svn rev #23642: branches/krb5-1-7/src/lib/crypto/keyhash_provider/

tlyu@MIT.EDU tlyu at MIT.EDU
Mon Jan 11 22:42:15 EST 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23642
Commit By: tlyu
Log Message:
ticket: 6584
version_fixed: 1.7.1

Backport test suite portion of r23361 from trunk

 ------------------------------------------------------------------------
 r23361 | tlyu | 2009-11-25 22:54:59 -0500 (Wed, 25 Nov 2009) | 15 lines

 ticket: 6584
 target_version: 1.7.1
 tags: pullup

 Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
 correctly for these checksums.

 Fix regression in MD4-DES and MD5-DES keyed checksums.  The original
 key was being used for the DES encryption, not the "xorkey".  (key
 with each byte XORed with 0xf0)

 Add a test case that will catch future regressions of this sort, by
 including a verification of a "known-good" checksum (derived from a
 known-to-be-interoperable version of the implementation).


Changed Files:
U   branches/krb5-1-7/src/lib/crypto/keyhash_provider/Makefile.in
U   branches/krb5-1-7/src/lib/crypto/keyhash_provider/t_cksum.c
Modified: branches/krb5-1-7/src/lib/crypto/keyhash_provider/Makefile.in
===================================================================
--- branches/krb5-1-7/src/lib/crypto/keyhash_provider/Makefile.in	2010-01-12 03:21:40 UTC (rev 23641)
+++ branches/krb5-1-7/src/lib/crypto/keyhash_provider/Makefile.in	2010-01-12 03:42:15 UTC (rev 23642)
@@ -43,8 +43,8 @@
 	$(CC_LINK) -o t_cksum5 t_cksum5.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS)
 
 check-unix:: t_cksum4 t_cksum5
-	$(RUN_SETUP) $(VALGRIND) $(C)t_cksum4 "this is a test"
-	$(RUN_SETUP) $(VALGRIND) $(C)t_cksum5 "this is a test"
+	$(RUN_SETUP) $(VALGRIND) $(C)t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
+	$(RUN_SETUP) $(VALGRIND) $(C)t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
 
 clean-unix::
 	$(RM) t_cksum4 t_cksum4.o

Modified: branches/krb5-1-7/src/lib/crypto/keyhash_provider/t_cksum.c
===================================================================
--- branches/krb5-1-7/src/lib/crypto/keyhash_provider/t_cksum.c	2010-01-12 03:21:40 UTC (rev 23641)
+++ branches/krb5-1-7/src/lib/crypto/keyhash_provider/t_cksum.c	2010-01-12 03:42:15 UTC (rev 23642)
@@ -59,6 +59,27 @@
   printf("\n");
 }
 
+static void
+parse_hexstring(const char *s, krb5_data *dat)
+{
+  size_t i, len;
+  unsigned int byte;
+  unsigned char *cp;
+
+  len = strlen(s);
+  cp = malloc(len / 2);
+  dat->data = (char *)cp;
+  if (cp == NULL) {
+    dat->length = 0;
+    return;
+  }
+  dat->length = len / 2;
+  for (i = 0; i + 1 < len; i += 2) {
+    sscanf(&s[i], "%2x", &byte);
+    *cp++ = byte;
+  }
+}
+
 /*
  * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
  * checksums.
@@ -76,7 +97,7 @@
   size_t		length;
   krb5_keyblock		keyblock;
   krb5_error_code	kret=0;
-  krb5_data		plaintext, newstyle_checksum;
+  krb5_data		plaintext, newstyle_checksum, knowncksum_dat;
 
   /* this is a terrible seed, but that's ok for the test. */
 
@@ -98,7 +119,7 @@
     printf("cannot get memory for new style checksum\n");
     return(ENOMEM);
   }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
+  for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
     plaintext.length = strlen(argv[msgindex]);
     plaintext.data = argv[msgindex];
 
@@ -115,6 +136,7 @@
     }
     if (!valid) {
       printf("verify on new checksum failed\n");
+      kret = 1;
       break;
     }
     printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
@@ -127,13 +149,32 @@
     }
     if (valid) {
       printf("verify on new checksum succeeded, but shouldn't have\n");
+      kret = 1;
       break;
     }
     printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+    parse_hexstring(argv[msgindex+1], &knowncksum_dat);
+    if (knowncksum_dat.data == NULL) {
+      printf("parse_hexstring failed\n");
+      kret = 1;
+      break;
+    }
+    if ((kret = (*(khp.verify))(&keyblock, 0, 0, &plaintext, &knowncksum_dat,
+				&valid))) {
+      printf("verify on known checksum choked with %d\n", kret);
+      break;
+    }
+    if (!valid) {
+      printf("verify on known checksum failed\n");
+      kret = 1;
+      break;
+    }
+    printf("Verify on known checksum succeeded\n");
     kret = 0;
   }
   free(newstyle_checksum.data);
   if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+    printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
+
   return(kret);
 }

More information about the cvs-krb5 mailing list