From: Greg Hudson Date: Tue, 6 Oct 2009 15:40:28 +0000 (+0000) Subject: Extend t_encrypt to test krb5_k_encrypt and related functions as well X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc49391247f48622214e33f522e90febface0efe;p=thirdparty%2Fkrb5.git Extend t_encrypt to test krb5_k_encrypt and related functions as well as the krb5_c variants. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/enc-perf@22855 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index 974dc585b7..f16203f460 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -78,13 +78,14 @@ int main () { krb5_context context = 0; - krb5_data in, in2, out, out2, check, check2, state; + krb5_data in, in2, out, out2, check, check2, state, signdata; krb5_crypto_iov iov[5]; - int i; + int i, j, pos; + unsigned int dummy; size_t len; krb5_enc_data enc_out, enc_out2; - krb5_error_code retval; - krb5_keyblock *key; + krb5_keyblock *keyblock; + krb5_key key; memset(iov, 0, sizeof(iov)); @@ -95,6 +96,8 @@ main () test ("Seeding random number generator", krb5_c_random_seed (context, &in)); + + /* Set up output buffers. */ out.data = malloc(2048); out2.data = malloc(2048); check.data = malloc(2048); @@ -106,38 +109,66 @@ main () out2.length = 2048; check.length = 2048; check2.length = 2048; + for (i = 0; interesting_enctypes[i]; i++) { krb5_enctype enctype = interesting_enctypes [i]; + printf ("Testing enctype %d\n", enctype); test ("Initializing a keyblock", - krb5_init_keyblock (context, enctype, 0, &key)); - test ("Generating random key", - krb5_c_make_random_key (context, enctype, key)); + krb5_init_keyblock (context, enctype, 0, &keyblock)); + test ("Generating random keyblock", + krb5_c_make_random_key (context, enctype, keyblock)); + test ("Creating opaque key from keyblock", + krb5_k_create_key (context, keyblock, &key)); + enc_out.ciphertext = out; enc_out2.ciphertext = out2; /* We use an intermediate `len' because size_t may be different size than `int' */ - krb5_c_encrypt_length (context, key->enctype, in.length, &len); + krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); enc_out.ciphertext.length = len; - test ("Encrypting", - krb5_c_encrypt (context, key, 7, 0, &in, &enc_out)); + + /* Encrypt, decrypt, and see if we got the plaintext back again. */ + test ("Encrypting (c)", + krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out)); test ("Decrypting", - krb5_c_decrypt (context, key, 7, 0, &enc_out, &check)); + krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check)); test ("Comparing", compare_results (&in, &check)); - if ( krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &len) == 0 ){ - /* We support iov/aead*/ - int j, pos; - krb5_data signdata; - signdata.data = (char *) "This should be signed"; - signdata.length = strlen(signdata.data); + + /* Try again with the opaque-key-using variants. */ + memset(out.data, 0, out.length); + test ("Encrypting (k)", + krb5_k_encrypt (context, key, 7, 0, &in, &enc_out)); + test ("Decrypting", + krb5_k_decrypt (context, key, 7, 0, &enc_out, &check)); + test ("Comparing", compare_results (&in, &check)); + + /* Check if this enctype supports IOV encryption. */ + if ( krb5_c_crypto_length(context, keyblock->enctype, + KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){ + /* Set up iovecs for stream decryption. */ + memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length); iov[0].flags= KRB5_CRYPTO_TYPE_STREAM; + iov[0].data.data = out2.data; + iov[0].data.length = enc_out.ciphertext.length; iov[1].flags = KRB5_CRYPTO_TYPE_DATA; - iov[0].data = enc_out.ciphertext; - iov[1].data = out; - test("IOV stream decrypting", - krb5_c_decrypt_iov( context, key, 7, 0, iov, 2)); + + /* Decrypt the encrypted data from above and check it. */ + test("IOV stream decrypting (c)", + krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2)); test("Comparing results", compare_results(&in, &iov[1].data)); + + /* Try again with the opaque-key-using variant. */ + memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length); + test("IOV stream decrypting (k)", + krb5_k_decrypt_iov( context, key, 7, 0, iov, 2)); + test("Comparing results", + compare_results(&in, &iov[1].data)); + + /* Set up iovecs for AEAD encryption. */ + signdata.data = (char *) "This should be signed"; + signdata.length = strlen(signdata.data); iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; iov[1].flags = KRB5_CRYPTO_TYPE_DATA; iov[1].data = in; /*We'll need to copy memory before encrypt*/ @@ -145,8 +176,10 @@ main () iov[2].data = signdata; iov[3].flags = KRB5_CRYPTO_TYPE_PADDING; iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER; + + /* "Allocate" data for the iovec buffers from the "out" buffer. */ test("Setting up iov lengths", - krb5_c_crypto_length_iov(context, key->enctype, iov, 5)); + krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5)); for (j=0,pos=0; j <= 4; j++ ){ if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) continue; @@ -155,53 +188,67 @@ main () } assert (iov[1].data.length == in.length); memcpy(iov[1].data.data, in.data, in.length); - test("iov encrypting", - krb5_c_encrypt_iov(context, key, 7, 0, iov, 5)); + + /* Encrypt and decrypt in place, and check the result. */ + test("iov encrypting (c)", + krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5)); assert(iov[1].data.length == in.length); test("iov decrypting", - krb5_c_decrypt_iov(context, key, 7, 0, iov, 5)); + krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5)); test("Comparing results", compare_results(&in, &iov[1].data)); + /* Try again with opaque-key-using variants. */ + test("iov encrypting (k)", + krb5_k_encrypt_iov(context, key, 7, 0, iov, 5)); + assert(iov[1].data.length == in.length); + test("iov decrypting", + krb5_k_decrypt_iov(context, key, 7, 0, iov, 5)); + test("Comparing results", + compare_results(&in, &iov[1].data)); } + enc_out.ciphertext.length = out.length; check.length = 2048; + test ("init_state", - krb5_c_init_state (context, key, 7, &state)); + krb5_c_init_state (context, keyblock, 7, &state)); test ("Encrypting with state", - krb5_c_encrypt (context, key, 7, &state, &in, &enc_out)); + krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out)); test ("Encrypting again with state", - krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2)); + krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2)); test ("free_state", - krb5_c_free_state (context, key, &state)); + krb5_c_free_state (context, keyblock, &state)); test ("init_state", - krb5_c_init_state (context, key, 7, &state)); + krb5_c_init_state (context, keyblock, 7, &state)); test ("Decrypting with state", - krb5_c_decrypt (context, key, 7, &state, &enc_out, &check)); + krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check)); test ("Decrypting again with state", - krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2)); + krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2)); test ("free_state", - krb5_c_free_state (context, key, &state)); + krb5_c_free_state (context, keyblock, &state)); test ("Comparing", compare_results (&in, &check)); test ("Comparing", compare_results (&in2, &check2)); - krb5_free_keyblock (context, key); + + krb5_free_keyblock (context, keyblock); + krb5_k_free_key (context, key); } /* Test the RC4 decrypt fallback from key usage 9 to 8. */ test ("Initializing an RC4 keyblock", - krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &key)); + krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock)); test ("Generating random RC4 key", - krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, key)); + krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock)); enc_out.ciphertext = out; - krb5_c_encrypt_length (context, key->enctype, in.length, &len); + krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); enc_out.ciphertext.length = len; check.length = 2048; test ("Encrypting with RC4 key usage 8", - krb5_c_encrypt (context, key, 8, 0, &in, &enc_out)); + krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out)); test ("Decrypting with RC4 key usage 9", - krb5_c_decrypt (context, key, 9, 0, &enc_out, &check)); + krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check)); test ("Comparing", compare_results (&in, &check)); free(out.data);