#ifndef MD
#define MD 5
#endif
#include "k5-int.h"
#if MD == 4
#include "rsa-md4.h"
#endif
#if MD == 5
#include "rsa-md5.h"
#endif
#include "des_int.h"
#define MD5_K5BETA_COMPAT
#define MD4_K5BETA_COMPAT
#if MD == 4
#define CONFOUNDER_LENGTH RSA_MD4_DES_CONFOUND_LENGTH
#define NEW_CHECKSUM_LENGTH NEW_RSA_MD4_DES_CKSUM_LENGTH
#define OLD_CHECKSUM_LENGTH OLD_RSA_MD4_DES_CKSUM_LENGTH
#define CHECKSUM_TYPE CKSUMTYPE_RSA_MD4_DES
#ifdef MD4_K5BETA_COMPAT
#define K5BETA_COMPAT 1
#else
#undef K5BETA_COMPAT
#endif
#define CKSUM_FUNCTION krb5_md4_crypto_sum_func
#define COMPAT_FUNCTION krb5_md4_crypto_compat_sum_func
#define VERIFY_FUNCTION krb5_md4_crypto_verify_func
#endif
#if MD == 5
#define CONFOUNDER_LENGTH RSA_MD5_DES_CONFOUND_LENGTH
#define NEW_CHECKSUM_LENGTH NEW_RSA_MD5_DES_CKSUM_LENGTH
#define OLD_CHECKSUM_LENGTH OLD_RSA_MD5_DES_CKSUM_LENGTH
#define CHECKSUM_TYPE CKSUMTYPE_RSA_MD5_DES
#ifdef MD5_K5BETA_COMPAT
#define K5BETA_COMPAT 1
#else
#undef K5BETA_COMPAT
#endif
#define CKSUM_FUNCTION krb5_md5_crypto_sum_func
#define COMPAT_FUNCTION krb5_md5_crypto_compat_sum_func
#define VERIFY_FUNCTION krb5_md5_crypto_verify_func
#endif
static void
print_checksum(text, number, message, checksum)
char *text;
int number;
char *message;
krb5_checksum *checksum;
{
int i;
printf("%s MD%d checksum(\"%s\") = ", text, number, message);
for (i=0; i<checksum->length; i++)
printf("%02x", checksum->contents[i]);
printf("\n");
}
int
main(argc, argv)
int argc;
char **argv;
{
int msgindex;
krb5_context kcontext;
krb5_encrypt_block encblock;
krb5_keyblock keyblock;
krb5_error_code kret;
krb5_checksum oldstyle_checksum;
krb5_checksum newstyle_checksum;
krb5_data pwdata;
char *pwd;
pwd = "test password";
pwdata.length = strlen(pwd);
pwdata.data = pwd;
krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
printf("mit_des_string_to_key choked with %d\n", kret);
return(kret);
}
if ((kret = mit_des_process_key(&encblock, &keyblock))) {
printf("mit_des_process_key choked with %d\n", kret);
return(kret);
}
oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
printf("cannot get memory for old style checksum\n");
return(ENOMEM);
}
newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
if (!(newstyle_checksum.contents = (krb5_octet *)
malloc(NEW_CHECKSUM_LENGTH))) {
printf("cannot get memory for new style checksum\n");
return(ENOMEM);
}
for (msgindex = 1; msgindex < argc; msgindex++) {
if ((kret = CKSUM_FUNCTION(argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length,
&newstyle_checksum))) {
printf("krb5_calculate_checksum choked with %d\n", kret);
break;
}
print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
#ifdef K5BETA_COMPAT
if ((kret = COMPAT_FUNCTION(argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length,
&oldstyle_checksum))) {
printf("old style calculate_checksum choked with %d\n", kret);
break;
}
print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
#endif
if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on new checksum choked with %d\n", kret);
break;
}
printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
#ifdef K5BETA_COMPAT
if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on old checksum choked with %d\n", kret);
break;
}
printf("Compatible checksum verify succeeded for \"%s\"\n",
argv[msgindex]);
#endif
newstyle_checksum.contents[0]++;
if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on new checksum should have choked\n");
break;
}
printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
#ifdef K5BETA_COMPAT
oldstyle_checksum.contents[0]++;
if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
argv[msgindex],
strlen(argv[msgindex]),
(krb5_pointer) keyblock.contents,
keyblock.length))) {
printf("verify on old checksum should have choked\n");
break;
}
printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
argv[msgindex]);
#endif
kret = 0;
}
if (!kret)
printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
return(kret);
}