Drop changing the password, really need kadmin/ldap support to do it
[Samba.git] / lib / krb5 / test_fx.c
blobc68014834dd08652534d767d8f1cca8b0586542a
1 /*
2 * Copyright (c) 2009 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
33 #include "krb5_locl.h"
34 #include <err.h>
35 #include <getarg.h>
37 struct {
38 char *p1;
39 char *pepper1;
40 krb5_enctype e1;
41 char *p2;
42 char *pepper2;
43 krb5_enctype e2;
44 krb5_enctype e3;
45 char *key;
46 size_t len;
47 } cf2[] = {
49 "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
50 "key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96,
51 ETYPE_AES128_CTS_HMAC_SHA1_96,
52 "\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x02\x87\xa9\x2a",
56 "key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96,
57 "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
58 ETYPE_AES256_CTS_HMAC_SHA1_96,
59 "\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66"
60 "\xb9\x61\x7a\xe3\xa9\x68\x68\xc3\x37\xcb\x93\xb5\xe7\x2b\x1c\x7b",
64 "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
65 "key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96,
66 ETYPE_AES256_CTS_HMAC_SHA1_96,
67 "\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x2\x87\xa9\x2a"
68 "\x1\x96\xfa\xf2\x44\xf8\x11\x20\xc2\x1c\x51\x17\xb3\xe6\xeb\x98",
72 "key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96,
73 "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
74 ETYPE_AES128_CTS_HMAC_SHA1_96,
75 "\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66",
79 "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
80 "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
81 ETYPE_AES256_CTS_HMAC_SHA1_96,
82 "\x88\xbd\xb2\xa9\xf\x3e\x52\x5a\xb0\x5f\x68\xc5\x43\x9a\x4d\x5e"
83 "\x9c\x2b\xfd\x2b\x02\x24\xde\x39\xb5\x82\xf4\xbb\x05\xfe\x2\x2e",
89 static void
90 test_cf2(krb5_context context)
92 krb5_error_code ret;
93 krb5_data pw, p1, p2;
94 krb5_salt salt;
95 krb5_keyblock k1, k2, k3;
96 krb5_crypto c1, c2;
97 unsigned int i;
99 for (i = 0; i < sizeof(cf2)/sizeof(cf2[0]); i++) {
100 pw.data = cf2[i].p1;
101 pw.length = strlen(cf2[i].p1);
102 salt.salttype = KRB5_PADATA_PW_SALT;
103 salt.saltvalue.data = cf2[i].p1;
104 salt.saltvalue.length = strlen(cf2[i].p1);
106 ret = krb5_string_to_key_data_salt(context,
107 cf2[i].e1,
109 salt,
110 &k1);
111 if (ret)
112 krb5_err(context, 1, ret, "krb5_string_to_key_data_salt");
114 ret = krb5_crypto_init(context, &k1, 0, &c1);
115 if (ret)
116 krb5_err(context, 1, ret, "krb5_crypto_init");
118 pw.data = cf2[i].p2;
119 pw.length = strlen(cf2[i].p2);
120 salt.saltvalue.data = cf2[i].p2;
121 salt.saltvalue.length = strlen(cf2[i].p2);
123 ret = krb5_string_to_key_data_salt(context,
124 cf2[i].e2,
126 salt,
127 &k2);
128 if (ret)
129 krb5_err(context, 1, ret, "krb5_string_to_key_data_salt");
131 ret = krb5_crypto_init(context, &k2, 0, &c2);
132 if (ret)
133 krb5_err(context, 1, ret, "krb5_crypto_init");
136 p1.data = cf2[i].pepper1;
137 p1.length = strlen(cf2[i].pepper1);
139 p2.data = cf2[i].pepper2;
140 p2.length = strlen(cf2[i].pepper2);
142 ret = krb5_crypto_fx_cf2(context, c1, c2, &p1, &p2, cf2[i].e3, &k3);
143 if (ret)
144 krb5_err(context, 1, ret, "krb5_crypto_fx_cf2");
146 if (k3.keytype != cf2[i].e3)
147 krb5_errx(context, 1, "length not right");
148 if (k3.keyvalue.length != cf2[i].len ||
149 memcmp(k3.keyvalue.data, cf2[i].key, cf2[i].len) != 0)
150 krb5_errx(context, 1, "key not same");
152 krb5_crypto_destroy(context, c1);
153 krb5_crypto_destroy(context, c2);
155 krb5_free_keyblock_contents(context, &k1);
156 krb5_free_keyblock_contents(context, &k2);
157 krb5_free_keyblock_contents(context, &k3);
161 static int version_flag = 0;
162 static int help_flag = 0;
164 static struct getargs args[] = {
165 {"version", 0, arg_flag, &version_flag,
166 "print version", NULL },
167 {"help", 0, arg_flag, &help_flag,
168 NULL, NULL }
171 static void
172 usage (int ret)
174 arg_printusage (args,
175 sizeof(args)/sizeof(*args),
176 NULL,
177 "");
178 exit (ret);
182 main(int argc, char **argv)
184 krb5_context context;
185 krb5_error_code ret;
186 int optidx = 0;
188 setprogname(argv[0]);
190 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
191 usage(1);
193 if (help_flag)
194 usage (0);
196 if(version_flag){
197 print_version(NULL);
198 exit(0);
201 ret = krb5_init_context(&context);
202 if (ret)
203 errx (1, "krb5_init_context failed: %d", ret);
205 test_cf2(context);
207 krb5_free_context(context);
209 return 0;