/**
* shishi_encticketpart_get_key:
* @handle: shishi handle as allocated by shishi_init().
* @encticketpart: input EncTicketPart variable.
* @key: newly allocated key.
*
* Extract the session key in the Ticket.
*
* Return value: Returns %SHISHI_OK iff successful.
**/
int
shishi_encticketpart_get_key (Shishi * handle,
Shishi_asn1 encticketpart, Shishi_key ** key)
{
int res;
char *buf;
size_t buflen;
int32_t keytype;
res = shishi_asn1_read_int32 (handle, encticketpart,
"key.keytype", &keytype);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, encticketpart, "key.keyvalue",
&buf, &buflen);
if (res != SHISHI_OK)
return res;
res = shishi_key_from_value (handle, keytype, buf, key);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
/**
* shishi_encapreppart_get_key:
* @handle: shishi handle as allocated by shishi_init().
* @encapreppart: input EncAPRepPart variable.
* @key: newly allocated key.
*
* Extract the subkey from the encrypted AP-REP part.
*
* Return value: Returns SHISHI_OK iff succesful.
**/
int
shishi_encapreppart_get_key (Shishi * handle,
Shishi_asn1 encapreppart, Shishi_key ** key)
{
int res;
char *buf;
size_t buflen;
int32_t keytype;
res = shishi_asn1_read_int32 (handle, encapreppart,
"subkey.keytype", &keytype);
if (res != SHISHI_OK)
return res;
res = shishi_asn1_read (handle, encapreppart, "subkey.keyvalue",
&buf, &buflen);
if (res != SHISHI_OK)
return res;
if (shishi_cipher_keylen (keytype) != buflen)
return SHISHI_ENCAPREPPART_BAD_KEYTYPE;
res = shishi_key_from_value (handle, keytype, buf, key);
free (buf);
if (res != SHISHI_OK)
return res;
return SHISHI_OK;
}
void
test (Shishi * handle)
{
Shishi_key *key, *key2;
char out[BUFSIZ];
size_t i;
int res;
if (debug)
shishi_cfg (handle, strdup ("verbose-crypto,verbose-crypto-noise"));
for (i = 0; i < sizeof (drdk) / sizeof (drdk[0]); i++)
{
if (debug)
printf ("DR entry %d\n", i);
res = shishi_key_from_value (handle, drdk[i].type, drdk[i].key, &key);
if (res == SHISHI_OK)
res = shishi_dr (handle, key, drdk[i].usage, drdk[i].nusage,
out, strlen (drdk[i].dr));
shishi_key_done (key);
if (res != SHISHI_OK)
{
fail ("shishi_dr() entry %d failed (%s)\n",
i, shishi_error (handle));
continue;
}
if (debug)
{
printf ("DR(%s, key, usage)\n", shishi_cipher_name (drdk[i].type));
printf ("key:\n");
escapeprint (drdk[i].key, strlen (drdk[i].key));
hexprint (drdk[i].key, strlen (drdk[i].key));
puts ("");
binprint (drdk[i].key, strlen (drdk[i].key));
puts ("");
printf ("usage:\n");
escapeprint (drdk[i].usage, drdk[i].nusage);
hexprint (drdk[i].usage, drdk[i].nusage);
puts ("");
binprint (drdk[i].usage, drdk[i].nusage);
puts ("");
printf ("computed DR:\n");
escapeprint (out, strlen (drdk[i].dr));
hexprint (out, strlen (drdk[i].dr));
puts ("");
binprint (out, strlen (drdk[i].dr));
puts ("");
printf ("expected DR:\n");
escapeprint (drdk[i].dr, strlen (drdk[i].dr));
hexprint (drdk[i].dr, strlen (drdk[i].dr));
puts ("");
binprint (drdk[i].dr, strlen (drdk[i].dr));
puts ("");
}
if (memcmp (drdk[i].dr, out, strlen (drdk[i].dr)) != 0)
{
fail ("shishi_dr() entry %d failed\n", i);
if (debug)
printf ("ERROR\n");
}
else if (debug)
success ("OK\n");
res = shishi_key_from_value (handle, drdk[i].type, drdk[i].key, &key);
if (res == SHISHI_OK)
res = shishi_key_from_value (handle, drdk[i].type, NULL, &key2);
if (res == SHISHI_OK)
res = shishi_dk (handle, key, drdk[i].usage, drdk[i].nusage, key2);
shishi_key_done (key);
if (res != SHISHI_OK)
{
fail ("shishi_dk() entry %d failed (%s)\n",
i, shishi_error (handle));
continue;
}
if (debug)
{
printf ("DK(%s, key, usage)\n", shishi_cipher_name (drdk[i].type));
printf ("key:\n");
escapeprint (drdk[i].key, strlen (drdk[i].key));
hexprint (drdk[i].key, strlen (drdk[i].key));
puts ("");
binprint (drdk[i].key, strlen (drdk[i].key));
puts ("");
printf ("usage:\n");
escapeprint (drdk[i].usage, drdk[i].nusage);
hexprint (drdk[i].usage, drdk[i].nusage);
puts ("");
binprint (drdk[i].usage, drdk[i].nusage);
puts ("");
printf ("computed DK:\n");
escapeprint (shishi_key_value (key2), shishi_key_length (key2));
hexprint (shishi_key_value (key2), shishi_key_length (key2));
puts ("");
binprint (shishi_key_value (key2), shishi_key_length (key2));
puts ("");
printf ("expected DK:\n");
escapeprint (drdk[i].dk, strlen (drdk[i].dk));
hexprint (drdk[i].dk, strlen (drdk[i].dk));
puts ("");
binprint (drdk[i].dk, strlen (drdk[i].dk));
puts ("");
}
if (!(shishi_key_length (key2) == strlen (drdk[i].dk) &&
memcmp (drdk[i].dk, shishi_key_value (key2),
strlen (drdk[i].dk)) == 0))
{
fail ("shishi_dk() entry %d failed\n", i);
if (debug)
printf ("ERROR\n");
}
else if (debug)
success ("OK\n");
shishi_key_done (key2);
}
for (i = 0; i < sizeof (nfold) / sizeof (nfold[0]); i++)
{
if (debug)
printf ("N-FOLD entry %d\n", i);
res = shishi_n_fold (handle,
nfold[i].in, strlen (nfold[i].in),
out, nfold[i].n / 8);
if (res != SHISHI_OK)
{
fail ("shishi_n_fold() entry %d failed (%s)\n",
i, shishi_error (handle));
continue;
}
if (debug)
{
printf ("in:\n");
escapeprint (nfold[i].in, strlen (nfold[i].in));
hexprint (nfold[i].in, strlen (nfold[i].in));
puts ("");
binprint (nfold[i].in, strlen (nfold[i].in));
puts ("");
printf ("out:\n");
escapeprint (out, nfold[i].n / 8);
hexprint (out, nfold[i].n / 8);
puts ("");
binprint (out, nfold[i].n / 8);
puts ("");
printf ("expected out:\n");
escapeprint (nfold[i].out, nfold[i].n / 8);
hexprint (nfold[i].out, nfold[i].n / 8);
puts ("");
binprint (nfold[i].out, nfold[i].n / 8);
puts ("");
}
if (memcmp (nfold[i].out, out, nfold[i].n / 8) != 0)
{
fail ("shishi_n_fold() entry %d failed\n", i);
if (debug)
printf ("ERROR\n");
}
else if (debug)
success ("OK\n");
}
for (i = 0; i < sizeof (str2key) / sizeof (str2key[0]); i++)
{
int n_password = strlen (str2key[i].password);
int saltlen = strlen (str2key[i].salt);
int keylen = sizeof (key);
const char *name = shishi_cipher_name (str2key[i].etype);
if (debug)
printf ("STRING-TO-KEY entry %d (key type %s)\n", i,
name ? name : "NO NAME");
res = shishi_key_from_string (handle, str2key[i].etype,
str2key[i].password, n_password,
str2key[i].salt, saltlen,
str2key[i].parameters, &key);
if (res != SHISHI_OK)
{
fail ("shishi_string_to_key() entry %d failed (%s)\n",
i, shishi_error (handle));
continue;
}
if (debug)
{
printf ("password:\n");
escapeprint (str2key[i].password, n_password);
hexprint (str2key[i].password, n_password);
puts ("");
binprint (str2key[i].password, n_password);
puts ("");
printf ("salt:\n");
escapeprint (str2key[i].salt, saltlen);
hexprint (str2key[i].salt, saltlen);
puts ("");
binprint (str2key[i].salt, saltlen);
puts ("");
printf ("computed key:\n");
escapeprint (shishi_key_value (key), shishi_key_length (key));
hexprint (shishi_key_value (key), shishi_key_length (key));
puts ("");
binprint (shishi_key_value (key), shishi_key_length (key));
puts ("");
printf ("expected key:\n");
escapeprint (str2key[i].key, strlen (str2key[i].key));
hexprint (str2key[i].key, strlen (str2key[i].key));
puts ("");
binprint (str2key[i].key, strlen (str2key[i].key));
puts ("");
}
if (memcmp (str2key[i].key, shishi_key_value (key), keylen) != 0)
{
fail ("shishi_string_to_key() entry %d failed\n", i);
if (debug)
printf ("ERROR\n");
}
else if (debug)
success ("OK\n");
shishi_key_done (key);
}
for (i = 0; i < sizeof (pkcs5) / sizeof (pkcs5[0]); i++)
{
if (debug)
printf ("PKCS5 entry %d\n", i);
res = shishi_pbkdf2_sha1 (handle,
pkcs5[i].password, strlen (pkcs5[i].password),
pkcs5[i].salt, strlen (pkcs5[i].salt),
pkcs5[i].iterations, pkcs5[i].dklen, out);
if (res != SHISHI_OK)
{
fail ("PKCS5 entry %d failed fatally: %d\n", i, res);
continue;
}
if (debug)
{
printf ("password:\n");
escapeprint (pkcs5[i].password, strlen (pkcs5[i].password));
hexprint (pkcs5[i].password, strlen (pkcs5[i].password));
puts ("");
binprint (pkcs5[i].password, strlen (pkcs5[i].password));
puts ("");
printf ("salt:\n");
escapeprint (pkcs5[i].salt, strlen (pkcs5[i].salt));
hexprint (pkcs5[i].salt, strlen (pkcs5[i].salt));
puts ("");
binprint (pkcs5[i].salt, strlen (pkcs5[i].salt));
puts ("");
printf ("computed key:\n");
escapeprint (out, pkcs5[i].dklen);
hexprint (out, pkcs5[i].dklen);
puts ("");
binprint (out, pkcs5[i].dklen);
puts ("");
printf ("expected key:\n");
escapeprint (pkcs5[i].expected, pkcs5[i].dklen);
hexprint (pkcs5[i].expected, pkcs5[i].dklen);
puts ("");
binprint (pkcs5[i].expected, pkcs5[i].dklen);
puts ("");
}
if (memcmp (pkcs5[i].expected, out, pkcs5[i].dklen) != 0)
{
fail ("PKCS5 entry %d failed\n", i);
if (debug)
printf ("ERROR\n");
}
else if (debug)
success ("OK\n");
}
}
