/** * shishi_encticketpart_get_key: * @handle: shishi handle as allocated by shishi_init(). * @encticketpart: input EncTicketPart variable. * @key: newly allocated key. * * Extract the session key in the Ticket. * * Return value: Returns %SHISHI_OK iff successful. **/ int shishi_encticketpart_get_key (Shishi * handle, Shishi_asn1 encticketpart, Shishi_key ** key) { int res; char *buf; size_t buflen; int32_t keytype; res = shishi_asn1_read_int32 (handle, encticketpart, "key.keytype", &keytype); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, encticketpart, "key.keyvalue", &buf, &buflen); if (res != SHISHI_OK) return res; res = shishi_key_from_value (handle, keytype, buf, key); free (buf); if (res != SHISHI_OK) return res; return SHISHI_OK; }
/** * shishi_encapreppart_get_key: * @handle: shishi handle as allocated by shishi_init(). * @encapreppart: input EncAPRepPart variable. * @key: newly allocated key. * * Extract the subkey from the encrypted AP-REP part. * * Return value: Returns SHISHI_OK iff succesful. **/ int shishi_encapreppart_get_key (Shishi * handle, Shishi_asn1 encapreppart, Shishi_key ** key) { int res; char *buf; size_t buflen; int32_t keytype; res = shishi_asn1_read_int32 (handle, encapreppart, "subkey.keytype", &keytype); if (res != SHISHI_OK) return res; res = shishi_asn1_read (handle, encapreppart, "subkey.keyvalue", &buf, &buflen); if (res != SHISHI_OK) return res; if (shishi_cipher_keylen (keytype) != buflen) return SHISHI_ENCAPREPPART_BAD_KEYTYPE; res = shishi_key_from_value (handle, keytype, buf, key); free (buf); if (res != SHISHI_OK) return res; return SHISHI_OK; }
void test (Shishi * handle) { Shishi_key *key, *key2; char out[BUFSIZ]; size_t i; int res; if (debug) shishi_cfg (handle, strdup ("verbose-crypto,verbose-crypto-noise")); for (i = 0; i < sizeof (drdk) / sizeof (drdk[0]); i++) { if (debug) printf ("DR entry %d\n", i); res = shishi_key_from_value (handle, drdk[i].type, drdk[i].key, &key); if (res == SHISHI_OK) res = shishi_dr (handle, key, drdk[i].usage, drdk[i].nusage, out, strlen (drdk[i].dr)); shishi_key_done (key); if (res != SHISHI_OK) { fail ("shishi_dr() entry %d failed (%s)\n", i, shishi_error (handle)); continue; } if (debug) { printf ("DR(%s, key, usage)\n", shishi_cipher_name (drdk[i].type)); printf ("key:\n"); escapeprint (drdk[i].key, strlen (drdk[i].key)); hexprint (drdk[i].key, strlen (drdk[i].key)); puts (""); binprint (drdk[i].key, strlen (drdk[i].key)); puts (""); printf ("usage:\n"); escapeprint (drdk[i].usage, drdk[i].nusage); hexprint (drdk[i].usage, drdk[i].nusage); puts (""); binprint (drdk[i].usage, drdk[i].nusage); puts (""); printf ("computed DR:\n"); escapeprint (out, strlen (drdk[i].dr)); hexprint (out, strlen (drdk[i].dr)); puts (""); binprint (out, strlen (drdk[i].dr)); puts (""); printf ("expected DR:\n"); escapeprint (drdk[i].dr, strlen (drdk[i].dr)); hexprint (drdk[i].dr, strlen (drdk[i].dr)); puts (""); binprint (drdk[i].dr, strlen (drdk[i].dr)); puts (""); } if (memcmp (drdk[i].dr, out, strlen (drdk[i].dr)) != 0) { fail ("shishi_dr() entry %d failed\n", i); if (debug) printf ("ERROR\n"); } else if (debug) success ("OK\n"); res = shishi_key_from_value (handle, drdk[i].type, drdk[i].key, &key); if (res == SHISHI_OK) res = shishi_key_from_value (handle, drdk[i].type, NULL, &key2); if (res == SHISHI_OK) res = shishi_dk (handle, key, drdk[i].usage, drdk[i].nusage, key2); shishi_key_done (key); if (res != SHISHI_OK) { fail ("shishi_dk() entry %d failed (%s)\n", i, shishi_error (handle)); continue; } if (debug) { printf ("DK(%s, key, usage)\n", shishi_cipher_name (drdk[i].type)); printf ("key:\n"); escapeprint (drdk[i].key, strlen (drdk[i].key)); hexprint (drdk[i].key, strlen (drdk[i].key)); puts (""); binprint (drdk[i].key, strlen (drdk[i].key)); puts (""); printf ("usage:\n"); escapeprint (drdk[i].usage, drdk[i].nusage); hexprint (drdk[i].usage, drdk[i].nusage); puts (""); binprint (drdk[i].usage, drdk[i].nusage); puts (""); printf ("computed DK:\n"); escapeprint (shishi_key_value (key2), shishi_key_length (key2)); hexprint (shishi_key_value (key2), shishi_key_length (key2)); puts (""); binprint (shishi_key_value (key2), shishi_key_length (key2)); puts (""); printf ("expected DK:\n"); escapeprint (drdk[i].dk, strlen (drdk[i].dk)); hexprint (drdk[i].dk, strlen (drdk[i].dk)); puts (""); binprint (drdk[i].dk, strlen (drdk[i].dk)); puts (""); } if (!(shishi_key_length (key2) == strlen (drdk[i].dk) && memcmp (drdk[i].dk, shishi_key_value (key2), strlen (drdk[i].dk)) == 0)) { fail ("shishi_dk() entry %d failed\n", i); if (debug) printf ("ERROR\n"); } else if (debug) success ("OK\n"); shishi_key_done (key2); } for (i = 0; i < sizeof (nfold) / sizeof (nfold[0]); i++) { if (debug) printf ("N-FOLD entry %d\n", i); res = shishi_n_fold (handle, nfold[i].in, strlen (nfold[i].in), out, nfold[i].n / 8); if (res != SHISHI_OK) { fail ("shishi_n_fold() entry %d failed (%s)\n", i, shishi_error (handle)); continue; } if (debug) { printf ("in:\n"); escapeprint (nfold[i].in, strlen (nfold[i].in)); hexprint (nfold[i].in, strlen (nfold[i].in)); puts (""); binprint (nfold[i].in, strlen (nfold[i].in)); puts (""); printf ("out:\n"); escapeprint (out, nfold[i].n / 8); hexprint (out, nfold[i].n / 8); puts (""); binprint (out, nfold[i].n / 8); puts (""); printf ("expected out:\n"); escapeprint (nfold[i].out, nfold[i].n / 8); hexprint (nfold[i].out, nfold[i].n / 8); puts (""); binprint (nfold[i].out, nfold[i].n / 8); puts (""); } if (memcmp (nfold[i].out, out, nfold[i].n / 8) != 0) { fail ("shishi_n_fold() entry %d failed\n", i); if (debug) printf ("ERROR\n"); } else if (debug) success ("OK\n"); } for (i = 0; i < sizeof (str2key) / sizeof (str2key[0]); i++) { int n_password = strlen (str2key[i].password); int saltlen = strlen (str2key[i].salt); int keylen = sizeof (key); const char *name = shishi_cipher_name (str2key[i].etype); if (debug) printf ("STRING-TO-KEY entry %d (key type %s)\n", i, name ? name : "NO NAME"); res = shishi_key_from_string (handle, str2key[i].etype, str2key[i].password, n_password, str2key[i].salt, saltlen, str2key[i].parameters, &key); if (res != SHISHI_OK) { fail ("shishi_string_to_key() entry %d failed (%s)\n", i, shishi_error (handle)); continue; } if (debug) { printf ("password:\n"); escapeprint (str2key[i].password, n_password); hexprint (str2key[i].password, n_password); puts (""); binprint (str2key[i].password, n_password); puts (""); printf ("salt:\n"); escapeprint (str2key[i].salt, saltlen); hexprint (str2key[i].salt, saltlen); puts (""); binprint (str2key[i].salt, saltlen); puts (""); printf ("computed key:\n"); escapeprint (shishi_key_value (key), shishi_key_length (key)); hexprint (shishi_key_value (key), shishi_key_length (key)); puts (""); binprint (shishi_key_value (key), shishi_key_length (key)); puts (""); printf ("expected key:\n"); escapeprint (str2key[i].key, strlen (str2key[i].key)); hexprint (str2key[i].key, strlen (str2key[i].key)); puts (""); binprint (str2key[i].key, strlen (str2key[i].key)); puts (""); } if (memcmp (str2key[i].key, shishi_key_value (key), keylen) != 0) { fail ("shishi_string_to_key() entry %d failed\n", i); if (debug) printf ("ERROR\n"); } else if (debug) success ("OK\n"); shishi_key_done (key); } for (i = 0; i < sizeof (pkcs5) / sizeof (pkcs5[0]); i++) { if (debug) printf ("PKCS5 entry %d\n", i); res = shishi_pbkdf2_sha1 (handle, pkcs5[i].password, strlen (pkcs5[i].password), pkcs5[i].salt, strlen (pkcs5[i].salt), pkcs5[i].iterations, pkcs5[i].dklen, out); if (res != SHISHI_OK) { fail ("PKCS5 entry %d failed fatally: %d\n", i, res); continue; } if (debug) { printf ("password:\n"); escapeprint (pkcs5[i].password, strlen (pkcs5[i].password)); hexprint (pkcs5[i].password, strlen (pkcs5[i].password)); puts (""); binprint (pkcs5[i].password, strlen (pkcs5[i].password)); puts (""); printf ("salt:\n"); escapeprint (pkcs5[i].salt, strlen (pkcs5[i].salt)); hexprint (pkcs5[i].salt, strlen (pkcs5[i].salt)); puts (""); binprint (pkcs5[i].salt, strlen (pkcs5[i].salt)); puts (""); printf ("computed key:\n"); escapeprint (out, pkcs5[i].dklen); hexprint (out, pkcs5[i].dklen); puts (""); binprint (out, pkcs5[i].dklen); puts (""); printf ("expected key:\n"); escapeprint (pkcs5[i].expected, pkcs5[i].dklen); hexprint (pkcs5[i].expected, pkcs5[i].dklen); puts (""); binprint (pkcs5[i].expected, pkcs5[i].dklen); puts (""); } if (memcmp (pkcs5[i].expected, out, pkcs5[i].dklen) != 0) { fail ("PKCS5 entry %d failed\n", i); if (debug) printf ("ERROR\n"); } else if (debug) success ("OK\n"); } }