/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* tests/gssapi/t_iov.c - Test program for IOV functions */ /* * Copyright (C) 2013 by the Massachusetts Institute of Technology. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #include #include #include #include "common.h" /* Concatenate iov (except for sign-only buffers) into a contiguous token. */ static void concat_iov(gss_iov_buffer_desc *iov, size_t iovlen, char **buf_out, size_t *len_out) { size_t len, i; char *buf; /* Concatenate the result into a contiguous buffer. */ len = 0; for (i = 0; i < iovlen; i++) { if (GSS_IOV_BUFFER_TYPE(iov[i].type) != GSS_IOV_BUFFER_TYPE_SIGN_ONLY) len += iov[i].buffer.length; } buf = malloc(len); if (buf == NULL) errout("malloc failed"); len = 0; for (i = 0; i < iovlen; i++) { if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) continue; memcpy(buf + len, iov[i].buffer.value, iov[i].buffer.length); len += iov[i].buffer.length; } *buf_out = buf; *len_out = len; } static void check_encrypted(const char *msg, int conf, const char *buf, const char *plain) { int same = memcmp(buf, plain, strlen(plain)) == 0; if ((conf && same) || (!conf && !same)) errout(msg); } /* * Wrap str in standard form (HEADER | DATA | PADDING | TRAILER) using the * caller-provided array iov, which must have space for four elements. Library * allocation will be used for the header/padding/trailer buffers, so the * caller must check and free them. */ static void wrap_std(gss_ctx_id_t ctx, char *str, gss_iov_buffer_desc *iov, int conf) { OM_uint32 minor, major; int oconf; /* Lay out iov array. */ iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; iov[1].buffer.value = str; iov[1].buffer.length = strlen(str); iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_FLAG_ALLOCATE; iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_FLAG_ALLOCATE; /* Wrap. This will allocate header/padding/trailer buffers as necessary * and encrypt str in place. */ major = gss_wrap_iov(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 4); check_gsserr("gss_wrap_iov(std)", major, minor); if (oconf != conf) errout("gss_wrap_iov(std) conf"); } /* Create standard tokens using gss_wrap_iov and ctx1, and make sure we can * unwrap them using ctx2 in all of the supported ways. */ static void test_standard_wrap(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf) { OM_uint32 major, minor; gss_iov_buffer_desc iov[4], stiov[2]; gss_qop_t qop; gss_buffer_desc input, output; const char *string1 = "The swift brown fox jumped over the lazy dog."; const char *string2 = "Now is the time!"; const char *string3 = "x"; const char *string4 = "!@#"; char data[1024], *fulltoken; size_t len; int oconf; ptrdiff_t offset; /* Wrap a standard token and unwrap it using the iov array. */ memcpy(data, string1, strlen(string1) + 1); wrap_std(ctx1, data, iov, conf); check_encrypted("gss_wrap_iov(std1) encryption", conf, data, string1); major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 4); check_gsserr("gss_unwrap_iov(std1)", major, minor); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(std1) conf/qop"); if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(string1)) errout("gss_unwrap_iov(std1) data buffer"); if (memcmp(data, string1, iov[1].buffer.length) != 0) errout("gss_unwrap_iov(std1) decryption"); (void)gss_release_iov_buffer(&minor, iov, 4); /* Wrap a standard token and unwrap it using gss_unwrap(). */ memcpy(data, string2, strlen(string2) + 1); wrap_std(ctx1, data, iov, conf); concat_iov(iov, 4, &fulltoken, &len); input.value = fulltoken; input.length = len; major = gss_unwrap(&minor, ctx2, &input, &output, &oconf, &qop); check_gsserr("gss_unwrap(std2)", major, minor); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap(std2) conf/qop"); if (output.length != strlen(string2) || memcmp(output.value, string2, output.length) != 0) errout("gss_unwrap(std2) decryption"); (void)gss_release_buffer(&minor, &output); (void)gss_release_iov_buffer(&minor, iov, 4); free(fulltoken); /* Wrap a standard token and unwrap it using a stream buffer. */ memcpy(data, string3, strlen(string3) + 1); wrap_std(ctx1, data, iov, conf); concat_iov(iov, 4, &fulltoken, &len); stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; stiov[0].buffer.value = fulltoken; stiov[0].buffer.length = len; stiov[1].type = GSS_IOV_BUFFER_TYPE_DATA; major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 2); check_gsserr("gss_unwrap_iov(std3)", major, minor); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(std3) conf/qop"); if (stiov[1].buffer.length != strlen(string3) || memcmp(stiov[1].buffer.value, string3, strlen(string3)) != 0) errout("gss_unwrap_iov(std3) decryption"); offset = (char *)stiov[1].buffer.value - fulltoken; if (offset < 0 || (size_t)offset > len) errout("gss_unwrap_iov(std3) offset"); (void)gss_release_iov_buffer(&minor, iov, 4); free(fulltoken); /* Wrap a token using gss_wrap and unwrap it using a stream buffer with * allocation and copying. */ input.value = (char *)string4; input.length = strlen(string4); major = gss_wrap(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &input, &oconf, &output); check_gsserr("gss_wrap(std4)", major, minor); if (oconf != conf) errout("gss_wrap(std4) conf"); stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; stiov[0].buffer = output; stiov[1].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 2); check_gsserr("gss_unwrap_iov(std4)", major, minor); if (!(GSS_IOV_BUFFER_FLAGS(stiov[1].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED)) errout("gss_unwrap_iov(std4) allocated"); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(std4) conf/qop"); if (stiov[1].buffer.length != strlen(string4) || memcmp(stiov[1].buffer.value, string4, strlen(string4)) != 0) errout("gss_unwrap_iov(std4) decryption"); (void)gss_release_buffer(&minor, &output); (void)gss_release_iov_buffer(&minor, stiov, 2); } /* * Wrap an AEAD token (HEADER | SIGN_ONLY | DATA | PADDING | TRAILER) using the * caller-provided array iov, which must have space for five elements, and the * caller-provided buffer data, which must be big enough to handle the test * inputs. Library allocation will not be used. */ static void wrap_aead(gss_ctx_id_t ctx, const char *sign, const char *wrap, gss_iov_buffer_desc *iov, char *data, int conf) { OM_uint32 major, minor; int oconf; char *ptr; /* Lay out iov array. */ iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; iov[1].buffer.value = (char *)sign; iov[1].buffer.length = strlen(sign); iov[2].type = GSS_IOV_BUFFER_TYPE_DATA; iov[2].buffer.value = (char *)wrap; iov[2].buffer.length = strlen(wrap); iov[3].type = GSS_IOV_BUFFER_TYPE_PADDING; iov[4].type = GSS_IOV_BUFFER_TYPE_TRAILER; /* Get header/padding/trailer lengths. */ major = gss_wrap_iov_length(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 5); check_gsserr("gss_wrap_iov_length(aead)", major, minor); if (oconf != conf) errout("gss_wrap_iov_length(aead) conf"); if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign)) errout("gss_wrap_iov_length(aead) sign-only buffer"); if (iov[2].buffer.value != wrap || iov[2].buffer.length != strlen(wrap)) errout("gss_wrap_iov_length(aead) data buffer"); /* Set iov buffer pointers using returned lengths. */ iov[0].buffer.value = data; ptr = data + iov[0].buffer.length; memcpy(ptr, wrap, strlen(wrap)); iov[2].buffer.value = ptr; ptr += iov[2].buffer.length; iov[3].buffer.value = ptr; ptr += iov[3].buffer.length; iov[4].buffer.value = ptr; /* Wrap the AEAD token. */ major = gss_wrap_iov(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 5); check_gsserr("gss_wrap_iov(aead)", major, minor); if (oconf != conf) errout("gss_wrap_iov(aead) conf"); if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign)) errout("gss_wrap_iov(aead) sign-only buffer"); if (iov[2].buffer.length != strlen(wrap)) errout("gss_wrap_iov(aead) data buffer"); check_encrypted("gss_wrap_iov(aead) encryption", conf, iov[2].buffer.value, wrap); } /* Create AEAD tokens using gss_wrap_iov and ctx1, and make sure we can unwrap * them using ctx2 in all of the supported ways. */ static void test_aead(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf) { OM_uint32 major, minor; gss_iov_buffer_desc iov[5], stiov[3]; gss_qop_t qop; gss_buffer_desc input, assoc, output; const char *sign = "This data is only signed."; const char *wrap = "This data is wrapped in-place."; char data[1024], *fulltoken; size_t len; int oconf; ptrdiff_t offset; /* Wrap an AEAD token and unwrap it using the IOV array. */ wrap_aead(ctx1, sign, wrap, iov, data, conf); major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 5); check_gsserr("gss_unwrap_iov(aead1)", major, minor); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(aead1) conf/qop"); if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign)) errout("gss_unwrap_iov(aead1) sign-only buffer"); if (iov[2].buffer.length != strlen(wrap) || memcmp(iov[2].buffer.value, wrap, iov[2].buffer.length) != 0) errout("gss_unwrap_iov(aead1) decryption"); /* Wrap an AEAD token and unwrap it using gss_unwrap_aead. */ wrap_aead(ctx1, sign, wrap, iov, data, conf); concat_iov(iov, 5, &fulltoken, &len); input.value = fulltoken; input.length = len; assoc.value = (char *)sign; assoc.length = strlen(sign); major = gss_unwrap_aead(&minor, ctx2, &input, &assoc, &output, &oconf, &qop); check_gsserr("gss_unwrap_aead(aead2)", major, minor); if (output.length != strlen(wrap) || memcmp(output.value, wrap, output.length) != 0) errout("gss_unwrap_aead(aead2) decryption"); free(fulltoken); (void)gss_release_buffer(&minor, &output); /* Wrap an AEAD token and unwrap it using a stream buffer. */ wrap_aead(ctx1, sign, wrap, iov, data, conf); concat_iov(iov, 5, &fulltoken, &len); stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; stiov[0].buffer.value = fulltoken; stiov[0].buffer.length = len; stiov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; stiov[1].buffer.value = (char *)sign; stiov[1].buffer.length = strlen(sign); stiov[2].type = GSS_IOV_BUFFER_TYPE_DATA; major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 3); check_gsserr("gss_unwrap_iov(aead3)", major, minor); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(aead3) conf/qop"); if (stiov[2].buffer.length != strlen(wrap) || memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0) errout("gss_unwrap_iov(aead3) decryption"); offset = (char *)stiov[2].buffer.value - fulltoken; if (offset < 0 || (size_t)offset > len) errout("gss_unwrap_iov(aead3) offset"); free(fulltoken); (void)gss_release_iov_buffer(&minor, iov, 4); /* Wrap a token using gss_wrap_aead and unwrap it using a stream buffer * with allocation and copying. */ input.value = (char *)wrap; input.length = strlen(wrap); assoc.value = (char *)sign; assoc.length = strlen(sign); major = gss_wrap_aead(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &assoc, &input, &oconf, &output); check_gsserr("gss_wrap_aead(aead4)", major, minor); if (oconf != conf) errout("gss_wrap(aead4) conf"); stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; stiov[0].buffer = output; stiov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; stiov[1].buffer = assoc; stiov[2].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 3); check_gsserr("gss_unwrap_iov(aead4)", major, minor); if (!(GSS_IOV_BUFFER_FLAGS(stiov[2].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED)) errout("gss_unwrap_iov(aead4) allocated"); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(aead4) conf/qop"); if (stiov[2].buffer.length != strlen(wrap) || memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0) errout("gss_unwrap_iov(aead4) decryption"); (void)gss_release_buffer(&minor, &output); (void)gss_release_iov_buffer(&minor, stiov, 3); } /* * Get a MIC for sign1, sign2, and sign3 using the caller-provided array iov, * which must have space for four elements, and the caller-provided buffer * data, which must be big enough for the MIC. If data is NULL, the library * will be asked to allocate the MIC buffer. The MIC will be located in * iov[3].buffer. */ static void mic(gss_ctx_id_t ctx, const char *sign1, const char *sign2, const char *sign3, gss_iov_buffer_desc *iov, char *data) { OM_uint32 minor, major; krb5_boolean allocated; /* Lay out iov array. */ iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; iov[0].buffer.value = (char *)sign1; iov[0].buffer.length = strlen(sign1); iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; iov[1].buffer.value = (char *)sign2; iov[1].buffer.length = strlen(sign2); iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; iov[2].buffer.value = (char *)sign3; iov[2].buffer.length = strlen(sign3); iov[3].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN; if (data == NULL) { /* Ask the library to allocate the MIC buffer. */ iov[3].type |= GSS_IOV_BUFFER_FLAG_ALLOCATE; } else { /* Get the MIC length and use the caller-provided buffer. */ major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 4); check_gsserr("gss_get_mic_iov_length", major, minor); iov[3].buffer.value = data; } major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 4); check_gsserr("gss_get_mic_iov", major, minor); allocated = (GSS_IOV_BUFFER_FLAGS(iov[3].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED) != 0; if (allocated != (data == NULL)) errout("gss_get_mic_iov allocated"); } static void test_mic(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2) { OM_uint32 major, minor; gss_iov_buffer_desc iov[4]; gss_qop_t qop; gss_buffer_desc concatbuf, micbuf; const char *sign1 = "Data and sign-only "; const char *sign2 = "buffers are treated "; const char *sign3 = "equally by gss_get_mic_iov"; char concat[1024], data[1024]; (void)snprintf(concat, sizeof(concat), "%s%s%s", sign1, sign2, sign3); concatbuf.value = concat; concatbuf.length = strlen(concat); /* MIC with a caller-provided buffer and verify with the IOV array. */ mic(ctx1, sign1, sign2, sign3, iov, data); major = gss_verify_mic_iov(&minor, ctx2, &qop, iov, 4); check_gsserr("gss_verify_mic_iov(mic1)", major, minor); if (qop != GSS_C_QOP_DEFAULT) errout("gss_verify_mic_iov(mic1) qop"); /* MIC with an allocated buffer and verify with gss_verify_mic. */ mic(ctx1, sign1, sign2, sign3, iov, NULL); major = gss_verify_mic(&minor, ctx2, &concatbuf, &iov[3].buffer, &qop); check_gsserr("gss_verify_mic(mic2)", major, minor); if (qop != GSS_C_QOP_DEFAULT) errout("gss_verify_mic(mic2) qop"); (void)gss_release_iov_buffer(&minor, iov, 4); /* MIC with gss_c_get_mic and verify using the IOV array (which is still * mostly set up from the last call to mic(). */ major = gss_get_mic(&minor, ctx1, GSS_C_QOP_DEFAULT, &concatbuf, &micbuf); check_gsserr("gss_get_mic(mic3)", major, minor); iov[3].buffer = micbuf; major = gss_verify_mic_iov(&minor, ctx2, &qop, iov, 4); check_gsserr("gss_verify_mic_iov(mic3)", major, minor); if (qop != GSS_C_QOP_DEFAULT) errout("gss_verify_mic_iov(mic3) qop"); (void)gss_release_buffer(&minor, &micbuf); } /* Create a DCE-style token and make sure we can unwrap it. */ static void test_dce(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf) { OM_uint32 major, minor; gss_iov_buffer_desc iov[4]; gss_qop_t qop; const char *sign1 = "First data to be signed"; const char *sign2 = "Second data to be signed"; const char *wrap = "This data must align to 16 bytes"; int oconf; char data[1024]; /* Wrap a SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER token. */ memcpy(data, wrap, strlen(wrap) + 1); iov[0].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; iov[0].buffer.value = (char *)sign1; iov[0].buffer.length = strlen(sign1); iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; iov[1].buffer.value = data; iov[1].buffer.length = strlen(wrap); iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; iov[2].buffer.value = (char *)sign2; iov[2].buffer.length = strlen(sign2); iov[3].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; major = gss_wrap_iov(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 4); check_gsserr("gss_wrap_iov(dce)", major, minor); if (oconf != conf) errout("gss_wrap_iov(dce) conf"); if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1)) errout("gss_wrap_iov(dce) sign1 buffer"); if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap)) errout("gss_wrap_iov(dce) data buffer"); if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2)) errout("gss_wrap_iov(dce) sign2 buffer"); check_encrypted("gss_wrap_iov(dce) encryption", conf, data, wrap); /* Make sure we can unwrap it. */ major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 4); check_gsserr("gss_unwrap_iov(std1)", major, minor); if (oconf != conf || qop != GSS_C_QOP_DEFAULT) errout("gss_unwrap_iov(std1) conf/qop"); if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1)) errout("gss_unwrap_iov(dce) sign1 buffer"); if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap)) errout("gss_unwrap_iov(dce) data buffer"); if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2)) errout("gss_unwrap_iov(dce) sign2 buffer"); if (memcmp(data, wrap, iov[1].buffer.length) != 0) errout("gss_unwrap_iov(dce) decryption"); (void)gss_release_iov_buffer(&minor, iov, 4); } int main(int argc, char *argv[]) { OM_uint32 minor, flags; gss_OID mech = &mech_krb5; gss_name_t tname; gss_ctx_id_t ictx, actx; /* Parse arguments. */ argv++; if (*argv != NULL && strcmp(*argv, "-s") == 0) { mech = &mech_spnego; argv++; } if (*argv == NULL || *(argv + 1) != NULL) errout("Usage: t_iov [-s] targetname"); tname = import_name(*argv); flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG; establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, tname, flags, &ictx, &actx, NULL, NULL, NULL); /* Test standard token wrapping and unwrapping in both directions, with and * without confidentiality. */ test_standard_wrap(ictx, actx, 0); test_standard_wrap(ictx, actx, 1); test_standard_wrap(actx, ictx, 0); test_standard_wrap(actx, ictx, 1); /* Test AEAD wrapping. */ test_aead(ictx, actx, 0); test_aead(ictx, actx, 1); test_aead(actx, ictx, 0); test_aead(actx, ictx, 1); /* Test MIC tokens. */ test_mic(ictx, actx); test_mic(actx, ictx); /* Test DCE wrapping with DCE-style contexts. */ (void)gss_delete_sec_context(&minor, &ictx, NULL); (void)gss_delete_sec_context(&minor, &actx, NULL); flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE; establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, tname, flags, &ictx, &actx, NULL, NULL, NULL); test_dce(ictx, actx, 0); test_dce(ictx, actx, 1); test_dce(actx, ictx, 0); test_dce(actx, ictx, 1); (void)gss_release_name(&minor, &tname); (void)gss_delete_sec_context(&minor, &ictx, NULL); (void)gss_delete_sec_context(&minor, &actx, NULL); return 0; }