|
Packit |
fd8b60 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit |
fd8b60 |
/* lib/crypto/crypto_tests/t_short.c */
|
|
Packit |
fd8b60 |
/*
|
|
Packit |
fd8b60 |
* Copyright (C) 2009 by the Massachusetts Institute of Technology.
|
|
Packit |
fd8b60 |
* All rights reserved.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* Export of this software from the United States of America may
|
|
Packit |
fd8b60 |
* require a specific license from the United States Government.
|
|
Packit |
fd8b60 |
* It is the responsibility of any person or organization contemplating
|
|
Packit |
fd8b60 |
* export to obtain such a license before exporting.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit |
fd8b60 |
* distribute this software and its documentation for any purpose and
|
|
Packit |
fd8b60 |
* without fee is hereby granted, provided that the above copyright
|
|
Packit |
fd8b60 |
* notice appear in all copies and that both that copyright notice and
|
|
Packit |
fd8b60 |
* this permission notice appear in supporting documentation, and that
|
|
Packit |
fd8b60 |
* the name of M.I.T. not be used in advertising or publicity pertaining
|
|
Packit |
fd8b60 |
* to distribution of the software without specific, written prior
|
|
Packit |
fd8b60 |
* permission. Furthermore if you modify this software you must label
|
|
Packit |
fd8b60 |
* your software as modified software and not distribute it in such a
|
|
Packit |
fd8b60 |
* fashion that it might be confused with the original M.I.T. software.
|
|
Packit |
fd8b60 |
* M.I.T. makes no representations about the suitability of
|
|
Packit |
fd8b60 |
* this software for any purpose. It is provided "as is" without express
|
|
Packit |
fd8b60 |
* or implied warranty.
|
|
Packit |
fd8b60 |
*/
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/*
|
|
Packit |
fd8b60 |
* Tests the outcome of decrypting overly short tokens. This program can be
|
|
Packit |
fd8b60 |
* run under a tool like valgrind to detect bad memory accesses; when run
|
|
Packit |
fd8b60 |
* normally by the test suite, it verifies that each operation returns
|
|
Packit |
fd8b60 |
* KRB5_BAD_MSIZE.
|
|
Packit |
fd8b60 |
*/
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#include "k5-int.h"
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5_enctype interesting_enctypes[] = {
|
|
Packit |
fd8b60 |
ENCTYPE_ARCFOUR_HMAC,
|
|
Packit |
fd8b60 |
ENCTYPE_ARCFOUR_HMAC_EXP,
|
|
Packit |
fd8b60 |
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
|
Packit |
fd8b60 |
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
|
Packit |
fd8b60 |
ENCTYPE_CAMELLIA128_CTS_CMAC,
|
|
Packit |
fd8b60 |
ENCTYPE_CAMELLIA256_CTS_CMAC,
|
|
Packit |
fd8b60 |
ENCTYPE_AES128_CTS_HMAC_SHA256_128,
|
|
Packit |
fd8b60 |
ENCTYPE_AES256_CTS_HMAC_SHA384_192,
|
|
Packit |
fd8b60 |
0
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Abort if an operation unexpectedly fails. */
|
|
Packit |
fd8b60 |
static void
|
|
Packit |
fd8b60 |
x(krb5_error_code code)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
if (code != 0)
|
|
Packit |
fd8b60 |
abort();
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Abort if a decrypt operation doesn't have the expected result. */
|
|
Packit |
fd8b60 |
static void
|
|
Packit |
fd8b60 |
check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
if (len < min_len) {
|
|
Packit |
fd8b60 |
/* Undersized tokens should always result in BAD_MSIZE. */
|
|
Packit |
fd8b60 |
if (code != KRB5_BAD_MSIZE)
|
|
Packit |
fd8b60 |
abort();
|
|
Packit |
fd8b60 |
} else {
|
|
Packit |
fd8b60 |
/* Min-size tokens should succeed or fail the integrity check. */
|
|
Packit |
fd8b60 |
if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
|
|
Packit |
fd8b60 |
abort();
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
static void
|
|
Packit |
fd8b60 |
test_enctype(krb5_enctype enctype)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
krb5_error_code ret;
|
|
Packit |
fd8b60 |
krb5_keyblock keyblock;
|
|
Packit |
fd8b60 |
krb5_enc_data input;
|
|
Packit |
fd8b60 |
krb5_data output;
|
|
Packit |
fd8b60 |
krb5_crypto_iov iov[2];
|
|
Packit |
fd8b60 |
unsigned int dummy;
|
|
Packit |
fd8b60 |
size_t min_len, len;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
printf("Testing enctype %d\n", (int) enctype);
|
|
Packit |
fd8b60 |
x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
|
|
Packit |
fd8b60 |
x(krb5_c_make_random_key(NULL, enctype, &keyblock));
|
|
Packit |
fd8b60 |
input.enctype = enctype;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Try each length up to the minimum length. */
|
|
Packit |
fd8b60 |
for (len = 0; len <= min_len; len++) {
|
|
Packit |
fd8b60 |
input.ciphertext.data = calloc(len, 1);
|
|
Packit |
fd8b60 |
input.ciphertext.length = len;
|
|
Packit |
fd8b60 |
output.data = calloc(len, 1);
|
|
Packit |
fd8b60 |
output.length = len;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
/* Attempt a normal decryption. */
|
|
Packit |
fd8b60 |
ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
|
|
Packit |
fd8b60 |
check_decrypt_result(ret, len, min_len);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if (krb5_c_crypto_length(NULL, enctype, KRB5_CRYPTO_TYPE_HEADER,
|
|
Packit |
fd8b60 |
&dummy) == 0) {
|
|
Packit |
fd8b60 |
/* Attempt an IOV stream decryption. */
|
|
Packit |
fd8b60 |
iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
|
|
Packit |
fd8b60 |
iov[0].data = input.ciphertext;
|
|
Packit |
fd8b60 |
iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
|
|
Packit |
fd8b60 |
iov[1].data.data = NULL;
|
|
Packit |
fd8b60 |
iov[1].data.length = 0;
|
|
Packit |
fd8b60 |
ret = krb5_c_decrypt_iov(NULL, &keyblock, 0, NULL, iov, 2);
|
|
Packit |
fd8b60 |
check_decrypt_result(ret, len, min_len);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
free(input.ciphertext.data);
|
|
Packit |
fd8b60 |
free(output.data);
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
krb5int_c_free_keyblock_contents (NULL, &keyblock);
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
int
|
|
Packit |
fd8b60 |
main(int argc, char **argv)
|
|
Packit |
fd8b60 |
{
|
|
Packit |
fd8b60 |
int i;
|
|
Packit |
fd8b60 |
krb5_data notrandom;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
notrandom.data = "notrandom";
|
|
Packit |
fd8b60 |
notrandom.length = 9;
|
|
Packit |
fd8b60 |
krb5_c_random_seed(NULL, ¬random);
|
|
Packit |
fd8b60 |
for (i = 0; interesting_enctypes[i]; i++)
|
|
Packit |
fd8b60 |
test_enctype(interesting_enctypes[i]);
|
|
Packit |
fd8b60 |
return 0;
|
|
Packit |
fd8b60 |
}
|