krb5 commit: Rewrite t_prf crypto test program
Greg Hudson
ghudson at mit.edu
Mon Oct 3 16:02:44 EDT 2016
https://github.com/krb5/krb5/commit/1e83c0a600130e7851f41a6b104b362bc32a4b1d
commit 1e83c0a600130e7851f41a6b104b362bc32a4b1d
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Dec 7 22:16:24 2015 -0500
Rewrite t_prf crypto test program
Rewrite the pseudo-random test program to use hardcoded test cases
instead of input and expected output files. The test cases are the
same, using hardcoded keys instead of running string-to-key over
"key1" or "key2".
src/lib/crypto/crypto_tests/Makefile.in | 3 +-
src/lib/crypto/crypto_tests/t_prf.c | 190 ++++++++++++++++------------
src/lib/crypto/crypto_tests/t_prf.comments | 8 --
src/lib/crypto/crypto_tests/t_prf.expected | 6 -
src/lib/crypto/crypto_tests/t_prf.in | 18 ---
5 files changed, 109 insertions(+), 116 deletions(-)
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index 9da6bf7..c5eba1b 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -46,8 +46,7 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
$(RUN_TEST) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
$(RUN_TEST) ./t_cmac
$(RUN_TEST) ./t_hmac
- $(RUN_TEST) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
- diff t_prf.output $(srcdir)/t_prf.expected
+ $(RUN_TEST) ./t_prf
$(RUN_TEST) ./t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
$(RUN_TEST) ./t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
$(RUN_TEST) ./t_cksums
diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c
index ce5537c..e735d95 100644
--- a/src/lib/crypto/crypto_tests/t_prf.c
+++ b/src/lib/crypto/crypto_tests/t_prf.c
@@ -1,101 +1,127 @@
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/crypto_tests/t_prf.c */
+/* lib/crypto/crypto_tests/t_prf.c - PRF test cases */
/*
- * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
* All rights reserved.
*
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
*
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- * This file contains tests for the PRF code in Kerberos. IT reads an
- * input file, and writes an output file. It is assumed that the
- * output file will be diffed against expected output to see whether
- * regression tests pass. The input file is a very primitive format.
- * It includes an enctype and password to be string2keyed followed by
- * a number of bytes of input length, followed by that many bytes of
- * input. The program outputs krb5_c_prf of that input and key as a
- * hex string.
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "k5-int.h"
-#include <assert.h>
-int main () {
+struct test {
+ krb5_enctype enctype;
+ krb5_data keybits;
+ krb5_data prf_input;
+ krb5_data expected;
+} tests[] = {
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ { KV5M_DATA, 16,
+ "\xAE\x27\x2E\x7C\xDE\xC8\x6A\xC5\x13\x8C\xDB\x19\x6D\x8E\x29\x7D" },
+ { KV5M_DATA, 2, "\x01\x61" },
+ { KV5M_DATA, 16,
+ "\x77\xB3\x9A\x37\xA8\x68\x92\x0F\x2A\x51\xF9\xDD\x15\x0C\x57\x17" }
+ },
+ {
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ { KV5M_DATA, 16,
+ "\x67\xAB\x1C\xFE\xF3\x5E\x4C\x27\xFF\xDE\xAC\x60\x38\x5A\x3E\x9C" },
+ { KV5M_DATA, 2, "\x01\x62" },
+ { KV5M_DATA, 16,
+ "\xE0\x6C\x0D\xD3\x1F\xF0\x20\x91\x99\x4F\x2E\xF5\x17\x8B\xFE\x3D" }
+ },
+
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ { KV5M_DATA, 32,
+ "\xC0\x1F\x15\x72\x11\xF7\xB7\x7E\xAA\xF4\x57\xC3\xE1\x56\x69\x01"
+ "\x27\xEE\x12\x7D\x81\x0B\xA6\x39\x2E\x97\xBA\xA2\x43\xEB\x06\x16" },
+ { KV5M_DATA, 2, "\x01\x61" },
+ { KV5M_DATA, 16,
+ "\xB2\x62\x8C\x78\x8E\x2E\x9C\x4A\x9B\xB4\x64\x46\x78\xC2\x9F\x2F" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ { KV5M_DATA, 32,
+ "\xC0\x1F\x15\x72\x11\xF7\xB7\x7E\xAA\xF4\x57\xC3\xE1\x56\x69\x01"
+ "\x27\xEE\x12\x7D\x81\x0B\xA6\x39\x2E\x97\xBA\xA2\x43\xEB\x06\x16" },
+ { KV5M_DATA, 2, "\x02\x61" },
+ { KV5M_DATA, 16,
+ "\xB4\x06\x37\x33\x50\xCE\xE8\xA6\x12\x6F\x4A\x9B\x65\xA0\xCD\x21" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ { KV5M_DATA, 32,
+ "\x9D\x52\x0D\x2D\x98\x0A\xA7\xCB\x6B\x69\x36\x82\xB6\x2D\xA2\x58"
+ "\xB3\x33\x86\x79\x51\x64\x2C\xE6\x47\xAE\x62\xB1\xE5\xE0\xB5\xE9" },
+ { KV5M_DATA, 2, "\x01\x62" },
+ { KV5M_DATA, 16,
+ "\xFF\x0E\x28\x9E\xA7\x56\xC0\x55\x9A\x0E\x91\x18\x56\x96\x1A\x49" }
+ },
+ {
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ { KV5M_DATA, 32,
+ "\x9D\x52\x0D\x2D\x98\x0A\xA7\xCB\x6B\x69\x36\x82\xB6\x2D\xA2\x58"
+ "\xB3\x33\x86\x79\x51\x64\x2C\xE6\x47\xAE\x62\xB1\xE5\xE0\xB5\xE9" },
+ { KV5M_DATA, 2, "\x02\x62" },
+ { KV5M_DATA, 16,
+ "\x0D\x67\x4D\xD0\xF9\xA6\x80\x65\x25\xA4\xD9\x2E\x82\x8B\xD1\x5A" }
+ },
+};
+
+int
+main()
+{
krb5_error_code ret;
- krb5_data input, output;
- krb5_keyblock *key = NULL;
- unsigned int in_length;
- unsigned int i;
- size_t prfsz;
+ krb5_data output;
+ krb5_keyblock kb;
+ size_t i, prfsz;
+ const struct test *test;
- while (1) {
- krb5_enctype enctype;
- char s[1025];
+ for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+ test = &tests[i];
+ kb.magic = KV5M_KEYBLOCK;
+ kb.enctype = test->enctype;
+ kb.length = test->keybits.length;
+ kb.contents = (uint8_t *)test->keybits.data;
- if (scanf( "%d", &enctype) == EOF)
- break;
- if (scanf("%1024s", &s[0]) == EOF)
- break;
- ret = krb5_init_keyblock(0, enctype, 0, &key);
+ ret = krb5_c_prf_length(NULL, test->enctype, &prfsz);
assert(!ret);
- input.data = &s[0];
- input.length = strlen(s);
- ret = krb5_c_string_to_key (0, enctype, &input, &input, key);
+ ret = alloc_data(&output, prfsz);
+ assert(!ret);
+ ret = krb5_c_prf(NULL, &kb, &tests[i].prf_input, &output);
assert(!ret);
- if (scanf("%u", &in_length) == EOF)
- break;
-
- if (in_length ) {
- unsigned int lc;
- ret = alloc_data(&input, in_length);
- assert(!ret);
- for (lc = in_length; lc > 0; lc--) {
- scanf ("%2x", &i);
- input.data[in_length-lc] = (unsigned) (i&0xff);
- }
- ret = krb5_c_prf_length(0, enctype, &prfsz);
- assert(!ret);
- ret = alloc_data(&output, prfsz);
- assert(!ret);
- ret = krb5_c_prf(0, key, &input, &output);
- assert(!ret);
-
- free (input.data);
- input.data = NULL;
- } else {
- prfsz = 0;
- }
-
- for (; prfsz > 0; prfsz--) {
- printf ("%02x",
- (unsigned int) ((unsigned char ) output.data[output.length-prfsz]));
+ if (!data_eq(output, tests[i].expected)) {
+ printf("Test %d failed\n", (int)i);
+ exit(1);
}
- printf ("\n");
-
- free (output.data);
- output.data = NULL;
- krb5_free_keyblock(0, key);
- key = NULL;
+ free(output.data);
}
- return (0);
+ return 0;
}
diff --git a/src/lib/crypto/crypto_tests/t_prf.comments b/src/lib/crypto/crypto_tests/t_prf.comments
deleted file mode 100644
index 1245842..0000000
--- a/src/lib/crypto/crypto_tests/t_prf.comments
+++ /dev/null
@@ -1,8 +0,0 @@
-The first two tests are effectively a call to krb-fx-cf2 for
-aes-128-cts. This mirrorrs the first test in t_cf2.in.
-
-
-The next four tests mirror a call to KRB-FX-CF2 for aes256-cts; this
-mirrors the second test in t_cf2.in.
-
-
diff --git a/src/lib/crypto/crypto_tests/t_prf.expected b/src/lib/crypto/crypto_tests/t_prf.expected
deleted file mode 100644
index eadfd97..0000000
--- a/src/lib/crypto/crypto_tests/t_prf.expected
+++ /dev/null
@@ -1,6 +0,0 @@
-77b39a37a868920f2a51f9dd150c5717
-e06c0dd31ff02091994f2ef5178bfe3d
-b2628c788e2e9c4a9bb4644678c29f2f
-b406373350cee8a6126f4a9b65a0cd21
-ff0e289ea756c0559a0e911856961a49
-0d674dd0f9a6806525a4d92e828bd15a
diff --git a/src/lib/crypto/crypto_tests/t_prf.in b/src/lib/crypto/crypto_tests/t_prf.in
deleted file mode 100644
index f45c416..0000000
--- a/src/lib/crypto/crypto_tests/t_prf.in
+++ /dev/null
@@ -1,18 +0,0 @@
-17
-key1
-2 0161
-17
-key2
-2 0162
-18
-key1
-2 0161
-18
-key1
-2 0261
-18
-key2
-2 0162
-18
-key2
-2 0262
More information about the cvs-krb5
mailing list