xref: /freebsd/crypto/krb5/src/lib/crypto/crypto_tests/t_fork.c (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/crypto/crypto_tests/t_fork.c */
3 /*
4  * Copyright (C) 2010 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 
27 /*
28  * Test basic libk5crypto behavior across forks.  This is primarily interesting
29  * for back ends with PKCS11-based constraints.
30  */
31 
32 #include "k5-int.h"
33 #include <unistd.h>
34 #include <sys/types.h>
35 #include <sys/wait.h>
36 
37 static krb5_context ctx = NULL;
38 
39 static void
t(krb5_error_code code)40 t(krb5_error_code code)
41 {
42     if (code != 0) {
43         fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, code));
44         exit(1);
45     }
46 }
47 
48 static void
prepare_enc_data(krb5_key key,size_t in_len,krb5_enc_data * enc_data)49 prepare_enc_data(krb5_key key, size_t in_len, krb5_enc_data *enc_data)
50 {
51     size_t out_len;
52 
53     t(krb5_c_encrypt_length(ctx, key->keyblock.enctype, in_len, &out_len));
54     t(alloc_data(&enc_data->ciphertext, out_len));
55 }
56 
57 int
main(void)58 main(void)
59 {
60     krb5_keyblock kb_aes, kb_rc4;
61     krb5_key key_aes, key_rc4;
62     krb5_data state_rc4, plain = string2data("plain"), decrypted;
63     krb5_enc_data out_aes, out_rc4;
64     pid_t pid, wpid;
65     int status;
66 
67     /* Seed the PRNG instead of creating a context, so we don't need
68      * krb5.conf. */
69     t(krb5_c_random_seed(ctx, &plain));
70 
71     /* Create AES and RC4 ciphertexts with random keys.  Use cipher state for
72      * RC4. */
73     t(krb5_c_make_random_key(ctx, ENCTYPE_AES256_CTS_HMAC_SHA1_96, &kb_aes));
74     t(krb5_c_make_random_key(ctx, ENCTYPE_ARCFOUR_HMAC, &kb_rc4));
75     t(krb5_k_create_key(ctx, &kb_aes, &key_aes));
76     t(krb5_k_create_key(ctx, &kb_rc4, &key_rc4));
77     prepare_enc_data(key_aes, plain.length, &out_aes);
78     prepare_enc_data(key_aes, plain.length, &out_rc4);
79     t(krb5_c_init_state(ctx, &kb_rc4, 0, &state_rc4));
80     t(krb5_k_encrypt(ctx, key_aes, 0, NULL, &plain, &out_aes));
81     t(krb5_k_encrypt(ctx, key_rc4, 0, &state_rc4, &plain, &out_rc4));
82 
83     /* Fork; continue in both parent and child. */
84     pid = fork();
85     assert(pid >= 0);
86 
87     /* Decrypt the AES message with both key and keyblock. */
88     t(alloc_data(&decrypted, plain.length));
89     t(krb5_k_decrypt(ctx, key_aes, 0, NULL, &out_aes, &decrypted));
90     assert(data_eq(plain, decrypted));
91     t(krb5_c_decrypt(ctx, &kb_aes, 0, NULL, &out_aes, &decrypted));
92     assert(data_eq(plain, decrypted));
93 
94     /* Encrypt another RC4 message. */
95     t(krb5_k_encrypt(ctx, key_rc4, 0, &state_rc4, &plain, &out_rc4));
96     t(krb5_c_free_state(ctx, &kb_rc4, &state_rc4));
97 
98     krb5_free_keyblock_contents(ctx, &kb_aes);
99     krb5_free_keyblock_contents(ctx, &kb_rc4);
100     krb5_k_free_key(ctx, key_aes);
101     krb5_k_free_key(ctx, key_rc4);
102     krb5_free_data_contents(ctx, &out_aes.ciphertext);
103     krb5_free_data_contents(ctx, &out_rc4.ciphertext);
104     krb5_free_data_contents(ctx, &decrypted);
105 
106     /* If we're the parent, make sure the child succeeded. */
107     if (pid != 0) {
108         wpid = wait(&status);
109         assert(wpid == pid);
110         if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
111             fprintf(stderr, "Child failed with status %d\n", status);
112             return 1;
113         }
114     }
115 
116     return 0;
117 }
118