1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* plugins/preauth/pkinit/pkinit_kdf_test.c */ 3 /* 4 * Copyright (C) 2011 by the Massachusetts Institute of Technology. 5 * All rights reserved. 6 * 7 * Export of this software from the United States of America may 8 * require a specific license from the United States Government. 9 * It is the responsibility of any person or organization contemplating 10 * export to obtain such a license before exporting. 11 * 12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 13 * distribute this software and its documentation for any purpose and 14 * without fee is hereby granted, provided that the above copyright 15 * notice appear in all copies and that both that copyright notice and 16 * this permission notice appear in supporting documentation, and that 17 * the name of M.I.T. not be used in advertising or publicity pertaining 18 * to distribution of the software without specific, written prior 19 * permission. Furthermore if you modify this software you must label 20 * your software as modified software and not distribute it in such a 21 * fashion that it might be confused with the original M.I.T. software. 22 * M.I.T. makes no representations about the suitability of 23 * this software for any purpose. It is provided "as is" without express 24 * or implied warranty. 25 */ 26 27 /* 28 * pkinit_kdf_test.c -- Test to verify the correctness of the function 29 * pkinit_alg_agility_kdf() in pkinit_crypto_openssl, which implements 30 * the Key Derivation Function from the PKInit Algorithm Agility 31 * document, currently draft-ietf-krb-wg-pkinit-alg-agility-04.txt. 32 */ 33 34 #include "k5-platform.h" 35 #include "pkinit.h" 36 37 /** 38 * Initialize a krb5_data from @a s, a constant string. Note @a s is evaluated 39 * multiple times; this is acceptable for constants. 40 */ 41 #define DATA_FROM_STRING(s) \ 42 {0, sizeof(s)-1, (char *) s} 43 44 45 /* values from test vectors in the pkinit-alg-agility draft */ 46 int secret_len = 256; 47 char twenty_as[10]; 48 char eighteen_bs[9]; 49 char party_u_name[] = "lha@SU.SE"; 50 char party_v_name[] = "krbtgt/SU.SE@SU.SE"; 51 int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96; 52 int enctype_des3 = ENCTYPE_DES3_CBC_SHA1; 53 const krb5_data lha_data = DATA_FROM_STRING("lha"); 54 55 krb5_octet key1_hex[] = 56 {0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B, 57 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D, 58 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E, 59 0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD}; 60 61 krb5_octet key2_hex[] = 62 {0x77, 0xEF, 0x4E, 0x48, 0xC4, 0x20, 0xAE, 0x3F, 63 0xEC, 0x75, 0x10, 0x9D, 0x79, 0x81, 0x69, 0x7E, 64 0xED, 0x5D, 0x29, 0x5C, 0x90, 0xc6, 0x25, 0x64, 65 0xF7, 0xBF, 0xD1, 0x01, 0xFA, 0x9b, 0xC1, 0xD5}; 66 67 krb5_octet key3_hex[] = 68 {0xD3, 0xC7, 0x8A, 0x79, 0xD6, 0x52, 0x13, 0xEF, 69 0xE9, 0xA8, 0x26, 0xF7, 0x5D, 0xFB, 0x01, 0xF7, 70 0x23, 0x62, 0xFB, 0x16, 0xFB, 0x01, 0xDA, 0xD6}; 71 72 int 73 main(int argc, char **argv) 74 { 75 /* arguments for calls to pkinit_alg_agility_kdf() */ 76 krb5_context context = 0; 77 krb5_data secret; 78 krb5_algorithm_identifier alg_id; 79 krb5_data as_req; 80 krb5_data pk_as_rep; 81 krb5_keyblock key_block; 82 83 /* other local variables */ 84 int retval = 0; 85 krb5_enctype enctype = 0; 86 krb5_principal u_principal = NULL; 87 krb5_principal v_principal = NULL; 88 89 /* initialize variables that get malloc'ed, so cleanup is safe */ 90 krb5_init_context (&context); 91 memset(&alg_id, 0, sizeof(alg_id)); 92 memset(&as_req, 0, sizeof(as_req)); 93 memset(&pk_as_rep, 0, sizeof(pk_as_rep)); 94 memset(&key_block, 0, sizeof(key_block)); 95 96 /* set up a 256-byte, ALL-ZEROS secret */ 97 if (NULL == (secret.data = malloc(secret_len))) { 98 printf("ERROR in pkinit_kdf_test: Memory allocation failed."); 99 retval = ENOMEM; 100 goto cleanup; 101 } 102 secret.length = secret_len; 103 memset(secret.data, 0, secret_len); 104 105 /* set-up the partyUInfo and partyVInfo principals */ 106 if ((0 != (retval = krb5_parse_name(context, party_u_name, 107 &u_principal))) || 108 (0 != (retval = krb5_parse_name(context, party_v_name, 109 &v_principal)))) { 110 printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d", 111 retval); 112 goto cleanup; 113 } 114 115 /* The test vectors in RFC 8636 implicitly use NT-PRINCIPAL names. */ 116 u_principal->type = KRB5_NT_PRINCIPAL; 117 v_principal->type = KRB5_NT_PRINCIPAL; 118 119 /* set-up the as_req and and pk_as_rep data */ 120 memset(twenty_as, 0xaa, sizeof(twenty_as)); 121 memset(eighteen_bs, 0xbb, sizeof(eighteen_bs)); 122 as_req.length = sizeof(twenty_as); 123 as_req.data = twenty_as; 124 125 pk_as_rep.length = sizeof(eighteen_bs); 126 pk_as_rep.data = eighteen_bs; 127 128 /* TEST 1: SHA-1/AES */ 129 /* set up algorithm id */ 130 alg_id.algorithm = sha1_id; 131 132 enctype = enctype_aes; 133 134 /* call pkinit_alg_agility_kdf() with test vector values*/ 135 if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, 136 &alg_id.algorithm, 137 u_principal, v_principal, 138 enctype, &as_req, &pk_as_rep, 139 &key_block))) { 140 printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d\n", 141 retval); 142 goto cleanup; 143 } 144 145 /* compare key to expected key value */ 146 147 if ((key_block.length == sizeof(key1_hex)) && 148 (0 == memcmp(key_block.contents, key1_hex, key_block.length))) { 149 printf("SUCCESS: TEST 1 (SHA-1/AES), Correct key value generated.\n"); 150 retval = 0; 151 /* free the keyblock contents, so we can use it for the next test */ 152 krb5_free_keyblock_contents(context, &key_block); 153 } else { 154 printf("FAILURE: TEST 1 (SHA-1/AES), Incorrect key value generated!\n"); 155 retval = 1; 156 goto cleanup; 157 } 158 159 /* TEST 2: SHA-256/AES */ 160 /* set up algorithm id */ 161 alg_id.algorithm = sha256_id; 162 163 enctype = enctype_aes; 164 165 /* call pkinit_alg_agility_kdf() with test vector values*/ 166 if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, 167 &alg_id.algorithm, 168 u_principal, v_principal, 169 enctype, &as_req, &pk_as_rep, 170 &key_block))) { 171 printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d\n", 172 retval); 173 goto cleanup; 174 } 175 176 /* compare key to expected key value */ 177 178 if ((key_block.length == sizeof(key2_hex)) && 179 (0 == memcmp(key_block.contents, key2_hex, key_block.length))) { 180 printf("SUCCESS: TEST 2 (SHA-256/AES), Correct key value generated.\n"); 181 retval = 0; 182 /* free the keyblock contents, so we can use it for the next test */ 183 krb5_free_keyblock_contents(context, &key_block); 184 } else { 185 printf("FAILURE: TEST 2 (SHA-256/AES), Incorrect key value generated!\n"); 186 retval = 1; 187 goto cleanup; 188 } 189 190 /* TEST 3: SHA-512/DES3 */ 191 /* set up algorithm id */ 192 alg_id.algorithm = sha512_id; 193 194 enctype = enctype_des3; 195 196 /* call pkinit_alg_agility_kdf() with test vector values*/ 197 if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, 198 &alg_id.algorithm, 199 u_principal, v_principal, 200 enctype, &as_req, &pk_as_rep, 201 &key_block))) { 202 printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d\n", 203 retval); 204 goto cleanup; 205 } 206 207 /* compare key to expected key value */ 208 209 if ((key_block.length == sizeof(key3_hex)) && 210 (0 == memcmp(key_block.contents, key3_hex, key_block.length))) { 211 printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n"); 212 retval = 0; 213 } else { 214 printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n"); 215 retval = 1; 216 goto cleanup; 217 } 218 219 cleanup: 220 /* release all allocated resources, whether good or bad return */ 221 free(secret.data); 222 krb5_free_principal(context, u_principal); 223 krb5_free_principal(context, v_principal); 224 krb5_free_keyblock_contents(context, &key_block); 225 krb5_free_context(context); 226 return retval ? 1 : 0; 227 } 228