Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 253 insertions, 0 deletions

diff --git a/third_party/heimdal/lib/krb5/test_fx.c b/third_party/heimdal/lib/krb5/test_fx.c
new file mode 100644
index 0000000..68f00dc
--- /dev/null
+++ b/third_party/heimdal/lib/krb5/test_fx.c
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+struct {
+    char *p1;
+    char *pepper1;
+    krb5_enctype e1;
+    char *p2;
+    char *pepper2;
+    krb5_enctype e2;
+    krb5_enctype e3;
+    char *key;
+    size_t len;
+} cf2[] = {
+    {
+	"key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
+	"key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96,
+	ETYPE_AES128_CTS_HMAC_SHA1_96,
+	"\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x02\x87\xa9\x2a",
+	16
+    },
+    {
+	"key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96,
+	"key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
+	ETYPE_AES256_CTS_HMAC_SHA1_96,
+	"\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66"
+	"\xb9\x61\x7a\xe3\xa9\x68\x68\xc3\x37\xcb\x93\xb5\xe7\x2b\x1c\x7b",
+	32
+    },
+    {
+	"key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
+	"key2", "b", ETYPE_AES128_CTS_HMAC_SHA1_96,
+	ETYPE_AES256_CTS_HMAC_SHA1_96,
+	"\x97\xdf\x97\xe4\xb7\x98\xb2\x9e\xb3\x1e\xd7\x28\x2\x87\xa9\x2a"
+	"\x1\x96\xfa\xf2\x44\xf8\x11\x20\xc2\x1c\x51\x17\xb3\xe6\xeb\x98",
+	32
+    },
+    {
+	"key1", "a", ETYPE_AES256_CTS_HMAC_SHA1_96,
+	"key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
+	ETYPE_AES128_CTS_HMAC_SHA1_96,
+	"\x4d\x6c\xa4\xe6\x29\x78\x5c\x1f\x01\xba\xf5\x5e\x2e\x54\x85\x66",
+	16
+    },
+    {
+	"key1", "a", ETYPE_AES128_CTS_HMAC_SHA1_96,
+	"key2", "b", ETYPE_AES256_CTS_HMAC_SHA1_96,
+	ETYPE_AES256_CTS_HMAC_SHA1_96,
+	"\x88\xbd\xb2\xa9\xf\x3e\x52\x5a\xb0\x5f\x68\xc5\x43\x9a\x4d\x5e"
+	"\x9c\x2b\xfd\x2b\x02\x24\xde\x39\xb5\x82\xf4\xbb\x05\xfe\x2\x2e",
+	32
+    },
+    {
+	"key1", "a", ETYPE_ARCFOUR_HMAC_MD5,
+	"key2", "b", ETYPE_ARCFOUR_HMAC_MD5,
+	ETYPE_ARCFOUR_HMAC_MD5,
+        "\x24\xd7\xf6\xb6\xba\xe4\xe5\xc0\x0d\x20\x82\xc5\xeb\xab\x36\x72",
+	16
+    },
+    /* We don't yet have a PRF for 1DES in Heimdal */
+    {
+	"key1", "a", ETYPE_DES_CBC_CRC,
+	"key2", "b", ETYPE_DES_CBC_CRC,
+	ETYPE_DES_CBC_CRC,
+        "\x43\xba\xe3\x73\x8c\x94\x67\xe6",
+	8
+    },
+    {
+	"key1", "a", ETYPE_DES3_CBC_SHA1,
+	"key2", "b", ETYPE_DES3_CBC_SHA1,
+	ETYPE_DES3_CBC_SHA1,
+        "\xe5\x8f\x9e\xb6\x43\x86\x2c\x13\xad\x38\xe5\x29\x31\x34\x62\xa7"
+        "\xf7\x3e\x62\x83\x4f\xe5\x4a\x01",
+	24
+    },
+};
+
+
+static void
+test_cf2(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_data pw, p1, p2;
+    krb5_salt salt;
+    krb5_keyblock k1, k2, k3;
+    krb5_crypto c1, c2;
+    unsigned int i;
+    unsigned int errors = 0;
+
+    ret = krb5_allow_weak_crypto(context, 1);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_allow_weak_crypto");
+
+    for (i = 0; i < sizeof(cf2)/sizeof(cf2[0]); i++) {
+	pw.data = cf2[i].p1;
+	pw.length = strlen(cf2[i].p1);
+	salt.salttype = (krb5_salttype)KRB5_PADATA_PW_SALT;
+	salt.saltvalue.data = cf2[i].p1;
+	salt.saltvalue.length = strlen(cf2[i].p1);
+
+	ret = krb5_string_to_key_data_salt(context,
+					   cf2[i].e1,
+					   pw,
+					   salt,
+					   &k1);
+	if (ret)
+	    krb5_err(context, 1, ret, "krb5_string_to_key_data_salt");
+
+	ret = krb5_crypto_init(context, &k1, 0, &c1);
+	if (ret)
+	    krb5_err(context, 1, ret, "krb5_crypto_init");
+
+	pw.data = cf2[i].p2;
+	pw.length = strlen(cf2[i].p2);
+	salt.saltvalue.data = cf2[i].p2;
+	salt.saltvalue.length = strlen(cf2[i].p2);
+
+	ret = krb5_string_to_key_data_salt(context,
+					   cf2[i].e2,
+					   pw,
+					   salt,
+					   &k2);
+	if (ret)
+	    krb5_err(context, 1, ret, "krb5_string_to_key_data_salt");
+
+	ret = krb5_crypto_init(context, &k2, 0, &c2);
+	if (ret)
+	    krb5_err(context, 1, ret, "krb5_crypto_init");
+
+
+	p1.data = cf2[i].pepper1;
+	p1.length = strlen(cf2[i].pepper1);
+
+	p2.data = cf2[i].pepper2;
+	p2.length = strlen(cf2[i].pepper2);
+
+	ret = krb5_crypto_fx_cf2(context, c1, c2, &p1, &p2, cf2[i].e3, &k3);
+        if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+            krb5_warn(context, ret, "KRB-FX-CF2 not supported for enctype %d",
+                      cf2[i].e1);
+            continue;
+        } else if (ret) {
+	    krb5_err(context, 1, ret, "krb5_crypto_fx_cf2");
+        }
+
+	if (k3.keytype != cf2[i].e3) {
+            errors++;
+	    krb5_warnx(context, "length not right for enctype %d", cf2[i].e3);
+            continue;
+        }
+	if (k3.keyvalue.length != cf2[i].len ||
+	    memcmp(k3.keyvalue.data, cf2[i].key, cf2[i].len) != 0) {
+            errors++;
+	    krb5_warnx(context, "key not same for enctypes %d %d %d",
+                       cf2[i].e1, cf2[i].e2, cf2[i].e3);
+            continue;
+        }
+
+	krb5_crypto_destroy(context, c1);
+	krb5_crypto_destroy(context, c2);
+
+	krb5_free_keyblock_contents(context, &k1);
+	krb5_free_keyblock_contents(context, &k2);
+	krb5_free_keyblock_contents(context, &k3);
+    }
+
+    if (errors)
+        krb5_errx(context, 1, "%u KRB-FX-CF2 vectors failed", errors);
+}
+
+static int version_flag = 0;
+static int help_flag	= 0;
+
+static struct getargs args[] = {
+    {"version",	0,	arg_flag,	&version_flag,
+     "print version", NULL },
+    {"help",	0,	arg_flag,	&help_flag,
+     NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+    arg_printusage (args,
+		    sizeof(args)/sizeof(*args),
+		    NULL,
+		    "");
+    exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    int optidx = 0;
+
+    setprogname(argv[0]);
+
+    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+	usage(1);
+
+    if (help_flag)
+	usage (0);
+
+    if(version_flag){
+	print_version(NULL);
+	exit(0);
+    }
+
+    ret = krb5_init_context(&context);
+    if (ret)
+	errx (1, "krb5_init_context failed: %d", ret);
+
+    test_cf2(context);
+
+    krb5_free_context(context);
+
+    return 0;
+}