lib/krb5/test_fx.c

   1 /*
   2  * Copyright (c) 2009 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of KTH nor the names of its contributors may be
  18  *    used to endorse or promote products derived from this software without
  19  *    specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
  22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
  25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
  32
  33 #include "krb5_locl.h"
  34 #include <err.h>
  35 #include <getarg.h>
  36
  37 struct {
  38     char *p1;
  39     char *pepper1;
  40     krb5_enctype e1;
  41     char *p2;
  42     char *pepper2;
  43     krb5_enctype e2;
  44     krb5_enctype e3;
  45     char *key;
  46     size_t len;
  47 } cf2[] = {
  48     {
  49         "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
  50         "key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96,
  51         ETYPE_AES128_CTS_HMAC_SHA1_96,
  52         "\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x02\x87\xa9\x2a",
  53         16
  54     },
  55     {
  56         "key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96,
  57         "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
  58         ETYPE_AES256_CTS_HMAC_SHA1_96,
  59         "\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66"
  60         "\xb9\x61\x7a\xe3\xa9\x68\x68\xc3\x37\xcb\x93\xb5\xe7\x2b\x1c\x7b",
  61         32
  62     },
  63     {
  64         "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
  65         "key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96,
  66         ETYPE_AES256_CTS_HMAC_SHA1_96,
  67         "\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x2\x87\xa9\x2a"
  68         "\x1\x96\xfa\xf2\x44\xf8\x11\x20\xc2\x1c\x51\x17\xb3\xe6\xeb\x98",
  69         32
  70     },
  71     {
  72         "key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96,
  73         "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
  74         ETYPE_AES128_CTS_HMAC_SHA1_96,
  75         "\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66",
  76         16
  77     },
  78     {
  79         "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
  80         "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
  81         ETYPE_AES256_CTS_HMAC_SHA1_96,
  82         "\x88\xbd\xb2\xa9\xf\x3e\x52\x5a\xb0\x5f\x68\xc5\x43\x9a\x4d\x5e"
  83         "\x9c\x2b\xfd\x2b\x02\x24\xde\x39\xb5\x82\xf4\xbb\x05\xfe\x2\x2e",
  84         32
  85     }
  86 };
  87
  88
  89 static void
  90 test_cf2(krb5_context context)
  91 {
  92     krb5_error_code ret;
  93     krb5_data pw, p1, p2;
  94     krb5_salt salt;
  95     krb5_keyblock k1, k2, k3;
  96     krb5_crypto c1, c2;
  97     unsigned int i;
  98
  99     for (i = 0; i < sizeof(cf2)/sizeof(cf2[0]); i++) {
 100         pw.data = cf2[i].p1;
 101         pw.length = strlen(cf2[i].p1);
 102         salt.salttype = KRB5_PADATA_PW_SALT;
 103         salt.saltvalue.data = cf2[i].p1;
 104         salt.saltvalue.length = strlen(cf2[i].p1);
 105
 106         ret = krb5_string_to_key_data_salt(context,
 107                                            cf2[i].e1,
 108                                            pw,
 109                                            salt,
 110                                            &k1);
 111         if (ret)
 112             krb5_err(context, 1, ret, "krb5_string_to_key_data_salt");
 113
 114         ret = krb5_crypto_init(context, &k1, 0, &c1);
 115         if (ret)
 116             krb5_err(context, 1, ret, "krb5_crypto_init");
 117
 118         pw.data = cf2[i].p2;
 119         pw.length = strlen(cf2[i].p2);
 120         salt.saltvalue.data = cf2[i].p2;
 121         salt.saltvalue.length = strlen(cf2[i].p2);
 122
 123         ret = krb5_string_to_key_data_salt(context,
 124                                            cf2[i].e2,
 125                                            pw,
 126                                            salt,
 127                                            &k2);
 128         if (ret)
 129             krb5_err(context, 1, ret, "krb5_string_to_key_data_salt");
 130
 131         ret = krb5_crypto_init(context, &k2, 0, &c2);
 132         if (ret)
 133             krb5_err(context, 1, ret, "krb5_crypto_init");
 134
 135
 136         p1.data = cf2[i].pepper1;
 137         p1.length = strlen(cf2[i].pepper1);
 138
 139         p2.data = cf2[i].pepper2;
 140         p2.length = strlen(cf2[i].pepper2);
 141
 142         ret = krb5_crypto_fx_cf2(context, c1, c2, &p1, &p2, cf2[i].e3, &k3);
 143         if (ret)
 144             krb5_err(context, 1, ret, "krb5_crypto_fx_cf2");
 145
 146         if (k3.keytype != cf2[i].e3)
 147             krb5_errx(context, 1, "length not right");
 148         if (k3.keyvalue.length != cf2[i].len ||
 149             memcmp(k3.keyvalue.data, cf2[i].key, cf2[i].len) != 0)
 150             krb5_errx(context, 1, "key not same");
 151
 152         krb5_crypto_destroy(context, c1);
 153         krb5_crypto_destroy(context, c2);
 154
 155         krb5_free_keyblock_contents(context, &k1);
 156         krb5_free_keyblock_contents(context, &k2);
 157         krb5_free_keyblock_contents(context, &k3);
 158     }
 159 }
 160
 161 static int version_flag = 0;
 162 static int help_flag    = 0;
 163
 164 static struct getargs args[] = {
 165     {"version", 0,      arg_flag,       &version_flag,
 166      "print version", NULL },
 167     {"help",    0,      arg_flag,       &help_flag,
 168      NULL, NULL }
 169 };
 170
 171 static void
 172 usage (int ret)
 173 {
 174     arg_printusage (args,
 175                     sizeof(args)/sizeof(*args),
 176                     NULL,
 177                     "");
 178     exit (ret);
 179 }
 180
 181 int
 182 main(int argc, char **argv)
 183 {
 184     krb5_context context;
 185     krb5_error_code ret;
 186     int optidx = 0;
 187
 188     setprogname(argv[0]);
 189
 190     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
 191         usage(1);
 192
 193     if (help_flag)
 194         usage (0);
 195
 196     if(version_flag){
 197         print_version(NULL);
 198         exit(0);
 199     }
 200
 201     ret = krb5_init_context(&context);
 202     if (ret)
 203         errx (1, "krb5_init_context failed: %d", ret);
 204
 205     test_cf2(context);
 206
 207     krb5_free_context(context);
 208
 209     return 0;
 210 }