tests/krb5: Add method to generate FAST encrypted challenge padata

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

python/samba/tests/krb5/kdc_base_test.py

@@ -54,11 +54,13 @@ from samba.tests.krb5.rfc4120_constants import (
     KRB_TGS_REP,
     KRB_ERROR,
     KU_AS_REP_ENC_PART,
+    KU_ENC_CHALLENGE_CLIENT,
     KU_PA_ENC_TIMESTAMP,
     KU_TGS_REP_ENC_PART_SUB_KEY,
     KU_TICKET,
     NT_PRINCIPAL,
     NT_SRV_HST,
+    PADATA_ENCRYPTED_CHALLENGE,
     PADATA_ENC_TIMESTAMP,
     PADATA_ETYPE_INFO2,
 )
@@ -511,6 +513,23 @@ class KDCBaseTest(RawKerberosTest):
 
         return padata
 
+    def get_challenge_pa_data(self, client_challenge_key, skew=0):
+        patime, pausec = self.get_KerberosTimeWithUsec(offset=skew)
+        padata = self.PA_ENC_TS_ENC_create(patime, pausec)
+        padata = self.der_encode(padata,
+                                 asn1Spec=krb5_asn1.PA_ENC_TS_ENC())
+
+        padata = self.EncryptedData_create(client_challenge_key,
+                                           KU_ENC_CHALLENGE_CLIENT,
+                                           padata)
+        padata = self.der_encode(padata,
+                                 asn1Spec=krb5_asn1.EncryptedData())
+
+        padata = self.PA_DATA_create(PADATA_ENCRYPTED_CHALLENGE,
+                                     padata)
+
+        return padata
+
     def get_as_rep_enc_data(self, key, rep):
         ''' Decrypt and Decode the encrypted data in an AS-REP
         '''