From 122cd6818c75ad2a64b92faeb2b3809a660c66a6 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Fri, 13 Feb 2004 23:40:08 +0000 Subject: [PATCH] * t_encrypt.c (compare_results): New function. (main): Use it to check decryption results against the original plaintext. When testing with cipher state, encrypt and then decrypt (and verify) two messages. * Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB. ticket: 2229 status: resolved tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/ChangeLog | 8 ++++++ src/lib/crypto/Makefile.in | 2 +- src/lib/crypto/t_encrypt.c | 55 +++++++++++++++++++++++++++++++++----- 3 files changed, 57 insertions(+), 8 deletions(-) diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index bb9484a5d..301a5aa5b 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,11 @@ +2004-02-13 Ken Raeburn + + * t_encrypt.c (compare_results): New function. + (main): Use it to check decryption results against the original + plaintext. When testing with cipher state, encrypt and then + decrypt (and verify) two messages. + * Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB. + 2004-02-09 Ken Raeburn * t_cts.c (test_cts): Process encryption and decryption IVs diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 987945f49..2169d1358 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -180,7 +180,7 @@ check-unix:: t_nfold t_encrypt t_prng t_hmac t_pkcs5 t_nfold$(EXEEXT): t_nfold.$(OBJEXT) nfold.$(OBJEXT) $(CC_LINK) -o $@ t_nfold.$(OBJEXT) nfold.$(OBJEXT) -t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) +t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) nfold.$(OBJEXT) $(CRYPTO_DEPLIB) $(CC_LINK) -o $@ t_encrypt.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err t_prng$(EXEEXT): t_prng.$(OBJEXT) diff --git a/src/lib/crypto/t_encrypt.c b/src/lib/crypto/t_encrypt.c index 5e46cc0d9..e5f5c8a78 100644 --- a/src/lib/crypto/t_encrypt.c +++ b/src/lib/crypto/t_encrypt.c @@ -55,25 +55,51 @@ if( retval) { \ abort(); \ } else printf ("OK\n"); +int compare_results(krb5_data *d1, krb5_data *d2) +{ + if (d1->length != d2->length) { + /* Decryption can leave a little trailing cruft. + For the current cryptosystems, this can be up to 7 bytes. */ + if (d1->length + 8 <= d2->length) + return EINVAL; + if (d1->length > d2->length) + return EINVAL; + } + if (memcmp(d1->data, d2->data, d1->length)) { + return EINVAL; + } + return 0; +} + int main () { krb5_context context = 0; - krb5_data in, out, check, state; + krb5_data in, in2, out, out2, check, check2, state; int i; size_t len; - krb5_enc_data enc_out; + krb5_enc_data enc_out, enc_out2; krb5_error_code retval; krb5_keyblock *key; + in.data = "This is a test.\n"; in.length = strlen (in.data); + in2.data = "This is another test.\n"; + in2.length = strlen (in2.data); test ("Seeding random number generator", krb5_c_random_seed (context, &in)); out.data = malloc(2048); + out2.data = malloc(2048); check.data = malloc(2048); + check2.data = malloc(2048); + if (out.data == NULL || out2.data == NULL + || check.data == NULL || check2.data == NULL) + abort(); out.length = 2048; + out2.length = 2048; check.length = 2048; + check2.length = 2048; for (i = 0; interesting_enctypes[i]; i++) { krb5_enctype enctype = interesting_enctypes [i]; printf ("Testing enctype %d\n", enctype); @@ -81,8 +107,8 @@ main () krb5_init_keyblock (context, enctype, 0, &key)); test ("Generating random key", krb5_c_make_random_key (context, enctype, key)); - enc_out.ciphertext.data = out.data; - enc_out.ciphertext.length = out.length; + enc_out.ciphertext = out; + enc_out2.ciphertext = out2; /* We use an intermediate `len' because size_t may be different size than `int' */ krb5_c_encrypt_length (context, key->enctype, in.length, &len); @@ -91,14 +117,29 @@ main () krb5_c_encrypt (context, key, 7, 0, &in, &enc_out)); test ("Decrypting", krb5_c_decrypt (context, key, 7, 0, &enc_out, &check)); + test ("Comparing", compare_results (&in, &check)); + enc_out.ciphertext.length = out.length; + check.length = 2048; test ("init_state", krb5_c_init_state (context, key, 7, &state)); - test ("Encrypting with state", + test ("Encrypting with state", krb5_c_encrypt (context, key, 7, &state, &in, &enc_out)); - test ("Decrypting", - krb5_c_decrypt (context, key, 7, 0, &enc_out, &check)); + test ("Encrypting again with state", + krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2)); + test ("free_state", + krb5_c_free_state (context, key, &state)); + test ("init_state", + krb5_c_init_state (context, key, 7, &state)); + test ("Decrypting with state", + krb5_c_decrypt (context, key, 7, &state, &enc_out, &check)); + test ("Decrypting again with state", + krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2)); test ("free_state", krb5_c_free_state (context, key, &state)); + test ("Comparing", + compare_results (&in, &check)); + test ("Comparing", + compare_results (&in2, &check2)); krb5_free_keyblock (context, key); } -- 2.26.2