search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libtommath: Fix possible integer overflow CVE-2023-36328
[heimdal.git] / lib / krb5 / aes-test.c
blob2d048e426e595cf231ed8184db8a1af70822628d
1 /*
2 * Copyright (c) 2003-2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of KTH nor the names of its contributors may be
18 * used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32
33 #include "krb5_locl.h"
34 #include <hex.h>
35 #include <err.h>
36 #include <assert.h>
37
38 static int verbose = 0;
39
40 static void
41 hex_dump_data(const void *data, size_t length)
42 {
43 char *p;
44
45 hex_encode(data, length, &p);
46 printf("%s\n", p);
47 free(p);
48 }
49
50 struct {
51 char *password;
52 char *salt;
53 int saltlen;
54 int iterations;
55 krb5_enctype enctype;
56 size_t keylen;
57 char *pbkdf2;
58 char *key;
59 } keys[] = {
60 {
61 "password",
62 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
63 "ATHENA.MIT.EDUraeburn",
64 37,
65 32768,
66 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
67 16,
68 NULL,
69 "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7"
70 },
71 {
72 "password",
73 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
74 "ATHENA.MIT.EDUraeburn",
75 37,
76 32768,
77 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
78 32,
79 NULL,
80 "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22"
81 "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67"
82 },
83 {
84 "password", "ATHENA.MIT.EDUraeburn", -1,
85 1,
86 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
87 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
88 "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
89 },
90 {
91 "password", "ATHENA.MIT.EDUraeburn", -1,
92 1,
93 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
94 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
95 "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
96 "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
97 "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
98 },
99 {
100 "password", "ATHENA.MIT.EDUraeburn", -1,
101 2,
102 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
103 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
104 "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
105 },
106 {
107 "password", "ATHENA.MIT.EDUraeburn", -1,
108 2,
109 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
110 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
111 "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
112 "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
113 "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
114 },
115 {
116 "password", "ATHENA.MIT.EDUraeburn", -1,
117 1200,
118 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
119 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
120 "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
121 },
122 {
123 "password", "ATHENA.MIT.EDUraeburn", -1,
124 1200,
125 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
126 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
127 "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
128 "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
129 "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
130 },
131 {
132 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
133 5,
134 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
135 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
136 "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
137 },
138 {
139 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
140 5,
141 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
142 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
143 "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
144 "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
145 "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
146 },
147 {
148 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
149 "pass phrase equals block size", -1,
150 1200,
151 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
152 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
153 "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
154 },
155 {
156 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
157 "pass phrase equals block size", -1,
158 1200,
159 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
160 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
161 "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
162 "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
163 "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
164 },
165 {
166 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
167 "pass phrase exceeds block size", -1,
168 1200,
169 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
170 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
171 "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
172 },
173 {
174 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
175 "pass phrase exceeds block size", -1,
176 1200,
177 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
178 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
179 "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
180 "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
181 "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
182 },
183 {
184 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
185 50,
186 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
187 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
188 "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
189 },
190 {
191 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
192 50,
193 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
194 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
195 "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
196 "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
197 "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
198 },
199 {
200 "foo", "", -1,
201 0,
202 ETYPE_ARCFOUR_HMAC_MD5, 16,
203 NULL,
204 "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
205 },
206 {
207 "test", "", -1,
208 0,
209 ETYPE_ARCFOUR_HMAC_MD5, 16,
210 NULL,
211 "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
212 }
213 };
214
215 static int
216 string_to_key_test(krb5_context context)
217 {
218 krb5_data password, opaque;
219 krb5_error_code ret;
220 krb5_salt salt;
221 int i, val = 0;
222 char iter[4];
223
224 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
225
226 password.data = keys[i].password;
227 password.length = strlen(password.data);
228
229 salt.salttype = KRB5_PW_SALT;
230 salt.saltvalue.data = keys[i].salt;
231 if (keys[i].saltlen == -1)
232 salt.saltvalue.length = strlen(salt.saltvalue.data);
233 else
234 salt.saltvalue.length = keys[i].saltlen;
235
236 opaque.data = iter;
237 opaque.length = sizeof(iter);
238 _krb5_put_int(iter, keys[i].iterations, 4);
239
240 if (keys[i].pbkdf2) {
241 unsigned char keyout[32];
242
243 if (keys[i].keylen > sizeof(keyout))
244 abort();
245
246 PKCS5_PBKDF2_HMAC(password.data, password.length,
247 salt.saltvalue.data, salt.saltvalue.length,
248 keys[i].iterations, EVP_sha1(),
249 keys[i].keylen, keyout);
250
251 if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
252 krb5_warnx(context, "%d: pbkdf2", i);
253 val = 1;
254 hex_dump_data(keyout, keys[i].keylen);
255 continue;
256 }
257
258 if (verbose) {
259 printf("PBKDF2:\n");
260 hex_dump_data(keyout, keys[i].keylen);
261 }
262 }
263
264 {
265 krb5_keyblock key;
266
267 ret = krb5_string_to_key_data_salt_opaque (context,
268 keys[i].enctype,
269 password,
270 salt,
271 opaque,
272 &key);
273 if (ret) {
274 krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque",
275 i);
276 val = 1;
277 continue;
278 }
279
280 if (key.keyvalue.length != keys[i].keylen) {
281 krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
282 i, (unsigned long)key.keyvalue.length,
283 (unsigned long)keys[i].keylen);
284 val = 1;
285 continue;
286 }
287
288 if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
289 krb5_warnx(context, "%d: key wrong", i);
290 val = 1;
291 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
292 hex_dump_data(keys[i].key, keys[i].keylen);
293 continue;
294 }
295
296 if (verbose) {
297 printf("key:\n");
298 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
299 }
300 krb5_free_keyblock_contents(context, &key);
301 }
302 }
303 return val;
304 }
305
306 static int
307 krb_enc(krb5_context context,
308 krb5_crypto crypto,
309 unsigned usage,
310 krb5_data *cipher,
311 krb5_data *clear)
312 {
313 krb5_data decrypt;
314 krb5_error_code ret;
315
316 krb5_data_zero(&decrypt);
317
318 ret = krb5_decrypt(context,
319 crypto,
320 usage,
321 cipher->data,
322 cipher->length,
323 &decrypt);
324
325 if (ret) {
326 krb5_warn(context, ret, "krb5_decrypt");
327 return ret;
328 }
329
330 if (decrypt.length != clear->length ||
331 (decrypt.length &&
332 memcmp(decrypt.data, clear->data, decrypt.length) != 0)) {
333 krb5_warnx(context, "clear text not same");
334 return EINVAL;
335 }
336
337 krb5_data_free(&decrypt);
338
339 return 0;
340 }
341
342 static int
343 krb_enc_iov2(krb5_context context,
344 krb5_crypto crypto,
345 unsigned usage,
346 size_t cipher_len,
347 krb5_data *clear)
348 {
349 krb5_crypto_iov iov[4];
350 krb5_data decrypt;
351 int ret;
352 char *p, *q;
353 size_t len, i;
354
355 p = clear->data;
356 len = clear->length;
357
358 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
359 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
360 iov[0].data.data = emalloc(iov[0].data.length);
361
362 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
363 iov[1].data.length = len;
364 iov[1].data.data = emalloc(iov[1].data.length);
365 memcpy(iov[1].data.data, p, iov[1].data.length);
366
367 /* padding buffer */
368 iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
369 krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length);
370 iov[2].data.data = emalloc(iov[2].data.length);
371
372 iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
373 krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length);
374 iov[3].data.data = emalloc(iov[3].data.length);
375
376 ret = krb5_encrypt_iov_ivec(context, crypto, usage,
377 iov, sizeof(iov)/sizeof(iov[0]), NULL);
378 if (ret)
379 errx(1, "encrypt iov failed: %d", ret);
380
381 /* check len */
382 for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
383 len += iov[i].data.length;
384 if (len != cipher_len)
385 errx(1, "cipher len wrong");
386
387 /*
388 * Plain decrypt
389 */
390
391 p = q = emalloc(len);
392 for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
393 memcpy(q, iov[i].data.data, iov[i].data.length);
394 q += iov[i].data.length;
395 }
396
397 ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt);
398 if (ret)
399 krb5_err(context, 1, ret, "krb5_decrypt");
400 else
401 krb5_data_free(&decrypt);
402
403 free(p);
404
405 /*
406 * Now decrypt use iov
407 */
408
409 /* padding turn into data */
410 p = q = emalloc(iov[1].data.length + iov[2].data.length);
411
412 memcpy(q, iov[1].data.data, iov[1].data.length);
413 q += iov[1].data.length;
414 memcpy(q, iov[2].data.data, iov[2].data.length);
415
416 free(iov[1].data.data);
417 free(iov[2].data.data);
418
419 iov[1].data.data = p;
420 iov[1].data.length += iov[2].data.length;
421
422 iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY;
423 iov[2].data.length = 0;
424
425 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
426 iov, sizeof(iov)/sizeof(iov[0]), NULL);
427 free(iov[0].data.data);
428 free(iov[3].data.data);
429
430 if (ret)
431 krb5_err(context, 1, ret, "decrypt iov failed: %d", ret);
432
433 if (clear->length != iov[1].data.length)
434 errx(1, "length incorrect");
435
436 p = clear->data;
437 if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0)
438 errx(1, "iov[1] incorrect");
439
440 free(iov[1].data.data);
441
442 return 0;
443 }
444
445
446 static int
447 krb_enc_iov(krb5_context context,
448 krb5_crypto crypto,
449 unsigned usage,
450 krb5_data *cipher,
451 krb5_data *clear)
452 {
453 krb5_crypto_iov iov[3];
454 int ret;
455 char *p;
456 size_t len;
457
458 p = cipher->data;
459 len = cipher->length;
460
461 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
462 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
463 iov[0].data.data = emalloc(iov[0].data.length);
464 memcpy(iov[0].data.data, p, iov[0].data.length);
465 p += iov[0].data.length;
466 len -= iov[0].data.length;
467
468 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER;
469 krb5_crypto_length(context, crypto, iov[1].flags, &iov[1].data.length);
470 iov[1].data.data = emalloc(iov[1].data.length);
471 memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length);
472 len -= iov[1].data.length;
473
474 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
475 iov[2].data.length = len;
476 iov[2].data.data = emalloc(len);
477 memcpy(iov[2].data.data, p, len);
478
479 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
480 iov, sizeof(iov)/sizeof(iov[0]), NULL);
481 if (ret)
482 krb5_err(context, 1, ret, "krb_enc_iov decrypt iov failed: %d", ret);
483
484 if (clear->length != iov[2].data.length)
485 errx(1, "length incorrect");
486
487 p = clear->data;
488 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0)
489 errx(1, "iov[2] incorrect");
490
491 free(iov[0].data.data);
492 free(iov[1].data.data);
493 free(iov[2].data.data);
494
495
496 return 0;
497 }
498
499 static int
500 krb_checksum_iov(krb5_context context,
501 krb5_crypto crypto,
502 unsigned usage,
503 krb5_data *plain,
504 krb5_data *verify)
505 {
506 krb5_crypto_iov iov[3];
507 int ret;
508 char *p;
509 size_t len;
510
511 p = plain->data;
512 len = plain->length;
513
514 iov[0].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
515 if (verify) {
516 iov[0].data = *verify;
517 } else {
518 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
519 iov[0].data.data = emalloc(iov[0].data.length);
520 }
521
522 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
523 iov[1].data.length = len;
524 iov[1].data.data = p;
525
526 iov[2].flags = KRB5_CRYPTO_TYPE_TRAILER;
527 krb5_crypto_length(context, crypto, iov[0].flags, &iov[2].data.length);
528 iov[2].data.data = malloc(iov[2].data.length);
529
530 if (verify == NULL) {
531 ret = krb5_create_checksum_iov(context, crypto, usage,
532 iov, sizeof(iov)/sizeof(iov[0]), NULL);
533 if (ret)
534 krb5_err(context, 1, ret, "krb5_create_checksum_iov failed");
535 }
536
537 ret = krb5_verify_checksum_iov(context, crypto, usage, iov, sizeof(iov)/sizeof(iov[0]), NULL);
538 if (ret)
539 krb5_err(context, 1, ret, "krb5_verify_checksum_iov");
540
541 if (verify == NULL)
542 free(iov[0].data.data);
543 free(iov[2].data.data);
544
545 return 0;
546 }
547
548
549 static int
550 krb_enc_mit(krb5_context context,
551 krb5_enctype enctype,
552 krb5_keyblock *key,
553 unsigned usage,
554 krb5_data *cipher,
555 krb5_data *clear)
556 {
557 #ifndef HEIMDAL_SMALLER
558 krb5_error_code ret;
559 krb5_enc_data e;
560 krb5_data decrypt;
561 size_t len;
562
563 e.kvno = 0;
564 e.enctype = enctype;
565 e.ciphertext = *cipher;
566
567 ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
568 if (ret)
569 return ret;
570
571 if (decrypt.length != clear->length ||
572 (decrypt.length &&
573 memcmp(decrypt.data, clear->data, decrypt.length) != 0)) {
574 krb5_warnx(context, "clear text not same");
575 return EINVAL;
576 }
577
578 krb5_data_free(&decrypt);
579
580 ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
581 if (ret)
582 return ret;
583
584 if (len != cipher->length) {
585 krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
586 (unsigned long)len, (unsigned long)cipher->length);
587 return EINVAL;
588 }
589 #endif /* HEIMDAL_SMALLER */
590 return 0;
591 }
592
593 struct {
594 krb5_enctype enctype;
595 unsigned usage;
596 size_t keylen;
597 void *key;
598 size_t elen;
599 void* edata;
600 size_t plen;
601 void *pdata;
602 size_t clen; /* checksum length */
603 void *cdata; /* checksum data */
604 } krbencs[] = {
605 {
606 ETYPE_AES256_CTS_HMAC_SHA1_96,
607 7,
608 32,
609 "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
610 "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
611 44,
612 "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
613 "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
614 "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
615 16,
616 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a",
617 0,
618 NULL
619 },
620 {
621 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
622 2,
623 16,
624 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
625 32,
626 "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D"
627 "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18",
628 0,
629 "",
630 0,
631 NULL
632 },
633 {
634 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
635 2,
636 16,
637 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
638 38,
639 "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF"
640 "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4"
641 "\x42\x1D\xFD\xF8\x97\x6C",
642 6,
643 "\x00\x01\x02\x03\x04\x05",
644 0,
645 NULL
646 },
647 {
648 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
649 2,
650 16,
651 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
652 48,
653 "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A"
654 "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2"
655 "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3",
656 16,
657 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
658 0,
659 NULL
660 },
661 {
662 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
663 2,
664 16,
665 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
666 53,
667 "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36"
668 "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC"
669 "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34"
670 "\xA2\x87\xFF\xCB\xFC",
671 21,
672 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
673 "\x10\x11\x12\x13\x14",
674 16,
675 "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE"
676 },
677 {
678 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
679 2,
680 32,
681 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
682 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
683 40,
684 "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0"
685 "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74"
686 "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C",
687 0,
688 "",
689 0,
690 NULL
691 },
692 {
693 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
694 2,
695 32,
696 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
697 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
698 46,
699 "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7"
700 "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60"
701 "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2",
702 6,
703 "\x00\x01\x02\x03\x04\x05",
704 0,
705 NULL
706 },
707 {
708 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
709 2,
710 32,
711 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
712 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
713 56,
714 "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B"
715 "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6"
716 "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E"
717 "\x40\xC4\xFF\x25\x5B\x36\xA2\x66",
718 16,
719 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
720 0,
721 NULL
722 },
723 {
724 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
725 2,
726 32,
727 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
728 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
729 61,
730 "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE"
731 "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2"
732 "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A"
733 "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62",
734 21,
735 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
736 "\x10\x11\x12\x13\x14",
737 24,
738 "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D"
739 "\x43\xC3\xBF\xA0\x66\x99\x67\x2A"
740 }
741 };
742
743 static int
744 krb_enc_test(krb5_context context)
745 {
746 krb5_error_code ret;
747 krb5_crypto crypto;
748 krb5_keyblock kb;
749 krb5_data cipher, plain;
750 int i;
751
752 for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
753
754 kb.keytype = krbencs[i].enctype;
755 kb.keyvalue.length = krbencs[i].keylen;
756 kb.keyvalue.data = krbencs[i].key;
757
758 ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
759 if (ret)
760 krb5_err(context, 1, ret, "krb5_crypto_init failed with %d for test %d",
761 ret, i);
762
763 cipher.length = krbencs[i].elen;
764 cipher.data = krbencs[i].edata;
765 plain.length = krbencs[i].plen;
766 plain.data = krbencs[i].pdata;
767
768 ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
769
770 if (ret)
771 krb5_err(context, 1, ret, "krb_enc failed with %d for test %d",
772 ret, i);
773
774 ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain);
775 if (ret)
776 krb5_err(context, 1, ret, "krb_enc_iov failed with %d for test %d",
777 ret, i);
778
779 ret = krb_enc_iov2(context, crypto, krbencs[i].usage,
780 cipher.length, &plain);
781 if (ret)
782 krb5_err(context, 1, ret, "krb_enc_iov2 failed with %d for test %d",
783 ret, i);
784
785 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, NULL);
786 if (ret)
787 krb5_err(context, 1, ret,
788 "krb_checksum_iov failed with %d for test %d", ret, i);
789
790 if (krbencs[i].cdata) {
791 krb5_data checksum;
792
793 checksum.length = krbencs[i].clen;
794 checksum.data = krbencs[i].cdata;
795
796 ret = krb_checksum_iov(context, crypto, krbencs[i].usage,
797 &plain, &checksum);
798 if (ret)
799 krb5_err(context, 1, ret,
800 "krb_checksum_iov(2) failed with %d for test %d",
801 ret, i);
802 }
803
804 krb5_crypto_destroy(context, crypto);
805
806 ret = krb_enc_mit(context, krbencs[i].enctype, &kb,
807 krbencs[i].usage, &cipher, &plain);
808 if (ret)
809 krb5_err(context, 1, ret, "krb_enc_mit failed with %d for test %d",
810 ret, i);
811 }
812
813 return 0;
814 }
815
816 static int
817 iov_test(krb5_context context, krb5_enctype enctype)
818 {
819 krb5_error_code ret;
820 krb5_crypto crypto;
821 krb5_keyblock key;
822 krb5_data signonly, in, in2;
823 krb5_crypto_iov iov[6];
824 size_t len, i;
825 unsigned char *base, *p;
826
827 ret = krb5_generate_random_keyblock(context, enctype, &key);
828 if (ret)
829 krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
830
831 ret = krb5_crypto_init(context, &key, 0, &crypto);
832 if (ret)
833 krb5_err(context, 1, ret, "krb5_crypto_init");
834
835
836 ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len);
837 if (ret)
838 krb5_err(context, 1, ret, "krb5_crypto_length");
839
840 signonly.data = "This should be signed";
841 signonly.length = strlen(signonly.data);
842 in.data = "inputdata";
843 in.length = strlen(in.data);
844
845 in2.data = "INPUTDATA";
846 in2.length = strlen(in2.data);
847
848
849 memset(iov, 0, sizeof(iov));
850
851 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
852 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
853 iov[1].data = in;
854 iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
855 iov[2].data = signonly;
856 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
857 iov[4].flags = KRB5_CRYPTO_TYPE_PADDING;
858 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER;
859
860 ret = krb5_crypto_length_iov(context, crypto, iov,
861 sizeof(iov)/sizeof(iov[0]));
862 if (ret)
863 krb5_err(context, 1, ret, "krb5_crypto_length_iov");
864
865 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
866 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
867 continue;
868 len += iov[i].data.length;
869 }
870
871 base = emalloc(len);
872
873 /*
874 * Allocate data for the fields
875 */
876
877 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
878 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
879 continue;;
880 iov[i].data.data = p;
881 p += iov[i].data.length;
882 }
883 assert(iov[1].data.length == in.length);
884 memcpy(iov[1].data.data, in.data, iov[1].data.length);
885
886 /*
887 * Encrypt
888 */
889
890 ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov,
891 sizeof(iov)/sizeof(iov[0]), NULL);
892 if (ret)
893 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");
894
895 /*
896 * Decrypt
897 */
898
899 ret = krb5_decrypt_iov_ivec(context, crypto, 7,
900 iov, sizeof(iov)/sizeof(iov[0]), NULL);
901 if (ret)
902 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");
903
904 /*
905 * Verify data
906 */
907
908 if (krb5_data_cmp(&iov[1].data, &in) != 0)
909 krb5_errx(context, 1, "decrypted data not same");
910
911 /*
912 * Free memory
913 */
914
915 free(base);
916
917 /* Set up for second try */
918
919 iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
920 iov[3].data = in;
921
922 ret = krb5_crypto_length_iov(context, crypto,
923 iov, sizeof(iov)/sizeof(iov[0]));
924 if (ret)
925 krb5_err(context, 1, ret, "krb5_crypto_length_iov");
926
927 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
928 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
929 continue;
930 len += iov[i].data.length;
931 }
932
933 base = emalloc(len);
934
935 /*
936 * Allocate data for the fields
937 */
938
939 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
940 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
941 continue;;
942 iov[i].data.data = p;
943 p += iov[i].data.length;
944 }
945 assert(iov[1].data.length == in.length);
946 memcpy(iov[1].data.data, in.data, iov[1].data.length);
947
948 assert(iov[3].data.length == in2.length);
949 memcpy(iov[3].data.data, in2.data, iov[3].data.length);
950
951
952
953 /*
954 * Encrypt
955 */
956
957 ret = krb5_encrypt_iov_ivec(context, crypto, 7,
958 iov, sizeof(iov)/sizeof(iov[0]), NULL);
959 if (ret)
960 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");
961
962 /*
963 * Decrypt
964 */
965
966 ret = krb5_decrypt_iov_ivec(context, crypto, 7,
967 iov, sizeof(iov)/sizeof(iov[0]), NULL);
968 if (ret)
969 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");
970
971 /*
972 * Verify data
973 */
974
975 if (krb5_data_cmp(&iov[1].data, &in) != 0)
976 krb5_errx(context, 1, "decrypted data 2.1 not same");
977
978 if (krb5_data_cmp(&iov[3].data, &in2) != 0)
979 krb5_errx(context, 1, "decrypted data 2.2 not same");
980
981 /*
982 * Free memory
983 */
984
985 free(base);
986
987 krb5_crypto_destroy(context, crypto);
988
989 krb5_free_keyblock_contents(context, &key);
990
991 return 0;
992 }
993
994
995
996 static int
997 random_to_key(krb5_context context)
998 {
999 krb5_error_code ret;
1000 krb5_keyblock key;
1001
1002 ret = krb5_random_to_key(context,
1003 ETYPE_DES3_CBC_SHA1,
1004 "\x21\x39\x04\x58\x6A\xBD\x7F"
1005 "\x21\x39\x04\x58\x6A\xBD\x7F"
1006 "\x21\x39\x04\x58\x6A\xBD\x7F",
1007 21,
1008 &key);
1009 if (ret){
1010 krb5_warn(context, ret, "random_to_key");
1011 return 1;
1012 }
1013 if (key.keyvalue.length != 24)
1014 return 1;
1015
1016 if (memcmp(key.keyvalue.data,
1017 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
1018 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
1019 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
1020 24) != 0)
1021 return 1;
1022
1023 krb5_free_keyblock_contents(context, &key);
1024
1025 return 0;
1026 }
1027
1028 int
1029 main(int argc, char **argv)
1030 {
1031 krb5_error_code ret;
1032 krb5_context context;
1033 int val = 0;
1034
1035 if (argc > 1 && strcmp(argv[1], "-v") == 0)
1036 verbose = 1;
1037
1038 ret = krb5_init_context (&context);
1039 if (ret)
1040 errx (1, "krb5_init_context failed: %d", ret);
1041
1042 val |= string_to_key_test(context);
1043
1044 val |= krb_enc_test(context);
1045 val |= random_to_key(context);
1046 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96);
1047 val |= iov_test(context, KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128);
1048 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192);
1049
1050 if (verbose && val == 0)
1051 printf("all ok\n");
1052 if (val)
1053 printf("tests failed\n");
1054
1055 krb5_free_context(context);
1056
1057 return val;
1058 }
Heimdal