diff options
Diffstat (limited to 'src/lib/crypto/crypto_tests/t_encrypt.c')
-rw-r--r-- | src/lib/crypto/crypto_tests/t_encrypt.c | 363 |
1 files changed, 182 insertions, 181 deletions
diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index 5615bc8..60e86f4 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/crypto/t_encrypt.c * @@ -36,15 +37,15 @@ /* What enctypes should we test?*/ krb5_enctype interesting_enctypes[] = { - ENCTYPE_DES_CBC_CRC, - ENCTYPE_DES_CBC_MD4, - ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES3_CBC_SHA1, - ENCTYPE_ARCFOUR_HMAC, - ENCTYPE_ARCFOUR_HMAC_EXP, - ENCTYPE_AES256_CTS_HMAC_SHA1_96, - ENCTYPE_AES128_CTS_HMAC_SHA1_96, - 0 + ENCTYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD4, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_ARCFOUR_HMAC_EXP, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, + 0 }; static void @@ -52,24 +53,24 @@ test(const char *msg, krb5_error_code retval) { printf("%s: . . . ", msg); if (retval) { - printf("Failed: %s\n", error_message(retval)); - abort(); + printf("Failed: %s\n", error_message(retval)); + abort(); } else - printf("OK\n"); + printf("OK\n"); } static int compare_results(krb5_data *d1, krb5_data *d2) { if (d1->length != d2->length) { - /* Decryption can leave a little trailing cruft. - For the current cryptosystems, this can be up to 7 bytes. */ - if (d1->length + 8 <= d2->length) - return EINVAL; - if (d1->length > d2->length) - return EINVAL; + /* Decryption can leave a little trailing cruft. + For the current cryptosystems, this can be up to 7 bytes. */ + if (d1->length + 8 <= d2->length) + return EINVAL; + if (d1->length > d2->length) + return EINVAL; } if (memcmp(d1->data, d2->data, d1->length)) { - return EINVAL; + return EINVAL; } return 0; } @@ -77,187 +78,187 @@ static int compare_results(krb5_data *d1, krb5_data *d2) int main () { - krb5_context context = 0; - krb5_data in, in2, out, out2, check, check2, state, signdata; - krb5_crypto_iov iov[5]; - int i, j, pos; - unsigned int dummy; - size_t len; - krb5_enc_data enc_out, enc_out2; - krb5_keyblock *keyblock; - krb5_key key; + krb5_context context = 0; + krb5_data in, in2, out, out2, check, check2, state, signdata; + krb5_crypto_iov iov[5]; + int i, j, pos; + unsigned int dummy; + size_t len; + krb5_enc_data enc_out, enc_out2; + krb5_keyblock *keyblock; + krb5_key key; - memset(iov, 0, sizeof(iov)); + memset(iov, 0, sizeof(iov)); - in.data = "This is a test.\n"; - in.length = strlen (in.data); - in2.data = "This is another test.\n"; - in2.length = strlen (in2.data); + in.data = "This is a test.\n"; + in.length = strlen (in.data); + in2.data = "This is another test.\n"; + in2.length = strlen (in2.data); - test ("Seeding random number generator", - krb5_c_random_seed (context, &in)); + test ("Seeding random number generator", + krb5_c_random_seed (context, &in)); - /* Set up output buffers. */ - out.data = malloc(2048); - out2.data = malloc(2048); - check.data = malloc(2048); - check2.data = malloc(2048); - if (out.data == NULL || out2.data == NULL - || check.data == NULL || check2.data == NULL) - abort(); - out.magic = KV5M_DATA; - out.length = 2048; - out2.magic = KV5M_DATA; - out2.length = 2048; - check.length = 2048; - check2.length = 2048; + /* Set up output buffers. */ + out.data = malloc(2048); + out2.data = malloc(2048); + check.data = malloc(2048); + check2.data = malloc(2048); + if (out.data == NULL || out2.data == NULL + || check.data == NULL || check2.data == NULL) + abort(); + out.magic = KV5M_DATA; + out.length = 2048; + out2.magic = KV5M_DATA; + out2.length = 2048; + check.length = 2048; + check2.length = 2048; - for (i = 0; interesting_enctypes[i]; i++) { - krb5_enctype enctype = interesting_enctypes [i]; + for (i = 0; interesting_enctypes[i]; i++) { + krb5_enctype enctype = interesting_enctypes [i]; - printf ("Testing enctype %d\n", enctype); - test ("Initializing a keyblock", - krb5_init_keyblock (context, enctype, 0, &keyblock)); - test ("Generating random keyblock", - krb5_c_make_random_key (context, enctype, keyblock)); - test ("Creating opaque key from keyblock", - krb5_k_create_key (context, keyblock, &key)); + printf ("Testing enctype %d\n", enctype); + test ("Initializing a keyblock", + krb5_init_keyblock (context, enctype, 0, &keyblock)); + test ("Generating random keyblock", + krb5_c_make_random_key (context, enctype, keyblock)); + test ("Creating opaque key from keyblock", + krb5_k_create_key (context, keyblock, &key)); - enc_out.ciphertext = out; - enc_out2.ciphertext = out2; - /* We use an intermediate `len' because size_t may be different size - than `int' */ - krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); - enc_out.ciphertext.length = len; + enc_out.ciphertext = out; + enc_out2.ciphertext = out2; + /* We use an intermediate `len' because size_t may be different size + than `int' */ + krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); + enc_out.ciphertext.length = len; - /* Encrypt, decrypt, and see if we got the plaintext back again. */ - test ("Encrypting (c)", - krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out)); - test ("Decrypting", - krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check)); - test ("Comparing", compare_results (&in, &check)); + /* Encrypt, decrypt, and see if we got the plaintext back again. */ + test ("Encrypting (c)", + krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out)); + test ("Decrypting", + krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check)); + test ("Comparing", compare_results (&in, &check)); - /* Try again with the opaque-key-using variants. */ - memset(out.data, 0, out.length); - test ("Encrypting (k)", - krb5_k_encrypt (context, key, 7, 0, &in, &enc_out)); - test ("Decrypting", - krb5_k_decrypt (context, key, 7, 0, &enc_out, &check)); - test ("Comparing", compare_results (&in, &check)); + /* Try again with the opaque-key-using variants. */ + memset(out.data, 0, out.length); + test ("Encrypting (k)", + krb5_k_encrypt (context, key, 7, 0, &in, &enc_out)); + test ("Decrypting", + krb5_k_decrypt (context, key, 7, 0, &enc_out, &check)); + test ("Comparing", compare_results (&in, &check)); - /* Check if this enctype supports IOV encryption. */ - if ( krb5_c_crypto_length(context, keyblock->enctype, - KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){ - /* Set up iovecs for stream decryption. */ - memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length); - iov[0].flags= KRB5_CRYPTO_TYPE_STREAM; - iov[0].data.data = out2.data; - iov[0].data.length = enc_out.ciphertext.length; - iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + /* Check if this enctype supports IOV encryption. */ + if ( krb5_c_crypto_length(context, keyblock->enctype, + KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){ + /* Set up iovecs for stream decryption. */ + memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length); + iov[0].flags= KRB5_CRYPTO_TYPE_STREAM; + iov[0].data.data = out2.data; + iov[0].data.length = enc_out.ciphertext.length; + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; - /* Decrypt the encrypted data from above and check it. */ - test("IOV stream decrypting (c)", - krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2)); - test("Comparing results", - compare_results(&in, &iov[1].data)); + /* Decrypt the encrypted data from above and check it. */ + test("IOV stream decrypting (c)", + krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2)); + test("Comparing results", + compare_results(&in, &iov[1].data)); - /* Try again with the opaque-key-using variant. */ - memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length); - test("IOV stream decrypting (k)", - krb5_k_decrypt_iov( context, key, 7, 0, iov, 2)); - test("Comparing results", - compare_results(&in, &iov[1].data)); + /* Try again with the opaque-key-using variant. */ + memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length); + test("IOV stream decrypting (k)", + krb5_k_decrypt_iov( context, key, 7, 0, iov, 2)); + test("Comparing results", + compare_results(&in, &iov[1].data)); - /* Set up iovecs for AEAD encryption. */ - signdata.magic = KV5M_DATA; - signdata.data = (char *) "This should be signed"; - signdata.length = strlen(signdata.data); - iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; - iov[1].flags = KRB5_CRYPTO_TYPE_DATA; - iov[1].data = in; /*We'll need to copy memory before encrypt*/ - iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; - iov[2].data = signdata; - iov[3].flags = KRB5_CRYPTO_TYPE_PADDING; - iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER; + /* Set up iovecs for AEAD encryption. */ + signdata.magic = KV5M_DATA; + signdata.data = (char *) "This should be signed"; + signdata.length = strlen(signdata.data); + iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data = in; /*We'll need to copy memory before encrypt*/ + iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + iov[2].data = signdata; + iov[3].flags = KRB5_CRYPTO_TYPE_PADDING; + iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER; - /* "Allocate" data for the iovec buffers from the "out" buffer. */ - test("Setting up iov lengths", - krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5)); - for (j=0,pos=0; j <= 4; j++ ){ - if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) - continue; - iov[j].data.data = &out.data[pos]; - pos += iov[j].data.length; - } - assert (iov[1].data.length == in.length); - memcpy(iov[1].data.data, in.data, in.length); + /* "Allocate" data for the iovec buffers from the "out" buffer. */ + test("Setting up iov lengths", + krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5)); + for (j=0,pos=0; j <= 4; j++ ){ + if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + iov[j].data.data = &out.data[pos]; + pos += iov[j].data.length; + } + assert (iov[1].data.length == in.length); + memcpy(iov[1].data.data, in.data, in.length); - /* Encrypt and decrypt in place, and check the result. */ - test("iov encrypting (c)", - krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5)); - assert(iov[1].data.length == in.length); - test("iov decrypting", - krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5)); - test("Comparing results", - compare_results(&in, &iov[1].data)); + /* Encrypt and decrypt in place, and check the result. */ + test("iov encrypting (c)", + krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5)); + assert(iov[1].data.length == in.length); + test("iov decrypting", + krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5)); + test("Comparing results", + compare_results(&in, &iov[1].data)); - /* Try again with opaque-key-using variants. */ - test("iov encrypting (k)", - krb5_k_encrypt_iov(context, key, 7, 0, iov, 5)); - assert(iov[1].data.length == in.length); - test("iov decrypting", - krb5_k_decrypt_iov(context, key, 7, 0, iov, 5)); - test("Comparing results", - compare_results(&in, &iov[1].data)); - } + /* Try again with opaque-key-using variants. */ + test("iov encrypting (k)", + krb5_k_encrypt_iov(context, key, 7, 0, iov, 5)); + assert(iov[1].data.length == in.length); + test("iov decrypting", + krb5_k_decrypt_iov(context, key, 7, 0, iov, 5)); + test("Comparing results", + compare_results(&in, &iov[1].data)); + } - enc_out.ciphertext.length = out.length; - check.length = 2048; + enc_out.ciphertext.length = out.length; + check.length = 2048; - test ("init_state", - krb5_c_init_state (context, keyblock, 7, &state)); - test ("Encrypting with state", - krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out)); - test ("Encrypting again with state", - krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2)); - test ("free_state", - krb5_c_free_state (context, keyblock, &state)); - test ("init_state", - krb5_c_init_state (context, keyblock, 7, &state)); - test ("Decrypting with state", - krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check)); - test ("Decrypting again with state", - krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2)); - test ("free_state", - krb5_c_free_state (context, keyblock, &state)); - test ("Comparing", - compare_results (&in, &check)); - test ("Comparing", - compare_results (&in2, &check2)); + test ("init_state", + krb5_c_init_state (context, keyblock, 7, &state)); + test ("Encrypting with state", + krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out)); + test ("Encrypting again with state", + krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2)); + test ("free_state", + krb5_c_free_state (context, keyblock, &state)); + test ("init_state", + krb5_c_init_state (context, keyblock, 7, &state)); + test ("Decrypting with state", + krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check)); + test ("Decrypting again with state", + krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2)); + test ("free_state", + krb5_c_free_state (context, keyblock, &state)); + test ("Comparing", + compare_results (&in, &check)); + test ("Comparing", + compare_results (&in2, &check2)); - krb5_free_keyblock (context, keyblock); - krb5_k_free_key (context, key); - } + krb5_free_keyblock (context, keyblock); + krb5_k_free_key (context, key); + } - /* Test the RC4 decrypt fallback from key usage 9 to 8. */ - test ("Initializing an RC4 keyblock", - krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock)); - test ("Generating random RC4 key", - krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock)); - enc_out.ciphertext = out; - krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); - enc_out.ciphertext.length = len; - check.length = 2048; - test ("Encrypting with RC4 key usage 8", - krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out)); - test ("Decrypting with RC4 key usage 9", - krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check)); - test ("Comparing", compare_results (&in, &check)); + /* Test the RC4 decrypt fallback from key usage 9 to 8. */ + test ("Initializing an RC4 keyblock", + krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock)); + test ("Generating random RC4 key", + krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock)); + enc_out.ciphertext = out; + krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); + enc_out.ciphertext.length = len; + check.length = 2048; + test ("Encrypting with RC4 key usage 8", + krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out)); + test ("Decrypting with RC4 key usage 9", + krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check)); + test ("Comparing", compare_results (&in, &check)); - krb5_free_keyblock (context, keyblock); - free(out.data); - free(out2.data); - free(check.data); - free(check2.data); - return 0; + krb5_free_keyblock (context, keyblock); + free(out.data); + free(out2.data); + free(check.data); + free(check2.data); + return 0; } |