* t_encrypt.c (compare_results): New function.

(main): Use it to check decryption results against the original plaintext.  When
testing with cipher state, encrypt and then decrypt (and verify) two messages.
* Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.

ticket: 2229
status: resolved
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index bb9484a5d748ba5198c482754cc1d9b94a13e4a6..301a5aa5b152d8d07ce3d3a61d5b8bc634ddcc2d 100644 (file)
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,11 @@
+2004-02-13  Ken Raeburn  <raeburn@mit.edu>
+
+       * t_encrypt.c (compare_results): New function.
+       (main): Use it to check decryption results against the original
+       plaintext.  When testing with cipher state, encrypt and then
+       decrypt (and verify) two messages.
+       * Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.
+
 2004-02-09  Ken Raeburn  <raeburn@mit.edu>
 
        * t_cts.c (test_cts): Process encryption and decryption IVs

diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in
index 987945f4928eeb6104f9a623447e31aea82abb76..2169d135856e478a9fb987333a4df72a765abf47 100644 (file)
--- a/src/lib/crypto/Makefile.in
+++ b/src/lib/crypto/Makefile.in
@@ -180,7 +180,7 @@ check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5
 t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT)
        $(CC_LINK) -o $@ t_nfold.$(OBJEXT) nfold.$(OBJEXT)
 
-t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT)
+t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB)
        $(CC_LINK) -o $@ t_encrypt.$(OBJEXT)  -lkrb5 -lk5crypto -lcom_err
 
 t_prng$(EXEEXT): t_prng.$(OBJEXT) 

diff --git a/src/lib/crypto/t_encrypt.c b/src/lib/crypto/t_encrypt.c
index 5e46cc0d90719e8911e9b9d5fd8ad7b9b3c0880c..e5f5c8a78563532786a5a4549a2faae3fa34af39 100644 (file)
--- a/src/lib/crypto/t_encrypt.c
+++ b/src/lib/crypto/t_encrypt.c
@@ -55,25 +55,51 @@ if( retval) { \
   abort(); \
 } else printf ("OK\n");
   
+int compare_results(krb5_data *d1, krb5_data *d2)
+{
+    if (d1->length != d2->length) {
+       /* Decryption can leave a little trailing cruft.
+          For the current cryptosystems, this can be up to 7 bytes.  */
+       if (d1->length + 8 <= d2->length)
+           return EINVAL;
+       if (d1->length > d2->length)
+           return EINVAL;
+    }
+    if (memcmp(d1->data, d2->data, d1->length)) {
+       return EINVAL;
+    }
+    return 0;
+}
+
 int
 main ()
 {
   krb5_context context = 0;
-  krb5_data  in, out, check, state;
+  krb5_data  in, in2, out, out2, check, check2, state;
   int i;
   size_t len;
-  krb5_enc_data enc_out;
+  krb5_enc_data enc_out, enc_out2;
   krb5_error_code retval;
   krb5_keyblock *key;
+
   in.data = "This is a test.\n";
   in.length = strlen (in.data);
+  in2.data = "This is another test.\n";
+  in2.length = strlen (in2.data);
 
   test ("Seeding random number generator",
        krb5_c_random_seed (context, &in));
   out.data = malloc(2048);
+  out2.data = malloc(2048);
   check.data = malloc(2048);
+  check2.data = malloc(2048);
+  if (out.data == NULL || out2.data == NULL
+      || check.data == NULL || check2.data == NULL)
+      abort();
   out.length = 2048;
+  out2.length = 2048;
   check.length = 2048;
+  check2.length = 2048;
   for (i = 0; interesting_enctypes[i]; i++) {
     krb5_enctype enctype = interesting_enctypes [i];
     printf ("Testing enctype %d\n", enctype);
@@ -81,8 +107,8 @@ main ()
          krb5_init_keyblock (context, enctype, 0, &key));
     test ("Generating random key",
          krb5_c_make_random_key (context, enctype, key));
-    enc_out.ciphertext.data = out.data;
-    enc_out.ciphertext.length = out.length;
+    enc_out.ciphertext = out;
+    enc_out2.ciphertext = out2;
     /* We use an intermediate `len' because size_t may be different size 
        than `int' */
     krb5_c_encrypt_length (context, key->enctype, in.length, &len);
@@ -91,14 +117,29 @@ main ()
          krb5_c_encrypt (context, key, 7, 0, &in, &enc_out));
     test ("Decrypting",
          krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
+    enc_out.ciphertext.length = out.length;
+    check.length = 2048;
     test ("init_state",
          krb5_c_init_state (context, key, 7, &state));
-        test ("Encrypting with state",
+    test ("Encrypting with state",
          krb5_c_encrypt (context, key, 7, &state, &in, &enc_out));
-    test ("Decrypting",
-         krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Encrypting again with state",
+         krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2));
+    test ("free_state",
+         krb5_c_free_state (context, key, &state));
+    test ("init_state",
+         krb5_c_init_state (context, key, 7, &state));
+    test ("Decrypting with state",
+         krb5_c_decrypt (context, key, 7, &state, &enc_out, &check));
+    test ("Decrypting again with state",
+         krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2));
     test ("free_state",
          krb5_c_free_state (context, key, &state));
+    test ("Comparing",
+         compare_results (&in, &check));
+    test ("Comparing",
+         compare_results (&in2, &check2));
     krb5_free_keyblock (context, key);
   }