search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / test_pac.c
blob48d63303e7f46a64f8b53c2b0492eaa30236c375
1 /*
2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 __RCSID("$Heimdal: test_pac.c 21934 2007-08-27 14:21:04Z lha $"
37 "$NetBSD$");
38
39 /*
40 * This PAC and keys are copied (with permission) from Samba torture
41 * regression test suite, they where created by Andrew Bartlet.
42 */
43
44 static const unsigned char saved_pac[] = {
45 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
46 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
47 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
48 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
49 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
50 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
51 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
52 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
53 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
54 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
55 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
56 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
57 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
58 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
60 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
65 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
66 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
67 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
71 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
72 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
73 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
74 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
75 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
76 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
77 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
78 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
80 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
81 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
82 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
83 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
84 };
85
86 static int type_1_length = 472;
87
88 static const krb5_keyblock kdc_keyblock = {
89 ETYPE_ARCFOUR_HMAC_MD5,
90 { 16, "\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7" }
91 };
92
93 static const krb5_keyblock member_keyblock = {
94 ETYPE_ARCFOUR_HMAC_MD5,
95 { 16, "\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC" }
96 };
97
98 static time_t authtime = 1120440609;
99 static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
100
101 int
102 main(int argc, char **argv)
103 {
104 krb5_error_code ret;
105 krb5_context context;
106 krb5_pac pac;
107 krb5_data data;
108 krb5_principal p;
109
110 ret = krb5_init_context(&context);
111 if (ret)
112 errx(1, "krb5_init_contex");
113
114 ret = krb5_parse_name(context, user, &p);
115 if (ret)
116 krb5_err(context, 1, ret, "krb5_parse_name");
117
118 ret = krb5_pac_parse(context, saved_pac, sizeof(saved_pac), &pac);
119 if (ret)
120 krb5_err(context, 1, ret, "krb5_pac_parse");
121
122 ret = krb5_pac_verify(context, pac, authtime, p,
123 &member_keyblock, &kdc_keyblock);
124 if (ret)
125 krb5_err(context, 1, ret, "krb5_pac_verify");
126
127 ret = _krb5_pac_sign(context, pac, authtime, p,
128 &member_keyblock, &kdc_keyblock, &data);
129 if (ret)
130 krb5_err(context, 1, ret, "_krb5_pac_sign");
131
132 krb5_pac_free(context, pac);
133
134 ret = krb5_pac_parse(context, data.data, data.length, &pac);
135 krb5_data_free(&data);
136 if (ret)
137 krb5_err(context, 1, ret, "krb5_pac_parse 2");
138
139 ret = krb5_pac_verify(context, pac, authtime, p,
140 &member_keyblock, &kdc_keyblock);
141 if (ret)
142 krb5_err(context, 1, ret, "krb5_pac_verify 2");
143
144 /* make a copy and try to reproduce it */
145 {
146 uint32_t *list;
147 size_t len, i;
148 krb5_pac pac2;
149
150 ret = krb5_pac_init(context, &pac2);
151 if (ret)
152 krb5_err(context, 1, ret, "krb5_pac_init");
153
154 /* our two user buffer plus the three "system" buffers */
155 ret = krb5_pac_get_types(context, pac, &len, &list);
156 if (ret)
157 krb5_err(context, 1, ret, "krb5_pac_get_types");
158
159 for (i = 0; i < len; i++) {
160 /* skip server_cksum, privsvr_cksum, and logon_name */
161 if (list[i] == 6 || list[i] == 7 || list[i] == 10)
162 continue;
163
164 ret = krb5_pac_get_buffer(context, pac, list[i], &data);
165 if (ret)
166 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
167
168 if (list[i] == 1) {
169 if (type_1_length != data.length)
170 krb5_errx(context, 1, "type 1 have wrong length: %lu",
171 (unsigned long)data.length);
172 } else
173 krb5_errx(context, 1, "unknown type %lu",
174 (unsigned long)list[i]);
175
176 ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
177 if (ret)
178 krb5_err(context, 1, ret, "krb5_pac_add_buffer");
179 krb5_data_free(&data);
180 }
181 free(list);
182
183 ret = _krb5_pac_sign(context, pac2, authtime, p,
184 &member_keyblock, &kdc_keyblock, &data);
185 if (ret)
186 krb5_err(context, 1, ret, "_krb5_pac_sign 4");
187
188 krb5_pac_free(context, pac2);
189
190 ret = krb5_pac_parse(context, data.data, data.length, &pac2);
191 if (ret)
192 krb5_err(context, 1, ret, "krb5_pac_parse 4");
193
194 ret = krb5_pac_verify(context, pac2, authtime, p,
195 &member_keyblock, &kdc_keyblock);
196 if (ret)
197 krb5_err(context, 1, ret, "krb5_pac_verify 4");
198
199 krb5_pac_free(context, pac2);
200 }
201
202 krb5_pac_free(context, pac);
203
204 /*
205 * Test empty free
206 */
207
208 ret = krb5_pac_init(context, &pac);
209 if (ret)
210 krb5_err(context, 1, ret, "krb5_pac_init");
211 krb5_pac_free(context, pac);
212
213 /*
214 * Test add remove buffer
215 */
216
217 ret = krb5_pac_init(context, &pac);
218 if (ret)
219 krb5_err(context, 1, ret, "krb5_pac_init");
220
221 {
222 const krb5_data cdata = { 2, "\x00\x01" } ;
223
224 ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
225 if (ret)
226 krb5_err(context, 1, ret, "krb5_pac_add_buffer");
227 }
228 {
229 ret = krb5_pac_get_buffer(context, pac, 1, &data);
230 if (ret)
231 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
232 if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
233 krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
234 krb5_data_free(&data);
235 }
236
237 {
238 const krb5_data cdata = { 2, "\x02\x00" } ;
239
240 ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
241 if (ret)
242 krb5_err(context, 1, ret, "krb5_pac_add_buffer");
243 }
244 {
245 ret = krb5_pac_get_buffer(context, pac, 1, &data);
246 if (ret)
247 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
248 if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
249 krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
250 krb5_data_free(&data);
251 /* */
252 ret = krb5_pac_get_buffer(context, pac, 2, &data);
253 if (ret)
254 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
255 if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
256 krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
257 krb5_data_free(&data);
258 }
259
260 ret = _krb5_pac_sign(context, pac, authtime, p,
261 &member_keyblock, &kdc_keyblock, &data);
262 if (ret)
263 krb5_err(context, 1, ret, "_krb5_pac_sign");
264
265 krb5_pac_free(context, pac);
266
267 ret = krb5_pac_parse(context, data.data, data.length, &pac);
268 krb5_data_free(&data);
269 if (ret)
270 krb5_err(context, 1, ret, "krb5_pac_parse 3");
271
272 ret = krb5_pac_verify(context, pac, authtime, p,
273 &member_keyblock, &kdc_keyblock);
274 if (ret)
275 krb5_err(context, 1, ret, "krb5_pac_verify 3");
276
277 {
278 uint32_t *list;
279 size_t len;
280
281 /* our two user buffer plus the three "system" buffers */
282 ret = krb5_pac_get_types(context, pac, &len, &list);
283 if (ret)
284 krb5_err(context, 1, ret, "krb5_pac_get_types");
285 if (len != 5)
286 krb5_errx(context, 1, "list wrong length");
287 free(list);
288 }
289
290 krb5_pac_free(context, pac);
291
292 krb5_free_principal(context, p);
293 krb5_free_context(context);
294
295 return 0;
296 }
NetBSD on the FriendlyARM MINI2440