Backport test suite portion of r23361 from trunk

 ------------------------------------------------------------------------
 r23361 | tlyu | 2009-11-25 22:54:59 -0500 (Wed, 25 Nov 2009) | 15 lines

 ticket: 6584
 target_version: 1.7.1
 tags: pullup

 Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
 correctly for these checksums.

 Fix regression in MD4-DES and MD5-DES keyed checksums.  The original
 key was being used for the DES encryption, not the "xorkey".  (key
 with each byte XORed with 0xf0)

 Add a test case that will catch future regressions of this sort, by
 including a verification of a "known-good" checksum (derived from a
 known-to-be-interoperable version of the implementation).

ticket: 6584
version_fixed: 1.7.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23642 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/keyhash_provider/Makefile.in b/src/lib/crypto/keyhash_provider/Makefile.in
index 542dfe3298259f1cc981ba03ec39b38a3f742587..d6c8f63709dc3ae4aee3c6631f404b56269e377a 100644 (file)
--- a/src/lib/crypto/keyhash_provider/Makefile.in
+++ b/src/lib/crypto/keyhash_provider/Makefile.in
@@ -43,8 +43,8 @@ t_cksum5: t_cksum5.o $(CRYPTO_DEPLIB)
        $(CC_LINK) -o t_cksum5 t_cksum5.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS)
 
 check-unix:: t_cksum4 t_cksum5
-       $(RUN_SETUP) $(VALGRIND) $(C)t_cksum4 "this is a test"
-       $(RUN_SETUP) $(VALGRIND) $(C)t_cksum5 "this is a test"
+       $(RUN_SETUP) $(VALGRIND) $(C)t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
+       $(RUN_SETUP) $(VALGRIND) $(C)t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
 
 clean-unix::
        $(RM) t_cksum4 t_cksum4.o

diff --git a/src/lib/crypto/keyhash_provider/t_cksum.c b/src/lib/crypto/keyhash_provider/t_cksum.c
index 98187f7f162ccd780c8f9781c7a6987415bb9677..24fd71917a37c603104f7eeea8ebda302076775c 100644 (file)
--- a/src/lib/crypto/keyhash_provider/t_cksum.c
+++ b/src/lib/crypto/keyhash_provider/t_cksum.c
@@ -59,6 +59,27 @@ print_checksum(text, number, message, checksum)
   printf("\n");
 }
 
+static void
+parse_hexstring(const char *s, krb5_data *dat)
+{
+  size_t i, len;
+  unsigned int byte;
+  unsigned char *cp;
+
+  len = strlen(s);
+  cp = malloc(len / 2);
+  dat->data = (char *)cp;
+  if (cp == NULL) {
+    dat->length = 0;
+    return;
+  }
+  dat->length = len / 2;
+  for (i = 0; i + 1 < len; i += 2) {
+    sscanf(&s[i], "%2x", &byte);
+    *cp++ = byte;
+  }
+}
+
 /*
  * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
  * checksums.
@@ -76,7 +97,7 @@ main(argc, argv)
   size_t               length;
   krb5_keyblock                keyblock;
   krb5_error_code      kret=0;
-  krb5_data            plaintext, newstyle_checksum;
+  krb5_data            plaintext, newstyle_checksum, knowncksum_dat;
 
   /* this is a terrible seed, but that's ok for the test. */
 
@@ -98,7 +119,7 @@ main(argc, argv)
     printf("cannot get memory for new style checksum\n");
     return(ENOMEM);
   }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
+  for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
     plaintext.length = strlen(argv[msgindex]);
     plaintext.data = argv[msgindex];
 
@@ -115,6 +136,7 @@ main(argc, argv)
     }
     if (!valid) {
       printf("verify on new checksum failed\n");
+      kret = 1;
       break;
     }
     printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
@@ -127,13 +149,32 @@ main(argc, argv)
     }
     if (valid) {
       printf("verify on new checksum succeeded, but shouldn't have\n");
+      kret = 1;
       break;
     }
     printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+    parse_hexstring(argv[msgindex+1], &knowncksum_dat);
+    if (knowncksum_dat.data == NULL) {
+      printf("parse_hexstring failed\n");
+      kret = 1;
+      break;
+    }
+    if ((kret = (*(khp.verify))(&keyblock, 0, 0, &plaintext, &knowncksum_dat,
+                               &valid))) {
+      printf("verify on known checksum choked with %d\n", kret);
+      break;
+    }
+    if (!valid) {
+      printf("verify on known checksum failed\n");
+      kret = 1;
+      break;
+    }
+    printf("Verify on known checksum succeeded\n");
     kret = 0;
   }
   free(newstyle_checksum.data);
   if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+    printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
+
   return(kret);
 }