1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* plugins/preauth/pkinit/pkinit_kdf_test.c */
4 * Copyright (C) 2011 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
28 * pkinit_kdf_test.c -- Test to verify the correctness of the function
29 * pkinit_alg_agility_kdf() in pkinit_crypto_openssl, which implements
30 * the Key Derivation Function from the PKInit Algorithm Agility
31 * document, currently draft-ietf-krb-wg-pkinit-alg-agility-04.txt.
42 #include "k5-platform.h"
44 #include "pkinit_crypto_openssl.h"
47 * Initialize a krb5_data from @a s, a constant string. Note @a s is evaluated
48 * multiple times; this is acceptable for constants.
50 #define DATA_FROM_STRING(s) \
51 {0, sizeof(s)-1, (char *) s}
54 /* values from test vectors in the pkinit-alg-agility draft */
58 char party_u_name[] = "lha@SU.SE";
59 char party_v_name[] = "krbtgt/SU.SE@SU.SE";
60 int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
61 int enctype_des3 = ENCTYPE_DES3_CBC_SHA1;
62 const krb5_data lha_data = DATA_FROM_STRING("lha");
64 krb5_octet key1_hex[] =
65 {0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B,
66 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D,
67 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E,
68 0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD};
70 krb5_octet key2_hex[] =
71 {0x77, 0xEF, 0x4E, 0x48, 0xC4, 0x20, 0xAE, 0x3F,
72 0xEC, 0x75, 0x10, 0x9D, 0x79, 0x81, 0x69, 0x7E,
73 0xED, 0x5D, 0x29, 0x5C, 0x90, 0xc6, 0x25, 0x64,
74 0xF7, 0xBF, 0xD1, 0x01, 0xFA, 0x9b, 0xC1, 0xD5};
76 krb5_octet key3_hex[] =
77 {0xD3, 0xC7, 0x8A, 0x79, 0xD6, 0x52, 0x13, 0xEF,
78 0xE9, 0xA8, 0x26, 0xF7, 0x5D, 0xFB, 0x01, 0xF7,
79 0x23, 0x62, 0xFB, 0x16, 0xFB, 0x01, 0xDA, 0xD6};
82 main(int argc, char **argv)
84 /* arguments for calls to pkinit_alg_agility_kdf() */
85 krb5_context context = 0;
86 krb5_octet_data secret;
87 krb5_algorithm_identifier alg_id;
88 krb5_octet_data as_req;
89 krb5_octet_data pk_as_rep;
90 krb5_keyblock key_block;
92 /* other local variables */
94 int max_keylen = 2048;
95 krb5_enctype enctype = 0;
96 krb5_principal u_principal = NULL;
97 krb5_principal v_principal = NULL;
98 krb5_keyblock *key_block_ptr = &key_block;
100 /* initialize variables that get malloc'ed, so cleanup is safe */
101 krb5_init_context (&context);
102 memset(&alg_id, 0, sizeof(alg_id));
103 memset(&as_req, 0, sizeof(as_req));
104 memset(&pk_as_rep, 0, sizeof(pk_as_rep));
105 memset(&key_block, 0, sizeof(key_block));
107 /* set up a 256-byte, ALL-ZEROS secret */
108 if (NULL == (secret.data = malloc(secret_len))) {
109 printf("ERROR in pkinit_kdf_test: Memory allocation failed.");
113 secret.length = secret_len;
114 memset(secret.data, 0, secret_len);
116 /* set-up the partyUInfo and partyVInfo principals */
117 if ((0 != (retval = krb5_parse_name(context, party_u_name,
119 (0 != (retval = krb5_parse_name(context, party_v_name,
121 printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d",
126 /* set-up the as_req and and pk_as_rep data */
127 memset(twenty_as, 0xaa, sizeof(twenty_as));
128 memset(eighteen_bs, 0xbb, sizeof(eighteen_bs));
129 as_req.length = sizeof(twenty_as);
130 as_req.data = (unsigned char *)&twenty_as;
132 pk_as_rep.length = sizeof(eighteen_bs);
133 pk_as_rep.data = (unsigned char *)&eighteen_bs;
135 /* TEST 1: SHA-1/AES */
136 /* set up algorithm id */
137 alg_id.algorithm.data = (unsigned char *)&krb5_pkinit_sha1_oid;
138 alg_id.algorithm.length = krb5_pkinit_sha1_oid_len;
140 enctype = enctype_aes;
142 /* set-up the key_block */
143 if (0 != (retval = krb5_init_keyblock(context, enctype, max_keylen,
145 printf("ERROR in pkinit_kdf_test: can't init keyblock, retval = %d",
151 /* call pkinit_alg_agility_kdf() with test vector values*/
152 if (0 != (retval = pkinit_alg_agility_kdf(context, &secret,
154 u_principal, v_principal,
155 enctype, &as_req, &pk_as_rep,
157 printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d",
162 /* compare key to expected key value */
164 if ((key_block.length == sizeof(key1_hex)) &&
165 (0 == memcmp(key_block.contents, key1_hex, key_block.length))) {
166 printf("SUCCESS: TEST 1 (SHA-1/AES), Correct key value generated.\n");
168 /* free the keyblock contents, so we can use it for the next test */
169 krb5_free_keyblock_contents(context, &key_block);
171 printf("FAILURE: TEST 1 (SHA-1/AES), Incorrect key value generated!\n");
176 /* TEST 2: SHA-256/AES */
177 /* set up algorithm id */
178 alg_id.algorithm.data = (unsigned char *)&krb5_pkinit_sha256_oid;
179 alg_id.algorithm.length = krb5_pkinit_sha256_oid_len;
181 enctype = enctype_aes;
183 /* set-up the key_block */
184 if (0 != (retval = krb5_init_keyblock(context, enctype, max_keylen,
186 printf("ERROR in pkinit_kdf_test: can't init keyblock, retval = %d",
192 /* call pkinit_alg_agility_kdf() with test vector values*/
193 if (0 != (retval = pkinit_alg_agility_kdf(context, &secret,
195 u_principal, v_principal,
196 enctype, &as_req, &pk_as_rep,
198 printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d",
203 /* compare key to expected key value */
205 if ((key_block.length == sizeof(key2_hex)) &&
206 (0 == memcmp(key_block.contents, key2_hex, key_block.length))) {
207 printf("SUCCESS: TEST 2 (SHA-256/AES), Correct key value generated.\n");
209 /* free the keyblock contents, so we can use it for the next test */
210 krb5_free_keyblock_contents(context, &key_block);
212 printf("FAILURE: TEST 2 (SHA-256/AES), Incorrect key value generated!\n");
217 /* TEST 3: SHA-512/DES3 */
218 /* set up algorithm id */
219 alg_id.algorithm.data = (unsigned char *)&krb5_pkinit_sha512_oid;
220 alg_id.algorithm.length = krb5_pkinit_sha512_oid_len;
222 enctype = enctype_des3;
224 /* set-up the key_block */
225 if (0 != (retval = krb5_init_keyblock(context, enctype, max_keylen,
227 printf("ERROR in pkinit_kdf_test: can't init keyblock, retval = %d",
233 /* call pkinit_alg_agility_kdf() with test vector values*/
234 if (0 != (retval = pkinit_alg_agility_kdf(context, &secret,
236 u_principal, v_principal,
237 enctype, &as_req, &pk_as_rep,
239 printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d",
244 /* compare key to expected key value */
246 if ((key_block.length == sizeof(key3_hex)) &&
247 (0 == memcmp(key_block.contents, key3_hex, key_block.length))) {
248 printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n");
251 printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n");
257 /* release all allocated resources, whether good or bad return */
261 krb5_free_keyblock_contents(context, &key_block);