Add tests of auxiliary encryption functions.

All the things like des_encrypt_xdmauth and aes256_encrypt_pubkey are at risk of changing their behaviour if I rewrite the underlying code, so even if I don't have any externally verified test cases, I should still have _something_ to keep me confident that they work the same way today that they worked yesterday.
2025-07-01 03:22:48 -05:00 · 2019-01-18 06:39:35 +00:00
parent eec6666ff9
commit 20930e7d0c
3 changed files with 128 additions and 0 deletions
--- a/test/cryptsuite.py
+++ b/test/cryptsuite.py
@ -1025,6 +1025,46 @@ class crypt(MyTestBase):
        negativeTest(0x1751997d000000000000000000000001000000001)
        negativeTest(0x800000000000002000000000000000000f128a2d1)

+    def testAuxEncryptFns(self):
+        # Test helper functions such as aes256_encrypt_pubkey. The
+        # test cases are all just things I made up at random, and the
+        # expected outputs are generated by running PuTTY's own code;
+        # this doesn't independently check them against any other
+        # implementation, but it at least means we're protected
+        # against code reorganisations changing the behaviour from
+        # what it was before.
+
+        p = b'three AES blocks, or six DES, of arbitrary input'
+
+        k = b'thirty-two-byte aes-256 test key'
+        c = unhex('7b112d00c0fc95bc13fcdacfd43281bf'
+                  'de9389db1bbcfde79d59a303d41fd2eb'
+                  '0955c9477ae4ee3a4d6c1fbe474c0ef6')
+        self.assertEqual(aes256_encrypt_pubkey(k, p), c)
+        self.assertEqual(aes256_decrypt_pubkey(k, c), p)
+
+        k = b'3des with keys distinct.'
+        iv = b'randomIV'
+        c = unhex('be81ff840d885869a54d63b03d7cd8db'
+                  'd39ab875e5f7b9da1081f8434cb33c47'
+                  'dee5bcd530a3f6c13a9fc73e321a843a')
+        self.assertEqual(des3_encrypt_pubkey_ossh(k, iv, p), c)
+        self.assertEqual(des3_decrypt_pubkey_ossh(k, iv, c), p)
+
+        k = b'3des, 2keys only'
+        c = unhex('0b845650d73f615cf16ee3ed20535b5c'
+                  'd2a8866ee628547bbdad916e2b4b9f19'
+                  '67c15bde33c5b03ff7f403b4f8cf2364')
+        self.assertEqual(des3_encrypt_pubkey(k, p), c)
+        self.assertEqual(des3_decrypt_pubkey(k, c), p)
+
+        k = b'7 bytes'
+        c = unhex('5cac9999cffc980a1d1184d84b71c8cb'
+                  '313d12a1d25a7831179aeb11edaca5ad'
+                  '9482b224105a61c27137587620edcba8')
+        self.assertEqual(des_encrypt_xdmauth(k, p), c)
+        self.assertEqual(des_decrypt_xdmauth(k, c), p)
+
 class standard_test_vectors(MyTestBase):
    def testAES(self):
        def vector(cipher, key, plaintext, ciphertext):