diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-02-25 15:05:38 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-02-25 15:05:38 +0000 |
commit | 920ffa13c22ef8c6ac835a293f5d63f944a82859 (patch) | |
tree | c729b42bccd0b290f0e290df65052fd2bda461b8 /src/lib/crypto/crypto_tests | |
parent | 01319ae77ca14ebca9d019a2194d24a9a836e713 (diff) | |
download | krb5-920ffa13c22ef8c6ac835a293f5d63f944a82859.tar.gz krb5-920ffa13c22ef8c6ac835a293f5d63f944a82859.tar.xz krb5-920ffa13c22ef8c6ac835a293f5d63f944a82859.zip |
Remove Yarrow PRNG implementation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/crypto_tests')
-rw-r--r-- | src/lib/crypto/crypto_tests/Makefile.in | 14 | ||||
-rw-r--r-- | src/lib/crypto/crypto_tests/deps | 14 | ||||
-rw-r--r-- | src/lib/crypto/crypto_tests/t_prng.reseedtest | 31 | ||||
-rw-r--r-- | src/lib/crypto/crypto_tests/t_prng.reseedtest-comments | 21 | ||||
-rw-r--r-- | src/lib/crypto/crypto_tests/t_prng.reseedtest-expected | 1 | ||||
-rw-r--r-- | src/lib/crypto/crypto_tests/ytest.c | 385 |
6 files changed, 1 insertions, 465 deletions
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 50700fd6c..81f9b5e0a 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -37,17 +37,13 @@ EXTRADEPSRCS=\ $(srcdir)/t_short.c \ $(srcdir)/t_str2key.c \ $(srcdir)/t_derive.c \ - $(srcdir)/t_fork.c \ - $(srcdir)/ytest.c + $(srcdir)/t_fork.c ##DOS##BUILDTOP = ..\..\.. # NOTE: The t_cksum known checksum values are primarily for regression # testing. They are not derived a priori, but are known to produce # checksums that interoperate. -# -# We use the NSS PRNG when NSS is the crypto back end, so don't test -# against the expected output for Yarrow. check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ t_cksum4 t_cksum5 t_cksums \ aes-test \ @@ -58,9 +54,6 @@ check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ $(RUN_SETUP) $(VALGRIND) ./t_encrypt $(RUN_SETUP) $(VALGRIND) ./t_decrypt $(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output - if [ $(PRNG_ALG) = yarrow ]; then \ - diff t_prng.output $(srcdir)/t_prng.expected; \ - fi $(RUN_SETUP) $(VALGRIND) ./t_cmac $(RUN_SETUP) $(VALGRIND) ./t_hmac $(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output @@ -172,11 +165,6 @@ t_derive$(EXEEXT): t_derive.$(OBJEXT) $(SUPPORT_DEPLIB) t_fork$(EXEEXT): t_fork.$(OBJEXT) $(SUPPORT_DEPLIB) $(CC_LINK) -o $@ t_fork.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) -ytest: ytest.o shs.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB) - $(CC_LINK) -o ytest ytest.o $(SUPPORT_LIB) $(CRYPTO_DEPLIB) - - - clean:: $(RM) t_nfold.o t_nfold nfold.$(OBJEXT) t_encrypt t_encrypt.o \ t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \ diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps index 73505bf1a..03010c0c8 100644 --- a/src/lib/crypto/crypto_tests/deps +++ b/src/lib/crypto/crypto_tests/deps @@ -207,17 +207,3 @@ $(OUTPRE)t_fork.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ $(top_srcdir)/include/socket-utils.h t_fork.c -$(OUTPRE)ytest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/sha1/shs.h \ - $(srcdir)/../builtin/yhash.h $(srcdir)/../krb/prng/yarrow/yarrow.h \ - $(srcdir)/../krb/prng/yarrow/ycipher.h $(srcdir)/../krb/prng/yarrow/yexcep.h \ - $(srcdir)/../krb/prng/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h ytest.c diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest b/src/lib/crypto/crypto_tests/t_prng.reseedtest deleted file mode 100644 index 5eee0c064..000000000 --- a/src/lib/crypto/crypto_tests/t_prng.reseedtest +++ /dev/null @@ -1,31 +0,0 @@ -1 -160 - cb 12 70 40 ee fb 76 2e 32 0d f1 0c a7 a9 36 f8 - c8 f3 35 4e 0f 51 18 cd 25 0f 48 5b e4 97 aa 4f - be 7e 93 af dd 15 29 fc 24 4f 0b 9a 9b 1d ad 7f - 32 c8 a6 96 d4 34 aa 83 d2 d7 33 b0 2f aa ba f6 - cf 8c 78 ad 8a 52 e1 48 e4 7c a7 c5 57 49 31 ea - db b7 9b 6b ab 13 f3 12 a5 ec 67 db 1e 83 73 be - ca 59 fc ed 29 8c f3 ef ca fd 81 55 fa 91 3b 31 - da 24 d2 8b c1 a5 c1 3a 9c 50 a6 3c a1 60 31 0f - 62 c7 88 9b 1a e9 9f 3c 0f 04 d0 35 11 45 f0 8b - 84 a2 26 85 67 f1 e6 2b 34 6b ab 9b 3f c1 a1 0e -0 -1 -40 - f4 fc ab 98 45 a0 41 e4 4d 65 9c eb c2 c9 74 a4 - 55 df 6c 78 78 bc db ae e7 63 b8 a7 33 3b d7 50 - f6 33 c4 a0 1d 14 45 04 -0 -0 -40 - 16 80 1d 78 39 4b 3a 27 80 87 08 6c a9 37 59 74 - 60 f8 fc 37 10 4a 8a c4 d6 3e 6a 41 1a e1 5f 69 - 92 12 5a e1 3b 86 f1 5d -0 -0 -40 - a3 c8 78 4a a0 4d ce 3c 2a 8e 34 bf f7 06 dc d7 - 92 13 bd 74 45 72 40 b6 1c d6 55 28 47 1e f4 70 - 74 e4 94 d7 17 a6 7e 3b -20 diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments b/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments deleted file mode 100644 index e50e09602..000000000 --- a/src/lib/crypto/crypto_tests/t_prng.reseedtest-comments +++ /dev/null @@ -1,21 +0,0 @@ -The reseedtest is intended to allow confirmation that if sufficient -entropy is provided then the PRNG will reseed (well initially seed) -itself before the first random data is requested. This test is not -useful to run in an automated manner because the point is to look at -internal function call order. - -To test this, set a break point at krb5int_yarrow_reseed and -krb5_c_random_make_octets and run the test. The reseed function -should be called with a pool of 1 (YARROW_SLOW_POOL) before -krb5_c_random_make_octets is called. - -A slow reseed should require two sources to reach sufficient entropy. -Sources start out sending entropy to fast pool then alternate with -slow pool. So this test does the following: -* Seed source 1 -* Seed source 1 (this time to slow pool) -* Seed source 0 -* Seed source 0 (to slow pool triggering reseed) -* Output some random data - - diff --git a/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected b/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected deleted file mode 100644 index d7b50801e..000000000 --- a/src/lib/crypto/crypto_tests/t_prng.reseedtest-expected +++ /dev/null @@ -1 +0,0 @@ -fd543f42aded9bd725c9b05682cd0f504c1b33d1 diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c deleted file mode 100644 index 5b9ffafb7..000000000 --- a/src/lib/crypto/crypto_tests/ytest.c +++ /dev/null @@ -1,385 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Yarrow - Cryptographic Pseudo-Random Number Generator - * Copyright (c) 2000 Zero-Knowledge Systems, Inc. - * - * See the accompanying LICENSE file for license information. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include "yarrow.h" -#include "yexcep.h" - -void hex_print( FILE* f, const char* var, void* data, size_t size ); -void dump_yarrow_state( FILE* f, Yarrow_CTX* y ); - -#define YARROW_SEED_FILE "seed" - -static void print_yarrow_status( Yarrow_CTX *y ) -{ - int sid, pool; - Source* source; - - for ( pool = 0; pool < 2; pool++ ) - { - printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" ); - for ( sid = 0; sid < y->num_sources; sid++ ) - { - source = &y->source[ sid ]; - printf( "#%d=%d/%d, ", sid, source->entropy[pool], - pool == YARROW_SLOW_POOL ? - y->slow_thresh : y->fast_thresh ); - } - } - printf( "\n" ); -} - -int yarrow_verbose = 0; -#define VERBOSE( x ) if ( yarrow_verbose ) { x } - -int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample, - size_t size, int entropy ) -{ - int ret; - - VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy, - y->source[sid].pool == - YARROW_SLOW_POOL ? "slow" : "fast" ); ); - ret = krb5int_yarrow_input( y, sid, sample, size, entropy ); - - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - VERBOSE( print_yarrow_status( y ); ); - return (ret); -} - -typedef int (*test_fn)( void ); - -int test_1( void ); -int test_2( void ); -int test_3( void ); -int test_4( void ); - -test_fn test_func[] = -{ - test_1, test_2, test_3, test_4 -}; - -#define num_tests ( sizeof(test_func) / sizeof(test_fn) ) - -int do_test( int t ) -{ - EXCEP_DECL; - int ret; - - printf( "doing test %d ... ", t ); fflush( stdout ); - ret = test_func[ t-1 ](); - VERBOSE( printf( "\ndone test %d ", t ); ); - printf( "[%s]\n", krb5int_yarrow_str_error( ret ) ); fflush( stdout ); - THROW( ret ); - -CATCH: - THROW( EXCEP_BOOL ); - EXCEP_RET; -} - -int main( int argc, char* argv[] ) -{ - EXCEP_DECL; - int test = 0; - char** argvp; - char* arg; - char* conv_ok = NULL; - int ok = YARROW_OK; - int done_some_tests = 0; - int i; - int ret; - - for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ ) - { - arg = *argvp; - if ( arg[0] == '-' ) - { - switch ( arg[1] ) - { - case 'v': yarrow_verbose = 1; continue; - default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" ); - THROW( YARROW_FAIL ); - } - } - conv_ok = NULL; - test = strtoul( arg, &conv_ok, 10 ); - if ( !conv_ok || test < 1 || test > num_tests ) - { - fprintf( stderr, "usage: test [-v] [[test] ... ]\n" ); - THROW( YARROW_FAIL ); - } - else - { - ret = do_test( test ); - if ( ok ) { ok = ret; } - done_some_tests = 1; - } - } - - if ( !done_some_tests ) - { - for ( i = 1; i <= num_tests; i++ ) - { - ret = do_test( i ); - if ( ok ) { ok = ret; } - } - } - THROW( ok ); - -CATCH: - switch (EXCEPTION) - { - case YARROW_OK: - exit (EXIT_SUCCESS); - default: - exit (EXIT_FAILURE); - } -} - -int test_1( void ) -{ - EXCEP_DECL; - -#if defined(YARROW_HASH_SHA1) - VERBOSE( printf( "\nsha1 test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#elif defined(YARROW_MD5) - VERBOSE( printf( "\nmd5 test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#else - VERBOSE( printf( "\nunknown hash function\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#endif -CATCH: - EXCEP_RET; -} - -int test_2( void ) -{ - EXCEP_DECL; - -#if defined(YARROW_CIPHER_3DES) - VERBOSE( printf( "\n3des test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#elif defined(YARROW_CIPHER_BLOWFISH) - VERBOSE( printf( "\nblowfish test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#elif defined(YARROW_CIPHER_IDEA) - VERBOSE( printf( "\nidea test\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#else - VERBOSE( printf( "\nunknown encryption function\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#endif -CATCH: - EXCEP_RET; -} - -int test_3( void ) -{ - EXCEP_DECL; - -#if !defined(YARROW_CIPHER_3DES) || !defined(YARROW_HASH_SHA1) - VERBOSE( printf( "\nnot Yarrow-SHA1-3DES (aka Yarrow-160)\n\n" ); ); - THROW( YARROW_NOT_IMPL ); -#endif - - VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); ); - THROW( YARROW_NOT_IMPL ); - -CATCH: - EXCEP_RET; -} - -int test_4( void ) -{ - EXCEP_DECL; - Yarrow_CTX yarrow; - int initialized = 0; - unsigned user, mouse, keyboard; - int i, ret; - byte user_sample[ 20 ]; - byte mouse_sample[ 4 ]; - byte keyboard_sample[ 2 ]; - byte random[ 30 ]; - byte junk[ 48 ]; - - memset( user_sample, 3, sizeof( user_sample ) ); - memset( mouse_sample, 1, sizeof( mouse_sample ) ); - memset( keyboard_sample, 2, sizeof( keyboard_sample ) ); - - VERBOSE( printf( "\nGeneral workout test\n\n" ); ) - - VERBOSE( printf( "krb5int_yarrow_init() = [" ); ); - ret = krb5int_yarrow_init( &yarrow, YARROW_SEED_FILE ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - - if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) { THROW( ret ); } - initialized = 1; - -#if defined( YARROW_DEBUG ) - dump_yarrow_state( stdout, &yarrow ); -#endif - - ret = krb5int_yarrow_new_source( &yarrow, &user ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", - krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - - VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); ); - ret = Yarrow_Poll( &yarrow, user ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - - ret = krb5int_yarrow_new_source( &yarrow, &mouse ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", - krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - - ret = krb5int_yarrow_new_source( &yarrow, &keyboard ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", - krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - -/* prematurely try to draw output, to check failure when no - * seed file, or state saving turned off - */ - - VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); ); - ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - -/* do it twice so that we some slow samples - * (first sample goes to fast pool, and then samples alternate) - */ - - for ( i = 0; i < 2; i++ ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, - sizeof( mouse_sample ), 2 ) ); - - TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample, - sizeof( keyboard_sample ), 2 ) ); - - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, - sizeof( user_sample ), 2 ) ); - } - -#if defined( YARROW_DEBUG ) - dump_yarrow_state( stdout, &yarrow ); -#endif - - VERBOSE( printf( "\nInduce user source (#%d) to reach " - "slow threshold\n\n", user ); ); - - /* induce fast reseed */ - - for ( i = 0; i < 7; i++ ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, - sizeof( user_sample ), - sizeof( user_sample ) * 3 ) ); - } - - VERBOSE( printf( "\nInduce mouse source (#%d) to reach " - "slow threshold reseed\n\n", mouse ); ); - - /* induce slow reseed, by triggering a second source to reach it's - threshold */ - - for ( i = 0; i < 40; i++ ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, - sizeof( mouse_sample ), - sizeof( mouse_sample )*2 ) ); - } - - VERBOSE( printf( "\nProduce some output\n\n" ); ); - - for ( i = 0; i < 30; i++ ) - { - VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); ); - ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) { THROW( ret ); } - } - - memset( junk, 0, sizeof( junk ) ); - - VERBOSE( printf( "\nTrigger some fast and slow reseeds\n\n" ); ); - - for ( i = 0; i < 30; i++ ) - { - /* odd input to a different source so there are some slow reseeds */ - - if ( i % 16 == 0 ) - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk, - sizeof( junk ), - sizeof( junk ) * 3 ) ); - } - else - { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk, - sizeof( junk ), - sizeof( junk ) * 3 ) ); - } - } - - VERBOSE( printf( "\nPrint some random output\n\n" ); ); - - VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); ); - ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - if ( ret != YARROW_OK ) - { - THROW( ret ); - } - else - { - VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); ); - } - - VERBOSE( printf( "\nClose down Yarrow\n\n" ); ); - -CATCH: - if ( initialized ) - { - VERBOSE( printf( "krb5int_yarrow_final() = [" ); ); - ret = krb5int_yarrow_final( &yarrow ); - VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); - THROW( ret ); - } - EXCEP_RET; -} - -void hex_print( FILE* f, const char* var, void* data, size_t size ) -{ - const char* conv = "0123456789abcdef"; - size_t i; - char* p = (char*) data; - char c, d; - - fprintf( f, var ); - fprintf( f, " = " ); - for ( i = 0; i < size; i++ ) - { - c = conv[ (p[ i ] >> 4) & 0xf ]; - d = conv[ p[ i ] & 0xf ]; - fprintf( f, "%c%c", c, d ); - } - fprintf( f, "\n" ); -} - -void dump_yarrow_state( FILE* f, Yarrow_CTX* y ) -{ - fprintf( f, "===Yarrow State===\n" ); - hex_print( f, "C", y->C, sizeof( y->C ) ); - hex_print( f, "K", y->K, sizeof( y->K ) ); -} |