test_crypto.c 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784
  1. /* Copyright (c) 2001-2004, Roger Dingledine.
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2009, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. #include "orconfig.h"
  6. #define CRYPTO_PRIVATE
  7. #include "or.h"
  8. #include "test.h"
  9. /** Run unit tests for Diffie-Hellman functionality. */
  10. static void
  11. test_crypto_dh(void)
  12. {
  13. crypto_dh_env_t *dh1 = crypto_dh_new();
  14. crypto_dh_env_t *dh2 = crypto_dh_new();
  15. char p1[DH_BYTES];
  16. char p2[DH_BYTES];
  17. char s1[DH_BYTES];
  18. char s2[DH_BYTES];
  19. ssize_t s1len, s2len;
  20. test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
  21. test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
  22. memset(p1, 0, DH_BYTES);
  23. memset(p2, 0, DH_BYTES);
  24. test_memeq(p1, p2, DH_BYTES);
  25. test_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
  26. test_memneq(p1, p2, DH_BYTES);
  27. test_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
  28. test_memneq(p1, p2, DH_BYTES);
  29. memset(s1, 0, DH_BYTES);
  30. memset(s2, 0xFF, DH_BYTES);
  31. s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
  32. s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
  33. test_assert(s1len > 0);
  34. test_eq(s1len, s2len);
  35. test_memeq(s1, s2, s1len);
  36. {
  37. /* XXXX Now fabricate some bad values and make sure they get caught,
  38. * Check 0, 1, N-1, >= N, etc.
  39. */
  40. }
  41. done:
  42. crypto_dh_free(dh1);
  43. crypto_dh_free(dh2);
  44. }
  45. /** Run unit tests for our random number generation function and its wrappers.
  46. */
  47. static void
  48. test_crypto_rng(void)
  49. {
  50. int i, j, allok;
  51. char data1[100], data2[100];
  52. /* Try out RNG. */
  53. test_assert(! crypto_seed_rng(0));
  54. crypto_rand(data1, 100);
  55. crypto_rand(data2, 100);
  56. test_memneq(data1,data2,100);
  57. allok = 1;
  58. for (i = 0; i < 100; ++i) {
  59. uint64_t big;
  60. char *host;
  61. j = crypto_rand_int(100);
  62. if (i < 0 || i >= 100)
  63. allok = 0;
  64. big = crypto_rand_uint64(U64_LITERAL(1)<<40);
  65. if (big >= (U64_LITERAL(1)<<40))
  66. allok = 0;
  67. big = crypto_rand_uint64(U64_LITERAL(5));
  68. if (big >= 5)
  69. allok = 0;
  70. host = crypto_random_hostname(3,8,"www.",".onion");
  71. if (strcmpstart(host,"www.") ||
  72. strcmpend(host,".onion") ||
  73. strlen(host) < 13 ||
  74. strlen(host) > 18)
  75. allok = 0;
  76. tor_free(host);
  77. }
  78. test_assert(allok);
  79. done:
  80. ;
  81. }
  82. /** Run unit tests for our AES functionality */
  83. static void
  84. test_crypto_aes(void)
  85. {
  86. char *data1 = NULL, *data2 = NULL, *data3 = NULL;
  87. crypto_cipher_env_t *env1 = NULL, *env2 = NULL;
  88. int i, j;
  89. char *mem_op_hex_tmp=NULL;
  90. data1 = tor_malloc(1024);
  91. data2 = tor_malloc(1024);
  92. data3 = tor_malloc(1024);
  93. /* Now, test encryption and decryption with stream cipher. */
  94. data1[0]='\0';
  95. for (i = 1023; i>0; i -= 35)
  96. strncat(data1, "Now is the time for all good onions", i);
  97. memset(data2, 0, 1024);
  98. memset(data3, 0, 1024);
  99. env1 = crypto_new_cipher_env();
  100. test_neq(env1, 0);
  101. env2 = crypto_new_cipher_env();
  102. test_neq(env2, 0);
  103. j = crypto_cipher_generate_key(env1);
  104. crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
  105. crypto_cipher_encrypt_init_cipher(env1);
  106. crypto_cipher_decrypt_init_cipher(env2);
  107. /* Try encrypting 512 chars. */
  108. crypto_cipher_encrypt(env1, data2, data1, 512);
  109. crypto_cipher_decrypt(env2, data3, data2, 512);
  110. test_memeq(data1, data3, 512);
  111. test_memneq(data1, data2, 512);
  112. /* Now encrypt 1 at a time, and get 1 at a time. */
  113. for (j = 512; j < 560; ++j) {
  114. crypto_cipher_encrypt(env1, data2+j, data1+j, 1);
  115. }
  116. for (j = 512; j < 560; ++j) {
  117. crypto_cipher_decrypt(env2, data3+j, data2+j, 1);
  118. }
  119. test_memeq(data1, data3, 560);
  120. /* Now encrypt 3 at a time, and get 5 at a time. */
  121. for (j = 560; j < 1024-5; j += 3) {
  122. crypto_cipher_encrypt(env1, data2+j, data1+j, 3);
  123. }
  124. for (j = 560; j < 1024-5; j += 5) {
  125. crypto_cipher_decrypt(env2, data3+j, data2+j, 5);
  126. }
  127. test_memeq(data1, data3, 1024-5);
  128. /* Now make sure that when we encrypt with different chunk sizes, we get
  129. the same results. */
  130. crypto_free_cipher_env(env2);
  131. env2 = NULL;
  132. memset(data3, 0, 1024);
  133. env2 = crypto_new_cipher_env();
  134. test_neq(env2, 0);
  135. crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
  136. crypto_cipher_encrypt_init_cipher(env2);
  137. for (j = 0; j < 1024-16; j += 17) {
  138. crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
  139. }
  140. for (j= 0; j < 1024-16; ++j) {
  141. if (data2[j] != data3[j]) {
  142. printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]);
  143. }
  144. }
  145. test_memeq(data2, data3, 1024-16);
  146. crypto_free_cipher_env(env1);
  147. env1 = NULL;
  148. crypto_free_cipher_env(env2);
  149. env2 = NULL;
  150. /* NIST test vector for aes. */
  151. env1 = crypto_new_cipher_env(); /* IV starts at 0 */
  152. crypto_cipher_set_key(env1, "\x80\x00\x00\x00\x00\x00\x00\x00"
  153. "\x00\x00\x00\x00\x00\x00\x00\x00");
  154. crypto_cipher_encrypt_init_cipher(env1);
  155. crypto_cipher_encrypt(env1, data1,
  156. "\x00\x00\x00\x00\x00\x00\x00\x00"
  157. "\x00\x00\x00\x00\x00\x00\x00\x00", 16);
  158. test_memeq_hex(data1, "0EDD33D3C621E546455BD8BA1418BEC8");
  159. /* Now test rollover. All these values are originally from a python
  160. * script. */
  161. crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\x00\x00\x00\x00"
  162. "\xff\xff\xff\xff\xff\xff\xff\xff");
  163. memset(data2, 0, 1024);
  164. crypto_cipher_encrypt(env1, data1, data2, 32);
  165. test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231"
  166. "cdd0b917dbc7186908a6bfb5ffd574d3");
  167. crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\xff\xff\xff\xff"
  168. "\xff\xff\xff\xff\xff\xff\xff\xff");
  169. memset(data2, 0, 1024);
  170. crypto_cipher_encrypt(env1, data1, data2, 32);
  171. test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73"
  172. "3e63c721df790d2c6469cc1953a3ffac");
  173. crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
  174. "\xff\xff\xff\xff\xff\xff\xff\xff");
  175. memset(data2, 0, 1024);
  176. crypto_cipher_encrypt(env1, data1, data2, 32);
  177. test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a"
  178. "0EDD33D3C621E546455BD8BA1418BEC8");
  179. /* Now check rollover on inplace cipher. */
  180. crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
  181. "\xff\xff\xff\xff\xff\xff\xff\xff");
  182. crypto_cipher_crypt_inplace(env1, data2, 64);
  183. test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a"
  184. "0EDD33D3C621E546455BD8BA1418BEC8"
  185. "93e2c5243d6839eac58503919192f7ae"
  186. "1908e67cafa08d508816659c2e693191");
  187. crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
  188. "\xff\xff\xff\xff\xff\xff\xff\xff");
  189. crypto_cipher_crypt_inplace(env1, data2, 64);
  190. test_assert(tor_mem_is_zero(data2, 64));
  191. done:
  192. tor_free(mem_op_hex_tmp);
  193. if (env1)
  194. crypto_free_cipher_env(env1);
  195. if (env2)
  196. crypto_free_cipher_env(env2);
  197. tor_free(data1);
  198. tor_free(data2);
  199. tor_free(data3);
  200. }
  201. /** Run unit tests for our SHA-1 functionality */
  202. static void
  203. test_crypto_sha(void)
  204. {
  205. crypto_digest_env_t *d1 = NULL, *d2 = NULL;
  206. int i;
  207. char key[80];
  208. char digest[32];
  209. char data[50];
  210. char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
  211. char *mem_op_hex_tmp=NULL;
  212. /* Test SHA-1 with a test vector from the specification. */
  213. i = crypto_digest(data, "abc", 3);
  214. test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
  215. /* Test SHA-256 with a test vector from the specification. */
  216. i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
  217. test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
  218. "96177A9CB410FF61F20015AD");
  219. /* Test HMAC-SHA-1 with test cases from RFC2202. */
  220. /* Case 1. */
  221. memset(key, 0x0b, 20);
  222. crypto_hmac_sha1(digest, key, 20, "Hi There", 8);
  223. test_streq(hex_str(digest, 20),
  224. "B617318655057264E28BC0B6FB378C8EF146BE00");
  225. /* Case 2. */
  226. crypto_hmac_sha1(digest, "Jefe", 4, "what do ya want for nothing?", 28);
  227. test_streq(hex_str(digest, 20),
  228. "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
  229. /* Case 4. */
  230. base16_decode(key, 25,
  231. "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
  232. memset(data, 0xcd, 50);
  233. crypto_hmac_sha1(digest, key, 25, data, 50);
  234. test_streq(hex_str(digest, 20),
  235. "4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
  236. /* Case 5. */
  237. memset(key, 0xaa, 80);
  238. crypto_hmac_sha1(digest, key, 80,
  239. "Test Using Larger Than Block-Size Key - Hash Key First",
  240. 54);
  241. test_streq(hex_str(digest, 20),
  242. "AA4AE5E15272D00E95705637CE8A3B55ED402112");
  243. /* Incremental digest code. */
  244. d1 = crypto_new_digest_env();
  245. test_assert(d1);
  246. crypto_digest_add_bytes(d1, "abcdef", 6);
  247. d2 = crypto_digest_dup(d1);
  248. test_assert(d2);
  249. crypto_digest_add_bytes(d2, "ghijkl", 6);
  250. crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
  251. crypto_digest(d_out2, "abcdefghijkl", 12);
  252. test_memeq(d_out1, d_out2, DIGEST_LEN);
  253. crypto_digest_assign(d2, d1);
  254. crypto_digest_add_bytes(d2, "mno", 3);
  255. crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
  256. crypto_digest(d_out2, "abcdefmno", 9);
  257. test_memeq(d_out1, d_out2, DIGEST_LEN);
  258. crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
  259. crypto_digest(d_out2, "abcdef", 6);
  260. test_memeq(d_out1, d_out2, DIGEST_LEN);
  261. crypto_free_digest_env(d1);
  262. crypto_free_digest_env(d2);
  263. /* Incremental digest code with sha256 */
  264. d1 = crypto_new_digest256_env(DIGEST_SHA256);
  265. test_assert(d1);
  266. crypto_digest_add_bytes(d1, "abcdef", 6);
  267. d2 = crypto_digest_dup(d1);
  268. test_assert(d2);
  269. crypto_digest_add_bytes(d2, "ghijkl", 6);
  270. crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
  271. crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
  272. test_memeq(d_out1, d_out2, DIGEST_LEN);
  273. crypto_digest_assign(d2, d1);
  274. crypto_digest_add_bytes(d2, "mno", 3);
  275. crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
  276. crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
  277. test_memeq(d_out1, d_out2, DIGEST_LEN);
  278. crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
  279. crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
  280. test_memeq(d_out1, d_out2, DIGEST_LEN);
  281. done:
  282. if (d1)
  283. crypto_free_digest_env(d1);
  284. if (d2)
  285. crypto_free_digest_env(d2);
  286. tor_free(mem_op_hex_tmp);
  287. }
  288. /** Run unit tests for our public key crypto functions */
  289. static void
  290. test_crypto_pk(void)
  291. {
  292. crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
  293. char *encoded = NULL;
  294. char data1[1024], data2[1024], data3[1024];
  295. size_t size;
  296. int i, j, p, len;
  297. /* Public-key ciphers */
  298. pk1 = pk_generate(0);
  299. pk2 = crypto_new_pk_env();
  300. test_assert(pk1 && pk2);
  301. test_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
  302. test_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
  303. test_eq(0, crypto_pk_cmp_keys(pk1, pk2));
  304. test_eq(128, crypto_pk_keysize(pk1));
  305. test_eq(128, crypto_pk_keysize(pk2));
  306. test_eq(128, crypto_pk_public_encrypt(pk2, data1, "Hello whirled.", 15,
  307. PK_PKCS1_OAEP_PADDING));
  308. test_eq(128, crypto_pk_public_encrypt(pk1, data2, "Hello whirled.", 15,
  309. PK_PKCS1_OAEP_PADDING));
  310. /* oaep padding should make encryption not match */
  311. test_memneq(data1, data2, 128);
  312. test_eq(15, crypto_pk_private_decrypt(pk1, data3, data1, 128,
  313. PK_PKCS1_OAEP_PADDING,1));
  314. test_streq(data3, "Hello whirled.");
  315. memset(data3, 0, 1024);
  316. test_eq(15, crypto_pk_private_decrypt(pk1, data3, data2, 128,
  317. PK_PKCS1_OAEP_PADDING,1));
  318. test_streq(data3, "Hello whirled.");
  319. /* Can't decrypt with public key. */
  320. test_eq(-1, crypto_pk_private_decrypt(pk2, data3, data2, 128,
  321. PK_PKCS1_OAEP_PADDING,1));
  322. /* Try again with bad padding */
  323. memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
  324. test_eq(-1, crypto_pk_private_decrypt(pk1, data3, data2, 128,
  325. PK_PKCS1_OAEP_PADDING,1));
  326. /* File operations: save and load private key */
  327. test_assert(! crypto_pk_write_private_key_to_filename(pk1,
  328. get_fname("pkey1")));
  329. /* failing case for read: can't read. */
  330. test_assert(crypto_pk_read_private_key_from_filename(pk2,
  331. get_fname("xyzzy")) < 0);
  332. write_str_to_file(get_fname("xyzzy"), "foobar", 6);
  333. /* Failing case for read: no key. */
  334. test_assert(crypto_pk_read_private_key_from_filename(pk2,
  335. get_fname("xyzzy")) < 0);
  336. test_assert(! crypto_pk_read_private_key_from_filename(pk2,
  337. get_fname("pkey1")));
  338. test_eq(15, crypto_pk_private_decrypt(pk2, data3, data1, 128,
  339. PK_PKCS1_OAEP_PADDING,1));
  340. /* Now try signing. */
  341. strlcpy(data1, "Ossifrage", 1024);
  342. test_eq(128, crypto_pk_private_sign(pk1, data2, data1, 10));
  343. test_eq(10, crypto_pk_public_checksig(pk1, data3, data2, 128));
  344. test_streq(data3, "Ossifrage");
  345. /* Try signing digests. */
  346. test_eq(128, crypto_pk_private_sign_digest(pk1, data2, data1, 10));
  347. test_eq(20, crypto_pk_public_checksig(pk1, data3, data2, 128));
  348. test_eq(0, crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128));
  349. test_eq(-1, crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128));
  350. /*XXXX test failed signing*/
  351. /* Try encoding */
  352. crypto_free_pk_env(pk2);
  353. pk2 = NULL;
  354. i = crypto_pk_asn1_encode(pk1, data1, 1024);
  355. test_assert(i>0);
  356. pk2 = crypto_pk_asn1_decode(data1, i);
  357. test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
  358. /* Try with hybrid encryption wrappers. */
  359. crypto_rand(data1, 1024);
  360. for (i = 0; i < 3; ++i) {
  361. for (j = 85; j < 140; ++j) {
  362. memset(data2,0,1024);
  363. memset(data3,0,1024);
  364. if (i == 0 && j < 129)
  365. continue;
  366. p = (i==0)?PK_NO_PADDING:
  367. (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
  368. len = crypto_pk_public_hybrid_encrypt(pk1,data2,data1,j,p,0);
  369. test_assert(len>=0);
  370. len = crypto_pk_private_hybrid_decrypt(pk1,data3,data2,len,p,1);
  371. test_eq(len,j);
  372. test_memeq(data1,data3,j);
  373. }
  374. }
  375. /* Try copy_full */
  376. crypto_free_pk_env(pk2);
  377. pk2 = crypto_pk_copy_full(pk1);
  378. test_assert(pk2 != NULL);
  379. test_neq_ptr(pk1, pk2);
  380. test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
  381. done:
  382. if (pk1)
  383. crypto_free_pk_env(pk1);
  384. if (pk2)
  385. crypto_free_pk_env(pk2);
  386. tor_free(encoded);
  387. }
  388. /** Run unit tests for misc crypto formatting functionality (base64, base32,
  389. * fingerprints, etc) */
  390. static void
  391. test_crypto_formats(void)
  392. {
  393. char *data1 = NULL, *data2 = NULL, *data3 = NULL;
  394. int i, j, idx;
  395. data1 = tor_malloc(1024);
  396. data2 = tor_malloc(1024);
  397. data3 = tor_malloc(1024);
  398. test_assert(data1 && data2 && data3);
  399. /* Base64 tests */
  400. memset(data1, 6, 1024);
  401. for (idx = 0; idx < 10; ++idx) {
  402. i = base64_encode(data2, 1024, data1, idx);
  403. test_assert(i >= 0);
  404. j = base64_decode(data3, 1024, data2, i);
  405. test_eq(j,idx);
  406. test_memeq(data3, data1, idx);
  407. }
  408. strlcpy(data1, "Test string that contains 35 chars.", 1024);
  409. strlcat(data1, " 2nd string that contains 35 chars.", 1024);
  410. i = base64_encode(data2, 1024, data1, 71);
  411. test_assert(i >= 0);
  412. j = base64_decode(data3, 1024, data2, i);
  413. test_eq(j, 71);
  414. test_streq(data3, data1);
  415. test_assert(data2[i] == '\0');
  416. crypto_rand(data1, DIGEST_LEN);
  417. memset(data2, 100, 1024);
  418. digest_to_base64(data2, data1);
  419. test_eq(BASE64_DIGEST_LEN, strlen(data2));
  420. test_eq(100, data2[BASE64_DIGEST_LEN+2]);
  421. memset(data3, 99, 1024);
  422. test_eq(digest_from_base64(data3, data2), 0);
  423. test_memeq(data1, data3, DIGEST_LEN);
  424. test_eq(99, data3[DIGEST_LEN+1]);
  425. test_assert(digest_from_base64(data3, "###") < 0);
  426. /* Encoding SHA256 */
  427. crypto_rand(data2, DIGEST256_LEN);
  428. memset(data2, 100, 1024);
  429. digest256_to_base64(data2, data1);
  430. test_eq(BASE64_DIGEST256_LEN, strlen(data2));
  431. test_eq(100, data2[BASE64_DIGEST256_LEN+2]);
  432. memset(data3, 99, 1024);
  433. test_eq(digest256_from_base64(data3, data2), 0);
  434. test_memeq(data1, data3, DIGEST256_LEN);
  435. test_eq(99, data3[DIGEST256_LEN+1]);
  436. /* Base32 tests */
  437. strlcpy(data1, "5chrs", 1024);
  438. /* bit pattern is: [35 63 68 72 73] ->
  439. * [00110101 01100011 01101000 01110010 01110011]
  440. * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
  441. */
  442. base32_encode(data2, 9, data1, 5);
  443. test_streq(data2, "gvrwq4tt");
  444. strlcpy(data1, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
  445. base32_encode(data2, 30, data1, 10);
  446. test_streq(data2, "772w2rfobvomsywe");
  447. /* Base16 tests */
  448. strlcpy(data1, "6chrs\xff", 1024);
  449. base16_encode(data2, 13, data1, 6);
  450. test_streq(data2, "3663687273FF");
  451. strlcpy(data1, "f0d678affc000100", 1024);
  452. i = base16_decode(data2, 8, data1, 16);
  453. test_eq(i,0);
  454. test_memeq(data2, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
  455. /* now try some failing base16 decodes */
  456. test_eq(-1, base16_decode(data2, 8, data1, 15)); /* odd input len */
  457. test_eq(-1, base16_decode(data2, 7, data1, 16)); /* dest too short */
  458. strlcpy(data1, "f0dz!8affc000100", 1024);
  459. test_eq(-1, base16_decode(data2, 8, data1, 16));
  460. tor_free(data1);
  461. tor_free(data2);
  462. tor_free(data3);
  463. /* Add spaces to fingerprint */
  464. {
  465. data1 = tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
  466. test_eq(strlen(data1), 40);
  467. data2 = tor_malloc(FINGERPRINT_LEN+1);
  468. add_spaces_to_fp(data2, FINGERPRINT_LEN+1, data1);
  469. test_streq(data2, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
  470. tor_free(data1);
  471. tor_free(data2);
  472. }
  473. /* Check fingerprint */
  474. {
  475. test_assert(crypto_pk_check_fingerprint_syntax(
  476. "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000"));
  477. test_assert(!crypto_pk_check_fingerprint_syntax(
  478. "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 000"));
  479. test_assert(!crypto_pk_check_fingerprint_syntax(
  480. "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
  481. test_assert(!crypto_pk_check_fingerprint_syntax(
  482. "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 0000"));
  483. test_assert(!crypto_pk_check_fingerprint_syntax(
  484. "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 00000"));
  485. test_assert(!crypto_pk_check_fingerprint_syntax(
  486. "ACD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
  487. }
  488. done:
  489. tor_free(data1);
  490. tor_free(data2);
  491. tor_free(data3);
  492. }
  493. /** Run unit tests for our secret-to-key passphrase hashing functionality. */
  494. static void
  495. test_crypto_s2k(void)
  496. {
  497. char buf[29];
  498. char buf2[29];
  499. char *buf3 = NULL;
  500. int i;
  501. memset(buf, 0, sizeof(buf));
  502. memset(buf2, 0, sizeof(buf2));
  503. buf3 = tor_malloc(65536);
  504. memset(buf3, 0, 65536);
  505. secret_to_key(buf+9, 20, "", 0, buf);
  506. crypto_digest(buf2+9, buf3, 1024);
  507. test_memeq(buf, buf2, 29);
  508. memcpy(buf,"vrbacrda",8);
  509. memcpy(buf2,"vrbacrda",8);
  510. buf[8] = 96;
  511. buf2[8] = 96;
  512. secret_to_key(buf+9, 20, "12345678", 8, buf);
  513. for (i = 0; i < 65536; i += 16) {
  514. memcpy(buf3+i, "vrbacrda12345678", 16);
  515. }
  516. crypto_digest(buf2+9, buf3, 65536);
  517. test_memeq(buf, buf2, 29);
  518. done:
  519. tor_free(buf3);
  520. }
  521. /** Test AES-CTR encryption and decryption with IV. */
  522. static void
  523. test_crypto_aes_iv(void)
  524. {
  525. crypto_cipher_env_t *cipher;
  526. char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2;
  527. char plain_1[1], plain_15[15], plain_16[16], plain_17[17];
  528. char key1[16], key2[16];
  529. ssize_t encrypted_size, decrypted_size;
  530. plain = tor_malloc(4095);
  531. encrypted1 = tor_malloc(4095 + 1 + 16);
  532. encrypted2 = tor_malloc(4095 + 1 + 16);
  533. decrypted1 = tor_malloc(4095 + 1);
  534. decrypted2 = tor_malloc(4095 + 1);
  535. crypto_rand(plain, 4095);
  536. crypto_rand(key1, 16);
  537. crypto_rand(key2, 16);
  538. crypto_rand(plain_1, 1);
  539. crypto_rand(plain_15, 15);
  540. crypto_rand(plain_16, 16);
  541. crypto_rand(plain_17, 17);
  542. key1[0] = key2[0] + 128; /* Make sure that contents are different. */
  543. /* Encrypt and decrypt with the same key. */
  544. cipher = crypto_create_init_cipher(key1, 1);
  545. encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 4095,
  546. plain, 4095);
  547. crypto_free_cipher_env(cipher);
  548. cipher = NULL;
  549. test_eq(encrypted_size, 16 + 4095);
  550. tor_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
  551. * greater than 0, but its truth is not
  552. * obvious to all analysis tools. */
  553. cipher = crypto_create_init_cipher(key1, 0);
  554. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
  555. encrypted1, encrypted_size);
  556. crypto_free_cipher_env(cipher);
  557. cipher = NULL;
  558. test_eq(decrypted_size, 4095);
  559. tor_assert(decrypted_size > 0);
  560. test_memeq(plain, decrypted1, 4095);
  561. /* Encrypt a second time (with a new random initialization vector). */
  562. cipher = crypto_create_init_cipher(key1, 1);
  563. encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted2, 16 + 4095,
  564. plain, 4095);
  565. crypto_free_cipher_env(cipher);
  566. cipher = NULL;
  567. test_eq(encrypted_size, 16 + 4095);
  568. tor_assert(encrypted_size > 0);
  569. cipher = crypto_create_init_cipher(key1, 0);
  570. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
  571. encrypted2, encrypted_size);
  572. crypto_free_cipher_env(cipher);
  573. cipher = NULL;
  574. test_eq(decrypted_size, 4095);
  575. tor_assert(decrypted_size > 0);
  576. test_memeq(plain, decrypted2, 4095);
  577. test_memneq(encrypted1, encrypted2, encrypted_size);
  578. /* Decrypt with the wrong key. */
  579. cipher = crypto_create_init_cipher(key2, 0);
  580. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
  581. encrypted1, encrypted_size);
  582. crypto_free_cipher_env(cipher);
  583. cipher = NULL;
  584. test_memneq(plain, decrypted2, encrypted_size);
  585. /* Alter the initialization vector. */
  586. encrypted1[0] += 42;
  587. cipher = crypto_create_init_cipher(key1, 0);
  588. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
  589. encrypted1, encrypted_size);
  590. crypto_free_cipher_env(cipher);
  591. cipher = NULL;
  592. test_memneq(plain, decrypted2, 4095);
  593. /* Special length case: 1. */
  594. cipher = crypto_create_init_cipher(key1, 1);
  595. encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 1,
  596. plain_1, 1);
  597. crypto_free_cipher_env(cipher);
  598. cipher = NULL;
  599. test_eq(encrypted_size, 16 + 1);
  600. tor_assert(encrypted_size > 0);
  601. cipher = crypto_create_init_cipher(key1, 0);
  602. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 1,
  603. encrypted1, encrypted_size);
  604. crypto_free_cipher_env(cipher);
  605. cipher = NULL;
  606. test_eq(decrypted_size, 1);
  607. tor_assert(decrypted_size > 0);
  608. test_memeq(plain_1, decrypted1, 1);
  609. /* Special length case: 15. */
  610. cipher = crypto_create_init_cipher(key1, 1);
  611. encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 15,
  612. plain_15, 15);
  613. crypto_free_cipher_env(cipher);
  614. cipher = NULL;
  615. test_eq(encrypted_size, 16 + 15);
  616. tor_assert(encrypted_size > 0);
  617. cipher = crypto_create_init_cipher(key1, 0);
  618. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 15,
  619. encrypted1, encrypted_size);
  620. crypto_free_cipher_env(cipher);
  621. cipher = NULL;
  622. test_eq(decrypted_size, 15);
  623. tor_assert(decrypted_size > 0);
  624. test_memeq(plain_15, decrypted1, 15);
  625. /* Special length case: 16. */
  626. cipher = crypto_create_init_cipher(key1, 1);
  627. encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 16,
  628. plain_16, 16);
  629. crypto_free_cipher_env(cipher);
  630. cipher = NULL;
  631. test_eq(encrypted_size, 16 + 16);
  632. tor_assert(encrypted_size > 0);
  633. cipher = crypto_create_init_cipher(key1, 0);
  634. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 16,
  635. encrypted1, encrypted_size);
  636. crypto_free_cipher_env(cipher);
  637. cipher = NULL;
  638. test_eq(decrypted_size, 16);
  639. tor_assert(decrypted_size > 0);
  640. test_memeq(plain_16, decrypted1, 16);
  641. /* Special length case: 17. */
  642. cipher = crypto_create_init_cipher(key1, 1);
  643. encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 17,
  644. plain_17, 17);
  645. crypto_free_cipher_env(cipher);
  646. cipher = NULL;
  647. test_eq(encrypted_size, 16 + 17);
  648. tor_assert(encrypted_size > 0);
  649. cipher = crypto_create_init_cipher(key1, 0);
  650. decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 17,
  651. encrypted1, encrypted_size);
  652. test_eq(decrypted_size, 17);
  653. tor_assert(decrypted_size > 0);
  654. test_memeq(plain_17, decrypted1, 17);
  655. done:
  656. /* Free memory. */
  657. tor_free(plain);
  658. tor_free(encrypted1);
  659. tor_free(encrypted2);
  660. tor_free(decrypted1);
  661. tor_free(decrypted2);
  662. if (cipher)
  663. crypto_free_cipher_env(cipher);
  664. }
  665. /** Test base32 decoding. */
  666. static void
  667. test_crypto_base32_decode(void)
  668. {
  669. char plain[60], encoded[96 + 1], decoded[60];
  670. int res;
  671. crypto_rand(plain, 60);
  672. /* Encode and decode a random string. */
  673. base32_encode(encoded, 96 + 1, plain, 60);
  674. res = base32_decode(decoded, 60, encoded, 96);
  675. test_eq(res, 0);
  676. test_memeq(plain, decoded, 60);
  677. /* Encode, uppercase, and decode a random string. */
  678. base32_encode(encoded, 96 + 1, plain, 60);
  679. tor_strupper(encoded);
  680. res = base32_decode(decoded, 60, encoded, 96);
  681. test_eq(res, 0);
  682. test_memeq(plain, decoded, 60);
  683. /* Change encoded string and decode. */
  684. if (encoded[0] == 'A' || encoded[0] == 'a')
  685. encoded[0] = 'B';
  686. else
  687. encoded[0] = 'A';
  688. res = base32_decode(decoded, 60, encoded, 96);
  689. test_eq(res, 0);
  690. test_memneq(plain, decoded, 60);
  691. /* Bad encodings. */
  692. encoded[0] = '!';
  693. res = base32_decode(decoded, 60, encoded, 96);
  694. test_assert(res < 0);
  695. done:
  696. ;
  697. }
  698. #define CRYPTO_LEGACY(name) \
  699. { #name, legacy_test_helper, 0, &legacy_setup, test_crypto_ ## name }
  700. struct testcase_t crypto_tests[] = {
  701. CRYPTO_LEGACY(formats),
  702. CRYPTO_LEGACY(rng),
  703. CRYPTO_LEGACY(aes),
  704. CRYPTO_LEGACY(sha),
  705. CRYPTO_LEGACY(pk),
  706. CRYPTO_LEGACY(dh),
  707. CRYPTO_LEGACY(s2k),
  708. CRYPTO_LEGACY(aes_iv),
  709. CRYPTO_LEGACY(base32_decode),
  710. END_OF_TESTCASES
  711. };