From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 13 Feb 2004 23:40:08 +0000 (+0000)
Subject: * t_encrypt.c (compare_results): New function.
X-Git-Tag: krb5-1.4-beta1~616
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=122cd6818c75ad2a64b92faeb2b3809a660c66a6;p=krb5.git

* t_encrypt.c (compare_results): New function.
(main): Use it to check decryption results against the original plaintext.  When
testing with cipher state, encrypt and then decrypt (and verify) two messages.
* Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.

ticket: 2229
status: resolved
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index bb9484a5d..301a5aa5b 100644
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,11 @@
+2004-02-13  Ken Raeburn  <raeburn@mit.edu>
+
+	* t_encrypt.c (compare_results): New function.
+	(main): Use it to check decryption results against the original
+	plaintext.  When testing with cipher state, encrypt and then
+	decrypt (and verify) two messages.
+	* Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.
+
 2004-02-09  Ken Raeburn  <raeburn@mit.edu>
 
 	* t_cts.c (test_cts): Process encryption and decryption IVs
diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in
index 987945f49..2169d1358 100644
--- a/src/lib/crypto/Makefile.in
+++ b/src/lib/crypto/Makefile.in
@@ -180,7 +180,7 @@ check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5
 t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT)
 	$(CC_LINK) -o $@ t_nfold.$(OBJEXT) nfold.$(OBJEXT)
 
-t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT)
+t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB)
 	$(CC_LINK) -o $@ t_encrypt.$(OBJEXT)  -lkrb5 -lk5crypto -lcom_err
 
 t_prng$(EXEEXT): t_prng.$(OBJEXT) 
diff --git a/src/lib/crypto/t_encrypt.c b/src/lib/crypto/t_encrypt.c
index 5e46cc0d9..e5f5c8a78 100644
--- a/src/lib/crypto/t_encrypt.c
+++ b/src/lib/crypto/t_encrypt.c
@@ -55,25 +55,51 @@ if( retval) { \
   abort(); \
 } else printf ("OK\n");
   
+int compare_results(krb5_data *d1, krb5_data *d2)
+{
+    if (d1->length != d2->length) {
+	/* Decryption can leave a little trailing cruft.
+	   For the current cryptosystems, this can be up to 7 bytes.  */
+	if (d1->length + 8 <= d2->length)
+	    return EINVAL;
+	if (d1->length > d2->length)
+	    return EINVAL;
+    }
+    if (memcmp(d1->data, d2->data, d1->length)) {
+	return EINVAL;
+    }
+    return 0;
+}
+
 int
 main ()
 {
   krb5_context context = 0;
-  krb5_data  in, out, check, state;
+  krb5_data  in, in2, out, out2, check, check2, state;
   int i;
   size_t len;
-  krb5_enc_data enc_out;
+  krb5_enc_data enc_out, enc_out2;
   krb5_error_code retval;
   krb5_keyblock *key;
+
   in.data = "This is a test.\n";
   in.length = strlen (in.data);
+  in2.data = "This is another test.\n";
+  in2.length = strlen (in2.data);
 
   test ("Seeding random number generator",
 	krb5_c_random_seed (context, &in));
   out.data = malloc(2048);
+  out2.data = malloc(2048);
   check.data = malloc(2048);
+  check2.data = malloc(2048);
+  if (out.data == NULL || out2.data == NULL
+      || check.data == NULL || check2.data == NULL)
+      abort();
   out.length = 2048;
+  out2.length = 2048;
   check.length = 2048;
+  check2.length = 2048;
   for (i = 0; interesting_enctypes[i]; i++) {
     krb5_enctype enctype = interesting_enctypes [i];
     printf ("Testing enctype %d\n", enctype);
@@ -81,8 +107,8 @@ main ()
 	  krb5_init_keyblock (context, enctype, 0, &key));
     test ("Generating random key",
 	  krb5_c_make_random_key (context, enctype, key));
-    enc_out.ciphertext.data = out.data;
-    enc_out.ciphertext.length = out.length;
+    enc_out.ciphertext = out;
+    enc_out2.ciphertext = out2;
     /* We use an intermediate `len' because size_t may be different size 
        than `int' */
     krb5_c_encrypt_length (context, key->enctype, in.length, &len);
@@ -91,14 +117,29 @@ main ()
 	  krb5_c_encrypt (context, key, 7, 0, &in, &enc_out));
     test ("Decrypting",
 	  krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
+    enc_out.ciphertext.length = out.length;
+    check.length = 2048;
     test ("init_state",
 	  krb5_c_init_state (context, key, 7, &state));
-        test ("Encrypting with state",
+    test ("Encrypting with state",
 	  krb5_c_encrypt (context, key, 7, &state, &in, &enc_out));
-    test ("Decrypting",
-	  krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Encrypting again with state",
+	  krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2));
+    test ("free_state",
+	  krb5_c_free_state (context, key, &state));
+    test ("init_state",
+	  krb5_c_init_state (context, key, 7, &state));
+    test ("Decrypting with state",
+	  krb5_c_decrypt (context, key, 7, &state, &enc_out, &check));
+    test ("Decrypting again with state",
+	  krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2));
     test ("free_state",
 	  krb5_c_free_state (context, key, &state));
+    test ("Comparing",
+	  compare_results (&in, &check));
+    test ("Comparing",
+	  compare_results (&in2, &check2));
     krb5_free_keyblock (context, key);
   }