xref: /freebsd/crypto/heimdal/lib/krb5/aes-test.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*
2  * Copyright (c) 2003 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32 
33 #include "krb5_locl.h"
34 
35 #ifdef HAVE_OPENSSL
36 #include <openssl/evp.h>
37 #endif
38 
39 RCSID("$Id: aes-test.c,v 1.3 2003/03/25 11:30:41 lha Exp $");
40 
41 static int verbose = 0;
42 
43 static void
44 hex_dump_data(krb5_data *data)
45 {
46     unsigned char *p = data->data;
47     int i, j;
48 
49     for (i = j = 0; i < data->length; i++, j++) {
50 	printf("%02x ", p[i]);
51 	if (j > 15) {
52 	    printf("\n");
53 	    j = 0;
54 	}
55     }
56     if (j != 0)
57 	printf("\n");
58 }
59 
60 struct {
61     char *password;
62     char *salt;
63     int saltlen;
64     int iterations;
65     krb5_enctype enctype;
66     int keylen;
67     char *pbkdf2;
68     char *key;
69 } keys[] = {
70 #ifdef ENABLE_AES
71     {
72 	"password", "ATHENA.MIT.EDUraeburn", -1,
73 	1,
74 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
75 	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
76 	"\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
77     },
78     {
79 	"password", "ATHENA.MIT.EDUraeburn", -1,
80 	1,
81 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
82 	"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
83 	"\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
84 	"\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
85 	"\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
86     },
87     {
88 	"password", "ATHENA.MIT.EDUraeburn", -1,
89 	2,
90 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
91 	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
92 	"\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
93     },
94     {
95 	"password", "ATHENA.MIT.EDUraeburn", -1,
96 	2,
97 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
98 	"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
99 	"\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
100 	"\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
101 	"\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
102     },
103     {
104 	"password", "ATHENA.MIT.EDUraeburn", -1,
105 	1200,
106 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
107 	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
108 	"\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
109     },
110     {
111 	"password", "ATHENA.MIT.EDUraeburn", -1,
112 	1200,
113 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
114 	"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
115 	"\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
116 	"\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
117 	"\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
118     },
119     {
120 	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
121 	5,
122 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
123 	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
124 	"\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
125     },
126     {
127 	"password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
128 	5,
129 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
130 	"\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
131 	"\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
132 	"\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
133 	"\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
134     },
135     {
136 	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
137 	"pass phrase equals block size", -1,
138 	1200,
139 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
140 	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
141 	"\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
142     },
143     {
144 	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
145 	"pass phrase equals block size", -1,
146 	1200,
147 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
148 	"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
149 	"\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
150 	"\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
151 	"\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
152     },
153     {
154 	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
155 	"pass phrase exceeds block size", -1,
156 	1200,
157 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
158 	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
159 	"\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
160     },
161     {
162 	"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
163 	"pass phrase exceeds block size", -1,
164 	1200,
165 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
166 	"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
167 	"\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
168 	"\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
169 	"\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
170 
171     },
172     {
173 	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
174 	50,
175 	ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
176 	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
177 	"\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
178     },
179     {
180 	"\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
181 	50,
182 	ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
183 	"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
184 	"\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
185 	"\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
186 	"\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
187     },
188 #endif
189     {
190 	"foo", "", -1,
191 	0,
192 	ETYPE_ARCFOUR_HMAC_MD5, 16,
193 	NULL,
194 	"\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
195     },
196     {
197 	"test", "", -1,
198 	0,
199 	ETYPE_ARCFOUR_HMAC_MD5, 16,
200 	NULL,
201 	"\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
202     }
203 };
204 
205 static int
206 string_to_key_test(krb5_context context)
207 {
208     krb5_data password, opaque;
209     krb5_error_code ret;
210     krb5_keyblock key;
211     krb5_salt salt;
212     int i, val = 0;
213     char iter[4];
214     char keyout[32];
215 
216     for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
217 
218 	password.data = keys[i].password;
219 	password.length = strlen(password.data);
220 
221 	salt.salttype = KRB5_PW_SALT;
222 	salt.saltvalue.data = keys[i].salt;
223 	if (keys[i].saltlen == -1)
224 	    salt.saltvalue.length = strlen(salt.saltvalue.data);
225 	else
226 	    salt.saltvalue.length = keys[i].saltlen;
227 
228 	opaque.data = iter;
229 	opaque.length = sizeof(iter);
230 	_krb5_put_int(iter, keys[i].iterations, 4);
231 
232 	if (verbose)
233 	    printf("%d: password: %s salt: %s\n",
234 		   i, keys[i].password, keys[i].salt);
235 
236 	if (keys[i].keylen > sizeof(keyout))
237 	    abort();
238 
239 #ifdef ENABLE_AES
240 	if (keys[i].pbkdf2) {
241 
242 #ifdef HAVE_OPENSSL
243 	    PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
244 				   salt.saltvalue.data, salt.saltvalue.length,
245 				   keys[i].iterations,
246 				   keys[i].keylen, keyout);
247 
248 	    if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
249 		krb5_warnx(context, "%d: openssl key pbkdf2", i);
250 		val = 1;
251 		continue;
252 	    }
253 #endif
254 
255 	    ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt,
256 				    keys[i].iterations - 1,
257 				    keys[i].enctype,
258 				    &key);
259 	    if (ret) {
260 		krb5_warn(context, ret, "%d: krb5_PKCS5_PBKDF2", i);
261 		val = 1;
262 		continue;
263 	    }
264 
265 	    if (key.keyvalue.length != keys[i].keylen) {
266 		krb5_warnx(context, "%d: size key pbkdf2", i);
267 		val = 1;
268 		continue;
269 	    }
270 
271 	    if (memcmp(key.keyvalue.data, keys[i].pbkdf2, keys[i].keylen) != 0) {
272 		krb5_warnx(context, "%d: key pbkdf2 pl %d",
273 			   i, password.length);
274 		val = 1;
275 		continue;
276 	    }
277 
278 	    if (verbose) {
279 		printf("PBKDF2:\n");
280 		hex_dump_data(&key.keyvalue);
281 	    }
282 
283 	    krb5_free_keyblock_contents(context, &key);
284 	}
285 #endif
286 
287 	ret = krb5_string_to_key_data_salt_opaque (context, keys[i].enctype,
288 						   password, salt, opaque,
289 						   &key);
290 	if (ret) {
291 	    krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", i);
292 	    val = 1;
293 	    continue;
294 	}
295 
296 	if (key.keyvalue.length != keys[i].keylen) {
297 	    krb5_warnx(context, "%d: key wrong length (%d/%d)",
298 		       i, key.keyvalue.length, keys[i].keylen);
299 	    val = 1;
300 	    continue;
301 	}
302 
303 	if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
304 	    krb5_warnx(context, "%d: key wrong", i);
305 	    val = 1;
306 	    continue;
307 	}
308 
309 	if (verbose) {
310 	    printf("key:\n");
311 	    hex_dump_data(&key.keyvalue);
312 	}
313 	krb5_free_keyblock_contents(context, &key);
314     }
315     return val;
316 }
317 
318 #ifdef ENABLE_AES
319 
320 struct {
321     size_t len;
322     char *input;
323     char *output;
324 } encs[] = {
325     {
326 	17,
327 	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
328 	"\x20",
329 	"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
330 	"\x97"
331     },
332     {
333 	31,
334 	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
335 	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
336 	"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
337 	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5"
338     },
339     {
340 	32,
341 	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
342 	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
343 	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
344 	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
345     },
346     {
347 	47,
348 	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
349 	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
350 	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
351 	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
352 	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
353 	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5"
354     },
355     {
356 	64,
357 	"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
358 	"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
359 	"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
360 	"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
361 	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
362 	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
363 	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
364 	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
365     }
366 };
367 
368 char *enc_key =
369 	"\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69";
370 
371 static int
372 samep(int testn, char *type, const char *p1, const char *p2, size_t len)
373 {
374     size_t i;
375     int val = 1;
376 
377     for (i = 0; i < len; i++) {
378 	if (p1[i] != p2[i]) {
379 	    if (verbose)
380 		printf("M");
381 	    val = 0;
382 	} else {
383 	    if (verbose)
384 		printf(".");
385 	}
386     }
387     if (verbose)
388 	printf("\n");
389     return val;
390 }
391 
392 static int
393 encryption_test(krb5_context context)
394 {
395     char iv[AES_BLOCK_SIZE];
396     int i, val = 0;
397     AES_KEY ekey, dkey;
398     char *p;
399 
400     AES_set_encrypt_key(enc_key, 128, &ekey);
401     AES_set_decrypt_key(enc_key, 128, &dkey);
402 
403     for (i = 0; i < sizeof(encs)/sizeof(encs[0]); i++) {
404 	if (verbose)
405 	    printf("test: %d\n", i);
406 	memset(iv, 0, sizeof(iv));
407 
408 	p = malloc(encs[i].len + 1);
409 	if (p == NULL)
410 	    krb5_errx(context, 1, "malloc");
411 
412 	p[encs[i].len] = '\0';
413 
414 	memcpy(p, encs[i].input, encs[i].len);
415 
416 	_krb5_aes_cts_encrypt(p, p, encs[i].len,
417 			      &ekey, iv, AES_ENCRYPT);
418 
419 	if (p[encs[i].len] != '\0') {
420 	    krb5_warnx(context, "%d: encrypt modified off end", i);
421 	    val = 1;
422 	}
423 
424 	if (!samep(i, "cipher", p, encs[i].output, encs[i].len))
425 	    val = 1;
426 
427 	memset(iv, 0, sizeof(iv));
428 
429 	_krb5_aes_cts_encrypt(p, p, encs[i].len,
430 			      &dkey, iv, AES_DECRYPT);
431 
432 	if (p[encs[i].len] != '\0') {
433 	    krb5_warnx(context, "%d: decrypt modified off end", i);
434 	    val = 1;
435 	}
436 
437 	if (!samep(i, "clear", p, encs[i].input, encs[i].len))
438 	    val = 1;
439 
440 	free(p);
441     }
442     return val;
443 }
444 
445 #endif /* ENABLE_AES */
446 
447 int
448 main(int argc, char **argv)
449 {
450     krb5_error_code ret;
451     krb5_context context;
452     int val = 0;
453 
454     ret = krb5_init_context (&context);
455     if (ret)
456 	errx (1, "krb5_init_context failed: %d", ret);
457 
458     val |= string_to_key_test(context);
459 
460 #ifdef ENABLE_AES
461     val |= encryption_test(context);
462 #endif
463 
464     if (verbose && val == 0)
465 	printf("all ok\n");
466     if (val)
467 	printf("tests failed\n");
468 
469     krb5_free_context(context);
470 
471     return val;
472 }
473