svn rev #22855: branches/enc-perf/src/lib/crypto/crypto_tests/

ghudson@MIT.EDU ghudson at MIT.EDU
Tue Oct 6 11:40:28 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22855
Commit By: ghudson
Log Message:
Extend t_encrypt to test krb5_k_encrypt and related functions as well
as the krb5_c variants.



Changed Files:
U   branches/enc-perf/src/lib/crypto/crypto_tests/t_encrypt.c
Modified: branches/enc-perf/src/lib/crypto/crypto_tests/t_encrypt.c
===================================================================
--- branches/enc-perf/src/lib/crypto/crypto_tests/t_encrypt.c	2009-10-06 15:33:11 UTC (rev 22854)
+++ branches/enc-perf/src/lib/crypto/crypto_tests/t_encrypt.c	2009-10-06 15:40:28 UTC (rev 22855)
@@ -78,13 +78,14 @@
 main ()
 {
   krb5_context context = 0;
-  krb5_data  in, in2, out, out2, check, check2, state;
+  krb5_data  in, in2, out, out2, check, check2, state, signdata;
   krb5_crypto_iov iov[5];
-  int i;
+  int i, j, pos;
+  unsigned int dummy;
   size_t len;
   krb5_enc_data enc_out, enc_out2;
-  krb5_error_code retval;
-  krb5_keyblock *key;
+  krb5_keyblock *keyblock;
+  krb5_key key;
 
   memset(iov, 0, sizeof(iov));
 
@@ -95,6 +96,8 @@
 
   test ("Seeding random number generator",
 	krb5_c_random_seed (context, &in));
+
+  /* Set up output buffers. */
   out.data = malloc(2048);
   out2.data = malloc(2048);
   check.data = malloc(2048);
@@ -106,38 +109,66 @@
   out2.length = 2048;
   check.length = 2048;
   check2.length = 2048;
+
   for (i = 0; interesting_enctypes[i]; i++) {
     krb5_enctype enctype = interesting_enctypes [i];
+
     printf ("Testing enctype %d\n", enctype);
     test ("Initializing a keyblock",
-	  krb5_init_keyblock (context, enctype, 0, &key));
-    test ("Generating random key",
-	  krb5_c_make_random_key (context, enctype, key));
+	  krb5_init_keyblock (context, enctype, 0, &keyblock));
+    test ("Generating random keyblock",
+	  krb5_c_make_random_key (context, enctype, keyblock));
+    test ("Creating opaque key from keyblock",
+	  krb5_k_create_key (context, keyblock, &key));
+
     enc_out.ciphertext = out;
     enc_out2.ciphertext = out2;
     /* We use an intermediate `len' because size_t may be different size 
        than `int' */
-    krb5_c_encrypt_length (context, key->enctype, in.length, &len);
+    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
     enc_out.ciphertext.length = len;
-    test ("Encrypting",
-	  krb5_c_encrypt (context, key, 7, 0, &in, &enc_out));
+
+    /* Encrypt, decrypt, and see if we got the plaintext back again. */
+    test ("Encrypting (c)",
+	  krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
     test ("Decrypting",
-	  krb5_c_decrypt (context, key, 7, 0, &enc_out, &check));
+	  krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
     test ("Comparing", compare_results (&in, &check));
-    if ( krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &len) == 0 ){
-	/* We support iov/aead*/
-	int j, pos;
-	krb5_data signdata;
-	signdata.data = (char *) "This should be signed";
-	signdata.length = strlen(signdata.data);
+
+    /* Try again with the opaque-key-using variants. */
+    memset(out.data, 0, out.length);
+    test ("Encrypting (k)",
+	  krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+    test ("Decrypting",
+	  krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
+
+    /* Check if this enctype supports IOV encryption. */
+    if ( krb5_c_crypto_length(context, keyblock->enctype,
+			      KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
+	/* Set up iovecs for stream decryption. */
+	memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
 	iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
+	iov[0].data.data = out2.data;
+	iov[0].data.length = enc_out.ciphertext.length;
 	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
-	iov[0].data = enc_out.ciphertext;
-	iov[1].data = out;
-	test("IOV stream decrypting",
-	     krb5_c_decrypt_iov( context, key, 7, 0, iov, 2));
+
+	/* Decrypt the encrypted data from above and check it. */
+	test("IOV stream decrypting (c)",
+	     krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
 	test("Comparing results",
 	     compare_results(&in, &iov[1].data));
+
+	/* Try again with the opaque-key-using variant. */
+	memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+	test("IOV stream decrypting (k)",
+	     krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
+	test("Comparing results",
+	     compare_results(&in, &iov[1].data));
+
+	/* Set up iovecs for AEAD encryption. */
+	signdata.data = (char *) "This should be signed";
+	signdata.length = strlen(signdata.data);
 	iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
 	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
 	iov[1].data = in; /*We'll need to copy memory before encrypt*/
@@ -145,8 +176,10 @@
 	iov[2].data = signdata;
 	iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
 	iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
+
+	/* "Allocate" data for the iovec buffers from the "out" buffer. */
 	test("Setting up iov lengths",
-	     krb5_c_crypto_length_iov(context, key->enctype, iov, 5));
+	     krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
 	for (j=0,pos=0; j <= 4; j++ ){
 	    if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
 		continue;
@@ -155,53 +188,67 @@
 	}
 	assert (iov[1].data.length == in.length);
 	memcpy(iov[1].data.data, in.data, in.length);
-	test("iov encrypting",
-	     krb5_c_encrypt_iov(context, key, 7, 0, iov, 5));
+
+	/* Encrypt and decrypt in place, and check the result. */
+	test("iov encrypting (c)",
+	     krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
 	assert(iov[1].data.length == in.length);
 	test("iov decrypting",
-	     krb5_c_decrypt_iov(context, key, 7, 0, iov, 5));
+	     krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
 	test("Comparing results",
 	     compare_results(&in, &iov[1].data));
 		       
+	/* Try again with opaque-key-using variants. */
+	test("iov encrypting (k)",
+	     krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
+	assert(iov[1].data.length == in.length);
+	test("iov decrypting",
+	     krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
+	test("Comparing results",
+	     compare_results(&in, &iov[1].data));
     }
+
     enc_out.ciphertext.length = out.length;
     check.length = 2048;
+
     test ("init_state",
-	  krb5_c_init_state (context, key, 7, &state));
+	  krb5_c_init_state (context, keyblock, 7, &state));
     test ("Encrypting with state",
-	  krb5_c_encrypt (context, key, 7, &state, &in, &enc_out));
+	  krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
     test ("Encrypting again with state",
-	  krb5_c_encrypt (context, key, 7, &state, &in2, &enc_out2));
+	  krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
     test ("free_state",
-	  krb5_c_free_state (context, key, &state));
+	  krb5_c_free_state (context, keyblock, &state));
     test ("init_state",
-	  krb5_c_init_state (context, key, 7, &state));
+	  krb5_c_init_state (context, keyblock, 7, &state));
     test ("Decrypting with state",
-	  krb5_c_decrypt (context, key, 7, &state, &enc_out, &check));
+	  krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
     test ("Decrypting again with state",
-	  krb5_c_decrypt (context, key, 7, &state, &enc_out2, &check2));
+	  krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
     test ("free_state",
-	  krb5_c_free_state (context, key, &state));
+	  krb5_c_free_state (context, keyblock, &state));
     test ("Comparing",
 	  compare_results (&in, &check));
     test ("Comparing",
 	  compare_results (&in2, &check2));
-    krb5_free_keyblock (context, key);
+
+    krb5_free_keyblock (context, keyblock);
+    krb5_k_free_key (context, key);
   }
 
   /* Test the RC4 decrypt fallback from key usage 9 to 8. */
   test ("Initializing an RC4 keyblock",
-	krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &key));
+	krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
   test ("Generating random RC4 key",
-	krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, key));
+	krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
   enc_out.ciphertext = out;
-  krb5_c_encrypt_length (context, key->enctype, in.length, &len);
+  krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
   enc_out.ciphertext.length = len;
   check.length = 2048;
   test ("Encrypting with RC4 key usage 8",
-	krb5_c_encrypt (context, key, 8, 0, &in, &enc_out));
+	krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
   test ("Decrypting with RC4 key usage 9",
-	krb5_c_decrypt (context, key, 9, 0, &enc_out, &check));
+	krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
   test ("Comparing", compare_results (&in, &check));
 
   free(out.data);

More information about the cvs-krb5 mailing list