1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* lib/crypto/crypto_tests/t_mdcksum.c */ 3 /* 4 * Copyright 1995 by the Massachusetts Institute of Technology. 5 * All Rights Reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 */ 26 27 /* Test checksum and checksum compatibility for rsa-md[4,5]-des. */ 28 29 #ifndef MD 30 #define MD 5 31 #endif /* MD */ 32 33 #include "k5-int.h" 34 #if MD == 4 35 #include "rsa-md4.h" 36 #endif /* MD == 4 */ 37 #if MD == 5 38 #include "rsa-md5.h" 39 #endif /* MD == 5 */ 40 #include "des_int.h" 41 42 #define MD5_K5BETA_COMPAT 43 #define MD4_K5BETA_COMPAT 44 45 #if MD == 4 46 #define CONFOUNDER_LENGTH RSA_MD4_DES_CONFOUND_LENGTH 47 #define NEW_CHECKSUM_LENGTH NEW_RSA_MD4_DES_CKSUM_LENGTH 48 #define OLD_CHECKSUM_LENGTH OLD_RSA_MD4_DES_CKSUM_LENGTH 49 #define CHECKSUM_TYPE CKSUMTYPE_RSA_MD4_DES 50 #ifdef MD4_K5BETA_COMPAT 51 #define K5BETA_COMPAT 1 52 #else /* MD4_K5BETA_COMPAT */ 53 #undef K5BETA_COMPAT 54 #endif /* MD4_K5BETA_COMPAT */ 55 #define CKSUM_FUNCTION krb5_md4_crypto_sum_func 56 #define COMPAT_FUNCTION krb5_md4_crypto_compat_sum_func 57 #define VERIFY_FUNCTION krb5_md4_crypto_verify_func 58 #endif /* MD == 4 */ 59 60 #if MD == 5 61 #define CONFOUNDER_LENGTH RSA_MD5_DES_CONFOUND_LENGTH 62 #define NEW_CHECKSUM_LENGTH NEW_RSA_MD5_DES_CKSUM_LENGTH 63 #define OLD_CHECKSUM_LENGTH OLD_RSA_MD5_DES_CKSUM_LENGTH 64 #define CHECKSUM_TYPE CKSUMTYPE_RSA_MD5_DES 65 #ifdef MD5_K5BETA_COMPAT 66 #define K5BETA_COMPAT 1 67 #else /* MD5_K5BETA_COMPAT */ 68 #undef K5BETA_COMPAT 69 #endif /* MD5_K5BETA_COMPAT */ 70 #define CKSUM_FUNCTION krb5_md5_crypto_sum_func 71 #define COMPAT_FUNCTION krb5_md5_crypto_compat_sum_func 72 #define VERIFY_FUNCTION krb5_md5_crypto_verify_func 73 #endif /* MD == 5 */ 74 75 static void 76 print_checksum(text, number, message, checksum) 77 char *text; 78 int number; 79 char *message; 80 krb5_checksum *checksum; 81 { 82 int i; 83 84 printf("%s MD%d checksum(\"%s\") = ", text, number, message); 85 for (i=0; i<checksum->length; i++) 86 printf("%02x", checksum->contents[i]); 87 printf("\n"); 88 } 89 90 /* 91 * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES 92 * checksums. 93 */ 94 int 95 main(argc, argv) 96 int argc; 97 char **argv; 98 { 99 int msgindex; 100 krb5_context kcontext; 101 krb5_encrypt_block encblock; 102 krb5_keyblock keyblock; 103 krb5_error_code kret; 104 krb5_checksum oldstyle_checksum; 105 krb5_checksum newstyle_checksum; 106 krb5_data pwdata; 107 char *pwd; 108 109 pwd = "test password"; 110 pwdata.length = strlen(pwd); 111 pwdata.data = pwd; 112 krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE); 113 if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) { 114 printf("mit_des_string_to_key choked with %d\n", kret); 115 return(kret); 116 } 117 if ((kret = mit_des_process_key(&encblock, &keyblock))) { 118 printf("mit_des_process_key choked with %d\n", kret); 119 return(kret); 120 } 121 122 oldstyle_checksum.length = OLD_CHECKSUM_LENGTH; 123 if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) { 124 printf("cannot get memory for old style checksum\n"); 125 return(ENOMEM); 126 } 127 newstyle_checksum.length = NEW_CHECKSUM_LENGTH; 128 if (!(newstyle_checksum.contents = (krb5_octet *) 129 malloc(NEW_CHECKSUM_LENGTH))) { 130 printf("cannot get memory for new style checksum\n"); 131 return(ENOMEM); 132 } 133 for (msgindex = 1; msgindex < argc; msgindex++) { 134 if ((kret = CKSUM_FUNCTION(argv[msgindex], 135 strlen(argv[msgindex]), 136 (krb5_pointer) keyblock.contents, 137 keyblock.length, 138 &newstyle_checksum))) { 139 printf("krb5_calculate_checksum choked with %d\n", kret); 140 break; 141 } 142 print_checksum("correct", MD, argv[msgindex], &newstyle_checksum); 143 #ifdef K5BETA_COMPAT 144 if ((kret = COMPAT_FUNCTION(argv[msgindex], 145 strlen(argv[msgindex]), 146 (krb5_pointer) keyblock.contents, 147 keyblock.length, 148 &oldstyle_checksum))) { 149 printf("old style calculate_checksum choked with %d\n", kret); 150 break; 151 } 152 print_checksum("old", MD, argv[msgindex], &oldstyle_checksum); 153 #endif /* K5BETA_COMPAT */ 154 if ((kret = VERIFY_FUNCTION(&newstyle_checksum, 155 argv[msgindex], 156 strlen(argv[msgindex]), 157 (krb5_pointer) keyblock.contents, 158 keyblock.length))) { 159 printf("verify on new checksum choked with %d\n", kret); 160 break; 161 } 162 printf("Verify succeeded for \"%s\"\n", argv[msgindex]); 163 #ifdef K5BETA_COMPAT 164 if ((kret = VERIFY_FUNCTION(&oldstyle_checksum, 165 argv[msgindex], 166 strlen(argv[msgindex]), 167 (krb5_pointer) keyblock.contents, 168 keyblock.length))) { 169 printf("verify on old checksum choked with %d\n", kret); 170 break; 171 } 172 printf("Compatible checksum verify succeeded for \"%s\"\n", 173 argv[msgindex]); 174 #endif /* K5BETA_COMPAT */ 175 newstyle_checksum.contents[0]++; 176 if (!(kret = VERIFY_FUNCTION(&newstyle_checksum, 177 argv[msgindex], 178 strlen(argv[msgindex]), 179 (krb5_pointer) keyblock.contents, 180 keyblock.length))) { 181 printf("verify on new checksum should have choked\n"); 182 break; 183 } 184 printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]); 185 #ifdef K5BETA_COMPAT 186 oldstyle_checksum.contents[0]++; 187 if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum, 188 argv[msgindex], 189 strlen(argv[msgindex]), 190 (krb5_pointer) keyblock.contents, 191 keyblock.length))) { 192 printf("verify on old checksum should have choked\n"); 193 break; 194 } 195 printf("Compatible checksum verify of altered checksum OK for \"%s\"\n", 196 argv[msgindex]); 197 #endif /* K5BETA_COMPAT */ 198 kret = 0; 199 } 200 if (!kret) 201 printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD); 202 return(kret); 203 } 204