From d4efd9fe567631b9d5f3ffa8b53a22953e5069cb Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 7 Dec 2015 23:32:18 -0500 Subject: [PATCH] Add aes-sha2 test cases Add test cases for all of the test vectors in the aes-sha2 draft. In t_cksums.c and t_decrypt.c, modify the test structure to allow for binary plaintexts. In t_str2key.c, modify the test structure to allow for binary salts. In t_derive.c, allow tests to have outputs which don't match the key size, using krb5int_derive_random() instead of krb5int_derive_key(). Add test cases for KRB-FX-CF2 and for gss_pseudo_random() using test vectors generated ourselves. Add k5test and dejagnu test passes for aes-sha2 enctypes. ticket: 8490 --- src/lib/crypto/crypto_tests/t_cf2.expected | 2 + src/lib/crypto/crypto_tests/t_cf2.in | 10 + src/lib/crypto/crypto_tests/t_cksums.c | 67 ++++--- src/lib/crypto/crypto_tests/t_decrypt.c | 210 +++++++++++++++------ src/lib/crypto/crypto_tests/t_derive.c | 121 ++++++++++-- src/lib/crypto/crypto_tests/t_encrypt.c | 2 + src/lib/crypto/crypto_tests/t_prf.c | 22 +++ src/lib/crypto/crypto_tests/t_short.c | 2 + src/lib/crypto/crypto_tests/t_str2key.c | 169 ++++++++++------- src/lib/crypto/libk5crypto.exports | 3 + src/tests/dejagnu/config/default.exp | 24 +++ src/tests/gssapi/t_prf.c | 16 +- src/util/k5test.py | 20 ++ 13 files changed, 503 insertions(+), 165 deletions(-) diff --git a/src/lib/crypto/crypto_tests/t_cf2.expected b/src/lib/crypto/crypto_tests/t_cf2.expected index 007000f217..11a24b8009 100644 --- a/src/lib/crypto/crypto_tests/t_cf2.expected +++ b/src/lib/crypto/crypto_tests/t_cf2.expected @@ -3,3 +3,5 @@ 43bae3738c9467e6 e58f9eb643862c13ad38e529313462a7f73e62834fe54a01 24d7f6b6bae4e5c00d2082c5ebab3672 +edd02a39d2dbde31611c16e610be062c +67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584 diff --git a/src/lib/crypto/crypto_tests/t_cf2.in b/src/lib/crypto/crypto_tests/t_cf2.in index 094c2392fd..e62ead7d80 100644 --- a/src/lib/crypto/crypto_tests/t_cf2.in +++ b/src/lib/crypto/crypto_tests/t_cf2.in @@ -23,3 +23,13 @@ key1 key2 a b +19 +key1 +key2 +a +b +20 +key1 +key2 +a +b diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c index 7c4c6dbb67..4b5406e67c 100644 --- a/src/lib/crypto/crypto_tests/t_cksums.c +++ b/src/lib/crypto/crypto_tests/t_cksums.c @@ -33,7 +33,7 @@ #include "k5-int.h" struct test { - char *plaintext; + krb5_data plaintext; krb5_cksumtype sumtype; krb5_enctype enctype; krb5_keyusage usage; @@ -41,32 +41,32 @@ struct test { krb5_data cksum; } test_cases[] = { { - "abc", + { KV5M_DATA, 3, "abc" }, CKSUMTYPE_CRC32, 0, 0, { KV5M_DATA, 0, "" }, { KV5M_DATA, 4, "\xD0\x98\x65\xCA" } }, { - "one", + { KV5M_DATA, 3, "one" }, CKSUMTYPE_RSA_MD4, 0, 0, { KV5M_DATA, 0, "" }, { KV5M_DATA, 16, "\x30\x5D\xCC\x2C\x0F\xDD\x53\x39\x96\x95\x52\xC7\xB8\x99\x63\x48" } }, { - "two three four five", + { KV5M_DATA, 19, "two three four five" }, CKSUMTYPE_RSA_MD5, 0, 0, { KV5M_DATA, 0, "" }, { KV5M_DATA, 16, "\xBA\xB5\x32\x15\x51\xE1\x08\x44\x90\x86\x96\x35\xB3\xC2\x68\x15" } }, { - "", + { KV5M_DATA, 0, "" }, CKSUMTYPE_NIST_SHA, 0, 0, { KV5M_DATA, 0, "" }, { KV5M_DATA, 20, "\xDA\x39\xA3\xEE\x5E\x6B\x4B\x0D\x32\x55\xBF\xEF\x95\x60\x18\x90" "\xAF\xD8\x07\x09" } }, { - "six seven", + { KV5M_DATA, 9, "six seven" }, CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2, { KV5M_DATA, 24, "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" @@ -76,7 +76,7 @@ struct test { "\x99\x08\x2B\xB4" } }, { - "eight nine ten eleven twelve thirteen", + { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" }, CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3, { KV5M_DATA, 16, "\x90\x62\x43\x0C\x8C\xDA\x33\x88\x92\x2E\x6D\x6A\x50\x9F\x5B\x7A" }, @@ -84,7 +84,7 @@ struct test { "\x01\xA4\xB0\x88\xD4\x56\x28\xF6\x94\x66\x14\xE3" } }, { - "fourteen", + { KV5M_DATA, 8, "fourteen" }, CKSUMTYPE_HMAC_SHA1_96_AES256, ENCTYPE_AES256_CTS_HMAC_SHA1_96, 4, { KV5M_DATA, 32, "\xB1\xAE\x4C\xD8\x46\x2A\xFF\x16\x77\x05\x3C\xC9\x27\x9A\xAC\x30" @@ -93,7 +93,7 @@ struct test { "\xE0\x87\x39\xE3\x27\x9E\x29\x03\xEC\x8E\x38\x36" } }, { - "fifteen sixteen", + { KV5M_DATA, 15, "fifteen sixteen" }, CKSUMTYPE_MD5_HMAC_ARCFOUR, ENCTYPE_ARCFOUR_HMAC, 5, { KV5M_DATA, 16, "\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" }, @@ -101,7 +101,7 @@ struct test { "\x9F\x41\xDF\x30\x49\x07\xDE\x73\x54\x47\x00\x1F\xD2\xA1\x97\xB9" } }, { - "seventeen eighteen nineteen twenty", + { KV5M_DATA, 34, "seventeen eighteen nineteen twenty" }, CKSUMTYPE_HMAC_MD5_ARCFOUR, ENCTYPE_ARCFOUR_HMAC, 6, { KV5M_DATA, 16, "\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" }, @@ -109,7 +109,7 @@ struct test { "\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" } }, { - "abcdefghijk", + { KV5M_DATA, 11, "abcdefghijk" }, CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7, { KV5M_DATA, 16, "\x1D\xC4\x6A\x8D\x76\x3F\x4F\x93\x74\x2B\xCB\xA3\x38\x75\x76\xC3" }, @@ -117,7 +117,7 @@ struct test { "\x11\x78\xE6\xC5\xC4\x7A\x8C\x1A\xE0\xC4\xB9\xC7\xD4\xEB\x7B\x6B" } }, { - "ABCDEFGHIJKLMNOPQRSTUVWXYZ", + { KV5M_DATA, 26, "ABCDEFGHIJKLMNOPQRSTUVWXYZ" }, CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 8, { KV5M_DATA, 16, "\x50\x27\xBC\x23\x1D\x0F\x3A\x9D\x23\x33\x3F\x1C\xA6\xFD\xBE\x7C" }, @@ -125,7 +125,7 @@ struct test { "\xD1\xB3\x4F\x70\x04\xA7\x31\xF2\x3A\x0C\x00\xBF\x6C\x3F\x75\x3A" } }, { - "123456789", + { KV5M_DATA, 9, "123456789" }, CKSUMTYPE_CMAC_CAMELLIA256, ENCTYPE_CAMELLIA256_CTS_CMAC, 9, { KV5M_DATA, 32, "\xB6\x1C\x86\xCC\x4E\x5D\x27\x57\x54\x5A\xD4\x23\x39\x9F\xB7\x03" @@ -134,7 +134,7 @@ struct test { "\x87\xA1\x2C\xFD\x2B\x96\x21\x48\x10\xF0\x1C\x82\x6E\x77\x44\xB1" } }, { - "!@#$%^&*()!@#$%^&*()!@#$%^&*()", + { KV5M_DATA, 30, "!@#$%^&*()!@#$%^&*()!@#$%^&*()" }, CKSUMTYPE_CMAC_CAMELLIA256, ENCTYPE_CAMELLIA256_CTS_CMAC, 10, { KV5M_DATA, 32, "\x32\x16\x4C\x5B\x43\x4D\x1D\x15\x38\xE4\xCF\xD9\xBE\x80\x40\xFE" @@ -142,6 +142,30 @@ struct test { { KV5M_DATA, 16, "\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" } }, + { + { KV5M_DATA, 21, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14" }, + CKSUMTYPE_HMAC_SHA256_128_AES128, ENCTYPE_AES128_CTS_HMAC_SHA256_128, + 2, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 16, + "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE" } + }, + { + { KV5M_DATA, 21, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14" }, + CKSUMTYPE_HMAC_SHA384_192_AES256, ENCTYPE_AES256_CTS_HMAC_SHA384_192, + 2, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 24, + "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D" + "\x43\xC3\xBF\xA0\x66\x99\x67\x2A" } + }, }; static void @@ -172,7 +196,6 @@ main(int argc, char **argv) size_t i; struct test *test; krb5_keyblock kb, *kbp; - krb5_data plain; krb5_checksum cksum; krb5_cksumtype mtype; krb5_boolean valid, verbose = FALSE; @@ -190,15 +213,15 @@ main(int argc, char **argv) kbp = &kb; } else kbp = NULL; - plain = string2data(test->plaintext); ret = krb5_c_make_checksum(context, test->sumtype, kbp, test->usage, - &plain, &cksum); + &test->plaintext, &cksum); assert(!ret); if (verbose) { char buf[64]; krb5_cksumtype_to_string(test->sumtype, buf, sizeof(buf)); printf("\nTest %d:\n", (int)i); - printf("Plaintext: %s\n", test->plaintext); + printf("Plaintext: %.*s\n", (int)test->plaintext.length, + test->plaintext.data); printf("Checksum type: %s\n", buf); if (test->enctype != 0) { krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf)); @@ -217,8 +240,8 @@ main(int argc, char **argv) } /* Test that the checksum verifies successfully. */ - ret = krb5_c_verify_checksum(context, kbp, test->usage, &plain, &cksum, - &valid); + ret = krb5_c_verify_checksum(context, kbp, test->usage, + &test->plaintext, &cksum, &valid); assert(!ret); if (!valid) { printf("test %d verify failed\n", (int)i); @@ -234,8 +257,8 @@ main(int argc, char **argv) /* Test that a checksum type of 0 uses the mandatory checksum * type for the key. */ cksum.checksum_type = 0; - ret = krb5_c_verify_checksum(context, kbp, test->usage, &plain, - &cksum, &valid); + ret = krb5_c_verify_checksum(context, kbp, test->usage, + &test->plaintext, &cksum, &valid); assert(!ret && valid); } } diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c index 3637456271..1dbc4dd1b6 100644 --- a/src/lib/crypto/crypto_tests/t_decrypt.c +++ b/src/lib/crypto/crypto_tests/t_decrypt.c @@ -34,14 +34,14 @@ struct test { krb5_enctype enctype; - const char *plaintext; + krb5_data plaintext; krb5_keyusage usage; krb5_data keybits; krb5_data ciphertext; } test_cases[] = { { ENCTYPE_DES_CBC_CRC, - "", 0, + { KV5M_DATA, 0, "" }, 0, { KV5M_DATA, 8, "\x45\xE6\x08\x7C\xDF\x13\x8F\xB5" }, { KV5M_DATA, 16, @@ -49,7 +49,7 @@ struct test { }, { ENCTYPE_DES_CBC_CRC, - "1", 1, + { KV5M_DATA, 1, "1" }, 1, { KV5M_DATA, 8, "\x92\xA7\x15\x58\x10\x58\x6B\x2F" }, { KV5M_DATA, 16, @@ -57,7 +57,7 @@ struct test { }, { ENCTYPE_DES_CBC_CRC, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss" }, 2, { KV5M_DATA, 8, "\xA4\xB9\x51\x4A\x61\x64\x64\x23" }, { KV5M_DATA, 24, @@ -66,7 +66,7 @@ struct test { }, { ENCTYPE_DES_CBC_CRC, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 8, "\x2F\x16\xA2\xA7\xFD\xB0\x57\x68" }, { KV5M_DATA, 32, @@ -75,7 +75,7 @@ struct test { }, { ENCTYPE_DES_CBC_CRC, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 8, "\xBC\x8F\x70\xFD\x20\x97\xD6\x7C" }, { KV5M_DATA, 48, @@ -86,7 +86,7 @@ struct test { { ENCTYPE_DES_CBC_MD4, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 8, "\x13\xEF\x45\xD0\xD6\xD9\xA1\x5D" }, { KV5M_DATA, 24, @@ -95,7 +95,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD4, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 8, "\x64\x68\x86\x54\xDC\x26\x9E\x67" }, { KV5M_DATA, 32, @@ -104,7 +104,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD4, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 8, "\x68\x04\xFB\x26\xDF\x8A\x4C\x32" }, { KV5M_DATA, 40, @@ -114,7 +114,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD4, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 8, "\x23\x4A\x43\x6E\xC7\x2F\xA8\x0B" }, { KV5M_DATA, 40, @@ -124,7 +124,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD4, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 8, "\x1F\xD5\xF7\x43\x34\xC4\xFB\x8C" }, { KV5M_DATA, 56, @@ -136,7 +136,7 @@ struct test { { ENCTYPE_DES_CBC_MD5, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 8, "\x4A\x54\x5E\x0B\xF7\xA2\x26\x31" }, { KV5M_DATA, 24, @@ -145,7 +145,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD5, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 8, "\xD5\x80\x4A\x26\x9D\xC4\xE6\x45" }, { KV5M_DATA, 32, @@ -154,7 +154,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD5, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 8, "\xC8\x31\x2F\x7F\x83\xEA\x46\x40" }, { KV5M_DATA, 40, @@ -164,7 +164,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD5, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 8, "\x7F\xDA\x3E\x62\xAD\x8A\xF1\x8C" }, { KV5M_DATA, 40, @@ -174,7 +174,7 @@ struct test { }, { ENCTYPE_DES_CBC_MD5, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 8, "\xD3\xD6\x83\x29\x70\xA7\x37\x52" }, { KV5M_DATA, 56, @@ -186,7 +186,7 @@ struct test { { ENCTYPE_DES3_CBC_SHA1, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 24, "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, @@ -196,7 +196,7 @@ struct test { }, { ENCTYPE_DES3_CBC_SHA1, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 24, "\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6" "\x40\x45\x23\x85\x32\x29\x62\xB6" }, @@ -207,7 +207,7 @@ struct test { }, { ENCTYPE_DES3_CBC_SHA1, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 24, "\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85" "\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" }, @@ -218,7 +218,7 @@ struct test { }, { ENCTYPE_DES3_CBC_SHA1, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 24, "\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51" "\x76\xE3\x98\x13\x32\xF1\xE5\x98" }, @@ -229,7 +229,7 @@ struct test { }, { ENCTYPE_DES3_CBC_SHA1, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 24, "\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20" "\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" }, @@ -242,7 +242,7 @@ struct test { { ENCTYPE_ARCFOUR_HMAC, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 16, "\xF8\x1F\xEC\x39\x25\x5F\x57\x84\xE8\x50\xC4\x37\x7C\x88\xBD\x85" }, { KV5M_DATA, 24, @@ -251,7 +251,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 16, "\x67\xD1\x30\x0D\x28\x12\x23\x86\x7F\x96\x47\xFF\x48\x72\x12\x73" }, { KV5M_DATA, 25, @@ -260,7 +260,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 16, "\x3E\x40\xAB\x60\x93\x69\x52\x81\xB3\xAC\x1A\x93\x04\x22\x4D\x98" }, { KV5M_DATA, 33, @@ -270,7 +270,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 16, "\x4B\xA2\xFB\xF0\x37\x9F\xAE\xD8\x7A\x25\x4D\x3B\x35\x3D\x5A\x7E" }, { KV5M_DATA, 37, @@ -280,7 +280,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 16, "\x68\xF2\x63\xDB\x3F\xCE\x15\xD0\x31\xC9\xEA\xB0\x2D\x67\x10\x7A" }, { KV5M_DATA, 54, @@ -292,7 +292,7 @@ struct test { { ENCTYPE_ARCFOUR_HMAC_EXP, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 16, "\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" }, { KV5M_DATA, 24, @@ -301,7 +301,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC_EXP, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 16, "\xDE\xEA\xA0\x60\x7D\xB7\x99\xE2\xFD\xD6\xDB\x29\x86\xBB\x8D\x65" }, { KV5M_DATA, 25, @@ -310,7 +310,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC_EXP, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 16, "\x33\xAD\x7F\xC2\x67\x86\x15\x56\x9B\x2B\x09\x83\x6E\x0A\x3A\xB6" }, { KV5M_DATA, 33, @@ -320,7 +320,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC_EXP, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 16, "\x39\xF2\x5C\xD4\xF0\xD4\x1B\x2B\x2D\x9D\x30\x0F\xCB\x29\x81\xCB" }, { KV5M_DATA, 37, @@ -330,7 +330,7 @@ struct test { }, { ENCTYPE_ARCFOUR_HMAC_EXP, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 16, "\x9F\x72\x55\x42\xD9\xF7\x2A\xA1\xF3\x86\xCB\xE7\x89\x69\x84\xFC" }, { KV5M_DATA, 54, @@ -342,7 +342,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 16, "\x5A\x5C\x0F\x0B\xA5\x4F\x38\x28\xB2\x19\x5E\x66\xCA\x24\xA2\x89" }, { KV5M_DATA, 28, @@ -351,7 +351,7 @@ struct test { }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 16, "\x98\x45\x0E\x3F\x3B\xAA\x13\xF5\xC9\x9B\xEB\x93\x69\x81\xB0\x6F" }, { KV5M_DATA, 29, @@ -360,7 +360,7 @@ struct test { }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 16, "\x90\x62\x43\x0C\x8C\xDA\x33\x88\x92\x2E\x6D\x6A\x50\x9F\x5B\x7A" }, { KV5M_DATA, 37, @@ -370,7 +370,7 @@ struct test { }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 16, "\x03\x3E\xE6\x50\x2C\x54\xFD\x23\xE2\x77\x91\xE9\x87\x98\x38\x27" }, { KV5M_DATA, 41, @@ -380,7 +380,7 @@ struct test { }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 16, "\xDC\xEE\xB7\x0B\x3D\xE7\x65\x62\xE6\x89\x22\x6C\x76\x42\x91\x48" }, { KV5M_DATA, 58, @@ -392,7 +392,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 32, "\x17\xF2\x75\xF2\x95\x4F\x2E\xD1\xF9\x0C\x37\x7B\xA7\xF4\xD6\xA3" "\x69\xAA\x01\x36\xE0\xBF\x0C\x92\x7A\xD6\x13\x3C\x69\x37\x59\xA9" }, @@ -402,7 +402,7 @@ struct test { }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 32, "\xB9\x47\x7E\x1F\xF0\x32\x9C\x00\x50\xE2\x0C\xE6\xC7\x2D\x2D\xFF" "\x27\xE8\xFE\x54\x1A\xB0\x95\x44\x29\xA9\xCB\x5B\x4F\x7B\x1E\x2A" }, @@ -412,7 +412,7 @@ struct test { }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 32, "\xB1\xAE\x4C\xD8\x46\x2A\xFF\x16\x77\x05\x3C\xC9\x27\x9A\xAC\x30" "\xB7\x96\xFB\x81\xCE\x21\x47\x4D\xD3\xDD\xBC\xFE\xA4\xEC\x76\xD7" }, @@ -423,7 +423,7 @@ struct test { }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 32, "\xE5\xA7\x2B\xE9\xB7\x92\x6C\x12\x25\xBA\xFE\xF9\xC1\x87\x2E\x7B" "\xA4\xCD\xB2\xB1\x78\x93\xD8\x4A\xBD\x90\xAC\xDD\x87\x64\xD9\x66" }, @@ -434,7 +434,7 @@ struct test { }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 32, "\xF1\xC7\x95\xE9\x24\x8A\x09\x33\x8D\x82\xC3\xF8\xD5\xB5\x67\x04" "\x0B\x01\x10\x73\x68\x45\x04\x13\x47\x23\x5B\x14\x04\x23\x13\x98" }, @@ -447,7 +447,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 16, "\x1D\xC4\x6A\x8D\x76\x3F\x4F\x93\x74\x2B\xCB\xA3\x38\x75\x76\xC3" }, { KV5M_DATA, 32, @@ -456,7 +456,7 @@ struct test { }, { ENCTYPE_CAMELLIA128_CTS_CMAC, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 16, "\x50\x27\xBC\x23\x1D\x0F\x3A\x9D\x23\x33\x3F\x1C\xA6\xFD\xBE\x7C" }, { KV5M_DATA, 33, @@ -466,7 +466,7 @@ struct test { }, { ENCTYPE_CAMELLIA128_CTS_CMAC, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 16, "\xA1\xBB\x61\xE8\x05\xF9\xBA\x6D\xDE\x8F\xDB\xDD\xC0\x5C\xDE\xA0" }, { KV5M_DATA, 41, @@ -476,7 +476,7 @@ struct test { }, { ENCTYPE_CAMELLIA128_CTS_CMAC, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 16, "\x2C\xA2\x7A\x5F\xAF\x55\x32\x24\x45\x06\x43\x4E\x1C\xEF\x66\x76" }, { KV5M_DATA, 45, @@ -486,7 +486,7 @@ struct test { }, { ENCTYPE_CAMELLIA128_CTS_CMAC, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 16, "\x78\x24\xF8\xC1\x6F\x83\xFF\x35\x4C\x6B\xF7\x51\x5B\x97\x3F\x43" }, { KV5M_DATA, 62, @@ -498,7 +498,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, - "", 0, + { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 32, "\xB6\x1C\x86\xCC\x4E\x5D\x27\x57\x54\x5A\xD4\x23\x39\x9F\xB7\x03" "\x1E\xCA\xB9\x13\xCB\xB9\x00\xBD\x7A\x3C\x6D\xD8\xBF\x92\x01\x5B" }, @@ -508,7 +508,7 @@ struct test { }, { ENCTYPE_CAMELLIA256_CTS_CMAC, - "1", 1, + { KV5M_DATA, 1, "1", }, 1, { KV5M_DATA, 32, "\x1B\x97\xFE\x0A\x19\x0E\x20\x21\xEB\x30\x75\x3E\x1B\x6E\x1E\x77" "\xB0\x75\x4B\x1D\x68\x46\x10\x35\x58\x64\x10\x49\x63\x46\x38\x33" }, @@ -519,7 +519,7 @@ struct test { }, { ENCTYPE_CAMELLIA256_CTS_CMAC, - "9 bytesss", 2, + { KV5M_DATA, 9, "9 bytesss", }, 2, { KV5M_DATA, 32, "\x32\x16\x4C\x5B\x43\x4D\x1D\x15\x38\xE4\xCF\xD9\xBE\x80\x40\xFE" "\x8C\x4A\xC7\xAC\xC4\xB9\x3D\x33\x14\xD2\x13\x36\x68\x14\x7A\x05" }, @@ -530,7 +530,7 @@ struct test { }, { ENCTYPE_CAMELLIA256_CTS_CMAC, - "13 bytes byte", 3, + { KV5M_DATA, 13, "13 bytes byte", }, 3, { KV5M_DATA, 32, "\xB0\x38\xB1\x32\xCD\x8E\x06\x61\x22\x67\xFA\xB7\x17\x00\x66\xD8" "\x8A\xEC\xCB\xA0\xB7\x44\xBF\xC6\x0D\xC8\x9B\xCA\x18\x2D\x07\x15" }, @@ -541,7 +541,7 @@ struct test { }, { ENCTYPE_CAMELLIA256_CTS_CMAC, - "30 bytes bytes bytes bytes byt", 4, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, { KV5M_DATA, 32, "\xCC\xFC\xD3\x49\xBF\x4C\x66\x77\xE8\x6E\x4B\x02\xB8\xEA\xB9\x24" "\xA5\x46\xAC\x73\x1C\xF9\xBF\x69\x89\xB9\x96\xE7\xD6\xBF\xBB\xA7" }, @@ -551,6 +551,104 @@ struct test { "\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84" "\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" } }, + + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 0, "", }, 2, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 32, + "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D" + "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18" } + }, + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 6, "\x00\x01\x02\x03\x04\x05", }, 2, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 38, + "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF" + "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4" + "\x42\x1D\xFD\xF8\x97\x6C" } + }, + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 16, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" }, + 2, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 48, + "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A" + "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2" + "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3" } + }, + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 21, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14" }, + 2, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 53, + "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36" + "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC" + "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34" + "\xA2\x87\xFF\xCB\xFC" } + }, + + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 0, "", }, 2, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 40, + "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0" + "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74" + "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C" } + }, + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 6, "\x00\x01\x02\x03\x04\x05", }, 2, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 46, + "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7" + "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60" + "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2" } + }, + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 16, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" }, + 2, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 56, + "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B" + "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6" + "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E" + "\x40\xC4\xFF\x25\x5B\x36\xA2\x66" } + }, + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 21, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14" }, + 2, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 61, + "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE" + "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2" + "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A" + "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62" } + }, }; static void @@ -584,7 +682,9 @@ enctypes[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_CAMELLIA128_CTS_CMAC, - ENCTYPE_CAMELLIA256_CTS_CMAC + ENCTYPE_CAMELLIA256_CTS_CMAC, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + ENCTYPE_AES256_CTS_HMAC_SHA384_192 }; static char *plaintexts[] = { @@ -663,9 +763,9 @@ main(int argc, char **argv) printf("decrypt test %d failed to decrypt\n", (int)i); return 1; } - assert(plain.length >= strlen(test->plaintext)); - if (memcmp(plain.data, test->plaintext, - strlen(test->plaintext)) != 0) { + assert(plain.length >= test->plaintext.length); + if (memcmp(plain.data, test->plaintext.data, + test->plaintext.length) != 0) { printf("decrypt test %d produced wrong result\n", (int)i); return 1; } diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c index f8c32917af..381ae4393d 100644 --- a/src/lib/crypto/crypto_tests/t_derive.c +++ b/src/lib/crypto/crypto_tests/t_derive.c @@ -200,6 +200,70 @@ struct test { "\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB" "\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" } }, + + /* Kc, Ke, Ki for an aes128-sha2 key. */ + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 5, "\0\0\0\2\x99" }, + DERIVE_SP800_108_HMAC, + { KV5M_DATA, 16, + "\xB3\x1A\x01\x8A\x48\xF5\x47\x76\xF4\x03\xE9\xA3\x96\x32\x5D\xC3" } + }, + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 5, "\0\0\0\2\xAA" }, + DERIVE_SP800_108_HMAC, + { KV5M_DATA, 16, + "\x9B\x19\x7D\xD1\xE8\xC5\x60\x9D\x6E\x67\xC3\xE3\x7C\x62\xC7\x2E" } + }, + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 5, "\0\0\0\2\x55" }, + DERIVE_SP800_108_HMAC, + { KV5M_DATA, 16, + "\x9F\xDA\x0E\x56\xAB\x2D\x85\xE1\x56\x9A\x68\x86\x96\xC2\x6A\x6C" } + }, + + /* Kc, Ke, Ki for an aes256-sha2 key. */ + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 5, "\0\0\0\2\x99" }, + DERIVE_SP800_108_HMAC, + { KV5M_DATA, 24, + "\xEF\x57\x18\xBE\x86\xCC\x84\x96\x3D\x8B\xBB\x50\x31\xE9\xF5\xC4" + "\xBA\x41\xF2\x8F\xAF\x69\xE7\x3D" } + }, + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 5, "\0\0\0\2\xAA" }, + DERIVE_SP800_108_HMAC, + { KV5M_DATA, 32, + "\x56\xAB\x22\xBE\xE6\x3D\x82\xD7\xBC\x52\x27\xF6\x77\x3F\x8E\xA7" + "\xA5\xEB\x1C\x82\x51\x60\xC3\x83\x12\x98\x0C\x44\x2E\x5C\x7E\x49" } + }, + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 5, "\0\0\0\2\x55" }, + DERIVE_SP800_108_HMAC, + { KV5M_DATA, 24, + "\x69\xB1\x65\x14\xE3\xCD\x8E\x56\xB8\x20\x10\xD5\xC7\x30\x12\xB6" + "\x22\xC4\xD0\x0F\xFC\x23\xED\x1F" } + }, }; static void @@ -226,15 +290,27 @@ static const struct krb5_enc_provider * get_enc_provider(krb5_enctype enctype) { switch (enctype) { - case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; - case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; - case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; - case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; - case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256; + case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; + case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; + case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256; + case ENCTYPE_AES128_CTS_HMAC_SHA256_128: return &krb5int_enc_aes128; + case ENCTYPE_AES256_CTS_HMAC_SHA384_192: return &krb5int_enc_aes256; } abort(); } +static const struct krb5_hash_provider * +get_hash_provider(krb5_enctype enctype) +{ + switch (enctype) { + case ENCTYPE_AES128_CTS_HMAC_SHA256_128: return &krb5int_hash_sha256; + case ENCTYPE_AES256_CTS_HMAC_SHA384_192: return &krb5int_hash_sha384; + } + return NULL; +} + int main(int argc, char **argv) { @@ -243,8 +319,10 @@ main(int argc, char **argv) size_t i; struct test *test; krb5_keyblock kb; - krb5_key inkey, outkey; + krb5_key inkey = NULL, key = NULL; + krb5_data rnd = empty_data(), outcmp; const struct krb5_enc_provider *enc; + const struct krb5_hash_provider *hash; krb5_boolean verbose = FALSE; int status = 0; @@ -259,9 +337,20 @@ main(int argc, char **argv) ret = krb5_k_create_key(context, &kb, &inkey); assert(!ret); enc = get_enc_provider(test->enctype); - ret = krb5int_derive_key(enc, NULL, inkey, &outkey, &test->constant, - test->alg); - assert(!ret); + hash = get_hash_provider(test->enctype); + if (test->expected_key.length == enc->keylength) { + ret = krb5int_derive_key(enc, hash, inkey, &key, &test->constant, + test->alg); + assert(!ret); + outcmp = make_data(key->keyblock.contents, key->keyblock.length); + } else { + ret = alloc_data(&rnd, test->expected_key.length); + assert(!ret); + ret = krb5int_derive_random(enc, hash, inkey, &rnd, + &test->constant, test->alg); + assert(!ret); + outcmp = rnd; + } if (verbose) { char buf[64]; krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf)); @@ -270,19 +359,21 @@ main(int argc, char **argv) printhex("Input key: ", inkey->keyblock.contents, inkey->keyblock.length); printhex("Constant: ", test->constant.data, test->constant.length); - printhex("Output key: ", outkey->keyblock.contents, - outkey->keyblock.length); + printhex("Output: ", outcmp.data, outcmp.length); } - assert(outkey->keyblock.length == test->expected_key.length); - if (memcmp(outkey->keyblock.contents, test->expected_key.data, - outkey->keyblock.length) != 0) { + assert(outcmp.length == test->expected_key.length); + if (memcmp(outcmp.data, test->expected_key.data, outcmp.length) != 0) { printf("derive test %d failed\n", (int)i); status = 1; if (!verbose) break; } + krb5_k_free_key(context, inkey); - krb5_k_free_key(context, outkey); + krb5_k_free_key(context, key); + zapfree(rnd.data, rnd.length); + inkey = key = NULL; + rnd = empty_data(); } return status; } diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index 1ac375e497..4afbddedbc 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -47,6 +47,8 @@ krb5_enctype interesting_enctypes[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, 0 }; diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c index e735d950f6..d9877bd1f7 100644 --- a/src/lib/crypto/crypto_tests/t_prf.c +++ b/src/lib/crypto/crypto_tests/t_prf.c @@ -91,6 +91,28 @@ struct test { { KV5M_DATA, 16, "\x0D\x67\x4D\xD0\xF9\xA6\x80\x65\x25\xA4\xD9\x2E\x82\x8B\xD1\x5A" } }, + + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + { KV5M_DATA, 16, + "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" }, + { KV5M_DATA, 4, "test" }, + { KV5M_DATA, 32, + "\x9D\x18\x86\x16\xF6\x38\x52\xFE\x86\x91\x5B\xB8\x40\xB4\xA8\x86" + "\xFF\x3E\x6B\xB0\xF8\x19\xB4\x9B\x89\x33\x93\xD3\x93\x85\x42\x95" } + }, + + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + { KV5M_DATA, 32, + "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98" + "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" }, + { KV5M_DATA, 4, "test" }, + { KV5M_DATA, 48, + "\x98\x01\xF6\x9A\x36\x8C\x2B\xF6\x75\xE5\x95\x21\xE1\x77\xD9\xA0" + "\x7F\x67\xEF\xE1\xCF\xDE\x8D\x3C\x8D\x6F\x6A\x02\x56\xE3\xB1\x7D" + "\xB3\xC1\xB6\x2A\xD1\xB8\x55\x33\x60\xD1\x73\x67\xEB\x15\x14\xD2" } + }, }; int diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c index 6ee7b1987a..40fa2821f6 100644 --- a/src/lib/crypto/crypto_tests/t_short.c +++ b/src/lib/crypto/crypto_tests/t_short.c @@ -44,6 +44,8 @@ krb5_enctype interesting_enctypes[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, 0 }; diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c index 7ff6efd385..7a78138744 100644 --- a/src/lib/crypto/crypto_tests/t_str2key.c +++ b/src/lib/crypto/crypto_tests/t_str2key.c @@ -29,7 +29,7 @@ struct test { krb5_enctype enctype; char *string; - char *salt; + krb5_data salt; krb5_data params; krb5_data expected_key; krb5_error_code expected_err; @@ -39,7 +39,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xA4\xD0\xD0\x9B\x86\x92\xB0\xC2" }, 0, @@ -48,7 +48,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "M", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xF1\xF2\x9E\xAB\xD0\xEF\xDF\x73" }, 0, @@ -57,7 +57,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xD6\x85\x61\xC4\xF2\x94\xF4\xA1" }, 0, @@ -66,7 +66,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My ", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xD0\xE3\xA7\x83\x94\x61\xE0\xD0" }, 0, @@ -75,7 +75,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My P", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xD5\x62\xCD\x94\x61\xCB\x97\xDF" }, 0, @@ -84,7 +84,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Pa", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x9E\xA2\xA2\xEC\xA8\x8C\x6B\x8F" }, 0, @@ -93,7 +93,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Pas", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xE3\x91\x6D\xD3\x85\xF1\x67\xC4" }, 0, @@ -102,7 +102,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Pass", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xF4\xC4\x73\xC8\x8A\xE9\x94\x6D" }, 0, @@ -111,7 +111,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Passw", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xA1\x9E\xB3\xAD\x6B\xE3\xAB\xD9" }, 0, @@ -120,7 +120,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Passwo", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xAD\xA1\xCE\x10\x37\x83\xA7\x8C" }, 0, @@ -129,7 +129,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Passwor", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xD3\x01\xD0\xF7\x3E\x7A\x49\x0B" }, 0, @@ -138,7 +138,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Password", - "Sodium Chloride", + { KV5M_DATA, 15, "Sodium Chloride" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xB6\x2A\x4A\xEC\x9D\x4C\x68\xDF" }, 0, @@ -147,7 +147,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x61\xEF\xE6\x83\xE5\x8A\x6B\x98" }, 0, @@ -156,7 +156,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "M", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x68\xCD\x68\xAD\xC4\x86\xCD\xE5" }, 0, @@ -165,7 +165,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x83\xA1\xC8\x86\x8F\x67\xD0\x62" }, 0, @@ -174,7 +174,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My ", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x9E\xC7\x8F\xA4\xA4\xB3\xE0\xD5" }, 0, @@ -183,7 +183,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My P", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xD9\x92\x86\x8F\x9D\x8C\x85\xE6" }, 0, @@ -192,7 +192,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Pa", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xDA\xF2\x92\x83\xF4\x9B\xA7\xAD" }, 0, @@ -201,7 +201,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Pas", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x91\xCD\xAD\xEF\x86\xDF\xD3\xA2" }, 0, @@ -210,7 +210,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Pass", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x73\xD3\x67\x68\x8F\x6E\xE3\x73" }, 0, @@ -219,7 +219,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Passw", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xC4\x61\x85\x9D\xAD\xF4\xDC\xB0" }, 0, @@ -228,7 +228,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Passwo", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\xE9\x02\x83\x16\x2C\xEC\xE0\x08" }, 0, @@ -237,7 +237,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Passwor", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x61\xC8\x26\x29\xD9\x73\x6E\xB6" }, 0, @@ -246,7 +246,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "My Password", - "NaCl", + { KV5M_DATA, 4, "NaCl" }, { KV5M_DATA, 1, "\1" }, { KV5M_DATA, 8, "\x8C\xA8\x9E\xC4\xA8\xDC\x31\x73" }, 0, @@ -257,7 +257,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 1, "\0" }, { KV5M_DATA, 8, "\xCB\xC2\x2F\xAE\x23\x52\x98\xE3" }, 0, @@ -266,7 +266,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "potatoe", - "WHITEHOUSE.GOVdanny", + { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" }, { KV5M_DATA, 1, "\0" }, { KV5M_DATA, 8, "\xDF\x3D\x32\xA7\x4F\xD9\x2A\x01" }, 0, @@ -275,7 +275,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "\xF0\x9D\x84\x9E", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 1, "\0" }, { KV5M_DATA, 8, "\x4F\xFB\x26\xBA\xB0\xCD\x94\x13" }, 0, @@ -284,7 +284,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "\xC3\x9F", - "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87", + { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" }, { KV5M_DATA, 1, "\0" }, { KV5M_DATA, 8, "\x62\xC8\x1A\x52\x32\xB5\xE6\x9D" }, 0, @@ -293,7 +293,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "11119999", - "AAAAAAAA", + { KV5M_DATA, 8, "AAAAAAAA" }, { KV5M_DATA, 1, "\0" }, { KV5M_DATA, 8, "\x98\x40\x54\xd0\xf1\xa7\x3e\x31" }, 0, @@ -302,7 +302,7 @@ struct test { { ENCTYPE_DES_CBC_CRC, "NNNN6666", - "FFFFAAAA", + { KV5M_DATA, 8, "FFFFAAAA" }, { KV5M_DATA, 1, "\0" }, { KV5M_DATA, 8, "\xC4\xBF\x6B\x25\xAD\xF7\xA4\xF8" }, 0, @@ -313,7 +313,7 @@ struct test { { ENCTYPE_DES3_CBC_SHA1, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 0, NULL }, { KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C" "\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, @@ -323,7 +323,7 @@ struct test { { ENCTYPE_DES3_CBC_SHA1, "potatoe", - "WHITEHOUSE.GOVdanny", + { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" }, { KV5M_DATA, 0, NULL }, { KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37" "\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" }, @@ -333,7 +333,7 @@ struct test { { ENCTYPE_DES3_CBC_SHA1, "penny", - "EXAMPLE.COMbuckaroo", + { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" }, { KV5M_DATA, 0, NULL }, { KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA" "\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" }, @@ -343,7 +343,7 @@ struct test { { ENCTYPE_DES3_CBC_SHA1, "\xC3\x9F", - "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87", + { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" }, { KV5M_DATA, 0, NULL }, { KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0" "\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" }, @@ -353,7 +353,7 @@ struct test { { ENCTYPE_DES3_CBC_SHA1, "\xF0\x9D\x84\x9E", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 0, NULL }, { KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E" "\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" }, @@ -365,7 +365,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\1" }, { KV5M_DATA, 16, "\x42\x26\x3C\x6E\x89\xF4\xFC\x28\xB8\xDF\x68\xEE\x09\x79\x9F\x15" }, @@ -375,7 +375,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\1" }, { KV5M_DATA, 32, "\xFE\x69\x7B\x52\xBC\x0D\x3C\xE1\x44\x32\xBA\x03\x6A\x92\xE6\x5B" @@ -386,7 +386,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\2" }, { KV5M_DATA, 16, "\xC6\x51\xBF\x29\xE2\x30\x0A\xC2\x7F\xA4\x69\xD6\x93\xBD\xDA\x13" }, @@ -396,7 +396,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\2" }, { KV5M_DATA, 32, "\xA2\xE1\x6D\x16\xB3\x60\x69\xC1\x35\xD5\xE9\xD2\xE2\x5F\x89\x61" @@ -407,7 +407,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 16, "\x4C\x01\xCD\x46\xD6\x32\xD0\x1E\x6D\xBE\x23\x0A\x01\xED\x64\x2A" }, @@ -417,7 +417,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 32, "\x55\xA6\xAC\x74\x0A\xD1\x7B\x48\x46\x94\x10\x51\xE1\xE8\xB0\xA7" @@ -428,7 +428,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "password", - "\x12\x34\x56\x78\x78\x56\x34\x12", + { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" }, { KV5M_DATA, 4, "\0\0\0\5" }, { KV5M_DATA, 16, "\xE9\xB2\x3D\x52\x27\x37\x47\xDD\x5C\x35\xCB\x55\xBE\x61\x9D\x8E" }, @@ -438,7 +438,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "password", - "\x12\x34\x56\x78\x78\x56\x34\x12", + { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" }, { KV5M_DATA, 4, "\0\0\0\5" }, { KV5M_DATA, 32, "\x97\xA4\xE7\x86\xBE\x20\xD8\x1A\x38\x2D\x5E\xBC\x96\xD5\x90\x9C" @@ -449,7 +449,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase equals block size", + { KV5M_DATA, 29, "pass phrase equals block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 16, "\x59\xD1\xBB\x78\x9A\x82\x8B\x1A\xA5\x4E\xF9\xC2\x88\x3F\x69\xED" }, @@ -459,7 +459,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase equals block size", + { KV5M_DATA, 29, "pass phrase equals block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 32, "\x89\xAD\xEE\x36\x08\xDB\x8B\xC7\x1F\x1B\xFB\xFE\x45\x94\x86\xB0" @@ -470,7 +470,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase exceeds block size", + { KV5M_DATA, 30, "pass phrase exceeds block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 16, "\xCB\x80\x05\xDC\x5F\x90\x17\x9A\x7F\x02\x10\x4C\x00\x18\x75\x1D" }, @@ -480,7 +480,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase exceeds block size", + { KV5M_DATA, 30, "pass phrase exceeds block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 32, "\xD7\x8C\x5C\x9C\xB8\x72\xA8\xC9\xDA\xD4\x69\x7F\x0B\xB5\xB2\xD2" @@ -491,7 +491,7 @@ struct test { { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "\xF0\x9D\x84\x9E", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */ { KV5M_DATA, 16, "\xF1\x49\xC1\xF2\xE1\x54\xA7\x34\x52\xD4\x3E\x7F\xE6\x2A\x56\xE5" }, @@ -501,7 +501,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "\xF0\x9D\x84\x9E", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */ { KV5M_DATA, 32, "\x4B\x6D\x98\x39\xF8\x44\x06\xDF\x1F\x09\xCC\x16\x6D\xB4\xB8\x3C" @@ -514,7 +514,7 @@ struct test { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "\xF0\x9D\x84\x9E", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */ { KV5M_DATA, 32, "\x4B\x6D\x98\x39\xF8\x44\x06\xDF\x1F\x09\xCC\x16\x6D\xB4\xB8\x3C" @@ -527,7 +527,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\1" }, { KV5M_DATA, 16, "\x57\xD0\x29\x72\x98\xFF\xD9\xD3\x5D\xE5\xA4\x7F\xB4\xBD\xE2\x4B" }, @@ -537,7 +537,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\1" }, { KV5M_DATA, 32, "\xB9\xD6\x82\x8B\x20\x56\xB7\xBE\x65\x6D\x88\xA1\x23\xB1\xFA\xC6" @@ -548,7 +548,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\2" }, { KV5M_DATA, 16, "\x73\xF1\xB5\x3A\xA0\xF3\x10\xF9\x3B\x1D\xE8\xCC\xAA\x0C\xB1\x52" }, @@ -558,7 +558,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\0\2" }, { KV5M_DATA, 32, "\x83\xFC\x58\x66\xE5\xF8\xF4\xC6\xF3\x86\x63\xC6\x5C\x87\x54\x9F" @@ -569,7 +569,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 16, "\x8E\x57\x11\x45\x45\x28\x55\x57\x5F\xD9\x16\xE7\xB0\x44\x87\xAA" }, @@ -579,7 +579,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "password", - "ATHENA.MIT.EDUraeburn", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 32, "\x77\xF4\x21\xA6\xF2\x5E\x13\x83\x95\xE8\x37\xE5\xD8\x5D\x38\x5B" @@ -590,7 +590,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "password", - "\x12\x34\x56\x78\x78\x56\x34\x12", + { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" }, { KV5M_DATA, 4, "\0\0\0\5" }, { KV5M_DATA, 16, "\x00\x49\x8F\xD9\x16\xBF\xC1\xC2\xB1\x03\x1C\x17\x08\x01\xB3\x81" }, @@ -600,7 +600,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "password", - "\x12\x34\x56\x78\x78\x56\x34\x12", + { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" }, { KV5M_DATA, 4, "\0\0\0\5" }, { KV5M_DATA, 32, "\x11\x08\x3A\x00\xBD\xFE\x6A\x41\xB2\xF1\x97\x16\xD6\x20\x2F\x0A" @@ -611,7 +611,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase equals block size", + { KV5M_DATA, 29, "pass phrase equals block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 16, "\x8B\xF6\xC3\xEF\x70\x9B\x98\x1D\xBB\x58\x5D\x08\x68\x43\xBE\x05" }, @@ -621,7 +621,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase equals block size", + { KV5M_DATA, 29, "pass phrase equals block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 32, "\x11\x9F\xE2\xA1\xCB\x0B\x1B\xE0\x10\xB9\x06\x7A\x73\xDB\x63\xED" @@ -632,7 +632,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase exceeds block size", + { KV5M_DATA, 30, "pass phrase exceeds block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 16, "\x57\x52\xAC\x8D\x6A\xD1\xCC\xFE\x84\x30\xB3\x12\x87\x1C\x2F\x74" }, @@ -642,7 +642,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", - "pass phrase exceeds block size", + { KV5M_DATA, 30, "pass phrase exceeds block size" }, { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */ { KV5M_DATA, 32, "\x61\x4D\x5D\xFC\x0B\xA6\xD3\x90\xB4\x12\xB8\x9A\xE4\xD5\xB0\x88" @@ -653,7 +653,7 @@ struct test { { ENCTYPE_CAMELLIA128_CTS_CMAC, "\xf0\x9d\x84\x9e", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */ { KV5M_DATA, 16, "\xCC\x75\xC7\xFD\x26\x0F\x1C\x16\x58\x01\x1F\xCC\x0D\x56\x06\x16" }, @@ -663,7 +663,7 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "\xf0\x9d\x84\x9e", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */ { KV5M_DATA, 32, "\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E" @@ -676,14 +676,40 @@ struct test { { ENCTYPE_CAMELLIA256_CTS_CMAC, "\xf0\x9d\x84\x9e", - "EXAMPLE.COMpianist", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */ { KV5M_DATA, 32, "\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E" "\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" }, KRB5_ERR_BAD_S2K_PARAMS, FALSE - } + }, + + { + ENCTYPE_AES128_CTS_HMAC_SHA256_128, + "password", + { KV5M_DATA, 37, + "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61" + "ATHENA.MIT.EDUraeburn" }, + { KV5M_DATA, 4, "\x00\x00\x80\x00" }, + { KV5M_DATA, 16, + "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7" }, + 0, + FALSE + }, + { + ENCTYPE_AES256_CTS_HMAC_SHA384_192, + "password", + { KV5M_DATA, 37, + "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61" + "ATHENA.MIT.EDUraeburn" }, + { KV5M_DATA, 4, "\x00\x00\x80\x00" }, + { KV5M_DATA, 32, + "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22" + "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67" }, + 0, + FALSE + }, }; static void @@ -712,7 +738,7 @@ int main(int argc, char **argv) { krb5_context context = NULL; - krb5_data string, salt; + krb5_data string; krb5_error_code ret; krb5_keyblock *keyblock; size_t i; @@ -725,13 +751,12 @@ main(int argc, char **argv) for (i = 0; i < sizeof(test_cases) / sizeof(*test_cases); i++) { test = &test_cases[i]; string = string2data(test->string); - salt = string2data(test->salt); ret = krb5_init_keyblock(context, test->enctype, 0, &keyblock); assert(!ret); k5_allow_weak_pbkdf2iter = test->allow_weak; ret = krb5_c_string_to_key_with_params(context, test->enctype, - &string, &salt, &test->params, - keyblock); + &string, &test->salt, + &test->params, keyblock); if (ret != test->expected_err) { com_err(argv[0], ret, "in krb5_c_string_to_key_with_params"); exit(1); @@ -742,7 +767,7 @@ main(int argc, char **argv) printf("\nTest %d:\n", (int)i); printf("Enctype: %s\n", buf); printf("String: %s\n", test->string); - printf("Salt: %s\n", test->salt); + printhex("Salt: ", test->salt.data, test->salt.length); printhex("Params: ", test->params.data, test->params.length); if (test->expected_err == 0) printhex("Key: ", keyblock->contents, keyblock->length); diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 6ba1d66004..447e456444 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -67,6 +67,8 @@ krb5int_c_free_keyblock krb5int_c_init_keyblock krb5int_hash_md4 krb5int_hash_md5 +krb5int_hash_sha256 +krb5int_hash_sha384 krb5int_enc_arcfour krb5int_hmac krb5_k_create_key @@ -95,6 +97,7 @@ krb5int_enc_aes256 krb5int_enc_camellia128 krb5int_enc_camellia256 krb5int_derive_key +krb5int_derive_random krb5int_aes_enc_blk krb5int_aes_enc_key k5_sha256 diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 1db70fb56a..2d1686c56c 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -188,6 +188,30 @@ set passes { {master_key_type=aes256-cts-hmac-sha1-96} {dummy=[verbose -log "AES enctypes"]} } + { + aes-sha2-only + mode=udp + des3_krbtgt=0 + {supported_enctypes=aes256-sha2:normal} + {permitted_enctypes(kdc)=aes256-sha2} + {permitted_enctypes(slave)=aes256-sha2} + {permitted_enctypes(client)=aes256-sha2} + {permitted_enctypes(server)=aes256-sha2} + {default_tgs_enctypes(kdc)=aes256-sha2} + {default_tgs_enctypes(slave)=aes256-sha2} + {default_tgs_enctypes(client)=aes256-sha2} + {default_tgs_enctypes(server)=aes256-sha2} + {default_tkt_enctypes(kdc)=aes256-sha2} + {default_tkt_enctypes(slave)=aes256-sha2} + {default_tkt_enctypes(client)=aes256-sha2} + {default_tkt_enctypes(server)=aes256-sha2} + {allow_weak_crypto(kdc)=false} + {allow_weak_crypto(slave)=false} + {allow_weak_crypto(client)=false} + {allow_weak_crypto(server)=false} + {master_key_type=aes256-sha2} + {dummy=[verbose -log "aes256-sha2 enctype"]} + } { camellia-only mode=udp diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c index 082edff934..2c8c85188a 100644 --- a/src/tests/gssapi/t_prf.c +++ b/src/tests/gssapi/t_prf.c @@ -88,7 +88,21 @@ static struct { "D8346554163E5949CBAE2FB8EF36AFB6B32CE75116A0", "A171AD582C1AFBBAD52ABD622EE6B6A14D19BF95C6914B2BA40FFD99A88EC660", "A47CBB6E104DCC77E4DB48A7A474B977F2FB6A7A1AB6" - "52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" } + "52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" }, + { ENCTYPE_AES128_CTS_HMAC_SHA256_128, + "089BCA48B105EA6EA77CA5D2F39DC5E7", + "ED1736209B7C59C9F6A3AE8CCC8A7C97ADFDD11688AD" + "F304F2F74252CBACD311A2D9253211FDA49745CE4F62", + "3705D96080C17728A0E800EAB6E0D23C", + "2BB41B183D76D8D5B30CBB049A7EFE9F350EFA058DC2" + "C4D868308D354A7B199BE6FD1F22B53C038BC6036581" }, + { ENCTYPE_AES256_CTS_HMAC_SHA384_192, + "45BD806DBF6A833A9CFFC1C94589A222367A79BC21C413718906E9F578A78467", + "1C613AE8B77A3B4D783F3DCE6C9178FC025E87F48A44" + "784A69CB5FC697FE266A6141905067EF78566D309085", + "6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52", + "D15944B0A44508D1E61213F6455F292A02298F870C01" + "A3F74AD0345A4A6651EBE101976E933F32D44F0B5947" }, }; /* Decode hexstr into out. No length checking. */ diff --git a/src/util/k5test.py b/src/util/k5test.py index 2110e40d49..c3d0263773 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -1210,6 +1210,26 @@ _passes = [ 'supported_enctypes': 'camellia256-cts:normal', 'master_key_type': 'camellia256-cts'}}}), + # Exercise the aes128-sha2 enctype. + ('aes128-sha2', None, + {'libdefaults': { + 'default_tgs_enctypes': 'aes128-sha2', + 'default_tkt_enctypes': 'aes128-sha2', + 'permitted_enctypes': 'aes128-sha2'}}, + {'realms': {'$realm': { + 'supported_enctypes': 'aes128-sha2:normal', + 'master_key_type': 'aes128-sha2'}}}), + + # Exercise the aes256-sha2 enctype. + ('aes256-sha2', None, + {'libdefaults': { + 'default_tgs_enctypes': 'aes256-sha2', + 'default_tkt_enctypes': 'aes256-sha2', + 'permitted_enctypes': 'aes256-sha2'}}, + {'realms': {'$realm': { + 'supported_enctypes': 'aes256-sha2:normal', + 'master_key_type': 'aes256-sha2'}}}), + # Test a setup with modern principal keys but an old TGT key. ('aes256.destgt', 'des-cbc-crc:normal', {'libdefaults': {'allow_weak_crypto': 'true'}}, -- 2.47.2