1/* 2 * Copyright (c) 2009 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 32 33#include "krb5_locl.h" 34#include <err.h> 35#include <getarg.h> 36 37struct { 38 char *p1; 39 char *pepper1; 40 krb5_enctype e1; 41 char *p2; 42 char *pepper2; 43 krb5_enctype e2; 44 krb5_enctype e3; 45 char *key; 46 size_t len; 47} cf2[] = { 48 { 49 "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96, 50 "key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96, 51 ETYPE_AES128_CTS_HMAC_SHA1_96, 52 "\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x02\x87\xa9\x2a", 53 16 54 }, 55 { 56 "key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96, 57 "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96, 58 ETYPE_AES256_CTS_HMAC_SHA1_96, 59 "\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66" 60 "\xb9\x61\x7a\xe3\xa9\x68\x68\xc3\x37\xcb\x93\xb5\xe7\x2b\x1c\x7b", 61 32 62 }, 63 { 64 "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96, 65 "key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96, 66 ETYPE_AES256_CTS_HMAC_SHA1_96, 67 "\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x2\x87\xa9\x2a" 68 "\x1\x96\xfa\xf2\x44\xf8\x11\x20\xc2\x1c\x51\x17\xb3\xe6\xeb\x98", 69 32 70 }, 71 { 72 "key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96, 73 "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96, 74 ETYPE_AES128_CTS_HMAC_SHA1_96, 75 "\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66", 76 16 77 }, 78 { 79 "key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96, 80 "key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96, 81 ETYPE_AES256_CTS_HMAC_SHA1_96, 82 "\x88\xbd\xb2\xa9\xf\x3e\x52\x5a\xb0\x5f\x68\xc5\x43\x9a\x4d\x5e" 83 "\x9c\x2b\xfd\x2b\x02\x24\xde\x39\xb5\x82\xf4\xbb\x05\xfe\x2\x2e", 84 32 85 } 86}; 87 88 89static void 90test_cf2(krb5_context context) 91{ 92 krb5_error_code ret; 93 krb5_data pw, p1, p2; 94 krb5_salt salt; 95 krb5_keyblock k1, k2, k3; 96 krb5_crypto c1, c2; 97 unsigned int i; 98 99 for (i = 0; i < sizeof(cf2)/sizeof(cf2[0]); i++) { 100 pw.data = cf2[i].p1; 101 pw.length = strlen(cf2[i].p1); 102 salt.salttype = (krb5_salttype)KRB5_PADATA_PW_SALT; 103 salt.saltvalue.data = cf2[i].p1; 104 salt.saltvalue.length = strlen(cf2[i].p1); 105 106 ret = krb5_string_to_key_data_salt(context, 107 cf2[i].e1, 108 pw, 109 salt, 110 &k1); 111 if (ret) 112 krb5_err(context, 1, ret, "krb5_string_to_key_data_salt"); 113 114 ret = krb5_crypto_init(context, &k1, 0, &c1); 115 if (ret) 116 krb5_err(context, 1, ret, "krb5_crypto_init"); 117 118 pw.data = cf2[i].p2; 119 pw.length = strlen(cf2[i].p2); 120 salt.saltvalue.data = cf2[i].p2; 121 salt.saltvalue.length = strlen(cf2[i].p2); 122 123 ret = krb5_string_to_key_data_salt(context, 124 cf2[i].e2, 125 pw, 126 salt, 127 &k2); 128 if (ret) 129 krb5_err(context, 1, ret, "krb5_string_to_key_data_salt"); 130 131 ret = krb5_crypto_init(context, &k2, 0, &c2); 132 if (ret) 133 krb5_err(context, 1, ret, "krb5_crypto_init"); 134 135 136 p1.data = cf2[i].pepper1; 137 p1.length = strlen(cf2[i].pepper1); 138 139 p2.data = cf2[i].pepper2; 140 p2.length = strlen(cf2[i].pepper2); 141 142 ret = krb5_crypto_fx_cf2(context, c1, c2, &p1, &p2, cf2[i].e3, &k3); 143 if (ret) 144 krb5_err(context, 1, ret, "krb5_crypto_fx_cf2"); 145 146 if (k3.keytype != cf2[i].e3) 147 krb5_errx(context, 1, "length not right"); 148 if (k3.keyvalue.length != cf2[i].len || 149 memcmp(k3.keyvalue.data, cf2[i].key, cf2[i].len) != 0) 150 krb5_errx(context, 1, "key not same"); 151 152 krb5_crypto_destroy(context, c1); 153 krb5_crypto_destroy(context, c2); 154 155 krb5_free_keyblock_contents(context, &k1); 156 krb5_free_keyblock_contents(context, &k2); 157 krb5_free_keyblock_contents(context, &k3); 158 } 159} 160 161static int version_flag = 0; 162static int help_flag = 0; 163 164static struct getargs args[] = { 165 {"version", 0, arg_flag, &version_flag, 166 "print version", NULL }, 167 {"help", 0, arg_flag, &help_flag, 168 NULL, NULL } 169}; 170 171static void 172usage (int ret) 173{ 174 arg_printusage (args, 175 sizeof(args)/sizeof(*args), 176 NULL, 177 ""); 178 exit (ret); 179} 180 181int 182main(int argc, char **argv) 183{ 184 krb5_context context; 185 krb5_error_code ret; 186 int optidx = 0; 187 188 setprogname(argv[0]); 189 190 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) 191 usage(1); 192 193 if (help_flag) 194 usage (0); 195 196 if(version_flag){ 197 print_version(NULL); 198 exit(0); 199 } 200 201 ret = krb5_init_context(&context); 202 if (ret) 203 errx (1, "krb5_init_context failed: %d", ret); 204 205 test_cf2(context); 206 207 krb5_free_context(context); 208 209 return 0; 210} 211