search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use OID variable instead of function.
[heimdal.git] / lib / krb5 / aes-test.c
blobe135e338f2f135d7a6e5e6df9c3463f376d9170e
1 /*
2 * Copyright (c) 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32
33 #include "krb5_locl.h"
34 #include <hex.h>
35 #include <err.h>
36
37 #ifdef HAVE_OPENSSL
38 #include <openssl/evp.h>
39 #endif
40
41 static int verbose = 0;
42
43 static void
44 hex_dump_data(const void *data, size_t length)
45 {
46 char *p;
47
48 hex_encode(data, length, &p);
49 printf("%s\n", p);
50 free(p);
51 }
52
53 struct {
54 char *password;
55 char *salt;
56 int saltlen;
57 int iterations;
58 krb5_enctype enctype;
59 size_t keylen;
60 char *pbkdf2;
61 char *key;
62 } keys[] = {
63 {
64 "password", "ATHENA.MIT.EDUraeburn", -1,
65 1,
66 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
67 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
68 "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
69 },
70 {
71 "password", "ATHENA.MIT.EDUraeburn", -1,
72 1,
73 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
74 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
75 "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
76 "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
77 "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
78 },
79 {
80 "password", "ATHENA.MIT.EDUraeburn", -1,
81 2,
82 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
83 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
84 "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
85 },
86 {
87 "password", "ATHENA.MIT.EDUraeburn", -1,
88 2,
89 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
90 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
91 "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
92 "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
93 "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
94 },
95 {
96 "password", "ATHENA.MIT.EDUraeburn", -1,
97 1200,
98 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
99 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
100 "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
101 },
102 {
103 "password", "ATHENA.MIT.EDUraeburn", -1,
104 1200,
105 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
106 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
107 "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
108 "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
109 "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
110 },
111 {
112 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
113 5,
114 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
115 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
116 "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
117 },
118 {
119 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
120 5,
121 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
122 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
123 "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
124 "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
125 "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
126 },
127 {
128 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
129 "pass phrase equals block size", -1,
130 1200,
131 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
132 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
133 "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
134 },
135 {
136 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
137 "pass phrase equals block size", -1,
138 1200,
139 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
140 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
141 "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
142 "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
143 "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
144 },
145 {
146 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
147 "pass phrase exceeds block size", -1,
148 1200,
149 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
150 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
151 "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
152 },
153 {
154 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
155 "pass phrase exceeds block size", -1,
156 1200,
157 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
158 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
159 "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
160 "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
161 "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
162
163 },
164 {
165 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
166 50,
167 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
168 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
169 "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
170 },
171 {
172 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
173 50,
174 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
175 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
176 "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
177 "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
178 "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
179 },
180 {
181 "foo", "", -1,
182 0,
183 ETYPE_ARCFOUR_HMAC_MD5, 16,
184 NULL,
185 "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
186 },
187 {
188 "test", "", -1,
189 0,
190 ETYPE_ARCFOUR_HMAC_MD5, 16,
191 NULL,
192 "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
193 }
194 };
195
196 static int
197 string_to_key_test(krb5_context context)
198 {
199 krb5_data password, opaque;
200 krb5_error_code ret;
201 krb5_salt salt;
202 int i, val = 0;
203 char iter[4];
204
205 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
206
207 password.data = keys[i].password;
208 password.length = strlen(password.data);
209
210 salt.salttype = KRB5_PW_SALT;
211 salt.saltvalue.data = keys[i].salt;
212 if (keys[i].saltlen == -1)
213 salt.saltvalue.length = strlen(salt.saltvalue.data);
214 else
215 salt.saltvalue.length = keys[i].saltlen;
216
217 opaque.data = iter;
218 opaque.length = sizeof(iter);
219 _krb5_put_int(iter, keys[i].iterations, 4);
220
221 if (keys[i].pbkdf2) {
222 unsigned char keyout[32];
223
224 if (keys[i].keylen > sizeof(keyout))
225 abort();
226
227 PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
228 salt.saltvalue.data, salt.saltvalue.length,
229 keys[i].iterations,
230 keys[i].keylen, keyout);
231
232 if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
233 krb5_warnx(context, "%d: pbkdf2", i);
234 val = 1;
235 continue;
236 }
237
238 if (verbose) {
239 printf("PBKDF2:\n");
240 hex_dump_data(keyout, keys[i].keylen);
241 }
242 }
243
244 {
245 krb5_keyblock key;
246
247 ret = krb5_string_to_key_data_salt_opaque (context,
248 keys[i].enctype,
249 password,
250 salt,
251 opaque,
252 &key);
253 if (ret) {
254 krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque",
255 i);
256 val = 1;
257 continue;
258 }
259
260 if (key.keyvalue.length != keys[i].keylen) {
261 krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
262 i, (unsigned long)key.keyvalue.length,
263 (unsigned long)keys[i].keylen);
264 val = 1;
265 continue;
266 }
267
268 if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
269 krb5_warnx(context, "%d: key wrong", i);
270 val = 1;
271 continue;
272 }
273
274 if (verbose) {
275 printf("key:\n");
276 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
277 }
278 krb5_free_keyblock_contents(context, &key);
279 }
280 }
281 return val;
282 }
283
284 static int
285 krb_enc(krb5_context context,
286 krb5_crypto crypto,
287 unsigned usage,
288 krb5_data *cipher,
289 krb5_data *clear)
290 {
291 krb5_data decrypt;
292 krb5_error_code ret;
293
294 krb5_data_zero(&decrypt);
295
296 ret = krb5_decrypt(context,
297 crypto,
298 usage,
299 cipher->data,
300 cipher->length,
301 &decrypt);
302
303 if (ret) {
304 krb5_warn(context, ret, "krb5_decrypt");
305 return ret;
306 }
307
308 if (decrypt.length != clear->length ||
309 memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
310 krb5_warnx(context, "clear text not same");
311 return EINVAL;
312 }
313
314 krb5_data_free(&decrypt);
315
316 return 0;
317 }
318
319 static int
320 krb_enc_iov2(krb5_context context,
321 krb5_crypto crypto,
322 unsigned usage,
323 size_t cipher_len,
324 krb5_data *clear)
325 {
326 krb5_crypto_iov iov[4];
327 int ret;
328 char *p;
329 size_t len, i;
330
331 p = clear->data;
332 len = clear->length;
333
334 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
335 iov[0].data.length = krb5_crypto_length(context, crypto, iov[0].flags);
336 iov[0].data.data = emalloc(iov[0].data.length);
337
338 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER;
339 iov[1].data.length = krb5_crypto_length(context, crypto, iov[1].flags);
340 iov[1].data.data = emalloc(iov[1].data.length);
341
342 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
343 iov[2].data.length = len;
344 iov[2].data.data = emalloc(iov[2].data.length);
345 memcpy(iov[2].data.data, p, iov[2].data.length);
346
347 /* padding buffer */
348 iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
349 iov[3].data.length = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING);
350 iov[3].data.data = emalloc(iov[4].data.length);
351
352 ret = krb5_encrypt_iov_ivec(context, crypto, usage,
353 iov, sizeof(iov)/sizeof(iov[0]), NULL);
354 if (ret)
355 errx(1, "encrypt iov failed: %d", ret);
356
357 /* check len */
358 for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
359 len += iov[i].data.length;
360 if (len != cipher_len)
361 errx(1, "cipher len wrong");
362
363 /* now decrypt */
364
365 /* padding turn into data */
366 p = emalloc(iov[2].data.length + iov[3].data.length);
367
368 memcpy(p, iov[2].data.data, iov[2].data.length);
369 memcpy(p + iov[2].data.length, iov[3].data.data, iov[3].data.length);
370
371 free(iov[2].data.data);
372 free(iov[3].data.data);
373
374 iov[2].data.data = p;
375 iov[2].data.length += iov[3].data.length;
376
377 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
378
379 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
380 iov, sizeof(iov)/sizeof(iov[0]), NULL);
381 if (ret)
382 errx(1, "decrypt iov failed: %d", ret);
383
384 if (clear->length != iov[2].data.length)
385 errx(1, "length incorrect");
386
387 p = clear->data;
388 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0)
389 errx(1, "iov[2] incorrect");
390
391 return 0;
392 }
393
394
395 static int
396 krb_enc_iov(krb5_context context,
397 krb5_crypto crypto,
398 unsigned usage,
399 krb5_data *cipher,
400 krb5_data *clear)
401 {
402 krb5_crypto_iov iov[3];
403 int ret;
404 char *p;
405 size_t len;
406
407 p = cipher->data;
408 len = cipher->length;
409
410 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
411 iov[0].data.length = krb5_crypto_length(context, crypto, iov[0].flags);
412 iov[0].data.data = emalloc(iov[0].data.length);
413 memcpy(iov[0].data.data, p, iov[0].data.length);
414 p += iov[0].data.length;
415 len -= iov[0].data.length;
416
417 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER;
418 iov[1].data.length = krb5_crypto_length(context, crypto, iov[1].flags);
419 iov[1].data.data = emalloc(iov[1].data.length);
420 memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length);
421 len -= iov[1].data.length;
422
423 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
424 iov[2].data.length = len;
425 iov[2].data.data = emalloc(len);
426 memcpy(iov[2].data.data, p, len);
427
428 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
429 iov, sizeof(iov)/sizeof(iov[0]), NULL);
430 if (ret)
431 errx(1, "krb_enc_iov decrypt iov failed: %d", ret);
432
433 if (clear->length != iov[2].data.length)
434 errx(1, "length incorrect");
435
436 p = clear->data;
437 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0)
438 errx(1, "iov[2] incorrect");
439
440 return 0;
441 }
442
443
444
445 static int
446 krb_enc_mit(krb5_context context,
447 krb5_enctype enctype,
448 krb5_keyblock *key,
449 unsigned usage,
450 krb5_data *cipher,
451 krb5_data *clear)
452 {
453 #ifndef HEIMDAL_SMALLER
454 krb5_error_code ret;
455 krb5_enc_data e;
456 krb5_data decrypt;
457 size_t len;
458
459 e.kvno = 0;
460 e.enctype = enctype;
461 e.ciphertext = *cipher;
462
463 ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
464 if (ret)
465 return ret;
466
467 if (decrypt.length != clear->length ||
468 memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
469 krb5_warnx(context, "clear text not same");
470 return EINVAL;
471 }
472
473 krb5_data_free(&decrypt);
474
475 ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
476 if (ret)
477 return ret;
478
479 if (len != cipher->length) {
480 krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
481 (unsigned long)len, (unsigned long)cipher->length);
482 return EINVAL;
483 }
484 #endif /* HEIMDAL_SMALLER */
485 return 0;
486 }
487
488
489 struct {
490 krb5_enctype enctype;
491 unsigned usage;
492 size_t keylen;
493 void *key;
494 size_t elen;
495 void* edata;
496 size_t plen;
497 void *pdata;
498 } krbencs[] = {
499 {
500 ETYPE_AES256_CTS_HMAC_SHA1_96,
501 7,
502 32,
503 "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
504 "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
505 44,
506 "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
507 "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
508 "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
509 16,
510 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a"
511 }
512 };
513
514
515 static int
516 krb_enc_test(krb5_context context)
517 {
518 krb5_error_code ret;
519 krb5_crypto crypto;
520 krb5_keyblock kb;
521 krb5_data cipher, plain;
522 int i;
523
524 for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
525
526 kb.keytype = krbencs[i].enctype;
527 kb.keyvalue.length = krbencs[i].keylen;
528 kb.keyvalue.data = krbencs[i].key;
529
530 ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
531
532 cipher.length = krbencs[i].elen;
533 cipher.data = krbencs[i].edata;
534 plain.length = krbencs[i].plen;
535 plain.data = krbencs[i].pdata;
536
537 ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
538
539 if (ret)
540 errx(1, "krb_enc failed with %d for test %d", ret, i);
541
542 ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain);
543 if (ret)
544 errx(1, "krb_enc_iov failed with %d for test %d", ret, i);
545
546 ret = krb_enc_iov2(context, crypto, krbencs[i].usage,
547 cipher.length, &plain);
548 if (ret)
549 errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i);
550
551 krb5_crypto_destroy(context, crypto);
552
553 ret = krb_enc_mit(context, krbencs[i].enctype, &kb,
554 krbencs[i].usage, &cipher, &plain);
555 if (ret)
556 errx(1, "krb_enc_mit failed with %d for test %d", ret, i);
557 }
558
559 return 0;
560 }
561
562
563 static int
564 random_to_key(krb5_context context)
565 {
566 krb5_error_code ret;
567 krb5_keyblock key;
568
569 ret = krb5_random_to_key(context,
570 ETYPE_DES3_CBC_SHA1,
571 "\x21\x39\x04\x58\x6A\xBD\x7F"
572 "\x21\x39\x04\x58\x6A\xBD\x7F"
573 "\x21\x39\x04\x58\x6A\xBD\x7F",
574 21,
575 &key);
576 if (ret){
577 krb5_warn(context, ret, "random_to_key");
578 return 1;
579 }
580 if (key.keyvalue.length != 24)
581 return 1;
582
583 if (memcmp(key.keyvalue.data,
584 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
585 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
586 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
587 24) != 0)
588 return 1;
589
590 krb5_free_keyblock_contents(context, &key);
591
592 return 0;
593 }
594
595
596 int
597 main(int argc, char **argv)
598 {
599 krb5_error_code ret;
600 krb5_context context;
601 int val = 0;
602
603 ret = krb5_init_context (&context);
604 if (ret)
605 errx (1, "krb5_init_context failed: %d", ret);
606
607 val |= string_to_key_test(context);
608
609 val |= krb_enc_test(context);
610 val |= random_to_key(context);
611
612 if (verbose && val == 0)
613 printf("all ok\n");
614 if (val)
615 printf("tests failed\n");
616
617 krb5_free_context(context);
618
619 return val;
620 }
Heimdal