[29722] in CVS-changelog-for-Kerberos-V5
krb5 commit: Add aes-sha2 test cases
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Oct 3 16:02:48 2016
Date: Mon, 3 Oct 2016 16:02:44 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201610032002.u93K2iK9001240@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/d4efd9fe567631b9d5f3ffa8b53a22953e5069cb
commit d4efd9fe567631b9d5f3ffa8b53a22953e5069cb
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Dec 7 23:32:18 2015 -0500
Add aes-sha2 test cases
Add test cases for all of the test vectors in the aes-sha2 draft. In
t_cksums.c and t_decrypt.c, modify the test structure to allow for
binary plaintexts. In t_str2key.c, modify the test structure to allow
for binary salts. In t_derive.c, allow tests to have outputs which
don't match the key size, using krb5int_derive_random() instead of
krb5int_derive_key().
Add test cases for KRB-FX-CF2 and for gss_pseudo_random() using test
vectors generated ourselves.
Add k5test and dejagnu test passes for aes-sha2 enctypes.
ticket: 8490
src/lib/crypto/crypto_tests/t_cf2.expected | 2 +
src/lib/crypto/crypto_tests/t_cf2.in | 10 ++
src/lib/crypto/crypto_tests/t_cksums.c | 67 ++++++---
src/lib/crypto/crypto_tests/t_decrypt.c | 210 ++++++++++++++++++++-------
src/lib/crypto/crypto_tests/t_derive.c | 121 ++++++++++++++--
src/lib/crypto/crypto_tests/t_encrypt.c | 2 +
src/lib/crypto/crypto_tests/t_prf.c | 22 +++
src/lib/crypto/crypto_tests/t_short.c | 2 +
src/lib/crypto/crypto_tests/t_str2key.c | 169 +++++++++++++----------
src/lib/crypto/libk5crypto.exports | 3 +
src/tests/dejagnu/config/default.exp | 24 +++
src/tests/gssapi/t_prf.c | 16 ++-
src/util/k5test.py | 20 +++
13 files changed, 503 insertions(+), 165 deletions(-)
diff --git a/src/lib/crypto/crypto_tests/t_cf2.expected b/src/lib/crypto/crypto_tests/t_cf2.expected
index 007000f..11a24b8 100644
--- a/src/lib/crypto/crypto_tests/t_cf2.expected
+++ b/src/lib/crypto/crypto_tests/t_cf2.expected
@@ -3,3 +3,5 @@
43bae3738c9467e6
e58f9eb643862c13ad38e529313462a7f73e62834fe54a01
24d7f6b6bae4e5c00d2082c5ebab3672
+edd02a39d2dbde31611c16e610be062c
+67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584
diff --git a/src/lib/crypto/crypto_tests/t_cf2.in b/src/lib/crypto/crypto_tests/t_cf2.in
index 094c239..e62ead7 100644
--- a/src/lib/crypto/crypto_tests/t_cf2.in
+++ b/src/lib/crypto/crypto_tests/t_cf2.in
@@ -23,3 +23,13 @@ key1
key2
a
b
+19
+key1
+key2
+a
+b
+20
+key1
+key2
+a
+b
diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c
index 7c4c6db..4b5406e 100644
--- a/src/lib/crypto/crypto_tests/t_cksums.c
+++ b/src/lib/crypto/crypto_tests/t_cksums.c
@@ -33,7 +33,7 @@
#include "k5-int.h"
struct test {
- char *plaintext;
+ krb5_data plaintext;
krb5_cksumtype sumtype;
krb5_enctype enctype;
krb5_keyusage usage;
@@ -41,32 +41,32 @@ struct test {
krb5_data cksum;
} test_cases[] = {
{
- "abc",
+ { KV5M_DATA, 3, "abc" },
CKSUMTYPE_CRC32, 0, 0, { KV5M_DATA, 0, "" },
{ KV5M_DATA, 4,
"\xD0\x98\x65\xCA" }
},
{
- "one",
+ { KV5M_DATA, 3, "one" },
CKSUMTYPE_RSA_MD4, 0, 0, { KV5M_DATA, 0, "" },
{ KV5M_DATA, 16,
"\x30\x5D\xCC\x2C\x0F\xDD\x53\x39\x96\x95\x52\xC7\xB8\x99\x63\x48" }
},
{
- "two three four five",
+ { KV5M_DATA, 19, "two three four five" },
CKSUMTYPE_RSA_MD5, 0, 0, { KV5M_DATA, 0, "" },
{ KV5M_DATA, 16,
"\xBA\xB5\x32\x15\x51\xE1\x08\x44\x90\x86\x96\x35\xB3\xC2\x68\x15" }
},
{
- "",
+ { KV5M_DATA, 0, "" },
CKSUMTYPE_NIST_SHA, 0, 0, { KV5M_DATA, 0, "" },
{ KV5M_DATA, 20,
"\xDA\x39\xA3\xEE\x5E\x6B\x4B\x0D\x32\x55\xBF\xEF\x95\x60\x18\x90"
"\xAF\xD8\x07\x09" }
},
{
- "six seven",
+ { KV5M_DATA, 9, "six seven" },
CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2,
{ KV5M_DATA, 24,
"\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23"
@@ -76,7 +76,7 @@ struct test {
"\x99\x08\x2B\xB4" }
},
{
- "eight nine ten eleven twelve thirteen",
+ { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" },
CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3,
{ KV5M_DATA, 16,
"\x90\x62\x43\x0C\x8C\xDA\x33\x88\x92\x2E\x6D\x6A\x50\x9F\x5B\x7A" },
@@ -84,7 +84,7 @@ struct test {
"\x01\xA4\xB0\x88\xD4\x56\x28\xF6\x94\x66\x14\xE3" }
},
{
- "fourteen",
+ { KV5M_DATA, 8, "fourteen" },
CKSUMTYPE_HMAC_SHA1_96_AES256, ENCTYPE_AES256_CTS_HMAC_SHA1_96, 4,
{ KV5M_DATA, 32,
"\xB1\xAE\x4C\xD8\x46\x2A\xFF\x16\x77\x05\x3C\xC9\x27\x9A\xAC\x30"
@@ -93,7 +93,7 @@ struct test {
"\xE0\x87\x39\xE3\x27\x9E\x29\x03\xEC\x8E\x38\x36" }
},
{
- "fifteen sixteen",
+ { KV5M_DATA, 15, "fifteen sixteen" },
CKSUMTYPE_MD5_HMAC_ARCFOUR, ENCTYPE_ARCFOUR_HMAC, 5,
{ KV5M_DATA, 16,
"\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" },
@@ -101,7 +101,7 @@ struct test {
"\x9F\x41\xDF\x30\x49\x07\xDE\x73\x54\x47\x00\x1F\xD2\xA1\x97\xB9" }
},
{
- "seventeen eighteen nineteen twenty",
+ { KV5M_DATA, 34, "seventeen eighteen nineteen twenty" },
CKSUMTYPE_HMAC_MD5_ARCFOUR, ENCTYPE_ARCFOUR_HMAC, 6,
{ KV5M_DATA, 16,
"\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" },
@@ -109,7 +109,7 @@ struct test {
"\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" }
},
{
- "abcdefghijk",
+ { KV5M_DATA, 11, "abcdefghijk" },
CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7,
{ KV5M_DATA, 16,
"\x1D\xC4\x6A\x8D\x76\x3F\x4F\x93\x74\x2B\xCB\xA3\x38\x75\x76\xC3" },
@@ -117,7 +117,7 @@ struct test {
"\x11\x78\xE6\xC5\xC4\x7A\x8C\x1A\xE0\xC4\xB9\xC7\xD4\xEB\x7B\x6B" }
},
{
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ { KV5M_DATA, 26, "ABCDEFGHIJKLMNOPQRSTUVWXYZ" },
CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 8,
{ KV5M_DATA, 16,
"\x50\x27\xBC\x23\x1D\x0F\x3A\x9D\x23\x33\x3F\x1C\xA6\xFD\xBE\x7C" },
@@ -125,7 +125,7 @@ struct test {
"\xD1\xB3\x4F\x70\x04\xA7\x31\xF2\x3A\x0C\x00\xBF\x6C\x3F\x75\x3A" }
},
{
- "123456789",
+ { KV5M_DATA, 9, "123456789" },
CKSUMTYPE_CMAC_CAMELLIA256, ENCTYPE_CAMELLIA256_CTS_CMAC, 9,
{ KV5M_DATA, 32,
"\xB6\x1C\x86\xCC\x4E\x5D\x27\x57\x54\x5A\xD4\x23\x39\x9F\xB7\x03"
@@ -134,7 +134,7 @@ struct test {
"\x87\xA1\x2C\xFD\x2B\x96\x21\x48\x10\xF0\x1C\x82\x6E\x77\x44\xB1" }
},
{
- "!@#$%^&*()!@#$%^&*()!@#$%^&*()",
+ { KV5M_DATA, 30, "!@#$%^&*()!@#$%^&*()!@#$%^&*()" },
CKSUMTYPE_CMAC_CAMELLIA256, ENCTYPE_CAMELLIA256_CTS_CMAC, 10,
{ KV5M_DATA, 32,
"\x32\x16\x4C\x5B\x43\x4D\x1D\x15\x38\xE4\xCF\xD9\xBE\x80\x40\xFE"
@@ -142,6 +142,30 @@ struct test {
{ KV5M_DATA, 16,
"\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" }
},
+ {
+ { KV5M_DATA, 21,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14" },
+ CKSUMTYPE_HMAC_SHA256_128_AES128, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ 2,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 16,
+ "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE" }
+ },
+ {
+ { KV5M_DATA, 21,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14" },
+ CKSUMTYPE_HMAC_SHA384_192_AES256, ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ 2,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 24,
+ "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D"
+ "\x43\xC3\xBF\xA0\x66\x99\x67\x2A" }
+ },
};
static void
@@ -172,7 +196,6 @@ main(int argc, char **argv)
size_t i;
struct test *test;
krb5_keyblock kb, *kbp;
- krb5_data plain;
krb5_checksum cksum;
krb5_cksumtype mtype;
krb5_boolean valid, verbose = FALSE;
@@ -190,15 +213,15 @@ main(int argc, char **argv)
kbp = &kb;
} else
kbp = NULL;
- plain = string2data(test->plaintext);
ret = krb5_c_make_checksum(context, test->sumtype, kbp, test->usage,
- &plain, &cksum);
+ &test->plaintext, &cksum);
assert(!ret);
if (verbose) {
char buf[64];
krb5_cksumtype_to_string(test->sumtype, buf, sizeof(buf));
printf("\nTest %d:\n", (int)i);
- printf("Plaintext: %s\n", test->plaintext);
+ printf("Plaintext: %.*s\n", (int)test->plaintext.length,
+ test->plaintext.data);
printf("Checksum type: %s\n", buf);
if (test->enctype != 0) {
krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf));
@@ -217,8 +240,8 @@ main(int argc, char **argv)
}
/* Test that the checksum verifies successfully. */
- ret = krb5_c_verify_checksum(context, kbp, test->usage, &plain, &cksum,
- &valid);
+ ret = krb5_c_verify_checksum(context, kbp, test->usage,
+ &test->plaintext, &cksum, &valid);
assert(!ret);
if (!valid) {
printf("test %d verify failed\n", (int)i);
@@ -234,8 +257,8 @@ main(int argc, char **argv)
/* Test that a checksum type of 0 uses the mandatory checksum
* type for the key. */
cksum.checksum_type = 0;
- ret = krb5_c_verify_checksum(context, kbp, test->usage, &plain,
- &cksum, &valid);
+ ret = krb5_c_verify_checksum(context, kbp, test->usage,
+ &test->plaintext, &cksum, &valid);
assert(!ret && valid);
}
}
diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c
index 3637456..1dbc4dd 100644
--- a/src/lib/crypto/crypto_tests/t_decrypt.c
+++ b/src/lib/crypto/crypto_tests/t_decrypt.c
@@ -34,14 +34,14 @@
struct test {
krb5_enctype enctype;
- const char *plaintext;
+ krb5_data plaintext;
krb5_keyusage usage;
krb5_data keybits;
krb5_data ciphertext;
} test_cases[] = {
{
ENCTYPE_DES_CBC_CRC,
- "", 0,
+ { KV5M_DATA, 0, "" }, 0,
{ KV5M_DATA, 8,
"\x45\xE6\x08\x7C\xDF\x13\x8F\xB5" },
{ KV5M_DATA, 16,
@@ -49,7 +49,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_CRC,
- "1", 1,
+ { KV5M_DATA, 1, "1" }, 1,
{ KV5M_DATA, 8,
"\x92\xA7\x15\x58\x10\x58\x6B\x2F" },
{ KV5M_DATA, 16,
@@ -57,7 +57,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_CRC,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss" }, 2,
{ KV5M_DATA, 8,
"\xA4\xB9\x51\x4A\x61\x64\x64\x23" },
{ KV5M_DATA, 24,
@@ -66,7 +66,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_CRC,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 8,
"\x2F\x16\xA2\xA7\xFD\xB0\x57\x68" },
{ KV5M_DATA, 32,
@@ -75,7 +75,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_CRC,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 8,
"\xBC\x8F\x70\xFD\x20\x97\xD6\x7C" },
{ KV5M_DATA, 48,
@@ -86,7 +86,7 @@ struct test {
{
ENCTYPE_DES_CBC_MD4,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 8,
"\x13\xEF\x45\xD0\xD6\xD9\xA1\x5D" },
{ KV5M_DATA, 24,
@@ -95,7 +95,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD4,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 8,
"\x64\x68\x86\x54\xDC\x26\x9E\x67" },
{ KV5M_DATA, 32,
@@ -104,7 +104,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD4,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 8,
"\x68\x04\xFB\x26\xDF\x8A\x4C\x32" },
{ KV5M_DATA, 40,
@@ -114,7 +114,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD4,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 8,
"\x23\x4A\x43\x6E\xC7\x2F\xA8\x0B" },
{ KV5M_DATA, 40,
@@ -124,7 +124,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD4,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 8,
"\x1F\xD5\xF7\x43\x34\xC4\xFB\x8C" },
{ KV5M_DATA, 56,
@@ -136,7 +136,7 @@ struct test {
{
ENCTYPE_DES_CBC_MD5,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 8,
"\x4A\x54\x5E\x0B\xF7\xA2\x26\x31" },
{ KV5M_DATA, 24,
@@ -145,7 +145,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD5,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 8,
"\xD5\x80\x4A\x26\x9D\xC4\xE6\x45" },
{ KV5M_DATA, 32,
@@ -154,7 +154,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD5,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 8,
"\xC8\x31\x2F\x7F\x83\xEA\x46\x40" },
{ KV5M_DATA, 40,
@@ -164,7 +164,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD5,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 8,
"\x7F\xDA\x3E\x62\xAD\x8A\xF1\x8C" },
{ KV5M_DATA, 40,
@@ -174,7 +174,7 @@ struct test {
},
{
ENCTYPE_DES_CBC_MD5,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 8,
"\xD3\xD6\x83\x29\x70\xA7\x37\x52" },
{ KV5M_DATA, 56,
@@ -186,7 +186,7 @@ struct test {
{
ENCTYPE_DES3_CBC_SHA1,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 24,
"\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23"
"\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" },
@@ -196,7 +196,7 @@ struct test {
},
{
ENCTYPE_DES3_CBC_SHA1,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 24,
"\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6"
"\x40\x45\x23\x85\x32\x29\x62\xB6" },
@@ -207,7 +207,7 @@ struct test {
},
{
ENCTYPE_DES3_CBC_SHA1,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 24,
"\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85"
"\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" },
@@ -218,7 +218,7 @@ struct test {
},
{
ENCTYPE_DES3_CBC_SHA1,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 24,
"\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51"
"\x76\xE3\x98\x13\x32\xF1\xE5\x98" },
@@ -229,7 +229,7 @@ struct test {
},
{
ENCTYPE_DES3_CBC_SHA1,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 24,
"\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20"
"\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" },
@@ -242,7 +242,7 @@ struct test {
{
ENCTYPE_ARCFOUR_HMAC,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 16,
"\xF8\x1F\xEC\x39\x25\x5F\x57\x84\xE8\x50\xC4\x37\x7C\x88\xBD\x85" },
{ KV5M_DATA, 24,
@@ -251,7 +251,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 16,
"\x67\xD1\x30\x0D\x28\x12\x23\x86\x7F\x96\x47\xFF\x48\x72\x12\x73" },
{ KV5M_DATA, 25,
@@ -260,7 +260,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 16,
"\x3E\x40\xAB\x60\x93\x69\x52\x81\xB3\xAC\x1A\x93\x04\x22\x4D\x98" },
{ KV5M_DATA, 33,
@@ -270,7 +270,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 16,
"\x4B\xA2\xFB\xF0\x37\x9F\xAE\xD8\x7A\x25\x4D\x3B\x35\x3D\x5A\x7E" },
{ KV5M_DATA, 37,
@@ -280,7 +280,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 16,
"\x68\xF2\x63\xDB\x3F\xCE\x15\xD0\x31\xC9\xEA\xB0\x2D\x67\x10\x7A" },
{ KV5M_DATA, 54,
@@ -292,7 +292,7 @@ struct test {
{
ENCTYPE_ARCFOUR_HMAC_EXP,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 16,
"\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" },
{ KV5M_DATA, 24,
@@ -301,7 +301,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC_EXP,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 16,
"\xDE\xEA\xA0\x60\x7D\xB7\x99\xE2\xFD\xD6\xDB\x29\x86\xBB\x8D\x65" },
{ KV5M_DATA, 25,
@@ -310,7 +310,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC_EXP,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 16,
"\x33\xAD\x7F\xC2\x67\x86\x15\x56\x9B\x2B\x09\x83\x6E\x0A\x3A\xB6" },
{ KV5M_DATA, 33,
@@ -320,7 +320,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC_EXP,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 16,
"\x39\xF2\x5C\xD4\xF0\xD4\x1B\x2B\x2D\x9D\x30\x0F\xCB\x29\x81\xCB" },
{ KV5M_DATA, 37,
@@ -330,7 +330,7 @@ struct test {
},
{
ENCTYPE_ARCFOUR_HMAC_EXP,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 16,
"\x9F\x72\x55\x42\xD9\xF7\x2A\xA1\xF3\x86\xCB\xE7\x89\x69\x84\xFC" },
{ KV5M_DATA, 54,
@@ -342,7 +342,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 16,
"\x5A\x5C\x0F\x0B\xA5\x4F\x38\x28\xB2\x19\x5E\x66\xCA\x24\xA2\x89" },
{ KV5M_DATA, 28,
@@ -351,7 +351,7 @@ struct test {
},
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 16,
"\x98\x45\x0E\x3F\x3B\xAA\x13\xF5\xC9\x9B\xEB\x93\x69\x81\xB0\x6F" },
{ KV5M_DATA, 29,
@@ -360,7 +360,7 @@ struct test {
},
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 16,
"\x90\x62\x43\x0C\x8C\xDA\x33\x88\x92\x2E\x6D\x6A\x50\x9F\x5B\x7A" },
{ KV5M_DATA, 37,
@@ -370,7 +370,7 @@ struct test {
},
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 16,
"\x03\x3E\xE6\x50\x2C\x54\xFD\x23\xE2\x77\x91\xE9\x87\x98\x38\x27" },
{ KV5M_DATA, 41,
@@ -380,7 +380,7 @@ struct test {
},
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 16,
"\xDC\xEE\xB7\x0B\x3D\xE7\x65\x62\xE6\x89\x22\x6C\x76\x42\x91\x48" },
{ KV5M_DATA, 58,
@@ -392,7 +392,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 32,
"\x17\xF2\x75\xF2\x95\x4F\x2E\xD1\xF9\x0C\x37\x7B\xA7\xF4\xD6\xA3"
"\x69\xAA\x01\x36\xE0\xBF\x0C\x92\x7A\xD6\x13\x3C\x69\x37\x59\xA9" },
@@ -402,7 +402,7 @@ struct test {
},
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 32,
"\xB9\x47\x7E\x1F\xF0\x32\x9C\x00\x50\xE2\x0C\xE6\xC7\x2D\x2D\xFF"
"\x27\xE8\xFE\x54\x1A\xB0\x95\x44\x29\xA9\xCB\x5B\x4F\x7B\x1E\x2A" },
@@ -412,7 +412,7 @@ struct test {
},
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 32,
"\xB1\xAE\x4C\xD8\x46\x2A\xFF\x16\x77\x05\x3C\xC9\x27\x9A\xAC\x30"
"\xB7\x96\xFB\x81\xCE\x21\x47\x4D\xD3\xDD\xBC\xFE\xA4\xEC\x76\xD7" },
@@ -423,7 +423,7 @@ struct test {
},
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 32,
"\xE5\xA7\x2B\xE9\xB7\x92\x6C\x12\x25\xBA\xFE\xF9\xC1\x87\x2E\x7B"
"\xA4\xCD\xB2\xB1\x78\x93\xD8\x4A\xBD\x90\xAC\xDD\x87\x64\xD9\x66" },
@@ -434,7 +434,7 @@ struct test {
},
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 32,
"\xF1\xC7\x95\xE9\x24\x8A\x09\x33\x8D\x82\xC3\xF8\xD5\xB5\x67\x04"
"\x0B\x01\x10\x73\x68\x45\x04\x13\x47\x23\x5B\x14\x04\x23\x13\x98" },
@@ -447,7 +447,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 16,
"\x1D\xC4\x6A\x8D\x76\x3F\x4F\x93\x74\x2B\xCB\xA3\x38\x75\x76\xC3" },
{ KV5M_DATA, 32,
@@ -456,7 +456,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 16,
"\x50\x27\xBC\x23\x1D\x0F\x3A\x9D\x23\x33\x3F\x1C\xA6\xFD\xBE\x7C" },
{ KV5M_DATA, 33,
@@ -466,7 +466,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 16,
"\xA1\xBB\x61\xE8\x05\xF9\xBA\x6D\xDE\x8F\xDB\xDD\xC0\x5C\xDE\xA0" },
{ KV5M_DATA, 41,
@@ -476,7 +476,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 16,
"\x2C\xA2\x7A\x5F\xAF\x55\x32\x24\x45\x06\x43\x4E\x1C\xEF\x66\x76" },
{ KV5M_DATA, 45,
@@ -486,7 +486,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 16,
"\x78\x24\xF8\xC1\x6F\x83\xFF\x35\x4C\x6B\xF7\x51\x5B\x97\x3F\x43" },
{ KV5M_DATA, 62,
@@ -498,7 +498,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
- "", 0,
+ { KV5M_DATA, 0, "", }, 0,
{ KV5M_DATA, 32,
"\xB6\x1C\x86\xCC\x4E\x5D\x27\x57\x54\x5A\xD4\x23\x39\x9F\xB7\x03"
"\x1E\xCA\xB9\x13\xCB\xB9\x00\xBD\x7A\x3C\x6D\xD8\xBF\x92\x01\x5B" },
@@ -508,7 +508,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
- "1", 1,
+ { KV5M_DATA, 1, "1", }, 1,
{ KV5M_DATA, 32,
"\x1B\x97\xFE\x0A\x19\x0E\x20\x21\xEB\x30\x75\x3E\x1B\x6E\x1E\x77"
"\xB0\x75\x4B\x1D\x68\x46\x10\x35\x58\x64\x10\x49\x63\x46\x38\x33" },
@@ -519,7 +519,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
- "9 bytesss", 2,
+ { KV5M_DATA, 9, "9 bytesss", }, 2,
{ KV5M_DATA, 32,
"\x32\x16\x4C\x5B\x43\x4D\x1D\x15\x38\xE4\xCF\xD9\xBE\x80\x40\xFE"
"\x8C\x4A\xC7\xAC\xC4\xB9\x3D\x33\x14\xD2\x13\x36\x68\x14\x7A\x05" },
@@ -530,7 +530,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
- "13 bytes byte", 3,
+ { KV5M_DATA, 13, "13 bytes byte", }, 3,
{ KV5M_DATA, 32,
"\xB0\x38\xB1\x32\xCD\x8E\x06\x61\x22\x67\xFA\xB7\x17\x00\x66\xD8"
"\x8A\xEC\xCB\xA0\xB7\x44\xBF\xC6\x0D\xC8\x9B\xCA\x18\x2D\x07\x15" },
@@ -541,7 +541,7 @@ struct test {
},
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
- "30 bytes bytes bytes bytes byt", 4,
+ { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
{ KV5M_DATA, 32,
"\xCC\xFC\xD3\x49\xBF\x4C\x66\x77\xE8\x6E\x4B\x02\xB8\xEA\xB9\x24"
"\xA5\x46\xAC\x73\x1C\xF9\xBF\x69\x89\xB9\x96\xE7\xD6\xBF\xBB\xA7" },
@@ -551,6 +551,104 @@ struct test {
"\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84"
"\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" }
},
+
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 0, "", }, 2,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 32,
+ "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D"
+ "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18" }
+ },
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 6, "\x00\x01\x02\x03\x04\x05", }, 2,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 38,
+ "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF"
+ "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4"
+ "\x42\x1D\xFD\xF8\x97\x6C" }
+ },
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 16,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" },
+ 2,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 48,
+ "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A"
+ "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2"
+ "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3" }
+ },
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 21,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14" },
+ 2,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 53,
+ "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36"
+ "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC"
+ "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34"
+ "\xA2\x87\xFF\xCB\xFC" }
+ },
+
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 0, "", }, 2,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 40,
+ "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0"
+ "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74"
+ "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 6, "\x00\x01\x02\x03\x04\x05", }, 2,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 46,
+ "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7"
+ "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60"
+ "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 16,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" },
+ 2,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 56,
+ "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B"
+ "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6"
+ "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E"
+ "\x40\xC4\xFF\x25\x5B\x36\xA2\x66" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 21,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14" },
+ 2,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 61,
+ "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE"
+ "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2"
+ "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A"
+ "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62" }
+ },
};
static void
@@ -584,7 +682,9 @@ enctypes[] = {
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_CAMELLIA128_CTS_CMAC,
- ENCTYPE_CAMELLIA256_CTS_CMAC
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192
};
static char *plaintexts[] = {
@@ -663,9 +763,9 @@ main(int argc, char **argv)
printf("decrypt test %d failed to decrypt\n", (int)i);
return 1;
}
- assert(plain.length >= strlen(test->plaintext));
- if (memcmp(plain.data, test->plaintext,
- strlen(test->plaintext)) != 0) {
+ assert(plain.length >= test->plaintext.length);
+ if (memcmp(plain.data, test->plaintext.data,
+ test->plaintext.length) != 0) {
printf("decrypt test %d produced wrong result\n", (int)i);
return 1;
}
diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c
index f8c3291..381ae43 100644
--- a/src/lib/crypto/crypto_tests/t_derive.c
+++ b/src/lib/crypto/crypto_tests/t_derive.c
@@ -200,6 +200,70 @@ struct test {
"\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB"
"\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" }
},
+
+ /* Kc, Ke, Ki for an aes128-sha2 key. */
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 5, "\0\0\0\2\x99" },
+ DERIVE_SP800_108_HMAC,
+ { KV5M_DATA, 16,
+ "\xB3\x1A\x01\x8A\x48\xF5\x47\x76\xF4\x03\xE9\xA3\x96\x32\x5D\xC3" }
+ },
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+ DERIVE_SP800_108_HMAC,
+ { KV5M_DATA, 16,
+ "\x9B\x19\x7D\xD1\xE8\xC5\x60\x9D\x6E\x67\xC3\xE3\x7C\x62\xC7\x2E" }
+ },
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 5, "\0\0\0\2\x55" },
+ DERIVE_SP800_108_HMAC,
+ { KV5M_DATA, 16,
+ "\x9F\xDA\x0E\x56\xAB\x2D\x85\xE1\x56\x9A\x68\x86\x96\xC2\x6A\x6C" }
+ },
+
+ /* Kc, Ke, Ki for an aes256-sha2 key. */
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 5, "\0\0\0\2\x99" },
+ DERIVE_SP800_108_HMAC,
+ { KV5M_DATA, 24,
+ "\xEF\x57\x18\xBE\x86\xCC\x84\x96\x3D\x8B\xBB\x50\x31\xE9\xF5\xC4"
+ "\xBA\x41\xF2\x8F\xAF\x69\xE7\x3D" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+ DERIVE_SP800_108_HMAC,
+ { KV5M_DATA, 32,
+ "\x56\xAB\x22\xBE\xE6\x3D\x82\xD7\xBC\x52\x27\xF6\x77\x3F\x8E\xA7"
+ "\xA5\xEB\x1C\x82\x51\x60\xC3\x83\x12\x98\x0C\x44\x2E\x5C\x7E\x49" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 5, "\0\0\0\2\x55" },
+ DERIVE_SP800_108_HMAC,
+ { KV5M_DATA, 24,
+ "\x69\xB1\x65\x14\xE3\xCD\x8E\x56\xB8\x20\x10\xD5\xC7\x30\x12\xB6"
+ "\x22\xC4\xD0\x0F\xFC\x23\xED\x1F" }
+ },
};
static void
@@ -226,15 +290,27 @@ static const struct krb5_enc_provider *
get_enc_provider(krb5_enctype enctype)
{
switch (enctype) {
- case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3;
- case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128;
- case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256;
- case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128;
- case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256;
+ case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3;
+ case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128;
+ case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256;
+ case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128;
+ case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256;
+ case ENCTYPE_AES128_CTS_HMAC_SHA256_128: return &krb5int_enc_aes128;
+ case ENCTYPE_AES256_CTS_HMAC_SHA384_192: return &krb5int_enc_aes256;
}
abort();
}
+static const struct krb5_hash_provider *
+get_hash_provider(krb5_enctype enctype)
+{
+ switch (enctype) {
+ case ENCTYPE_AES128_CTS_HMAC_SHA256_128: return &krb5int_hash_sha256;
+ case ENCTYPE_AES256_CTS_HMAC_SHA384_192: return &krb5int_hash_sha384;
+ }
+ return NULL;
+}
+
int
main(int argc, char **argv)
{
@@ -243,8 +319,10 @@ main(int argc, char **argv)
size_t i;
struct test *test;
krb5_keyblock kb;
- krb5_key inkey, outkey;
+ krb5_key inkey = NULL, key = NULL;
+ krb5_data rnd = empty_data(), outcmp;
const struct krb5_enc_provider *enc;
+ const struct krb5_hash_provider *hash;
krb5_boolean verbose = FALSE;
int status = 0;
@@ -259,9 +337,20 @@ main(int argc, char **argv)
ret = krb5_k_create_key(context, &kb, &inkey);
assert(!ret);
enc = get_enc_provider(test->enctype);
- ret = krb5int_derive_key(enc, NULL, inkey, &outkey, &test->constant,
- test->alg);
- assert(!ret);
+ hash = get_hash_provider(test->enctype);
+ if (test->expected_key.length == enc->keylength) {
+ ret = krb5int_derive_key(enc, hash, inkey, &key, &test->constant,
+ test->alg);
+ assert(!ret);
+ outcmp = make_data(key->keyblock.contents, key->keyblock.length);
+ } else {
+ ret = alloc_data(&rnd, test->expected_key.length);
+ assert(!ret);
+ ret = krb5int_derive_random(enc, hash, inkey, &rnd,
+ &test->constant, test->alg);
+ assert(!ret);
+ outcmp = rnd;
+ }
if (verbose) {
char buf[64];
krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf));
@@ -270,19 +359,21 @@ main(int argc, char **argv)
printhex("Input key: ", inkey->keyblock.contents,
inkey->keyblock.length);
printhex("Constant: ", test->constant.data, test->constant.length);
- printhex("Output key: ", outkey->keyblock.contents,
- outkey->keyblock.length);
+ printhex("Output: ", outcmp.data, outcmp.length);
}
- assert(outkey->keyblock.length == test->expected_key.length);
- if (memcmp(outkey->keyblock.contents, test->expected_key.data,
- outkey->keyblock.length) != 0) {
+ assert(outcmp.length == test->expected_key.length);
+ if (memcmp(outcmp.data, test->expected_key.data, outcmp.length) != 0) {
printf("derive test %d failed\n", (int)i);
status = 1;
if (!verbose)
break;
}
+
krb5_k_free_key(context, inkey);
- krb5_k_free_key(context, outkey);
+ krb5_k_free_key(context, key);
+ zapfree(rnd.data, rnd.length);
+ inkey = key = NULL;
+ rnd = empty_data();
}
return status;
}
diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c
index 1ac375e..4afbdde 100644
--- a/src/lib/crypto/crypto_tests/t_encrypt.c
+++ b/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -47,6 +47,8 @@ krb5_enctype interesting_enctypes[] = {
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC,
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
0
};
diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c
index e735d95..d9877bd 100644
--- a/src/lib/crypto/crypto_tests/t_prf.c
+++ b/src/lib/crypto/crypto_tests/t_prf.c
@@ -91,6 +91,28 @@ struct test {
{ KV5M_DATA, 16,
"\x0D\x67\x4D\xD0\xF9\xA6\x80\x65\x25\xA4\xD9\x2E\x82\x8B\xD1\x5A" }
},
+
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ { KV5M_DATA, 16,
+ "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+ { KV5M_DATA, 4, "test" },
+ { KV5M_DATA, 32,
+ "\x9D\x18\x86\x16\xF6\x38\x52\xFE\x86\x91\x5B\xB8\x40\xB4\xA8\x86"
+ "\xFF\x3E\x6B\xB0\xF8\x19\xB4\x9B\x89\x33\x93\xD3\x93\x85\x42\x95" }
+ },
+
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ { KV5M_DATA, 32,
+ "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+ "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+ { KV5M_DATA, 4, "test" },
+ { KV5M_DATA, 48,
+ "\x98\x01\xF6\x9A\x36\x8C\x2B\xF6\x75\xE5\x95\x21\xE1\x77\xD9\xA0"
+ "\x7F\x67\xEF\xE1\xCF\xDE\x8D\x3C\x8D\x6F\x6A\x02\x56\xE3\xB1\x7D"
+ "\xB3\xC1\xB6\x2A\xD1\xB8\x55\x33\x60\xD1\x73\x67\xEB\x15\x14\xD2" }
+ },
};
int
diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c
index 6ee7b19..40fa282 100644
--- a/src/lib/crypto/crypto_tests/t_short.c
+++ b/src/lib/crypto/crypto_tests/t_short.c
@@ -44,6 +44,8 @@ krb5_enctype interesting_enctypes[] = {
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC,
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
0
};
diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c
index 7ff6efd..7a78138 100644
--- a/src/lib/crypto/crypto_tests/t_str2key.c
+++ b/src/lib/crypto/crypto_tests/t_str2key.c
@@ -29,7 +29,7 @@
struct test {
krb5_enctype enctype;
char *string;
- char *salt;
+ krb5_data salt;
krb5_data params;
krb5_data expected_key;
krb5_error_code expected_err;
@@ -39,7 +39,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xA4\xD0\xD0\x9B\x86\x92\xB0\xC2" },
0,
@@ -48,7 +48,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"M",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xF1\xF2\x9E\xAB\xD0\xEF\xDF\x73" },
0,
@@ -57,7 +57,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xD6\x85\x61\xC4\xF2\x94\xF4\xA1" },
0,
@@ -66,7 +66,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My ",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xD0\xE3\xA7\x83\x94\x61\xE0\xD0" },
0,
@@ -75,7 +75,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My P",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xD5\x62\xCD\x94\x61\xCB\x97\xDF" },
0,
@@ -84,7 +84,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Pa",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x9E\xA2\xA2\xEC\xA8\x8C\x6B\x8F" },
0,
@@ -93,7 +93,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Pas",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xE3\x91\x6D\xD3\x85\xF1\x67\xC4" },
0,
@@ -102,7 +102,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Pass",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xF4\xC4\x73\xC8\x8A\xE9\x94\x6D" },
0,
@@ -111,7 +111,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Passw",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xA1\x9E\xB3\xAD\x6B\xE3\xAB\xD9" },
0,
@@ -120,7 +120,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Passwo",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xAD\xA1\xCE\x10\x37\x83\xA7\x8C" },
0,
@@ -129,7 +129,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Passwor",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xD3\x01\xD0\xF7\x3E\x7A\x49\x0B" },
0,
@@ -138,7 +138,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Password",
- "Sodium Chloride",
+ { KV5M_DATA, 15, "Sodium Chloride" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xB6\x2A\x4A\xEC\x9D\x4C\x68\xDF" },
0,
@@ -147,7 +147,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x61\xEF\xE6\x83\xE5\x8A\x6B\x98" },
0,
@@ -156,7 +156,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"M",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x68\xCD\x68\xAD\xC4\x86\xCD\xE5" },
0,
@@ -165,7 +165,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x83\xA1\xC8\x86\x8F\x67\xD0\x62" },
0,
@@ -174,7 +174,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My ",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x9E\xC7\x8F\xA4\xA4\xB3\xE0\xD5" },
0,
@@ -183,7 +183,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My P",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xD9\x92\x86\x8F\x9D\x8C\x85\xE6" },
0,
@@ -192,7 +192,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Pa",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xDA\xF2\x92\x83\xF4\x9B\xA7\xAD" },
0,
@@ -201,7 +201,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Pas",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x91\xCD\xAD\xEF\x86\xDF\xD3\xA2" },
0,
@@ -210,7 +210,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Pass",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x73\xD3\x67\x68\x8F\x6E\xE3\x73" },
0,
@@ -219,7 +219,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Passw",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xC4\x61\x85\x9D\xAD\xF4\xDC\xB0" },
0,
@@ -228,7 +228,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Passwo",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\xE9\x02\x83\x16\x2C\xEC\xE0\x08" },
0,
@@ -237,7 +237,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Passwor",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x61\xC8\x26\x29\xD9\x73\x6E\xB6" },
0,
@@ -246,7 +246,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"My Password",
- "NaCl",
+ { KV5M_DATA, 4, "NaCl" },
{ KV5M_DATA, 1, "\1" },
{ KV5M_DATA, 8, "\x8C\xA8\x9E\xC4\xA8\xDC\x31\x73" },
0,
@@ -257,7 +257,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 1, "\0" },
{ KV5M_DATA, 8, "\xCB\xC2\x2F\xAE\x23\x52\x98\xE3" },
0,
@@ -266,7 +266,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"potatoe",
- "WHITEHOUSE.GOVdanny",
+ { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" },
{ KV5M_DATA, 1, "\0" },
{ KV5M_DATA, 8, "\xDF\x3D\x32\xA7\x4F\xD9\x2A\x01" },
0,
@@ -275,7 +275,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"\xF0\x9D\x84\x9E",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 1, "\0" },
{ KV5M_DATA, 8, "\x4F\xFB\x26\xBA\xB0\xCD\x94\x13" },
0,
@@ -284,7 +284,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"\xC3\x9F",
- "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87",
+ { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" },
{ KV5M_DATA, 1, "\0" },
{ KV5M_DATA, 8, "\x62\xC8\x1A\x52\x32\xB5\xE6\x9D" },
0,
@@ -293,7 +293,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"11119999",
- "AAAAAAAA",
+ { KV5M_DATA, 8, "AAAAAAAA" },
{ KV5M_DATA, 1, "\0" },
{ KV5M_DATA, 8, "\x98\x40\x54\xd0\xf1\xa7\x3e\x31" },
0,
@@ -302,7 +302,7 @@ struct test {
{
ENCTYPE_DES_CBC_CRC,
"NNNN6666",
- "FFFFAAAA",
+ { KV5M_DATA, 8, "FFFFAAAA" },
{ KV5M_DATA, 1, "\0" },
{ KV5M_DATA, 8, "\xC4\xBF\x6B\x25\xAD\xF7\xA4\xF8" },
0,
@@ -313,7 +313,7 @@ struct test {
{
ENCTYPE_DES3_CBC_SHA1,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 0, NULL },
{ KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C"
"\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" },
@@ -323,7 +323,7 @@ struct test {
{
ENCTYPE_DES3_CBC_SHA1,
"potatoe",
- "WHITEHOUSE.GOVdanny",
+ { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" },
{ KV5M_DATA, 0, NULL },
{ KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37"
"\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" },
@@ -333,7 +333,7 @@ struct test {
{
ENCTYPE_DES3_CBC_SHA1,
"penny",
- "EXAMPLE.COMbuckaroo",
+ { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" },
{ KV5M_DATA, 0, NULL },
{ KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA"
"\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" },
@@ -343,7 +343,7 @@ struct test {
{
ENCTYPE_DES3_CBC_SHA1,
"\xC3\x9F",
- "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87",
+ { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" },
{ KV5M_DATA, 0, NULL },
{ KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0"
"\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" },
@@ -353,7 +353,7 @@ struct test {
{
ENCTYPE_DES3_CBC_SHA1,
"\xF0\x9D\x84\x9E",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 0, NULL },
{ KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E"
"\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" },
@@ -365,7 +365,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\1" },
{ KV5M_DATA, 16,
"\x42\x26\x3C\x6E\x89\xF4\xFC\x28\xB8\xDF\x68\xEE\x09\x79\x9F\x15" },
@@ -375,7 +375,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\1" },
{ KV5M_DATA, 32,
"\xFE\x69\x7B\x52\xBC\x0D\x3C\xE1\x44\x32\xBA\x03\x6A\x92\xE6\x5B"
@@ -386,7 +386,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\2" },
{ KV5M_DATA, 16,
"\xC6\x51\xBF\x29\xE2\x30\x0A\xC2\x7F\xA4\x69\xD6\x93\xBD\xDA\x13" },
@@ -396,7 +396,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\2" },
{ KV5M_DATA, 32,
"\xA2\xE1\x6D\x16\xB3\x60\x69\xC1\x35\xD5\xE9\xD2\xE2\x5F\x89\x61"
@@ -407,7 +407,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
"\x4C\x01\xCD\x46\xD6\x32\xD0\x1E\x6D\xBE\x23\x0A\x01\xED\x64\x2A" },
@@ -417,7 +417,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
"\x55\xA6\xAC\x74\x0A\xD1\x7B\x48\x46\x94\x10\x51\xE1\xE8\xB0\xA7"
@@ -428,7 +428,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"password",
- "\x12\x34\x56\x78\x78\x56\x34\x12",
+ { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
{ KV5M_DATA, 4, "\0\0\0\5" },
{ KV5M_DATA, 16,
"\xE9\xB2\x3D\x52\x27\x37\x47\xDD\x5C\x35\xCB\x55\xBE\x61\x9D\x8E" },
@@ -438,7 +438,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"password",
- "\x12\x34\x56\x78\x78\x56\x34\x12",
+ { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
{ KV5M_DATA, 4, "\0\0\0\5" },
{ KV5M_DATA, 32,
"\x97\xA4\xE7\x86\xBE\x20\xD8\x1A\x38\x2D\x5E\xBC\x96\xD5\x90\x9C"
@@ -449,7 +449,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase equals block size",
+ { KV5M_DATA, 29, "pass phrase equals block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
"\x59\xD1\xBB\x78\x9A\x82\x8B\x1A\xA5\x4E\xF9\xC2\x88\x3F\x69\xED" },
@@ -459,7 +459,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase equals block size",
+ { KV5M_DATA, 29, "pass phrase equals block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
"\x89\xAD\xEE\x36\x08\xDB\x8B\xC7\x1F\x1B\xFB\xFE\x45\x94\x86\xB0"
@@ -470,7 +470,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase exceeds block size",
+ { KV5M_DATA, 30, "pass phrase exceeds block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
"\xCB\x80\x05\xDC\x5F\x90\x17\x9A\x7F\x02\x10\x4C\x00\x18\x75\x1D" },
@@ -480,7 +480,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase exceeds block size",
+ { KV5M_DATA, 30, "pass phrase exceeds block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
"\xD7\x8C\x5C\x9C\xB8\x72\xA8\xC9\xDA\xD4\x69\x7F\x0B\xB5\xB2\xD2"
@@ -491,7 +491,7 @@ struct test {
{
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
"\xF0\x9D\x84\x9E",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 16,
"\xF1\x49\xC1\xF2\xE1\x54\xA7\x34\x52\xD4\x3E\x7F\xE6\x2A\x56\xE5" },
@@ -501,7 +501,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"\xF0\x9D\x84\x9E",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 32,
"\x4B\x6D\x98\x39\xF8\x44\x06\xDF\x1F\x09\xCC\x16\x6D\xB4\xB8\x3C"
@@ -514,7 +514,7 @@ struct test {
{
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
"\xF0\x9D\x84\x9E",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 32,
"\x4B\x6D\x98\x39\xF8\x44\x06\xDF\x1F\x09\xCC\x16\x6D\xB4\xB8\x3C"
@@ -527,7 +527,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\1" },
{ KV5M_DATA, 16,
"\x57\xD0\x29\x72\x98\xFF\xD9\xD3\x5D\xE5\xA4\x7F\xB4\xBD\xE2\x4B" },
@@ -537,7 +537,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\1" },
{ KV5M_DATA, 32,
"\xB9\xD6\x82\x8B\x20\x56\xB7\xBE\x65\x6D\x88\xA1\x23\xB1\xFA\xC6"
@@ -548,7 +548,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\2" },
{ KV5M_DATA, 16,
"\x73\xF1\xB5\x3A\xA0\xF3\x10\xF9\x3B\x1D\xE8\xCC\xAA\x0C\xB1\x52" },
@@ -558,7 +558,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\0\2" },
{ KV5M_DATA, 32,
"\x83\xFC\x58\x66\xE5\xF8\xF4\xC6\xF3\x86\x63\xC6\x5C\x87\x54\x9F"
@@ -569,7 +569,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
"\x8E\x57\x11\x45\x45\x28\x55\x57\x5F\xD9\x16\xE7\xB0\x44\x87\xAA" },
@@ -579,7 +579,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
- "ATHENA.MIT.EDUraeburn",
+ { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
"\x77\xF4\x21\xA6\xF2\x5E\x13\x83\x95\xE8\x37\xE5\xD8\x5D\x38\x5B"
@@ -590,7 +590,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
- "\x12\x34\x56\x78\x78\x56\x34\x12",
+ { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
{ KV5M_DATA, 4, "\0\0\0\5" },
{ KV5M_DATA, 16,
"\x00\x49\x8F\xD9\x16\xBF\xC1\xC2\xB1\x03\x1C\x17\x08\x01\xB3\x81" },
@@ -600,7 +600,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
- "\x12\x34\x56\x78\x78\x56\x34\x12",
+ { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
{ KV5M_DATA, 4, "\0\0\0\5" },
{ KV5M_DATA, 32,
"\x11\x08\x3A\x00\xBD\xFE\x6A\x41\xB2\xF1\x97\x16\xD6\x20\x2F\x0A"
@@ -611,7 +611,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase equals block size",
+ { KV5M_DATA, 29, "pass phrase equals block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
"\x8B\xF6\xC3\xEF\x70\x9B\x98\x1D\xBB\x58\x5D\x08\x68\x43\xBE\x05" },
@@ -621,7 +621,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase equals block size",
+ { KV5M_DATA, 29, "pass phrase equals block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
"\x11\x9F\xE2\xA1\xCB\x0B\x1B\xE0\x10\xB9\x06\x7A\x73\xDB\x63\xED"
@@ -632,7 +632,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase exceeds block size",
+ { KV5M_DATA, 30, "pass phrase exceeds block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
"\x57\x52\xAC\x8D\x6A\xD1\xCC\xFE\x84\x30\xB3\x12\x87\x1C\x2F\x74" },
@@ -642,7 +642,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
- "pass phrase exceeds block size",
+ { KV5M_DATA, 30, "pass phrase exceeds block size" },
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
"\x61\x4D\x5D\xFC\x0B\xA6\xD3\x90\xB4\x12\xB8\x9A\xE4\xD5\xB0\x88"
@@ -653,7 +653,7 @@ struct test {
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"\xf0\x9d\x84\x9e",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 16,
"\xCC\x75\xC7\xFD\x26\x0F\x1C\x16\x58\x01\x1F\xCC\x0D\x56\x06\x16" },
@@ -663,7 +663,7 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"\xf0\x9d\x84\x9e",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 32,
"\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E"
@@ -676,14 +676,40 @@ struct test {
{
ENCTYPE_CAMELLIA256_CTS_CMAC,
"\xf0\x9d\x84\x9e",
- "EXAMPLE.COMpianist",
+ { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 32,
"\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E"
"\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" },
KRB5_ERR_BAD_S2K_PARAMS,
FALSE
- }
+ },
+
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ "password",
+ { KV5M_DATA, 37,
+ "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
+ "ATHENA.MIT.EDUraeburn" },
+ { KV5M_DATA, 4, "\x00\x00\x80\x00" },
+ { KV5M_DATA, 16,
+ "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7" },
+ 0,
+ FALSE
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ "password",
+ { KV5M_DATA, 37,
+ "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
+ "ATHENA.MIT.EDUraeburn" },
+ { KV5M_DATA, 4, "\x00\x00\x80\x00" },
+ { KV5M_DATA, 32,
+ "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22"
+ "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67" },
+ 0,
+ FALSE
+ },
};
static void
@@ -712,7 +738,7 @@ int
main(int argc, char **argv)
{
krb5_context context = NULL;
- krb5_data string, salt;
+ krb5_data string;
krb5_error_code ret;
krb5_keyblock *keyblock;
size_t i;
@@ -725,13 +751,12 @@ main(int argc, char **argv)
for (i = 0; i < sizeof(test_cases) / sizeof(*test_cases); i++) {
test = &test_cases[i];
string = string2data(test->string);
- salt = string2data(test->salt);
ret = krb5_init_keyblock(context, test->enctype, 0, &keyblock);
assert(!ret);
k5_allow_weak_pbkdf2iter = test->allow_weak;
ret = krb5_c_string_to_key_with_params(context, test->enctype,
- &string, &salt, &test->params,
- keyblock);
+ &string, &test->salt,
+ &test->params, keyblock);
if (ret != test->expected_err) {
com_err(argv[0], ret, "in krb5_c_string_to_key_with_params");
exit(1);
@@ -742,7 +767,7 @@ main(int argc, char **argv)
printf("\nTest %d:\n", (int)i);
printf("Enctype: %s\n", buf);
printf("String: %s\n", test->string);
- printf("Salt: %s\n", test->salt);
+ printhex("Salt: ", test->salt.data, test->salt.length);
printhex("Params: ", test->params.data, test->params.length);
if (test->expected_err == 0)
printhex("Key: ", keyblock->contents, keyblock->length);
diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index 6ba1d66..447e456 100644
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -67,6 +67,8 @@ krb5int_c_free_keyblock
krb5int_c_init_keyblock
krb5int_hash_md4
krb5int_hash_md5
+krb5int_hash_sha256
+krb5int_hash_sha384
krb5int_enc_arcfour
krb5int_hmac
krb5_k_create_key
@@ -95,6 +97,7 @@ krb5int_enc_aes256
krb5int_enc_camellia128
krb5int_enc_camellia256
krb5int_derive_key
+krb5int_derive_random
krb5int_aes_enc_blk
krb5int_aes_enc_key
k5_sha256
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
index 1db70fb..2d1686c 100644
--- a/src/tests/dejagnu/config/default.exp
+++ b/src/tests/dejagnu/config/default.exp
@@ -189,6 +189,30 @@ set passes {
{dummy=[verbose -log "AES enctypes"]}
}
{
+ aes-sha2-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-sha2:normal}
+ {permitted_enctypes(kdc)=aes256-sha2}
+ {permitted_enctypes(slave)=aes256-sha2}
+ {permitted_enctypes(client)=aes256-sha2}
+ {permitted_enctypes(server)=aes256-sha2}
+ {default_tgs_enctypes(kdc)=aes256-sha2}
+ {default_tgs_enctypes(slave)=aes256-sha2}
+ {default_tgs_enctypes(client)=aes256-sha2}
+ {default_tgs_enctypes(server)=aes256-sha2}
+ {default_tkt_enctypes(kdc)=aes256-sha2}
+ {default_tkt_enctypes(slave)=aes256-sha2}
+ {default_tkt_enctypes(client)=aes256-sha2}
+ {default_tkt_enctypes(server)=aes256-sha2}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=aes256-sha2}
+ {dummy=[verbose -log "aes256-sha2 enctype"]}
+ }
+ {
camellia-only
mode=udp
des3_krbtgt=0
diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c
index 082edff..2c8c851 100644
--- a/src/tests/gssapi/t_prf.c
+++ b/src/tests/gssapi/t_prf.c
@@ -88,7 +88,21 @@ static struct {
"D8346554163E5949CBAE2FB8EF36AFB6B32CE75116A0",
"A171AD582C1AFBBAD52ABD622EE6B6A14D19BF95C6914B2BA40FFD99A88EC660",
"A47CBB6E104DCC77E4DB48A7A474B977F2FB6A7A1AB6"
- "52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" }
+ "52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" },
+ { ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ "089BCA48B105EA6EA77CA5D2F39DC5E7",
+ "ED1736209B7C59C9F6A3AE8CCC8A7C97ADFDD11688AD"
+ "F304F2F74252CBACD311A2D9253211FDA49745CE4F62",
+ "3705D96080C17728A0E800EAB6E0D23C",
+ "2BB41B183D76D8D5B30CBB049A7EFE9F350EFA058DC2"
+ "C4D868308D354A7B199BE6FD1F22B53C038BC6036581" },
+ { ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ "45BD806DBF6A833A9CFFC1C94589A222367A79BC21C413718906E9F578A78467",
+ "1C613AE8B77A3B4D783F3DCE6C9178FC025E87F48A44"
+ "784A69CB5FC697FE266A6141905067EF78566D309085",
+ "6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52",
+ "D15944B0A44508D1E61213F6455F292A02298F870C01"
+ "A3F74AD0345A4A6651EBE101976E933F32D44F0B5947" },
};
/* Decode hexstr into out. No length checking. */
diff --git a/src/util/k5test.py b/src/util/k5test.py
index 2110e40..c3d0263 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -1210,6 +1210,26 @@ _passes = [
'supported_enctypes': 'camellia256-cts:normal',
'master_key_type': 'camellia256-cts'}}}),
+ # Exercise the aes128-sha2 enctype.
+ ('aes128-sha2', None,
+ {'libdefaults': {
+ 'default_tgs_enctypes': 'aes128-sha2',
+ 'default_tkt_enctypes': 'aes128-sha2',
+ 'permitted_enctypes': 'aes128-sha2'}},
+ {'realms': {'$realm': {
+ 'supported_enctypes': 'aes128-sha2:normal',
+ 'master_key_type': 'aes128-sha2'}}}),
+
+ # Exercise the aes256-sha2 enctype.
+ ('aes256-sha2', None,
+ {'libdefaults': {
+ 'default_tgs_enctypes': 'aes256-sha2',
+ 'default_tkt_enctypes': 'aes256-sha2',
+ 'permitted_enctypes': 'aes256-sha2'}},
+ {'realms': {'$realm': {
+ 'supported_enctypes': 'aes256-sha2:normal',
+ 'master_key_type': 'aes256-sha2'}}}),
+
# Test a setup with modern principal keys but an old TGT key.
('aes256.destgt', 'des-cbc-crc:normal',
{'libdefaults': {'allow_weak_crypto': 'true'}},
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
