from k5test import *
# Define some convenience abbreviations for enctypes we will see in
# test program output. For background, aes256 and aes128 are "CFX
# enctypes", meaning that they imply support for RFC 4121, while des3
# and rc4 are not. DES3 keys will appear as 'des3-cbc-raw' in
# t_enctypes output because that's how GSSAPI does raw triple-DES
# encryption without the RFC3961 framing.
aes256 = 'aes256-cts-hmac-sha1-96'
aes128 = 'aes128-cts-hmac-sha1-96'
des3 = 'des3-cbc-sha1'
d_des3 = 'DEPRECATED:des3-cbc-sha1'
des3raw = 'des3-cbc-raw'
d_des3raw = 'DEPRECATED:des3-cbc-raw'
rc4 = 'arcfour-hmac'
d_rc4 = 'DEPRECATED:arcfour-hmac'
# These tests make assumptions about the default enctype lists, so set
# them explicitly rather than relying on the library defaults.
supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'},
'realms': {'$realm': {'supported_enctypes': supp}}}
realm = K5Realm(krb5_conf=conf)
shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))
# Return an argument list for running t_enctypes with optional initiator
# and acceptor enctype lists.
def cmdline(ienc, aenc):
iflags = ienc and ['-i', ienc] or []
aflags = aenc and ['-a', aenc] or []
return ['./t_enctypes'] + iflags + aflags + ['p:' + realm.host_princ]
# Run t_enctypes with optional initiator and acceptor enctype lists,
# and check that it succeeds with the expected output. Also check
# that the ticket we got has the expected encryption key and session
# key.
def test(msg, ienc, aenc, tktenc='', tktsession='', proto='', isubkey='',
asubkey=None):
shutil.copyfile(os.path.join(realm.testdir, 'save'), realm.ccache)
# Run the test program and check its output.
out = realm.run(cmdline(ienc, aenc)).split()
if out[0] != proto or out[1] != isubkey:
fail(msg)
if asubkey is not None and (len(out) < 3 or out[2] != asubkey):
fail(msg)
lines = realm.run([klist, '-e']).splitlines()
for ind, line in enumerate(lines):
if realm.host_princ in line:
if lines[ind + 1].strip() != ('Etype (skey, tkt): %s, %s' %
(tktsession, tktenc)):
fail(msg)
break
# Run t_enctypes with optional initiator and acceptor enctype lists,
# and check that it fails with the expected error message.
def test_err(msg, ienc, aenc, expected_err):
shutil.copyfile(os.path.join(realm.testdir, 'save'), realm.ccache)
realm.run(cmdline(ienc, aenc), expected_code=1, expected_msg=expected_err)
# By default, all of the key enctypes should be aes256.
test('noargs', None, None,
tktenc=aes256, tktsession=aes256,
proto='cfx', isubkey=aes256, asubkey=aes256)
# When the initiator constrains the permitted session enctypes to
# aes128, the ticket encryption key should remain aes256. The client
# initiator will not send an RFC 4537 upgrade list because it sees no
# other permitted enctypes, so the acceptor subkey will not be
# upgraded from aes128.
test('init aes128', 'aes128-cts', None,
tktenc=aes256, tktsession=aes128,
proto='cfx', isubkey=aes128, asubkey=aes128)
# If the initiator and acceptor both constrain the permitted session
# enctypes to aes128, we should see the same keys as above. This
# tests that the acceptor does not mistakenly contrain the ticket
# encryption key.
test('both aes128', 'aes128-cts', 'aes128-cts',
tktenc=aes256, tktsession=aes128,
proto='cfx', isubkey=aes128, asubkey=aes128)
# If only the acceptor constrains the permitted session enctypes to
# aes128, subkey negotiation fails because the acceptor considers the
# aes256 session key to be non-permitted.
test_err('acc aes128', None, 'aes128-cts',
'Encryption type aes256-cts-hmac-sha1-96 not permitted')
# If the initiator constrains the permitted session enctypes to des3,
# no acceptor subkey will be generated because we can't upgrade to a
# CFX enctype.
test('init des3', 'des3', None,
tktenc=aes256, tktsession=d_des3,
proto='rfc1964', isubkey=des3raw, asubkey=None)
# Force the ticket session key to be rc4, so we can test some subkey
# upgrade cases. The ticket encryption key remains aes256.
realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4'])
# With no arguments, the initiator should send an upgrade list of
# [aes256 aes128 des3] and the acceptor should upgrade to an aes256
# subkey.
test('upgrade noargs', None, None,
tktenc=aes256, tktsession=d_rc4,
proto='cfx', isubkey=rc4, asubkey=aes256)
# If the initiator won't permit rc4 as a session key, it won't be able
# to get a ticket.
test_err('upgrade init aes', 'aes', None, 'no support for encryption type')
# If the initiator permits rc4 but prefers aes128, it will send an
# upgrade list of [aes128] and the acceptor will upgrade to aes128.
test('upgrade init aes128+rc4', 'aes128-cts rc4', None,
tktenc=aes256, tktsession=d_rc4,
proto='cfx', isubkey=rc4, asubkey=aes128)
# If the initiator permits rc4 but prefers des3, it will send an
# upgrade list of [des3], but the acceptor won't generate a subkey
# because des3 isn't a CFX enctype.
test('upgrade init des3+rc4', 'des3 rc4', None,
tktenc=aes256, tktsession=d_rc4,
proto='rfc1964', isubkey=rc4, asubkey=None)
# If the acceptor permits only aes128, subkey negotiation will fail
# because the ticket session key and initiator subkey are
# non-permitted. (This is unfortunate if the acceptor's restriction
# is only for the sake of the kernel, since we could upgrade to an
# aes128 subkey, but it's the current semantics.)
test_err('upgrade acc aes128', None, 'aes128-cts',
'Encryption type arcfour-hmac not permitted')
# If the acceptor permits rc4 but prefers aes128, it will negotiate an
# upgrade to aes128.
test('upgrade acc aes128 rc4', None, 'aes128-cts rc4',
tktenc=aes256, tktsession=d_rc4,
proto='cfx', isubkey=rc4, asubkey=aes128)
# In this test, the initiator and acceptor each prefer an AES enctype
# to rc4, but they can't agree on which one, so no subkey is
# generated.
test('upgrade mismatch', 'aes128-cts rc4', 'aes256-cts rc4',
tktenc=aes256, tktsession=d_rc4,
proto='rfc1964', isubkey=rc4, asubkey=None)
success('gss_krb5_set_allowable_enctypes tests')