xref: /freebsd/crypto/krb5/src/tests/gssapi/t_enctypes.py (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1from k5test import *
2
3# Define some convenience abbreviations for enctypes we will see in
4# test program output.  For background, aes256 and aes128 are "CFX
5# enctypes", meaning that they imply support for RFC 4121, while des3
6# and rc4 are not.  DES3 keys will appear as 'des3-cbc-raw' in
7# t_enctypes output because that's how GSSAPI does raw triple-DES
8# encryption without the RFC3961 framing.
9aes256 = 'aes256-cts-hmac-sha1-96'
10aes128 = 'aes128-cts-hmac-sha1-96'
11des3 = 'des3-cbc-sha1'
12d_des3 = 'DEPRECATED:des3-cbc-sha1'
13des3raw = 'des3-cbc-raw'
14d_des3raw = 'DEPRECATED:des3-cbc-raw'
15rc4 = 'arcfour-hmac'
16d_rc4 = 'DEPRECATED:arcfour-hmac'
17
18# These tests make assumptions about the default enctype lists, so set
19# them explicitly rather than relying on the library defaults.
20supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
21conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4',
22                        'allow_des3': 'true', 'allow_rc4': 'true'},
23        'realms': {'$realm': {'supported_enctypes': supp}}}
24realm = K5Realm(krb5_conf=conf)
25shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))
26
27# Return an argument list for running t_enctypes with optional initiator
28# and acceptor enctype lists.
29def cmdline(ienc, aenc):
30    iflags = ienc and ['-i', ienc] or []
31    aflags = aenc and ['-a', aenc] or []
32    return ['./t_enctypes'] + iflags + aflags + ['p:' + realm.host_princ]
33
34
35# Run t_enctypes with optional initiator and acceptor enctype lists,
36# and check that it succeeds with the expected output.  Also check
37# that the ticket we got has the expected encryption key and session
38# key.
39def test(msg, ienc, aenc, tktenc='', tktsession='', proto='', isubkey='',
40         asubkey=None):
41    shutil.copyfile(os.path.join(realm.testdir, 'save'), realm.ccache)
42    # Run the test program and check its output.
43    out = realm.run(cmdline(ienc, aenc)).split()
44    if out[0] != proto or out[1] != isubkey:
45        fail(msg)
46    if asubkey is not None and (len(out) < 3 or out[2] != asubkey):
47        fail(msg)
48    lines = realm.run([klist, '-e']).splitlines()
49    for ind, line in enumerate(lines):
50        if realm.host_princ in line:
51            if lines[ind + 1].strip() != ('Etype (skey, tkt): %s, %s' %
52                                          (tktsession, tktenc)):
53                fail(msg)
54            break
55
56# Run t_enctypes with optional initiator and acceptor enctype lists,
57# and check that it fails with the expected error message.
58def test_err(msg, ienc, aenc, expected_err):
59    shutil.copyfile(os.path.join(realm.testdir, 'save'), realm.ccache)
60    realm.run(cmdline(ienc, aenc), expected_code=1, expected_msg=expected_err)
61
62
63# By default, all of the key enctypes should be aes256.
64test('noargs', None, None,
65     tktenc=aes256, tktsession=aes256,
66     proto='cfx', isubkey=aes256, asubkey=aes256)
67
68# When the initiator constrains the permitted session enctypes to
69# aes128, the ticket encryption key should remain aes256.  The client
70# initiator will not send an RFC 4537 upgrade list because it sees no
71# other permitted enctypes, so the acceptor subkey will not be
72# upgraded from aes128.
73test('init aes128', 'aes128-cts', None,
74     tktenc=aes256, tktsession=aes128,
75     proto='cfx', isubkey=aes128, asubkey=aes128)
76
77# If the initiator and acceptor both constrain the permitted session
78# enctypes to aes128, we should see the same keys as above.  This
79# tests that the acceptor does not mistakenly contrain the ticket
80# encryption key.
81test('both aes128', 'aes128-cts', 'aes128-cts',
82     tktenc=aes256, tktsession=aes128,
83     proto='cfx', isubkey=aes128, asubkey=aes128)
84
85# If only the acceptor constrains the permitted session enctypes to
86# aes128, subkey negotiation fails because the acceptor considers the
87# aes256 session key to be non-permitted.
88test_err('acc aes128', None, 'aes128-cts',
89         'Encryption type aes256-cts-hmac-sha1-96 not permitted')
90
91# If the initiator constrains the permitted session enctypes to des3,
92# no acceptor subkey will be generated because we can't upgrade to a
93# CFX enctype.
94test('init des3', 'des3', None,
95     tktenc=aes256, tktsession=d_des3,
96     proto='rfc1964', isubkey=des3raw, asubkey=None)
97
98# Force the ticket session key to be rc4, so we can test some subkey
99# upgrade cases.  The ticket encryption key remains aes256.
100realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4'])
101
102# With no arguments, the initiator should send an upgrade list of
103# [aes256 aes128 des3] and the acceptor should upgrade to an aes256
104# subkey.
105test('upgrade noargs', None, None,
106     tktenc=aes256, tktsession=d_rc4,
107     proto='cfx', isubkey=rc4, asubkey=aes256)
108
109# If the initiator won't permit rc4 as a session key, it won't be able
110# to get a ticket.
111test_err('upgrade init aes', 'aes', None, 'no support for encryption type')
112
113# If the initiator permits rc4 but prefers aes128, it will send an
114# upgrade list of [aes128] and the acceptor will upgrade to aes128.
115test('upgrade init aes128+rc4', 'aes128-cts rc4', None,
116     tktenc=aes256, tktsession=d_rc4,
117     proto='cfx', isubkey=rc4, asubkey=aes128)
118
119# If the initiator permits rc4 but prefers des3, it will send an
120# upgrade list of [des3], but the acceptor won't generate a subkey
121# because des3 isn't a CFX enctype.
122test('upgrade init des3+rc4', 'des3 rc4', None,
123     tktenc=aes256, tktsession=d_rc4,
124     proto='rfc1964', isubkey=rc4, asubkey=None)
125
126# If the acceptor permits only aes128, subkey negotiation will fail
127# because the ticket session key and initiator subkey are
128# non-permitted.  (This is unfortunate if the acceptor's restriction
129# is only for the sake of the kernel, since we could upgrade to an
130# aes128 subkey, but it's the current semantics.)
131test_err('upgrade acc aes128', None, 'aes128-cts',
132         'Encryption type arcfour-hmac not permitted')
133
134# If the acceptor permits rc4 but prefers aes128, it will negotiate an
135# upgrade to aes128.
136test('upgrade acc aes128 rc4', None, 'aes128-cts rc4',
137     tktenc=aes256, tktsession=d_rc4,
138     proto='cfx', isubkey=rc4, asubkey=aes128)
139
140# In this test, the initiator and acceptor each prefer an AES enctype
141# to rc4, but they can't agree on which one, so no subkey is
142# generated.
143test('upgrade mismatch', 'aes128-cts rc4', 'aes256-cts rc4',
144     tktenc=aes256, tktsession=d_rc4,
145     proto='rfc1964', isubkey=rc4, asubkey=None)
146
147success('gss_krb5_set_allowable_enctypes tests')
148