Blob Blame History Raw
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 * Copyright 2014 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.

#include "k5-int.h"
#include "k5-hex.h"
#include "common.h"
#include "mglueP.h"
#include "gssapiP_krb5.h"

static const char inputstr[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

/* For each test, out1 corresponds to key1 with an empty input, and out2
 * corresponds to key2 with the above 61-byte input string. */
static struct {
    krb5_enctype enctype;
    const char *key1;
    const char *out1;
    const char *key2;
    const char *out2;
} tests[] = {
      "4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4" },
      "A46138B01E927C9B95EEC953B562807434037837DDDF" },
      "B7F45AB053143C75CA0DF5D3D4BBB80F6A616C7C9027" },
      "59F774CB7C134FCD37F61A50FD0D9F89BF8FE1A6B593" },
      "FAD4398901013D55F367C82681186B7B2FE62F746BA4" },
      "52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" },
    { ENCTYPE_AES128_CTS_HMAC_SHA256_128,
      "C4D868308D354A7B199BE6FD1F22B53C038BC6036581" },
    { ENCTYPE_AES256_CTS_HMAC_SHA384_192,
      "A3F74AD0345A4A6651EBE101976E933F32D44F0B5947" },

/* Decode hexstr into out.  No length checking. */
static size_t
fromhex(const char *hexstr, unsigned char *out)
    uint8_t *bytes;
    size_t len;

    if (k5_hex_decode(hexstr, &bytes, &len) != 0)
    memcpy(out, bytes, len);
    return len;

main(int argc, char *argv[])
    OM_uint32 minor, major;
    gss_ctx_id_t context;
    gss_union_ctx_id_desc uctx;
    krb5_gss_ctx_id_rec kgctx;
    krb5_key k1, k2;
    krb5_keyblock kb1, kb2;
    gss_buffer_desc in, out;
    unsigned char k1buf[32], k2buf[32], outbuf[44];
    size_t i;

     * Fake up just enough of a krb5 GSS context to make gss_pseudo_random
     * work, with chosen subkeys and acceptor subkeys.  If we implement
     * gss_import_lucid_sec_context, we can rewrite this to use public
     * interfaces and stop using private headers and internal knowledge of the
     * implementation.
    context = (gss_ctx_id_t)&uctx;
    memset(&uctx, 0, sizeof(uctx));
    uctx.mech_type = &mech_krb5;
    uctx.internal_ctx_id = (gss_ctx_id_t)&kgctx;
    memset(&kgctx, 0, sizeof(kgctx));
    kgctx.k5_context = NULL;
    kgctx.established = 1;
    kgctx.have_acceptor_subkey = 1;
    kb1.contents = k1buf;
    kb2.contents = k2buf;
    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
        /* Set up the keys for this test. */
        kb1.enctype = tests[i].enctype;
        kb1.length = fromhex(tests[i].key1, k1buf);
        check_k5err(NULL, "create_key", krb5_k_create_key(NULL, &kb1, &k1));
        kgctx.subkey = k1;
        kb2.enctype = tests[i].enctype;
        kb2.length = fromhex(tests[i].key2, k2buf);
        check_k5err(NULL, "create_key", krb5_k_create_key(NULL, &kb2, &k2));
        kgctx.acceptor_subkey = k2;

        /* Generate a PRF value with the subkey and an empty input, and compare
         * it to the first expected output. */
        in.length = 0;
        in.value = NULL;
        major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_PARTIAL, &in,
                                  44, &out);
        check_gsserr("gss_pseudo_random", major, minor);
        (void)fromhex(tests[i].out1, outbuf);
        assert(out.length == 44 && memcmp(out.value, outbuf, 44) == 0);
        (void)gss_release_buffer(&minor, &out);

        /* Generate a PRF value with the acceptor subkey and the 61-byte input
         * string, and compare it to the second expected output. */
        in.length = strlen(inputstr);
        in.value = (char *)inputstr;
        major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_FULL, &in, 44,
        check_gsserr("gss_pseudo_random", major, minor);
        (void)fromhex(tests[i].out2, outbuf);
        assert(out.length == 44 && memcmp(out.value, outbuf, 44) == 0);
        (void)gss_release_buffer(&minor, &out);

        /* Also check that generating zero bytes of output works. */
        major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_FULL, &in, 0,
        check_gsserr("gss_pseudo_random", major, minor);
        assert(out.length == 0);
        (void)gss_release_buffer(&minor, &out);

        krb5_k_free_key(NULL, k1);
        krb5_k_free_key(NULL, k2);
    return 0;