search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #203 from sdigit/patch-1
[heimdal.git] / lib / krb5 / aes-test.c
blobda66af04de7055fabc5662006c53572070ff92b3
1 /*
2 * Copyright (c) 2003-2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32
33 #include "krb5_locl.h"
34 #include <hex.h>
35 #include <err.h>
36 #include <assert.h>
37
38 static int verbose = 0;
39
40 static void
41 hex_dump_data(const void *data, size_t length)
42 {
43 char *p;
44
45 hex_encode(data, length, &p);
46 printf("%s\n", p);
47 free(p);
48 }
49
50 struct {
51 char *password;
52 char *salt;
53 int saltlen;
54 int iterations;
55 krb5_enctype enctype;
56 size_t keylen;
57 char *pbkdf2;
58 char *key;
59 } keys[] = {
60 {
61 "password", "ATHENA.MIT.EDUraeburn", -1,
62 1,
63 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
64 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
65 "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
66 },
67 {
68 "password", "ATHENA.MIT.EDUraeburn", -1,
69 1,
70 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
71 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
72 "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
73 "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
74 "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
75 },
76 {
77 "password", "ATHENA.MIT.EDUraeburn", -1,
78 2,
79 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
80 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
81 "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
82 },
83 {
84 "password", "ATHENA.MIT.EDUraeburn", -1,
85 2,
86 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
87 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
88 "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
89 "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
90 "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
91 },
92 {
93 "password", "ATHENA.MIT.EDUraeburn", -1,
94 1200,
95 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
96 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
97 "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
98 },
99 {
100 "password", "ATHENA.MIT.EDUraeburn", -1,
101 1200,
102 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
103 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
104 "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
105 "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
106 "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
107 },
108 {
109 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
110 5,
111 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
112 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
113 "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
114 },
115 {
116 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
117 5,
118 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
119 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
120 "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
121 "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
122 "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
123 },
124 {
125 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
126 "pass phrase equals block size", -1,
127 1200,
128 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
129 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
130 "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
131 },
132 {
133 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
134 "pass phrase equals block size", -1,
135 1200,
136 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
137 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
138 "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
139 "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
140 "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
141 },
142 {
143 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
144 "pass phrase exceeds block size", -1,
145 1200,
146 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
147 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
148 "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
149 },
150 {
151 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
152 "pass phrase exceeds block size", -1,
153 1200,
154 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
155 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
156 "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
157 "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
158 "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
159
160 },
161 {
162 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
163 50,
164 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
165 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
166 "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
167 },
168 {
169 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
170 50,
171 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
172 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
173 "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
174 "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
175 "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
176 },
177 {
178 "foo", "", -1,
179 0,
180 ETYPE_ARCFOUR_HMAC_MD5, 16,
181 NULL,
182 "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
183 },
184 {
185 "test", "", -1,
186 0,
187 ETYPE_ARCFOUR_HMAC_MD5, 16,
188 NULL,
189 "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
190 }
191 };
192
193 static int
194 string_to_key_test(krb5_context context)
195 {
196 krb5_data password, opaque;
197 krb5_error_code ret;
198 krb5_salt salt;
199 int i, val = 0;
200 char iter[4];
201
202 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
203
204 password.data = keys[i].password;
205 password.length = strlen(password.data);
206
207 salt.salttype = KRB5_PW_SALT;
208 salt.saltvalue.data = keys[i].salt;
209 if (keys[i].saltlen == -1)
210 salt.saltvalue.length = strlen(salt.saltvalue.data);
211 else
212 salt.saltvalue.length = keys[i].saltlen;
213
214 opaque.data = iter;
215 opaque.length = sizeof(iter);
216 _krb5_put_int(iter, keys[i].iterations, 4);
217
218 if (keys[i].pbkdf2) {
219 unsigned char keyout[32];
220
221 if (keys[i].keylen > sizeof(keyout))
222 abort();
223
224 PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
225 salt.saltvalue.data, salt.saltvalue.length,
226 keys[i].iterations,
227 keys[i].keylen, keyout);
228
229 if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
230 krb5_warnx(context, "%d: pbkdf2", i);
231 val = 1;
232 hex_dump_data(keyout, keys[i].keylen);
233 continue;
234 }
235
236 if (verbose) {
237 printf("PBKDF2:\n");
238 hex_dump_data(keyout, keys[i].keylen);
239 }
240 }
241
242 {
243 krb5_keyblock key;
244
245 ret = krb5_string_to_key_data_salt_opaque (context,
246 keys[i].enctype,
247 password,
248 salt,
249 opaque,
250 &key);
251 if (ret) {
252 krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque",
253 i);
254 val = 1;
255 continue;
256 }
257
258 if (key.keyvalue.length != keys[i].keylen) {
259 krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
260 i, (unsigned long)key.keyvalue.length,
261 (unsigned long)keys[i].keylen);
262 val = 1;
263 continue;
264 }
265
266 if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
267 krb5_warnx(context, "%d: key wrong", i);
268 val = 1;
269 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
270 hex_dump_data(keys[i].key, keys[i].keylen);
271 continue;
272 }
273
274 if (verbose) {
275 printf("key:\n");
276 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
277 }
278 krb5_free_keyblock_contents(context, &key);
279 }
280 }
281 return val;
282 }
283
284 static int
285 krb_enc(krb5_context context,
286 krb5_crypto crypto,
287 unsigned usage,
288 krb5_data *cipher,
289 krb5_data *clear)
290 {
291 krb5_data decrypt;
292 krb5_error_code ret;
293
294 krb5_data_zero(&decrypt);
295
296 ret = krb5_decrypt(context,
297 crypto,
298 usage,
299 cipher->data,
300 cipher->length,
301 &decrypt);
302
303 if (ret) {
304 krb5_warn(context, ret, "krb5_decrypt");
305 return ret;
306 }
307
308 if (decrypt.length != clear->length ||
309 memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
310 krb5_warnx(context, "clear text not same");
311 return EINVAL;
312 }
313
314 krb5_data_free(&decrypt);
315
316 return 0;
317 }
318
319 static int
320 krb_enc_iov2(krb5_context context,
321 krb5_crypto crypto,
322 unsigned usage,
323 size_t cipher_len,
324 krb5_data *clear)
325 {
326 krb5_crypto_iov iov[4];
327 krb5_data decrypt;
328 int ret;
329 char *p, *q;
330 size_t len, i;
331
332 p = clear->data;
333 len = clear->length;
334
335 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
336 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
337 iov[0].data.data = emalloc(iov[0].data.length);
338
339 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
340 iov[1].data.length = len;
341 iov[1].data.data = emalloc(iov[1].data.length);
342 memcpy(iov[1].data.data, p, iov[1].data.length);
343
344 /* padding buffer */
345 iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
346 krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length);
347 iov[2].data.data = emalloc(iov[2].data.length);
348
349 iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
350 krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length);
351 iov[3].data.data = emalloc(iov[3].data.length);
352
353 ret = krb5_encrypt_iov_ivec(context, crypto, usage,
354 iov, sizeof(iov)/sizeof(iov[0]), NULL);
355 if (ret)
356 errx(1, "encrypt iov failed: %d", ret);
357
358 /* check len */
359 for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
360 len += iov[i].data.length;
361 if (len != cipher_len)
362 errx(1, "cipher len wrong");
363
364 /*
365 * Plain decrypt
366 */
367
368 p = q = emalloc(len);
369 for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
370 memcpy(q, iov[i].data.data, iov[i].data.length);
371 q += iov[i].data.length;
372 }
373
374 ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt);
375 if (ret)
376 krb5_err(context, 1, ret, "krb5_decrypt");
377 else
378 krb5_data_free(&decrypt);
379
380 free(p);
381
382 /*
383 * Now decrypt use iov
384 */
385
386 /* padding turn into data */
387 p = q = emalloc(iov[1].data.length + iov[2].data.length);
388
389 memcpy(q, iov[1].data.data, iov[1].data.length);
390 q += iov[1].data.length;
391 memcpy(q, iov[2].data.data, iov[2].data.length);
392
393 free(iov[1].data.data);
394 free(iov[2].data.data);
395
396 iov[1].data.data = p;
397 iov[1].data.length += iov[2].data.length;
398
399 iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY;
400 iov[2].data.length = 0;
401
402 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
403 iov, sizeof(iov)/sizeof(iov[0]), NULL);
404 free(iov[0].data.data);
405 free(iov[3].data.data);
406
407 if (ret)
408 krb5_err(context, 1, ret, "decrypt iov failed: %d", ret);
409
410 if (clear->length != iov[1].data.length)
411 errx(1, "length incorrect");
412
413 p = clear->data;
414 if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0)
415 errx(1, "iov[1] incorrect");
416
417 free(iov[1].data.data);
418
419 return 0;
420 }
421
422
423 static int
424 krb_enc_iov(krb5_context context,
425 krb5_crypto crypto,
426 unsigned usage,
427 krb5_data *cipher,
428 krb5_data *clear)
429 {
430 krb5_crypto_iov iov[3];
431 int ret;
432 char *p;
433 size_t len;
434
435 p = cipher->data;
436 len = cipher->length;
437
438 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
439 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
440 iov[0].data.data = emalloc(iov[0].data.length);
441 memcpy(iov[0].data.data, p, iov[0].data.length);
442 p += iov[0].data.length;
443 len -= iov[0].data.length;
444
445 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER;
446 krb5_crypto_length(context, crypto, iov[1].flags, &iov[1].data.length);
447 iov[1].data.data = emalloc(iov[1].data.length);
448 memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length);
449 len -= iov[1].data.length;
450
451 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
452 iov[2].data.length = len;
453 iov[2].data.data = emalloc(len);
454 memcpy(iov[2].data.data, p, len);
455
456 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
457 iov, sizeof(iov)/sizeof(iov[0]), NULL);
458 if (ret)
459 krb5_err(context, 1, ret, "krb_enc_iov decrypt iov failed: %d", ret);
460
461 if (clear->length != iov[2].data.length)
462 errx(1, "length incorrect");
463
464 p = clear->data;
465 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0)
466 errx(1, "iov[2] incorrect");
467
468 free(iov[0].data.data);
469 free(iov[1].data.data);
470 free(iov[2].data.data);
471
472
473 return 0;
474 }
475
476 static int
477 krb_checksum_iov(krb5_context context,
478 krb5_crypto crypto,
479 unsigned usage,
480 krb5_data *plain)
481 {
482 krb5_crypto_iov iov[4];
483 int ret;
484 char *p;
485 size_t len;
486
487 p = plain->data;
488 len = plain->length;
489
490 iov[0].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
491 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
492 iov[0].data.data = emalloc(iov[0].data.length);
493
494 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
495 iov[1].data.length = len;
496 iov[1].data.data = p;
497
498 iov[2].flags = KRB5_CRYPTO_TYPE_TRAILER;
499 krb5_crypto_length(context, crypto, iov[0].flags, &iov[2].data.length);
500 iov[2].data.data = malloc(iov[2].data.length);
501
502 ret = krb5_create_checksum_iov(context, crypto, usage,
503 iov, sizeof(iov)/sizeof(iov[0]), NULL);
504 if (ret)
505 krb5_err(context, 1, ret, "krb5_create_checksum_iov failed");
506
507 ret = krb5_verify_checksum_iov(context, crypto, usage, iov, sizeof(iov)/sizeof(iov[0]), NULL);
508 if (ret)
509 krb5_err(context, 1, ret, "krb5_verify_checksum_iov");
510
511 free(iov[0].data.data);
512 free(iov[2].data.data);
513
514 return 0;
515 }
516
517
518 static int
519 krb_enc_mit(krb5_context context,
520 krb5_enctype enctype,
521 krb5_keyblock *key,
522 unsigned usage,
523 krb5_data *cipher,
524 krb5_data *clear)
525 {
526 #ifndef HEIMDAL_SMALLER
527 krb5_error_code ret;
528 krb5_enc_data e;
529 krb5_data decrypt;
530 size_t len;
531
532 e.kvno = 0;
533 e.enctype = enctype;
534 e.ciphertext = *cipher;
535
536 ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
537 if (ret)
538 return ret;
539
540 if (decrypt.length != clear->length ||
541 memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
542 krb5_warnx(context, "clear text not same");
543 return EINVAL;
544 }
545
546 krb5_data_free(&decrypt);
547
548 ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
549 if (ret)
550 return ret;
551
552 if (len != cipher->length) {
553 krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
554 (unsigned long)len, (unsigned long)cipher->length);
555 return EINVAL;
556 }
557 #endif /* HEIMDAL_SMALLER */
558 return 0;
559 }
560
561
562 struct {
563 krb5_enctype enctype;
564 unsigned usage;
565 size_t keylen;
566 void *key;
567 size_t elen;
568 void* edata;
569 size_t plen;
570 void *pdata;
571 } krbencs[] = {
572 {
573 ETYPE_AES256_CTS_HMAC_SHA1_96,
574 7,
575 32,
576 "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
577 "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
578 44,
579 "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
580 "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
581 "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
582 16,
583 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a"
584 }
585 };
586
587
588 static int
589 krb_enc_test(krb5_context context)
590 {
591 krb5_error_code ret;
592 krb5_crypto crypto;
593 krb5_keyblock kb;
594 krb5_data cipher, plain;
595 int i;
596
597 for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
598
599 kb.keytype = krbencs[i].enctype;
600 kb.keyvalue.length = krbencs[i].keylen;
601 kb.keyvalue.data = krbencs[i].key;
602
603 ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
604
605 cipher.length = krbencs[i].elen;
606 cipher.data = krbencs[i].edata;
607 plain.length = krbencs[i].plen;
608 plain.data = krbencs[i].pdata;
609
610 ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
611
612 if (ret)
613 errx(1, "krb_enc failed with %d for test %d", ret, i);
614
615 ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain);
616 if (ret)
617 errx(1, "krb_enc_iov failed with %d for test %d", ret, i);
618
619 ret = krb_enc_iov2(context, crypto, krbencs[i].usage,
620 cipher.length, &plain);
621 if (ret)
622 errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i);
623
624 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain);
625 if (ret)
626 errx(1, "krb_checksum_iov failed with %d for test %d", ret, i);
627
628 krb5_crypto_destroy(context, crypto);
629
630 ret = krb_enc_mit(context, krbencs[i].enctype, &kb,
631 krbencs[i].usage, &cipher, &plain);
632 if (ret)
633 errx(1, "krb_enc_mit failed with %d for test %d", ret, i);
634 }
635
636 return 0;
637 }
638
639 static int
640 iov_test(krb5_context context)
641 {
642 krb5_enctype enctype = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
643 krb5_error_code ret;
644 krb5_crypto crypto;
645 krb5_keyblock key;
646 krb5_data signonly, in, in2;
647 krb5_crypto_iov iov[6];
648 size_t len, i;
649 unsigned char *base, *p;
650
651 ret = krb5_generate_random_keyblock(context, enctype, &key);
652 if (ret)
653 krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
654
655 ret = krb5_crypto_init(context, &key, 0, &crypto);
656 if (ret)
657 krb5_err(context, 1, ret, "krb5_crypto_init");
658
659
660 ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len);
661 if (ret)
662 krb5_err(context, 1, ret, "krb5_crypto_length");
663
664 signonly.data = "This should be signed";
665 signonly.length = strlen(signonly.data);
666 in.data = "inputdata";
667 in.length = strlen(in.data);
668
669 in2.data = "INPUTDATA";
670 in2.length = strlen(in2.data);
671
672
673 memset(iov, 0, sizeof(iov));
674
675 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
676 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
677 iov[1].data = in;
678 iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
679 iov[2].data = signonly;
680 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
681 iov[4].flags = KRB5_CRYPTO_TYPE_PADDING;
682 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER;
683
684 ret = krb5_crypto_length_iov(context, crypto, iov,
685 sizeof(iov)/sizeof(iov[0]));
686 if (ret)
687 krb5_err(context, 1, ret, "krb5_crypto_length_iov");
688
689 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
690 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
691 continue;
692 len += iov[i].data.length;
693 }
694
695 base = emalloc(len);
696
697 /*
698 * Allocate data for the fields
699 */
700
701 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
702 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
703 continue;;
704 iov[i].data.data = p;
705 p += iov[i].data.length;
706 }
707 assert(iov[1].data.length == in.length);
708 memcpy(iov[1].data.data, in.data, iov[1].data.length);
709
710 /*
711 * Encrypt
712 */
713
714 ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov,
715 sizeof(iov)/sizeof(iov[0]), NULL);
716 if (ret)
717 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");
718
719 /*
720 * Decrypt
721 */
722
723 ret = krb5_decrypt_iov_ivec(context, crypto, 7,
724 iov, sizeof(iov)/sizeof(iov[0]), NULL);
725 if (ret)
726 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");
727
728 /*
729 * Verify data
730 */
731
732 if (krb5_data_cmp(&iov[1].data, &in) != 0)
733 krb5_errx(context, 1, "decrypted data not same");
734
735 /*
736 * Free memory
737 */
738
739 free(base);
740
741 /* Set up for second try */
742
743 iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
744 iov[3].data = in;
745
746 ret = krb5_crypto_length_iov(context, crypto,
747 iov, sizeof(iov)/sizeof(iov[0]));
748 if (ret)
749 krb5_err(context, 1, ret, "krb5_crypto_length_iov");
750
751 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
752 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
753 continue;
754 len += iov[i].data.length;
755 }
756
757 base = emalloc(len);
758
759 /*
760 * Allocate data for the fields
761 */
762
763 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
764 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
765 continue;;
766 iov[i].data.data = p;
767 p += iov[i].data.length;
768 }
769 assert(iov[1].data.length == in.length);
770 memcpy(iov[1].data.data, in.data, iov[1].data.length);
771
772 assert(iov[3].data.length == in2.length);
773 memcpy(iov[3].data.data, in2.data, iov[3].data.length);
774
775
776
777 /*
778 * Encrypt
779 */
780
781 ret = krb5_encrypt_iov_ivec(context, crypto, 7,
782 iov, sizeof(iov)/sizeof(iov[0]), NULL);
783 if (ret)
784 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");
785
786 /*
787 * Decrypt
788 */
789
790 ret = krb5_decrypt_iov_ivec(context, crypto, 7,
791 iov, sizeof(iov)/sizeof(iov[0]), NULL);
792 if (ret)
793 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");
794
795 /*
796 * Verify data
797 */
798
799 if (krb5_data_cmp(&iov[1].data, &in) != 0)
800 krb5_errx(context, 1, "decrypted data 2.1 not same");
801
802 if (krb5_data_cmp(&iov[3].data, &in2) != 0)
803 krb5_errx(context, 1, "decrypted data 2.2 not same");
804
805 /*
806 * Free memory
807 */
808
809 free(base);
810
811 krb5_crypto_destroy(context, crypto);
812
813 krb5_free_keyblock_contents(context, &key);
814
815 return 0;
816 }
817
818
819
820 static int
821 random_to_key(krb5_context context)
822 {
823 krb5_error_code ret;
824 krb5_keyblock key;
825
826 ret = krb5_random_to_key(context,
827 ETYPE_DES3_CBC_SHA1,
828 "\x21\x39\x04\x58\x6A\xBD\x7F"
829 "\x21\x39\x04\x58\x6A\xBD\x7F"
830 "\x21\x39\x04\x58\x6A\xBD\x7F",
831 21,
832 &key);
833 if (ret){
834 krb5_warn(context, ret, "random_to_key");
835 return 1;
836 }
837 if (key.keyvalue.length != 24)
838 return 1;
839
840 if (memcmp(key.keyvalue.data,
841 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
842 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
843 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
844 24) != 0)
845 return 1;
846
847 krb5_free_keyblock_contents(context, &key);
848
849 return 0;
850 }
851
852 int
853 main(int argc, char **argv)
854 {
855 krb5_error_code ret;
856 krb5_context context;
857 int val = 0;
858
859 if (argc > 1 && strcmp(argv[1], "-v") == 0)
860 verbose = 1;
861
862 ret = krb5_init_context (&context);
863 if (ret)
864 errx (1, "krb5_init_context failed: %d", ret);
865
866 val |= string_to_key_test(context);
867
868 val |= krb_enc_test(context);
869 val |= random_to_key(context);
870 val |= iov_test(context);
871
872 if (verbose && val == 0)
873 printf("all ok\n");
874 if (val)
875 printf("tests failed\n");
876
877 krb5_free_context(context);
878
879 return val;
880 }
Heimdal