1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* tests/gssapi/t_iov.c - Test program for IOV functions */ 3 /* 4 * Copyright (C) 2013 by the Massachusetts Institute of Technology. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * * Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 30 * OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include <stddef.h> 37 #include "common.h" 38 39 /* Concatenate iov (except for sign-only buffers) into a contiguous token. */ 40 static void 41 concat_iov(gss_iov_buffer_desc *iov, size_t iovlen, char **buf_out, 42 size_t *len_out) 43 { 44 size_t len, i; 45 char *buf; 46 47 /* Concatenate the result into a contiguous buffer. */ 48 len = 0; 49 for (i = 0; i < iovlen; i++) { 50 if (GSS_IOV_BUFFER_TYPE(iov[i].type) != GSS_IOV_BUFFER_TYPE_SIGN_ONLY) 51 len += iov[i].buffer.length; 52 } 53 buf = malloc(len); 54 if (buf == NULL) 55 errout("malloc failed"); 56 len = 0; 57 for (i = 0; i < iovlen; i++) { 58 if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) 59 continue; 60 memcpy(buf + len, iov[i].buffer.value, iov[i].buffer.length); 61 len += iov[i].buffer.length; 62 } 63 *buf_out = buf; 64 *len_out = len; 65 } 66 67 static void 68 check_encrypted(const char *msg, int conf, const char *buf, const char *plain) 69 { 70 int same = memcmp(buf, plain, strlen(plain)) == 0; 71 72 if ((conf && same) || (!conf && !same)) 73 errout(msg); 74 } 75 76 /* 77 * Wrap str in standard form (HEADER | DATA | PADDING | TRAILER) using the 78 * caller-provided array iov, which must have space for four elements. Library 79 * allocation will be used for the header/padding/trailer buffers, so the 80 * caller must check and free them. 81 */ 82 static void 83 wrap_std(gss_ctx_id_t ctx, char *str, gss_iov_buffer_desc *iov, int conf) 84 { 85 OM_uint32 minor, major; 86 int oconf; 87 88 /* Lay out iov array. */ 89 iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; 90 iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; 91 iov[1].buffer.value = str; 92 iov[1].buffer.length = strlen(str); 93 iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_FLAG_ALLOCATE; 94 iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_FLAG_ALLOCATE; 95 96 /* Wrap. This will allocate header/padding/trailer buffers as necessary 97 * and encrypt str in place. */ 98 major = gss_wrap_iov(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 4); 99 check_gsserr("gss_wrap_iov(std)", major, minor); 100 if (oconf != conf) 101 errout("gss_wrap_iov(std) conf"); 102 } 103 104 /* Create standard tokens using gss_wrap_iov and ctx1, and make sure we can 105 * unwrap them using ctx2 in all of the supported ways. */ 106 static void 107 test_standard_wrap(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf) 108 { 109 OM_uint32 major, minor; 110 gss_iov_buffer_desc iov[4], stiov[2]; 111 gss_qop_t qop; 112 gss_buffer_desc input, output; 113 const char *string1 = "The swift brown fox jumped over the lazy dog."; 114 const char *string2 = "Now is the time!"; 115 const char *string3 = "x"; 116 const char *string4 = "!@#"; 117 char data[1024], *fulltoken; 118 size_t len; 119 int oconf; 120 ptrdiff_t offset; 121 122 /* Wrap a standard token and unwrap it using the iov array. */ 123 memcpy(data, string1, strlen(string1) + 1); 124 wrap_std(ctx1, data, iov, conf); 125 check_encrypted("gss_wrap_iov(std1) encryption", conf, data, string1); 126 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 4); 127 check_gsserr("gss_unwrap_iov(std1)", major, minor); 128 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 129 errout("gss_unwrap_iov(std1) conf/qop"); 130 if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(string1)) 131 errout("gss_unwrap_iov(std1) data buffer"); 132 if (memcmp(data, string1, iov[1].buffer.length) != 0) 133 errout("gss_unwrap_iov(std1) decryption"); 134 (void)gss_release_iov_buffer(&minor, iov, 4); 135 136 /* Wrap a standard token and unwrap it using gss_unwrap(). */ 137 memcpy(data, string2, strlen(string2) + 1); 138 wrap_std(ctx1, data, iov, conf); 139 concat_iov(iov, 4, &fulltoken, &len); 140 input.value = fulltoken; 141 input.length = len; 142 major = gss_unwrap(&minor, ctx2, &input, &output, &oconf, &qop); 143 check_gsserr("gss_unwrap(std2)", major, minor); 144 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 145 errout("gss_unwrap(std2) conf/qop"); 146 if (output.length != strlen(string2) || 147 memcmp(output.value, string2, output.length) != 0) 148 errout("gss_unwrap(std2) decryption"); 149 (void)gss_release_buffer(&minor, &output); 150 (void)gss_release_iov_buffer(&minor, iov, 4); 151 free(fulltoken); 152 153 /* Wrap a standard token and unwrap it using a stream buffer. */ 154 memcpy(data, string3, strlen(string3) + 1); 155 wrap_std(ctx1, data, iov, conf); 156 concat_iov(iov, 4, &fulltoken, &len); 157 stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; 158 stiov[0].buffer.value = fulltoken; 159 stiov[0].buffer.length = len; 160 stiov[1].type = GSS_IOV_BUFFER_TYPE_DATA; 161 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 2); 162 check_gsserr("gss_unwrap_iov(std3)", major, minor); 163 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 164 errout("gss_unwrap_iov(std3) conf/qop"); 165 if (stiov[1].buffer.length != strlen(string3) || 166 memcmp(stiov[1].buffer.value, string3, strlen(string3)) != 0) 167 errout("gss_unwrap_iov(std3) decryption"); 168 offset = (char *)stiov[1].buffer.value - fulltoken; 169 if (offset < 0 || (size_t)offset > len) 170 errout("gss_unwrap_iov(std3) offset"); 171 (void)gss_release_iov_buffer(&minor, iov, 4); 172 free(fulltoken); 173 174 /* Wrap a token using gss_wrap and unwrap it using a stream buffer with 175 * allocation and copying. */ 176 input.value = (char *)string4; 177 input.length = strlen(string4); 178 major = gss_wrap(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &input, &oconf, 179 &output); 180 check_gsserr("gss_wrap(std4)", major, minor); 181 if (oconf != conf) 182 errout("gss_wrap(std4) conf"); 183 stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; 184 stiov[0].buffer = output; 185 stiov[1].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; 186 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 2); 187 check_gsserr("gss_unwrap_iov(std4)", major, minor); 188 if (!(GSS_IOV_BUFFER_FLAGS(stiov[1].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED)) 189 errout("gss_unwrap_iov(std4) allocated"); 190 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 191 errout("gss_unwrap_iov(std4) conf/qop"); 192 if (stiov[1].buffer.length != strlen(string4) || 193 memcmp(stiov[1].buffer.value, string4, strlen(string4)) != 0) 194 errout("gss_unwrap_iov(std4) decryption"); 195 (void)gss_release_buffer(&minor, &output); 196 (void)gss_release_iov_buffer(&minor, stiov, 2); 197 } 198 199 /* 200 * Wrap an AEAD token (HEADER | SIGN_ONLY | DATA | PADDING | TRAILER) using the 201 * caller-provided array iov, which must have space for five elements, and the 202 * caller-provided buffer data, which must be big enough to handle the test 203 * inputs. Library allocation will not be used. 204 */ 205 static void 206 wrap_aead(gss_ctx_id_t ctx, const char *sign, const char *wrap, 207 gss_iov_buffer_desc *iov, char *data, int conf) 208 { 209 OM_uint32 major, minor; 210 int oconf; 211 char *ptr; 212 213 /* Lay out iov array. */ 214 iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; 215 iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 216 iov[1].buffer.value = (char *)sign; 217 iov[1].buffer.length = strlen(sign); 218 iov[2].type = GSS_IOV_BUFFER_TYPE_DATA; 219 iov[2].buffer.value = (char *)wrap; 220 iov[2].buffer.length = strlen(wrap); 221 iov[3].type = GSS_IOV_BUFFER_TYPE_PADDING; 222 iov[4].type = GSS_IOV_BUFFER_TYPE_TRAILER; 223 224 /* Get header/padding/trailer lengths. */ 225 major = gss_wrap_iov_length(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, 226 iov, 5); 227 check_gsserr("gss_wrap_iov_length(aead)", major, minor); 228 if (oconf != conf) 229 errout("gss_wrap_iov_length(aead) conf"); 230 if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign)) 231 errout("gss_wrap_iov_length(aead) sign-only buffer"); 232 if (iov[2].buffer.value != wrap || iov[2].buffer.length != strlen(wrap)) 233 errout("gss_wrap_iov_length(aead) data buffer"); 234 235 /* Set iov buffer pointers using returned lengths. */ 236 iov[0].buffer.value = data; 237 ptr = data + iov[0].buffer.length; 238 memcpy(ptr, wrap, strlen(wrap)); 239 iov[2].buffer.value = ptr; 240 ptr += iov[2].buffer.length; 241 iov[3].buffer.value = ptr; 242 ptr += iov[3].buffer.length; 243 iov[4].buffer.value = ptr; 244 245 /* Wrap the AEAD token. */ 246 major = gss_wrap_iov(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 5); 247 check_gsserr("gss_wrap_iov(aead)", major, minor); 248 if (oconf != conf) 249 errout("gss_wrap_iov(aead) conf"); 250 if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign)) 251 errout("gss_wrap_iov(aead) sign-only buffer"); 252 if (iov[2].buffer.length != strlen(wrap)) 253 errout("gss_wrap_iov(aead) data buffer"); 254 check_encrypted("gss_wrap_iov(aead) encryption", conf, iov[2].buffer.value, 255 wrap); 256 } 257 258 /* Create AEAD tokens using gss_wrap_iov and ctx1, and make sure we can unwrap 259 * them using ctx2 in all of the supported ways. */ 260 static void 261 test_aead(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf) 262 { 263 OM_uint32 major, minor; 264 gss_iov_buffer_desc iov[5], stiov[3]; 265 gss_qop_t qop; 266 gss_buffer_desc input, assoc, output; 267 const char *sign = "This data is only signed."; 268 const char *wrap = "This data is wrapped in-place."; 269 char data[1024], *fulltoken; 270 size_t len; 271 int oconf; 272 ptrdiff_t offset; 273 274 /* Wrap an AEAD token and unwrap it using the IOV array. */ 275 wrap_aead(ctx1, sign, wrap, iov, data, conf); 276 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 5); 277 check_gsserr("gss_unwrap_iov(aead1)", major, minor); 278 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 279 errout("gss_unwrap_iov(aead1) conf/qop"); 280 if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign)) 281 errout("gss_unwrap_iov(aead1) sign-only buffer"); 282 if (iov[2].buffer.length != strlen(wrap) || 283 memcmp(iov[2].buffer.value, wrap, iov[2].buffer.length) != 0) 284 errout("gss_unwrap_iov(aead1) decryption"); 285 286 /* Wrap an AEAD token and unwrap it using gss_unwrap_aead. */ 287 wrap_aead(ctx1, sign, wrap, iov, data, conf); 288 concat_iov(iov, 5, &fulltoken, &len); 289 input.value = fulltoken; 290 input.length = len; 291 assoc.value = (char *)sign; 292 assoc.length = strlen(sign); 293 major = gss_unwrap_aead(&minor, ctx2, &input, &assoc, &output, &oconf, 294 &qop); 295 check_gsserr("gss_unwrap_aead(aead2)", major, minor); 296 if (output.length != strlen(wrap) || 297 memcmp(output.value, wrap, output.length) != 0) 298 errout("gss_unwrap_aead(aead2) decryption"); 299 free(fulltoken); 300 (void)gss_release_buffer(&minor, &output); 301 302 /* Wrap an AEAD token and unwrap it using a stream buffer. */ 303 wrap_aead(ctx1, sign, wrap, iov, data, conf); 304 concat_iov(iov, 5, &fulltoken, &len); 305 stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; 306 stiov[0].buffer.value = fulltoken; 307 stiov[0].buffer.length = len; 308 stiov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 309 stiov[1].buffer.value = (char *)sign; 310 stiov[1].buffer.length = strlen(sign); 311 stiov[2].type = GSS_IOV_BUFFER_TYPE_DATA; 312 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 3); 313 check_gsserr("gss_unwrap_iov(aead3)", major, minor); 314 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 315 errout("gss_unwrap_iov(aead3) conf/qop"); 316 if (stiov[2].buffer.length != strlen(wrap) || 317 memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0) 318 errout("gss_unwrap_iov(aead3) decryption"); 319 offset = (char *)stiov[2].buffer.value - fulltoken; 320 if (offset < 0 || (size_t)offset > len) 321 errout("gss_unwrap_iov(aead3) offset"); 322 free(fulltoken); 323 (void)gss_release_iov_buffer(&minor, iov, 4); 324 325 /* Wrap a token using gss_wrap_aead and unwrap it using a stream buffer 326 * with allocation and copying. */ 327 input.value = (char *)wrap; 328 input.length = strlen(wrap); 329 assoc.value = (char *)sign; 330 assoc.length = strlen(sign); 331 major = gss_wrap_aead(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &assoc, 332 &input, &oconf, &output); 333 check_gsserr("gss_wrap_aead(aead4)", major, minor); 334 if (oconf != conf) 335 errout("gss_wrap(aead4) conf"); 336 stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; 337 stiov[0].buffer = output; 338 stiov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 339 stiov[1].buffer = assoc; 340 stiov[2].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; 341 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 3); 342 check_gsserr("gss_unwrap_iov(aead4)", major, minor); 343 if (!(GSS_IOV_BUFFER_FLAGS(stiov[2].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED)) 344 errout("gss_unwrap_iov(aead4) allocated"); 345 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 346 errout("gss_unwrap_iov(aead4) conf/qop"); 347 if (stiov[2].buffer.length != strlen(wrap) || 348 memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0) 349 errout("gss_unwrap_iov(aead4) decryption"); 350 (void)gss_release_buffer(&minor, &output); 351 (void)gss_release_iov_buffer(&minor, stiov, 3); 352 } 353 354 /* 355 * Get a MIC for sign1, sign2, and sign3 using the caller-provided array iov, 356 * which must have space for four elements, and the caller-provided buffer 357 * data, which must be big enough for the MIC. If data is NULL, the library 358 * will be asked to allocate the MIC buffer. The MIC will be located in 359 * iov[3].buffer. 360 */ 361 static void 362 mic(gss_ctx_id_t ctx, const char *sign1, const char *sign2, const char *sign3, 363 gss_iov_buffer_desc *iov, char *data) 364 { 365 OM_uint32 minor, major; 366 krb5_boolean allocated; 367 368 /* Lay out iov array. */ 369 iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; 370 iov[0].buffer.value = (char *)sign1; 371 iov[0].buffer.length = strlen(sign1); 372 iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 373 iov[1].buffer.value = (char *)sign2; 374 iov[1].buffer.length = strlen(sign2); 375 iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 376 iov[2].buffer.value = (char *)sign3; 377 iov[2].buffer.length = strlen(sign3); 378 iov[3].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN; 379 if (data == NULL) { 380 /* Ask the library to allocate the MIC buffer. */ 381 iov[3].type |= GSS_IOV_BUFFER_FLAG_ALLOCATE; 382 } else { 383 /* Get the MIC length and use the caller-provided buffer. */ 384 major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 4); 385 check_gsserr("gss_get_mic_iov_length", major, minor); 386 iov[3].buffer.value = data; 387 } 388 major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 4); 389 check_gsserr("gss_get_mic_iov", major, minor); 390 allocated = (GSS_IOV_BUFFER_FLAGS(iov[3].type) & 391 GSS_IOV_BUFFER_FLAG_ALLOCATED) != 0; 392 if (allocated != (data == NULL)) 393 errout("gss_get_mic_iov allocated"); 394 } 395 396 static void 397 test_mic(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2) 398 { 399 OM_uint32 major, minor; 400 gss_iov_buffer_desc iov[4]; 401 gss_qop_t qop; 402 gss_buffer_desc concatbuf, micbuf; 403 const char *sign1 = "Data and sign-only "; 404 const char *sign2 = "buffers are treated "; 405 const char *sign3 = "equally by gss_get_mic_iov"; 406 char concat[1024], data[1024]; 407 408 (void)snprintf(concat, sizeof(concat), "%s%s%s", sign1, sign2, sign3); 409 concatbuf.value = concat; 410 concatbuf.length = strlen(concat); 411 412 /* MIC with a caller-provided buffer and verify with the IOV array. */ 413 mic(ctx1, sign1, sign2, sign3, iov, data); 414 major = gss_verify_mic_iov(&minor, ctx2, &qop, iov, 4); 415 check_gsserr("gss_verify_mic_iov(mic1)", major, minor); 416 if (qop != GSS_C_QOP_DEFAULT) 417 errout("gss_verify_mic_iov(mic1) qop"); 418 419 /* MIC with an allocated buffer and verify with gss_verify_mic. */ 420 mic(ctx1, sign1, sign2, sign3, iov, NULL); 421 major = gss_verify_mic(&minor, ctx2, &concatbuf, &iov[3].buffer, &qop); 422 check_gsserr("gss_verify_mic(mic2)", major, minor); 423 if (qop != GSS_C_QOP_DEFAULT) 424 errout("gss_verify_mic(mic2) qop"); 425 (void)gss_release_iov_buffer(&minor, iov, 4); 426 427 /* MIC with gss_c_get_mic and verify using the IOV array (which is still 428 * mostly set up from the last call to mic(). */ 429 major = gss_get_mic(&minor, ctx1, GSS_C_QOP_DEFAULT, &concatbuf, &micbuf); 430 check_gsserr("gss_get_mic(mic3)", major, minor); 431 iov[3].buffer = micbuf; 432 major = gss_verify_mic_iov(&minor, ctx2, &qop, iov, 4); 433 check_gsserr("gss_verify_mic_iov(mic3)", major, minor); 434 if (qop != GSS_C_QOP_DEFAULT) 435 errout("gss_verify_mic_iov(mic3) qop"); 436 (void)gss_release_buffer(&minor, &micbuf); 437 } 438 439 /* Create a DCE-style token and make sure we can unwrap it. */ 440 static void 441 test_dce(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf) 442 { 443 OM_uint32 major, minor; 444 gss_iov_buffer_desc iov[4]; 445 gss_qop_t qop; 446 const char *sign1 = "First data to be signed"; 447 const char *sign2 = "Second data to be signed"; 448 const char *wrap = "This data must align to 16 bytes"; 449 int oconf; 450 char data[1024]; 451 452 /* Wrap a SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER token. */ 453 memcpy(data, wrap, strlen(wrap) + 1); 454 iov[0].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 455 iov[0].buffer.value = (char *)sign1; 456 iov[0].buffer.length = strlen(sign1); 457 iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; 458 iov[1].buffer.value = data; 459 iov[1].buffer.length = strlen(wrap); 460 iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; 461 iov[2].buffer.value = (char *)sign2; 462 iov[2].buffer.length = strlen(sign2); 463 iov[3].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; 464 major = gss_wrap_iov(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 465 4); 466 check_gsserr("gss_wrap_iov(dce)", major, minor); 467 if (oconf != conf) 468 errout("gss_wrap_iov(dce) conf"); 469 if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1)) 470 errout("gss_wrap_iov(dce) sign1 buffer"); 471 if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap)) 472 errout("gss_wrap_iov(dce) data buffer"); 473 if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2)) 474 errout("gss_wrap_iov(dce) sign2 buffer"); 475 check_encrypted("gss_wrap_iov(dce) encryption", conf, data, wrap); 476 477 /* Make sure we can unwrap it. */ 478 major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 4); 479 check_gsserr("gss_unwrap_iov(std1)", major, minor); 480 if (oconf != conf || qop != GSS_C_QOP_DEFAULT) 481 errout("gss_unwrap_iov(std1) conf/qop"); 482 if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1)) 483 errout("gss_unwrap_iov(dce) sign1 buffer"); 484 if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap)) 485 errout("gss_unwrap_iov(dce) data buffer"); 486 if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2)) 487 errout("gss_unwrap_iov(dce) sign2 buffer"); 488 if (memcmp(data, wrap, iov[1].buffer.length) != 0) 489 errout("gss_unwrap_iov(dce) decryption"); 490 (void)gss_release_iov_buffer(&minor, iov, 4); 491 } 492 493 int 494 main(int argc, char *argv[]) 495 { 496 OM_uint32 minor, flags; 497 gss_OID mech = &mech_krb5; 498 gss_name_t tname; 499 gss_ctx_id_t ictx, actx; 500 501 /* Parse arguments. */ 502 argv++; 503 if (*argv != NULL && strcmp(*argv, "-s") == 0) { 504 mech = &mech_spnego; 505 argv++; 506 } 507 if (*argv == NULL || *(argv + 1) != NULL) 508 errout("Usage: t_iov [-s] targetname"); 509 tname = import_name(*argv); 510 511 flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG; 512 establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, tname, 513 flags, &ictx, &actx, NULL, NULL, NULL); 514 515 /* Test standard token wrapping and unwrapping in both directions, with and 516 * without confidentiality. */ 517 test_standard_wrap(ictx, actx, 0); 518 test_standard_wrap(ictx, actx, 1); 519 test_standard_wrap(actx, ictx, 0); 520 test_standard_wrap(actx, ictx, 1); 521 522 /* Test AEAD wrapping. */ 523 test_aead(ictx, actx, 0); 524 test_aead(ictx, actx, 1); 525 test_aead(actx, ictx, 0); 526 test_aead(actx, ictx, 1); 527 528 /* Test MIC tokens. */ 529 test_mic(ictx, actx); 530 test_mic(actx, ictx); 531 532 /* Test DCE wrapping with DCE-style contexts. */ 533 (void)gss_delete_sec_context(&minor, &ictx, NULL); 534 (void)gss_delete_sec_context(&minor, &actx, NULL); 535 flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE; 536 establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, tname, 537 flags, &ictx, &actx, NULL, NULL, NULL); 538 test_dce(ictx, actx, 0); 539 test_dce(ictx, actx, 1); 540 test_dce(actx, ictx, 0); 541 test_dce(actx, ictx, 1); 542 543 (void)gss_release_name(&minor, &tname); 544 (void)gss_delete_sec_context(&minor, &ictx, NULL); 545 (void)gss_delete_sec_context(&minor, &actx, NULL); 546 return 0; 547 } 548