Extend t_encrypt to test krb5_k_encrypt and related functions as well

as the krb5_c variants.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/enc-perf@22855 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c
index 974dc585b7ac8e8cd1e1cb1165f59e80780b2860..f16203f4604f3534893e833a9be9fe54d6be1e46 100644 (file)
--- a/src/lib/crypto/crypto_tests/t_encrypt.c
+++ b/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -78,13 +78,14 @@ int
 main ()
 {
   krb5_context context = 0;
-  krb5_data  in, in2, out, out2, check, check2, state;
+  krb5_data  in, in2, out, out2, check, check2, state, signdata;
   krb5_crypto_iov iov[5];
-  int i;
+  int i, j, pos;
+  unsigned int dummy;
   size_t len;
   krb5_enc_data enc_out, enc_out2;
-  krb5_error_code retval;
-  krb5_keyblock *key;
+  krb5_keyblock *keyblock;
+  krb5_key key;
 
   memset(iov, 0, sizeof(iov));
 
@@ -95,6 +96,8 @@ main ()
 
   test ("Seeding random number generator",
        krb5_c_random_seed (context, &in));
+
+  /* Set up output buffers. */
   out.data = malloc(2048);
   out2.data = malloc(2048);
   check.data = malloc(2048);
@@ -106,38 +109,66 @@ main ()
   out2.length = 2048;
   check.length = 2048;
   check2.length = 2048;
+
   for (i = 0; interesting_enctypes[i]; i++) {
     krb5_enctype enctype = interesting_enctypes [i];
+
     printf ("Testing enctype %d\n", enctype);
     test ("Initializing a keyblock",
-         krb5_init_keyblock (context, enctype, 0, &key));
-    test ("Generating random key",
-         krb5_c_make_random_key (context, enctype, key));
+         krb5_init_keyblock (context, enctype, 0, &keyblock));
+    test ("Generating random keyblock",
+         krb5_c_make_random_key (context, enctype, keyblock));
+    test ("Creating opaque key from keyblock",
+         krb5_k_create_key (context, keyblock, &key));
+
     enc_out.ciphertext = out;
     enc_out2.ciphertext = out2;
     /* We use an intermediate `len' because size_t may be different size 
        than `int' */
-    krb5_c_encrypt_length (context, key->enctype, in.length, &len);
+    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
     enc_out.ciphertext.length = len;
-    test ("Encrypting",
-         krb5_c_encrypt (context, key, 7, 0, &in, &enc_out));
+
+    /* Encrypt, decrypt, and see if we got the plaintext back again. */
+    test ("Encrypting (c)",
+         krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
     test ("Decrypting",
-         krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+         krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
     test ("Comparing", compare_results (&in, &check));
-    if ( krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &len) == 0 ){
-       /* We support iov/aead*/
-       int j, pos;
-       krb5_data signdata;
-       signdata.data = (char *) "This should be signed";
-       signdata.length = strlen(signdata.data);
+
+    /* Try again with the opaque-key-using variants. */
+    memset(out.data, 0, out.length);
+    test ("Encrypting (k)",
+         krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+    test ("Decrypting",
+         krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
+
+    /* Check if this enctype supports IOV encryption. */
+    if ( krb5_c_crypto_length(context, keyblock->enctype,
+                             KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
+       /* Set up iovecs for stream decryption. */
+       memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
        iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
+       iov[0].data.data = out2.data;
+       iov[0].data.length = enc_out.ciphertext.length;
        iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
-       iov[0].data = enc_out.ciphertext;
-       iov[1].data = out;
-       test("IOV stream decrypting",
-            krb5_c_decrypt_iov( context, key, 7, 0, iov, 2));
+
+       /* Decrypt the encrypted data from above and check it. */
+       test("IOV stream decrypting (c)",
+            krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
        test("Comparing results",
             compare_results(&in, &iov[1].data));
+
+       /* Try again with the opaque-key-using variant. */
+       memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+       test("IOV stream decrypting (k)",
+            krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
+       test("Comparing results",
+            compare_results(&in, &iov[1].data));
+
+       /* Set up iovecs for AEAD encryption. */
+       signdata.data = (char *) "This should be signed";
+       signdata.length = strlen(signdata.data);
        iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
        iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
        iov[1].data = in; /*We'll need to copy memory before encrypt*/
@@ -145,8 +176,10 @@ main ()
        iov[2].data = signdata;
        iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
        iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
+
+       /* "Allocate" data for the iovec buffers from the "out" buffer. */
        test("Setting up iov lengths",
-            krb5_c_crypto_length_iov(context, key->enctype, iov, 5));
+            krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
        for (j=0,pos=0; j <= 4; j++ ){
            if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
                continue;
@@ -155,53 +188,67 @@ main ()
        }
        assert (iov[1].data.length == in.length);
        memcpy(iov[1].data.data, in.data, in.length);
-       test("iov encrypting",
-            krb5_c_encrypt_iov(context, key, 7, 0, iov, 5));
+
+       /* Encrypt and decrypt in place, and check the result. */
+       test("iov encrypting (c)",
+            krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
        assert(iov[1].data.length == in.length);
        test("iov decrypting",
-            krb5_c_decrypt_iov(context, key, 7, 0, iov, 5));
+            krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
        test("Comparing results",
             compare_results(&in, &iov[1].data));
                       
+       /* Try again with opaque-key-using variants. */
+       test("iov encrypting (k)",
+            krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
+       assert(iov[1].data.length == in.length);
+       test("iov decrypting",
+            krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
+       test("Comparing results",
+            compare_results(&in, &iov[1].data));
     }
+
     enc_out.ciphertext.length = out.length;
     check.length = 2048;
+
     test ("init_state",
-         krb5_c_init_state (context, key, 7, &state));
+         krb5_c_init_state (context, keyblock, 7, &state));
     test ("Encrypting with state",
-         krb5_c_encrypt (context, key, 7, &state, &in, &enc_out));
+         krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
     test ("Encrypting again with state",
-         krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2));
+         krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
     test ("free_state",
-         krb5_c_free_state (context, key, &state));
+         krb5_c_free_state (context, keyblock, &state));
     test ("init_state",
-         krb5_c_init_state (context, key, 7, &state));
+         krb5_c_init_state (context, keyblock, 7, &state));
     test ("Decrypting with state",
-         krb5_c_decrypt (context, key, 7, &state, &enc_out, &check));
+         krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
     test ("Decrypting again with state",
-         krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2));
+         krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
     test ("free_state",
-         krb5_c_free_state (context, key, &state));
+         krb5_c_free_state (context, keyblock, &state));
     test ("Comparing",
          compare_results (&in, &check));
     test ("Comparing",
          compare_results (&in2, &check2));
-    krb5_free_keyblock (context, key);
+
+    krb5_free_keyblock (context, keyblock);
+    krb5_k_free_key (context, key);
   }
 
   /* Test the RC4 decrypt fallback from key usage 9 to 8. */
   test ("Initializing an RC4 keyblock",
-       krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &key));
+       krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
   test ("Generating random RC4 key",
-       krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, key));
+       krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
   enc_out.ciphertext = out;
-  krb5_c_encrypt_length (context, key->enctype, in.length, &len);
+  krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
   enc_out.ciphertext.length = len;
   check.length = 2048;
   test ("Encrypting with RC4 key usage 8",
-       krb5_c_encrypt (context, key, 8, 0, &in, &enc_out));
+       krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
   test ("Decrypting with RC4 key usage 9",
-       krb5_c_decrypt (context, key, 9, 0, &enc_out, &check));
+       krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
   test ("Comparing", compare_results (&in, &check));
 
   free(out.data);