc(sizeof(krb5_address));
        ktest_make_sample_address((*caddrs)[i]);
    }
    (*caddrs)[2] = NULL;
}

void
ktest_make_sample_authorization_data(krb5_authdata ***ad)
{
    int i;

    *ad = ealloc(3 * sizeof(krb5_authdata *));
    for (i = 0; i <= 1; i++) {
        (*ad)[i] = ealloc(sizeof(krb5_authdata));
        ktest_make_sample_authdata((*ad)[i]);
    }
    (*ad)[2] = NULL;
}

void
ktest_make_sample_transited(krb5_transited *t)
{
    t->tr_type = 1;
    krb5_data_parse(&t->tr_contents, "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.");
}

void
ktest_make_sample_ticket_times(krb5_ticket_times *tt)
{
    tt->authtime = SAMPLE_TIME;
    tt->starttime = SAMPLE_TIME;
    tt->endtime = SAMPLE_TIME;
    tt->renew_till = SAMPLE_TIME;
}

void
ktest_make_sample_address(krb5_address *a)
{
    a->addrtype = ADDRTYPE_INET;
    a->length = 4;
    a->contents = ealloc(4 * sizeof(krb5_octet));
    a->contents[0] = 18;
    a->contents[1] = 208;
    a->contents[2] = 0;
    a->contents[3] = 35;
}

void
ktest_make_sample_authdata(krb5_authdata *ad)
{
    ad->ad_type = 1;
    ad->length = 6;
    ad->contents = ealloc(6 * sizeof(krb5_octet));
    memcpy(ad->contents, "foobar", 6);
}

void
ktest_make_sample_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr)
{
    ekr->session = ealloc(sizeof(krb5_keyblock));
    ktest_make_sample_keyblock(ekr->session);
    ktest_make_sample_last_req(&ekr->last_req);
    ekr->nonce = SAMPLE_NONCE;
    ekr->key_exp = SAMPLE_TIME;
    ekr->flags = SAMPLE_FLAGS;
    ekr->times.authtime = SAMPLE_TIME;
    ekr->times.starttime = SAMPLE_TIME;
    ekr->times.endtime = SAMPLE_TIME;
    ekr->times.renew_till = SAMPLE_TIME;
    ktest_make_sample_principal(&ekr->server);
    ktest_make_sample_addresses(&ekr->caddrs);
}

void
ktest_make_sample_last_req(krb5_last_req_entry ***lr)
{
    int i;

    *lr = ealloc(3 * sizeof(krb5_last_req_entry *));
    for (i = 0; i <= 1; i++)
        ktest_make_sample_last_req_entry(&(*lr)[i]);
    (*lr)[2] = NULL;
}

void
ktest_make_sample_last_req_entry(krb5_last_req_entry **lre)
{
    *lre = ealloc(sizeof(krb5_last_req_entry));
    (*lre)->lr_type = -5;
    (*lre)->value = SAMPLE_TIME;
}

void
ktest_make_sample_kdc_rep(krb5_kdc_rep *kdcr)
{
    ktest_make_sample_pa_data_array(&kdcr->padata);
    ktest_make_sample_principal(&kdcr->client);
    kdcr->ticket = ealloc(sizeof(krb5_ticket));
    ktest_make_sample_ticket(kdcr->ticket);
    ktest_make_sample_enc_data(&kdcr->enc_part);
    kdcr->enc_part2 = NULL;
}

void
ktest_make_sample_pa_data_array(krb5_pa_data ***pad)
{
    int i;

    *pad = ealloc(3 * sizeof(krb5_pa_data *));
    for (i = 0; i <= 1; i++) {
        (*pad)[i] = ealloc(sizeof(krb5_pa_data));
        ktest_make_sample_pa_data((*pad)[i]);
    }
    (*pad)[2] = NULL;
}

void
ktest_make_sample_empty_pa_data_array(krb5_pa_data ***pad)
{
    *pad = ealloc(sizeof(krb5_pa_data *));
    (*pad)[0] = NULL;
}

void
ktest_make_sample_pa_data(krb5_pa_data *pad)
{
    pad->pa_type = 13;
    pad->length = 7;
    pad->contents = ealloc(7);
    memcpy(pad->contents, "pa-data", 7);
}

void
ktest_make_sample_ap_req(krb5_ap_req *ar)
{
    ar->ap_options = SAMPLE_FLAGS;
    ar->ticket = ealloc(sizeof(krb5_ticket));
    ktest_make_sample_ticket(ar->ticket);
    ktest_make_sample_enc_data(&(ar->authenticator));
}

void
ktest_make_sample_ap_rep(krb5_ap_rep *ar)
{
    ktest_make_sample_enc_data(&ar->enc_part);
}

void
ktest_make_sample_ap_rep_enc_part(krb5_ap_rep_enc_part *arep)
{
    arep->ctime = SAMPLE_TIME;
    arep->cusec = SAMPLE_USEC;
    arep->subkey = ealloc(sizeof(krb5_keyblock));
    ktest_make_sample_keyblock(arep->subkey);
    arep->seq_number = SAMPLE_SEQ_NUMBER;
}

void
ktest_make_sample_kdc_req(krb5_kdc_req *kr)
{
    /* msg_type is left up to the calling procedure */
    ktest_make_sample_pa_data_array(&kr->padata);
    kr->kdc_options = SAMPLE_FLAGS;
    ktest_make_sample_principal(&(kr->client));
    ktest_make_sample_principal(&(kr->server));
    kr->from = SAMPLE_TIME;
    kr->till = SAMPLE_TIME;
    kr->rtime = SAMPLE_TIME;
    kr->nonce = SAMPLE_NONCE;
    kr->nktypes = 2;
    kr->ktype = ealloc(2 * sizeof(krb5_enctype));
    kr->ktype[0] = 0;
    kr->ktype[1] = 1;
    ktest_make_sample_addresses(&kr->addresses);
    ktest_make_sample_enc_data(&kr->authorization_data);
    ktest_make_sample_authorization_data(&kr->unenc_authdata);
    ktest_make_sample_sequence_of_ticket(&kr->second_ticket);
}

void
ktest_make_sample_kdc_req_body(krb5_kdc_req *krb)
{
    krb->kdc_options = SAMPLE_FLAGS;
    ktest_make_sample_principal(&krb->client);
    ktest_make_sample_principal(&krb->server);
    krb->from = SAMPLE_TIME;
    krb->till = SAMPLE_TIME;
    krb->rtime = SAMPLE_TIME;
    krb->nonce = SAMPLE_NONCE;
    krb->nktypes = 2;
    krb->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype));
    krb->ktype[0] = 0;
    krb->ktype[1] = 1;
    ktest_make_sample_addresses(&krb->addresses);
    ktest_make_sample_enc_data(&krb->authorization_data);
    ktest_make_sample_authorization_data(&krb->unenc_authdata);
    ktest_make_sample_sequence_of_ticket(&krb->second_ticket);
}

void
ktest_make_sample_safe(krb5_safe *s)
{
    ktest_make_sample_data(&s->user_data);
    s->timestamp = SAMPLE_TIME;
    s->usec = SAMPLE_USEC;
    s->seq_number = SAMPLE_SEQ_NUMBER;
    s->s_address = ealloc(sizeof(krb5_address));
    ktest_make_sample_address(s->s_address);
    s->r_address = ealloc(sizeof(krb5_address));
    ktest_make_sample_address(s->r_address);
    s->checksum = ealloc(sizeof(krb5_checksum));
    ktest_make_sample_checksum(s->checksum);
}

void
ktest_make_sample_priv(krb5_priv *p)
{
    ktest_make_sample_enc_data(&p->enc_part);
}

void
ktest_make_sample_priv_enc_part(krb5_priv_enc_part *pep)
{
    ktest_make_sample_data(&(pep->user_data));
    pep->timestamp = SAMPLE_TIME;
    pep->usec = SAMPLE_USEC;
    pep->seq_number = SAMPLE_SEQ_NUMBER;
    pep->s_address = ealloc(sizeof(krb5_address));
    ktest_make_sample_address(pep->s_address);
    pep->r_address = ealloc(sizeof(krb5_address));
    ktest_make_sample_address(pep->r_address);
}

void
ktest_make_sample_cred(krb5_cred *c)
{
    ktest_make_sample_sequence_of_ticket(&c->tickets);
    ktest_make_sample_enc_data(&c->enc_part);
}

void
ktest_make_sample_sequence_of_ticket(krb5_ticket ***sot)
{
    int i;

    *sot = ealloc(3 * sizeof(krb5_ticket *));
    for (i = 0; i < 2; i++) {
        (*sot)[i] = ealloc(sizeof(krb5_ticket));
        ktest_make_sample_ticket((*sot)[i]);
    }
    (*sot)[2] = NULL;
}

void
ktest_make_sample_cred_enc_part(krb5_cred_enc_part *cep)
{
    cep->nonce = SAMPLE_NONCE;
    cep->timestamp = SAMPLE_TIME;
    cep->usec = SAMPLE_USEC;
    cep->s_address = ealloc(sizeof(krb5_address));
    ktest_make_sample_address(cep->s_address);
    cep->r_address = ealloc(sizeof(krb5_address));
    ktest_make_sample_address(cep->r_address);
    ktest_make_sequence_of_cred_info(&cep->ticket_info);
}

void
ktest_make_sequence_of_cred_info(krb5_cred_info ***soci)
{
    int i;

    *soci = ealloc(3 * sizeof(krb5_cred_info *));
    for (i = 0; i < 2; i++) {
        (*soci)[i] = ealloc(sizeof(krb5_cred_info));
        ktest_make_sample_cred_info((*soci)[i]);
    }
    (*soci)[2] = NULL;
}

void
ktest_make_sample_cred_info(krb5_cred_info *ci)
{
    ci->session = ealloc(sizeof(krb5_keyblock));
    ktest_make_sample_keyblock(ci->session);
    ktest_make_sample_principal(&ci->client);
    ktest_make_sample_principal(&ci->server);
    ci->flags = SAMPLE_FLAGS;
    ci->times.authtime = SAMPLE_TIME;
    ci->times.starttime = SAMPLE_TIME;
    ci->times.endtime = SAMPLE_TIME;
    ci->times.renew_till = SAMPLE_TIME;
    ktest_make_sample_addresses(&ci->caddrs);
}

void
ktest_make_sample_error(krb5_error *kerr)
{
    kerr->ctime = SAMPLE_TIME;
    kerr->cusec = SAMPLE_USEC;
    kerr->susec = SAMPLE_USEC;
    kerr->stime = SAMPLE_TIME;
    kerr->error = SAMPLE_ERROR;
    ktest_make_sample_principal(&kerr->client);
    ktest_make_sample_principal(&kerr->server);
    ktest_make_sample_data(&kerr->text);
    ktest_make_sample_data(&kerr->e_data);
}

void
ktest_make_sample_data(krb5_data *d)
{
    krb5_data_parse(d, "krb5data");
}

void
ktest_make_sample_etype_info(krb5_etype_info_entry ***p)
{
    krb5_etype_info_entry **info;
    int i, len;
    char *str;

    info = ealloc(4 * sizeof(krb5_etype_info_entry *));
    for (i = 0; i < 3; i++) {
        info[i] = ealloc(sizeof(krb5_etype_info_entry));
        info[i]->etype = i;
        len = asprintf(&str, "Morton's #%d", i);
        if (len < 0)
            abort();
        info[i]->salt = (krb5_octet *)str;
        info[i]->length = len;
        info[i]->s2kparams.data = NULL;
        info[i]->s2kparams.length = 0;
        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
    }
    free(info[1]->salt);
    info[1]->length = KRB5_ETYPE_NO_SALT;
    info[1]->salt = 0;
    *p = info;
}


void
ktest_make_sample_etype_info2(krb5_etype_info_entry ***p)
{
    krb5_etype_info_entry **info;
    int i, len;
    char *str;

    info = ealloc(4 * sizeof(krb5_etype_info_entry *));
    for (i = 0; i < 3; i++) {
        info[i] = ealloc(sizeof(krb5_etype_info_entry));
        info[i]->etype = i;
        len = asprintf(&str, "Morton's #%d", i);
        if (len < 0)
            abort();
        info[i]->salt = (krb5_octet *)str;
        info[i]->length = (unsigned int)len;
        len = asprintf(&info[i]->s2kparams.data, "s2k: %d", i);
        if (len < 0)
            abort();
        info[i]->s2kparams.length = (unsigned int) len;
        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
    }
    free(info[1]->salt);
    info[1]->length = KRB5_ETYPE_NO_SALT;
    info[1]->salt = 0;
    *p = info;
}


void
ktest_make_sample_pa_enc_ts(krb5_pa_enc_ts *pa_enc)
{
    pa_enc->patimestamp = SAMPLE_TIME;
    pa_enc->pausec = SAMPLE_USEC;
}

void
ktest_make_sample_sam_challenge_2(krb5_sam_challenge_2 *p)
{
    /* Need a valid DER sequence encoding here; this one contains the OCTET
     * STRING "challenge". */
    krb5_data_parse(&p->sam_challenge_2_body, "\x30\x0B\x04\x09" "challenge");
    p->sam_cksum = ealloc(2 * sizeof(krb5_checksum *));
    p->sam_cksum[0] = ealloc(sizeof(krb5_checksum));
    ktest_make_sample_checksum(p->sam_cksum[0]);
    p->sam_cksum[1] = NULL;
}

void
ktest_make_sample_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
{
    p->sam_type = 42;
    p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY;
    krb5_data_parse(&p->sam_type_name, "type name");
    p->sam_track_id = empty_data();
    krb5_data_parse(&p->sam_challenge_label, "challenge label");
    krb5_data_parse(&p->sam_challenge, "challenge ipse");
    krb5_data_parse(&p->sam_response_prompt, "response_prompt ipse");
    p->sam_pk_for_sad = empty_data();
    p->sam_nonce = 0x543210;
    p->sam_etype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
}

void
ktest_make_sample_sam_response_2(krb5_sam_response_2 *p)
{
    p->magic = KV5M_SAM_RESPONSE;
    p->sam_type = 43; /* information */
    p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
    krb5_data_parse(&p->sam_track_id, "track data");
    krb5_data_parse(&p->sam_enc_nonce_or_sad.ciphertext, "nonce or sad");
    p->sam_enc_nonce_or_sad.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
    p->sam_enc_nonce_or_sad.kvno = 3382;
    p->sam_nonce = 0x543210;
}

void
ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p)
{
    p->magic = 83;
    p->sam_nonce = 88;
    krb5_data_parse(&p->sam_sad, "enc_sam_response_enc_2");
}

void
ktest_make_sample_pa_for_user(krb5_pa_for_user *p)
{
    ktest_make_sample_principal(&p->user);
    ktest_make_sample_checksum(&p->cksum);
    ktest_make_sample_data(&p->auth_package);
}

void
ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p)
{
    krb5_s4u_userid *u = &p->user_id;

    u->nonce = 13243546;
    ktest_make_sample_principal(&u->user);
    krb5_data_parse(&u->subject_cert, "pa_s4u_x509_user");
    u->options = 0x80000000;
    ktest_make_sample_checksum(&p->cksum);
}

void
ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p)
{
    ktest_make_sample_checksum(&p->ad_checksum);
    ktest_make_sample_principal(&p->i_principal);
    ktest_make_sample_authorization_data(&p->elements);
}

void
ktest_make_sample_ad_signedpath_data(krb5_ad_signedpath_data *p)
{
    ktest_make_sample_principal(&p->client);
    p->authtime = SAMPLE_TIME;
    p->delegated = ealloc(2 * sizeof(krb5_principal));
    ktest_make_sample_principal(&p->delegated[0]);
    p->delegated[1] = NULL;
    ktest_make_sample_authorization_data(&p->authorization_data);
    ktest_make_sample_pa_data_array(&p->method_data);
}

void
ktest_make_sample_ad_signedpath(krb5_ad_signedpath *p)
{
    p->enctype = 1;
    ktest_make_sample_checksum(&p->checksum);
    p->delegated = ealloc(2 * sizeof(krb5_principal));
    p->delegated[1] = NULL;
    ktest_make_sample_pa_data_array(&p->method_data);
}

void
ktest_make_sample_iakerb_header(krb5_iakerb_header *ih)
{
    ktest_make_sample_data(&(ih->target_realm));
    ih->cookie = ealloc(sizeof(krb5_data));
    ktest_make_sample_data(ih->cookie);
}

void
ktest_make_sample_iakerb_finished(krb5_iakerb_finished *ih)
{
    ktest_make_sample_checksum(&ih->checksum);
}

static void
ktest_make_sample_fast_finished(krb5_fast_finished *p)
{
    p->timestamp = SAMPLE_TIME;
    p->usec = SAMPLE_USEC;
    ktest_make_sample_principal(&p->client);
    ktest_make_sample_checksum(&p->ticket_checksum);
}

void
ktest_make_sample_fast_response(krb5_fast_response *p)
{
    ktest_make_sample_pa_data_array(&p->padata);
    p->strengthen_key = ealloc(sizeof(krb5_keyblock));
    ktest_make_sample_keyblock(p->strengthen_key);
    p->finished = ealloc(sizeof(krb5_fast_finished));
    ktest_make_sample_fast_finished(p->finished);
    p->nonce = SAMPLE_NONCE;
}

void
ktest_make_sha256_alg(krb5_algorithm_identifier *p)
{
    /* { 2 16 840 1 101 3 4 2 1 } */
    krb5_data_parse(&p->algorithm, "\x60\x86\x48\x01\x65\x03\x04\x02\x01");
    p->parameters = empty_data();
}

void
ktest_make_sha1_alg(krb5_algorithm_identifier *p)
{
    /* { 1 3 14 3 2 26 } */
    krb5_data_parse(&p->algorithm, "\x2b\x0e\x03\x02\x1a");
    p->parameters = empty_data();
}

void
ktest_make_minimal_otp_tokeninfo(krb5_otp_tokeninfo *p)
{
    memset(p, 0, sizeof(*p));
    p->length = p->format = p->iteration_count = -1;
}

void
ktest_make_maximal_otp_tokeninfo(krb5_otp_tokeninfo *p)
{
    p->flags = KRB5_OTP_FLAG_NEXTOTP | KRB5_OTP_FLAG_COMBINE |
        KRB5_OTP_FLAG_COLLECT_PIN | KRB5_OTP_FLAG_ENCRYPT_NONCE |
        KRB5_OTP_FLAG_SEPARATE_PIN | KRB5_OTP_FLAG_CHECK_DIGIT;
    krb5_data_parse(&p->vendor, "Examplecorp");
    krb5_data_parse(&p->challenge, "hark!");
    p->length = 10;
    p->format = 2;
    krb5_data_parse(&p->token_id, "yourtoken");
    krb5_data_parse(&p->alg_id, "urn:ietf:params:xml:ns:keyprov:pskc:hotp");
    p->supported_hash_alg = ealloc(3 * sizeof(*p->supported_hash_alg));
    p->supported_hash_alg[0] = ealloc(sizeof(*p->supported_hash_alg[0]));
    ktest_make_sha256_alg(p->supported_hash_alg[0]);
    p->supported_hash_alg[1] = ealloc(sizeof(*p->supported_hash_alg[1]));
    ktest_make_sha1_alg(p->supported_hash_alg[1]);
    p->supported_hash_alg[2] = NULL;
    p->iteration_count = 1000;
}

void
ktest_make_minimal_pa_otp_challenge(krb5_pa_otp_challenge *p)
{
    memset(p, 0, sizeof(*p));
    krb5_data_parse(&p->nonce, "minnonce");
    p->tokeninfo = ealloc(2 * sizeof(*p->tokeninfo));
    p->tokeninfo[0] = ealloc(sizeof(*p->tokeninfo[0]));
    ktest_make_minimal_otp_tokeninfo(p->tokeninfo[0]);
    p->tokeninfo[1] = NULL;
}

void
ktest_make_maximal_pa_otp_challenge(krb5_pa_otp_challenge *p)
{
    krb5_data_parse(&p->nonce, "maxnonce");
    krb5_data_parse(&p->service, "testservice");
    p->tokeninfo = ealloc(3 * sizeof(*p->tokeninfo));
    p->tokeninfo[0] = ealloc(sizeof(*p->tokeninfo[0]));
    ktest_make_minimal_otp_tokeninfo(p->tokeninfo[0]);
    p->tokeninfo[1] = ealloc(sizeof(*p->tokeninfo[1]));
    ktest_make_maximal_otp_tokeninfo(p->tokeninfo[1]);
    p->tokeninfo[2] = NULL;
    krb5_data_parse(&p->salt, "keysalt");
    krb5_data_parse(&p->s2kparams, "1234");
}

void
ktest_make_minimal_pa_otp_req(krb5_pa_otp_req *p)
{
    memset(p, 0, sizeof(*p));
    p->iteration_count = -1;
    p->format = -1;
    ktest_make_sample_enc_data(&p->enc_data);
}

void
ktest_make_maximal_pa_otp_req(krb5_pa_otp_req *p)
{
    p->flags = KRB5_OTP_FLAG_NEXTOTP | KRB5_OTP_FLAG_COMBINE;
    krb5_data_parse(&p->nonce, "nonce");
    ktest_make_sample_enc_data(&p->enc_data);
    p->hash_alg = ealloc(sizeof(*p->hash_alg));
    ktest_make_sha256_alg(p->hash_alg);
    p->iteration_count = 1000;
    krb5_data_parse(&p->otp_value, "frogs");
    krb5_data_parse(&p->pin, "myfirstpin");
    krb5_data_parse(&p->challenge, "hark!");
    p->time = SAMPLE_TIME;
    krb5_data_parse(&p->counter, "346");
    p->format = 2;
    krb5_data_parse(&p->token_id, "yourtoken");
    krb5_data_parse(&p->alg_id, "urn:ietf:params:xml:ns:keyprov:pskc:hotp");
    krb5_data_parse(&p->vendor, "Examplecorp");
}

#ifndef DISABLE_PKINIT

static void
ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p)
{
    p->cusec = SAMPLE_USEC;
    p->ctime = SAMPLE_TIME;
    p->nonce = SAMPLE_NONCE;
    ktest_make_sample_checksum(&p->paChecksum);
    /* We don't encode the checksum type, only the contents. */
    p->paChecksum.checksum_type = 0;
    p->freshnessToken = ealloc(sizeof(krb5_data));
    ktest_make_sample_data(p->freshnessToken);
}

static void
ktest_make_sample_oid(krb5_data *p)
{
    krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002");
}

static void
ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p)
{
    ktest_make_sample_oid(&p->algorithm);
    /* Need a valid DER encoding here; this is the OCTET STRING "params". */
    krb5_data_parse(&p->parameters, "\x04\x06" "params");
}

static void
ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p)
{
    ktest_make_sample_oid(&p->algorithm);
    p->parameters = empty_data();
}

static void
ktest_make_sample_subject_pk_info(krb5_subject_pk_info *p)
{
    ktest_make_sample_algorithm_identifier(&p->algorithm);
    ktest_make_sample_data(&p->subjectPublicKey);
}

static void
ktest_make_sample_external_principal_identifier(
    krb5_external_principal_identifier *p)
{
    ktest_make_sample_data(&p->subjectName);
    ktest_make_sample_data(&p->issuerAndSerialNumber);
    ktest_make_sample_data(&p->subjectKeyIdentifier);
}

void
ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p)
{
    ktest_make_sample_data(&p->signedAuthPack);
    p->trustedCertifiers =
        ealloc(2 * sizeof(krb5_external_principal_identifier *));
    p->trustedCertifiers[0] =
        ealloc(sizeof(krb5_external_principal_identifier));
    ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]);
    p->trustedCertifiers[1] = NULL;
    ktest_make_sample_data(&p->kdcPkId);
}

static void
ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
{
    ktest_make_sample_data(&p->dhSignedData);
    ktest_make_sample_data(&p->serverDHNonce);
    p->kdfID = ealloc(sizeof(krb5_data));
    ktest_make_sample_data(p->kdfID);
}

void
ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p)
{
    p->choice = choice_pa_pk_as_rep_dhInfo;
    ktest_make_sample_dh_rep_info(&p->u.dh_Info);
}

void
ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p)
{
    p->choice = choice_pa_pk_as_rep_encKeyPack;
    ktest_make_sample_data(&p->u.encKeyPack);
}

void
ktest_make_sample_auth_pack(krb5_auth_pack *p)
{
    ktest_make_sample_pk_authenticator(&p->pkAuthenticator);
    p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
    ktest_make_sample_subject_pk_info(p->clientPublicValue);
    p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *));
    p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier));
    ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]);
    p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier));
    ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]);
    p->supportedCMSTypes[2] = NULL;
    ktest_make_sample_data(&p->clientDHNonce);
    p->supportedKDFs = ealloc(2 * sizeof(krb5_data *));
    p->supportedKDFs[0] = ealloc(sizeof(krb5_data));
    ktest_make_sample_data(p->supportedKDFs[0]);
    p->supportedKDFs[1] = NULL;
}

void
ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
{
    ktest_make_sample_data(&p->subjectPublicKey);
    p->nonce = SAMPLE_NONCE;
    p->dhKeyExpiration = SAMPLE_TIME;
}

void
ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p)
{
    ktest_make_sample_keyblock(&p->replyKey);
    ktest_make_sample_checksum(&p->asChecksum);
}

void
ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p)
{
    ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier);
    ktest_make_sample_principal(&p->party_u_info);
    ktest_make_sample_principal(&p->party_v_info);
    ktest_make_sample_data(&p->supp_pub_info);
}

void
ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
{
    p->enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
    ktest_make_sample_data(&p->as_req);
    ktest_make_sample_data(&p->pk_as_rep);
}

#endif /* not DISABLE_PKINIT */

#ifdef ENABLE_LDAP
static void
ktest_make_sample_key_data(krb5_key_data *p, int i)
{
    char *str;
    int len;

    len = asprintf(&str, "key%d", i);
    if (len < 0)
        abort();
    p->key_data_ver = 2;
    p->key_data_type[0] = 2;
    p->key_data_length[0] = (unsigned int) len;
    p->key_data_contents[0] = (krb5_octet *)str;
    len = asprintf(&str, "salt%d", i);
    if (len < 0)
        abort();
    p->key_data_type[1] = i;
    p->key_data_length[1] = (unsigned int) len;
    p->key_data_contents[1] = (krb5_octet *)str;
}

void
ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p)
{
    int i;

    p->mkvno = 14;
    p->n_key_data = 3;
    p->key_data = calloc(3,sizeof(krb5_key_data));
    p->kvno = 42;
    for (i = 0; i < 3; i++)
        ktest_make_sample_key_data(&p->key_data[i], i);
}
#endif

void
ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p)
{
    krb5_kdc_req req;
    krb5_data *message;

    ktest_make_sample_kdc_req(&req);
    req.msg_type = KRB5_AS_REQ;
    encode_krb5_as_req(&req, &message);
    p->kerb_message = *message;
    free(message);
    ktest_empty_kdc_req(&req);
    ktest_make_sample_data(&(p->target_domain));
    p->dclocator_hint = 0;
}

static krb5_authdata *
make_ad_element(krb5_authdatatype ad_type, const char *str)
{
    krb5_authdata *ad;

    ad = ealloc(sizeof(*ad));
    ad->ad_type = ad_type;
    ad->length = strlen(str);
    ad->contents = ealloc(ad->length);
    memcpy(ad->contents, str, ad->length);
    return ad;
}

static krb5_verifier_mac *
make_vmac(krb5_boolean include_princ, krb5_kvno kvno, krb5_enctype enctype,
          const char *cksumstr)
{
    krb5_verifier_mac *vmac;

    vmac = ealloc(sizeof(*vmac));
    if (include_princ) {
        ktest_make_sample_principal(&vmac->princ);
        (void)krb5_set_principal_realm(NULL, vmac->princ, "");
    } else {
        vmac->princ = NULL;
    }
    vmac->kvno = kvno;
    vmac->enctype = enctype;
    vmac->checksum.checksum_type = 1;
    vmac->checksum.length = strlen(cksumstr);
    vmac->checksum.contents = ealloc(vmac->checksum.length);
    memcpy(vmac->checksum.contents, cksumstr, vmac->checksum.length);
    return vmac;
}

void
ktest_make_minimal_cammac(krb5_cammac *p)
{
    memset(p, 0, sizeof(*p));
    p->elements = ealloc(2 * sizeof(*p->elements));
    p->elements[0] = make_ad_element(1, "ad1");
    p->elements[1] = NULL;
}

void
ktest_make_maximal_cammac(krb5_cammac *p)
{
    p->elements = ealloc(3 * sizeof(*p->elements));
    p->elements[0] = make_ad_element(1, "ad1");
    p->elements[1] = make_ad_element(2, "ad2");
    p->elements[2] = NULL;
    p->kdc_verifier = make_vmac(TRUE, 5, 16, "cksumkdc");
    p->svc_verifier = make_vmac(TRUE, 5, 16, "cksumsvc");
    p->other_verifiers = ealloc(3 * sizeof(*p->other_verifiers));
    p->other_verifiers[0] = make_vmac(FALSE, 0, 0, "cksum1");
    p->other_verifiers[1] = make_vmac(TRUE, 5, 16, "cksum2");
    p->other_verifiers[2] = NULL;
}

void
ktest_make_sample_secure_cookie(krb5_secure_cookie *p)
{
    ktest_make_sample_pa_data_array(&p->data);
    p->time = SAMPLE_TIME;
}

void
ktest_make_minimal_spake_factor(krb5_spake_factor *p)
{
    p->type = 1;
    p->data = NULL;
}

void
ktest_make_maximal_spake_factor(krb5_spake_factor *p)
{
    p->type = 2;
    p->data = ealloc(sizeof(*p->data));
    krb5_data_parse(p->data, "fdata");
}

void
ktest_make_support_pa_spake(krb5_pa_spake *p)
{
    krb5_spake_support *s = &p->u.support;

    s->ngroups = 2;
    s->groups = ealloc(s->ngroups * sizeof(*s->groups));
    s->groups[0] = 1;
    s->groups[1] = 2;
    p->choice = SPAKE_MSGTYPE_SUPPORT;
}

void
ktest_make_challenge_pa_spake(krb5_pa_spake *p)
{
    krb5_spake_challenge *c = &p->u.challenge;

    c->group = 1;
    krb5_data_parse(&c->pubkey, "T value");
    c->factors = ealloc(3 * sizeof(*c->factors));
    c->factors[0] = ealloc(sizeof(*c->factors[0]));
    ktest_make_minimal_spake_factor(c->factors[0]);
    c->factors[1] = ealloc(sizeof(*c->factors[1]));
    ktest_make_maximal_spake_factor(c->factors[1]);
    c->factors[2] = NULL;
    p->choice = SPAKE_MSGTYPE_CHALLENGE;
}

void
ktest_make_response_pa_spake(krb5_pa_spake *p)
{
    krb5_spake_response *r = &p->u.response;

    krb5_data_parse(&r->pubkey, "S value");
    ktest_make_sample_enc_data(&r->factor);
    p->choice = SPAKE_MSGTYPE_RESPONSE;
}

void
ktest_make_encdata_pa_spake(krb5_pa_spake *p)
{
    ktest_make_sample_enc_data(&p->u.encdata);
    p->choice = SPAKE_MSGTYPE_ENCDATA;
}

/****************************************************************/
/* destructors */

void
ktest_destroy_data(krb5_data **d)
{
    if (*d != NULL) {
        free((*d)->data);
        free(*d);
        *d = NULL;
    }
}

void
ktest_empty_data(krb5_data *d)
{
    if (d->data != NULL) {
        free(d->data);
        d->data = NULL;
        d->length = 0;
    }
}

static void
ktest_empty_checksum(krb5_checksum *cs)
{
    free(cs->contents);
    cs->contents = NULL;
}

void
ktest_destroy_checksum(krb5_checksum **cs)
{
    if (*cs != NULL) {
        free((*cs)->contents);
        free(*cs);
        *cs = NULL;
    }
}

void
ktest_empty_keyblock(krb5_keyblock *kb)
{
    if (kb != NULL) {
        if (kb->contents) {
            free(kb->contents);
            kb->contents = NULL;
        }
    }
}

void
ktest_destroy_keyblock(krb5_keyblock **kb)
{
    if (*kb != NULL) {
        free((*kb)->contents);
        free(*kb);
        *kb = NULL;
    }
}

void
ktest_empty_authorization_data(krb5_authdata **ad)
{
    int i;

    if (*ad != NULL) {
        for (i=0; ad[i] != NULL; i++)
            ktest_destroy_authdata(&ad[i]);
    }
}

void
ktest_destroy_authorization_data(krb5_authdata ***ad)
{
    ktest_empty_authorization_data(*ad);
    free(*ad);
    *ad = NULL;
}

void
ktest_destroy_authdata(krb5_authdata **ad)
{
    if (*ad != NULL) {
        free((*ad)->contents);
        free(*ad);
        *ad = NULL;
    }
}

void
ktest_empty_pa_data_array(krb5_pa_data **pad)
{
    int i;

    for (i=0; pad[i] != NULL; i++)
        ktest_destroy_pa_data(&pad[i]);
}

void
ktest_destroy_pa_data_array(krb5_pa_data ***pad)
{
    ktest_empty_pa_data_array(*pad);
    free(*pad);
    *pad = NULL;
}

void
ktest_destroy_pa_data(krb5_pa_data **pad)
{
    if (*pad != NULL) {
        free((*pad)->contents);
        free(*pad);
        *pad = NULL;
    }
}

void
ktest_destroy_address(krb5_address **a)
{
    if (*a != NULL) {
        free((*a)->contents);
        free(*a);
        *a = NULL;
    }
}

void
ktest_empty_addresses(krb5_address **a)
{
    int i;

    for (i=0; a[i] != NULL; i++)
        ktest_destroy_address(&a[i]);
}

void
ktest_destroy_addresses(krb5_address ***a)
{
    ktest_empty_addresses(*a);
    free(*a);
    *a = NULL;
}

void
ktest_destroy_principal(krb5_principal *p)
{
    int i;

    if (*p == NULL)
        return;
    for (i=0; i<(*p)->length; i++)
        ktest_empty_data(&(*p)->data[i]);
    ktest_empty_data(&(*p)->realm);
    free((*p)->data);
    free(*p);
    *p = NULL;
}

void
ktest_destroy_sequence_of_integer(long **soi)
{
    free(*soi);
    *soi = NULL;
}

void
ktest_destroy_sequence_of_ticket(krb5_ticket ***sot)
{
    int i;

    for (i=0; (*sot)[i] != NULL; i++)
        ktest_destroy_ticket(&(*sot)[i]);
    free(*sot);
    *sot = NULL;
}

void
ktest_destroy_ticket(krb5_ticket **tkt)
{
    ktest_destroy_principal(&(*tkt)->server);
    ktest_destroy_enc_data(&(*tkt)->enc_part);
    /*  ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/
    free(*tkt);
    *tkt = NULL;
}

void
ktest_empty_ticket(krb5_ticket *tkt)
{
    if (tkt->server)
        ktest_destroy_principal(&tkt->server);
    ktest_destroy_enc_data(&tkt->enc_part);
    if (tkt->enc_part2)
        ktest_destroy_enc_tkt_part(&tkt->enc_part2);
}

void
ktest_destroy_enc_data(krb5_enc_data *ed)
{
    ktest_empty_data(&ed->ciphertext);
    ed->kvno = 0;
}

void
ktest_destroy_etype_info_entry(krb5_etype_info_entry *i)
{
    if (i->salt)
        free(i->salt);
    ktest_empty_data(&i->s2kparams);
    free(i);
}

void
ktest_destroy_etype_info(krb5_etype_info_entry **info)
{
    int i;

    for (i = 0; info[i] != NULL; i++)
        ktest_destroy_etype_info_entry(info[i]);
    free(info);
}

void
ktest_empty_kdc_req(krb5_kdc_req *kr)
{
    if (kr->padata)
        ktest_destroy_pa_data_array(&kr->padata);

    if (kr->client)
        ktest_destroy_principal(&kr->client);

    if (kr->server)
        ktest_destroy_principal(&kr->server);
    free(kr->ktype);
    if (kr->addresses)
        ktest_destroy_addresses(&kr->addresses);
    ktest_destroy_enc_data(&kr->authorization_data);
    if (kr->unenc_authdata)
        ktest_destroy_authorization_data(&kr->unenc_authdata);
    if (kr->second_ticket)
        ktest_destroy_sequence_of_ticket(&kr->second_ticket);

}

void
ktest_empty_kdc_rep(krb5_kdc_rep *kr)
{
    if (kr->padata)
        ktest_destroy_pa_data_array(&kr->padata);

    if (kr->client)
        ktest_destroy_principal(&kr->client);

    if (kr->ticket)
        ktest_destroy_ticket(&kr->ticket);

    ktest_destroy_enc_data(&kr->enc_part);

    if (kr->enc_part2) {
        ktest_empty_enc_kdc_rep_part(kr->enc_part2);
        free(kr->enc_part2);
        kr->enc_part2 = NULL;
    }
}

void
ktest_empty_authenticator(krb5_authenticator *a)
{
    if (a->client)
        ktest_destroy_principal(&a->client);
    if (a->checksum)
        ktest_destroy_checksum(&a->checksum);
    if (a->subkey)
        ktest_destroy_keyblock(&a->subkey);
    if (a->authorization_data)
        ktest_destroy_authorization_data(&a->authorization_data);
}

void
ktest_empty_enc_tkt_part(krb5_enc_tkt_part *etp)
{
    if (etp->session)
        ktest_destroy_keyblock(&etp->session);
    if (etp->client)
        ktest_destroy_principal(&etp->client);
    if (etp->caddrs)
        ktest_destroy_addresses(&etp->caddrs);
    if (etp->authorization_data)
        ktest_destroy_authorization_data(&etp->authorization_data);
    ktest_destroy_transited(&etp->transited);
}

void
ktest_destroy_enc_tkt_part(krb5_enc_tkt_part **etp)
{
    if (*etp) {
        ktest_empty_enc_tkt_part(*etp);
        free(*etp);
        *etp = NULL;
    }
}

void
ktest_empty_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr)
{
    if (ekr->session)
        ktest_destroy_keyblock(&ekr->session);

    if (ekr->server)
        ktest_destroy_principal(&ekr->server);

    if (ekr->caddrs)
        ktest_destroy_addresses(&ekr->caddrs);
    ktest_destroy_last_req(&ekr->last_req);
}

void
ktest_destroy_transited(krb5_transited *t)
{
    if (t->tr_contents.data)
        ktest_empty_data(&t->tr_contents);
}

void
ktest_empty_ap_rep(krb5_ap_rep *ar)
{
    ktest_destroy_enc_data(&ar->enc_part);
}

void
ktest_empty_ap_req(krb5_ap_req *ar)
{
    if (ar->ticket)
        ktest_destroy_ticket(&ar->ticket);
    ktest_destroy_enc_data(&ar->authenticator);
}

void
ktest_empty_cred_enc_part(krb5_cred_enc_part *cep)
{
    if (cep->s_address)
        ktest_destroy_address(&cep->s_address);
    if (cep->r_address)
        ktest_destroy_address(&cep->r_address);
    if (cep->ticket_info)
        ktest_destroy_sequence_of_cred_info(&cep->ticket_info);
}

void
ktest_destroy_cred_info(krb5_cred_info **ci)
{
    if ((*ci)->session)
        ktest_destroy_keyblock(&(*ci)->session);
    if ((*ci)->client)
        ktest_destroy_principal(&(*ci)->client);
    if ((*ci)->server)
        ktest_destroy_principal(&(*ci)->server);
    if ((*ci)->caddrs)
        ktest_destroy_addresses(&(*ci)->caddrs);
    free(*ci);
    *ci = NULL;
}

void
ktest_destroy_sequence_of_cred_info(krb5_cred_info ***soci)
{
    int i;

    for (i = 0; (*soci)[i] != NULL; i++)
        ktest_destroy_cred_info(&(*soci)[i]);
    free(*soci);
    *soci = NULL;
}

void
ktest_empty_safe(krb5_safe *s)
{
    ktest_empty_data(&s->user_data);
    ktest_destroy_address(&s->s_address);
    ktest_destroy_address(&s->r_address);
    ktest_destroy_checksum(&s->checksum);
}

void
ktest_empty_priv_enc_part(krb5_priv_enc_part *pep)
{
    ktest_empty_data(&pep->user_data);
    ktest_destroy_address(&pep->s_address);
    ktest_destroy_address(&pep->r_address);
}

void
ktest_empty_priv(krb5_priv *p)
{
    ktest_destroy_enc_data(&p->enc_part);
}

void
ktest_empty_cred(krb5_cred *c)
{
    ktest_destroy_sequence_of_ticket(&c->tickets);
    ktest_destroy_enc_data(&c->enc_part);
    /* enc_part2 */
}

void
ktest_destroy_last_req(krb5_last_req_entry ***lr)
{
    int i;

    if (*lr) {
        for (i=0; (*lr)[i] != NULL; i++)
            free((*lr)[i]);

        free(*lr);
    }
}

void
ktest_empty_error(krb5_error *kerr)
{
    if (kerr->client)
        ktest_destroy_principal(&kerr->client);
    if (kerr->server)
        ktest_destroy_principal(&kerr->server);
    ktest_empty_data(&kerr->text);
    ktest_empty_data(&kerr->e_data);
}

void
ktest_empty_ap_rep_enc_part(krb5_ap_rep_enc_part *arep)
{
    ktest_destroy_keyblock(&(arep)->subkey);
}

void
ktest_empty_sam_challenge_2(krb5_sam_challenge_2 *p)
{
    krb5_checksum **ck;

    ktest_empty_data(&p->sam_challenge_2_body);
    if (p->sam_cksum != NULL) {
        for (ck = p->sam_cksum; *ck != NULL; ck++)
            ktest_destroy_checksum(ck);
        free(p->sam_cksum);
        p->sam_cksum = NULL;
    }
}

void
ktest_empty_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
{
    ktest_empty_data(&p->sam_type_name);
    ktest_empty_data(&p->sam_track_id);
    ktest_empty_data(&p->sam_challenge_label);
    ktest_empty_data(&p->sam_challenge);
    ktest_empty_data(&p->sam_response_prompt);
    ktest_empty_data(&p->sam_pk_for_sad);
}

void
ktest_empty_sam_response_2(krb5_sam_response_2 *p)
{
    ktest_empty_data(&p->sam_track_id);
    ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext);
}

void
ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p)
{
    ktest_empty_data(&p->sam_sad);
}

void
ktest_empty_pa_for_user(krb5_pa_for_user *p)
{
    ktest_destroy_principal(&p->user);
    ktest_empty_checksum(&p->cksum);
    ktest_empty_data(&p->auth_package);
}

void
ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p)
{
    ktest_destroy_principal(&p->user_id.user);
    ktest_empty_data(&p->user_id.subject_cert);
    free(p->cksum.contents);
}

void
ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p)
{
    free(p->ad_checksum.contents);
    ktest_destroy_principal(&p->i_principal);
    ktest_destroy_authorization_data(&p->elements);
}

void
ktest_empty_ad_signedpath_data(krb5_ad_signedpath_data *p)
{
    int i;

    ktest_destroy_principal(&p->client);
    if (p->delegated != NULL) {
        for (i = 0; p->delegated[i] != NULL; i++) {
            krb5_principal princ = p->delegated[i];
            ktest_destroy_principal(&princ);
        }
        free(p->delegated);
    }
    ktest_destroy_pa_data_array(&p->method_data);
    ktest_destroy_authorization_data(&p->authorization_data);
}

void
ktest_empty_ad_signedpath(krb5_ad_signedpath *p)
{
    int i;

    free(p->checksum.contents);
    if (p->delegated != NULL) {
        for (i = 0; p->delegated[i] != NULL; i++) {
            krb5_principal princ = p->delegated[i];
            ktest_destroy_principal(&princ);
        }
        free(p->delegated);
    }
    ktest_destroy_pa_data_array(&p->method_data);
}

void
ktest_empty_iakerb_header(krb5_iakerb_header *p)
{
    krb5_free_data_contents(NULL, &p->target_realm);
    krb5_free_data(NULL, p->cookie);
}

void
ktest_empty_iakerb_finished(krb5_iakerb_finished *p)
{
    krb5_free_checksum_contents(NULL, &p->checksum);
}

static void
ktest_empty_fast_finished(krb5_fast_finished *p)
{
    ktest_destroy_principal(&p->client);
    ktest_empty_checksum(&p->ticket_checksum);
}

void
ktest_empty_fast_response(krb5_fast_response *p)
{
    ktest_destroy_pa_data_array(&p->padata);
    ktest_destroy_keyblock(&p->strengthen_key);
    if (p->finished != NULL) {
        ktest_empty_fast_finished(p->finished);
        free(p->finished);
        p->finished = NULL;
    }
}

static void
ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p)
{
    ktest_empty_data(&p->algorithm);
    ktest_empty_data(&p->parameters);
}

void
ktest_empty_otp_tokeninfo(krb5_otp_tokeninfo *p)
{
    krb5_algorithm_identifier **alg;

    p->flags = 0;
    krb5_free_data_contents(NULL, &p->vendor);
    krb5_free_data_contents(NULL, &p->challenge);
    krb5_free_data_contents(NULL, &p->token_id);
    krb5_free_data_contents(NULL, &p->alg_id);
    for (alg = p->supported_hash_alg; alg != NULL && *alg != NULL; alg++) {
        ktest_empty_algorithm_identifier(*alg);
        free(*alg);
    }
    free(p->supported_hash_alg);
    p->supported_hash_alg = NULL;
    p->length = p->format = p->iteration_count = -1;
}

void
ktest_empty_pa_otp_challenge(krb5_pa_otp_challenge *p)
{
    krb5_otp_tokeninfo **ti;

    krb5_free_data_contents(NULL, &p->nonce);
    krb5_free_data_contents(NULL, &p->service);
    for (ti = p->tokeninfo; *ti != NULL; ti++) {
        ktest_empty_otp_tokeninfo(*ti);
        free(*ti);
    }
    free(p->tokeninfo);
    p->tokeninfo = NULL;
    krb5_free_data_contents(NULL, &p->salt);
    krb5_free_data_contents(NULL, &p->s2kparams);
}

void
ktest_empty_pa_otp_req(krb5_pa_otp_req *p)
{
    p->flags = 0;
    krb5_free_data_contents(NULL, &p->nonce);
    ktest_destroy_enc_data(&p->enc_data);
    if (p->hash_alg != NULL)
        ktest_empty_algorithm_identifier(p->hash_alg);
    free(p->hash_alg);
    p->hash_alg = NULL;
    p->iteration_count = -1;
    krb5_free_data_contents(NULL, &p->otp_value);
    krb5_free_data_contents(NULL, &p->pin);
    krb5_free_data_contents(NULL, &p->challenge);
    p->time = 0;
    krb5_free_data_contents(NULL, &p->counter);
    p->format = -1;
    krb5_free_data_contents(NULL, &p->token_id);
    krb5_free_data_contents(NULL, &p->alg_id);
    krb5_free_data_contents(NULL, &p->vendor);
}

#ifndef DISABLE_PKINIT

static void
ktest_empty_pk_authenticator(krb5_pk_authenticator *p)
{
    ktest_empty_checksum(&p->paChecksum);
    p->paChecksum.contents = NULL;
    krb5_free_data(NULL, p->freshnessToken);
    p->freshnessToken = NULL;
}

static void
ktest_empty_subject_pk_info(krb5_subject_pk_info *p)
{
    ktest_empty_algorithm_identifier(&p->algorithm);
    ktest_empty_data(&p->subjectPublicKey);
}

static void
ktest_empty_external_principal_identifier(
    krb5_external_principal_identifier *p)
{
    ktest_empty_data(&p->subjectName);
    ktest_empty_data(&p->issuerAndSerialNumber);
    ktest_empty_data(&p->subjectKeyIdentifier);
}

void
ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p)
{
    krb5_external_principal_identifier **pi;

    ktest_empty_data(&p->signedAuthPack);
    for (pi = p->trustedCertifiers; *pi != NULL; pi++) {
        ktest_empty_external_principal_identifier(*pi);
        free(*pi);
    }
    free(p->trustedCertifiers);
    p->trustedCertifiers = NULL;
    ktest_empty_data(&p->kdcPkId);
}

static void
ktest_empty_dh_rep_info(krb5_dh_rep_info *p)
{
    ktest_empty_data(&p->dhSignedData);
    ktest_empty_data(&p->serverDHNonce);
    ktest_destroy_data(&p->kdfID);
}

void
ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p)
{
    if (p->choice == choice_pa_pk_as_rep_dhInfo)
        ktest_empty_dh_rep_info(&p->u.dh_Info);
    else if (p->choice == choice_pa_pk_as_rep_encKeyPack)
        ktest_empty_data(&p->u.encKeyPack);
    p->choice = choice_pa_pk_as_rep_UNKNOWN;
}

void
ktest_empty_auth_pack(krb5_auth_pack *p)
{
    krb5_algorithm_identifier **ai;
    krb5_data **d;

    ktest_empty_pk_authenticator(&p->pkAuthenticator);
    if (p->clientPublicValue != NULL) {
        ktest_empty_subject_pk_info(p->clientPublicValue);
        free(p->clientPublicValue);
        p->clientPublicValue = NULL;
    }
    if (p->supportedCMSTypes != NULL) {
        for (ai = p->supportedCMSTypes; *ai != NULL; ai++) {
            ktest_empty_algorithm_identifier(*ai);
            free(*ai);
        }
        free(p->supportedCMSTypes);
        p->supportedCMSTypes = NULL;
    }
    ktest_empty_data(&p->clientDHNonce);
    if (p->supportedKDFs != NULL) {
        for (d = p->supportedKDFs; *d != NULL; d++) {
            ktest_empty_data(*d);
            free(*d);
        }
        free(p->supportedKDFs);
        p->supportedKDFs = NULL;
    }
}

void
ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
{
    ktest_empty_data(&p->subjectPublicKey);
}

void
ktest_empty_reply_key_pack(krb5_reply_key_pack *p)
{
    ktest_empty_keyblock(&p->replyKey);
    ktest_empty_checksum(&p->asChecksum);
}

void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)
{
    ktest_empty_algorithm_identifier(&p->algorithm_identifier);
    ktest_destroy_principal(&p->party_u_info);
    ktest_destroy_principal(&p->party_v_info);
    ktest_empty_data(&p->supp_pub_info);
}

void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
{
    ktest_empty_data(&p->as_req);
    ktest_empty_data(&p->pk_as_rep);
}

#endif /* not DISABLE_PKINIT */

#ifdef ENABLE_LDAP
void
ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p)
{
    int i;

    for (i = 0; i < p->n_key_data; i++) {
        free(p->key_data[i].key_data_contents[0]);
        free(p->key_data[i].key_data_contents[1]);
    }
    free(p->key_data);
}
#endif

void
ktest_empty_kkdcp_message(krb5_kkdcp_message *p)
{
    ktest_empty_data(&p->kerb_message);
    ktest_empty_data(&p->target_domain);
    p->dclocator_hint = -1;
}

static void
destroy_verifier_mac(krb5_verifier_mac **vmac)
{
    if (*vmac == NULL)
        return;
    ktest_destroy_principal(&(*vmac)->princ);
    ktest_empty_checksum(&(*vmac)->checksum);
    free(*vmac);
    *vmac = NULL;
}

void
ktest_empty_cammac(krb5_cammac *p)
{
    krb5_verifier_mac **vmacp;

    ktest_destroy_authorization_data(&p->elements);
    destroy_verifier_mac(&p->kdc_verifier);
    destroy_verifier_mac(&p->svc_verifier);
    for (vmacp = p->other_verifiers; vmacp != NULL && *vmacp != NULL; vmacp++)
        destroy_verifier_mac(vmacp);
    free(p->other_verifiers);
    p->other_verifiers = NULL;
}

void
ktest_empty_secure_cookie(krb5_secure_cookie *p)
{
    ktest_empty_pa_data_array(p->data);
}

void
ktest_empty_spake_factor(krb5_spake_factor *p)
{
    krb5_free_data(NULL, p->data);
    p->data = NULL;
}

void
ktest_empty_pa_spake(krb5_pa_spake *p)
{
    krb5_spake_factor **f;

    switch (p->choice) {
    case SPAKE_MSGTYPE_SUPPORT:
        free(p->u.support.groups);
        break;
    case SPAKE_MSGTYPE_CHALLENGE:
        ktest_empty_data(&p->u.challenge.pubkey);
        for (f = p->u.challenge.factors; *f != NULL; f++) {
            ktest_empty_spake_factor(*f);
            free(*f);
        }
        free(p->u.challenge.factors);
        break;
    case SPAKE_MSGTYPE_RESPONSE:
        ktest_empty_data(&p->u.response.pubkey);
        ktest_destroy_enc_data(&p->u.response.factor);
        break;
    case SPAKE_MSGTYPE_ENCDATA:
        ktest_destroy_enc_data(&p->u.encdata);
        break;
    default:
        break;
    }
    p->choice = SPAKE_MSGTYPE_UNKNOWN;
}