From a9d409c735676299c91cfcb23963f3e8ce2242ad Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 12 Jan 2010 03:42:15 +0000 Subject: [PATCH] Backport test suite portion of r23361 from trunk ------------------------------------------------------------------------ r23361 | tlyu | 2009-11-25 22:54:59 -0500 (Wed, 25 Nov 2009) | 15 lines ticket: 6584 target_version: 1.7.1 tags: pullup Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved correctly for these checksums. Fix regression in MD4-DES and MD5-DES keyed checksums. The original key was being used for the DES encryption, not the "xorkey". (key with each byte XORed with 0xf0) Add a test case that will catch future regressions of this sort, by including a verification of a "known-good" checksum (derived from a known-to-be-interoperable version of the implementation). ticket: 6584 version_fixed: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23642 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/keyhash_provider/Makefile.in | 4 +- src/lib/crypto/keyhash_provider/t_cksum.c | 47 +++++++++++++++++++-- 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/src/lib/crypto/keyhash_provider/Makefile.in b/src/lib/crypto/keyhash_provider/Makefile.in index 542dfe329..d6c8f6370 100644 --- a/src/lib/crypto/keyhash_provider/Makefile.in +++ b/src/lib/crypto/keyhash_provider/Makefile.in @@ -43,8 +43,8 @@ t_cksum5: t_cksum5.o $(CRYPTO_DEPLIB) $(CC_LINK) -o t_cksum5 t_cksum5.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS) check-unix:: t_cksum4 t_cksum5 - $(RUN_SETUP) $(VALGRIND) $(C)t_cksum4 "this is a test" - $(RUN_SETUP) $(VALGRIND) $(C)t_cksum5 "this is a test" + $(RUN_SETUP) $(VALGRIND) $(C)t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835 + $(RUN_SETUP) $(VALGRIND) $(C)t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53 clean-unix:: $(RM) t_cksum4 t_cksum4.o diff --git a/src/lib/crypto/keyhash_provider/t_cksum.c b/src/lib/crypto/keyhash_provider/t_cksum.c index 98187f7f1..24fd71917 100644 --- a/src/lib/crypto/keyhash_provider/t_cksum.c +++ b/src/lib/crypto/keyhash_provider/t_cksum.c @@ -59,6 +59,27 @@ print_checksum(text, number, message, checksum) printf("\n"); } +static void +parse_hexstring(const char *s, krb5_data *dat) +{ + size_t i, len; + unsigned int byte; + unsigned char *cp; + + len = strlen(s); + cp = malloc(len / 2); + dat->data = (char *)cp; + if (cp == NULL) { + dat->length = 0; + return; + } + dat->length = len / 2; + for (i = 0; i + 1 < len; i += 2) { + sscanf(&s[i], "%2x", &byte); + *cp++ = byte; + } +} + /* * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES * checksums. @@ -76,7 +97,7 @@ main(argc, argv) size_t length; krb5_keyblock keyblock; krb5_error_code kret=0; - krb5_data plaintext, newstyle_checksum; + krb5_data plaintext, newstyle_checksum, knowncksum_dat; /* this is a terrible seed, but that's ok for the test. */ @@ -98,7 +119,7 @@ main(argc, argv) printf("cannot get memory for new style checksum\n"); return(ENOMEM); } - for (msgindex = 1; msgindex < argc; msgindex++) { + for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) { plaintext.length = strlen(argv[msgindex]); plaintext.data = argv[msgindex]; @@ -115,6 +136,7 @@ main(argc, argv) } if (!valid) { printf("verify on new checksum failed\n"); + kret = 1; break; } printf("Verify succeeded for \"%s\"\n", argv[msgindex]); @@ -127,13 +149,32 @@ main(argc, argv) } if (valid) { printf("verify on new checksum succeeded, but shouldn't have\n"); + kret = 1; break; } printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]); + parse_hexstring(argv[msgindex+1], &knowncksum_dat); + if (knowncksum_dat.data == NULL) { + printf("parse_hexstring failed\n"); + kret = 1; + break; + } + if ((kret = (*(khp.verify))(&keyblock, 0, 0, &plaintext, &knowncksum_dat, + &valid))) { + printf("verify on known checksum choked with %d\n", kret); + break; + } + if (!valid) { + printf("verify on known checksum failed\n"); + kret = 1; + break; + } + printf("Verify on known checksum succeeded\n"); kret = 0; } free(newstyle_checksum.data); if (!kret) - printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD); + printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD); + return(kret); } -- 2.26.2