/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* lib/crypto/crypto_tests/t_mdcksum.c */
/*
* Copyright 1995 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/* Test checksum and checksum compatibility for rsa-md[4,5]-des. */
#ifndef MD
#define MD 5
#endif /* MD */
#include "k5-int.h"
#if MD == 4
#include "rsa-md4.h"
#endif /* MD == 4 */
#if MD == 5
#include "rsa-md5.h"
#endif /* MD == 5 */
#include "des_int.h"
#define MD5_K5BETA_COMPAT
#define MD4_K5BETA_COMPAT
#if MD == 4
#define CONFOUNDER_LENGTH RSA_MD4_DES_CONFOUND_LENGTH
#define NEW_CHECKSUM_LENGTH NEW_RSA_MD4_DES_CKSUM_LENGTH
#define OLD_CHECKSUM_LENGTH OLD_RSA_MD4_DES_CKSUM_LENGTH
#define CHECKSUM_TYPE CKSUMTYPE_RSA_MD4_DES
#ifdef MD4_K5BETA_COMPAT
#define K5BETA_COMPAT 1
#else /* MD4_K5BETA_COMPAT */
#undef K5BETA_COMPAT
#endif /* MD4_K5BETA_COMPAT */
#define CKSUM_FUNCTION krb5_md4_crypto_sum_func
#define COMPAT_FUNCTION krb5_md4_crypto_compat_sum_func
#define VERIFY_FUNCTION krb5_md4_crypto_verify_func
#endif /* MD == 4 */
#if MD == 5
#define CONFOUNDER_LENGTH RSA_MD5_DES_CONFOUND_LENGTH
#define NEW_CHECKSUM_LENGTH NEW_RSA_MD5_DES_CKSUM_LENGTH
#define OLD_CHECKSUM_LENGTH OLD_RSA_MD5_DES_CKSUM_LENGTH
#define CHECKSUM_TYPE CKSUMTYPE_RSA_MD5_DES
#ifdef MD5_K5BETA_COMPAT
#define K5BETA_COMPAT 1
#else /* MD5_K5BETA_COMPAT */
#undef K5BETA_COMPAT
#endif /* MD5_K5BETA_COMPAT */
#define CKSUM_FUNCTION krb5_md5_crypto_sum_func
#define COMPAT_FUNCTION krb5_md5_crypto_compat_sum_func
#define VERIFY_FUNCTION krb5_md5_crypto_verify_func
#endif /* MD == 5 */
static void
print_checksum(text, number, message, checksum)
char *text;
int number;
char *message;
krb5_checksum *checksum;
{
int i;
printf("%s MD%d checksum(\"%s\") = ", text, number, message);
for (i=0; i<checksum->length; i++)
printf("%02x", checksum->contents[i]);
printf("\n");
}
/*
* Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
* checksums.
*/
int
main(argc, argv)
int argc;
char **argv;
{
int msgindex;
krb5_context kcontext;
krb5_encrypt_block encblock;
krb5_keyblock keyblock;
krb5_error_code kret;
krb5_checksum oldstyle_checksum;
krb5_checksum newstyle_checksum;
krb5_data pwdata;
char *pwd;
pwd = "test password";
pwdata.length = strlen(pwd);
pwdata.data = pwd;
krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
printf("mit_des_string_to_key choked with %d\n", kret);
return(kret);
}
if ((kret = mit_des_process_key(&encblock, &keyblock))) {
printf("mit_des_process_key choked with %d\n", kret);
return(kret);
}
oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
printf("cannot get memory for old style checksum\n");
return(ENOMEM);
}
newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
if (!(newstyle_checksum.contents = (krb5_octet *)
malloc(NEW_CHECKSUM_LENGTH))) {
printf("cannot get memory for new style checksum\n");
return(ENOMEM);
}
for (msgindex = 1; msgindex < argc; msgindex++) {
if ((kret = CKSUM_FUNCTION(argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length,
&newstyle_checksum))) {
printf("krb5_calculate_checksum choked with %d\n", kret);
break;
}
print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
#ifdef K5BETA_COMPAT
if ((kret = COMPAT_FUNCTION(argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length,
&oldstyle_checksum))) {
printf("old style calculate_checksum choked with %d\n", kret);
break;
}
print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
#endif /* K5BETA_COMPAT */
if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on new checksum choked with %d\n", kret);
break;
}
printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
#ifdef K5BETA_COMPAT
if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on old checksum choked with %d\n", kret);
break;
}
printf("Compatible checksum verify succeeded for \"%s\"\n",
argv[msgindex]);
#endif /* K5BETA_COMPAT */
newstyle_checksum.contents[0]++;
if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on new checksum should have choked\n");
break;
}
printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
#ifdef K5BETA_COMPAT
oldstyle_checksum.contents[0]++;
if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on old checksum should have choked\n");
break;
}
printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
argv[msgindex]);
#endif /* K5BETA_COMPAT */
kret = 0;
}
if (!kret)
printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
return(kret);
}