diff options
| -rw-r--r-- | src/lib/crypto/ChangeLog | 34 | ||||
| -rw-r--r-- | src/lib/crypto/Makefile.in | 19 | ||||
| -rw-r--r-- | src/lib/crypto/configure.in | 2 | ||||
| -rw-r--r-- | src/lib/crypto/t_cts.c | 154 | ||||
| -rw-r--r-- | src/lib/crypto/t_nfold.c | 22 | ||||
| -rw-r--r-- | src/lib/crypto/vectors.c | 292 |
6 files changed, 352 insertions, 171 deletions
diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 2f618cb8a..23410f9d0 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,37 @@ +2003-02-03 Ken Raeburn <raeburn@mit.edu> + + * aes: New directory, containing AES implementation from Brian + Gladstone, tweaked a little for the krb5 build system. + * configure.in: Build its makefile. + * Makefile.in (LOCAL_SUBDIRS, LOCALINCLUDES, STOBJLISTS, + SUBDIROBJLISTS): Add aes entries. + + * t_cts.c: New test file. + * Makefile.in (EXTRADEPSRCS): Add t_cts. + (t_cts$(EXEEXT)): New rule. + + * Makefile.in (SRCS, OBJS, STLIBOBJS): Add pbkdf2. + (EXTRADEPSRCS): Remove pbkdf2.c. + (t_pkcs5$(EXEEXT)): Don't list pbkdf2.$(OBJEXT). + + * t_nfold.c (fold_kerberos): New function. + (main): Call it with different lengths. + * vectors.c: Include ctype.h and hash_provider.h. + (test_nfold, test_mit_des_s2k, test_s2k, test_dr_dk): Test case + data now static and const. + (test_nfold): Add "Q" and "ba" tests from Simon Josefsson. + (GCLEF): New macro. + (test_mit_des_s2k): Add GCLEF test case. Fill in "key" at run + time, not as initialization. + (test_s2k): Added GCLEF test case. + (krb5int_enc_aes128, krb5int_enc_aes256): Declare. + (combine_keys, test_des3_combine, k5_des3_make_key): Functions + deleted. + (whoami): New variable. + (printd, printk): New functions. + (test_pbkdf2): New function. + (main): Initialize whoami. Test nfold only for now. + 2003-01-10 Ken Raeburn <raeburn@mit.edu> * configure.in: Don't explicitly invoke AC_PROG_ARCHIVE, diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index d50418ca8..be18f5675 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -3,9 +3,10 @@ myfulldir=lib/crypto mydir=. BUILDTOP=$(REL)..$(S).. LOCAL_SUBDIRS=crc32 des dk enc_provider hash_provider keyhash_provider \ - md4 md5 old raw sha1 arcfour yarrow + md4 md5 old raw sha1 arcfour yarrow aes LOCALINCLUDES = -I$(srcdir)/enc_provider \ -I$(srcdir)/hash_provider -I$(srcdir)/keyhash_provider \ + -I$(srcdir)/aes \ -I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/dk -I$(srcdir)/arcfour \ -I$(srcdir)/yarrow -I$(srcdir)/sha1 RUN_SETUP = @KRB5_RUN_ENV@ @@ -17,8 +18,8 @@ EXTRADEPSRCS=\ $(srcdir)/t_encrypt.c \ $(srcdir)/t_prng.c \ $(srcdir)/t_hmac.c \ - $(srcdir)/pbkdf2.c \ $(srcdir)/t_pkcs5.c \ + $(srcdir)/t_cts.c \ $(srcdir)/vectors.c ##DOSBUILDTOP = ..\.. @@ -55,6 +56,7 @@ STLIBOBJS=\ make_random_key.o \ nfold.o \ old_api_glue.o \ + pbkdf2.o \ prng.o \ state.o \ string_to_cksumtype.o \ @@ -86,6 +88,7 @@ OBJS=\ $(OUTPRE)make_random_key.$(OBJEXT) \ $(OUTPRE)nfold.$(OBJEXT) \ $(OUTPRE)old_api_glue.$(OBJEXT) \ + $(OUTPRE)pbkdf2.$(OBJEXT) \ $(OUTPRE)prng.$(OBJEXT) \ $(OUTPRE)state.$(OBJEXT) \ $(OUTPRE)string_to_cksumtype.$(OBJEXT) \ @@ -117,6 +120,7 @@ SRCS=\ $(srcdir)/make_random_key.c \ $(srcdir)/nfold.c \ $(srcdir)/old_api_glue.c \ + $(srcdir)/pbkdf2.c \ $(srcdir)/prng.c \ $(srcdir)/state.c \ $(srcdir)/string_to_cksumtype.c \ @@ -135,11 +139,13 @@ RELDIR=crypto STOBJLISTS=crc32/OBJS.ST des/OBJS.ST dk/OBJS.ST enc_provider/OBJS.ST \ hash_provider/OBJS.ST keyhash_provider/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST old/OBJS.ST raw/OBJS.ST sha1/OBJS.ST arcfour/OBJS.ST \ + aes/OBJS.ST \ yarrow/OBJS.ST \ OBJS.ST SUBDIROBJLISTS=crc32/OBJS.ST des/OBJS.ST dk/OBJS.ST enc_provider/OBJS.ST \ hash_provider/OBJS.ST keyhash_provider/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST old/OBJS.ST raw/OBJS.ST sha1/OBJS.ST arcfour/OBJS.ST \ + aes/OBJS.ST \ yarrow/OBJS.ST # No dependencies. Record places to find this shared object if the target @@ -180,13 +186,16 @@ t_prng$(EXEEXT): t_prng.$(OBJEXT) t_hmac$(EXEEXT): t_hmac.$(OBJEXT) $(CRYPTO_DEPLIB) $(CC_LINK) -o $@ t_hmac.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) -t_pkcs5$(EXEEXT): t_pkcs5.$(OBJEXT) pbkdf2.$(OBJEXT) $(CRYPTO_DEPLIB) - $(CC_LINK) -o $@ t_pkcs5.$(OBJEXT) pbkdf2.$(OBJEXT) \ - $(K5CRYPTO_LIB) $(COM_ERR_LIB) +t_pkcs5$(EXEEXT): t_pkcs5.$(OBJEXT) $(CRYPTO_DEPLIB) + $(CC_LINK) -o $@ t_pkcs5.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) vectors$(EXEEXT): vectors.$(OBJEXT) $(CRYPTO_DEPLIB) $(CC_LINK) -o $@ vectors.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) +t_cts$(EXEEXT): t_cts.$(OBJEXT) $(CRYPTO_DEPLIB) + $(CC_LINK) -o $@ t_cts.$(OBJEXT) \ + $(K5CRYPTO_LIB) $(COM_ERR_LIB) + clean:: $(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \ diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in index ac4ca667e..d675de4bb 100644 --- a/src/lib/crypto/configure.in +++ b/src/lib/crypto/configure.in @@ -14,4 +14,4 @@ AC_ARG_ENABLE([athena], -- here meaning use temporary DES3 etype that includes 32-bit length codings], [AC_DEFINE(ATHENA_DES3_KLUDGE)],) -V5_AC_OUTPUT_MAKEFILE(. crc32 des dk enc_provider hash_provider keyhash_provider md4 md5 old raw sha1 arcfour yarrow) +V5_AC_OUTPUT_MAKEFILE(. crc32 des dk enc_provider hash_provider keyhash_provider md4 md5 old raw sha1 arcfour yarrow aes) diff --git a/src/lib/crypto/t_cts.c b/src/lib/crypto/t_cts.c new file mode 100644 index 000000000..5bf1ecba9 --- /dev/null +++ b/src/lib/crypto/t_cts.c @@ -0,0 +1,154 @@ +/* + * lib/crypto/vectors.c + * + * Copyright 2001 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Test vectors for crypto code, matching data submitted for inclusion + * with RFC1510bis. + * + * N.B.: Doesn't compile -- this file uses some routines internal to our + * crypto library which are declared "static" and thus aren't accessible + * without modifying the other sources. + */ + +#include <assert.h> +#include <stdio.h> +#include <string.h> +#include <ctype.h> +#include <krb5.h> + +#define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0])) + +const char *whoami; + +static void printhex (size_t len, const char *p) +{ + while (len--) + printf ("%02x", 0xff & *p++); +} + +static void printstringhex (const char *p) { printhex (strlen (p), p); } + +static void printdata (krb5_data *d) { printhex (d->length, d->data); } + +static void printkey (krb5_keyblock *k) { printhex (k->length, k->contents); } + + +#define JURISIC "Juri\305\241i\304\207" /* hi Miro */ +#define ESZETT "\303\237" +#define GCLEF "\360\235\204\236" /* outside BMP, woo hoo! */ + +static void +keyToData (krb5_keyblock *k, krb5_data *d) +{ + d->length = k->length; + d->data = k->contents; +} + +void check_error (int r, int line) { + if (r != 0) { + fprintf (stderr, "%s:%d: %s\n", __FILE__, line, + error_message (r)); + exit (1); + } +} +#define CHECK check_error(r, __LINE__) + +extern struct krb5_enc_provider krb5int_enc_des3; +struct krb5_enc_provider *enc = &krb5int_enc_des3; +extern struct krb5_enc_provider krb5int_enc_aes128, krb5int_enc_aes256; + +static void printd (const char *descr, krb5_data *d) { + int i, j; + const int r = 16; + + printf("%s:", descr); + + for (i = 0; i < d->length; i += r) { + printf("\n %04x: ", i); + for (j = i; j < i + r && j < d->length; j++) + printf(" %02x", 0xff & d->data[j]); +#ifdef SHOW_TEXT + for (; j < i + r; j++) + printf(" "); + printf(" "); + for (j = i; j < i + r && j < d->length; j++) { + int c = 0xff & d->data[j]; + printf("%c", isprint(c) ? c : '.'); + } +#endif + } + printf("\n"); +} +static void printk(const char *descr, krb5_keyblock *k) { + krb5_data d; + d.data = k->contents; + d.length = k->length; + printd(descr, &d); +} + +static void test_cts() +{ + static const char input[4*16] = + "I would like the General Gau's Chicken, please, and wonton soup."; + static const unsigned char aeskey[16] = "chicken teriyaki"; + static const int lengths[] = { 17, 31, 32, 47, 48, 64 }; + extern krb5_error_code krb5int_aes_encrypt(const krb5_keyblock *, + const krb5_data *, + const krb5_data *, + krb5_data *); + + int i; + char outbuf[64]; + krb5_data in, out; + krb5_keyblock key; + krb5_error_code err; + + in.data = input; + out.data = outbuf; + key.contents = aeskey; + key.length = 16; + + printk("AES 128-bit key", &key); + for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) { + printf("\n"); + in.length = out.length = lengths[i]; + err = krb5int_aes_encrypt(&key, 0, &in, &out); + if (err) { + printf("error %ld from krb5int_aes_encrypt\n", (long)err); + exit(1); + } + printd("Input", &in); + printd("Output", &out); + } +} + +#include "hash_provider.h" + +int main (int argc, char **argv) +{ + whoami = argv[0]; + test_cts(); + return 0; +} diff --git a/src/lib/crypto/t_nfold.c b/src/lib/crypto/t_nfold.c index f2eff2441..ae6a81be4 100644 --- a/src/lib/crypto/t_nfold.c +++ b/src/lib/crypto/t_nfold.c @@ -97,6 +97,21 @@ static void rfc_tests () } } +static void fold_kerberos(int nbytes) +{ + unsigned char cipher_text[300]; + int j; + + if (nbytes > 300) + abort(); + + printf("%d-fold(\"kerberos\") =\n\t", nbytes*8); + krb5_nfold(64, "kerberos", 8*nbytes, cipher_text); + for (j=0; j<nbytes; j++) + printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]); + printf("\n"); +} + unsigned char *nfold_in[] = { (unsigned char *) "basch", (unsigned char *) "eichin", @@ -138,6 +153,13 @@ main(argc, argv) }; } rfc_tests (); + printf("verify: N-fold is correct\n\n"); + + fold_kerberos(8); + fold_kerberos(16); + fold_kerberos(21); + fold_kerberos(32); + exit(0); } diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c index 9afbb9faf..2bb90452a 100644 --- a/src/lib/crypto/vectors.c +++ b/src/lib/crypto/vectors.c @@ -35,11 +35,13 @@ #include <assert.h> #include <stdio.h> #include <string.h> - +#include <ctype.h> #include <krb5.h> #define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0])) +const char *whoami; + static void printhex (size_t len, const char *p) { while (len--) @@ -55,7 +57,7 @@ static void printkey (krb5_keyblock *k) { printhex (k->length, k->contents); } static void test_nfold () { int i; - struct { + static const struct { char *input; int n; } tests[] = { @@ -64,6 +66,8 @@ static void test_nfold () { "Rough Consensus, and Running Code", 64, }, { "password", 168, }, { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192 }, + { "Q", 168 }, + { "ba", 168 }, }; unsigned char outbuf[192/8]; @@ -82,6 +86,7 @@ static void test_nfold () #define JURISIC "Juri\305\241i\304\207" /* hi Miro */ #define ESZETT "\303\237" +#define GCLEF "\360\235\204\236" /* outside BMP, woo hoo! */ /* Some weak keys: {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, @@ -91,13 +96,14 @@ static void test_nfold () static void test_mit_des_s2k () { - struct { + static const struct { const char *pass; const char *salt; } pairs[] = { { "password", "ATHENA.MIT.EDUraeburn" }, { "potatoe", "WHITEHOUSE.GOVdanny" }, { "penny", "EXAMPLE.COMbuckaroo", }, + { GCLEF, "EXAMPLE.COMpianist" }, { ESZETT, "ATHENA.MIT.EDU" JURISIC }, /* These two trigger weak-key fixups. */ { "11119999", "AAAAAAAA" }, @@ -111,10 +117,12 @@ test_mit_des_s2k () krb5_data pd; krb5_data sd; unsigned char key_contents[60]; - krb5_keyblock key = { .contents = key_contents }; + krb5_keyblock key; krb5_error_code r; char buf[80]; + key.contents = key_contents; + pd.length = strlen (p); pd.data = (char *) p; sd.length = strlen (s); @@ -138,7 +146,7 @@ test_mit_des_s2k () static void test_s2k (krb5_enctype enctype) { - struct { + static const struct { const char *pass; const char *salt; } pairs[] = { @@ -146,6 +154,7 @@ test_s2k (krb5_enctype enctype) { "potatoe", "WHITEHOUSE.GOVdanny" }, { "penny", "EXAMPLE.COMbuckaroo", }, { ESZETT, "ATHENA.MIT.EDU" JURISIC }, + { GCLEF, "EXAMPLE.COMpianist" }, }; int i; @@ -197,8 +206,9 @@ void check_error (int r, int line) { } #define CHECK check_error(r, __LINE__) - extern struct krb5_enc_provider krb5int_enc_des3; - struct krb5_enc_provider *enc = &krb5int_enc_des3; +extern struct krb5_enc_provider krb5int_enc_des3; +struct krb5_enc_provider *enc = &krb5int_enc_des3; +extern struct krb5_enc_provider krb5int_enc_aes128, krb5int_enc_aes256; void DK (krb5_keyblock *out, krb5_keyblock *in, const krb5_data *usage) { krb5_error_code r; @@ -212,162 +222,12 @@ void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) { CHECK; } -void combine_keys (krb5_keyblock *k1, krb5_keyblock *k2, krb5_keyblock *knew) -{ #define KEYBYTES 21 #define KEYLENGTH 24 - krb5_data Combine; - unsigned char keydata_t1[KEYLENGTH], keydata_t2[KEYLENGTH]; - krb5_keyblock t1, t2; - unsigned char fold_in[2*KEYBYTES], fold_out[KEYBYTES]; -#define R1data (&fold_in[0]) -#define R2data (&fold_in[KEYBYTES]) - krb5_data r1, r2; - krb5_data tmp; - - Combine.length = 7, Combine.data = "combine"; - t1.length = KEYLENGTH, t1.contents = keydata_t1; - t2.length = KEYLENGTH, t2.contents = keydata_t2; - r1.length = KEYBYTES, r1.data = R1data; - r2.length = KEYBYTES, r2.data = R2data; - - DK (&t1, k1, &Combine); - printf ("t1:\t "); printkey (&t1); printf ("\n"); - DK (&t2, k2, &Combine); - printf ("t2:\t "); printkey (&t2); printf ("\n"); - keyToData (&t2, &tmp); - DR (&r1, &t1, &tmp); - printf ("r1:\t "); printdata (&r1); printf ("\n"); - keyToData (&t1, &tmp); - DR (&r2, &t2, &tmp); - printf ("r2:\t "); printdata (&r2); printf ("\n"); - krb5_nfold (sizeof (fold_in) * 8, fold_in, - sizeof (fold_out) * 8, fold_out); - tmp.length = sizeof (fold_out); tmp.data = fold_out; - krb5_random2key (ENCTYPE_DES3_CBC_SHA1, &tmp, knew); -} - -static void -test_des3_combine () -{ - struct { - unsigned char k1[KEYLENGTH], k2[KEYLENGTH]; - } keypairs[] = { - { - { - 0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, - 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, - 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2, - }, - { - 0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, - 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, - 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92, - } - }, - { - { - 0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, - 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, - 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92, - }, - { - 0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, - 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, - 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2, - }, - }, - { - { - 0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, - 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, - 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc, - }, - { - 0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, - 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, - 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5, - } - }, - { - { - 0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, - 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, - 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb, - }, - { - 0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, - 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, - 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e, - } - }, - { - { - 0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, - 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, - 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda, - }, - { - 0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, - 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, - 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c, - } - }, - { - { - 0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, - 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, - 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43, - }, - { - 0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, - 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, - 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16, - } - }, - }; - int i; - - for (i = 0; i < ASIZE (keypairs); i++) { - krb5_keyblock k1, k2, kn; - unsigned char keycontents[KEYLENGTH] = { 0 }; - - k1.length = KEYLENGTH, k1.contents = keypairs[i].k1; - k2.length = KEYLENGTH, k2.contents = keypairs[i].k2; - kn.length = KEYLENGTH, kn.contents = keycontents; - - printf ("k1: "); printkey (&k1); printf ("\n"); - printf ("k2: "); printkey (&k2); printf ("\n"); - combine_keys (&k1, &k2, &kn); - printf ("new key: "); printkey (&kn); printf ("\n"); - printf ("\n"); - } -} - -extern krb5_error_code k5_des3_make_key (const krb5_data *, krb5_keyblock *); -void spew_keys() { - int i; - unsigned char randbytes[21]; - unsigned char keybytes[24]; - krb5_data d; - krb5_keyblock k; - - d.length = 21, d.data = randbytes; - k.length = 24, k.contents = keybytes; - - srandom(getpid()); - for (i = 0; i < 10; i++) { - int j; - for (j = 0; j < 21; j++) - randbytes[j] = random() >> 9; - k5_des3_make_key (&d, &k); - printkey (&k); - } -} void test_dr_dk () { - struct { + static const struct { unsigned char keydata[KEYLENGTH]; int usage_len; unsigned char usage[8]; @@ -479,17 +339,119 @@ void test_dr_dk () } } -int main () + +static void printd (const char *descr, krb5_data *d) { + int i, j; + const int r = 16; + + printf("%s:", descr); + + for (i = 0; i < d->length; i += r) { + printf("\n %04x: ", i); + for (j = i; j < i + r && j < d->length; j++) + printf(" %02x", 0xff & d->data[j]); + for (; j < i + r; j++) + printf(" "); + printf(" "); + for (j = i; j < i + r && j < d->length; j++) { + int c = 0xff & d->data[j]; + printf("%c", isprint(c) ? c : '.'); + } + } + printf("\n"); +} +static void printk(const char *descr, krb5_keyblock *k) { + krb5_data d; + d.data = k->contents; + d.length = k->length; + printd(descr, &d); +} + + +static void +test_pbkdf2() +{ + static struct { + int count; + char *pass; + char *salt; + } test[] = { + { 1, "password", "ATHENA.MIT.EDUraeburn" }, + { 2, "password", "ATHENA.MIT.EDUraeburn" }, + { 1200, "password", "ATHENA.MIT.EDUraeburn" }, + { 5, "password", "\x12\x34\x56\x78\x78\x56\x34\x12" }, + { 1200, + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size" }, + { 1200, + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size" }, + { 50, "\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist" }, + }; + unsigned char x[100]; + unsigned char x2[100]; + int j; + krb5_error_code err; + krb5_data d; + krb5_keyblock k, dk; + krb5_data usage; + + d.data = x; + dk.contents = x2; + + usage.data = "kerberos"; + usage.length = 8; + + for (j = 0; j < sizeof(test)/sizeof(test[0]); j++) { + printf("pkbdf2(count=%d, pass=\"%s\", salt=", + test[j].count, test[j].pass); + if (isprint(test[j].salt[0])) + printf("\"%s\")\n", test[j].salt); + else { + char *s = test[j].salt; + printf("0x"); + while (*s) + printf("%02X", 0xff & *s++); + printf(")\n"); + } + + d.length = 16; + err = krb5int_pbkdf2_hmac_sha1_128 (x, test[j].count, + test[j].pass, test[j].salt); + printd("128-bit PBKDF2 output", &d); + enc = &krb5int_enc_aes128; + k.contents = d.data; + k.length = d.length; + dk.length = d.length; + DK (&dk, &k, &usage); + printk("128-bit AES key",&dk); + + d.length = 32; + err = krb5int_pbkdf2_hmac_sha1_256 (x, test[j].count, + test[j].pass, test[j].salt); + printd("256-bit PBKDF2 output", &d); + enc = &krb5int_enc_aes256; + k.contents = d.data; + k.length = d.length; + dk.length = d.length; + DK (&dk, &k, &usage); + printk("256-bit AES key", &dk); + + printf("\n"); + } +} + +#include "hash_provider.h" + +int main (int argc, char **argv) { -#if 0 + whoami = argv[0]; test_nfold (); +#if 0 test_mit_des_s2k (); -#endif test_des3_s2k (); -#if 0 - spew_keys (); -#endif - test_des3_combine (); test_dr_dk (); + test_pbkdf2(); +#endif return 0; } |