|
Packit Service |
99d1c0 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copyright 2014 by the Massachusetts Institute of Technology.
|
|
Packit Service |
99d1c0 |
* All Rights Reserved.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Export of this software from the United States of America may
|
|
Packit Service |
99d1c0 |
* require a specific license from the United States Government.
|
|
Packit Service |
99d1c0 |
* It is the responsibility of any person or organization contemplating
|
|
Packit Service |
99d1c0 |
* export to obtain such a license before exporting.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
Packit Service |
99d1c0 |
* distribute this software and its documentation for any purpose and
|
|
Packit Service |
99d1c0 |
* without fee is hereby granted, provided that the above copyright
|
|
Packit Service |
99d1c0 |
* notice appear in all copies and that both that copyright notice and
|
|
Packit Service |
99d1c0 |
* this permission notice appear in supporting documentation, and that
|
|
Packit Service |
99d1c0 |
* the name of M.I.T. not be used in advertising or publicity pertaining
|
|
Packit Service |
99d1c0 |
* to distribution of the software without specific, written prior
|
|
Packit Service |
99d1c0 |
* permission. Furthermore if you modify this software you must label
|
|
Packit Service |
99d1c0 |
* your software as modified software and not distribute it in such a
|
|
Packit Service |
99d1c0 |
* fashion that it might be confused with the original M.I.T. software.
|
|
Packit Service |
99d1c0 |
* M.I.T. makes no representations about the suitability of
|
|
Packit Service |
99d1c0 |
* this software for any purpose. It is provided "as is" without express
|
|
Packit Service |
99d1c0 |
* or implied warranty.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
#include "k5-int.h"
|
|
Packit Service |
99d1c0 |
#include "k5-hex.h"
|
|
Packit Service |
99d1c0 |
#include "common.h"
|
|
Packit Service |
99d1c0 |
#include "mglueP.h"
|
|
Packit Service |
99d1c0 |
#include "gssapiP_krb5.h"
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static const char inputstr[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
Packit Service |
99d1c0 |
"abcdefghijklmnopqrstuvwxyz123456789";
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* For each test, out1 corresponds to key1 with an empty input, and out2
|
|
Packit Service |
99d1c0 |
* corresponds to key2 with the above 61-byte input string. */
|
|
Packit Service |
99d1c0 |
static struct {
|
|
Packit Service |
99d1c0 |
krb5_enctype enctype;
|
|
Packit Service |
99d1c0 |
const char *key1;
|
|
Packit Service |
99d1c0 |
const char *out1;
|
|
Packit Service |
99d1c0 |
const char *key2;
|
|
Packit Service |
99d1c0 |
const char *out2;
|
|
Packit Service |
99d1c0 |
} tests[] = {
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_ARCFOUR_HMAC,
|
|
Packit Service |
99d1c0 |
"3BB3AE288C12B3B9D06B208A4151B3B6",
|
|
Packit Service |
99d1c0 |
"9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28"
|
|
Packit Service |
99d1c0 |
"3C8A983AB88757CE865A22132D6100EAD63E9E291AFA",
|
|
Packit Service |
99d1c0 |
"6DB7B33A01BD2B72F7655CB7B3D5FA0B",
|
|
Packit Service |
99d1c0 |
"CDA9A544869FC84873B692663A82AFDA101C8611498B"
|
|
Packit Service |
99d1c0 |
"A46138B01E927C9B95EEC953B562807434037837DDDF" },
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
|
Packit Service |
99d1c0 |
"6C742096EB896230312B73972FA28B5D",
|
|
Packit Service |
99d1c0 |
"94208D982FC1BB7778128BDD77904420B45C9DA699F3"
|
|
Packit Service |
99d1c0 |
"117BCE66E39602128EF0296611A6D191A5828530F20F",
|
|
Packit Service |
99d1c0 |
"FA61138C109D834A477D24C7311BE6DA",
|
|
Packit Service |
99d1c0 |
"0FAEDF0F842CC834FEE750487E1B622739286B975FE5"
|
|
Packit Service |
99d1c0 |
"B7F45AB053143C75CA0DF5D3D4BBB80F6A616C7C9027" },
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
|
Packit Service |
99d1c0 |
"08FCDAFD5832611B73BA7B497FEBFF8C954B4B58031CAD9B977C3B8C25192FD6",
|
|
Packit Service |
99d1c0 |
"E627EFC14EF5B6D629F830C7109DEA0D3D7D36E8CD57"
|
|
Packit Service |
99d1c0 |
"A1F301C5452494A1928F05AFFBEE3360232209D3BE0D",
|
|
Packit Service |
99d1c0 |
"F5B68B7823D8944F33F41541B4E4D38C9B2934F8D16334A796645B066152B4BE",
|
|
Packit Service |
99d1c0 |
"112F2B2D878590653CCC7DE278E9F0AA46FA5A380B62"
|
|
Packit Service |
99d1c0 |
"59F774CB7C134FCD37F61A50FD0D9F89BF8FE1A6B593" },
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_CAMELLIA128_CTS_CMAC,
|
|
Packit Service |
99d1c0 |
"866E0466A178279A32AC0BDA92B72AEB",
|
|
Packit Service |
99d1c0 |
"97FBB354BF341C3A160DCC86A7A910FDA824601DF677"
|
|
Packit Service |
99d1c0 |
"68797BACEEBF5D250AE929DEC9760772084267F50A54",
|
|
Packit Service |
99d1c0 |
"D4893FD37DA1A211E12DD1E03E0F03B7",
|
|
Packit Service |
99d1c0 |
"1DEE2FF126CA563A2A2326B9DD3F0095013257414C83"
|
|
Packit Service |
99d1c0 |
"FAD4398901013D55F367C82681186B7B2FE62F746BA4" },
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_CAMELLIA256_CTS_CMAC,
|
|
Packit Service |
99d1c0 |
"203071B1AE77BD3D6FCE70174AF95C225B1CED46B35CF52B6479EFEB47E6B063",
|
|
Packit Service |
99d1c0 |
"9B30020634C10FDA28420CEE7B96B70A90A771CED43A"
|
|
Packit Service |
99d1c0 |
"D8346554163E5949CBAE2FB8EF36AFB6B32CE75116A0",
|
|
Packit Service |
99d1c0 |
"A171AD582C1AFBBAD52ABD622EE6B6A14D19BF95C6914B2BA40FFD99A88EC660",
|
|
Packit Service |
99d1c0 |
"A47CBB6E104DCC77E4DB48A7A474B977F2FB6A7A1AB6"
|
|
Packit Service |
99d1c0 |
"52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" },
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
|
|
Packit Service |
99d1c0 |
"089BCA48B105EA6EA77CA5D2F39DC5E7",
|
|
Packit Service |
99d1c0 |
"ED1736209B7C59C9F6A3AE8CCC8A7C97ADFDD11688AD"
|
|
Packit Service |
99d1c0 |
"F304F2F74252CBACD311A2D9253211FDA49745CE4F62",
|
|
Packit Service |
99d1c0 |
"3705D96080C17728A0E800EAB6E0D23C",
|
|
Packit Service |
99d1c0 |
"2BB41B183D76D8D5B30CBB049A7EFE9F350EFA058DC2"
|
|
Packit Service |
99d1c0 |
"C4D868308D354A7B199BE6FD1F22B53C038BC6036581" },
|
|
Packit Service |
99d1c0 |
{ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
|
|
Packit Service |
99d1c0 |
"45BD806DBF6A833A9CFFC1C94589A222367A79BC21C413718906E9F578A78467",
|
|
Packit Service |
99d1c0 |
"1C613AE8B77A3B4D783F3DCE6C9178FC025E87F48A44"
|
|
Packit Service |
99d1c0 |
"784A69CB5FC697FE266A6141905067EF78566D309085",
|
|
Packit Service |
99d1c0 |
"6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52",
|
|
Packit Service |
99d1c0 |
"D15944B0A44508D1E61213F6455F292A02298F870C01"
|
|
Packit Service |
99d1c0 |
"A3F74AD0345A4A6651EBE101976E933F32D44F0B5947" },
|
|
Packit Service |
99d1c0 |
};
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Decode hexstr into out. No length checking. */
|
|
Packit Service |
99d1c0 |
static size_t
|
|
Packit Service |
99d1c0 |
fromhex(const char *hexstr, unsigned char *out)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
uint8_t *bytes;
|
|
Packit Service |
99d1c0 |
size_t len;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (k5_hex_decode(hexstr, &bytes, &len) != 0)
|
|
Packit Service |
99d1c0 |
abort();
|
|
Packit Service |
99d1c0 |
memcpy(out, bytes, len);
|
|
Packit Service |
99d1c0 |
free(bytes);
|
|
Packit Service |
99d1c0 |
return len;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
int
|
|
Packit Service |
99d1c0 |
main(int argc, char *argv[])
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
OM_uint32 minor, major;
|
|
Packit Service |
99d1c0 |
gss_ctx_id_t context;
|
|
Packit Service |
99d1c0 |
gss_union_ctx_id_desc uctx;
|
|
Packit Service |
99d1c0 |
krb5_gss_ctx_id_rec kgctx;
|
|
Packit Service |
99d1c0 |
krb5_key k1, k2;
|
|
Packit Service |
99d1c0 |
krb5_keyblock kb1, kb2;
|
|
Packit Service |
99d1c0 |
gss_buffer_desc in, out;
|
|
Packit Service |
99d1c0 |
unsigned char k1buf[32], k2buf[32], outbuf[44];
|
|
Packit Service |
99d1c0 |
size_t i;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Fake up just enough of a krb5 GSS context to make gss_pseudo_random
|
|
Packit Service |
99d1c0 |
* work, with chosen subkeys and acceptor subkeys. If we implement
|
|
Packit Service |
99d1c0 |
* gss_import_lucid_sec_context, we can rewrite this to use public
|
|
Packit Service |
99d1c0 |
* interfaces and stop using private headers and internal knowledge of the
|
|
Packit Service |
99d1c0 |
* implementation.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
context = (gss_ctx_id_t)&uct;;
|
|
Packit Service |
99d1c0 |
memset(&uctx, 0, sizeof(uctx));
|
|
Packit Service |
99d1c0 |
uctx.mech_type = &mech_krb5;
|
|
Packit Service |
99d1c0 |
uctx.internal_ctx_id = (gss_ctx_id_t)&kgctx;
|
|
Packit Service |
99d1c0 |
memset(&kgctx, 0, sizeof(kgctx));
|
|
Packit Service |
99d1c0 |
kgctx.k5_context = NULL;
|
|
Packit Service |
99d1c0 |
kgctx.established = 1;
|
|
Packit Service |
99d1c0 |
kgctx.have_acceptor_subkey = 1;
|
|
Packit Service |
99d1c0 |
kb1.contents = k1buf;
|
|
Packit Service |
99d1c0 |
kb2.contents = k2buf;
|
|
Packit Service |
99d1c0 |
for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
|
|
Packit Service |
99d1c0 |
/* Set up the keys for this test. */
|
|
Packit Service |
99d1c0 |
kb1.enctype = tests[i].enctype;
|
|
Packit Service |
99d1c0 |
kb1.length = fromhex(tests[i].key1, k1buf);
|
|
Packit Service |
99d1c0 |
check_k5err(NULL, "create_key", krb5_k_create_key(NULL, &kb1, &k1));
|
|
Packit Service |
99d1c0 |
kgctx.subkey = k1;
|
|
Packit Service |
99d1c0 |
kb2.enctype = tests[i].enctype;
|
|
Packit Service |
99d1c0 |
kb2.length = fromhex(tests[i].key2, k2buf);
|
|
Packit Service |
99d1c0 |
check_k5err(NULL, "create_key", krb5_k_create_key(NULL, &kb2, &k2));
|
|
Packit Service |
99d1c0 |
kgctx.acceptor_subkey = k2;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Generate a PRF value with the subkey and an empty input, and compare
|
|
Packit Service |
99d1c0 |
* it to the first expected output. */
|
|
Packit Service |
99d1c0 |
in.length = 0;
|
|
Packit Service |
99d1c0 |
in.value = NULL;
|
|
Packit Service |
99d1c0 |
major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_PARTIAL, &in,
|
|
Packit Service |
99d1c0 |
44, &out;;
|
|
Packit Service |
99d1c0 |
check_gsserr("gss_pseudo_random", major, minor);
|
|
Packit Service |
99d1c0 |
(void)fromhex(tests[i].out1, outbuf);
|
|
Packit Service |
99d1c0 |
assert(out.length == 44 && memcmp(out.value, outbuf, 44) == 0);
|
|
Packit Service |
99d1c0 |
(void)gss_release_buffer(&minor, &out;;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Generate a PRF value with the acceptor subkey and the 61-byte input
|
|
Packit Service |
99d1c0 |
* string, and compare it to the second expected output. */
|
|
Packit Service |
99d1c0 |
in.length = strlen(inputstr);
|
|
Packit Service |
99d1c0 |
in.value = (char *)inputstr;
|
|
Packit Service |
99d1c0 |
major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_FULL, &in, 44,
|
|
Packit Service |
99d1c0 |
&out;;
|
|
Packit Service |
99d1c0 |
check_gsserr("gss_pseudo_random", major, minor);
|
|
Packit Service |
99d1c0 |
(void)fromhex(tests[i].out2, outbuf);
|
|
Packit Service |
99d1c0 |
assert(out.length == 44 && memcmp(out.value, outbuf, 44) == 0);
|
|
Packit Service |
99d1c0 |
(void)gss_release_buffer(&minor, &out;;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Also check that generating zero bytes of output works. */
|
|
Packit Service |
99d1c0 |
major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_FULL, &in, 0,
|
|
Packit Service |
99d1c0 |
&out;;
|
|
Packit Service |
99d1c0 |
check_gsserr("gss_pseudo_random", major, minor);
|
|
Packit Service |
99d1c0 |
assert(out.length == 0);
|
|
Packit Service |
99d1c0 |
(void)gss_release_buffer(&minor, &out;;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_k_free_key(NULL, k1);
|
|
Packit Service |
99d1c0 |
krb5_k_free_key(NULL, k2);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|