1/* $NetBSD: aes-test.c,v 1.3 2023/06/19 21:41:44 christos Exp $ */ 2 3/* 4 * Copyright (c) 2003-2016 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of KTH nor the names of its contributors may be 20 * used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 34 35#include "krb5_locl.h" 36#include <krb5/hex.h> 37#include <err.h> 38#include <assert.h> 39 40static int verbose = 0; 41 42static void 43hex_dump_data(const void *data, size_t length) 44{ 45 char *p; 46 47 hex_encode(data, length, &p); 48 printf("%s\n", p); 49 free(p); 50} 51 52struct { 53 char *password; 54 char *salt; 55 int saltlen; 56 int iterations; 57 krb5_enctype enctype; 58 size_t keylen; 59 char *pbkdf2; 60 char *key; 61} keys[] = { 62 { 63 "password", 64 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61" 65 "ATHENA.MIT.EDUraeburn", 66 37, 67 32768, 68 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 69 16, 70 NULL, 71 "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7" 72 }, 73 { 74 "password", 75 "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61" 76 "ATHENA.MIT.EDUraeburn", 77 37, 78 32768, 79 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 80 32, 81 NULL, 82 "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22" 83 "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67" 84 }, 85 { 86 "password", "ATHENA.MIT.EDUraeburn", -1, 87 1, 88 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 89 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15", 90 "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15" 91 }, 92 { 93 "password", "ATHENA.MIT.EDUraeburn", -1, 94 1, 95 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 96 "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15" 97 "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37", 98 "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b" 99 "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61" 100 }, 101 { 102 "password", "ATHENA.MIT.EDUraeburn", -1, 103 2, 104 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 105 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d", 106 "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13" 107 }, 108 { 109 "password", "ATHENA.MIT.EDUraeburn", -1, 110 2, 111 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 112 "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d" 113 "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86", 114 "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61" 115 "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff" 116 }, 117 { 118 "password", "ATHENA.MIT.EDUraeburn", -1, 119 1200, 120 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 121 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", 122 "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a" 123 }, 124 { 125 "password", "ATHENA.MIT.EDUraeburn", -1, 126 1200, 127 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 128 "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" 129 "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", 130 "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7" 131 "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a" 132 }, 133 { 134 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, 135 5, 136 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 137 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49", 138 "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e" 139 }, 140 { 141 "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, 142 5, 143 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 144 "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" 145 "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee", 146 "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c" 147 "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31" 148 }, 149 { 150 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 151 "pass phrase equals block size", -1, 152 1200, 153 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 154 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9", 155 "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed" 156 }, 157 { 158 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 159 "pass phrase equals block size", -1, 160 1200, 161 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 162 "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" 163 "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", 164 "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0" 165 "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34" 166 }, 167 { 168 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 169 "pass phrase exceeds block size", -1, 170 1200, 171 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 172 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61", 173 "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d" 174 }, 175 { 176 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 177 "pass phrase exceeds block size", -1, 178 1200, 179 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 180 "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61" 181 "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a", 182 "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2" 183 "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b" 184 }, 185 { 186 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, 187 50, 188 ETYPE_AES128_CTS_HMAC_SHA1_96, 16, 189 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39", 190 "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5" 191 }, 192 { 193 "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, 194 50, 195 ETYPE_AES256_CTS_HMAC_SHA1_96, 32, 196 "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" 197 "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52", 198 "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c" 199 "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e" 200 }, 201 { 202 "foo", "", -1, 203 0, 204 ETYPE_ARCFOUR_HMAC_MD5, 16, 205 NULL, 206 "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc" 207 }, 208 { 209 "test", "", -1, 210 0, 211 ETYPE_ARCFOUR_HMAC_MD5, 16, 212 NULL, 213 "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37" 214 } 215}; 216 217static int 218string_to_key_test(krb5_context context) 219{ 220 krb5_data password, opaque; 221 krb5_error_code ret; 222 krb5_salt salt; 223 int i, val = 0; 224 char iter[4]; 225 226 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) { 227 228 password.data = keys[i].password; 229 password.length = strlen(password.data); 230 231 salt.salttype = KRB5_PW_SALT; 232 salt.saltvalue.data = keys[i].salt; 233 if (keys[i].saltlen == -1) 234 salt.saltvalue.length = strlen(salt.saltvalue.data); 235 else 236 salt.saltvalue.length = keys[i].saltlen; 237 238 opaque.data = iter; 239 opaque.length = sizeof(iter); 240 _krb5_put_int(iter, keys[i].iterations, 4); 241 242 if (keys[i].pbkdf2) { 243 unsigned char keyout[32]; 244 245 if (keys[i].keylen > sizeof(keyout)) 246 abort(); 247 248 PKCS5_PBKDF2_HMAC(password.data, password.length, 249 salt.saltvalue.data, salt.saltvalue.length, 250 keys[i].iterations, EVP_sha1(), 251 keys[i].keylen, keyout); 252 253 if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) { 254 krb5_warnx(context, "%d: pbkdf2", i); 255 val = 1; 256 hex_dump_data(keyout, keys[i].keylen); 257 continue; 258 } 259 260 if (verbose) { 261 printf("PBKDF2:\n"); 262 hex_dump_data(keyout, keys[i].keylen); 263 } 264 } 265 266 { 267 krb5_keyblock key; 268 269 ret = krb5_string_to_key_data_salt_opaque (context, 270 keys[i].enctype, 271 password, 272 salt, 273 opaque, 274 &key); 275 if (ret) { 276 krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", 277 i); 278 val = 1; 279 continue; 280 } 281 282 if (key.keyvalue.length != keys[i].keylen) { 283 krb5_warnx(context, "%d: key wrong length (%lu/%lu)", 284 i, (unsigned long)key.keyvalue.length, 285 (unsigned long)keys[i].keylen); 286 val = 1; 287 continue; 288 } 289 290 if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) { 291 krb5_warnx(context, "%d: key wrong", i); 292 val = 1; 293 hex_dump_data(key.keyvalue.data, key.keyvalue.length); 294 hex_dump_data(keys[i].key, keys[i].keylen); 295 continue; 296 } 297 298 if (verbose) { 299 printf("key:\n"); 300 hex_dump_data(key.keyvalue.data, key.keyvalue.length); 301 } 302 krb5_free_keyblock_contents(context, &key); 303 } 304 } 305 return val; 306} 307 308static int 309krb_enc(krb5_context context, 310 krb5_crypto crypto, 311 unsigned usage, 312 krb5_data *cipher, 313 krb5_data *clear) 314{ 315 krb5_data decrypt; 316 krb5_error_code ret; 317 318 krb5_data_zero(&decrypt); 319 320 ret = krb5_decrypt(context, 321 crypto, 322 usage, 323 cipher->data, 324 cipher->length, 325 &decrypt); 326 327 if (ret) { 328 krb5_warn(context, ret, "krb5_decrypt"); 329 return ret; 330 } 331 332 if (decrypt.length != clear->length || 333 (decrypt.length && 334 memcmp(decrypt.data, clear->data, decrypt.length) != 0)) { 335 krb5_warnx(context, "clear text not same"); 336 return EINVAL; 337 } 338 339 krb5_data_free(&decrypt); 340 341 return 0; 342} 343 344static int 345krb_enc_iov2(krb5_context context, 346 krb5_crypto crypto, 347 unsigned usage, 348 size_t cipher_len, 349 krb5_data *clear) 350{ 351 krb5_crypto_iov iov[4]; 352 krb5_data decrypt; 353 int ret; 354 char *p, *q; 355 size_t len, i; 356 357 p = clear->data; 358 len = clear->length; 359 360 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 361 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); 362 iov[0].data.data = emalloc(iov[0].data.length); 363 364 iov[1].flags = KRB5_CRYPTO_TYPE_DATA; 365 iov[1].data.length = len; 366 iov[1].data.data = emalloc(iov[1].data.length); 367 memcpy(iov[1].data.data, p, iov[1].data.length); 368 369 /* padding buffer */ 370 iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; 371 krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length); 372 iov[2].data.data = emalloc(iov[2].data.length); 373 374 iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; 375 krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length); 376 iov[3].data.data = emalloc(iov[3].data.length); 377 378 ret = krb5_encrypt_iov_ivec(context, crypto, usage, 379 iov, sizeof(iov)/sizeof(iov[0]), NULL); 380 if (ret) 381 errx(1, "encrypt iov failed: %d", ret); 382 383 /* check len */ 384 for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++) 385 len += iov[i].data.length; 386 if (len != cipher_len) 387 errx(1, "cipher len wrong"); 388 389 /* 390 * Plain decrypt 391 */ 392 393 p = q = emalloc(len); 394 for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 395 memcpy(q, iov[i].data.data, iov[i].data.length); 396 q += iov[i].data.length; 397 } 398 399 ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt); 400 if (ret) 401 krb5_err(context, 1, ret, "krb5_decrypt"); 402 else 403 krb5_data_free(&decrypt); 404 405 free(p); 406 407 /* 408 * Now decrypt use iov 409 */ 410 411 /* padding turn into data */ 412 p = q = emalloc(iov[1].data.length + iov[2].data.length); 413 414 memcpy(q, iov[1].data.data, iov[1].data.length); 415 q += iov[1].data.length; 416 memcpy(q, iov[2].data.data, iov[2].data.length); 417 418 free(iov[1].data.data); 419 free(iov[2].data.data); 420 421 iov[1].data.data = p; 422 iov[1].data.length += iov[2].data.length; 423 424 iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY; 425 iov[2].data.length = 0; 426 427 ret = krb5_decrypt_iov_ivec(context, crypto, usage, 428 iov, sizeof(iov)/sizeof(iov[0]), NULL); 429 free(iov[0].data.data); 430 free(iov[3].data.data); 431 432 if (ret) 433 krb5_err(context, 1, ret, "decrypt iov failed: %d", ret); 434 435 if (clear->length != iov[1].data.length) 436 errx(1, "length incorrect"); 437 438 p = clear->data; 439 if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0) 440 errx(1, "iov[1] incorrect"); 441 442 free(iov[1].data.data); 443 444 return 0; 445} 446 447 448static int 449krb_enc_iov(krb5_context context, 450 krb5_crypto crypto, 451 unsigned usage, 452 krb5_data *cipher, 453 krb5_data *clear) 454{ 455 krb5_crypto_iov iov[3]; 456 int ret; 457 char *p; 458 size_t len; 459 460 p = cipher->data; 461 len = cipher->length; 462 463 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 464 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); 465 iov[0].data.data = emalloc(iov[0].data.length); 466 memcpy(iov[0].data.data, p, iov[0].data.length); 467 p += iov[0].data.length; 468 len -= iov[0].data.length; 469 470 iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER; 471 krb5_crypto_length(context, crypto, iov[1].flags, &iov[1].data.length); 472 iov[1].data.data = emalloc(iov[1].data.length); 473 memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length); 474 len -= iov[1].data.length; 475 476 iov[2].flags = KRB5_CRYPTO_TYPE_DATA; 477 iov[2].data.length = len; 478 iov[2].data.data = emalloc(len); 479 memcpy(iov[2].data.data, p, len); 480 481 ret = krb5_decrypt_iov_ivec(context, crypto, usage, 482 iov, sizeof(iov)/sizeof(iov[0]), NULL); 483 if (ret) 484 krb5_err(context, 1, ret, "krb_enc_iov decrypt iov failed: %d", ret); 485 486 if (clear->length != iov[2].data.length) 487 errx(1, "length incorrect"); 488 489 p = clear->data; 490 if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0) 491 errx(1, "iov[2] incorrect"); 492 493 free(iov[0].data.data); 494 free(iov[1].data.data); 495 free(iov[2].data.data); 496 497 498 return 0; 499} 500 501static int 502krb_checksum_iov(krb5_context context, 503 krb5_crypto crypto, 504 unsigned usage, 505 krb5_data *plain, 506 krb5_data *verify) 507{ 508 krb5_crypto_iov iov[3]; 509 int ret; 510 char *p; 511 size_t len; 512 513 p = plain->data; 514 len = plain->length; 515 516 iov[0].flags = KRB5_CRYPTO_TYPE_CHECKSUM; 517 if (verify) { 518 iov[0].data = *verify; 519 } else { 520 krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); 521 iov[0].data.data = emalloc(iov[0].data.length); 522 } 523 524 iov[1].flags = KRB5_CRYPTO_TYPE_DATA; 525 iov[1].data.length = len; 526 iov[1].data.data = p; 527 528 iov[2].flags = KRB5_CRYPTO_TYPE_TRAILER; 529 krb5_crypto_length(context, crypto, iov[0].flags, &iov[2].data.length); 530 iov[2].data.data = malloc(iov[2].data.length); 531 532 if (verify == NULL) { 533 ret = krb5_create_checksum_iov(context, crypto, usage, 534 iov, sizeof(iov)/sizeof(iov[0]), NULL); 535 if (ret) 536 krb5_err(context, 1, ret, "krb5_create_checksum_iov failed"); 537 } 538 539 ret = krb5_verify_checksum_iov(context, crypto, usage, iov, sizeof(iov)/sizeof(iov[0]), NULL); 540 if (ret) 541 krb5_err(context, 1, ret, "krb5_verify_checksum_iov"); 542 543 if (verify == NULL) 544 free(iov[0].data.data); 545 free(iov[2].data.data); 546 547 return 0; 548} 549 550 551static int 552krb_enc_mit(krb5_context context, 553 krb5_enctype enctype, 554 krb5_keyblock *key, 555 unsigned usage, 556 krb5_data *cipher, 557 krb5_data *clear) 558{ 559#ifndef HEIMDAL_SMALLER 560 krb5_error_code ret; 561 krb5_enc_data e; 562 krb5_data decrypt; 563 size_t len; 564 565 e.kvno = 0; 566 e.enctype = enctype; 567 e.ciphertext = *cipher; 568 569 ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt); 570 if (ret) 571 return ret; 572 573 if (decrypt.length != clear->length || 574 (decrypt.length && 575 memcmp(decrypt.data, clear->data, decrypt.length) != 0)) { 576 krb5_warnx(context, "clear text not same"); 577 return EINVAL; 578 } 579 580 krb5_data_free(&decrypt); 581 582 ret = krb5_c_encrypt_length(context, enctype, clear->length, &len); 583 if (ret) 584 return ret; 585 586 if (len != cipher->length) { 587 krb5_warnx(context, "c_encrypt_length wrong %lu != %lu", 588 (unsigned long)len, (unsigned long)cipher->length); 589 return EINVAL; 590 } 591#endif /* HEIMDAL_SMALLER */ 592 return 0; 593} 594 595struct { 596 krb5_enctype enctype; 597 unsigned usage; 598 size_t keylen; 599 void *key; 600 size_t elen; 601 void* edata; 602 size_t plen; 603 void *pdata; 604 size_t clen; /* checksum length */ 605 void *cdata; /* checksum data */ 606} krbencs[] = { 607 { 608 ETYPE_AES256_CTS_HMAC_SHA1_96, 609 7, 610 32, 611 "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75" 612 "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65", 613 44, 614 "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91" 615 "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24" 616 "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd", 617 16, 618 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a", 619 0, 620 NULL 621 }, 622 { 623 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 624 2, 625 16, 626 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 627 32, 628 "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D" 629 "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18", 630 0, 631 "", 632 0, 633 NULL 634 }, 635 { 636 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 637 2, 638 16, 639 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 640 38, 641 "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF" 642 "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4" 643 "\x42\x1D\xFD\xF8\x97\x6C", 644 6, 645 "\x00\x01\x02\x03\x04\x05", 646 0, 647 NULL 648 }, 649 { 650 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 651 2, 652 16, 653 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 654 48, 655 "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A" 656 "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2" 657 "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3", 658 16, 659 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 660 0, 661 NULL 662 }, 663 { 664 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128, 665 2, 666 16, 667 "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C", 668 53, 669 "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36" 670 "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC" 671 "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34" 672 "\xA2\x87\xFF\xCB\xFC", 673 21, 674 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" 675 "\x10\x11\x12\x13\x14", 676 16, 677 "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE" 678 }, 679 { 680 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 681 2, 682 32, 683 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 684 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 685 40, 686 "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0" 687 "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74" 688 "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C", 689 0, 690 "", 691 0, 692 NULL 693 }, 694 { 695 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 696 2, 697 32, 698 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 699 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 700 46, 701 "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7" 702 "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60" 703 "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2", 704 6, 705 "\x00\x01\x02\x03\x04\x05", 706 0, 707 NULL 708 }, 709 { 710 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 711 2, 712 32, 713 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 714 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 715 56, 716 "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B" 717 "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6" 718 "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E" 719 "\x40\xC4\xFF\x25\x5B\x36\xA2\x66", 720 16, 721 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 722 0, 723 NULL 724 }, 725 { 726 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192, 727 2, 728 32, 729 "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" 730 "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52", 731 61, 732 "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE" 733 "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2" 734 "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A" 735 "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62", 736 21, 737 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" 738 "\x10\x11\x12\x13\x14", 739 24, 740 "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D" 741 "\x43\xC3\xBF\xA0\x66\x99\x67\x2A" 742 } 743}; 744 745static int 746krb_enc_test(krb5_context context) 747{ 748 krb5_error_code ret; 749 krb5_crypto crypto; 750 krb5_keyblock kb; 751 krb5_data cipher, plain; 752 int i; 753 754 for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) { 755 756 kb.keytype = krbencs[i].enctype; 757 kb.keyvalue.length = krbencs[i].keylen; 758 kb.keyvalue.data = krbencs[i].key; 759 760 ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto); 761 762 cipher.length = krbencs[i].elen; 763 cipher.data = krbencs[i].edata; 764 plain.length = krbencs[i].plen; 765 plain.data = krbencs[i].pdata; 766 767 ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain); 768 769 if (ret) 770 errx(1, "krb_enc failed with %d for test %d", ret, i); 771 772 ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain); 773 if (ret) 774 errx(1, "krb_enc_iov failed with %d for test %d", ret, i); 775 776 ret = krb_enc_iov2(context, crypto, krbencs[i].usage, 777 cipher.length, &plain); 778 if (ret) 779 errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i); 780 781 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, NULL); 782 if (ret) 783 errx(1, "krb_checksum_iov failed with %d for test %d", ret, i); 784 785 if (krbencs[i].cdata) { 786 krb5_data checksum; 787 788 checksum.length = krbencs[i].clen; 789 checksum.data = krbencs[i].cdata; 790 791 ret = krb_checksum_iov(context, crypto, krbencs[i].usage, 792 &plain, &checksum); 793 if (ret) 794 errx(1, "krb_checksum_iov(2) failed with %d for test %d", ret, i); 795 } 796 797 krb5_crypto_destroy(context, crypto); 798 799 ret = krb_enc_mit(context, krbencs[i].enctype, &kb, 800 krbencs[i].usage, &cipher, &plain); 801 if (ret) 802 errx(1, "krb_enc_mit failed with %d for test %d", ret, i); 803 } 804 805 return 0; 806} 807 808static int 809iov_test(krb5_context context, krb5_enctype enctype) 810{ 811 krb5_error_code ret; 812 krb5_crypto crypto; 813 krb5_keyblock key; 814 krb5_data signonly, in, in2; 815 krb5_crypto_iov iov[6]; 816 size_t len, i; 817 unsigned char *base, *p; 818 819 ret = krb5_generate_random_keyblock(context, enctype, &key); 820 if (ret) 821 krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); 822 823 ret = krb5_crypto_init(context, &key, 0, &crypto); 824 if (ret) 825 krb5_err(context, 1, ret, "krb5_crypto_init"); 826 827 828 ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len); 829 if (ret) 830 krb5_err(context, 1, ret, "krb5_crypto_length"); 831 832 signonly.data = "This should be signed"; 833 signonly.length = strlen(signonly.data); 834 in.data = "inputdata"; 835 in.length = strlen(in.data); 836 837 in2.data = "INPUTDATA"; 838 in2.length = strlen(in2.data); 839 840 841 memset(iov, 0, sizeof(iov)); 842 843 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 844 iov[1].flags = KRB5_CRYPTO_TYPE_DATA; 845 iov[1].data = in; 846 iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; 847 iov[2].data = signonly; 848 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY; 849 iov[4].flags = KRB5_CRYPTO_TYPE_PADDING; 850 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER; 851 852 ret = krb5_crypto_length_iov(context, crypto, iov, 853 sizeof(iov)/sizeof(iov[0])); 854 if (ret) 855 krb5_err(context, 1, ret, "krb5_crypto_length_iov"); 856 857 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 858 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 859 continue; 860 len += iov[i].data.length; 861 } 862 863 base = emalloc(len); 864 865 /* 866 * Allocate data for the fields 867 */ 868 869 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 870 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 871 continue;; 872 iov[i].data.data = p; 873 p += iov[i].data.length; 874 } 875 assert(iov[1].data.length == in.length); 876 memcpy(iov[1].data.data, in.data, iov[1].data.length); 877 878 /* 879 * Encrypt 880 */ 881 882 ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov, 883 sizeof(iov)/sizeof(iov[0]), NULL); 884 if (ret) 885 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec"); 886 887 /* 888 * Decrypt 889 */ 890 891 ret = krb5_decrypt_iov_ivec(context, crypto, 7, 892 iov, sizeof(iov)/sizeof(iov[0]), NULL); 893 if (ret) 894 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec"); 895 896 /* 897 * Verify data 898 */ 899 900 if (krb5_data_cmp(&iov[1].data, &in) != 0) 901 krb5_errx(context, 1, "decrypted data not same"); 902 903 /* 904 * Free memory 905 */ 906 907 free(base); 908 909 /* Set up for second try */ 910 911 iov[3].flags = KRB5_CRYPTO_TYPE_DATA; 912 iov[3].data = in; 913 914 ret = krb5_crypto_length_iov(context, crypto, 915 iov, sizeof(iov)/sizeof(iov[0])); 916 if (ret) 917 krb5_err(context, 1, ret, "krb5_crypto_length_iov"); 918 919 for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 920 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 921 continue; 922 len += iov[i].data.length; 923 } 924 925 base = emalloc(len); 926 927 /* 928 * Allocate data for the fields 929 */ 930 931 for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { 932 if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) 933 continue;; 934 iov[i].data.data = p; 935 p += iov[i].data.length; 936 } 937 assert(iov[1].data.length == in.length); 938 memcpy(iov[1].data.data, in.data, iov[1].data.length); 939 940 assert(iov[3].data.length == in2.length); 941 memcpy(iov[3].data.data, in2.data, iov[3].data.length); 942 943 944 945 /* 946 * Encrypt 947 */ 948 949 ret = krb5_encrypt_iov_ivec(context, crypto, 7, 950 iov, sizeof(iov)/sizeof(iov[0]), NULL); 951 if (ret) 952 krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec"); 953 954 /* 955 * Decrypt 956 */ 957 958 ret = krb5_decrypt_iov_ivec(context, crypto, 7, 959 iov, sizeof(iov)/sizeof(iov[0]), NULL); 960 if (ret) 961 krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec"); 962 963 /* 964 * Verify data 965 */ 966 967 if (krb5_data_cmp(&iov[1].data, &in) != 0) 968 krb5_errx(context, 1, "decrypted data 2.1 not same"); 969 970 if (krb5_data_cmp(&iov[3].data, &in2) != 0) 971 krb5_errx(context, 1, "decrypted data 2.2 not same"); 972 973 /* 974 * Free memory 975 */ 976 977 free(base); 978 979 krb5_crypto_destroy(context, crypto); 980 981 krb5_free_keyblock_contents(context, &key); 982 983 return 0; 984} 985 986 987 988static int 989random_to_key(krb5_context context) 990{ 991 krb5_error_code ret; 992 krb5_keyblock key; 993 994 ret = krb5_random_to_key(context, 995 ETYPE_DES3_CBC_SHA1, 996 "\x21\x39\x04\x58\x6A\xBD\x7F" 997 "\x21\x39\x04\x58\x6A\xBD\x7F" 998 "\x21\x39\x04\x58\x6A\xBD\x7F", 999 21, 1000 &key); 1001 if (ret){ 1002 krb5_warn(context, ret, "random_to_key"); 1003 return 1; 1004 } 1005 if (key.keyvalue.length != 24) 1006 return 1; 1007 1008 if (memcmp(key.keyvalue.data, 1009 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7" 1010 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7" 1011 "\x20\x38\x04\x58\x6b\xbc\x7f\xc7", 1012 24) != 0) 1013 return 1; 1014 1015 krb5_free_keyblock_contents(context, &key); 1016 1017 return 0; 1018} 1019 1020int 1021main(int argc, char **argv) 1022{ 1023 krb5_error_code ret; 1024 krb5_context context; 1025 int val = 0; 1026 1027 if (argc > 1 && strcmp(argv[1], "-v") == 0) 1028 verbose = 1; 1029 1030 ret = krb5_init_context (&context); 1031 if (ret) 1032 errx (1, "krb5_init_context failed: %d", ret); 1033 1034 val |= string_to_key_test(context); 1035 1036 val |= krb_enc_test(context); 1037 val |= random_to_key(context); 1038 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96); 1039 val |= iov_test(context, KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128); 1040 val |= iov_test(context, KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192); 1041 1042 if (verbose && val == 0) 1043 printf("all ok\n"); 1044 if (val) 1045 printf("tests failed\n"); 1046 1047 krb5_free_context(context); 1048 1049 return val; 1050} 1051