1 /* $NetBSD: aes-test.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2003-2016 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of KTH nor the names of its contributors may be 20 * used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 34 35 #include "krb5_locl.h" 36 #include <krb5/hex.h> 37 #include <err.h> 38 #include <assert.h> 39 40 static int verbose = 0; 41 42 static void 43 hex_dump_data(const void *data, size_t length) 44 { 45 char *p; 46 47 hex_encode(data, length, &p); 48 printf("%s\n", p); 49 free(p); 50 } 51 52 struct { 53 char *password; 54 char *salt; 55 int saltlen; 56 int iterations; 57 krb5_enctype enctype; 58 size_t keylen; 59 char *pbkdf2; 60 char *key; 61 } keys[] = { 62 { 63 "password", 64 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61" 65 "ATHENA.MIT.EDUraeburn", 66 37, 67 32768, 68 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 69 16, 70 NULL, 71 "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7" 72 }, 73 { 74 "password", 75 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61" 76 "ATHENA.MIT.EDUraeburn", 77 37, 78 32768, 79 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 80 32, 81 NULL, 82 "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22" 83 "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67" 84 }, 85 { 86 "password", "ATHENA.MIT.EDUraeburn", -1, 87 1, 88 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 89 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15", 90 "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15" 91 }, 92 { 93 "password", "ATHENA.MIT.EDUraeburn", -1, 94 1, 95 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 96 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15" 97 "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37", 98 "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b" 99 "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61" 100 }, 101 { 102 "password", "ATHENA.MIT.EDUraeburn", -1, 103 2, 104 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 105 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d", 106 "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13" 107 }, 108 { 109 "password", "ATHENA.MIT.EDUraeburn", -1, 110 2, 111 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 112 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d" 113 "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86", 114 "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61" 115 "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff" 116 }, 117 { 118 "password", "ATHENA.MIT.EDUraeburn", -1, 119 1200, 120 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 121 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", 122 "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a" 123 }, 124 { 125 "password", "ATHENA.MIT.EDUraeburn", -1, 126 1200, 127 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 128 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" 129 "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", 130 "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7" 131 "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a" 132 }, 133 { 134 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, 135 5, 136 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 137 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49", 138 "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e" 139 }, 140 { 141 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, 142 5, 143 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 144 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" 145 "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee", 146 "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c" 147 "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31" 148 }, 149 { 150 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 151 "pass phrase equals block size", -1, 152 1200, 153 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 154 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9", 155 "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed" 156 }, 157 { 158 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 159 "pass phrase equals block size", -1, 160 1200, 161 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 162 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" 163 "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", 164 "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0" 165 "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34" 166 }, 167 { 168 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 169 "pass phrase exceeds block size", -1, 170 1200, 171 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 172 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61", 173 "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d" 174 }, 175 { 176 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 177 "pass phrase exceeds block size", -1, 178 1200, 179 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 180 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61" 181 "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a", 182 "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2" 183 "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b" 184 }, 185 { 186 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, 187 50, 188 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 189 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39", 190 "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5" 191 }, 192 { 193 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, 194 50, 195 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 196 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" 197 "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52", 198 "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c" 199 "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e" 200 }, 201 { 202 "foo", "", -1, 203 0, 204 ETYPE_ARCFOUR_HMAC_MD5, 16, 205 NULL, 206 "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc" 207 }, 208 { 209 "test", "", -1, 210 0, 211 ETYPE_ARCFOUR_HMAC_MD5, 16, 212 NULL, 213 "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37" 214 } 215 }; 216 217 static int 218 string_to_key_test(krb5_context context) 219 { 220 krb5_data password, opaque; 221 krb5_error_code ret; 222 krb5_salt salt; 223 int i, val = 0; 224 char iter[4]; 225 226 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) { 227 228 password.data = keys[i].password; 229 password.length = strlen(password.data); 230 231 salt.salttype = KRB5_PW_SALT; 232 salt.saltvalue.data = keys[i].salt; 233 if (keys[i].saltlen == -1) 234 salt.saltvalue.length = strlen(salt.saltvalue.data); 235 else 236 salt.saltvalue.length = keys[i].saltlen; 237 238 opaque.data = iter; 239 opaque.length = sizeof(iter); 240 _krb5_put_int(iter, keys[i].iterations, 4); 241 242 if (keys[i].pbkdf2) { 243 unsigned char keyout[32]; 244 245 if (keys[i].keylen > sizeof(keyout)) 246 abort(); 247 248 PKCS5_PBKDF2_HMAC(password.data, password.length, 249 salt.saltvalue.data, salt.saltvalue.length, 250 keys[i].iterations, EVP_sha1(), 251 keys[i].keylen, keyout); 252 253 if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) { 254 krb5_warnx(context, "%d: pbkdf2", i); 255 val = 1; 256 hex_dump_data(keyout, keys[i].keylen); 257 continue; 258 } 259 260 if (verbose) { 261 printf("PBKDF2:\n"); 262 hex_dump_data(keyout, keys[i].keylen); 263 } 264 } 265 266 { 267 krb5_keyblock key; 268 269 ret = krb5_string_to_key_data_salt_opaque (context, 270 keys[i].enctype, 271 password, 272 salt, 273 opaque, 274 &key); 275 if (ret) { 276 krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", 277 i); 278 val = 1; 279 continue; 280 } 281 282 if (key.keyvalue.length != keys[i].keylen) { 283 krb5_warnx(context, "%d: key wrong length (%lu/%lu)", 284 i, (unsigned long)key.keyvalue.length, 285 (unsigned long)keys[i].keylen); 286 val = 1; 287 continue; 288 } 289 290 if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) { 291 krb5_warnx(context, "%d: key wrong", i); 292 val = 1; 293 hex_dump_data(key.keyvalue.data, key.keyvalue.length); 294 hex_dump_data(keys[i].key, keys[i].keylen); 295 continue; 296 } 297 298 if (verbose) { 299 printf("key:\n"); 300 hex_dump_data(key.keyvalue.data, key.keyvalue.length); 301 } 302 krb5_free_keyblock_contents(context, &key); 303 } 304 } 305 return val; 306 } 307 308 static int 309 krb_enc(krb5_context context, 310 krb5_crypto crypto, 311 unsigned usage, 312 krb5_data *cipher, 313 krb5_data *clear) 314 { 315 krb5_data decrypt; 316 krb5_error_code ret; 317 318 krb5_data_zero(&decrypt); 319 320 ret = krb5_decrypt(context, 321 crypto, 322 usage, 323 cipher->data, 324 cipher->length, 325 &decrypt); 326 327 if (ret) { 328 krb5_warn(context, ret, "krb5_decrypt"); 329 return ret; 330 } 331 332 if (decrypt.length != clear->length || 333 memcmp(decrypt.data, clear->data, decrypt.length) != 0) { 334 krb5_warnx(context, "clear text not same"); 335 return EINVAL; 336 } 337 338 krb5_data_free(&decrypt); 339 340 return 0; 341 } 342 343 static int 344 krb_enc_iov2(krb5_context context, 345 krb5_crypto crypto, 346 unsigned usage, 347 size_t cipher_len, 348 krb5_data *clear) 349 { 350 krb5_crypto_iov iov[4]; 351 krb5_data decrypt; 352 int ret; 353 char *p, *q; 354 size_t len, i; 355 356 p = clear->data; 357 len = clear->length; 358 359 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 360 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); 361 iov[0].data.data = emalloc(iov[0].data.length); 362 363 iov[1].flags = KRB5_CRYPTO_TYPE_DATA; 364 iov[1].data.length = len; 365 iov[1].data.data = emalloc(iov[1].data.length); 366 memcpy(iov[1].data.data, p, iov[1].data.length); 367 368 /* padding buffer */ 369 iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; 370 krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length); 371 iov[2].data.data = emalloc(iov[2].data.length); 372 373 iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; 374 krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length); 375 iov[3].data.data = emalloc(iov[3].data.length); 376 377 ret = krb5_encrypt_iov_ivec(context, crypto, usage, 378 iov, sizeof(iov)/sizeof(iov[0]), NULL); 379 if (ret) 380 errx(1, "encrypt iov failed: %d", ret); 381 382 /* check len */ 383 for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++) 384 len += iov[i].data.length; 385 if (len != cipher_len) 386 errx(1, "cipher len wrong"); 387 388 /* 389 * Plain decrypt 390 */ 391 392 p = q = emalloc(len); 393 for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 394 memcpy(q, iov[i].data.data, iov[i].data.length); 395 q += iov[i].data.length; 396 } 397 398 ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt); 399 if (ret) 400 krb5_err(context, 1, ret, "krb5_decrypt"); 401 else 402 krb5_data_free(&decrypt); 403 404 free(p); 405 406 /* 407 * Now decrypt use iov 408 */ 409 410 /* padding turn into data */ 411 p = q = emalloc(iov[1].data.length + iov[2].data.length); 412 413 memcpy(q, iov[1].data.data, iov[1].data.length); 414 q += iov[1].data.length; 415 memcpy(q, iov[2].data.data, iov[2].data.length); 416 417 free(iov[1].data.data); 418 free(iov[2].data.data); 419 420 iov[1].data.data = p; 421 iov[1].data.length += iov[2].data.length; 422 423 iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY; 424 iov[2].data.length = 0; 425 426 ret = krb5_decrypt_iov_ivec(context, crypto, usage, 427 iov, sizeof(iov)/sizeof(iov[0]), NULL); 428 free(iov[0].data.data); 429 free(iov[3].data.data); 430 431 if (ret) 432 krb5_err(context, 1, ret, "decrypt iov failed: %d", ret); 433 434 if (clear->length != iov[1].data.length) 435 errx(1, "length incorrect"); 436 437 p = clear->data; 438 if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0) 439 errx(1, "iov[1] incorrect"); 440 441 free(iov[1].data.data); 442 443 return 0; 444 } 445 446 447 static int 448 krb_enc_iov(krb5_context context, 449 krb5_crypto crypto, 450 unsigned usage, 451 krb5_data *cipher, 452 krb5_data *clear) 453 { 454 krb5_crypto_iov iov[3]; 455 int ret; 456 char *p; 457 size_t len; 458 459 p = cipher->data; 460 len = cipher->length; 461 462 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 463 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); 464 iov[0].data.data = emalloc(iov[0].data.length); 465 memcpy(iov[0].data.data, p, iov[0].data.length); 466 p += iov[0].data.length; 467 len -= iov[0].data.length; 468 469 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER; 470 krb5_crypto_length(context, crypto, iov[1].flags, &iov[1].data.length); 471 iov[1].data.data = emalloc(iov[1].data.length); 472 memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length); 473 len -= iov[1].data.length; 474 475 iov[2].flags = KRB5_CRYPTO_TYPE_DATA; 476 iov[2].data.length = len; 477 iov[2].data.data = emalloc(len); 478 memcpy(iov[2].data.data, p, len); 479 480 ret = krb5_decrypt_iov_ivec(context, crypto, usage, 481 iov, sizeof(iov)/sizeof(iov[0]), NULL); 482 if (ret) 483 krb5_err(context, 1, ret, "krb_enc_iov decrypt iov failed: %d", ret); 484 485 if (clear->length != iov[2].data.length) 486 errx(1, "length incorrect"); 487 488 p = clear->data; 489 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0) 490 errx(1, "iov[2] incorrect"); 491 492 free(iov[0].data.data); 493 free(iov[1].data.data); 494 free(iov[2].data.data); 495 496 497 return 0; 498 } 499 500 static int 501 krb_checksum_iov(krb5_context context, 502 krb5_crypto crypto, 503 unsigned usage, 504 krb5_data *plain, 505 krb5_data *verify) 506 { 507 krb5_crypto_iov iov[3]; 508 int ret; 509 char *p; 510 size_t len; 511 512 p = plain->data; 513 len = plain->length; 514 515 iov[0].flags = KRB5_CRYPTO_TYPE_CHECKSUM; 516 if (verify) { 517 iov[0].data = *verify; 518 } else { 519 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); 520 iov[0].data.data = emalloc(iov[0].data.length); 521 } 522 523 iov[1].flags = KRB5_CRYPTO_TYPE_DATA; 524 iov[1].data.length = len; 525 iov[1].data.data = p; 526 527 iov[2].flags = KRB5_CRYPTO_TYPE_TRAILER; 528 krb5_crypto_length(context, crypto, iov[0].flags, &iov[2].data.length); 529 iov[2].data.data = malloc(iov[2].data.length); 530 531 if (verify == NULL) { 532 ret = krb5_create_checksum_iov(context, crypto, usage, 533 iov, sizeof(iov)/sizeof(iov[0]), NULL); 534 if (ret) 535 krb5_err(context, 1, ret, "krb5_create_checksum_iov failed"); 536 } 537 538 ret = krb5_verify_checksum_iov(context, crypto, usage, iov, sizeof(iov)/sizeof(iov[0]), NULL); 539 if (ret) 540 krb5_err(context, 1, ret, "krb5_verify_checksum_iov"); 541 542 if (verify == NULL) 543 free(iov[0].data.data); 544 free(iov[2].data.data); 545 546 return 0; 547 } 548 549 550 static int 551 krb_enc_mit(krb5_context context, 552 krb5_enctype enctype, 553 krb5_keyblock *key, 554 unsigned usage, 555 krb5_data *cipher, 556 krb5_data *clear) 557 { 558 #ifndef HEIMDAL_SMALLER 559 krb5_error_code ret; 560 krb5_enc_data e; 561 krb5_data decrypt; 562 size_t len; 563 564 e.kvno = 0; 565 e.enctype = enctype; 566 e.ciphertext = *cipher; 567 568 ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt); 569 if (ret) 570 return ret; 571 572 if (decrypt.length != clear->length || 573 memcmp(decrypt.data, clear->data, decrypt.length) != 0) { 574 krb5_warnx(context, "clear text not same"); 575 return EINVAL; 576 } 577 578 krb5_data_free(&decrypt); 579 580 ret = krb5_c_encrypt_length(context, enctype, clear->length, &len); 581 if (ret) 582 return ret; 583 584 if (len != cipher->length) { 585 krb5_warnx(context, "c_encrypt_length wrong %lu != %lu", 586 (unsigned long)len, (unsigned long)cipher->length); 587 return EINVAL; 588 } 589 #endif /* HEIMDAL_SMALLER */ 590 return 0; 591 } 592 593 struct { 594 krb5_enctype enctype; 595 unsigned usage; 596 size_t keylen; 597 void *key; 598 size_t elen; 599 void* edata; 600 size_t plen; 601 void *pdata; 602 size_t clen; /* checksum length */ 603 void *cdata; /* checksum data */ 604 } krbencs[] = { 605 { 606 ETYPE_AES256_CTS_HMAC_SHA1_96, 607 7, 608 32, 609 "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75" 610 "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65", 611 44, 612 "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91" 613 "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24" 614 "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd", 615 16, 616 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a", 617 0, 618 NULL 619 }, 620 { 621 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 622 2, 623 16, 624 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 625 32, 626 "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D" 627 "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18", 628 0, 629 "", 630 0, 631 NULL 632 }, 633 { 634 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 635 2, 636 16, 637 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 638 38, 639 "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF" 640 "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4" 641 "\x42\x1D\xFD\xF8\x97\x6C", 642 6, 643 "\x00\x01\x02\x03\x04\x05", 644 0, 645 NULL 646 }, 647 { 648 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 649 2, 650 16, 651 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 652 48, 653 "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A" 654 "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2" 655 "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3", 656 16, 657 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 658 0, 659 NULL 660 }, 661 { 662 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 663 2, 664 16, 665 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 666 53, 667 "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36" 668 "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC" 669 "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34" 670 "\xA2\x87\xFF\xCB\xFC", 671 21, 672 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" 673 "\x10\x11\x12\x13\x14", 674 16, 675 "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE" 676 }, 677 { 678 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 679 2, 680 32, 681 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 682 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 683 40, 684 "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0" 685 "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74" 686 "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C", 687 0, 688 "", 689 0, 690 NULL 691 }, 692 { 693 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 694 2, 695 32, 696 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 697 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 698 46, 699 "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7" 700 "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60" 701 "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2", 702 6, 703 "\x00\x01\x02\x03\x04\x05", 704 0, 705 NULL 706 }, 707 { 708 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 709 2, 710 32, 711 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 712 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 713 56, 714 "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B" 715 "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6" 716 "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E" 717 "\x40\xC4\xFF\x25\x5B\x36\xA2\x66", 718 16, 719 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 720 0, 721 NULL 722 }, 723 { 724 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 725 2, 726 32, 727 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 728 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 729 61, 730 "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE" 731 "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2" 732 "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A" 733 "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62", 734 21, 735 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" 736 "\x10\x11\x12\x13\x14", 737 24, 738 "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D" 739 "\x43\xC3\xBF\xA0\x66\x99\x67\x2A" 740 } 741 }; 742 743 static int 744 krb_enc_test(krb5_context context) 745 { 746 krb5_error_code ret; 747 krb5_crypto crypto; 748 krb5_keyblock kb; 749 krb5_data cipher, plain; 750 int i; 751 752 for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) { 753 754 kb.keytype = krbencs[i].enctype; 755 kb.keyvalue.length = krbencs[i].keylen; 756 kb.keyvalue.data = krbencs[i].key; 757 758 ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto); 759 760 cipher.length = krbencs[i].elen; 761 cipher.data = krbencs[i].edata; 762 plain.length = krbencs[i].plen; 763 plain.data = krbencs[i].pdata; 764 765 ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain); 766 767 if (ret) 768 errx(1, "krb_enc failed with %d for test %d", ret, i); 769 770 ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain); 771 if (ret) 772 errx(1, "krb_enc_iov failed with %d for test %d", ret, i); 773 774 ret = krb_enc_iov2(context, crypto, krbencs[i].usage, 775 cipher.length, &plain); 776 if (ret) 777 errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i); 778 779 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, NULL); 780 if (ret) 781 errx(1, "krb_checksum_iov failed with %d for test %d", ret, i); 782 783 if (krbencs[i].cdata) { 784 krb5_data checksum; 785 786 checksum.length = krbencs[i].clen; 787 checksum.data = krbencs[i].cdata; 788 789 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, 790 &plain, &checksum); 791 if (ret) 792 errx(1, "krb_checksum_iov(2) failed with %d for test %d", ret, i); 793 } 794 795 krb5_crypto_destroy(context, crypto); 796 797 ret = krb_enc_mit(context, krbencs[i].enctype, &kb, 798 krbencs[i].usage, &cipher, &plain); 799 if (ret) 800 errx(1, "krb_enc_mit failed with %d for test %d", ret, i); 801 } 802 803 return 0; 804 } 805 806 static int 807 iov_test(krb5_context context, krb5_enctype enctype) 808 { 809 krb5_error_code ret; 810 krb5_crypto crypto; 811 krb5_keyblock key; 812 krb5_data signonly, in, in2; 813 krb5_crypto_iov iov[6]; 814 size_t len, i; 815 unsigned char *base, *p; 816 817 ret = krb5_generate_random_keyblock(context, enctype, &key); 818 if (ret) 819 krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); 820 821 ret = krb5_crypto_init(context, &key, 0, &crypto); 822 if (ret) 823 krb5_err(context, 1, ret, "krb5_crypto_init"); 824 825 826 ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len); 827 if (ret) 828 krb5_err(context, 1, ret, "krb5_crypto_length"); 829 830 signonly.data = "This should be signed"; 831 signonly.length = strlen(signonly.data); 832 in.data = "inputdata"; 833 in.length = strlen(in.data); 834 835 in2.data = "INPUTDATA"; 836 in2.length = strlen(in2.data); 837 838 839 memset(iov, 0, sizeof(iov)); 840 841 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 842 iov[1].flags = KRB5_CRYPTO_TYPE_DATA; 843 iov[1].data = in; 844 iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; 845 iov[2].data = signonly; 846 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY; 847 iov[4].flags = KRB5_CRYPTO_TYPE_PADDING; 848 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER; 849 850 ret = krb5_crypto_length_iov(context, crypto, iov, 851 sizeof(iov)/sizeof(iov[0])); 852 if (ret) 853 krb5_err(context, 1, ret, "krb5_crypto_length_iov"); 854 855 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 856 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 857 continue; 858 len += iov[i].data.length; 859 } 860 861 base = emalloc(len); 862 863 /* 864 * Allocate data for the fields 865 */ 866 867 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 868 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 869 continue;; 870 iov[i].data.data = p; 871 p += iov[i].data.length; 872 } 873 assert(iov[1].data.length == in.length); 874 memcpy(iov[1].data.data, in.data, iov[1].data.length); 875 876 /* 877 * Encrypt 878 */ 879 880 ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov, 881 sizeof(iov)/sizeof(iov[0]), NULL); 882 if (ret) 883 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec"); 884 885 /* 886 * Decrypt 887 */ 888 889 ret = krb5_decrypt_iov_ivec(context, crypto, 7, 890 iov, sizeof(iov)/sizeof(iov[0]), NULL); 891 if (ret) 892 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec"); 893 894 /* 895 * Verify data 896 */ 897 898 if (krb5_data_cmp(&iov[1].data, &in) != 0) 899 krb5_errx(context, 1, "decrypted data not same"); 900 901 /* 902 * Free memory 903 */ 904 905 free(base); 906 907 /* Set up for second try */ 908 909 iov[3].flags = KRB5_CRYPTO_TYPE_DATA; 910 iov[3].data = in; 911 912 ret = krb5_crypto_length_iov(context, crypto, 913 iov, sizeof(iov)/sizeof(iov[0])); 914 if (ret) 915 krb5_err(context, 1, ret, "krb5_crypto_length_iov"); 916 917 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 918 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 919 continue; 920 len += iov[i].data.length; 921 } 922 923 base = emalloc(len); 924 925 /* 926 * Allocate data for the fields 927 */ 928 929 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 930 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 931 continue;; 932 iov[i].data.data = p; 933 p += iov[i].data.length; 934 } 935 assert(iov[1].data.length == in.length); 936 memcpy(iov[1].data.data, in.data, iov[1].data.length); 937 938 assert(iov[3].data.length == in2.length); 939 memcpy(iov[3].data.data, in2.data, iov[3].data.length); 940 941 942 943 /* 944 * Encrypt 945 */ 946 947 ret = krb5_encrypt_iov_ivec(context, crypto, 7, 948 iov, sizeof(iov)/sizeof(iov[0]), NULL); 949 if (ret) 950 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec"); 951 952 /* 953 * Decrypt 954 */ 955 956 ret = krb5_decrypt_iov_ivec(context, crypto, 7, 957 iov, sizeof(iov)/sizeof(iov[0]), NULL); 958 if (ret) 959 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec"); 960 961 /* 962 * Verify data 963 */ 964 965 if (krb5_data_cmp(&iov[1].data, &in) != 0) 966 krb5_errx(context, 1, "decrypted data 2.1 not same"); 967 968 if (krb5_data_cmp(&iov[3].data, &in2) != 0) 969 krb5_errx(context, 1, "decrypted data 2.2 not same"); 970 971 /* 972 * Free memory 973 */ 974 975 free(base); 976 977 krb5_crypto_destroy(context, crypto); 978 979 krb5_free_keyblock_contents(context, &key); 980 981 return 0; 982 } 983 984 985 986 static int 987 random_to_key(krb5_context context) 988 { 989 krb5_error_code ret; 990 krb5_keyblock key; 991 992 ret = krb5_random_to_key(context, 993 ETYPE_DES3_CBC_SHA1, 994 "\x21\x39\x04\x58\x6A\xBD\x7F" 995 "\x21\x39\x04\x58\x6A\xBD\x7F" 996 "\x21\x39\x04\x58\x6A\xBD\x7F", 997 21, 998 &key); 999 if (ret){ 1000 krb5_warn(context, ret, "random_to_key"); 1001 return 1; 1002 } 1003 if (key.keyvalue.length != 24) 1004 return 1; 1005 1006 if (memcmp(key.keyvalue.data, 1007 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7" 1008 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7" 1009 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7", 1010 24) != 0) 1011 return 1; 1012 1013 krb5_free_keyblock_contents(context, &key); 1014 1015 return 0; 1016 } 1017 1018 int 1019 main(int argc, char **argv) 1020 { 1021 krb5_error_code ret; 1022 krb5_context context; 1023 int val = 0; 1024 1025 if (argc > 1 && strcmp(argv[1], "-v") == 0) 1026 verbose = 1; 1027 1028 ret = krb5_init_context (&context); 1029 if (ret) 1030 errx (1, "krb5_init_context failed: %d", ret); 1031 1032 val |= string_to_key_test(context); 1033 1034 val |= krb_enc_test(context); 1035 val |= random_to_key(context); 1036 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96); 1037 val |= iov_test(context, KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128); 1038 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192); 1039 1040 if (verbose && val == 0) 1041 printf("all ok\n"); 1042 if (val) 1043 printf("tests failed\n"); 1044 1045 krb5_free_context(context); 1046 1047 return val; 1048 } 1049