refactor types for 32bit support

client/ASExchange.go

@@ -128,7 +128,7 @@ func preAuthEType(krberr messages.KRBError) (etype etype.EType, err error) {
 	//KRB-ERROR message that requests additional pre-authentication.
 	//Therefore, clients SHOULD ignore a PA-PW-SALT accompanying a
 	//KRB-ERROR message that requests additional pre-authentication.
-	var etypeID int
+	var etypeID int32
 	var pas types.PADataSequence
 	e := pas.Unmarshal(krberr.EData)
 	if e != nil {

client/client_ad_integration_test.go

@@ -45,7 +45,7 @@ func TestClient_GetServiceTicket_AD(t *testing.T) {
 		t.Fatalf("Error getting service ticket: %v\n", err)
 	}
 	assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
-	assert.Equal(t, 18, key.KeyType)
+	assert.Equal(t, int32(18), key.KeyType)
 }
 
 func TestClient_SuccessfulLogin_AD_TRUST_USER_DOMAIN(t *testing.T) {

client/client_integration_test.go

@@ -250,7 +250,7 @@ func TestClient_GetServiceTicket(t *testing.T) {
 		t.Fatalf("Error getting service ticket: %v\n", err)
 	}
 	assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
-	assert.Equal(t, 18, key.KeyType)
+	assert.Equal(t, int32(18), key.KeyType)
 
 	//Check cache use - should get the same values back again
 	tkt2, key2, err := cl.GetServiceTicket(spn)
@@ -305,7 +305,7 @@ func TestClient_GetServiceTicket_OlderKDC(t *testing.T) {
 		t.Fatalf("Error getting service ticket: %v\n", err)
 	}
 	assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
-	assert.Equal(t, 18, key.KeyType)
+	assert.Equal(t, int32(18), key.KeyType)
 }
 
 func TestClient_SetSPNEGOHeader(t *testing.T) {

config/krb5conf.go

@@ -53,8 +53,8 @@ type LibDefaults struct {
 	DefaultRealm            string
 	DefaultTGSEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
 	DefaultTktEnctypes      []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
-	DefaultTGSEnctypeIDs    []int    //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
-	DefaultTktEnctypeIDs    []int    //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
+	DefaultTGSEnctypeIDs    []int32  //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
+	DefaultTktEnctypeIDs    []int32  //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
 	DNSCanonicalizeHostname bool     //default true
 	DNSLookupKDC            bool     //default false
 	DNSLookupRealm          bool
@@ -68,7 +68,7 @@ type LibDefaults struct {
 	//kdc_req_checksum_type int //unlikely to implement as for very old KDCs
 	NoAddresses         bool     //default true
 	PermittedEnctypes   []string //default aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4
-	PermittedEnctypeIDs []int
+	PermittedEnctypeIDs []int32
 	//plugin_base_dir string //not supporting plugins
 	PreferredPreauthTypes []int         //default “17, 16, 15, 14”, which forces libkrb5 to attempt to use PKINIT if it is supported
 	Proxiable             bool          //default false
@@ -537,8 +537,8 @@ func NewConfigFromScanner(scanner *bufio.Scanner) (*Config, error) {
 }
 
 // Parse a space delimited list of ETypes into a list of EType numbers optionally filtering out weak ETypes.
-func parseETypes(s []string, w bool) []int {
-	var eti []int
+func parseETypes(s []string, w bool) []int32 {
+	var eti []int32
 	for _, et := range s {
 		if !w {
 			var weak bool

credentials/ccache.go

@@ -146,7 +146,7 @@ func parseHeader(b []byte, p *int, c *CCache, e *binary.ByteOrder) error {
 func parsePrincipal(b []byte, p *int, c *CCache, e *binary.ByteOrder) (princ principal) {
 	if c.Version != 1 {
 		//Name Type is omitted in version 1
-		princ.PrincipalName.NameType = int(readInt32(b, p, e))
+		princ.PrincipalName.NameType = int32(readInt32(b, p, e))
 	}
 	nc := int(readInt32(b, p, e))
 	if c.Version == 1 {
@@ -166,10 +166,10 @@ func parseCredential(b []byte, p *int, c *CCache, e *binary.ByteOrder) (cred cre
 	cred.Client = parsePrincipal(b, p, c, e)
 	cred.Server = parsePrincipal(b, p, c, e)
 	key := types.EncryptionKey{}
-	key.KeyType = int(readInt16(b, p, e))
+	key.KeyType = int32(readInt16(b, p, e))
 	if c.Version == 3 {
 		//repeated twice in version 3
-		key.KeyType = int(readInt16(b, p, e))
+		key.KeyType = int32(readInt16(b, p, e))
 	}
 	key.KeyValue = readData(b, p, e)
 	cred.Key = key
@@ -283,14 +283,14 @@ func readData(b []byte, p *int, e *binary.ByteOrder) []byte {
 
 func readAddress(b []byte, p *int, e *binary.ByteOrder) types.HostAddress {
 	a := types.HostAddress{}
-	a.AddrType = int(readInt16(b, p, e))
+	a.AddrType = int32(readInt16(b, p, e))
 	a.Address = readData(b, p, e)
 	return a
 }
 
 func readAuthDataEntry(b []byte, p *int, e *binary.ByteOrder) types.AuthorizationDataEntry {
 	a := types.AuthorizationDataEntry{}
-	a.ADType = int(readInt16(b, p, e))
+	a.ADType = int32(readInt16(b, p, e))
 	a.ADData = readData(b, p, e)
 	return a
 }

crypto/aes128-cts-hmac-sha1-96.go

@@ -63,12 +63,12 @@ type Aes128CtsHmacSha96 struct {
 }
 
 // GetETypeID returns the EType ID number.
-func (e Aes128CtsHmacSha96) GetETypeID() int {
+func (e Aes128CtsHmacSha96) GetETypeID() int32 {
 	return etypeID.AES128_CTS_HMAC_SHA1_96
 }
 
 // GetHashID returns the checksum type ID number.
-func (e Aes128CtsHmacSha96) GetHashID() int {
+func (e Aes128CtsHmacSha96) GetHashID() int32 {
 	return chksumtype.HMAC_SHA1_96_AES128
 }
 

crypto/aes128-cts-hmac-sha256-128.go

@@ -18,12 +18,12 @@ type Aes128CtsHmacSha256128 struct {
 }
 
 // GetETypeID returns the EType ID number.
-func (e Aes128CtsHmacSha256128) GetETypeID() int {
+func (e Aes128CtsHmacSha256128) GetETypeID() int32 {
 	return etypeID.AES128_CTS_HMAC_SHA256_128
 }
 
 // GetHashID returns the checksum type ID number.
-func (e Aes128CtsHmacSha256128) GetHashID() int {
+func (e Aes128CtsHmacSha256128) GetHashID() int32 {
 	return chksumtype.HMAC_SHA256_128_AES128
 }
 

crypto/aes256-cts-hmac-sha1-96.go

@@ -63,12 +63,12 @@ type Aes256CtsHmacSha96 struct {
 }
 
 // GetETypeID returns the EType ID number.
-func (e Aes256CtsHmacSha96) GetETypeID() int {
+func (e Aes256CtsHmacSha96) GetETypeID() int32 {
 	return etypeID.AES256_CTS_HMAC_SHA1_96
 }
 
 // GetHashID returns the checksum type ID number.
-func (e Aes256CtsHmacSha96) GetHashID() int {
+func (e Aes256CtsHmacSha96) GetHashID() int32 {
 	return chksumtype.HMAC_SHA1_96_AES256
 }
 

crypto/aes256-cts-hmac-sha384-192.go

@@ -18,12 +18,12 @@ type Aes256CtsHmacSha384192 struct {
 }
 
 // GetETypeID returns the EType ID number.
-func (e Aes256CtsHmacSha384192) GetETypeID() int {
+func (e Aes256CtsHmacSha384192) GetETypeID() int32 {
 	return etypeID.AES256_CTS_HMAC_SHA384_192
 }
 
 // GetHashID returns the checksum type ID number.
-func (e Aes256CtsHmacSha384192) GetHashID() int {
+func (e Aes256CtsHmacSha384192) GetHashID() int32 {
 	return chksumtype.HMAC_SHA384_192_AES256
 }
 

crypto/crypto.go

@@ -12,7 +12,7 @@ import (
 )
 
 // GetEtype returns an instances of the required etype struct for the etype ID.
-func GetEtype(id int) (etype.EType, error) {
+func GetEtype(id int32) (etype.EType, error) {
 	switch id {
 	case etypeID.AES128_CTS_HMAC_SHA1_96:
 		var et Aes128CtsHmacSha96
@@ -38,7 +38,7 @@ func GetEtype(id int) (etype.EType, error) {
 }
 
 // GetChksumEtype returns an instances of the required etype struct for the checksum ID.
-func GetChksumEtype(id int) (etype.EType, error) {
+func GetChksumEtype(id int32) (etype.EType, error) {
 	switch id {
 	case chksumtype.HMAC_SHA1_96_AES128:
 		var et Aes128CtsHmacSha96
@@ -58,16 +58,16 @@ func GetChksumEtype(id int) (etype.EType, error) {
 	case chksumtype.KERB_CHECKSUM_HMAC_MD5:
 		var et RC4HMAC
 		return et, nil
-	case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
-		var et RC4HMAC
-		return et, nil
+	//case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
+	//	var et RC4HMAC
+	//	return et, nil
 	default:
 		return nil, fmt.Errorf("Unknown or unsupported checksum type: %d", id)
 	}
 }
 
 // GetKeyFromPassword generates an encryption key from the principal's password.
-func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string, etypeID int, pas types.PADataSequence) (types.EncryptionKey, etype.EType, error) {
+func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string, etypeID int32, pas types.PADataSequence) (types.EncryptionKey, etype.EType, error) {
 	var key types.EncryptionKey
 	et, err := GetEtype(etypeID)
 	if err != nil {
@@ -75,7 +75,7 @@ func GetKeyFromPassword(passwd string, cname types.PrincipalName, realm string,
 	}
 	sk2p := et.GetDefaultStringToKeyParams()
 	var salt string
-	var paID int
+	var paID int32
 	for _, pa := range pas {
 		switch pa.PADataType {
 		case patype.PA_PW_SALT:

crypto/des3-cbc-sha1-kd.go

@@ -54,12 +54,12 @@ type Des3CbcSha1Kd struct {
 }
 
 // GetETypeID returns the EType ID number.
-func (e Des3CbcSha1Kd) GetETypeID() int {
+func (e Des3CbcSha1Kd) GetETypeID() int32 {
 	return etypeID.DES3_CBC_SHA1_KD
 }
 
 // GetHashID returns the checksum type ID number.
-func (e Des3CbcSha1Kd) GetHashID() int {
+func (e Des3CbcSha1Kd) GetHashID() int32 {
 	return chksumtype.HMAC_SHA1_DES3_KD
 }
 

crypto/etype/etype.go

@@ -5,8 +5,8 @@ import "hash"
 
 // EType is the interface defining the Encryption Type.
 type EType interface {
-	GetETypeID() int
-	GetHashID() int
+	GetETypeID() int32
+	GetHashID() int32
 	GetKeyByteSize() int
 	GetKeySeedBitLength() int                                   // key-generation seed length, k
 	GetDefaultStringToKeyParams() string                        // default string-to-key parameters (s2kparams)

crypto/rc4-hmac.go

@@ -19,12 +19,12 @@ type RC4HMAC struct {
 }
 
 // GetETypeID returns the EType ID number.
-func (e RC4HMAC) GetETypeID() int {
+func (e RC4HMAC) GetETypeID() int32 {
 	return etypeID.RC4_HMAC
 }
 
 // GetHashID returns the checksum type ID number.
-func (e RC4HMAC) GetHashID() int {
+func (e RC4HMAC) GetHashID() int32 {
 	return chksumtype.KERB_CHECKSUM_HMAC_MD5
 }
 

gssapi/krb5Token.go

@@ -150,7 +150,7 @@ func NewAPREQMechToken(creds credentials.Credentials, tkt messages.Ticket, sessi
 // NewAuthenticator (DEPRECATED - this method will be updated in future versions to remove
 // the obsolete keyType argument and may be made private to the gssapi package)
 // creates a new kerberos authenticator for kerberos MechToken
-func NewAuthenticator(creds credentials.Credentials, keyType int, flags []int) (types.Authenticator, error) {
+func NewAuthenticator(creds credentials.Credentials, keyType int32, flags []int) (types.Authenticator, error) {
 	//RFC 4121 Section 4.1.1
 	auth, err := types.NewAuthenticator(creds.Realm, creds.CName)
 	if err != nil {

gssapi/krb5Token_test.go

@@ -30,8 +30,8 @@ func TestMechToken_Unmarshal(t *testing.T) {
 	assert.Equal(t, MechTypeOIDKRB5, mt.OID, "MechToken OID not as expected.")
 	assert.Equal(t, []byte{1, 0}, mt.TokID, "TokID not as expected")
 	assert.Equal(t, msgtype.KRB_AP_REQ, mt.APReq.MsgType, "MechToken AP_REQ does not have the right message type.")
-	assert.Equal(t, 0, mt.KRBError.ErrorCode, "KRBError in MechToken does not indicate no error.")
-	assert.Equal(t, 18, mt.APReq.Authenticator.EType, "Authenticator within AP_REQ does not have the etype expected.")
+	assert.Equal(t, int32(0), mt.KRBError.ErrorCode, "KRBError in MechToken does not indicate no error.")
+	assert.Equal(t, int32(18), mt.APReq.Authenticator.EType, "Authenticator within AP_REQ does not have the etype expected.")
 }
 
 func TestMechToken_newAuthenticatorChksum(t *testing.T) {
@@ -47,14 +47,14 @@ func TestMechToken_newAuthenticatorChksum(t *testing.T) {
 func TestMechToken_newAuthenticatorWithSubkeyGeneration(t *testing.T) {
 	creds := credentials.NewCredentials("hftsai", testdata.TEST_REALM)
 	creds.CName.NameString = testdata.TEST_PRINCIPALNAME_NAMESTRING
-	etypeID := 18
+	var etypeID int32 = 18
 	keyLen := 32 // etypeID 18 refers to AES256 -> 32 bytes key
 	a, err := NewAuthenticator(creds, etypeID, []int{GSS_C_INTEG_FLAG, GSS_C_CONF_FLAG})
 	if err != nil {
 		t.Fatalf("Error creating authenticator: %v", err)
 	}
 	a.GenerateSeqNumberAndSubKey(etypeID, keyLen)
-	assert.Equal(t, 32771, a.Cksum.CksumType, "Checksum type in authenticator for SPNEGO mechtoken not as expected.")
+	assert.Equal(t, int32(32771), a.Cksum.CksumType, "Checksum type in authenticator for SPNEGO mechtoken not as expected.")
 	assert.Equal(t, etypeID, a.SubKey.KeyType, "Subkey not of the expected type.")
 	assert.Equal(t, keyLen, len(a.SubKey.KeyValue), "Subkey value not of the right length")
 	// Test the subkey is initialised to random non-zero values. Not a perfect test but better than nothing.
@@ -73,13 +73,13 @@ func TestMechToken_newAuthenticatorWithSubkeyGeneration(t *testing.T) {
 func TestMechToken_newAuthenticator(t *testing.T) {
 	creds := credentials.NewCredentials("hftsai", testdata.TEST_REALM)
 	creds.CName.NameString = testdata.TEST_PRINCIPALNAME_NAMESTRING
-	etypeID := 18
+	var etypeID int32 = 18
 	a, err := NewAuthenticator(creds, etypeID, []int{GSS_C_INTEG_FLAG, GSS_C_CONF_FLAG})
 	if err != nil {
 		t.Fatalf("Error creating authenticator: %v", err)
 	}
-	assert.Equal(t, 32771, a.Cksum.CksumType, "Checksum type in authenticator for SPNEGO mechtoken not as expected.")
-	assert.Equal(t, 0, a.SubKey.KeyType, "Subkey not of the expected type.")
+	assert.Equal(t, int32(32771), a.Cksum.CksumType, "Checksum type in authenticator for SPNEGO mechtoken not as expected.")
+	assert.Equal(t, int32(0), a.SubKey.KeyType, "Subkey not of the expected type.")
 	assert.Nil(t, a.SubKey.KeyValue, "Subkey should not be set.")
 
 	assert.Condition(t, assert.Comparison(func() bool {
@@ -125,8 +125,8 @@ func TestNewAPREQMechToken_and_Marshal(t *testing.T) {
 	assert.Equal(t, MechTypeOIDKRB5, mt.OID, "MechToken OID not as expected.")
 	assert.Equal(t, []byte{1, 0}, mt.TokID, "TokID not as expected")
 	assert.Equal(t, msgtype.KRB_AP_REQ, mt.APReq.MsgType, "MechToken AP_REQ does not have the right message type.")
-	assert.Equal(t, 0, mt.KRBError.ErrorCode, "KRBError in MechToken does not indicate no error.")
+	assert.Equal(t, int32(0), mt.KRBError.ErrorCode, "KRBError in MechToken does not indicate no error.")
 	assert.Equal(t, testdata.TEST_REALM, mt.APReq.Ticket.Realm, "Realm in ticket within the AP_REQ of the MechToken not as expected.")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, mt.APReq.Ticket.SName.NameString, "SName in ticket within the AP_REQ of the MechToken not as expected.")
-	assert.Equal(t, 18, mt.APReq.Authenticator.EType, "Authenticator within AP_REQ does not have the etype expected.")
+	assert.Equal(t, int32(18), mt.APReq.Authenticator.EType, "Authenticator within AP_REQ does not have the etype expected.")
 }

iana/addrtype/constants.go

@@ -0,0 +1,15 @@
+// Package addrtype provides Address type assigned numbers.
+package addrtype
+
+// Address type IDs.
+const (
+	IPv4          int32 = 2
+	Directional   int32 = 3
+	ChaosNet      int32 = 5
+	XNS           int32 = 6
+	ISO           int32 = 7
+	DECNETPhaseIV int32 = 12
+	AppleTalkDDP  int32 = 16
+	NetBios       int32 = 20
+	IPv6          int32 = 24
+)

iana/adtype/constants.go

@@ -3,21 +3,21 @@ package adtype
 
 // Authenticator type IDs.
 const (
-	ADIfRelevant                  = 1
-	ADIntendedForServer           = 2
-	ADIntendedForApplicationClass = 3
-	ADKDCIssued                   = 4
-	ADAndOr                       = 5
-	ADMandatoryTicketExtensions   = 6
-	ADInTicketExtensions          = 7
-	ADMandatoryForKDC             = 8
-	OSFDCE                        = 64
-	SESAME                        = 65
-	ADOSFDCEPKICertID             = 66
-	ADAuthenticationStrength      = 70
-	ADFXFastArmor                 = 71
-	ADFXFastUsed                  = 72
-	ADWin2KPAC                    = 128
-	ADEtypeNegotiation            = 129
+	ADIfRelevant                  int32 = 1
+	ADIntendedForServer           int32 = 2
+	ADIntendedForApplicationClass int32 = 3
+	ADKDCIssued                   int32 = 4
+	ADAndOr                       int32 = 5
+	ADMandatoryTicketExtensions   int32 = 6
+	ADInTicketExtensions          int32 = 7
+	ADMandatoryForKDC             int32 = 8
+	OSFDCE                        int32 = 64
+	SESAME                        int32 = 65
+	ADOSFDCEPKICertID             int32 = 66
+	ADAuthenticationStrength      int32 = 70
+	ADFXFastArmor                 int32 = 71
+	ADFXFastUsed                  int32 = 72
+	ADWin2KPAC                    int32 = 128
+	ADEtypeNegotiation            int32 = 129
 	//Reserved values                   9-63
 )

iana/chksumtype/constants.go

@@ -4,29 +4,29 @@ package chksumtype
 // Checksum type IDs.
 const (
 	//RESERVED : 0
-	CRC32         = 1
-	RSA_MD4       = 2
-	RSA_MD4_DES   = 3
-	DES_MAC       = 4
-	DES_MAC_K     = 5
-	RSA_MD4_DES_K = 6
-	RSA_MD5       = 7
-	RSA_MD5_DES   = 8
-	RSA_MD5_DES3  = 9
-	SHA1_ID10     = 10
+	CRC32         int32 = 1
+	RSA_MD4       int32 = 2
+	RSA_MD4_DES   int32 = 3
+	DES_MAC       int32 = 4
+	DES_MAC_K     int32 = 5
+	RSA_MD4_DES_K int32 = 6
+	RSA_MD5       int32 = 7
+	RSA_MD5_DES   int32 = 8
+	RSA_MD5_DES3  int32 = 9
+	SHA1_ID10     int32 = 10
 	//UNASSIGNED : 11
-	HMAC_SHA1_DES3_KD      = 12
-	HMAC_SHA1_DES3         = 13
-	SHA1_ID14              = 14
-	HMAC_SHA1_96_AES128    = 15
-	HMAC_SHA1_96_AES256    = 16
-	CMAC_CAMELLIA128       = 17
-	CMAC_CAMELLIA256       = 18
-	HMAC_SHA256_128_AES128 = 19
-	HMAC_SHA384_192_AES256 = 20
+	HMAC_SHA1_DES3_KD      int32 = 12
+	HMAC_SHA1_DES3         int32 = 13
+	SHA1_ID14              int32 = 14
+	HMAC_SHA1_96_AES128    int32 = 15
+	HMAC_SHA1_96_AES256    int32 = 16
+	CMAC_CAMELLIA128       int32 = 17
+	CMAC_CAMELLIA256       int32 = 18
+	HMAC_SHA256_128_AES128 int32 = 19
+	HMAC_SHA384_192_AES256 int32 = 20
 	//UNASSIGNED : 21-32770
-	GSSAPI = 32771
+	GSSAPI int32 = 32771
 	//UNASSIGNED : 32772-2147483647
-	KERB_CHECKSUM_HMAC_MD5_UNSIGNED = 4294967158 // 0xFFFFFF76 documentation says this is -138 but in an unsigned int this is 4294967158
-	KERB_CHECKSUM_HMAC_MD5          = -138
+	KERB_CHECKSUM_HMAC_MD5_UNSIGNED uint32 = 4294967158 // 0xFFFFFF76 documentation says this is -138 but in an unsigned int this is 4294967158
+	KERB_CHECKSUM_HMAC_MD5          int32  = -138
 )

iana/errorcode/constants.go

@@ -5,85 +5,85 @@ import "fmt"
 
 // Kerberos error codes.
 const (
-	KDC_ERR_NONE                          = 0  //No error
-	KDC_ERR_NAME_EXP                      = 1  //Client's entry in database has expired
-	KDC_ERR_SERVICE_EXP                   = 2  //Server's entry in database has expired
-	KDC_ERR_BAD_PVNO                      = 3  //Requested protocol version number not supported
-	KDC_ERR_C_OLD_MAST_KVNO               = 4  //Client's key encrypted in old master key
-	KDC_ERR_S_OLD_MAST_KVNO               = 5  //Server's key encrypted in old master key
-	KDC_ERR_C_PRINCIPAL_UNKNOWN           = 6  //Client not found in Kerberos database
-	KDC_ERR_S_PRINCIPAL_UNKNOWN           = 7  //Server not found in Kerberos database
-	KDC_ERR_PRINCIPAL_NOT_UNIQUE          = 8  //Multiple principal entries in database
-	KDC_ERR_NULL_KEY                      = 9  //The client or server has a null key
-	KDC_ERR_CANNOT_POSTDATE               = 10 //Ticket not eligible for  postdating
-	KDC_ERR_NEVER_VALID                   = 11 //Requested starttime is later than end time
-	KDC_ERR_POLICY                        = 12 //KDC policy rejects request
-	KDC_ERR_BADOPTION                     = 13 //KDC cannot accommodate requested option
-	KDC_ERR_ETYPE_NOSUPP                  = 14 //KDC has no support for  encryption type
-	KDC_ERR_SUMTYPE_NOSUPP                = 15 //KDC has no support for  checksum type
-	KDC_ERR_PADATA_TYPE_NOSUPP            = 16 //KDC has no support for  padata type
-	KDC_ERR_TRTYPE_NOSUPP                 = 17 //KDC has no support for  transited type
-	KDC_ERR_CLIENT_REVOKED                = 18 //Clients credentials have been revoked
-	KDC_ERR_SERVICE_REVOKED               = 19 //Credentials for server have been revoked
-	KDC_ERR_TGT_REVOKED                   = 20 //TGT has been revoked
-	KDC_ERR_CLIENT_NOTYET                 = 21 //Client not yet valid; try again later
-	KDC_ERR_SERVICE_NOTYET                = 22 //Server not yet valid; try again later
-	KDC_ERR_KEY_EXPIRED                   = 23 //Password has expired; change password to reset
-	KDC_ERR_PREAUTH_FAILED                = 24 //Pre-authentication information was invalid
-	KDC_ERR_PREAUTH_REQUIRED              = 25 //Additional pre-authentication required
-	KDC_ERR_SERVER_NOMATCH                = 26 //Requested server and ticket don't match
-	KDC_ERR_MUST_USE_USER2USER            = 27 //Server principal valid for  user2user only
-	KDC_ERR_PATH_NOT_ACCEPTED             = 28 //KDC Policy rejects transited path
-	KDC_ERR_SVC_UNAVAILABLE               = 29 //A service is not available
-	KRB_AP_ERR_BAD_INTEGRITY              = 31 //Integrity check on decrypted field failed
-	KRB_AP_ERR_TKT_EXPIRED                = 32 //Ticket expired
-	KRB_AP_ERR_TKT_NYV                    = 33 //Ticket not yet valid
-	KRB_AP_ERR_REPEAT                     = 34 //Request is a replay
-	KRB_AP_ERR_NOT_US                     = 35 //The ticket isn't for us
-	KRB_AP_ERR_BADMATCH                   = 36 //Ticket and authenticator don't match
-	KRB_AP_ERR_SKEW                       = 37 //Clock skew too great
-	KRB_AP_ERR_BADADDR                    = 38 //Incorrect net address
-	KRB_AP_ERR_BADVERSION                 = 39 //Protocol version mismatch
-	KRB_AP_ERR_MSG_TYPE                   = 40 //Invalid msg type
-	KRB_AP_ERR_MODIFIED                   = 41 //Message stream modified
-	KRB_AP_ERR_BADORDER                   = 42 //Message out of order
-	KRB_AP_ERR_BADKEYVER                  = 44 //Specified version of key is not available
-	KRB_AP_ERR_NOKEY                      = 45 //Service key not available
-	KRB_AP_ERR_MUT_FAIL                   = 46 //Mutual authentication failed
-	KRB_AP_ERR_BADDIRECTION               = 47 //Incorrect message direction
-	KRB_AP_ERR_METHOD                     = 48 //Alternative authentication method required
-	KRB_AP_ERR_BADSEQ                     = 49 //Incorrect sequence number in message
-	KRB_AP_ERR_INAPP_CKSUM                = 50 //Inappropriate type of checksum in message
-	KRB_AP_PATH_NOT_ACCEPTED              = 51 //Policy rejects transited path
-	KRB_ERR_RESPONSE_TOO_BIG              = 52 //Response too big for UDP;  retry with TCP
-	KRB_ERR_GENERIC                       = 60 //Generic error (description in e-text)
-	KRB_ERR_FIELD_TOOLONG                 = 61 //Field is too long for this implementation
-	KDC_ERROR_CLIENT_NOT_TRUSTED          = 62 //Reserved for PKINIT
-	KDC_ERROR_KDC_NOT_TRUSTED             = 63 //Reserved for PKINIT
-	KDC_ERROR_INVALID_SIG                 = 64 //Reserved for PKINIT
-	KDC_ERR_KEY_TOO_WEAK                  = 65 //Reserved for PKINIT
-	KDC_ERR_CERTIFICATE_MISMATCH          = 66 //Reserved for PKINIT
-	KRB_AP_ERR_NO_TGT                     = 67 //No TGT available to validate USER-TO-USER
-	KDC_ERR_WRONG_REALM                   = 68 //Reserved for future use
-	KRB_AP_ERR_USER_TO_USER_REQUIRED      = 69 //Ticket must be for  USER-TO-USER
-	KDC_ERR_CANT_VERIFY_CERTIFICATE       = 70 //Reserved for PKINIT
-	KDC_ERR_INVALID_CERTIFICATE           = 71 //Reserved for PKINIT
-	KDC_ERR_REVOKED_CERTIFICATE           = 72 //Reserved for PKINIT
-	KDC_ERR_REVOCATION_STATUS_UNKNOWN     = 73 //Reserved for PKINIT
-	KDC_ERR_REVOCATION_STATUS_UNAVAILABLE = 74 //Reserved for PKINIT
-	KDC_ERR_CLIENT_NAME_MISMATCH          = 75 //Reserved for PKINIT
-	KDC_ERR_KDC_NAME_MISMATCH             = 76 //Reserved for PKINIT
+	KDC_ERR_NONE                          int32 = 0  //No error
+	KDC_ERR_NAME_EXP                      int32 = 1  //Client's entry in database has expired
+	KDC_ERR_SERVICE_EXP                   int32 = 2  //Server's entry in database has expired
+	KDC_ERR_BAD_PVNO                      int32 = 3  //Requested protocol version number not supported
+	KDC_ERR_C_OLD_MAST_KVNO               int32 = 4  //Client's key encrypted in old master key
+	KDC_ERR_S_OLD_MAST_KVNO               int32 = 5  //Server's key encrypted in old master key
+	KDC_ERR_C_PRINCIPAL_UNKNOWN           int32 = 6  //Client not found in Kerberos database
+	KDC_ERR_S_PRINCIPAL_UNKNOWN           int32 = 7  //Server not found in Kerberos database
+	KDC_ERR_PRINCIPAL_NOT_UNIQUE          int32 = 8  //Multiple principal entries in database
+	KDC_ERR_NULL_KEY                      int32 = 9  //The client or server has a null key
+	KDC_ERR_CANNOT_POSTDATE               int32 = 10 //Ticket not eligible for  postdating
+	KDC_ERR_NEVER_VALID                   int32 = 11 //Requested starttime is later than end time
+	KDC_ERR_POLICY                        int32 = 12 //KDC policy rejects request
+	KDC_ERR_BADOPTION                     int32 = 13 //KDC cannot accommodate requested option
+	KDC_ERR_ETYPE_NOSUPP                  int32 = 14 //KDC has no support for  encryption type
+	KDC_ERR_SUMTYPE_NOSUPP                int32 = 15 //KDC has no support for  checksum type
+	KDC_ERR_PADATA_TYPE_NOSUPP            int32 = 16 //KDC has no support for  padata type
+	KDC_ERR_TRTYPE_NOSUPP                 int32 = 17 //KDC has no support for  transited type
+	KDC_ERR_CLIENT_REVOKED                int32 = 18 //Clients credentials have been revoked
+	KDC_ERR_SERVICE_REVOKED               int32 = 19 //Credentials for server have been revoked
+	KDC_ERR_TGT_REVOKED                   int32 = 20 //TGT has been revoked
+	KDC_ERR_CLIENT_NOTYET                 int32 = 21 //Client not yet valid; try again later
+	KDC_ERR_SERVICE_NOTYET                int32 = 22 //Server not yet valid; try again later
+	KDC_ERR_KEY_EXPIRED                   int32 = 23 //Password has expired; change password to reset
+	KDC_ERR_PREAUTH_FAILED                int32 = 24 //Pre-authentication information was invalid
+	KDC_ERR_PREAUTH_REQUIRED              int32 = 25 //Additional pre-authentication required
+	KDC_ERR_SERVER_NOMATCH                int32 = 26 //Requested server and ticket don't match
+	KDC_ERR_MUST_USE_USER2USER            int32 = 27 //Server principal valid for  user2user only
+	KDC_ERR_PATH_NOT_ACCEPTED             int32 = 28 //KDC Policy rejects transited path
+	KDC_ERR_SVC_UNAVAILABLE               int32 = 29 //A service is not available
+	KRB_AP_ERR_BAD_INTEGRITY              int32 = 31 //Integrity check on decrypted field failed
+	KRB_AP_ERR_TKT_EXPIRED                int32 = 32 //Ticket expired
+	KRB_AP_ERR_TKT_NYV                    int32 = 33 //Ticket not yet valid
+	KRB_AP_ERR_REPEAT                     int32 = 34 //Request is a replay
+	KRB_AP_ERR_NOT_US                     int32 = 35 //The ticket isn't for us
+	KRB_AP_ERR_BADMATCH                   int32 = 36 //Ticket and authenticator don't match
+	KRB_AP_ERR_SKEW                       int32 = 37 //Clock skew too great
+	KRB_AP_ERR_BADADDR                    int32 = 38 //Incorrect net address
+	KRB_AP_ERR_BADVERSION                 int32 = 39 //Protocol version mismatch
+	KRB_AP_ERR_MSG_TYPE                   int32 = 40 //Invalid msg type
+	KRB_AP_ERR_MODIFIED                   int32 = 41 //Message stream modified
+	KRB_AP_ERR_BADORDER                   int32 = 42 //Message out of order
+	KRB_AP_ERR_BADKEYVER                  int32 = 44 //Specified version of key is not available
+	KRB_AP_ERR_NOKEY                      int32 = 45 //Service key not available
+	KRB_AP_ERR_MUT_FAIL                   int32 = 46 //Mutual authentication failed
+	KRB_AP_ERR_BADDIRECTION               int32 = 47 //Incorrect message direction
+	KRB_AP_ERR_METHOD                     int32 = 48 //Alternative authentication method required
+	KRB_AP_ERR_BADSEQ                     int32 = 49 //Incorrect sequence number in message
+	KRB_AP_ERR_INAPP_CKSUM                int32 = 50 //Inappropriate type of checksum in message
+	KRB_AP_PATH_NOT_ACCEPTED              int32 = 51 //Policy rejects transited path
+	KRB_ERR_RESPONSE_TOO_BIG              int32 = 52 //Response too big for UDP;  retry with TCP
+	KRB_ERR_GENERIC                       int32 = 60 //Generic error (description in e-text)
+	KRB_ERR_FIELD_TOOLONG                 int32 = 61 //Field is too long for this implementation
+	KDC_ERROR_CLIENT_NOT_TRUSTED          int32 = 62 //Reserved for PKINIT
+	KDC_ERROR_KDC_NOT_TRUSTED             int32 = 63 //Reserved for PKINIT
+	KDC_ERROR_INVALID_SIG                 int32 = 64 //Reserved for PKINIT
+	KDC_ERR_KEY_TOO_WEAK                  int32 = 65 //Reserved for PKINIT
+	KDC_ERR_CERTIFICATE_MISMATCH          int32 = 66 //Reserved for PKINIT
+	KRB_AP_ERR_NO_TGT                     int32 = 67 //No TGT available to validate USER-TO-USER
+	KDC_ERR_WRONG_REALM                   int32 = 68 //Reserved for future use
+	KRB_AP_ERR_USER_TO_USER_REQUIRED      int32 = 69 //Ticket must be for  USER-TO-USER
+	KDC_ERR_CANT_VERIFY_CERTIFICATE       int32 = 70 //Reserved for PKINIT
+	KDC_ERR_INVALID_CERTIFICATE           int32 = 71 //Reserved for PKINIT
+	KDC_ERR_REVOKED_CERTIFICATE           int32 = 72 //Reserved for PKINIT
+	KDC_ERR_REVOCATION_STATUS_UNKNOWN     int32 = 73 //Reserved for PKINIT
+	KDC_ERR_REVOCATION_STATUS_UNAVAILABLE int32 = 74 //Reserved for PKINIT
+	KDC_ERR_CLIENT_NAME_MISMATCH          int32 = 75 //Reserved for PKINIT
+	KDC_ERR_KDC_NAME_MISMATCH             int32 = 76 //Reserved for PKINIT
 )
 
 // Lookup an error code description.
-func Lookup(i int) string {
+func Lookup(i int32) string {
 	if s, ok := errorcodeLookup[i]; ok {
 		return fmt.Sprintf("(%d) %s", i, s)
 	}
 	return fmt.Sprintf("Unknown ErrorCode %d", i)
 }
 
-var errorcodeLookup = map[int]string{
+var errorcodeLookup = map[int32]string{
 	KDC_ERR_NONE:                          "KDC_ERR_NONE No error",
 	KDC_ERR_NAME_EXP:                      "KDC_ERR_NAME_EXP Client's entry in database has expired",
 	KDC_ERR_SERVICE_EXP:                   "KDC_ERR_SERVICE_EXP Server's entry in database has expired",

iana/etypeID/constants.go

@@ -4,38 +4,38 @@ package etypeID
 // Kerberos encryption type assigned numbers.
 const (
 	//RESERVED : 0
-	DES_CBC_CRC                  = 1
-	DES_CBC_MD4                  = 2
-	DES_CBC_MD5                  = 3
-	DES_CBC_RAW                  = 4
-	DES3_CBC_MD5                 = 5
-	DES3_CBC_RAW                 = 6
-	DES3_CBC_SHA1                = 7
-	DES_HMAC_SHA1                = 8
-	DSAWITHSHA1_CMSOID           = 9
-	MD5WITHRSAENCRYPTION_CMSOID  = 10
-	SHA1WITHRSAENCRYPTION_CMSOID = 11
-	RC2CBC_ENVOID                = 12
-	RSAENCRYPTION_ENVOID         = 13
-	RSAES_OAEP_ENV_OID           = 14
-	DES_EDE3_CBC_ENV_OID         = 15
-	DES3_CBC_SHA1_KD             = 16
-	AES128_CTS_HMAC_SHA1_96      = 17
-	AES256_CTS_HMAC_SHA1_96      = 18
-	AES128_CTS_HMAC_SHA256_128   = 19
-	AES256_CTS_HMAC_SHA384_192   = 20
+	DES_CBC_CRC                  int32 = 1
+	DES_CBC_MD4                  int32 = 2
+	DES_CBC_MD5                  int32 = 3
+	DES_CBC_RAW                  int32 = 4
+	DES3_CBC_MD5                 int32 = 5
+	DES3_CBC_RAW                 int32 = 6
+	DES3_CBC_SHA1                int32 = 7
+	DES_HMAC_SHA1                int32 = 8
+	DSAWITHSHA1_CMSOID           int32 = 9
+	MD5WITHRSAENCRYPTION_CMSOID  int32 = 10
+	SHA1WITHRSAENCRYPTION_CMSOID int32 = 11
+	RC2CBC_ENVOID                int32 = 12
+	RSAENCRYPTION_ENVOID         int32 = 13
+	RSAES_OAEP_ENV_OID           int32 = 14
+	DES_EDE3_CBC_ENV_OID         int32 = 15
+	DES3_CBC_SHA1_KD             int32 = 16
+	AES128_CTS_HMAC_SHA1_96      int32 = 17
+	AES256_CTS_HMAC_SHA1_96      int32 = 18
+	AES128_CTS_HMAC_SHA256_128   int32 = 19
+	AES256_CTS_HMAC_SHA384_192   int32 = 20
 	//UNASSIGNED : 21-22
-	RC4_HMAC             = 23
-	RC4_HMAC_EXP         = 24
-	CAMELLIA128_CTS_CMAC = 25
-	CAMELLIA256_CTS_CMAC = 26
+	RC4_HMAC             int32 = 23
+	RC4_HMAC_EXP         int32 = 24
+	CAMELLIA128_CTS_CMAC int32 = 25
+	CAMELLIA256_CTS_CMAC int32 = 26
 	//UNASSIGNED : 27-64
-	SUBKEY_KEYMATERIAL = 65
+	SUBKEY_KEYMATERIAL int32 = 65
 	//UNASSIGNED : 66-2147483647
 )
 
 // ETypesByName is a map of EncType names to their assigned EncType number.
-var ETypesByName = map[string]int{
+var ETypesByName = map[string]int32{
 	"des-cbc-crc":                  DES_CBC_CRC,
 	"des-cbc-md4":                  DES_CBC_MD4,
 	"des-cbc-md5":                  DES_CBC_MD5,
@@ -78,9 +78,9 @@ var ETypesByName = map[string]int{
 
 // EtypeSupported resolves the etype name string to the etype ID.
 // If zero is returned the etype is not supported by gokrb5.
-func EtypeSupported(etype string) int {
+func EtypeSupported(etype string) int32 {
 	// Slice of supported enctype IDs
-	s := []int{
+	s := []int32{
 		AES128_CTS_HMAC_SHA1_96,
 		AES256_CTS_HMAC_SHA1_96,
 		AES128_CTS_HMAC_SHA256_128,

iana/nametype/constants.go

@@ -3,13 +3,13 @@ package nametype
 
 // Kerberos name type IDs.
 const (
-	KRB_NT_UNKNOWN        = 0  //Name type not known
-	KRB_NT_PRINCIPAL      = 1  //Just the name of the principal as in DCE,  or for users
-	KRB_NT_SRV_INST       = 2  //Service and other unique instance (krbtgt)
-	KRB_NT_SRV_HST        = 3  //Service with host name as instance (telnet, rcommands)
-	KRB_NT_SRV_XHST       = 4  //Service with host as remaining components
-	KRB_NT_UID            = 5  //Unique ID
-	KRB_NT_X500_PRINCIPAL = 6  //Encoded X.509 Distinguished name [RFC2253]
-	KRB_NT_SMTP_NAME      = 7  //Name in form of SMTP email name (e.g., user@example.com)
-	KRB_NT_ENTERPRISE     = 10 //Enterprise name; may be mapped to principal name
+	KRB_NT_UNKNOWN        int32 = 0  //Name type not known
+	KRB_NT_PRINCIPAL      int32 = 1  //Just the name of the principal as in DCE,  or for users
+	KRB_NT_SRV_INST       int32 = 2  //Service and other unique instance (krbtgt)
+	KRB_NT_SRV_HST        int32 = 3  //Service with host name as instance (telnet, rcommands)
+	KRB_NT_SRV_XHST       int32 = 4  //Service with host as remaining components
+	KRB_NT_UID            int32 = 5  //Unique ID
+	KRB_NT_X500_PRINCIPAL int32 = 6  //Encoded X.509 Distinguished name [RFC2253]
+	KRB_NT_SMTP_NAME      int32 = 7  //Name in form of SMTP email name (e.g., user@example.com)
+	KRB_NT_ENTERPRISE     int32 = 10 //Enterprise name; may be mapped to principal name
 )

iana/patype/constants.go

@@ -3,75 +3,75 @@ package patype
 
 // Kerberos pre-authentication type assigned numbers.
 const (
-	PA_TGS_REQ       = 1
-	PA_ENC_TIMESTAMP = 2
-	PA_PW_SALT       = 3
+	PA_TGS_REQ       int32 = 1
+	PA_ENC_TIMESTAMP int32 = 2
+	PA_PW_SALT       int32 = 3
 	//RESERVED : 4
-	PA_ENC_UNIX_TIME       = 5
-	PA_SANDIA_SECUREID     = 6
-	PA_SESAME              = 7
-	PA_OSF_DCE             = 8
-	PA_CYBERSAFE_SECUREID  = 9
-	PA_AFS3_SALT           = 10
-	PA_ETYPE_INFO          = 11
-	PA_SAM_CHALLENGE       = 12
-	PA_SAM_RESPONSE        = 13
-	PA_PK_AS_REQ_OLD       = 14
-	PA_PK_AS_REP_OLD       = 15
-	PA_PK_AS_REQ           = 16
-	PA_PK_AS_REP           = 17
-	PA_PK_OCSP_RESPONSE    = 18
-	PA_ETYPE_INFO2         = 19
-	PA_USE_SPECIFIED_KVNO  = 20
-	PA_SVR_REFERRAL_INFO   = 20
-	PA_SAM_REDIRECT        = 21
-	PA_GET_FROM_TYPED_DATA = 22
-	TD_PADATA              = 22
-	PA_SAM_ETYPE_INFO      = 23
-	PA_ALT_PRINC           = 24
-	PA_SERVER_REFERRAL     = 25
+	PA_ENC_UNIX_TIME       int32 = 5
+	PA_SANDIA_SECUREID     int32 = 6
+	PA_SESAME              int32 = 7
+	PA_OSF_DCE             int32 = 8
+	PA_CYBERSAFE_SECUREID  int32 = 9
+	PA_AFS3_SALT           int32 = 10
+	PA_ETYPE_INFO          int32 = 11
+	PA_SAM_CHALLENGE       int32 = 12
+	PA_SAM_RESPONSE        int32 = 13
+	PA_PK_AS_REQ_OLD       int32 = 14
+	PA_PK_AS_REP_OLD       int32 = 15
+	PA_PK_AS_REQ           int32 = 16
+	PA_PK_AS_REP           int32 = 17
+	PA_PK_OCSP_RESPONSE    int32 = 18
+	PA_ETYPE_INFO2         int32 = 19
+	PA_USE_SPECIFIED_KVNO  int32 = 20
+	PA_SVR_REFERRAL_INFO   int32 = 20
+	PA_SAM_REDIRECT        int32 = 21
+	PA_GET_FROM_TYPED_DATA int32 = 22
+	TD_PADATA              int32 = 22
+	PA_SAM_ETYPE_INFO      int32 = 23
+	PA_ALT_PRINC           int32 = 24
+	PA_SERVER_REFERRAL     int32 = 25
 	//UNASSIGNED : 26-29
-	PA_SAM_CHALLENGE2 = 30
-	PA_SAM_RESPONSE2  = 31
+	PA_SAM_CHALLENGE2 int32 = 30
+	PA_SAM_RESPONSE2  int32 = 31
 	//UNASSIGNED : 32-40
-	PA_EXTRA_TGT = 41
+	PA_EXTRA_TGT int32 = 41
 	//UNASSIGNED : 42-100
-	TD_PKINIT_CMS_CERTIFICATES = 101
-	TD_KRB_PRINCIPAL           = 102
-	TD_KRB_REALM               = 103
-	TD_TRUSTED_CERTIFIERS      = 104
-	TD_CERTIFICATE_INDEX       = 105
-	TD_APP_DEFINED_ERROR       = 106
-	TD_REQ_NONCE               = 107
-	TD_REQ_SEQ                 = 108
-	TD_DH_PARAMETERS           = 109
+	TD_PKINIT_CMS_CERTIFICATES int32 = 101
+	TD_KRB_PRINCIPAL           int32 = 102
+	TD_KRB_REALM               int32 = 103
+	TD_TRUSTED_CERTIFIERS      int32 = 104
+	TD_CERTIFICATE_INDEX       int32 = 105
+	TD_APP_DEFINED_ERROR       int32 = 106
+	TD_REQ_NONCE               int32 = 107
+	TD_REQ_SEQ                 int32 = 108
+	TD_DH_PARAMETERS           int32 = 109
 	//UNASSIGNED : 110
-	TD_CMS_DIGEST_ALGORITHMS  = 111
-	TD_CERT_DIGEST_ALGORITHMS = 112
+	TD_CMS_DIGEST_ALGORITHMS  int32 = 111
+	TD_CERT_DIGEST_ALGORITHMS int32 = 112
 	//UNASSIGNED : 113-127
-	PA_PAC_REQUEST         = 128
-	PA_FOR_USER            = 129
-	PA_FOR_X509_USER       = 130
-	PA_FOR_CHECK_DUPS      = 131
-	PA_AS_CHECKSUM         = 132
-	PA_FX_COOKIE           = 133
-	PA_AUTHENTICATION_SET  = 134
-	PA_AUTH_SET_SELECTED   = 135
-	PA_FX_FAST             = 136
-	PA_FX_ERROR            = 137
-	PA_ENCRYPTED_CHALLENGE = 138
+	PA_PAC_REQUEST         int32 = 128
+	PA_FOR_USER            int32 = 129
+	PA_FOR_X509_USER       int32 = 130
+	PA_FOR_CHECK_DUPS      int32 = 131
+	PA_AS_CHECKSUM         int32 = 132
+	PA_FX_COOKIE           int32 = 133
+	PA_AUTHENTICATION_SET  int32 = 134
+	PA_AUTH_SET_SELECTED   int32 = 135
+	PA_FX_FAST             int32 = 136
+	PA_FX_ERROR            int32 = 137
+	PA_ENCRYPTED_CHALLENGE int32 = 138
 	//UNASSIGNED : 139-140
-	PA_OTP_CHALLENGE  = 141
-	PA_OTP_REQUEST    = 142
-	PA_OTP_CONFIRM    = 143
-	PA_OTP_PIN_CHANGE = 144
-	PA_EPAK_AS_REQ    = 145
-	PA_EPAK_AS_REP    = 146
-	PA_PKINIT_KX      = 147
-	PA_PKU2U_NAME     = 148
-	PA_REQ_ENC_PA_REP = 149
-	PA_AS_FRESHNESS   = 150
+	PA_OTP_CHALLENGE  int32 = 141
+	PA_OTP_REQUEST    int32 = 142
+	PA_OTP_CONFIRM    int32 = 143
+	PA_OTP_PIN_CHANGE int32 = 144
+	PA_EPAK_AS_REQ    int32 = 145
+	PA_EPAK_AS_REP    int32 = 146
+	PA_PKINIT_KX      int32 = 147
+	PA_PKU2U_NAME     int32 = 148
+	PA_REQ_ENC_PA_REP int32 = 149
+	PA_AS_FRESHNESS   int32 = 150
 	//UNASSIGNED : 151-164
-	PA_SUPPORTED_ETYPES = 165
-	PA_EXTENDED_ERROR   = 166
+	PA_SUPPORTED_ETYPES int32 = 165
+	PA_EXTENDED_ERROR   int32 = 166
 )

iana/trtype/constants.go

@@ -0,0 +1,8 @@
+// Package trtype provides Transited Encoding Type assigned numbers.
+package trtype
+
+// Transited Encoding Type IDs.
+const (
+	DOMAIN_X500_COMPRESS int32 = 1
+	//Reserved values                 All others
+)

keytab/keytab.go

@@ -45,11 +45,11 @@ func NewKeytab() Keytab {
 }
 
 // GetEncryptionKey returns the EncryptionKey from the Keytab for the newest entry with the required kvno, etype and matching principal.
-func (kt *Keytab) GetEncryptionKey(nameString []string, realm string, kvno, etype int) (types.EncryptionKey, error) {
+func (kt *Keytab) GetEncryptionKey(nameString []string, realm string, kvno int, etype int32) (types.EncryptionKey, error) {
 	var key types.EncryptionKey
 	var t time.Time
 	for _, k := range kt.Entries {
-		if k.Principal.Realm == realm && len(k.Principal.Components) == len(nameString) && int(k.Key.KeyType) == etype && (int(k.KVNO) == kvno || kvno == 0) && k.Timestamp.After(t) {
+		if k.Principal.Realm == realm && len(k.Principal.Components) == len(nameString) && k.Key.KeyType == etype && (k.KVNO == uint32(kvno) || kvno == 0) && k.Timestamp.After(t) {
 			p := true
 			for i, n := range k.Principal.Components {
 				if nameString[i] != n {
@@ -147,7 +147,7 @@ func Parse(b []byte) (kt Keytab, err error) {
 			parsePrincipal(eb, &p, &kt, &ke, &endian)
 			ke.Timestamp = readTimestamp(eb, &p, &endian)
 			ke.KVNO8 = uint8(readInt8(eb, &p, &endian))
-			ke.Key.KeyType = int(readInt16(eb, &p, &endian))
+			ke.Key.KeyType = int32(readInt16(eb, &p, &endian))
 			kl := int(readInt16(eb, &p, &endian))
 			ke.Key.KeyValue = readBytes(eb, &p, kl, &endian)
 			//The 32-bit key version overrides the 8-bit key version.

keytab/keytab_test.go

@@ -20,7 +20,7 @@ func TestParse(t *testing.T) {
 	assert.Equal(t, uint32(1), kt.Entries[0].KVNO, "KVNO not as expected")
 	assert.Equal(t, uint8(1), kt.Entries[0].KVNO8, "KVNO8 not as expected")
 	assert.Equal(t, time.Unix(1483384877, 0), kt.Entries[0].Timestamp, "Timestamp not as expected")
-	assert.Equal(t, 23, kt.Entries[0].Key.KeyType, "Key's EType not as expected")
+	assert.Equal(t, int32(23), kt.Entries[0].Key.KeyType, "Key's EType not as expected")
 	assert.Equal(t, "0c61039f010b2fbb88fe449fbf262477", hex.EncodeToString(kt.Entries[0].Key.KeyValue), "Key material not as expected")
 	assert.Equal(t, int16(1), kt.Entries[0].Principal.NumComponents, "Number of components in principal not as expected")
 	assert.Equal(t, int32(1), kt.Entries[0].Principal.NameType, "Name type of principal not as expected")

messages/APRep.go

@@ -37,7 +37,7 @@ type EncAPRepPart struct {
 	CTime          time.Time           `asn1:"generalized,explicit,tag:0"`
 	Cusec          int                 `asn1:"explicit,tag:1"`
 	Subkey         types.EncryptionKey `asn1:"optional,explicit,tag:2"`
-	SequenceNumber int                 `asn1:"optional,explicit,tag:3"`
+	SequenceNumber int64               `asn1:"optional,explicit,tag:3"`
 }
 
 // Unmarshal bytes b into the APRep struct.

messages/APRep_test.go

@@ -43,9 +43,9 @@ func TestUnmarshalEncAPRepPart(t *testing.T) {
 
 	assert.Equal(t, tt, a.CTime, "CTime not as expected")
 	assert.Equal(t, 123456, a.Cusec, "Client microseconds not as expected")
-	assert.Equal(t, 1, a.Subkey.KeyType, "Subkey type not as expected")
+	assert.Equal(t, int32(1), a.Subkey.KeyType, "Subkey type not as expected")
 	assert.Equal(t, []byte("12345678"), a.Subkey.KeyValue, "Subkey value not as expected")
-	assert.Equal(t, 17, a.SequenceNumber, "Sequence number not as expected")
+	assert.Equal(t, int64(17), a.SequenceNumber, "Sequence number not as expected")
 }
 
 func TestUnmarshalEncAPRepPart_optionalsNULL(t *testing.T) {

messages/KDCRep.go

@@ -56,7 +56,7 @@ type TGSRep struct {
 type EncKDCRepPart struct {
 	Key           types.EncryptionKey  `asn1:"explicit,tag:0"`
 	LastReqs      []LastReq            `asn1:"explicit,tag:1"`
-	Nonce         int                  `asn1:"explicit,tag:2"`
+	Nonce         int64                `asn1:"explicit,tag:2"`
 	KeyExpiration time.Time            `asn1:"generalized,explicit,optional,tag:3"`
 	Flags         asn1.BitString       `asn1:"explicit,tag:4"`
 	AuthTime      time.Time            `asn1:"generalized,explicit,tag:5"`
@@ -71,7 +71,7 @@ type EncKDCRepPart struct {
 
 // LastReq part of KRB_KDC_REP.
 type LastReq struct {
-	LRType  int       `asn1:"explicit,tag:0"`
+	LRType  int32     `asn1:"explicit,tag:0"`
 	LRValue time.Time `asn1:"generalized,explicit,tag:1"`
 }
 

messages/KDCRep_test.go

@@ -7,6 +7,7 @@ import (
 	"gopkg.in/jcmturner/gokrb5.v3/credentials"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/etypeID"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/msgtype"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/nametype"
 	"gopkg.in/jcmturner/gokrb5.v3/keytab"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
@@ -167,11 +168,11 @@ func TestUnmarshalEncKDCRepPart(t *testing.T) {
 	//Parse the test time value into a time.Time type
 	tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME)
 
-	assert.Equal(t, 1, a.Key.KeyType, "Key type not as expected")
+	assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected")
 	assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected")
 	assert.Equal(t, 2, len(a.LastReqs), "Number of last request entries not as expected")
 	for i, r := range a.LastReqs {
-		assert.Equal(t, -5, r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1))
+		assert.Equal(t, int32(-5), r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1))
 		assert.Equal(t, tt, r.LRValue, fmt.Sprintf("Last request time value not as expected for last request entry %d", i+1))
 	}
 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Nonce not as expected")
@@ -186,7 +187,7 @@ func TestUnmarshalEncKDCRepPart(t *testing.T) {
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.SName.NameString, "SName string entries not as expected")
 	assert.Equal(t, 2, len(a.CAddr), "Number of client addresses not as expected")
 	for i, addr := range a.CAddr {
-		assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
+		assert.Equal(t, int32(2), addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1))
 	}
 }
@@ -205,11 +206,11 @@ func TestUnmarshalEncKDCRepPart_optionalsNULL(t *testing.T) {
 	//Parse the test time value into a time.Time type
 	tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME)
 
-	assert.Equal(t, 1, a.Key.KeyType, "Key type not as expected")
+	assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected")
 	assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected")
 	assert.Equal(t, 2, len(a.LastReqs), "Number of last request entries not as expected")
 	for i, r := range a.LastReqs {
-		assert.Equal(t, -5, r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1))
+		assert.Equal(t, int32(-5), r.LRType, fmt.Sprintf("Last request typ not as expected for last request entry %d", i+1))
 		assert.Equal(t, tt, r.LRValue, fmt.Sprintf("Last request time value not as expected for last request entry %d", i+1))
 	}
 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Nonce not as expected")
@@ -231,12 +232,12 @@ func TestUnmarshalASRepDecodeAndDecrypt(t *testing.T) {
 	assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected")
 	assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected")
 	assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected")
-	assert.Equal(t, 1, asRep.CName.NameType, "CName NameType not as expected")
+	assert.Equal(t, int32(1), asRep.CName.NameType, "CName NameType not as expected")
 	assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected")
-	assert.Equal(t, 19, asRep.PAData[0].PADataType, "PADataType not as expected")
+	assert.Equal(t, int32(19), asRep.PAData[0].PADataType, "PADataType not as expected")
 	assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected")
 	assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected")
-	assert.Equal(t, 2, asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
+	assert.Equal(t, int32(2), asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
 	assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected")
 	assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
 	assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
@@ -254,16 +255,16 @@ func TestUnmarshalASRepDecodeAndDecrypt(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Decryption of AS_REP EncPart failed: %v", err)
 	}
-	assert.Equal(t, 18, asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected")
+	assert.Equal(t, int32(18), asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.LastReqs[0].LRValue, "LastReqs did not have a time value")
-	assert.Equal(t, 2069991465, asRep.DecryptedEncPart.Nonce, "Nonce value not as expected")
+	assert.Equal(t, int64(2069991465), asRep.DecryptedEncPart.Nonce, "Nonce value not as expected")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.KeyExpiration, "Key expiration not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.AuthTime, "AuthTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type")
 	assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
-	assert.Equal(t, 2, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
+	assert.Equal(t, int32(2), asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
 	assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
 }
 
@@ -277,12 +278,12 @@ func TestUnmarshalASRepDecodeAndDecrypt_withPassword(t *testing.T) {
 	assert.Equal(t, 5, asRep.PVNO, "PVNO not as expected")
 	assert.Equal(t, 11, asRep.MsgType, "MsgType not as expected")
 	assert.Equal(t, testRealm, asRep.CRealm, "Client Realm not as expected")
-	assert.Equal(t, 1, asRep.CName.NameType, "CName NameType not as expected")
+	assert.Equal(t, int32(1), asRep.CName.NameType, "CName NameType not as expected")
 	assert.Equal(t, testUser, asRep.CName.NameString[0], "CName NameType not as expected")
-	assert.Equal(t, 19, asRep.PAData[0].PADataType, "PADataType not as expected")
+	assert.Equal(t, int32(19), asRep.PAData[0].PADataType, "PADataType not as expected")
 	assert.Equal(t, 5, asRep.Ticket.TktVNO, "TktVNO not as expected")
 	assert.Equal(t, testRealm, asRep.Ticket.Realm, "Ticket Realm not as expected")
-	assert.Equal(t, 2, asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
+	assert.Equal(t, int32(2), asRep.Ticket.SName.NameType, "Ticket service nametype not as expected")
 	assert.Equal(t, "krbtgt", asRep.Ticket.SName.NameString[0], "Ticket service name string not as expected")
 	assert.Equal(t, testRealm, asRep.Ticket.SName.NameString[1], "Ticket service name string not as expected")
 	assert.Equal(t, etypeID.AES256_CTS_HMAC_SHA1_96, asRep.Ticket.EncPart.EType, "Etype of ticket encrypted part not as expected")
@@ -294,15 +295,15 @@ func TestUnmarshalASRepDecodeAndDecrypt_withPassword(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Decryption of AS_REP EncPart failed: %v", err)
 	}
-	assert.Equal(t, 18, asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected")
+	assert.Equal(t, int32(18), asRep.DecryptedEncPart.Key.KeyType, "KeyType in decrypted EncPart not as expected")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.LastReqs[0].LRValue, "LastReqs did not have a time value")
-	assert.Equal(t, 2069991465, asRep.DecryptedEncPart.Nonce, "Nonce value not as expected")
+	assert.Equal(t, int64(2069991465), asRep.DecryptedEncPart.Nonce, "Nonce value not as expected")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.KeyExpiration, "Key expiration not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.AuthTime, "AuthTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.StartTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.EndTime, "StartTime not a time type")
 	assert.IsType(t, time.Time{}, asRep.DecryptedEncPart.RenewTill, "RenewTill not a time type")
 	assert.Equal(t, testRealm, asRep.DecryptedEncPart.SRealm, "Service realm not as expected")
-	assert.Equal(t, 2, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
+	assert.Equal(t, nametype.KRB_NT_SRV_INST, asRep.DecryptedEncPart.SName.NameType, "Name type for AS_REP not as expected")
 	assert.Equal(t, []string{"krbtgt", testRealm}, asRep.DecryptedEncPart.SName.NameString, "Service name string not as expected")
 }

messages/KDCReq.go

@@ -59,8 +59,8 @@ type marshalKDCReqBody struct {
 	From        time.Time           `asn1:"generalized,explicit,optional,tag:4"`
 	Till        time.Time           `asn1:"generalized,explicit,tag:5"`
 	RTime       time.Time           `asn1:"generalized,explicit,optional,tag:6"`
-	Nonce       int                 `asn1:"explicit,tag:7"`
-	EType       []int               `asn1:"explicit,tag:8"`
+	Nonce       int64               `asn1:"explicit,tag:7"`
+	EType       []int32             `asn1:"explicit,tag:8"`
 	Addresses   []types.HostAddress `asn1:"explicit,optional,tag:9"`
 	EncAuthData types.EncryptedData `asn1:"explicit,optional,tag:10"`
 	// Ticket needs to be a raw value as it is wrapped in an APPLICATION tag
@@ -76,8 +76,8 @@ type KDCReqBody struct {
 	From              time.Time           `asn1:"generalized,explicit,optional,tag:4"`
 	Till              time.Time           `asn1:"generalized,explicit,tag:5"`
 	RTime             time.Time           `asn1:"generalized,explicit,optional,tag:6"`
-	Nonce             int                 `asn1:"explicit,tag:7"`
-	EType             []int               `asn1:"explicit,tag:8"`
+	Nonce             int64               `asn1:"explicit,tag:7"`
+	EType             []int32             `asn1:"explicit,tag:8"`
 	Addresses         []types.HostAddress `asn1:"explicit,optional,tag:9"`
 	EncAuthData       types.EncryptedData `asn1:"explicit,optional,tag:10"`
 	AdditionalTickets []Ticket            `asn1:"explicit,optional,tag:11"`
@@ -85,7 +85,7 @@ type KDCReqBody struct {
 
 // NewASReq generates a new KRB_AS_REQ struct.
 func NewASReq(realm string, c *config.Config, cname types.PrincipalName) (ASReq, error) {
-	nonce, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
+	nonce, err := rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
 	if err != nil {
 		return ASReq{}, err
 	}
@@ -108,7 +108,7 @@ func NewASReq(realm string, c *config.Config, cname types.PrincipalName) (ASReq,
 					NameString: []string{"krbtgt", realm},
 				},
 				Till:  t.Add(c.LibDefaults.TicketLifetime),
-				Nonce: int(nonce.Int64()),
+				Nonce: nonce.Int64(),
 				EType: c.LibDefaults.DefaultTktEnctypeIDs,
 			},
 		},
@@ -133,7 +133,7 @@ func NewASReq(realm string, c *config.Config, cname types.PrincipalName) (ASReq,
 
 // NewTGSReq generates a new KRB_TGS_REQ struct.
 func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tkt Ticket, sessionKey types.EncryptionKey, spn types.PrincipalName, renewal bool) (TGSReq, error) {
-	nonce, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
+	nonce, err := rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
 	if err != nil {
 		return TGSReq{}, err
 	}
@@ -147,7 +147,7 @@ func NewTGSReq(cname types.PrincipalName, kdcRealm string, c *config.Config, tkt
 				Realm:      kdcRealm,
 				SName:      spn,
 				Till:       t.Add(c.LibDefaults.TicketLifetime),
-				Nonce:      int(nonce.Int64()),
+				Nonce:      nonce.Int64(),
 				EType:      c.LibDefaults.DefaultTGSEnctypeIDs,
 			},
 			Renewal: renewal,

messages/KDCReq_test.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/jcmturner/gofork/encoding/asn1"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/addrtype"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
@@ -37,10 +38,10 @@ func TestUnmarshalKDCReqBody(t *testing.T) {
 	assert.Equal(t, tt, a.Till, "Request body Till time not as expected")
 	assert.Equal(t, tt, a.RTime, "Request body RTime time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.EType, "Etype list not as expected")
 	assert.Equal(t, 2, len(a.Addresses), "Number of client addresses not as expected")
 	for i, addr := range a.Addresses {
-		assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
+		assert.Equal(t, addrtype.IPv4, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1))
 	}
 	assert.Equal(t, testdata.TEST_ETYPE, a.EncAuthData.EType, "Etype of request body encrypted authorization data not as expected")
@@ -77,7 +78,7 @@ func TestUnmarshalKDCReqBody_optionalsNULLexceptsecond_ticket(t *testing.T) {
 	assert.Equal(t, testdata.TEST_REALM, a.Realm, "Request body Realm not as expected")
 	assert.Equal(t, tt, a.Till, "Request body Till time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.EType, "Etype list not as expected")
 	assert.Equal(t, 0, len(a.Addresses), "Number of client addresses not empty")
 	assert.Equal(t, 0, len(a.EncAuthData.Cipher), "Ciphertext of request body encrypted authorization data not empty")
 	assert.Equal(t, 2, len(a.AdditionalTickets), "Number of additional tickets not as expected")
@@ -114,7 +115,7 @@ func TestUnmarshalKDCReqBody_optionalsNULLexceptserver(t *testing.T) {
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.SName.NameString, "Request body SName entries not as expected")
 	assert.Equal(t, tt, a.Till, "Request body Till time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.EType, "Etype list not as expected")
 	assert.Equal(t, 0, len(a.Addresses), "Number of client addresses not empty")
 	assert.Equal(t, 0, len(a.EncAuthData.Cipher), "Ciphertext of request body encrypted authorization data not empty")
 	assert.Equal(t, 0, len(a.AdditionalTickets), "Number of additional tickets not empty")
@@ -153,10 +154,10 @@ func TestUnmarshalASReq(t *testing.T) {
 	assert.Equal(t, tt, a.ReqBody.Till, "Request body Till time not as expected")
 	assert.Equal(t, tt, a.ReqBody.RTime, "Request body RTime time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.ReqBody.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.ReqBody.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.ReqBody.EType, "Etype list not as expected")
 	assert.Equal(t, 2, len(a.ReqBody.Addresses), "Number of client addresses not as expected")
 	for i, addr := range a.ReqBody.Addresses {
-		assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
+		assert.Equal(t, addrtype.IPv4, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1))
 	}
 	assert.Equal(t, testdata.TEST_ETYPE, a.ReqBody.EncAuthData.EType, "Etype of request body encrypted authorization data not as expected")
@@ -196,7 +197,7 @@ func TestUnmarshalASReq_optionalsNULLexceptsecond_ticket(t *testing.T) {
 	assert.Equal(t, testdata.TEST_REALM, a.ReqBody.Realm, "Request body Realm not as expected")
 	assert.Equal(t, tt, a.ReqBody.Till, "Request body Till time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.ReqBody.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.ReqBody.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.ReqBody.EType, "Etype list not as expected")
 	assert.Equal(t, 0, len(a.ReqBody.Addresses), "Number of client addresses not empty")
 	assert.Equal(t, 0, len(a.ReqBody.EncAuthData.Cipher), "Ciphertext of request body encrypted authorization data not empty")
 	assert.Equal(t, 2, len(a.ReqBody.AdditionalTickets), "Number of additional tickets not as expected")
@@ -236,7 +237,7 @@ func TestUnmarshalASReq_optionalsNULLexceptserver(t *testing.T) {
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.ReqBody.SName.NameString, "Request body SName entries not as expected")
 	assert.Equal(t, tt, a.ReqBody.Till, "Request body Till time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.ReqBody.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.ReqBody.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.ReqBody.EType, "Etype list not as expected")
 	assert.Equal(t, 0, len(a.ReqBody.Addresses), "Number of client addresses not empty")
 	assert.Equal(t, 0, len(a.ReqBody.EncAuthData.Cipher), "Ciphertext of request body encrypted authorization data not empty")
 	assert.Equal(t, 0, len(a.ReqBody.AdditionalTickets), "Number of additional tickets not empty")
@@ -275,10 +276,10 @@ func TestUnmarshalTGSReq(t *testing.T) {
 	assert.Equal(t, tt, a.ReqBody.Till, "Request body Till time not as expected")
 	assert.Equal(t, tt, a.ReqBody.RTime, "Request body RTime time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.ReqBody.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.ReqBody.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.ReqBody.EType, "Etype list not as expected")
 	assert.Equal(t, 2, len(a.ReqBody.Addresses), "Number of client addresses not as expected")
 	for i, addr := range a.ReqBody.Addresses {
-		assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
+		assert.Equal(t, addrtype.IPv4, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1))
 	}
 	assert.Equal(t, testdata.TEST_ETYPE, a.ReqBody.EncAuthData.EType, "Etype of request body encrypted authorization data not as expected")
@@ -318,7 +319,7 @@ func TestUnmarshalTGSReq_optionalsNULLexceptsecond_ticket(t *testing.T) {
 	assert.Equal(t, testdata.TEST_REALM, a.ReqBody.Realm, "Request body Realm not as expected")
 	assert.Equal(t, tt, a.ReqBody.Till, "Request body Till time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.ReqBody.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.ReqBody.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.ReqBody.EType, "Etype list not as expected")
 	assert.Equal(t, 0, len(a.ReqBody.Addresses), "Number of client addresses not empty")
 	assert.Equal(t, 0, len(a.ReqBody.EncAuthData.Cipher), "Ciphertext of request body encrypted authorization data not empty")
 	assert.Equal(t, 2, len(a.ReqBody.AdditionalTickets), "Number of additional tickets not as expected")
@@ -358,7 +359,7 @@ func TestUnmarshalTGSReq_optionalsNULLexceptserver(t *testing.T) {
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.ReqBody.SName.NameString, "Request body SName entries not as expected")
 	assert.Equal(t, tt, a.ReqBody.Till, "Request body Till time not as expected")
 	assert.Equal(t, testdata.TEST_NONCE, a.ReqBody.Nonce, "Request body nounce not as expected")
-	assert.Equal(t, []int{0, 1}, a.ReqBody.EType, "Etype list not as expected")
+	assert.Equal(t, []int32{0, 1}, a.ReqBody.EType, "Etype list not as expected")
 	assert.Equal(t, 0, len(a.ReqBody.Addresses), "Number of client addresses not empty")
 	assert.Equal(t, 0, len(a.ReqBody.EncAuthData.Cipher), "Ciphertext of request body encrypted authorization data not empty")
 	assert.Equal(t, 0, len(a.ReqBody.AdditionalTickets), "Number of additional tickets not empty")

messages/KRBCred.go

@@ -31,7 +31,7 @@ type KRBCred struct {
 // EncKrbCredPart is the encrypted part of KRB_CRED.
 type EncKrbCredPart struct {
 	TicketInfo []KrbCredInfo     `asn1:"explicit,tag:0"`
-	Nouce      int               `asn1:"optional,explicit,tag:1"`
+	Nouce      int64             `asn1:"optional,explicit,tag:1"`
 	Timestamp  time.Time         `asn1:"generalized,optional,explicit,tag:2"`
 	Usec       int               `asn1:"optional,explicit,tag:3"`
 	SAddress   types.HostAddress `asn1:"optional,explicit,tag:4"`

messages/KRBCred_test.go

@@ -4,6 +4,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/addrtype"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
@@ -55,7 +56,7 @@ func TestUnmarshalEncCredPart(t *testing.T) {
 
 	assert.Equal(t, 2, len(a.TicketInfo), "Number of ticket info items not as expected")
 	for i, tkt := range a.TicketInfo {
-		assert.Equal(t, 1, tkt.Key.KeyType, fmt.Sprintf("Key type not as expected in ticket info item %d", i+1))
+		assert.Equal(t, int32(1), tkt.Key.KeyType, fmt.Sprintf("Key type not as expected in ticket info item %d", i+1))
 		assert.Equal(t, []byte("12345678"), tkt.Key.KeyValue, fmt.Sprintf("Key value not as expected in ticket info item %d", i+1))
 		assert.Equal(t, testdata.TEST_REALM, tkt.PRealm, fmt.Sprintf("PRealm not as expected on ticket info item %d", i+1))
 		assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, tkt.PName.NameType, fmt.Sprintf("Ticket info (%v) PName NameType not as expected", i+1))
@@ -71,16 +72,16 @@ func TestUnmarshalEncCredPart(t *testing.T) {
 		assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, tkt.SName.NameString, fmt.Sprintf("Ticket info (%v) PName name string entries not as expected", i+1))
 		assert.Equal(t, 2, len(tkt.CAddr), "Number of client addresses not as expected")
 		for j, addr := range tkt.CAddr {
-			assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d within ticket info %d", j+1, i+1))
+			assert.Equal(t, addrtype.IPv4, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d within ticket info %d", j+1, i+1))
 			assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d within ticket info %d", j+1, i+1))
 		}
 	}
 	assert.Equal(t, testdata.TEST_NONCE, a.Nouce, "Nouce not as expected")
 	assert.Equal(t, tt, a.Timestamp, "Timestamp not as expected")
 	assert.Equal(t, 123456, a.Usec, "Microseconds not as expected")
-	assert.Equal(t, 2, a.SAddress.AddrType, "SAddress type not as expected")
+	assert.Equal(t, addrtype.IPv4, a.SAddress.AddrType, "SAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.SAddress.Address), "Address not as expected for SAddress")
-	assert.Equal(t, 2, a.RAddress.AddrType, "RAddress type not as expected")
+	assert.Equal(t, addrtype.IPv4, a.RAddress.AddrType, "RAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.RAddress.Address), "Address not as expected for RAddress")
 }
 
@@ -101,12 +102,12 @@ func TestUnmarshalEncCredPart_optionalsNULL(t *testing.T) {
 	assert.Equal(t, 2, len(a.TicketInfo), "Number of ticket info items not as expected")
 	//1st Ticket
 	i := 0
-	assert.Equal(t, 1, a.TicketInfo[i].Key.KeyType, fmt.Sprintf("Key type not as expected in ticket info item %d", i+1))
+	assert.Equal(t, int32(1), a.TicketInfo[i].Key.KeyType, fmt.Sprintf("Key type not as expected in ticket info item %d", i+1))
 	assert.Equal(t, []byte("12345678"), a.TicketInfo[i].Key.KeyValue, fmt.Sprintf("Key value not as expected in ticket info item %d", i+1))
 
 	//2nd Ticket
 	i = 1
-	assert.Equal(t, 1, a.TicketInfo[i].Key.KeyType, fmt.Sprintf("Key type not as expected in ticket info item %d", i+1))
+	assert.Equal(t, int32(1), a.TicketInfo[i].Key.KeyType, fmt.Sprintf("Key type not as expected in ticket info item %d", i+1))
 	assert.Equal(t, []byte("12345678"), a.TicketInfo[i].Key.KeyValue, fmt.Sprintf("Key value not as expected in ticket info item %d", i+1))
 	assert.Equal(t, testdata.TEST_REALM, a.TicketInfo[i].PRealm, fmt.Sprintf("PRealm not as expected on ticket info item %d", i+1))
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.TicketInfo[i].PName.NameType, fmt.Sprintf("Ticket info (%v) PName NameType not as expected", i+1))
@@ -122,7 +123,7 @@ func TestUnmarshalEncCredPart_optionalsNULL(t *testing.T) {
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.TicketInfo[i].SName.NameString, fmt.Sprintf("Ticket info (%v) PName name string entries not as expected", i+1))
 	assert.Equal(t, 2, len(a.TicketInfo[i].CAddr), "Number of client addresses not as expected")
 	for j, addr := range a.TicketInfo[i].CAddr {
-		assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d within ticket info %d", j+1, i+1))
+		assert.Equal(t, addrtype.IPv4, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d within ticket info %d", j+1, i+1))
 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d within ticket info %d", j+1, i+1))
 	}
 }

messages/KRBError.go

@@ -21,7 +21,7 @@ type KRBError struct {
 	Cusec     int                 `asn1:"optional,explicit,tag:3"`
 	STime     time.Time           `asn1:"generalized,explicit,tag:4"`
 	Susec     int                 `asn1:"explicit,tag:5"`
-	ErrorCode int                 `asn1:"explicit,tag:6"`
+	ErrorCode int32               `asn1:"explicit,tag:6"`
 	CRealm    string              `asn1:"generalstring,optional,explicit,tag:7"`
 	CName     types.PrincipalName `asn1:"optional,explicit,tag:8"`
 	Realm     string              `asn1:"generalstring,explicit,tag:9"`
@@ -31,7 +31,7 @@ type KRBError struct {
 }
 
 // NewKRBError creates a new KRBError.
-func NewKRBError(sname types.PrincipalName, realm string, code int, etext string) KRBError {
+func NewKRBError(sname types.PrincipalName, realm string, code int32, etext string) KRBError {
 	t := time.Now().UTC()
 	return KRBError{
 		PVNO:      iana.PVNO,

messages/KRBError_test.go

@@ -3,6 +3,7 @@ package messages
 import (
 	"encoding/hex"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/errorcode"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
@@ -29,7 +30,7 @@ func TestUnmarshalKRBError(t *testing.T) {
 	assert.Equal(t, 123456, a.Cusec, "Client microseconds not as expected")
 	assert.Equal(t, tt, a.STime, "STime not as expected")
 	assert.Equal(t, 123456, a.Susec, "Service microseconds not as expected")
-	assert.Equal(t, 60, a.ErrorCode, "Error code not as expected")
+	assert.Equal(t, errorcode.KRB_ERR_GENERIC, a.ErrorCode, "Error code not as expected")
 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "CRealm not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.CName.NameType, "CName NameType not as expected")
 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings")
@@ -61,7 +62,7 @@ func TestUnmarshalKRBError_optionalsNULL(t *testing.T) {
 	assert.Equal(t, 123456, a.Cusec, "Client microseconds not as expected")
 	assert.Equal(t, tt, a.STime, "STime not as expected")
 	assert.Equal(t, 123456, a.Susec, "Service microseconds not as expected")
-	assert.Equal(t, 60, a.ErrorCode, "Error code not as expected")
+	assert.Equal(t, errorcode.KRB_ERR_GENERIC, a.ErrorCode, "Error code not as expected")
 	assert.Equal(t, testdata.TEST_REALM, a.Realm, "Realm not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.SName.NameType, "Ticket SName NameType not as expected")
 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.SName.NameString), "Ticket SName does not have the expected number of NameStrings")

messages/KRBPriv.go

@@ -22,7 +22,7 @@ type EncKrbPrivPart struct {
 	UserData       []byte            `asn1:"explicit,tag:0"`
 	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`
 	Usec           int               `asn1:"optional,explicit,tag:2"`
-	SequenceNumber int               `asn1:"optional,explicit,tag:3"`
+	SequenceNumber int64             `asn1:"optional,explicit,tag:3"`
 	SAddress       types.HostAddress `asn1:"explicit,tag:4"`
 	RAddress       types.HostAddress `asn1:"optional,explicit,tag:5"`
 }

messages/KRBPriv_test.go

@@ -3,6 +3,7 @@ package messages
 import (
 	"encoding/hex"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/addrtype"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
@@ -44,10 +45,10 @@ func TestUnmarshalEncPrivPart(t *testing.T) {
 	assert.Equal(t, "krb5data", string(a.UserData), "User data not as expected")
 	assert.Equal(t, tt, a.Timestamp, "Timestamp not as expected")
 	assert.Equal(t, 123456, a.Usec, "Microseconds not as expected")
-	assert.Equal(t, 17, a.SequenceNumber, "Sequence number not as expected")
-	assert.Equal(t, 2, a.SAddress.AddrType, "SAddress type not as expected")
+	assert.Equal(t, int64(17), a.SequenceNumber, "Sequence number not as expected")
+	assert.Equal(t, addrtype.IPv4, a.SAddress.AddrType, "SAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.SAddress.Address), "Address not as expected for SAddress")
-	assert.Equal(t, 2, a.RAddress.AddrType, "RAddress type not as expected")
+	assert.Equal(t, addrtype.IPv4, a.RAddress.AddrType, "RAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.RAddress.Address), "Address not as expected for RAddress")
 }
 
@@ -63,6 +64,6 @@ func TestUnmarshalEncPrivPart_optionalsNULL(t *testing.T) {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
 	assert.Equal(t, "krb5data", string(a.UserData), "User data not as expected")
-	assert.Equal(t, 2, a.SAddress.AddrType, "SAddress type not as expected")
+	assert.Equal(t, addrtype.IPv4, a.SAddress.AddrType, "SAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.SAddress.Address), "Address not as expected for SAddress")
 }

messages/KRBSafe.go

@@ -41,7 +41,7 @@ type KRBSafeBody struct {
 	UserData       []byte            `asn1:"explicit,tag:0"`
 	Timestamp      time.Time         `asn1:"generalized,optional,explicit,tag:1"`
 	Usec           int               `asn1:"optional,explicit,tag:2"`
-	SequenceNumber int               `asn1:"optional,explicit,tag:3"`
+	SequenceNumber int64             `asn1:"optional,explicit,tag:3"`
 	SAddress       types.HostAddress `asn1:"explicit,tag:4"`
 	RAddress       types.HostAddress `asn1:"optional,explicit,tag:5"`
 }

messages/KRBSafe_test.go

@@ -3,6 +3,7 @@ package messages
 import (
 	"encoding/hex"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/addrtype"
 	"gopkg.in/jcmturner/gokrb5.v3/iana/msgtype"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
@@ -28,12 +29,12 @@ func TestUnmarshalKRBSafe(t *testing.T) {
 	assert.Equal(t, []byte("krb5data"), a.SafeBody.UserData, "Safe body userdata not as expected")
 	assert.Equal(t, tt, a.SafeBody.Timestamp, "Safe body timestamp not as expected")
 	assert.Equal(t, 123456, a.SafeBody.Usec, "Safe body microseconds not as expected")
-	assert.Equal(t, 17, a.SafeBody.SequenceNumber, "Safe body sequence number not as expected")
-	assert.Equal(t, 2, a.SafeBody.SAddress.AddrType, "SAddress type not as expected")
+	assert.Equal(t, int64(17), a.SafeBody.SequenceNumber, "Safe body sequence number not as expected")
+	assert.Equal(t, addrtype.IPv4, a.SafeBody.SAddress.AddrType, "SAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.SafeBody.SAddress.Address), "SAddress not as expected")
-	assert.Equal(t, 2, a.SafeBody.RAddress.AddrType, "RAddress type not as expected")
+	assert.Equal(t, addrtype.IPv4, a.SafeBody.RAddress.AddrType, "RAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.SafeBody.RAddress.Address), "RAddress not as expected")
-	assert.Equal(t, 1, a.Cksum.CksumType, "Checksum type not as expected")
+	assert.Equal(t, int32(1), a.Cksum.CksumType, "Checksum type not as expected")
 	assert.Equal(t, []byte("1234"), a.Cksum.Checksum, "Checksum not as expected")
 }
 
@@ -52,8 +53,8 @@ func TestUnmarshalKRBSafe_optionalsNULL(t *testing.T) {
 	assert.Equal(t, testdata.TEST_KVNO, a.PVNO, "PVNO not as expected")
 	assert.Equal(t, msgtype.KRB_SAFE, a.MsgType, "MsgType is not as expected")
 	assert.Equal(t, []byte("krb5data"), a.SafeBody.UserData, "Safe body userdata not as expected")
-	assert.Equal(t, 2, a.SafeBody.SAddress.AddrType, "SAddress type not as expected")
+	assert.Equal(t, addrtype.IPv4, a.SafeBody.SAddress.AddrType, "SAddress type not as expected")
 	assert.Equal(t, "12d00023", hex.EncodeToString(a.SafeBody.SAddress.Address), "SAddress not as expected")
-	assert.Equal(t, 1, a.Cksum.CksumType, "Checksum type not as expected")
+	assert.Equal(t, int32(1), a.Cksum.CksumType, "Checksum type not as expected")
 	assert.Equal(t, []byte("1234"), a.Cksum.Checksum, "Checksum not as expected")
 }

messages/Ticket.go

@@ -47,12 +47,12 @@ type EncTicketPart struct {
 
 // TransitedEncoding part of the ticket's encrypted part.
 type TransitedEncoding struct {
-	TRType   int    `asn1:"explicit,tag:0"`
+	TRType   int32  `asn1:"explicit,tag:0"`
 	Contents []byte `asn1:"explicit,tag:1"`
 }
 
 // NewTicket creates a new Ticket instance.
-func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab keytab.Keytab, eTypeID, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error) {
+func NewTicket(cname types.PrincipalName, crealm string, sname types.PrincipalName, srealm string, flags asn1.BitString, sktab keytab.Keytab, eTypeID int32, kvno int, authTime, startTime, endTime, renewTill time.Time) (Ticket, types.EncryptionKey, error) {
 	etype, err := crypto.GetEtype(eTypeID)
 	if err != nil {
 		return Ticket{}, types.EncryptionKey{}, krberror.Errorf(err, krberror.EncryptingError, "error getting etype for new ticket")

messages/Ticket_test.go

@@ -4,6 +4,9 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/addrtype"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/adtype"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/trtype"
 	"gopkg.in/jcmturner/gokrb5.v3/keytab"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"gopkg.in/jcmturner/gokrb5.v3/types"
@@ -48,12 +51,12 @@ func TestUnmarshalEncTicketPart(t *testing.T) {
 	tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME)
 
 	assert.Equal(t, "fedcba98", hex.EncodeToString(a.Flags.Bytes), "Flags not as expected")
-	assert.Equal(t, 1, a.Key.KeyType, "Key type not as expected")
+	assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected")
 	assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected")
 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "CRealm not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.CName.NameType, "CName type not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName string entries not as expected")
-	assert.Equal(t, 1, a.Transited.TRType, "Transisted type not as expected")
+	assert.Equal(t, trtype.DOMAIN_X500_COMPRESS, a.Transited.TRType, "Transisted type not as expected")
 	assert.Equal(t, []byte("EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."), a.Transited.Contents, "Transisted content not as expected")
 	assert.Equal(t, tt, a.AuthTime, "Auth time not as expected")
 	assert.Equal(t, tt, a.StartTime, "Start time not as expected")
@@ -61,11 +64,11 @@ func TestUnmarshalEncTicketPart(t *testing.T) {
 	assert.Equal(t, tt, a.RenewTill, "Renew Till time not as expected")
 	assert.Equal(t, 2, len(a.CAddr), "Number of client addresses not as expected")
 	for i, addr := range a.CAddr {
-		assert.Equal(t, 2, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
+		assert.Equal(t, addrtype.IPv4, addr.AddrType, fmt.Sprintf("Host address type not as expected for address item %d", i+1))
 		assert.Equal(t, "12d00023", hex.EncodeToString(addr.Address), fmt.Sprintf("Host address not as expected for address item %d", i+1))
 	}
 	for i, ele := range a.AuthorizationData {
-		assert.Equal(t, 1, ele.ADType, fmt.Sprintf("Authorization data type of element %d not as expected", i+1))
+		assert.Equal(t, adtype.ADIfRelevant, ele.ADType, fmt.Sprintf("Authorization data type of element %d not as expected", i+1))
 		assert.Equal(t, []byte(testdata.TEST_AUTHORIZATION_DATA_VALUE), ele.ADData, fmt.Sprintf("Authorization data of element %d not as expected", i+1))
 	}
 }
@@ -85,12 +88,12 @@ func TestUnmarshalEncTicketPart_optionalsNULL(t *testing.T) {
 	tt, _ := time.Parse(testdata.TEST_TIME_FORMAT, testdata.TEST_TIME)
 
 	assert.Equal(t, "fedcba98", hex.EncodeToString(a.Flags.Bytes), "Flags not as expected")
-	assert.Equal(t, 1, a.Key.KeyType, "Key type not as expected")
+	assert.Equal(t, int32(1), a.Key.KeyType, "Key type not as expected")
 	assert.Equal(t, []byte("12345678"), a.Key.KeyValue, "Key value not as expected")
 	assert.Equal(t, testdata.TEST_REALM, a.CRealm, "CRealm not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.CName.NameType, "CName type not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName string entries not as expected")
-	assert.Equal(t, 1, a.Transited.TRType, "Transisted type not as expected")
+	assert.Equal(t, trtype.DOMAIN_X500_COMPRESS, a.Transited.TRType, "Transisted type not as expected")
 	assert.Equal(t, []byte("EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."), a.Transited.Contents, "Transisted content not as expected")
 	assert.Equal(t, tt, a.AuthTime, "Auth time not as expected")
 	assert.Equal(t, tt, a.EndTime, "End time not as expected")

pac/credentials_info.go

@@ -44,7 +44,7 @@ func (c *CredentialsInfo) Unmarshal(b []byte, k types.EncryptionKey) error {
 
 // DecryptEncPart decrypts the encrypted part of the CredentialsInfo.
 func (c *CredentialsInfo) DecryptEncPart(k types.EncryptionKey, e *binary.ByteOrder) error {
-	if k.KeyType != int(c.EType) {
+	if k.KeyType != int32(c.EType) {
 		return fmt.Errorf("Key provided is not the correct type. Type needed: %d, type provided: %d", c.EType, k.KeyType)
 	}
 	pt, err := crypto.DecryptMessage(c.PACCredentialDataEncrypted, k, keyusage.KERB_NON_KERB_SALT)

pac/pac_type.go

@@ -189,7 +189,7 @@ func (pac *PACType) validate(key types.EncryptionKey) (bool, error) {
 	if pac.ClientInfo == nil {
 		return false, errors.New("PAC Info Buffers does not contain a ClientInfo")
 	}
-	etype, err := crypto.GetChksumEtype(int(pac.ServerChecksum.SignatureType))
+	etype, err := crypto.GetChksumEtype(int32(pac.ServerChecksum.SignatureType))
 	if err != nil {
 		return false, err
 	}

pac/signature_data.go

@@ -47,9 +47,9 @@ func (k *SignatureData) Unmarshal(b []byte) ([]byte, error) {
 	switch k.SignatureType {
 	case chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED:
 		c = 16
-	case chksumtype.HMAC_SHA1_96_AES128:
+	case uint32(chksumtype.HMAC_SHA1_96_AES128):
 		c = 12
-	case chksumtype.HMAC_SHA1_96_AES256:
+	case uint32(chksumtype.HMAC_SHA1_96_AES256):
 		c = 12
 	}
 	sp := p

pac/signature_data_test.go

@@ -38,7 +38,7 @@ func TestPAC_SignatureData_Unmarshal_KDC_Signature(t *testing.T) {
 	}
 	sig, _ := hex.DecodeString("340be28b48765d0519ee9346cf53d822")
 	zeroed, _ := hex.DecodeString("76ffffff00000000000000000000000000000000")
-	assert.Equal(t, uint32(chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED), k.SignatureType, "Server signature type not as expected")
+	assert.Equal(t, chksumtype.KERB_CHECKSUM_HMAC_MD5_UNSIGNED, k.SignatureType, "Server signature type not as expected")
 	assert.Equal(t, sig, k.Signature, "Server signature not as expected")
 	assert.Equal(t, uint16(0), k.RODCIdentifier, "RODC Identifier not as expected")
 	assert.Equal(t, zeroed, bz, "Returned bytes with zeroed signature not as expected")

service/cache.go

@@ -38,7 +38,7 @@ type Cache struct {
 // clientEntries holds entries of client details sent to the service.
 type clientEntries struct {
 	ReplayMap map[time.Time]replayCacheEntry
-	SeqNumber int
+	SeqNumber int64
 	SubKey    types.EncryptionKey
 }
 

testdata/test_vectors.go

@@ -3,18 +3,18 @@ package testdata
 
 const (
 	//Expected unmarshaled values
-	TEST_REALM                    = "ATHENA.MIT.EDU"
-	TEST_CIPHERTEXT               = "krbASN.1 test message"
-	TEST_TIME_FORMAT              = "20060102150405"
-	TEST_TIME                     = "19940610060317"
-	TEST_PRINCIPALNAME_NAMETYPE   = 1
-	TEST_KVNO                     = 5
-	TEST_ETYPE                    = 0
-	TEST_NONCE                    = 42
-	TEST_AUTHORIZATION_DATA_TYPE  = 1
-	TEST_AUTHORIZATION_DATA_VALUE = "foobar"
-	TEST_PADATA_TYPE              = 13
-	TEST_PADATA_VALUE             = "pa-data"
+	TEST_REALM                          = "ATHENA.MIT.EDU"
+	TEST_CIPHERTEXT                     = "krbASN.1 test message"
+	TEST_TIME_FORMAT                    = "20060102150405"
+	TEST_TIME                           = "19940610060317"
+	TEST_PRINCIPALNAME_NAMETYPE   int32 = 1
+	TEST_KVNO                           = 5
+	TEST_ETYPE                    int32 = 0
+	TEST_NONCE                    int64 = 42
+	TEST_AUTHORIZATION_DATA_TYPE  int32 = 1
+	TEST_AUTHORIZATION_DATA_VALUE       = "foobar"
+	TEST_PADATA_TYPE              int32 = 13
+	TEST_PADATA_VALUE                   = "pa-data"
 )
 
 var TEST_PRINCIPALNAME_NAMESTRING = []string{"hftsai", "extra"}

types/Authenticator.go

@@ -43,13 +43,13 @@ type Authenticator struct {
 	Cusec             int               `asn1:"explicit,tag:4"`
 	CTime             time.Time         `asn1:"generalized,explicit,tag:5"`
 	SubKey            EncryptionKey     `asn1:"explicit,optional,tag:6"`
-	SeqNumber         int               `asn1:"explicit,optional,tag:7"`
+	SeqNumber         int64             `asn1:"explicit,optional,tag:7"`
 	AuthorizationData AuthorizationData `asn1:"explicit,optional,tag:8"`
 }
 
 // NewAuthenticator creates a new Authenticator.
 func NewAuthenticator(realm string, cname PrincipalName) (Authenticator, error) {
-	seq, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
+	seq, err := rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
 	if err != nil {
 		return Authenticator{}, err
 	}
@@ -61,17 +61,17 @@ func NewAuthenticator(realm string, cname PrincipalName) (Authenticator, error)
 		Cksum:     Checksum{},
 		Cusec:     int((t.UnixNano() / int64(time.Microsecond)) - (t.Unix() * 1e6)),
 		CTime:     t,
-		SeqNumber: int(seq.Int64()),
+		SeqNumber: seq.Int64(),
 	}, nil
 }
 
 // GenerateSeqNumberAndSubKey sets the Authenticator's sequence number and subkey.
-func (a *Authenticator) GenerateSeqNumberAndSubKey(keyType, keySize int) error {
+func (a *Authenticator) GenerateSeqNumberAndSubKey(keyType int32, keySize int) error {
 	seq, err := rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
 	if err != nil {
 		return err
 	}
-	a.SeqNumber = int(seq.Int64())
+	a.SeqNumber = seq.Int64()
 	//Generate subkey value
 	sk := make([]byte, keySize, keySize)
 	rand.Read(sk)

types/Authenticator_test.go

@@ -32,11 +32,11 @@ func TestUnmarshalAuthenticator(t *testing.T) {
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.CName.NameType, "CName NameType not as expected")
 	assert.Equal(t, len(testdata.TEST_PRINCIPALNAME_NAMESTRING), len(a.CName.NameString), "CName does not have the expected number of NameStrings")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.CName.NameString, "CName entries not as expected")
-	assert.Equal(t, 1, a.Cksum.CksumType, "Checksum type not as expected")
+	assert.Equal(t, int32(1), a.Cksum.CksumType, "Checksum type not as expected")
 	assert.Equal(t, []byte("1234"), a.Cksum.Checksum, "Checsum not as expected")
 	assert.Equal(t, 123456, a.Cusec, "Client microseconds not as expected")
 	assert.Equal(t, tt, a.CTime, "Client time not as expected")
-	assert.Equal(t, 1, a.SubKey.KeyType, "Subkey type not as expected")
+	assert.Equal(t, int32(1), a.SubKey.KeyType, "Subkey type not as expected")
 	assert.Equal(t, []byte("12345678"), a.SubKey.KeyValue, "Subkey value not as expected")
 	assert.Equal(t, 2, len(a.AuthorizationData), "Number of Authorization data items not as expected")
 	for i, entry := range a.AuthorizationData {

types/AuthorizationData.go

@@ -80,7 +80,7 @@ type AuthorizationData []AuthorizationDataEntry
 
 // AuthorizationDataEntry implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6
 type AuthorizationDataEntry struct {
-	ADType int    `asn1:"explicit,tag:0"`
+	ADType int32  `asn1:"explicit,tag:0"`
 	ADData []byte `asn1:"explicit,tag:1"`
 }
 
@@ -97,7 +97,7 @@ type ADKDCIssued struct {
 
 // ADAndOr implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.6.3
 type ADAndOr struct {
-	ConditionCount int               `asn1:"explicit,tag:0"`
+	ConditionCount int32             `asn1:"explicit,tag:0"`
 	Elements       AuthorizationData `asn1:"explicit,tag:1"`
 }
 

types/AuthorizationData_test.go

@@ -4,6 +4,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/stretchr/testify/assert"
+	"gopkg.in/jcmturner/gokrb5.v3/iana/adtype"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
 	"testing"
 )
@@ -21,7 +22,7 @@ func TestUnmarshalAuthorizationData(t *testing.T) {
 	}
 	assert.Equal(t, 2, len(a), "Number of authorization data entries not as expected")
 	for i, entry := range a {
-		assert.Equal(t, 1, entry.ADType, fmt.Sprintf("Authorization data type of entry %d not as expected", i+1))
+		assert.Equal(t, adtype.ADIfRelevant, entry.ADType, fmt.Sprintf("Authorization data type of entry %d not as expected", i+1))
 		assert.Equal(t, []byte("foobar"), entry.ADData, fmt.Sprintf("Authorization data of entry %d not as expected", i+1))
 	}
 }
@@ -37,14 +38,14 @@ func TestUnmarshalAuthorizationData_kdcissued(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
-	assert.Equal(t, 1, a.ADChecksum.CksumType, "Checksum type not as expected")
+	assert.Equal(t, int32(1), a.ADChecksum.CksumType, "Checksum type not as expected")
 	assert.Equal(t, []byte("1234"), a.ADChecksum.Checksum, "Checksum not as expected")
 	assert.Equal(t, testdata.TEST_REALM, a.IRealm, "Issuing realm not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMETYPE, a.Isname.NameType, "Issuing name type not as expected")
 	assert.Equal(t, testdata.TEST_PRINCIPALNAME_NAMESTRING, a.Isname.NameString, "Issuing name string entries not as expected")
 	assert.Equal(t, 2, len(a.Elements), "Number of authorization data elements not as expected")
 	for i, ele := range a.Elements {
-		assert.Equal(t, 1, ele.ADType, fmt.Sprintf("Authorization data type of element %d not as expected", i+1))
+		assert.Equal(t, adtype.ADIfRelevant, ele.ADType, fmt.Sprintf("Authorization data type of element %d not as expected", i+1))
 		assert.Equal(t, []byte(testdata.TEST_AUTHORIZATION_DATA_VALUE), ele.ADData, fmt.Sprintf("Authorization data of element %d not as expected", i+1))
 	}
 }

types/Cryptosystem.go

@@ -9,7 +9,7 @@ import (
 
 // EncryptedData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9
 type EncryptedData struct {
-	EType  int    `asn1:"explicit,tag:0"`
+	EType  int32  `asn1:"explicit,tag:0"`
 	KVNO   int    `asn1:"explicit,optional,tag:1"`
 	Cipher []byte `asn1:"explicit,tag:2"`
 }
@@ -17,13 +17,13 @@ type EncryptedData struct {
 // EncryptionKey implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9
 // AKA KeyBlock
 type EncryptionKey struct {
-	KeyType  int    `asn1:"explicit,tag:0"`
+	KeyType  int32  `asn1:"explicit,tag:0"`
 	KeyValue []byte `asn1:"explicit,tag:1"`
 }
 
 // Checksum implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.9
 type Checksum struct {
-	CksumType int    `asn1:"explicit,tag:0"`
+	CksumType int32  `asn1:"explicit,tag:0"`
 	Checksum  []byte `asn1:"explicit,tag:1"`
 }
 

types/Cryptosystem_test.go

@@ -66,7 +66,7 @@ func TestUnmarshalEncryptionKey(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
-	assert.Equal(t, 1, a.KeyType, "Key type not as expected")
+	assert.Equal(t, int32(1), a.KeyType, "Key type not as expected")
 	assert.Equal(t, []byte("12345678"), a.KeyValue, "Key value not as expected")
 }
 

types/HostAddress.go

@@ -51,7 +51,7 @@ type HostAddresses []HostAddress
 
 // HostAddress implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.5
 type HostAddress struct {
-	AddrType int    `asn1:"explicit,tag:0"`
+	AddrType int32  `asn1:"explicit,tag:0"`
 	Address  []byte `asn1:"explicit,tag:1"`
 }
 
@@ -67,7 +67,7 @@ func GetHostAddress(s string) (HostAddress, error) {
 	if err != nil {
 		return h, fmt.Errorf("Could not marshal client's address into bytes: %v", err)
 	}
-	var ht int
+	var ht int32
 	if ip.To4() != nil {
 		ht = addrTypeIPv4
 	} else if ip.To16() != nil {

types/PAData.go

@@ -11,7 +11,7 @@ import (
 
 // PAData implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7
 type PAData struct {
-	PADataType  int    `asn1:"explicit,tag:1"`
+	PADataType  int32  `asn1:"explicit,tag:1"`
 	PADataValue []byte `asn1:"explicit,tag:2"`
 }
 
@@ -31,7 +31,7 @@ type PAEncTSEnc struct {
 }
 
 // Contains tests if a PADataSequence contains PA Data of a certain type.
-func (pas *PADataSequence) Contains(patype int) bool {
+func (pas *PADataSequence) Contains(patype int32) bool {
 	for _, pa := range *pas {
 		if pa.PADataType == patype {
 			return true
@@ -56,7 +56,7 @@ func GetPAEncTSEncAsnMarshalled() ([]byte, error) {
 
 // ETypeInfoEntry implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.4
 type ETypeInfoEntry struct {
-	EType int    `asn1:"explicit,tag:0"`
+	EType int32  `asn1:"explicit,tag:0"`
 	Salt  []byte `asn1:"explicit,optional,tag:1"`
 }
 
@@ -65,7 +65,7 @@ type ETypeInfo []ETypeInfoEntry
 
 // ETypeInfo2Entry implements RFC 4120 types: https://tools.ietf.org/html/rfc4120#section-5.2.7.5
 type ETypeInfo2Entry struct {
-	EType     int    `asn1:"explicit,tag:0"`
+	EType     int32  `asn1:"explicit,tag:0"`
 	Salt      string `asn1:"explicit,optional,generalstring,tag:1"`
 	S2KParams []byte `asn1:"explicit,optional,tag:2"`
 }
@@ -75,7 +75,7 @@ type ETypeInfo2 []ETypeInfo2Entry
 
 // PAReqEncPARep PA Data Type
 type PAReqEncPARep struct {
-	ChksumType int    `asn1:"explicit,tag:0"`
+	ChksumType int32  `asn1:"explicit,tag:0"`
 	Chksum     []byte `asn1:"explicit,tag:1"`
 }
 

types/PAData_test.go

@@ -9,15 +9,6 @@ import (
 	"time"
 )
 
-//encode_krb5_pa_for_user
-//encode_krb5_pa_s4u_x509_user
-//encode_krb5_pa_fx_fast_reply
-//encode_krb5_pa_otp_challenge(optionalsNULL)
-//encode_krb5_pa_otp_challenge
-//encode_krb5_pa_otp_req(optionalsNULL)
-//encode_krb5_pa_otp_req
-//encode_krb5_pa_otp_enc_req
-
 func TestUnmarshalPADataSequence(t *testing.T) {
 	var a PADataSequence
 	v := "encode_krb5_padata_sequence"
@@ -98,11 +89,11 @@ func TestUnmarshalETypeInfo(t *testing.T) {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
 	assert.Equal(t, 3, len(a), "Number of EType info entries not as expected")
-	assert.Equal(t, 0, a[0].EType, "Etype of first etype info entry not as expected")
+	assert.Equal(t, int32(0), a[0].EType, "Etype of first etype info entry not as expected")
 	assert.Equal(t, []byte("Morton's #0"), a[0].Salt, "Salt of first etype info entry not as expected")
-	assert.Equal(t, 1, a[1].EType, "Etype of second etype info entry not as expected")
+	assert.Equal(t, int32(1), a[1].EType, "Etype of second etype info entry not as expected")
 	assert.Equal(t, 0, len(a[1].Salt), "Salt of second etype info entry not as expected")
-	assert.Equal(t, 2, a[2].EType, "Etype of third etype info entry not as expected")
+	assert.Equal(t, int32(2), a[2].EType, "Etype of third etype info entry not as expected")
 	assert.Equal(t, []byte("Morton's #2"), a[2].Salt, "Salt of third etype info entry not as expected")
 }
 
@@ -118,7 +109,7 @@ func TestUnmarshalETypeInfo_only1(t *testing.T) {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
 	assert.Equal(t, 1, len(a), "Number of EType info entries not as expected")
-	assert.Equal(t, 0, a[0].EType, "Etype of first etype info entry not as expected")
+	assert.Equal(t, int32(0), a[0].EType, "Etype of first etype info entry not as expected")
 	assert.Equal(t, []byte("Morton's #0"), a[0].Salt, "Salt of first etype info entry not as expected")
 }
 
@@ -148,13 +139,13 @@ func TestUnmarshalETypeInfo2(t *testing.T) {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
 	assert.Equal(t, 3, len(a), "Number of EType info2 entries not as expected")
-	assert.Equal(t, 0, a[0].EType, "Etype of first etype info2 entry not as expected")
+	assert.Equal(t, int32(0), a[0].EType, "Etype of first etype info2 entry not as expected")
 	assert.Equal(t, "Morton's #0", a[0].Salt, "Salt of first etype info2 entry not as expected")
 	assert.Equal(t, []byte("s2k: 0"), a[0].S2KParams, "String to key params of first etype info2 entry not as expected")
-	assert.Equal(t, 1, a[1].EType, "Etype of second etype info2 entry not as expected")
+	assert.Equal(t, int32(1), a[1].EType, "Etype of second etype info2 entry not as expected")
 	assert.Equal(t, 0, len(a[1].Salt), "Salt of second etype info2 entry not as expected")
 	assert.Equal(t, []byte("s2k: 1"), a[1].S2KParams, "String to key params of second etype info2 entry not as expected")
-	assert.Equal(t, 2, a[2].EType, "Etype of third etype info2 entry not as expected")
+	assert.Equal(t, int32(2), a[2].EType, "Etype of third etype info2 entry not as expected")
 	assert.Equal(t, "Morton's #2", a[2].Salt, "Salt of third etype info2 entry not as expected")
 	assert.Equal(t, []byte("s2k: 2"), a[2].S2KParams, "String to key params of third etype info2 entry not as expected")
 }
@@ -171,7 +162,7 @@ func TestUnmarshalETypeInfo2_only1(t *testing.T) {
 		t.Fatalf("Unmarshal error of %s: %v\n", v, err)
 	}
 	assert.Equal(t, 1, len(a), "Number of EType info2 entries not as expected")
-	assert.Equal(t, 0, a[0].EType, "Etype of first etype info2 entry not as expected")
+	assert.Equal(t, int32(0), a[0].EType, "Etype of first etype info2 entry not as expected")
 	assert.Equal(t, "Morton's #0", a[0].Salt, "Salt of first etype info2 entry not as expected")
 	assert.Equal(t, []byte("s2k: 0"), a[0].S2KParams, "String to key params of first etype info2 entry not as expected")
 }

types/PrincipalName.go

@@ -7,7 +7,7 @@ import "strings"
 
 // PrincipalName implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.2.2
 type PrincipalName struct {
-	NameType   int      `asn1:"explicit,tag:0"`
+	NameType   int32    `asn1:"explicit,tag:0"`
 	NameString []string `asn1:"generalstring,explicit,tag:1"`
 }
 

types/TypedData.go

@@ -4,7 +4,7 @@ import "github.com/jcmturner/gofork/encoding/asn1"
 
 // TypedData implements RFC 4120 type: https://tools.ietf.org/html/rfc4120#section-5.9.1
 type TypedData struct {
-	DataType  int    `asn1:"explicit,tag:0"`
+	DataType  int32  `asn1:"explicit,tag:0"`
 	DataValue []byte `asn1:"optional,explicit,tag:1"`
 }