1184588Sdfr/*- 2184588Sdfr * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 3184588Sdfr * Authors: Doug Rabson <dfr@rabson.org> 4184588Sdfr * Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 5184588Sdfr * 6184588Sdfr * Redistribution and use in source and binary forms, with or without 7184588Sdfr * modification, are permitted provided that the following conditions 8184588Sdfr * are met: 9184588Sdfr * 1. Redistributions of source code must retain the above copyright 10184588Sdfr * notice, this list of conditions and the following disclaimer. 11184588Sdfr * 2. Redistributions in binary form must reproduce the above copyright 12184588Sdfr * notice, this list of conditions and the following disclaimer in the 13184588Sdfr * documentation and/or other materials provided with the distribution. 14184588Sdfr * 15184588Sdfr * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16184588Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17184588Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18184588Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19184588Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20184588Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21184588Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22184588Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23184588Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24184588Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25184588Sdfr * SUCH DAMAGE. 26184588Sdfr */ 27184588Sdfr 28184588Sdfr#include <sys/cdefs.h> 29184588Sdfr__FBSDID("$FreeBSD$"); 30184588Sdfr 31184588Sdfr#include <sys/param.h> 32184588Sdfr#include <sys/lock.h> 33184588Sdfr#include <sys/malloc.h> 34184588Sdfr#include <sys/mutex.h> 35184588Sdfr#include <sys/kobj.h> 36184588Sdfr#include <sys/mbuf.h> 37184588Sdfr#include <crypto/des/des.h> 38184588Sdfr#include <opencrypto/cryptodev.h> 39184588Sdfr 40184588Sdfr#include <kgssapi/gssapi.h> 41184588Sdfr#include <kgssapi/gssapi_impl.h> 42184588Sdfr 43184588Sdfr#include "kcrypto.h" 44184588Sdfr 45184588Sdfr#define DES3_FLAGS (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) 46184588Sdfr 47184588Sdfrstruct des3_state { 48184588Sdfr struct mtx ds_lock; 49184588Sdfr uint64_t ds_session; 50184588Sdfr}; 51184588Sdfr 52184588Sdfrstatic void 53184588Sdfrdes3_init(struct krb5_key_state *ks) 54184588Sdfr{ 55184588Sdfr struct des3_state *ds; 56184588Sdfr 57184588Sdfr ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO); 58184588Sdfr mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF); 59184588Sdfr ks->ks_priv = ds; 60184588Sdfr} 61184588Sdfr 62184588Sdfrstatic void 63184588Sdfrdes3_destroy(struct krb5_key_state *ks) 64184588Sdfr{ 65184588Sdfr struct des3_state *ds = ks->ks_priv; 66184588Sdfr 67184588Sdfr if (ds->ds_session) 68184588Sdfr crypto_freesession(ds->ds_session); 69184588Sdfr mtx_destroy(&ds->ds_lock); 70184588Sdfr free(ks->ks_priv, M_GSSAPI); 71184588Sdfr} 72184588Sdfr 73184588Sdfrstatic void 74184588Sdfrdes3_set_key(struct krb5_key_state *ks, const void *in) 75184588Sdfr{ 76184588Sdfr void *kp = ks->ks_key; 77184588Sdfr struct des3_state *ds = ks->ks_priv; 78184588Sdfr struct cryptoini cri[2]; 79184588Sdfr 80184588Sdfr if (kp != in) 81184588Sdfr bcopy(in, kp, ks->ks_class->ec_keylen); 82184588Sdfr 83184588Sdfr if (ds->ds_session) 84184588Sdfr crypto_freesession(ds->ds_session); 85184588Sdfr 86184588Sdfr bzero(cri, sizeof(cri)); 87184588Sdfr 88184588Sdfr cri[0].cri_alg = CRYPTO_SHA1_HMAC; 89184588Sdfr cri[0].cri_klen = 192; 90184588Sdfr cri[0].cri_mlen = 0; 91184588Sdfr cri[0].cri_key = ks->ks_key; 92184588Sdfr cri[0].cri_next = &cri[1]; 93184588Sdfr 94184588Sdfr cri[1].cri_alg = CRYPTO_3DES_CBC; 95184588Sdfr cri[1].cri_klen = 192; 96184588Sdfr cri[1].cri_mlen = 0; 97184588Sdfr cri[1].cri_key = ks->ks_key; 98184588Sdfr cri[1].cri_next = NULL; 99184588Sdfr 100184588Sdfr crypto_newsession(&ds->ds_session, cri, 101184588Sdfr CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE); 102184588Sdfr} 103184588Sdfr 104184588Sdfrstatic void 105184588Sdfrdes3_random_to_key(struct krb5_key_state *ks, const void *in) 106184588Sdfr{ 107184588Sdfr uint8_t *outkey; 108184588Sdfr const uint8_t *inkey; 109184588Sdfr int subkey; 110184588Sdfr 111184588Sdfr for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3; 112184588Sdfr subkey++, outkey += 8, inkey += 7) { 113184588Sdfr /* 114184588Sdfr * Expand 56 bits of random data to 64 bits as follows 115184588Sdfr * (in the example, bit number 1 is the MSB of the 56 116184588Sdfr * bits of random data): 117184588Sdfr * 118184588Sdfr * expanded = 119184588Sdfr * 1 2 3 4 5 6 7 p 120184588Sdfr * 9 10 11 12 13 14 15 p 121184588Sdfr * 17 18 19 20 21 22 23 p 122184588Sdfr * 25 26 27 28 29 30 31 p 123184588Sdfr * 33 34 35 36 37 38 39 p 124184588Sdfr * 41 42 43 44 45 46 47 p 125184588Sdfr * 49 50 51 52 53 54 55 p 126184588Sdfr * 56 48 40 32 24 16 8 p 127184588Sdfr */ 128184588Sdfr outkey[0] = inkey[0]; 129184588Sdfr outkey[1] = inkey[1]; 130184588Sdfr outkey[2] = inkey[2]; 131184588Sdfr outkey[3] = inkey[3]; 132184588Sdfr outkey[4] = inkey[4]; 133184588Sdfr outkey[5] = inkey[5]; 134184588Sdfr outkey[6] = inkey[6]; 135184588Sdfr outkey[7] = (((inkey[0] & 1) << 1) 136184588Sdfr | ((inkey[1] & 1) << 2) 137184588Sdfr | ((inkey[2] & 1) << 3) 138184588Sdfr | ((inkey[3] & 1) << 4) 139184588Sdfr | ((inkey[4] & 1) << 5) 140184588Sdfr | ((inkey[5] & 1) << 6) 141184588Sdfr | ((inkey[6] & 1) << 7)); 142184588Sdfr des_set_odd_parity((des_cblock *) outkey); 143184588Sdfr if (des_is_weak_key((des_cblock *) outkey)) 144184588Sdfr outkey[7] ^= 0xf0; 145184588Sdfr } 146184588Sdfr 147184588Sdfr des3_set_key(ks, ks->ks_key); 148184588Sdfr} 149184588Sdfr 150184588Sdfrstatic int 151184588Sdfrdes3_crypto_cb(struct cryptop *crp) 152184588Sdfr{ 153184588Sdfr int error; 154184588Sdfr struct des3_state *ds = (struct des3_state *) crp->crp_opaque; 155184588Sdfr 156184588Sdfr if (CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) 157184588Sdfr return (0); 158184588Sdfr 159184588Sdfr error = crp->crp_etype; 160184588Sdfr if (error == EAGAIN) 161184588Sdfr error = crypto_dispatch(crp); 162184588Sdfr mtx_lock(&ds->ds_lock); 163184588Sdfr if (error || (crp->crp_flags & CRYPTO_F_DONE)) 164184588Sdfr wakeup(crp); 165184588Sdfr mtx_unlock(&ds->ds_lock); 166184588Sdfr 167184588Sdfr return (0); 168184588Sdfr} 169184588Sdfr 170184588Sdfrstatic void 171184588Sdfrdes3_encrypt_1(const struct krb5_key_state *ks, struct mbuf *inout, 172184588Sdfr size_t skip, size_t len, void *ivec, int encdec) 173184588Sdfr{ 174184588Sdfr struct des3_state *ds = ks->ks_priv; 175184588Sdfr struct cryptop *crp; 176184588Sdfr struct cryptodesc *crd; 177184588Sdfr int error; 178184588Sdfr 179184588Sdfr crp = crypto_getreq(1); 180184588Sdfr crd = crp->crp_desc; 181184588Sdfr 182184588Sdfr crd->crd_skip = skip; 183184588Sdfr crd->crd_len = len; 184184588Sdfr crd->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT | encdec; 185184588Sdfr if (ivec) { 186184588Sdfr bcopy(ivec, crd->crd_iv, 8); 187184588Sdfr } else { 188184588Sdfr bzero(crd->crd_iv, 8); 189184588Sdfr } 190184588Sdfr crd->crd_next = NULL; 191184588Sdfr crd->crd_alg = CRYPTO_3DES_CBC; 192184588Sdfr 193184588Sdfr crp->crp_sid = ds->ds_session; 194184588Sdfr crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; 195184588Sdfr crp->crp_buf = (void *) inout; 196184588Sdfr crp->crp_opaque = (void *) ds; 197184588Sdfr crp->crp_callback = des3_crypto_cb; 198184588Sdfr 199184588Sdfr error = crypto_dispatch(crp); 200184588Sdfr 201184588Sdfr if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { 202184588Sdfr mtx_lock(&ds->ds_lock); 203184588Sdfr if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) 204184588Sdfr error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0); 205184588Sdfr mtx_unlock(&ds->ds_lock); 206184588Sdfr } 207184588Sdfr 208184588Sdfr crypto_freereq(crp); 209184588Sdfr} 210184588Sdfr 211184588Sdfrstatic void 212184588Sdfrdes3_encrypt(const struct krb5_key_state *ks, struct mbuf *inout, 213184588Sdfr size_t skip, size_t len, void *ivec, size_t ivlen) 214184588Sdfr{ 215184588Sdfr 216184588Sdfr des3_encrypt_1(ks, inout, skip, len, ivec, CRD_F_ENCRYPT); 217184588Sdfr} 218184588Sdfr 219184588Sdfrstatic void 220184588Sdfrdes3_decrypt(const struct krb5_key_state *ks, struct mbuf *inout, 221184588Sdfr size_t skip, size_t len, void *ivec, size_t ivlen) 222184588Sdfr{ 223184588Sdfr 224184588Sdfr des3_encrypt_1(ks, inout, skip, len, ivec, 0); 225184588Sdfr} 226184588Sdfr 227184588Sdfrstatic void 228184588Sdfrdes3_checksum(const struct krb5_key_state *ks, int usage, 229184588Sdfr struct mbuf *inout, size_t skip, size_t inlen, size_t outlen) 230184588Sdfr{ 231184588Sdfr struct des3_state *ds = ks->ks_priv; 232184588Sdfr struct cryptop *crp; 233184588Sdfr struct cryptodesc *crd; 234184588Sdfr int error; 235184588Sdfr 236184588Sdfr crp = crypto_getreq(1); 237184588Sdfr crd = crp->crp_desc; 238184588Sdfr 239184588Sdfr crd->crd_skip = skip; 240184588Sdfr crd->crd_len = inlen; 241184588Sdfr crd->crd_inject = skip + inlen; 242184588Sdfr crd->crd_flags = 0; 243184588Sdfr crd->crd_next = NULL; 244184588Sdfr crd->crd_alg = CRYPTO_SHA1_HMAC; 245184588Sdfr 246184588Sdfr crp->crp_sid = ds->ds_session; 247184588Sdfr crp->crp_ilen = inlen; 248184588Sdfr crp->crp_olen = 20; 249184588Sdfr crp->crp_etype = 0; 250184588Sdfr crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; 251184588Sdfr crp->crp_buf = (void *) inout; 252184588Sdfr crp->crp_opaque = (void *) ds; 253184588Sdfr crp->crp_callback = des3_crypto_cb; 254184588Sdfr 255184588Sdfr error = crypto_dispatch(crp); 256184588Sdfr 257184588Sdfr if ((CRYPTO_SESID2CAPS(ds->ds_session) & CRYPTOCAP_F_SYNC) == 0) { 258184588Sdfr mtx_lock(&ds->ds_lock); 259184588Sdfr if (!error && !(crp->crp_flags & CRYPTO_F_DONE)) 260184588Sdfr error = msleep(crp, &ds->ds_lock, 0, "gssdes3", 0); 261184588Sdfr mtx_unlock(&ds->ds_lock); 262184588Sdfr } 263184588Sdfr 264184588Sdfr crypto_freereq(crp); 265184588Sdfr} 266184588Sdfr 267184588Sdfrstruct krb5_encryption_class krb5_des3_encryption_class = { 268184588Sdfr "des3-cbc-sha1", /* name */ 269184588Sdfr ETYPE_DES3_CBC_SHA1, /* etype */ 270184588Sdfr EC_DERIVED_KEYS, /* flags */ 271184588Sdfr 8, /* blocklen */ 272184588Sdfr 8, /* msgblocklen */ 273184588Sdfr 20, /* checksumlen */ 274184588Sdfr 168, /* keybits */ 275184588Sdfr 24, /* keylen */ 276184588Sdfr des3_init, 277184588Sdfr des3_destroy, 278184588Sdfr des3_set_key, 279184588Sdfr des3_random_to_key, 280184588Sdfr des3_encrypt, 281184588Sdfr des3_decrypt, 282184588Sdfr des3_checksum 283184588Sdfr}; 284184588Sdfr 285184588Sdfr#if 0 286184588Sdfrstruct des3_dk_test { 287184588Sdfr uint8_t key[24]; 288184588Sdfr uint8_t usage[8]; 289184588Sdfr size_t usagelen; 290184588Sdfr uint8_t dk[24]; 291184588Sdfr}; 292184588Sdfrstruct des3_dk_test tests[] = { 293184588Sdfr {{0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 294184588Sdfr 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 295184588Sdfr 0x3b, 0x92}, 296184588Sdfr {0x00, 0x00, 0x00, 0x01, 0x55}, 5, 297184588Sdfr {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 298184588Sdfr 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 299184588Sdfr 0x04, 0xcd}}, 300184588Sdfr 301184588Sdfr {{0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 302184588Sdfr 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 303184588Sdfr 0xe9, 0xf2}, 304184588Sdfr {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, 305184588Sdfr {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 306184588Sdfr 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 307184588Sdfr 0xf2, 0x07}}, 308184588Sdfr 309184588Sdfr {{0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 310184588Sdfr 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 311184588Sdfr 0x52, 0xbc}, 312184588Sdfr {0x00, 0x00, 0x00, 0x01, 0x55}, 5, 313184588Sdfr {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 314184588Sdfr 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 315184588Sdfr 0xea, 0xbf}}, 316184588Sdfr 317184588Sdfr {{0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 318184588Sdfr 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 319184588Sdfr 0x92, 0xb5}, 320184588Sdfr {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, 321184588Sdfr {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 322184588Sdfr 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 323184588Sdfr 0x70, 0x3e}}, 324184588Sdfr 325184588Sdfr {{0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 326184588Sdfr 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 327184588Sdfr 0x02, 0xfb}, 328184588Sdfr {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8, 329184588Sdfr {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 330184588Sdfr 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 331184588Sdfr 0xda, 0x43}}, 332184588Sdfr 333184588Sdfr {{0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 334184588Sdfr 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 335184588Sdfr 0x04, 0xda}, 336184588Sdfr {0x00, 0x00, 0x00, 0x01, 0x55}, 5, 337184588Sdfr {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 338184588Sdfr 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 339184588Sdfr 0x75, 0xf7}}, 340184588Sdfr 341184588Sdfr {{0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 342184588Sdfr 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 343184588Sdfr 0x91, 0x7c}, 344184588Sdfr {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, 345184588Sdfr {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 346184588Sdfr 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 347184588Sdfr 0xe5, 0xc1}}, 348184588Sdfr 349184588Sdfr {{0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 350184588Sdfr 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 351184588Sdfr 0xc4, 0x43}, 352184588Sdfr {0x00, 0x00, 0x00, 0x01, 0x55}, 5, 353184588Sdfr {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 354184588Sdfr 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 355184588Sdfr 0x3b, 0x49}}, 356184588Sdfr 357184588Sdfr {{0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 358184588Sdfr 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 359184588Sdfr 0xd0, 0x16}, 360184588Sdfr {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, 361184588Sdfr {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 362184588Sdfr 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 363184588Sdfr 0xec, 0x5d}}, 364184588Sdfr}; 365184588Sdfr#define N_TESTS (sizeof(tests) / sizeof(tests[0])) 366184588Sdfr 367184588Sdfrint 368184588Sdfrmain(int argc, char **argv) 369184588Sdfr{ 370184588Sdfr struct krb5_key_state *key, *dk; 371184588Sdfr uint8_t *dkp; 372184588Sdfr int j, i; 373184588Sdfr 374184588Sdfr for (j = 0; j < N_TESTS; j++) { 375184588Sdfr struct des3_dk_test *t = &tests[j]; 376184588Sdfr key = krb5_create_key(&des3_encryption_class); 377184588Sdfr krb5_set_key(key, t->key); 378184588Sdfr dk = krb5_derive_key(key, t->usage, t->usagelen); 379184588Sdfr krb5_free_key(key); 380184588Sdfr if (memcmp(dk->ks_key, t->dk, 24)) { 381184588Sdfr printf("DES3 dk("); 382184588Sdfr for (i = 0; i < 24; i++) 383184588Sdfr printf("%02x", t->key[i]); 384184588Sdfr printf(", "); 385184588Sdfr for (i = 0; i < t->usagelen; i++) 386184588Sdfr printf("%02x", t->usage[i]); 387184588Sdfr printf(") failed\n"); 388184588Sdfr printf("should be: "); 389184588Sdfr for (i = 0; i < 24; i++) 390184588Sdfr printf("%02x", t->dk[i]); 391184588Sdfr printf("\n result was: "); 392184588Sdfr dkp = dk->ks_key; 393184588Sdfr for (i = 0; i < 24; i++) 394184588Sdfr printf("%02x", dkp[i]); 395184588Sdfr printf("\n"); 396184588Sdfr } 397184588Sdfr krb5_free_key(dk); 398184588Sdfr } 399184588Sdfr 400184588Sdfr return (0); 401184588Sdfr} 402184588Sdfr#endif 403