1 /* $NetBSD: aes-test.c,v 1.3 2023/06/19 21:41:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 2003-2016 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of KTH nor the names of its contributors may be
20 * used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
34
35 #include "krb5_locl.h"
36 #include <krb5/hex.h>
37 #include <err.h>
38 #include <assert.h>
39
40 static int verbose = 0;
41
42 static void
hex_dump_data(const void * data,size_t length)43 hex_dump_data(const void *data, size_t length)
44 {
45 char *p;
46
47 hex_encode(data, length, &p);
48 printf("%s\n", p);
49 free(p);
50 }
51
52 struct {
53 char *password;
54 char *salt;
55 int saltlen;
56 int iterations;
57 krb5_enctype enctype;
58 size_t keylen;
59 char *pbkdf2;
60 char *key;
61 } keys[] = {
62 {
63 "password",
64 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
65 "ATHENA.MIT.EDUraeburn",
66 37,
67 32768,
68 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
69 16,
70 NULL,
71 "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7"
72 },
73 {
74 "password",
75 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
76 "ATHENA.MIT.EDUraeburn",
77 37,
78 32768,
79 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
80 32,
81 NULL,
82 "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22"
83 "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67"
84 },
85 {
86 "password", "ATHENA.MIT.EDUraeburn", -1,
87 1,
88 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
89 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
90 "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
91 },
92 {
93 "password", "ATHENA.MIT.EDUraeburn", -1,
94 1,
95 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
96 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
97 "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
98 "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
99 "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
100 },
101 {
102 "password", "ATHENA.MIT.EDUraeburn", -1,
103 2,
104 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
105 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
106 "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
107 },
108 {
109 "password", "ATHENA.MIT.EDUraeburn", -1,
110 2,
111 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
112 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
113 "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
114 "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
115 "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
116 },
117 {
118 "password", "ATHENA.MIT.EDUraeburn", -1,
119 1200,
120 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
121 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
122 "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
123 },
124 {
125 "password", "ATHENA.MIT.EDUraeburn", -1,
126 1200,
127 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
128 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
129 "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
130 "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
131 "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
132 },
133 {
134 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
135 5,
136 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
137 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
138 "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
139 },
140 {
141 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
142 5,
143 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
144 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
145 "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
146 "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
147 "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
148 },
149 {
150 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
151 "pass phrase equals block size", -1,
152 1200,
153 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
154 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
155 "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
156 },
157 {
158 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
159 "pass phrase equals block size", -1,
160 1200,
161 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
162 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
163 "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
164 "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
165 "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
166 },
167 {
168 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
169 "pass phrase exceeds block size", -1,
170 1200,
171 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
172 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
173 "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
174 },
175 {
176 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
177 "pass phrase exceeds block size", -1,
178 1200,
179 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
180 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
181 "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
182 "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
183 "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
184 },
185 {
186 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
187 50,
188 ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
189 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
190 "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
191 },
192 {
193 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
194 50,
195 ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
196 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
197 "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
198 "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
199 "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
200 },
201 {
202 "foo", "", -1,
203 0,
204 ETYPE_ARCFOUR_HMAC_MD5, 16,
205 NULL,
206 "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
207 },
208 {
209 "test", "", -1,
210 0,
211 ETYPE_ARCFOUR_HMAC_MD5, 16,
212 NULL,
213 "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
214 }
215 };
216
217 static int
string_to_key_test(krb5_context context)218 string_to_key_test(krb5_context context)
219 {
220 krb5_data password, opaque;
221 krb5_error_code ret;
222 krb5_salt salt;
223 int i, val = 0;
224 char iter[4];
225
226 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
227
228 password.data = keys[i].password;
229 password.length = strlen(password.data);
230
231 salt.salttype = KRB5_PW_SALT;
232 salt.saltvalue.data = keys[i].salt;
233 if (keys[i].saltlen == -1)
234 salt.saltvalue.length = strlen(salt.saltvalue.data);
235 else
236 salt.saltvalue.length = keys[i].saltlen;
237
238 opaque.data = iter;
239 opaque.length = sizeof(iter);
240 _krb5_put_int(iter, keys[i].iterations, 4);
241
242 if (keys[i].pbkdf2) {
243 unsigned char keyout[32];
244
245 if (keys[i].keylen > sizeof(keyout))
246 abort();
247
248 PKCS5_PBKDF2_HMAC(password.data, password.length,
249 salt.saltvalue.data, salt.saltvalue.length,
250 keys[i].iterations, EVP_sha1(),
251 keys[i].keylen, keyout);
252
253 if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
254 krb5_warnx(context, "%d: pbkdf2", i);
255 val = 1;
256 hex_dump_data(keyout, keys[i].keylen);
257 continue;
258 }
259
260 if (verbose) {
261 printf("PBKDF2:\n");
262 hex_dump_data(keyout, keys[i].keylen);
263 }
264 }
265
266 {
267 krb5_keyblock key;
268
269 ret = krb5_string_to_key_data_salt_opaque (context,
270 keys[i].enctype,
271 password,
272 salt,
273 opaque,
274 &key);
275 if (ret) {
276 krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque",
277 i);
278 val = 1;
279 continue;
280 }
281
282 if (key.keyvalue.length != keys[i].keylen) {
283 krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
284 i, (unsigned long)key.keyvalue.length,
285 (unsigned long)keys[i].keylen);
286 val = 1;
287 continue;
288 }
289
290 if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
291 krb5_warnx(context, "%d: key wrong", i);
292 val = 1;
293 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
294 hex_dump_data(keys[i].key, keys[i].keylen);
295 continue;
296 }
297
298 if (verbose) {
299 printf("key:\n");
300 hex_dump_data(key.keyvalue.data, key.keyvalue.length);
301 }
302 krb5_free_keyblock_contents(context, &key);
303 }
304 }
305 return val;
306 }
307
308 static int
krb_enc(krb5_context context,krb5_crypto crypto,unsigned usage,krb5_data * cipher,krb5_data * clear)309 krb_enc(krb5_context context,
310 krb5_crypto crypto,
311 unsigned usage,
312 krb5_data *cipher,
313 krb5_data *clear)
314 {
315 krb5_data decrypt;
316 krb5_error_code ret;
317
318 krb5_data_zero(&decrypt);
319
320 ret = krb5_decrypt(context,
321 crypto,
322 usage,
323 cipher->data,
324 cipher->length,
325 &decrypt);
326
327 if (ret) {
328 krb5_warn(context, ret, "krb5_decrypt");
329 return ret;
330 }
331
332 if (decrypt.length != clear->length ||
333 (decrypt.length &&
334 memcmp(decrypt.data, clear->data, decrypt.length) != 0)) {
335 krb5_warnx(context, "clear text not same");
336 return EINVAL;
337 }
338
339 krb5_data_free(&decrypt);
340
341 return 0;
342 }
343
344 static int
krb_enc_iov2(krb5_context context,krb5_crypto crypto,unsigned usage,size_t cipher_len,krb5_data * clear)345 krb_enc_iov2(krb5_context context,
346 krb5_crypto crypto,
347 unsigned usage,
348 size_t cipher_len,
349 krb5_data *clear)
350 {
351 krb5_crypto_iov iov[4];
352 krb5_data decrypt;
353 int ret;
354 char *p, *q;
355 size_t len, i;
356
357 p = clear->data;
358 len = clear->length;
359
360 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
361 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
362 iov[0].data.data = emalloc(iov[0].data.length);
363
364 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
365 iov[1].data.length = len;
366 iov[1].data.data = emalloc(iov[1].data.length);
367 memcpy(iov[1].data.data, p, iov[1].data.length);
368
369 /* padding buffer */
370 iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
371 krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length);
372 iov[2].data.data = emalloc(iov[2].data.length);
373
374 iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
375 krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length);
376 iov[3].data.data = emalloc(iov[3].data.length);
377
378 ret = krb5_encrypt_iov_ivec(context, crypto, usage,
379 iov, sizeof(iov)/sizeof(iov[0]), NULL);
380 if (ret)
381 errx(1, "encrypt iov failed: %d", ret);
382
383 /* check len */
384 for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
385 len += iov[i].data.length;
386 if (len != cipher_len)
387 errx(1, "cipher len wrong");
388
389 /*
390 * Plain decrypt
391 */
392
393 p = q = emalloc(len);
394 for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
395 memcpy(q, iov[i].data.data, iov[i].data.length);
396 q += iov[i].data.length;
397 }
398
399 ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt);
400 if (ret)
401 krb5_err(context, 1, ret, "krb5_decrypt");
402 else
403 krb5_data_free(&decrypt);
404
405 free(p);
406
407 /*
408 * Now decrypt use iov
409 */
410
411 /* padding turn into data */
412 p = q = emalloc(iov[1].data.length + iov[2].data.length);
413
414 memcpy(q, iov[1].data.data, iov[1].data.length);
415 q += iov[1].data.length;
416 memcpy(q, iov[2].data.data, iov[2].data.length);
417
418 free(iov[1].data.data);
419 free(iov[2].data.data);
420
421 iov[1].data.data = p;
422 iov[1].data.length += iov[2].data.length;
423
424 iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY;
425 iov[2].data.length = 0;
426
427 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
428 iov, sizeof(iov)/sizeof(iov[0]), NULL);
429 free(iov[0].data.data);
430 free(iov[3].data.data);
431
432 if (ret)
433 krb5_err(context, 1, ret, "decrypt iov failed: %d", ret);
434
435 if (clear->length != iov[1].data.length)
436 errx(1, "length incorrect");
437
438 p = clear->data;
439 if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0)
440 errx(1, "iov[1] incorrect");
441
442 free(iov[1].data.data);
443
444 return 0;
445 }
446
447
448 static int
krb_enc_iov(krb5_context context,krb5_crypto crypto,unsigned usage,krb5_data * cipher,krb5_data * clear)449 krb_enc_iov(krb5_context context,
450 krb5_crypto crypto,
451 unsigned usage,
452 krb5_data *cipher,
453 krb5_data *clear)
454 {
455 krb5_crypto_iov iov[3];
456 int ret;
457 char *p;
458 size_t len;
459
460 p = cipher->data;
461 len = cipher->length;
462
463 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
464 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
465 iov[0].data.data = emalloc(iov[0].data.length);
466 memcpy(iov[0].data.data, p, iov[0].data.length);
467 p += iov[0].data.length;
468 len -= iov[0].data.length;
469
470 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER;
471 krb5_crypto_length(context, crypto, iov[1].flags, &iov[1].data.length);
472 iov[1].data.data = emalloc(iov[1].data.length);
473 memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length);
474 len -= iov[1].data.length;
475
476 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
477 iov[2].data.length = len;
478 iov[2].data.data = emalloc(len);
479 memcpy(iov[2].data.data, p, len);
480
481 ret = krb5_decrypt_iov_ivec(context, crypto, usage,
482 iov, sizeof(iov)/sizeof(iov[0]), NULL);
483 if (ret)
484 krb5_err(context, 1, ret, "krb_enc_iov decrypt iov failed: %d", ret);
485
486 if (clear->length != iov[2].data.length)
487 errx(1, "length incorrect");
488
489 p = clear->data;
490 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0)
491 errx(1, "iov[2] incorrect");
492
493 free(iov[0].data.data);
494 free(iov[1].data.data);
495 free(iov[2].data.data);
496
497
498 return 0;
499 }
500
501 static int
krb_checksum_iov(krb5_context context,krb5_crypto crypto,unsigned usage,krb5_data * plain,krb5_data * verify)502 krb_checksum_iov(krb5_context context,
503 krb5_crypto crypto,
504 unsigned usage,
505 krb5_data *plain,
506 krb5_data *verify)
507 {
508 krb5_crypto_iov iov[3];
509 int ret;
510 char *p;
511 size_t len;
512
513 p = plain->data;
514 len = plain->length;
515
516 iov[0].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
517 if (verify) {
518 iov[0].data = *verify;
519 } else {
520 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length);
521 iov[0].data.data = emalloc(iov[0].data.length);
522 }
523
524 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
525 iov[1].data.length = len;
526 iov[1].data.data = p;
527
528 iov[2].flags = KRB5_CRYPTO_TYPE_TRAILER;
529 krb5_crypto_length(context, crypto, iov[0].flags, &iov[2].data.length);
530 iov[2].data.data = malloc(iov[2].data.length);
531
532 if (verify == NULL) {
533 ret = krb5_create_checksum_iov(context, crypto, usage,
534 iov, sizeof(iov)/sizeof(iov[0]), NULL);
535 if (ret)
536 krb5_err(context, 1, ret, "krb5_create_checksum_iov failed");
537 }
538
539 ret = krb5_verify_checksum_iov(context, crypto, usage, iov, sizeof(iov)/sizeof(iov[0]), NULL);
540 if (ret)
541 krb5_err(context, 1, ret, "krb5_verify_checksum_iov");
542
543 if (verify == NULL)
544 free(iov[0].data.data);
545 free(iov[2].data.data);
546
547 return 0;
548 }
549
550
551 static int
krb_enc_mit(krb5_context context,krb5_enctype enctype,krb5_keyblock * key,unsigned usage,krb5_data * cipher,krb5_data * clear)552 krb_enc_mit(krb5_context context,
553 krb5_enctype enctype,
554 krb5_keyblock *key,
555 unsigned usage,
556 krb5_data *cipher,
557 krb5_data *clear)
558 {
559 #ifndef HEIMDAL_SMALLER
560 krb5_error_code ret;
561 krb5_enc_data e;
562 krb5_data decrypt;
563 size_t len;
564
565 e.kvno = 0;
566 e.enctype = enctype;
567 e.ciphertext = *cipher;
568
569 ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
570 if (ret)
571 return ret;
572
573 if (decrypt.length != clear->length ||
574 (decrypt.length &&
575 memcmp(decrypt.data, clear->data, decrypt.length) != 0)) {
576 krb5_warnx(context, "clear text not same");
577 return EINVAL;
578 }
579
580 krb5_data_free(&decrypt);
581
582 ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
583 if (ret)
584 return ret;
585
586 if (len != cipher->length) {
587 krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
588 (unsigned long)len, (unsigned long)cipher->length);
589 return EINVAL;
590 }
591 #endif /* HEIMDAL_SMALLER */
592 return 0;
593 }
594
595 struct {
596 krb5_enctype enctype;
597 unsigned usage;
598 size_t keylen;
599 void *key;
600 size_t elen;
601 void* edata;
602 size_t plen;
603 void *pdata;
604 size_t clen; /* checksum length */
605 void *cdata; /* checksum data */
606 } krbencs[] = {
607 {
608 ETYPE_AES256_CTS_HMAC_SHA1_96,
609 7,
610 32,
611 "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
612 "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
613 44,
614 "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
615 "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
616 "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
617 16,
618 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a",
619 0,
620 NULL
621 },
622 {
623 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
624 2,
625 16,
626 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
627 32,
628 "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D"
629 "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18",
630 0,
631 "",
632 0,
633 NULL
634 },
635 {
636 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
637 2,
638 16,
639 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
640 38,
641 "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF"
642 "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4"
643 "\x42\x1D\xFD\xF8\x97\x6C",
644 6,
645 "\x00\x01\x02\x03\x04\x05",
646 0,
647 NULL
648 },
649 {
650 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
651 2,
652 16,
653 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
654 48,
655 "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A"
656 "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2"
657 "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3",
658 16,
659 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
660 0,
661 NULL
662 },
663 {
664 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128,
665 2,
666 16,
667 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C",
668 53,
669 "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36"
670 "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC"
671 "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34"
672 "\xA2\x87\xFF\xCB\xFC",
673 21,
674 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
675 "\x10\x11\x12\x13\x14",
676 16,
677 "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE"
678 },
679 {
680 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
681 2,
682 32,
683 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
684 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
685 40,
686 "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0"
687 "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74"
688 "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C",
689 0,
690 "",
691 0,
692 NULL
693 },
694 {
695 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
696 2,
697 32,
698 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
699 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
700 46,
701 "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7"
702 "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60"
703 "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2",
704 6,
705 "\x00\x01\x02\x03\x04\x05",
706 0,
707 NULL
708 },
709 {
710 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
711 2,
712 32,
713 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
714 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
715 56,
716 "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B"
717 "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6"
718 "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E"
719 "\x40\xC4\xFF\x25\x5B\x36\xA2\x66",
720 16,
721 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
722 0,
723 NULL
724 },
725 {
726 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192,
727 2,
728 32,
729 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
730 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52",
731 61,
732 "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE"
733 "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2"
734 "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A"
735 "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62",
736 21,
737 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
738 "\x10\x11\x12\x13\x14",
739 24,
740 "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D"
741 "\x43\xC3\xBF\xA0\x66\x99\x67\x2A"
742 }
743 };
744
745 static int
krb_enc_test(krb5_context context)746 krb_enc_test(krb5_context context)
747 {
748 krb5_error_code ret;
749 krb5_crypto crypto;
750 krb5_keyblock kb;
751 krb5_data cipher, plain;
752 int i;
753
754 for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
755
756 kb.keytype = krbencs[i].enctype;
757 kb.keyvalue.length = krbencs[i].keylen;
758 kb.keyvalue.data = krbencs[i].key;
759
760 ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
761
762 cipher.length = krbencs[i].elen;
763 cipher.data = krbencs[i].edata;
764 plain.length = krbencs[i].plen;
765 plain.data = krbencs[i].pdata;
766
767 ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
768
769 if (ret)
770 errx(1, "krb_enc failed with %d for test %d", ret, i);
771
772 ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain);
773 if (ret)
774 errx(1, "krb_enc_iov failed with %d for test %d", ret, i);
775
776 ret = krb_enc_iov2(context, crypto, krbencs[i].usage,
777 cipher.length, &plain);
778 if (ret)
779 errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i);
780
781 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, NULL);
782 if (ret)
783 errx(1, "krb_checksum_iov failed with %d for test %d", ret, i);
784
785 if (krbencs[i].cdata) {
786 krb5_data checksum;
787
788 checksum.length = krbencs[i].clen;
789 checksum.data = krbencs[i].cdata;
790
791 ret = krb_checksum_iov(context, crypto, krbencs[i].usage,
792 &plain, &checksum);
793 if (ret)
794 errx(1, "krb_checksum_iov(2) failed with %d for test %d", ret, i);
795 }
796
797 krb5_crypto_destroy(context, crypto);
798
799 ret = krb_enc_mit(context, krbencs[i].enctype, &kb,
800 krbencs[i].usage, &cipher, &plain);
801 if (ret)
802 errx(1, "krb_enc_mit failed with %d for test %d", ret, i);
803 }
804
805 return 0;
806 }
807
808 static int
iov_test(krb5_context context,krb5_enctype enctype)809 iov_test(krb5_context context, krb5_enctype enctype)
810 {
811 krb5_error_code ret;
812 krb5_crypto crypto;
813 krb5_keyblock key;
814 krb5_data signonly, in, in2;
815 krb5_crypto_iov iov[6];
816 size_t len, i;
817 unsigned char *base, *p;
818
819 ret = krb5_generate_random_keyblock(context, enctype, &key);
820 if (ret)
821 krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
822
823 ret = krb5_crypto_init(context, &key, 0, &crypto);
824 if (ret)
825 krb5_err(context, 1, ret, "krb5_crypto_init");
826
827
828 ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len);
829 if (ret)
830 krb5_err(context, 1, ret, "krb5_crypto_length");
831
832 signonly.data = "This should be signed";
833 signonly.length = strlen(signonly.data);
834 in.data = "inputdata";
835 in.length = strlen(in.data);
836
837 in2.data = "INPUTDATA";
838 in2.length = strlen(in2.data);
839
840
841 memset(iov, 0, sizeof(iov));
842
843 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
844 iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
845 iov[1].data = in;
846 iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
847 iov[2].data = signonly;
848 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
849 iov[4].flags = KRB5_CRYPTO_TYPE_PADDING;
850 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER;
851
852 ret = krb5_crypto_length_iov(context, crypto, iov,
853 sizeof(iov)/sizeof(iov[0]));
854 if (ret)
855 krb5_err(context, 1, ret, "krb5_crypto_length_iov");
856
857 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
858 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
859 continue;
860 len += iov[i].data.length;
861 }
862
863 base = emalloc(len);
864
865 /*
866 * Allocate data for the fields
867 */
868
869 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
870 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
871 continue;;
872 iov[i].data.data = p;
873 p += iov[i].data.length;
874 }
875 assert(iov[1].data.length == in.length);
876 memcpy(iov[1].data.data, in.data, iov[1].data.length);
877
878 /*
879 * Encrypt
880 */
881
882 ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov,
883 sizeof(iov)/sizeof(iov[0]), NULL);
884 if (ret)
885 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");
886
887 /*
888 * Decrypt
889 */
890
891 ret = krb5_decrypt_iov_ivec(context, crypto, 7,
892 iov, sizeof(iov)/sizeof(iov[0]), NULL);
893 if (ret)
894 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");
895
896 /*
897 * Verify data
898 */
899
900 if (krb5_data_cmp(&iov[1].data, &in) != 0)
901 krb5_errx(context, 1, "decrypted data not same");
902
903 /*
904 * Free memory
905 */
906
907 free(base);
908
909 /* Set up for second try */
910
911 iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
912 iov[3].data = in;
913
914 ret = krb5_crypto_length_iov(context, crypto,
915 iov, sizeof(iov)/sizeof(iov[0]));
916 if (ret)
917 krb5_err(context, 1, ret, "krb5_crypto_length_iov");
918
919 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
920 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
921 continue;
922 len += iov[i].data.length;
923 }
924
925 base = emalloc(len);
926
927 /*
928 * Allocate data for the fields
929 */
930
931 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) {
932 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
933 continue;;
934 iov[i].data.data = p;
935 p += iov[i].data.length;
936 }
937 assert(iov[1].data.length == in.length);
938 memcpy(iov[1].data.data, in.data, iov[1].data.length);
939
940 assert(iov[3].data.length == in2.length);
941 memcpy(iov[3].data.data, in2.data, iov[3].data.length);
942
943
944
945 /*
946 * Encrypt
947 */
948
949 ret = krb5_encrypt_iov_ivec(context, crypto, 7,
950 iov, sizeof(iov)/sizeof(iov[0]), NULL);
951 if (ret)
952 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec");
953
954 /*
955 * Decrypt
956 */
957
958 ret = krb5_decrypt_iov_ivec(context, crypto, 7,
959 iov, sizeof(iov)/sizeof(iov[0]), NULL);
960 if (ret)
961 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec");
962
963 /*
964 * Verify data
965 */
966
967 if (krb5_data_cmp(&iov[1].data, &in) != 0)
968 krb5_errx(context, 1, "decrypted data 2.1 not same");
969
970 if (krb5_data_cmp(&iov[3].data, &in2) != 0)
971 krb5_errx(context, 1, "decrypted data 2.2 not same");
972
973 /*
974 * Free memory
975 */
976
977 free(base);
978
979 krb5_crypto_destroy(context, crypto);
980
981 krb5_free_keyblock_contents(context, &key);
982
983 return 0;
984 }
985
986
987
988 static int
random_to_key(krb5_context context)989 random_to_key(krb5_context context)
990 {
991 krb5_error_code ret;
992 krb5_keyblock key;
993
994 ret = krb5_random_to_key(context,
995 ETYPE_DES3_CBC_SHA1,
996 "\x21\x39\x04\x58\x6A\xBD\x7F"
997 "\x21\x39\x04\x58\x6A\xBD\x7F"
998 "\x21\x39\x04\x58\x6A\xBD\x7F",
999 21,
1000 &key);
1001 if (ret){
1002 krb5_warn(context, ret, "random_to_key");
1003 return 1;
1004 }
1005 if (key.keyvalue.length != 24)
1006 return 1;
1007
1008 if (memcmp(key.keyvalue.data,
1009 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
1010 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
1011 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
1012 24) != 0)
1013 return 1;
1014
1015 krb5_free_keyblock_contents(context, &key);
1016
1017 return 0;
1018 }
1019
1020 int
main(int argc,char ** argv)1021 main(int argc, char **argv)
1022 {
1023 krb5_error_code ret;
1024 krb5_context context;
1025 int val = 0;
1026
1027 if (argc > 1 && strcmp(argv[1], "-v") == 0)
1028 verbose = 1;
1029
1030 ret = krb5_init_context (&context);
1031 if (ret)
1032 errx (1, "krb5_init_context failed: %d", ret);
1033
1034 val |= string_to_key_test(context);
1035
1036 val |= krb_enc_test(context);
1037 val |= random_to_key(context);
1038 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96);
1039 val |= iov_test(context, KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128);
1040 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192);
1041
1042 if (verbose && val == 0)
1043 printf("all ok\n");
1044 if (val)
1045 printf("tests failed\n");
1046
1047 krb5_free_context(context);
1048
1049 return val;
1050 }
1051