1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038 |
- /* Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
- /* See LICENSE for licensing information */
- #include "orconfig.h"
- #define CRYPTO_CURVE25519_PRIVATE
- #define CRYPTO_S2K_PRIVATE
- #include "or.h"
- #include "test.h"
- #include "aes.h"
- #include "util.h"
- #include "siphash.h"
- #include "crypto_curve25519.h"
- #include "crypto_ed25519.h"
- #include "ed25519_vectors.inc"
- #include "crypto_s2k.h"
- #include "crypto_pwbox.h"
- extern const char AUTHORITY_SIGNKEY_3[];
- extern const char AUTHORITY_SIGNKEY_A_DIGEST[];
- extern const char AUTHORITY_SIGNKEY_A_DIGEST256[];
- /** Run unit tests for Diffie-Hellman functionality. */
- static void
- test_crypto_dh(void *arg)
- {
- crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
- crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
- char p1[DH_BYTES];
- char p2[DH_BYTES];
- char s1[DH_BYTES];
- char s2[DH_BYTES];
- ssize_t s1len, s2len;
- (void)arg;
- tt_int_op(crypto_dh_get_bytes(dh1),==, DH_BYTES);
- tt_int_op(crypto_dh_get_bytes(dh2),==, DH_BYTES);
- memset(p1, 0, DH_BYTES);
- memset(p2, 0, DH_BYTES);
- tt_mem_op(p1,==, p2, DH_BYTES);
- tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
- tt_mem_op(p1,!=, p2, DH_BYTES);
- tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
- tt_mem_op(p1,!=, p2, DH_BYTES);
- memset(s1, 0, DH_BYTES);
- memset(s2, 0xFF, DH_BYTES);
- s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
- s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
- tt_assert(s1len > 0);
- tt_int_op(s1len,==, s2len);
- tt_mem_op(s1,==, s2, s1len);
- {
- /* XXXX Now fabricate some bad values and make sure they get caught,
- * Check 0, 1, N-1, >= N, etc.
- */
- }
- done:
- crypto_dh_free(dh1);
- crypto_dh_free(dh2);
- }
- /** Run unit tests for our random number generation function and its wrappers.
- */
- static void
- test_crypto_rng(void *arg)
- {
- int i, j, allok;
- char data1[100], data2[100];
- double d;
- /* Try out RNG. */
- (void)arg;
- tt_assert(! crypto_seed_rng(0));
- crypto_rand(data1, 100);
- crypto_rand(data2, 100);
- tt_mem_op(data1,!=, data2,100);
- allok = 1;
- for (i = 0; i < 100; ++i) {
- uint64_t big;
- char *host;
- j = crypto_rand_int(100);
- if (j < 0 || j >= 100)
- allok = 0;
- big = crypto_rand_uint64(U64_LITERAL(1)<<40);
- if (big >= (U64_LITERAL(1)<<40))
- allok = 0;
- big = crypto_rand_uint64(U64_LITERAL(5));
- if (big >= 5)
- allok = 0;
- d = crypto_rand_double();
- tt_assert(d >= 0);
- tt_assert(d < 1.0);
- host = crypto_random_hostname(3,8,"www.",".onion");
- if (strcmpstart(host,"www.") ||
- strcmpend(host,".onion") ||
- strlen(host) < 13 ||
- strlen(host) > 18)
- allok = 0;
- tor_free(host);
- }
- tt_assert(allok);
- done:
- ;
- }
- /** Run unit tests for our AES functionality */
- static void
- test_crypto_aes(void *arg)
- {
- char *data1 = NULL, *data2 = NULL, *data3 = NULL;
- crypto_cipher_t *env1 = NULL, *env2 = NULL;
- int i, j;
- char *mem_op_hex_tmp=NULL;
- int use_evp = !strcmp(arg,"evp");
- evaluate_evp_for_aes(use_evp);
- evaluate_ctr_for_aes();
- data1 = tor_malloc(1024);
- data2 = tor_malloc(1024);
- data3 = tor_malloc(1024);
- /* Now, test encryption and decryption with stream cipher. */
- data1[0]='\0';
- for (i = 1023; i>0; i -= 35)
- strncat(data1, "Now is the time for all good onions", i);
- memset(data2, 0, 1024);
- memset(data3, 0, 1024);
- env1 = crypto_cipher_new(NULL);
- tt_ptr_op(env1, !=, NULL);
- env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
- tt_ptr_op(env2, !=, NULL);
- /* Try encrypting 512 chars. */
- crypto_cipher_encrypt(env1, data2, data1, 512);
- crypto_cipher_decrypt(env2, data3, data2, 512);
- tt_mem_op(data1,==, data3, 512);
- tt_mem_op(data1,!=, data2, 512);
- /* Now encrypt 1 at a time, and get 1 at a time. */
- for (j = 512; j < 560; ++j) {
- crypto_cipher_encrypt(env1, data2+j, data1+j, 1);
- }
- for (j = 512; j < 560; ++j) {
- crypto_cipher_decrypt(env2, data3+j, data2+j, 1);
- }
- tt_mem_op(data1,==, data3, 560);
- /* Now encrypt 3 at a time, and get 5 at a time. */
- for (j = 560; j < 1024-5; j += 3) {
- crypto_cipher_encrypt(env1, data2+j, data1+j, 3);
- }
- for (j = 560; j < 1024-5; j += 5) {
- crypto_cipher_decrypt(env2, data3+j, data2+j, 5);
- }
- tt_mem_op(data1,==, data3, 1024-5);
- /* Now make sure that when we encrypt with different chunk sizes, we get
- the same results. */
- crypto_cipher_free(env2);
- env2 = NULL;
- memset(data3, 0, 1024);
- env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
- tt_ptr_op(env2, !=, NULL);
- for (j = 0; j < 1024-16; j += 17) {
- crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
- }
- for (j= 0; j < 1024-16; ++j) {
- if (data2[j] != data3[j]) {
- printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]);
- }
- }
- tt_mem_op(data2,==, data3, 1024-16);
- crypto_cipher_free(env1);
- env1 = NULL;
- crypto_cipher_free(env2);
- env2 = NULL;
- /* NIST test vector for aes. */
- /* IV starts at 0 */
- env1 = crypto_cipher_new("\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00");
- crypto_cipher_encrypt(env1, data1,
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00", 16);
- test_memeq_hex(data1, "0EDD33D3C621E546455BD8BA1418BEC8");
- /* Now test rollover. All these values are originally from a python
- * script. */
- crypto_cipher_free(env1);
- env1 = crypto_cipher_new_with_iv(
- "\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\xff\xff\xff\xff\xff\xff\xff\xff");
- memset(data2, 0, 1024);
- crypto_cipher_encrypt(env1, data1, data2, 32);
- test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231"
- "cdd0b917dbc7186908a6bfb5ffd574d3");
- crypto_cipher_free(env1);
- env1 = crypto_cipher_new_with_iv(
- "\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x00\x00\x00\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff");
- memset(data2, 0, 1024);
- crypto_cipher_encrypt(env1, data1, data2, 32);
- test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73"
- "3e63c721df790d2c6469cc1953a3ffac");
- crypto_cipher_free(env1);
- env1 = crypto_cipher_new_with_iv(
- "\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff");
- memset(data2, 0, 1024);
- crypto_cipher_encrypt(env1, data1, data2, 32);
- test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a"
- "0EDD33D3C621E546455BD8BA1418BEC8");
- /* Now check rollover on inplace cipher. */
- crypto_cipher_free(env1);
- env1 = crypto_cipher_new_with_iv(
- "\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff");
- crypto_cipher_crypt_inplace(env1, data2, 64);
- test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a"
- "0EDD33D3C621E546455BD8BA1418BEC8"
- "93e2c5243d6839eac58503919192f7ae"
- "1908e67cafa08d508816659c2e693191");
- crypto_cipher_free(env1);
- env1 = crypto_cipher_new_with_iv(
- "\x80\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff");
- crypto_cipher_crypt_inplace(env1, data2, 64);
- tt_assert(tor_mem_is_zero(data2, 64));
- done:
- tor_free(mem_op_hex_tmp);
- if (env1)
- crypto_cipher_free(env1);
- if (env2)
- crypto_cipher_free(env2);
- tor_free(data1);
- tor_free(data2);
- tor_free(data3);
- }
- /** Run unit tests for our SHA-1 functionality */
- static void
- test_crypto_sha(void *arg)
- {
- crypto_digest_t *d1 = NULL, *d2 = NULL;
- int i;
- char key[160];
- char digest[32];
- char data[50];
- char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
- char *mem_op_hex_tmp=NULL;
- /* Test SHA-1 with a test vector from the specification. */
- (void)arg;
- i = crypto_digest(data, "abc", 3);
- test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
- tt_int_op(i, ==, 0);
- /* Test SHA-256 with a test vector from the specification. */
- i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
- test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
- "96177A9CB410FF61F20015AD");
- tt_int_op(i, ==, 0);
- /* Test HMAC-SHA256 with test cases from wikipedia and RFC 4231 */
- /* Case empty (wikipedia) */
- crypto_hmac_sha256(digest, "", 0, "", 0);
- tt_str_op(hex_str(digest, 32),==,
- "B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD");
- /* Case quick-brown (wikipedia) */
- crypto_hmac_sha256(digest, "key", 3,
- "The quick brown fox jumps over the lazy dog", 43);
- tt_str_op(hex_str(digest, 32),==,
- "F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8");
- /* "Test Case 1" from RFC 4231 */
- memset(key, 0x0b, 20);
- crypto_hmac_sha256(digest, key, 20, "Hi There", 8);
- test_memeq_hex(digest,
- "b0344c61d8db38535ca8afceaf0bf12b"
- "881dc200c9833da726e9376c2e32cff7");
- /* "Test Case 2" from RFC 4231 */
- memset(key, 0x0b, 20);
- crypto_hmac_sha256(digest, "Jefe", 4, "what do ya want for nothing?", 28);
- test_memeq_hex(digest,
- "5bdcc146bf60754e6a042426089575c7"
- "5a003f089d2739839dec58b964ec3843");
- /* "Test case 3" from RFC 4231 */
- memset(key, 0xaa, 20);
- memset(data, 0xdd, 50);
- crypto_hmac_sha256(digest, key, 20, data, 50);
- test_memeq_hex(digest,
- "773ea91e36800e46854db8ebd09181a7"
- "2959098b3ef8c122d9635514ced565fe");
- /* "Test case 4" from RFC 4231 */
- base16_decode(key, 25,
- "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
- memset(data, 0xcd, 50);
- crypto_hmac_sha256(digest, key, 25, data, 50);
- test_memeq_hex(digest,
- "82558a389a443c0ea4cc819899f2083a"
- "85f0faa3e578f8077a2e3ff46729665b");
- /* "Test case 5" from RFC 4231 */
- memset(key, 0x0c, 20);
- crypto_hmac_sha256(digest, key, 20, "Test With Truncation", 20);
- test_memeq_hex(digest,
- "a3b6167473100ee06e0c796c2955552b");
- /* "Test case 6" from RFC 4231 */
- memset(key, 0xaa, 131);
- crypto_hmac_sha256(digest, key, 131,
- "Test Using Larger Than Block-Size Key - Hash Key First",
- 54);
- test_memeq_hex(digest,
- "60e431591ee0b67f0d8a26aacbf5b77f"
- "8e0bc6213728c5140546040f0ee37f54");
- /* "Test case 7" from RFC 4231 */
- memset(key, 0xaa, 131);
- crypto_hmac_sha256(digest, key, 131,
- "This is a test using a larger than block-size key and a "
- "larger than block-size data. The key needs to be hashed "
- "before being used by the HMAC algorithm.", 152);
- test_memeq_hex(digest,
- "9b09ffa71b942fcb27635fbcd5b0e944"
- "bfdc63644f0713938a7f51535c3a35e2");
- /* Incremental digest code. */
- d1 = crypto_digest_new();
- tt_assert(d1);
- crypto_digest_add_bytes(d1, "abcdef", 6);
- d2 = crypto_digest_dup(d1);
- tt_assert(d2);
- crypto_digest_add_bytes(d2, "ghijkl", 6);
- crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
- crypto_digest(d_out2, "abcdefghijkl", 12);
- tt_mem_op(d_out1,==, d_out2, DIGEST_LEN);
- crypto_digest_assign(d2, d1);
- crypto_digest_add_bytes(d2, "mno", 3);
- crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
- crypto_digest(d_out2, "abcdefmno", 9);
- tt_mem_op(d_out1,==, d_out2, DIGEST_LEN);
- crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
- crypto_digest(d_out2, "abcdef", 6);
- tt_mem_op(d_out1,==, d_out2, DIGEST_LEN);
- crypto_digest_free(d1);
- crypto_digest_free(d2);
- /* Incremental digest code with sha256 */
- d1 = crypto_digest256_new(DIGEST_SHA256);
- tt_assert(d1);
- crypto_digest_add_bytes(d1, "abcdef", 6);
- d2 = crypto_digest_dup(d1);
- tt_assert(d2);
- crypto_digest_add_bytes(d2, "ghijkl", 6);
- crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
- crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
- tt_mem_op(d_out1,==, d_out2, DIGEST_LEN);
- crypto_digest_assign(d2, d1);
- crypto_digest_add_bytes(d2, "mno", 3);
- crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
- crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
- tt_mem_op(d_out1,==, d_out2, DIGEST_LEN);
- crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
- crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
- tt_mem_op(d_out1,==, d_out2, DIGEST_LEN);
- done:
- if (d1)
- crypto_digest_free(d1);
- if (d2)
- crypto_digest_free(d2);
- tor_free(mem_op_hex_tmp);
- }
- /** Run unit tests for our public key crypto functions */
- static void
- test_crypto_pk(void *arg)
- {
- crypto_pk_t *pk1 = NULL, *pk2 = NULL;
- char *encoded = NULL;
- char data1[1024], data2[1024], data3[1024];
- size_t size;
- int i, len;
- /* Public-key ciphers */
- (void)arg;
- pk1 = pk_generate(0);
- pk2 = crypto_pk_new();
- tt_assert(pk1 && pk2);
- tt_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
- tt_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
- tt_int_op(0,==, crypto_pk_cmp_keys(pk1, pk2));
- /* comparison between keys and NULL */
- tt_int_op(crypto_pk_cmp_keys(NULL, pk1), <, 0);
- tt_int_op(crypto_pk_cmp_keys(NULL, NULL), ==, 0);
- tt_int_op(crypto_pk_cmp_keys(pk1, NULL), >, 0);
- tt_int_op(128,==, crypto_pk_keysize(pk1));
- tt_int_op(1024,==, crypto_pk_num_bits(pk1));
- tt_int_op(128,==, crypto_pk_keysize(pk2));
- tt_int_op(1024,==, crypto_pk_num_bits(pk2));
- tt_int_op(128,==, crypto_pk_public_encrypt(pk2, data1, sizeof(data1),
- "Hello whirled.", 15,
- PK_PKCS1_OAEP_PADDING));
- tt_int_op(128,==, crypto_pk_public_encrypt(pk1, data2, sizeof(data1),
- "Hello whirled.", 15,
- PK_PKCS1_OAEP_PADDING));
- /* oaep padding should make encryption not match */
- tt_mem_op(data1,!=, data2, 128);
- tt_int_op(15,==,
- crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data1, 128,
- PK_PKCS1_OAEP_PADDING,1));
- tt_str_op(data3,==, "Hello whirled.");
- memset(data3, 0, 1024);
- tt_int_op(15,==,
- crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
- PK_PKCS1_OAEP_PADDING,1));
- tt_str_op(data3,==, "Hello whirled.");
- /* Can't decrypt with public key. */
- tt_int_op(-1,==,
- crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data2, 128,
- PK_PKCS1_OAEP_PADDING,1));
- /* Try again with bad padding */
- memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
- tt_int_op(-1,==,
- crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
- PK_PKCS1_OAEP_PADDING,1));
- /* File operations: save and load private key */
- tt_assert(! crypto_pk_write_private_key_to_filename(pk1,
- get_fname("pkey1")));
- /* failing case for read: can't read. */
- tt_assert(crypto_pk_read_private_key_from_filename(pk2,
- get_fname("xyzzy")) < 0);
- write_str_to_file(get_fname("xyzzy"), "foobar", 6);
- /* Failing case for read: no key. */
- tt_assert(crypto_pk_read_private_key_from_filename(pk2,
- get_fname("xyzzy")) < 0);
- tt_assert(! crypto_pk_read_private_key_from_filename(pk2,
- get_fname("pkey1")));
- tt_int_op(15,==,
- crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data1, 128,
- PK_PKCS1_OAEP_PADDING,1));
- /* Now try signing. */
- strlcpy(data1, "Ossifrage", 1024);
- tt_int_op(128,==,
- crypto_pk_private_sign(pk1, data2, sizeof(data2), data1, 10));
- tt_int_op(10,==,
- crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
- tt_str_op(data3,==, "Ossifrage");
- /* Try signing digests. */
- tt_int_op(128,==, crypto_pk_private_sign_digest(pk1, data2, sizeof(data2),
- data1, 10));
- tt_int_op(20,==,
- crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
- tt_int_op(0,==,
- crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128));
- tt_int_op(-1,==,
- crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128));
- /*XXXX test failed signing*/
- /* Try encoding */
- crypto_pk_free(pk2);
- pk2 = NULL;
- i = crypto_pk_asn1_encode(pk1, data1, 1024);
- tt_int_op(i, >, 0);
- pk2 = crypto_pk_asn1_decode(data1, i);
- tt_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
- /* Try with hybrid encryption wrappers. */
- crypto_rand(data1, 1024);
- for (i = 85; i < 140; ++i) {
- memset(data2,0,1024);
- memset(data3,0,1024);
- len = crypto_pk_public_hybrid_encrypt(pk1,data2,sizeof(data2),
- data1,i,PK_PKCS1_OAEP_PADDING,0);
- tt_int_op(len, >=, 0);
- len = crypto_pk_private_hybrid_decrypt(pk1,data3,sizeof(data3),
- data2,len,PK_PKCS1_OAEP_PADDING,1);
- tt_int_op(len,==, i);
- tt_mem_op(data1,==, data3,i);
- }
- /* Try copy_full */
- crypto_pk_free(pk2);
- pk2 = crypto_pk_copy_full(pk1);
- tt_assert(pk2 != NULL);
- tt_ptr_op(pk1, !=, pk2);
- tt_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
- done:
- if (pk1)
- crypto_pk_free(pk1);
- if (pk2)
- crypto_pk_free(pk2);
- tor_free(encoded);
- }
- static void
- test_crypto_pk_fingerprints(void *arg)
- {
- crypto_pk_t *pk = NULL;
- char encoded[512];
- char d[DIGEST_LEN], d2[DIGEST_LEN];
- char fingerprint[FINGERPRINT_LEN+1];
- int n;
- unsigned i;
- char *mem_op_hex_tmp=NULL;
- (void)arg;
- pk = pk_generate(1);
- tt_assert(pk);
- n = crypto_pk_asn1_encode(pk, encoded, sizeof(encoded));
- tt_int_op(n, >, 0);
- tt_int_op(n, >, 128);
- tt_int_op(n, <, 256);
- /* Is digest as expected? */
- crypto_digest(d, encoded, n);
- tt_int_op(0, ==, crypto_pk_get_digest(pk, d2));
- tt_mem_op(d,==, d2, DIGEST_LEN);
- /* Is fingerprint right? */
- tt_int_op(0, ==, crypto_pk_get_fingerprint(pk, fingerprint, 0));
- tt_int_op(strlen(fingerprint), ==, DIGEST_LEN * 2);
- test_memeq_hex(d, fingerprint);
- /* Are spaces right? */
- tt_int_op(0, ==, crypto_pk_get_fingerprint(pk, fingerprint, 1));
- for (i = 4; i < strlen(fingerprint); i += 5) {
- tt_int_op(fingerprint[i], ==, ' ');
- }
- tor_strstrip(fingerprint, " ");
- tt_int_op(strlen(fingerprint), ==, DIGEST_LEN * 2);
- test_memeq_hex(d, fingerprint);
- /* Now hash again and check crypto_pk_get_hashed_fingerprint. */
- crypto_digest(d2, d, sizeof(d));
- tt_int_op(0, ==, crypto_pk_get_hashed_fingerprint(pk, fingerprint));
- tt_int_op(strlen(fingerprint), ==, DIGEST_LEN * 2);
- test_memeq_hex(d2, fingerprint);
- done:
- crypto_pk_free(pk);
- tor_free(mem_op_hex_tmp);
- }
- /** Sanity check for crypto pk digests */
- static void
- test_crypto_digests(void *arg)
- {
- crypto_pk_t *k = NULL;
- ssize_t r;
- digests_t pkey_digests;
- char digest[DIGEST_LEN];
- (void)arg;
- k = crypto_pk_new();
- tt_assert(k);
- r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_3, -1);
- tt_assert(!r);
- r = crypto_pk_get_digest(k, digest);
- tt_assert(r == 0);
- tt_mem_op(hex_str(digest, DIGEST_LEN),==,
- AUTHORITY_SIGNKEY_A_DIGEST, HEX_DIGEST_LEN);
- r = crypto_pk_get_all_digests(k, &pkey_digests);
- tt_mem_op(hex_str(pkey_digests.d[DIGEST_SHA1], DIGEST_LEN),==,
- AUTHORITY_SIGNKEY_A_DIGEST, HEX_DIGEST_LEN);
- tt_mem_op(hex_str(pkey_digests.d[DIGEST_SHA256], DIGEST256_LEN),==,
- AUTHORITY_SIGNKEY_A_DIGEST256, HEX_DIGEST256_LEN);
- done:
- crypto_pk_free(k);
- }
- /** Run unit tests for misc crypto formatting functionality (base64, base32,
- * fingerprints, etc) */
- static void
- test_crypto_formats(void *arg)
- {
- char *data1 = NULL, *data2 = NULL, *data3 = NULL;
- int i, j, idx;
- (void)arg;
- data1 = tor_malloc(1024);
- data2 = tor_malloc(1024);
- data3 = tor_malloc(1024);
- tt_assert(data1 && data2 && data3);
- /* Base64 tests */
- memset(data1, 6, 1024);
- for (idx = 0; idx < 10; ++idx) {
- i = base64_encode(data2, 1024, data1, idx);
- tt_int_op(i, >=, 0);
- j = base64_decode(data3, 1024, data2, i);
- tt_int_op(j,==, idx);
- tt_mem_op(data3,==, data1, idx);
- }
- strlcpy(data1, "Test string that contains 35 chars.", 1024);
- strlcat(data1, " 2nd string that contains 35 chars.", 1024);
- i = base64_encode(data2, 1024, data1, 71);
- tt_int_op(i, >=, 0);
- j = base64_decode(data3, 1024, data2, i);
- tt_int_op(j,==, 71);
- tt_str_op(data3,==, data1);
- tt_int_op(data2[i], ==, '\0');
- crypto_rand(data1, DIGEST_LEN);
- memset(data2, 100, 1024);
- digest_to_base64(data2, data1);
- tt_int_op(BASE64_DIGEST_LEN,==, strlen(data2));
- tt_int_op(100,==, data2[BASE64_DIGEST_LEN+2]);
- memset(data3, 99, 1024);
- tt_int_op(digest_from_base64(data3, data2),==, 0);
- tt_mem_op(data1,==, data3, DIGEST_LEN);
- tt_int_op(99,==, data3[DIGEST_LEN+1]);
- tt_assert(digest_from_base64(data3, "###") < 0);
- /* Encoding SHA256 */
- crypto_rand(data2, DIGEST256_LEN);
- memset(data2, 100, 1024);
- digest256_to_base64(data2, data1);
- tt_int_op(BASE64_DIGEST256_LEN,==, strlen(data2));
- tt_int_op(100,==, data2[BASE64_DIGEST256_LEN+2]);
- memset(data3, 99, 1024);
- tt_int_op(digest256_from_base64(data3, data2),==, 0);
- tt_mem_op(data1,==, data3, DIGEST256_LEN);
- tt_int_op(99,==, data3[DIGEST256_LEN+1]);
- /* Base32 tests */
- strlcpy(data1, "5chrs", 1024);
- /* bit pattern is: [35 63 68 72 73] ->
- * [00110101 01100011 01101000 01110010 01110011]
- * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
- */
- base32_encode(data2, 9, data1, 5);
- tt_str_op(data2,==, "gvrwq4tt");
- strlcpy(data1, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
- base32_encode(data2, 30, data1, 10);
- tt_str_op(data2,==, "772w2rfobvomsywe");
- /* Base16 tests */
- strlcpy(data1, "6chrs\xff", 1024);
- base16_encode(data2, 13, data1, 6);
- tt_str_op(data2,==, "3663687273FF");
- strlcpy(data1, "f0d678affc000100", 1024);
- i = base16_decode(data2, 8, data1, 16);
- tt_int_op(i,==, 0);
- tt_mem_op(data2,==, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
- /* now try some failing base16 decodes */
- tt_int_op(-1,==, base16_decode(data2, 8, data1, 15)); /* odd input len */
- tt_int_op(-1,==, base16_decode(data2, 7, data1, 16)); /* dest too short */
- strlcpy(data1, "f0dz!8affc000100", 1024);
- tt_int_op(-1,==, base16_decode(data2, 8, data1, 16));
- tor_free(data1);
- tor_free(data2);
- tor_free(data3);
- /* Add spaces to fingerprint */
- {
- data1 = tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
- tt_int_op(strlen(data1),==, 40);
- data2 = tor_malloc(FINGERPRINT_LEN+1);
- crypto_add_spaces_to_fp(data2, FINGERPRINT_LEN+1, data1);
- tt_str_op(data2,==, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
- tor_free(data1);
- tor_free(data2);
- }
- done:
- tor_free(data1);
- tor_free(data2);
- tor_free(data3);
- }
- /** Run unit tests for our secret-to-key passphrase hashing functionality. */
- static void
- test_crypto_s2k_rfc2440(void *arg)
- {
- char buf[29];
- char buf2[29];
- char *buf3 = NULL;
- int i;
- (void)arg;
- memset(buf, 0, sizeof(buf));
- memset(buf2, 0, sizeof(buf2));
- buf3 = tor_malloc(65536);
- memset(buf3, 0, 65536);
- secret_to_key_rfc2440(buf+9, 20, "", 0, buf);
- crypto_digest(buf2+9, buf3, 1024);
- tt_mem_op(buf,==, buf2, 29);
- memcpy(buf,"vrbacrda",8);
- memcpy(buf2,"vrbacrda",8);
- buf[8] = 96;
- buf2[8] = 96;
- secret_to_key_rfc2440(buf+9, 20, "12345678", 8, buf);
- for (i = 0; i < 65536; i += 16) {
- memcpy(buf3+i, "vrbacrda12345678", 16);
- }
- crypto_digest(buf2+9, buf3, 65536);
- tt_mem_op(buf,==, buf2, 29);
- done:
- tor_free(buf3);
- }
- static void
- run_s2k_tests(const unsigned flags, const unsigned type,
- int speclen, const int keylen, int legacy)
- {
- uint8_t buf[S2K_MAXLEN], buf2[S2K_MAXLEN], buf3[S2K_MAXLEN];
- int r;
- size_t sz;
- const char pw1[] = "You can't come in here unless you say swordfish!";
- const char pw2[] = "Now, I give you one more guess.";
- r = secret_to_key_new(buf, sizeof(buf), &sz,
- pw1, strlen(pw1), flags);
- tt_int_op(r, ==, S2K_OKAY);
- tt_int_op(buf[0], ==, type);
- tt_int_op(sz, ==, keylen + speclen);
- if (legacy) {
- memmove(buf, buf+1, sz-1);
- --sz;
- --speclen;
- }
- tt_int_op(S2K_OKAY, ==,
- secret_to_key_check(buf, sz, pw1, strlen(pw1)));
- tt_int_op(S2K_BAD_SECRET, ==,
- secret_to_key_check(buf, sz, pw2, strlen(pw2)));
- /* Move key to buf2, and clear it. */
- memset(buf3, 0, sizeof(buf3));
- memcpy(buf2, buf+speclen, keylen);
- memset(buf+speclen, 0, sz - speclen);
- /* Derivekey should produce the same results. */
- tt_int_op(S2K_OKAY, ==,
- secret_to_key_derivekey(buf3, keylen, buf, speclen, pw1, strlen(pw1)));
- tt_mem_op(buf2, ==, buf3, keylen);
- /* Derivekey with a longer output should fill the output. */
- memset(buf2, 0, sizeof(buf2));
- tt_int_op(S2K_OKAY, ==,
- secret_to_key_derivekey(buf2, sizeof(buf2), buf, speclen,
- pw1, strlen(pw1)));
- tt_mem_op(buf2, !=, buf3, sizeof(buf2));
- memset(buf3, 0, sizeof(buf3));
- tt_int_op(S2K_OKAY, ==,
- secret_to_key_derivekey(buf3, sizeof(buf3), buf, speclen,
- pw1, strlen(pw1)));
- tt_mem_op(buf2, ==, buf3, sizeof(buf3));
- tt_assert(!tor_mem_is_zero((char*)buf2+keylen, sizeof(buf2)-keylen));
- done:
- ;
- }
- static void
- test_crypto_s2k_general(void *arg)
- {
- const char *which = arg;
- if (!strcmp(which, "scrypt")) {
- run_s2k_tests(0, 2, 19, 32, 0);
- } else if (!strcmp(which, "scrypt-low")) {
- run_s2k_tests(S2K_FLAG_LOW_MEM, 2, 19, 32, 0);
- } else if (!strcmp(which, "pbkdf2")) {
- run_s2k_tests(S2K_FLAG_USE_PBKDF2, 1, 18, 20, 0);
- } else if (!strcmp(which, "rfc2440")) {
- run_s2k_tests(S2K_FLAG_NO_SCRYPT, 0, 10, 20, 0);
- } else if (!strcmp(which, "rfc2440-legacy")) {
- run_s2k_tests(S2K_FLAG_NO_SCRYPT, 0, 10, 20, 1);
- } else {
- tt_fail();
- }
- }
- static void
- test_crypto_s2k_errors(void *arg)
- {
- uint8_t buf[S2K_MAXLEN], buf2[S2K_MAXLEN];
- size_t sz;
- (void)arg;
- /* Bogus specifiers: simple */
- tt_int_op(S2K_BAD_LEN, ==,
- secret_to_key_derivekey(buf, sizeof(buf),
- (const uint8_t*)"", 0, "ABC", 3));
- tt_int_op(S2K_BAD_ALGORITHM, ==,
- secret_to_key_derivekey(buf, sizeof(buf),
- (const uint8_t*)"\x10", 1, "ABC", 3));
- tt_int_op(S2K_BAD_LEN, ==,
- secret_to_key_derivekey(buf, sizeof(buf),
- (const uint8_t*)"\x01\x02", 2, "ABC", 3));
- tt_int_op(S2K_BAD_LEN, ==,
- secret_to_key_check((const uint8_t*)"", 0, "ABC", 3));
- tt_int_op(S2K_BAD_ALGORITHM, ==,
- secret_to_key_check((const uint8_t*)"\x10", 1, "ABC", 3));
- tt_int_op(S2K_BAD_LEN, ==,
- secret_to_key_check((const uint8_t*)"\x01\x02", 2, "ABC", 3));
- /* too long gets "BAD_LEN" too */
- memset(buf, 0, sizeof(buf));
- buf[0] = 2;
- tt_int_op(S2K_BAD_LEN, ==,
- secret_to_key_derivekey(buf2, sizeof(buf2),
- buf, sizeof(buf), "ABC", 3));
- /* Truncated output */
- #ifdef HAVE_LIBSCRYPT_H
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_new(buf, 50, &sz,
- "ABC", 3, 0));
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_new(buf, 50, &sz,
- "ABC", 3, S2K_FLAG_LOW_MEM));
- #endif
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_new(buf, 37, &sz,
- "ABC", 3, S2K_FLAG_USE_PBKDF2));
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_new(buf, 29, &sz,
- "ABC", 3, S2K_FLAG_NO_SCRYPT));
- #ifdef HAVE_LIBSCRYPT_H
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_make_specifier(buf, 18, 0));
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_make_specifier(buf, 18,
- S2K_FLAG_LOW_MEM));
- #endif
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_make_specifier(buf, 17,
- S2K_FLAG_USE_PBKDF2));
- tt_int_op(S2K_TRUNCATED, ==, secret_to_key_make_specifier(buf, 9,
- S2K_FLAG_NO_SCRYPT));
- /* Now try using type-specific bogus specifiers. */
- /* It's a bad pbkdf2 buffer if it has an iteration count that would overflow
- * int32_t. */
- memset(buf, 0, sizeof(buf));
- buf[0] = 1; /* pbkdf2 */
- buf[17] = 100; /* 1<<100 is much bigger than INT32_MAX */
- tt_int_op(S2K_BAD_PARAMS, ==,
- secret_to_key_derivekey(buf2, sizeof(buf2),
- buf, 18, "ABC", 3));
- #ifdef HAVE_LIBSCRYPT_H
- /* It's a bad scrypt buffer if N would overflow uint64 */
- memset(buf, 0, sizeof(buf));
- buf[0] = 2; /* scrypt */
- buf[17] = 100; /* 1<<100 is much bigger than UINT64_MAX */
- tt_int_op(S2K_BAD_PARAMS, ==,
- secret_to_key_derivekey(buf2, sizeof(buf2),
- buf, 19, "ABC", 3));
- #endif
- done:
- ;
- }
- static void
- test_crypto_scrypt_vectors(void *arg)
- {
- char *mem_op_hex_tmp = NULL;
- uint8_t spec[64], out[64];
- (void)arg;
- #ifndef HAVE_LIBSCRYPT_H
- if (1)
- tt_skip();
- #endif
- /* Test vectors from
- http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00 section 11.
- Note that the names of 'r' and 'N' are switched in that section. Or
- possibly in libscrypt.
- */
- base16_decode((char*)spec, sizeof(spec),
- "0400", 4);
- memset(out, 0x00, sizeof(out));
- tt_int_op(64, ==,
- secret_to_key_compute_key(out, 64, spec, 2, "", 0, 2));
- test_memeq_hex(out,
- "77d6576238657b203b19ca42c18a0497"
- "f16b4844e3074ae8dfdffa3fede21442"
- "fcd0069ded0948f8326a753a0fc81f17"
- "e8d3e0fb2e0d3628cf35e20c38d18906");
- base16_decode((char*)spec, sizeof(spec),
- "4e61436c" "0A34", 12);
- memset(out, 0x00, sizeof(out));
- tt_int_op(64, ==,
- secret_to_key_compute_key(out, 64, spec, 6, "password", 8, 2));
- test_memeq_hex(out,
- "fdbabe1c9d3472007856e7190d01e9fe"
- "7c6ad7cbc8237830e77376634b373162"
- "2eaf30d92e22a3886ff109279d9830da"
- "c727afb94a83ee6d8360cbdfa2cc0640");
- base16_decode((char*)spec, sizeof(spec),
- "536f6469756d43686c6f72696465" "0e30", 32);
- memset(out, 0x00, sizeof(out));
- tt_int_op(64, ==,
- secret_to_key_compute_key(out, 64, spec, 16,
- "pleaseletmein", 13, 2));
- test_memeq_hex(out,
- "7023bdcb3afd7348461c06cd81fd38eb"
- "fda8fbba904f8e3ea9b543f6545da1f2"
- "d5432955613f0fcf62d49705242a9af9"
- "e61e85dc0d651e40dfcf017b45575887");
- base16_decode((char*)spec, sizeof(spec),
- "536f6469756d43686c6f72696465" "1430", 32);
- memset(out, 0x00, sizeof(out));
- tt_int_op(64, ==,
- secret_to_key_compute_key(out, 64, spec, 16,
- "pleaseletmein", 13, 2));
- test_memeq_hex(out,
- "2101cb9b6a511aaeaddbbe09cf70f881"
- "ec568d574a2ffd4dabe5ee9820adaa47"
- "8e56fd8f4ba5d09ffa1c6d927c40f4c3"
- "37304049e8a952fbcbf45c6fa77a41a4");
- done:
- tor_free(mem_op_hex_tmp);
- }
- static void
- test_crypto_pbkdf2_vectors(void *arg)
- {
- char *mem_op_hex_tmp = NULL;
- uint8_t spec[64], out[64];
- (void)arg;
- /* Test vectors from RFC6070, section 2 */
- base16_decode((char*)spec, sizeof(spec),
- "73616c74" "00" , 10);
- memset(out, 0x00, sizeof(out));
- tt_int_op(20, ==,
- secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
- test_memeq_hex(out, "0c60c80f961f0e71f3a9b524af6012062fe037a6");
- base16_decode((char*)spec, sizeof(spec),
- "73616c74" "01" , 10);
- memset(out, 0x00, sizeof(out));
- tt_int_op(20, ==,
- secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
- test_memeq_hex(out, "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957");
- base16_decode((char*)spec, sizeof(spec),
- "73616c74" "0C" , 10);
- memset(out, 0x00, sizeof(out));
- tt_int_op(20, ==,
- secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
- test_memeq_hex(out, "4b007901b765489abead49d926f721d065a429c1");
- base16_decode((char*)spec, sizeof(spec),
- "73616c74" "18" , 10);
- memset(out, 0x00, sizeof(out));
- tt_int_op(20, ==,
- secret_to_key_compute_key(out, 20, spec, 5, "password", 8, 1));
- test_memeq_hex(out, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984");
- base16_decode((char*)spec, sizeof(spec),
- "73616c7453414c5473616c7453414c5473616c745"
- "3414c5473616c7453414c5473616c74" "0C" , 74);
- memset(out, 0x00, sizeof(out));
- tt_int_op(25, ==,
- secret_to_key_compute_key(out, 25, spec, 37,
- "passwordPASSWORDpassword", 24, 1));
- test_memeq_hex(out, "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038");
- base16_decode((char*)spec, sizeof(spec),
- "7361006c74" "0c" , 12);
- memset(out, 0x00, sizeof(out));
- tt_int_op(16, ==,
- secret_to_key_compute_key(out, 16, spec, 6, "pass\0word", 9, 1));
- test_memeq_hex(out, "56fa6aa75548099dcc37d7f03425e0c3");
- done:
- tor_free(mem_op_hex_tmp);
- }
- static void
- test_crypto_pwbox(void *arg)
- {
- uint8_t *boxed=NULL, *decoded=NULL;
- size_t len, dlen;
- unsigned i;
- const char msg[] = "This bunny reminds you that you still have a "
- "salamander in your sylladex. She is holding the bunny Dave got you. "
- "It’s sort of uncanny how similar they are, aside from the knitted "
- "enhancements. Seriously, what are the odds?? So weird.";
- const char pw[] = "I'm a night owl and a wise bird too";
- const unsigned flags[] = { 0,
- S2K_FLAG_NO_SCRYPT,
- S2K_FLAG_LOW_MEM,
- S2K_FLAG_NO_SCRYPT|S2K_FLAG_LOW_MEM,
- S2K_FLAG_USE_PBKDF2 };
- (void)arg;
- for (i = 0; i < ARRAY_LENGTH(flags); ++i) {
- tt_int_op(0, ==, crypto_pwbox(&boxed, &len,
- (const uint8_t*)msg, strlen(msg),
- pw, strlen(pw), flags[i]));
- tt_assert(boxed);
- tt_assert(len > 128+32);
- tt_int_op(0, ==, crypto_unpwbox(&decoded, &dlen, boxed, len,
- pw, strlen(pw)));
- tt_assert(decoded);
- tt_uint_op(dlen, ==, strlen(msg));
- tt_mem_op(decoded, ==, msg, dlen);
- tor_free(decoded);
- tt_int_op(UNPWBOX_BAD_SECRET, ==, crypto_unpwbox(&decoded, &dlen,
- boxed, len,
- pw, strlen(pw)-1));
- boxed[len-1] ^= 1;
- tt_int_op(UNPWBOX_BAD_SECRET, ==, crypto_unpwbox(&decoded, &dlen,
- boxed, len,
- pw, strlen(pw)));
- boxed[0] = 255;
- tt_int_op(UNPWBOX_CORRUPTED, ==, crypto_unpwbox(&decoded, &dlen,
- boxed, len,
- pw, strlen(pw)));
- tor_free(boxed);
- }
- done:
- tor_free(boxed);
- tor_free(decoded);
- }
- /** Test AES-CTR encryption and decryption with IV. */
- static void
- test_crypto_aes_iv(void *arg)
- {
- char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2;
- char plain_1[1], plain_15[15], plain_16[16], plain_17[17];
- char key1[16], key2[16];
- ssize_t encrypted_size, decrypted_size;
- int use_evp = !strcmp(arg,"evp");
- evaluate_evp_for_aes(use_evp);
- plain = tor_malloc(4095);
- encrypted1 = tor_malloc(4095 + 1 + 16);
- encrypted2 = tor_malloc(4095 + 1 + 16);
- decrypted1 = tor_malloc(4095 + 1);
- decrypted2 = tor_malloc(4095 + 1);
- crypto_rand(plain, 4095);
- crypto_rand(key1, 16);
- crypto_rand(key2, 16);
- crypto_rand(plain_1, 1);
- crypto_rand(plain_15, 15);
- crypto_rand(plain_16, 16);
- crypto_rand(plain_17, 17);
- key1[0] = key2[0] + 128; /* Make sure that contents are different. */
- /* Encrypt and decrypt with the same key. */
- encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 4095,
- plain, 4095);
- tt_int_op(encrypted_size,==, 16 + 4095);
- tt_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
- * greater than 0, but its truth is not
- * obvious to all analysis tools. */
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 4095);
- tt_assert(decrypted_size > 0);
- tt_mem_op(plain,==, decrypted1, 4095);
- /* Encrypt a second time (with a new random initialization vector). */
- encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted2, 16 + 4095,
- plain, 4095);
- tt_int_op(encrypted_size,==, 16 + 4095);
- tt_assert(encrypted_size > 0);
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted2, 4095,
- encrypted2, encrypted_size);
- tt_int_op(decrypted_size,==, 4095);
- tt_assert(decrypted_size > 0);
- tt_mem_op(plain,==, decrypted2, 4095);
- tt_mem_op(encrypted1,!=, encrypted2, encrypted_size);
- /* Decrypt with the wrong key. */
- decrypted_size = crypto_cipher_decrypt_with_iv(key2, decrypted2, 4095,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 4095);
- tt_mem_op(plain,!=, decrypted2, decrypted_size);
- /* Alter the initialization vector. */
- encrypted1[0] += 42;
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 4095);
- tt_mem_op(plain,!=, decrypted2, 4095);
- /* Special length case: 1. */
- encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 1,
- plain_1, 1);
- tt_int_op(encrypted_size,==, 16 + 1);
- tt_assert(encrypted_size > 0);
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 1,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 1);
- tt_assert(decrypted_size > 0);
- tt_mem_op(plain_1,==, decrypted1, 1);
- /* Special length case: 15. */
- encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 15,
- plain_15, 15);
- tt_int_op(encrypted_size,==, 16 + 15);
- tt_assert(encrypted_size > 0);
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 15,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 15);
- tt_assert(decrypted_size > 0);
- tt_mem_op(plain_15,==, decrypted1, 15);
- /* Special length case: 16. */
- encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 16,
- plain_16, 16);
- tt_int_op(encrypted_size,==, 16 + 16);
- tt_assert(encrypted_size > 0);
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 16,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 16);
- tt_assert(decrypted_size > 0);
- tt_mem_op(plain_16,==, decrypted1, 16);
- /* Special length case: 17. */
- encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 17,
- plain_17, 17);
- tt_int_op(encrypted_size,==, 16 + 17);
- tt_assert(encrypted_size > 0);
- decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 17,
- encrypted1, encrypted_size);
- tt_int_op(decrypted_size,==, 17);
- tt_assert(decrypted_size > 0);
- tt_mem_op(plain_17,==, decrypted1, 17);
- done:
- /* Free memory. */
- tor_free(plain);
- tor_free(encrypted1);
- tor_free(encrypted2);
- tor_free(decrypted1);
- tor_free(decrypted2);
- }
- /** Test base32 decoding. */
- static void
- test_crypto_base32_decode(void *arg)
- {
- char plain[60], encoded[96 + 1], decoded[60];
- int res;
- (void)arg;
- crypto_rand(plain, 60);
- /* Encode and decode a random string. */
- base32_encode(encoded, 96 + 1, plain, 60);
- res = base32_decode(decoded, 60, encoded, 96);
- tt_int_op(res,==, 0);
- tt_mem_op(plain,==, decoded, 60);
- /* Encode, uppercase, and decode a random string. */
- base32_encode(encoded, 96 + 1, plain, 60);
- tor_strupper(encoded);
- res = base32_decode(decoded, 60, encoded, 96);
- tt_int_op(res,==, 0);
- tt_mem_op(plain,==, decoded, 60);
- /* Change encoded string and decode. */
- if (encoded[0] == 'A' || encoded[0] == 'a')
- encoded[0] = 'B';
- else
- encoded[0] = 'A';
- res = base32_decode(decoded, 60, encoded, 96);
- tt_int_op(res,==, 0);
- tt_mem_op(plain,!=, decoded, 60);
- /* Bad encodings. */
- encoded[0] = '!';
- res = base32_decode(decoded, 60, encoded, 96);
- tt_int_op(0, >, res);
- done:
- ;
- }
- static void
- test_crypto_kdf_TAP(void *arg)
- {
- uint8_t key_material[100];
- int r;
- char *mem_op_hex_tmp = NULL;
- (void)arg;
- #define EXPAND(s) \
- r = crypto_expand_key_material_TAP( \
- (const uint8_t*)(s), strlen(s), \
- key_material, 100)
- /* Test vectors generated with a little python script; feel free to write
- * your own. */
- memset(key_material, 0, sizeof(key_material));
- EXPAND("");
- tt_int_op(r, ==, 0);
- test_memeq_hex(key_material,
- "5ba93c9db0cff93f52b521d7420e43f6eda2784fbf8b4530d8"
- "d246dd74ac53a13471bba17941dff7c4ea21bb365bbeeaf5f2"
- "c654883e56d11e43c44e9842926af7ca0a8cca12604f945414"
- "f07b01e13da42c6cf1de3abfdea9b95f34687cbbe92b9a7383");
- EXPAND("Tor");
- tt_int_op(r, ==, 0);
- test_memeq_hex(key_material,
- "776c6214fc647aaa5f683c737ee66ec44f03d0372e1cce6922"
- "7950f236ddf1e329a7ce7c227903303f525a8c6662426e8034"
- "870642a6dabbd41b5d97ec9bf2312ea729992f48f8ea2d0ba8"
- "3f45dfda1a80bdc8b80de01b23e3e0ffae099b3e4ccf28dc28");
- EXPAND("AN ALARMING ITEM TO FIND ON A MONTHLY AUTO-DEBIT NOTICE");
- tt_int_op(r, ==, 0);
- test_memeq_hex(key_material,
- "a340b5d126086c3ab29c2af4179196dbf95e1c72431419d331"
- "4844bf8f6afb6098db952b95581fb6c33625709d6f4400b8e7"
- "ace18a70579fad83c0982ef73f89395bcc39493ad53a685854"
- "daf2ba9b78733b805d9a6824c907ee1dba5ac27a1e466d4d10");
- done:
- tor_free(mem_op_hex_tmp);
- #undef EXPAND
- }
- static void
- test_crypto_hkdf_sha256(void *arg)
- {
- uint8_t key_material[100];
- const uint8_t salt[] = "ntor-curve25519-sha256-1:key_extract";
- const size_t salt_len = strlen((char*)salt);
- const uint8_t m_expand[] = "ntor-curve25519-sha256-1:key_expand";
- const size_t m_expand_len = strlen((char*)m_expand);
- int r;
- char *mem_op_hex_tmp = NULL;
- (void)arg;
- #define EXPAND(s) \
- r = crypto_expand_key_material_rfc5869_sha256( \
- (const uint8_t*)(s), strlen(s), \
- salt, salt_len, \
- m_expand, m_expand_len, \
- key_material, 100)
- /* Test vectors generated with ntor_ref.py */
- memset(key_material, 0, sizeof(key_material));
- EXPAND("");
- tt_int_op(r, ==, 0);
- test_memeq_hex(key_material,
- "d3490ed48b12a48f9547861583573fe3f19aafe3f81dc7fc75"
- "eeed96d741b3290f941576c1f9f0b2d463d1ec7ab2c6bf71cd"
- "d7f826c6298c00dbfe6711635d7005f0269493edf6046cc7e7"
- "dcf6abe0d20c77cf363e8ffe358927817a3d3e73712cee28d8");
- EXPAND("Tor");
- tt_int_op(r, ==, 0);
- test_memeq_hex(key_material,
- "5521492a85139a8d9107a2d5c0d9c91610d0f95989975ebee6"
- "c02a4f8d622a6cfdf9b7c7edd3832e2760ded1eac309b76f8d"
- "66c4a3c4d6225429b3a016e3c3d45911152fc87bc2de9630c3"
- "961be9fdb9f93197ea8e5977180801926d3321fa21513e59ac");
- EXPAND("AN ALARMING ITEM TO FIND ON YOUR CREDIT-RATING STATEMENT");
- tt_int_op(r, ==, 0);
- test_memeq_hex(key_material,
- "a2aa9b50da7e481d30463adb8f233ff06e9571a0ca6ab6df0f"
- "b206fa34e5bc78d063fc291501beec53b36e5a0e434561200c"
- "5f8bd13e0f88b3459600b4dc21d69363e2895321c06184879d"
- "94b18f078411be70b767c7fc40679a9440a0c95ea83a23efbf");
- done:
- tor_free(mem_op_hex_tmp);
- #undef EXPAND
- }
- static void
- test_crypto_curve25519_impl(void *arg)
- {
- /* adapted from curve25519_donna, which adapted it from test-curve25519
- version 20050915, by D. J. Bernstein, Public domain. */
- const int randomize_high_bit = (arg != NULL);
- #ifdef SLOW_CURVE25519_TEST
- const int loop_max=10000;
- const char e1_expected[] = "4faf81190869fd742a33691b0e0824d5"
- "7e0329f4dd2819f5f32d130f1296b500";
- const char e2k_expected[] = "05aec13f92286f3a781ccae98995a3b9"
- "e0544770bc7de853b38f9100489e3e79";
- const char e1e2k_expected[] = "cd6e8269104eb5aaee886bd2071fba88"
- "bd13861475516bc2cd2b6e005e805064";
- #else
- const int loop_max=200;
- const char e1_expected[] = "bc7112cde03f97ef7008cad1bdc56be3"
- "c6a1037d74cceb3712e9206871dcf654";
- const char e2k_expected[] = "dd8fa254fb60bdb5142fe05b1f5de44d"
- "8e3ee1a63c7d14274ea5d4c67f065467";
- const char e1e2k_expected[] = "7ddb98bd89025d2347776b33901b3e7e"
- "c0ee98cb2257a4545c0cfb2ca3e1812b";
- #endif
- unsigned char e1k[32];
- unsigned char e2k[32];
- unsigned char e1e2k[32];
- unsigned char e2e1k[32];
- unsigned char e1[32] = {3};
- unsigned char e2[32] = {5};
- unsigned char k[32] = {9};
- int loop, i;
- char *mem_op_hex_tmp = NULL;
- for (loop = 0; loop < loop_max; ++loop) {
- curve25519_impl(e1k,e1,k);
- curve25519_impl(e2e1k,e2,e1k);
- curve25519_impl(e2k,e2,k);
- if (randomize_high_bit) {
- /* We require that the high bit of the public key be ignored. So if
- * we're doing this variant test, we randomize the high bit of e2k, and
- * make sure that the handshake still works out the same as it would
- * otherwise. */
- uint8_t byte;
- crypto_rand((char*)&byte, 1);
- e2k[31] |= (byte & 0x80);
- }
- curve25519_impl(e1e2k,e1,e2k);
- tt_mem_op(e1e2k,==, e2e1k, 32);
- if (loop == loop_max-1) {
- break;
- }
- for (i = 0;i < 32;++i) e1[i] ^= e2k[i];
- for (i = 0;i < 32;++i) e2[i] ^= e1k[i];
- for (i = 0;i < 32;++i) k[i] ^= e1e2k[i];
- }
- test_memeq_hex(e1, e1_expected);
- test_memeq_hex(e2k, e2k_expected);
- test_memeq_hex(e1e2k, e1e2k_expected);
- done:
- tor_free(mem_op_hex_tmp);
- }
- static void
- test_crypto_curve25519_wrappers(void *arg)
- {
- curve25519_public_key_t pubkey1, pubkey2;
- curve25519_secret_key_t seckey1, seckey2;
- uint8_t output1[CURVE25519_OUTPUT_LEN];
- uint8_t output2[CURVE25519_OUTPUT_LEN];
- (void)arg;
- /* Test a simple handshake, serializing and deserializing some stuff. */
- curve25519_secret_key_generate(&seckey1, 0);
- curve25519_secret_key_generate(&seckey2, 1);
- curve25519_public_key_generate(&pubkey1, &seckey1);
- curve25519_public_key_generate(&pubkey2, &seckey2);
- tt_assert(curve25519_public_key_is_ok(&pubkey1));
- tt_assert(curve25519_public_key_is_ok(&pubkey2));
- curve25519_handshake(output1, &seckey1, &pubkey2);
- curve25519_handshake(output2, &seckey2, &pubkey1);
- tt_mem_op(output1,==, output2, sizeof(output1));
- done:
- ;
- }
- static void
- test_crypto_curve25519_encode(void *arg)
- {
- curve25519_secret_key_t seckey;
- curve25519_public_key_t key1, key2, key3;
- char buf[64];
- (void)arg;
- curve25519_secret_key_generate(&seckey, 0);
- curve25519_public_key_generate(&key1, &seckey);
- tt_int_op(0, ==, curve25519_public_to_base64(buf, &key1));
- tt_int_op(CURVE25519_BASE64_PADDED_LEN, ==, strlen(buf));
- tt_int_op(0, ==, curve25519_public_from_base64(&key2, buf));
- tt_mem_op(key1.public_key,==, key2.public_key, CURVE25519_PUBKEY_LEN);
- buf[CURVE25519_BASE64_PADDED_LEN - 1] = '\0';
- tt_int_op(CURVE25519_BASE64_PADDED_LEN-1, ==, strlen(buf));
- tt_int_op(0, ==, curve25519_public_from_base64(&key3, buf));
- tt_mem_op(key1.public_key,==, key3.public_key, CURVE25519_PUBKEY_LEN);
- /* Now try bogus parses. */
- strlcpy(buf, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$=", sizeof(buf));
- tt_int_op(-1, ==, curve25519_public_from_base64(&key3, buf));
- strlcpy(buf, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$", sizeof(buf));
- tt_int_op(-1, ==, curve25519_public_from_base64(&key3, buf));
- strlcpy(buf, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", sizeof(buf));
- tt_int_op(-1, ==, curve25519_public_from_base64(&key3, buf));
- done:
- ;
- }
- static void
- test_crypto_curve25519_persist(void *arg)
- {
- curve25519_keypair_t keypair, keypair2;
- char *fname = tor_strdup(get_fname("curve25519_keypair"));
- char *tag = NULL;
- char *content = NULL;
- const char *cp;
- struct stat st;
- size_t taglen;
- (void)arg;
- tt_int_op(0,==,curve25519_keypair_generate(&keypair, 0));
- tt_int_op(0,==,curve25519_keypair_write_to_file(&keypair, fname, "testing"));
- tt_int_op(0,==,curve25519_keypair_read_from_file(&keypair2, &tag, fname));
- tt_str_op(tag,==,"testing");
- tor_free(tag);
- tt_mem_op(keypair.pubkey.public_key,==,
- keypair2.pubkey.public_key,
- CURVE25519_PUBKEY_LEN);
- tt_mem_op(keypair.seckey.secret_key,==,
- keypair2.seckey.secret_key,
- CURVE25519_SECKEY_LEN);
- content = read_file_to_str(fname, RFTS_BIN, &st);
- tt_assert(content);
- taglen = strlen("== c25519v1: testing ==");
- tt_u64_op((uint64_t)st.st_size, ==,
- 32+CURVE25519_PUBKEY_LEN+CURVE25519_SECKEY_LEN);
- tt_assert(fast_memeq(content, "== c25519v1: testing ==", taglen));
- tt_assert(tor_mem_is_zero(content+taglen, 32-taglen));
- cp = content + 32;
- tt_mem_op(keypair.seckey.secret_key,==,
- cp,
- CURVE25519_SECKEY_LEN);
- cp += CURVE25519_SECKEY_LEN;
- tt_mem_op(keypair.pubkey.public_key,==,
- cp,
- CURVE25519_SECKEY_LEN);
- tor_free(fname);
- fname = tor_strdup(get_fname("bogus_keypair"));
- tt_int_op(-1, ==, curve25519_keypair_read_from_file(&keypair2, &tag, fname));
- tor_free(tag);
- content[69] ^= 0xff;
- tt_int_op(0, ==, write_bytes_to_file(fname, content, (size_t)st.st_size, 1));
- tt_int_op(-1, ==, curve25519_keypair_read_from_file(&keypair2, &tag, fname));
- done:
- tor_free(fname);
- tor_free(content);
- tor_free(tag);
- }
- static void
- test_crypto_ed25519_simple(void *arg)
- {
- ed25519_keypair_t kp1, kp2;
- ed25519_public_key_t pub1, pub2;
- ed25519_secret_key_t sec1, sec2;
- ed25519_signature_t sig1, sig2;
- const uint8_t msg[] =
- "GNU will be able to run Unix programs, "
- "but will not be identical to Unix.";
- const uint8_t msg2[] =
- "Microsoft Windows extends the features of the DOS operating system, "
- "yet is compatible with most existing applications that run under DOS.";
- size_t msg_len = strlen((const char*)msg);
- size_t msg2_len = strlen((const char*)msg2);
- (void)arg;
- tt_int_op(0, ==, ed25519_secret_key_generate(&sec1, 0));
- tt_int_op(0, ==, ed25519_secret_key_generate(&sec2, 1));
- tt_int_op(0, ==, ed25519_public_key_generate(&pub1, &sec1));
- tt_int_op(0, ==, ed25519_public_key_generate(&pub2, &sec1));
- tt_mem_op(pub1.pubkey, ==, pub2.pubkey, sizeof(pub1.pubkey));
- memcpy(&kp1.pubkey, &pub1, sizeof(pub1));
- memcpy(&kp1.seckey, &sec1, sizeof(sec1));
- tt_int_op(0, ==, ed25519_sign(&sig1, msg, msg_len, &kp1));
- tt_int_op(0, ==, ed25519_sign(&sig2, msg, msg_len, &kp1));
- /* Ed25519 signatures are deterministic */
- tt_mem_op(sig1.sig, ==, sig2.sig, sizeof(sig1.sig));
- /* Basic signature is valid. */
- tt_int_op(0, ==, ed25519_checksig(&sig1, msg, msg_len, &pub1));
- /* Altered signature doesn't work. */
- sig1.sig[0] ^= 3;
- tt_int_op(-1, ==, ed25519_checksig(&sig1, msg, msg_len, &pub1));
- /* Wrong public key doesn't work. */
- tt_int_op(0, ==, ed25519_public_key_generate(&pub2, &sec2));
- tt_int_op(-1, ==, ed25519_checksig(&sig2, msg, msg_len, &pub2));
- /* Wrong message doesn't work. */
- tt_int_op(0, ==, ed25519_checksig(&sig2, msg, msg_len, &pub1));
- tt_int_op(-1, ==, ed25519_checksig(&sig2, msg, msg_len-1, &pub1));
- tt_int_op(-1, ==, ed25519_checksig(&sig2, msg2, msg2_len, &pub1));
- /* Batch signature checking works with some bad. */
- tt_int_op(0, ==, ed25519_keypair_generate(&kp2, 0));
- tt_int_op(0, ==, ed25519_sign(&sig1, msg, msg_len, &kp2));
- {
- ed25519_checkable_t ch[] = {
- { &pub1, sig2, msg, msg_len }, /*ok*/
- { &pub1, sig2, msg, msg_len-1 }, /*bad*/
- { &kp2.pubkey, sig2, msg2, msg2_len }, /*bad*/
- { &kp2.pubkey, sig1, msg, msg_len }, /*ok*/
- };
- int okay[4];
- tt_int_op(-2, ==, ed25519_checksig_batch(okay, ch, 4));
- tt_int_op(okay[0], ==, 1);
- tt_int_op(okay[1], ==, 0);
- tt_int_op(okay[2], ==, 0);
- tt_int_op(okay[3], ==, 1);
- tt_int_op(-2, ==, ed25519_checksig_batch(NULL, ch, 4));
- }
- /* Batch signature checking works with all good. */
- {
- ed25519_checkable_t ch[] = {
- { &pub1, sig2, msg, msg_len }, /*ok*/
- { &kp2.pubkey, sig1, msg, msg_len }, /*ok*/
- };
- int okay[2];
- tt_int_op(0, ==, ed25519_checksig_batch(okay, ch, 2));
- tt_int_op(okay[0], ==, 1);
- tt_int_op(okay[1], ==, 1);
- tt_int_op(0, ==, ed25519_checksig_batch(NULL, ch, 2));
- }
- done:
- ;
- }
- static void
- test_crypto_ed25519_test_vectors(void *arg)
- {
- char *mem_op_hex_tmp=NULL;
- int i;
- struct {
- const char *sk;
- const char *pk;
- const char *sig;
- const char *msg;
- } items[] = {
- /* These test vectors were generated with the "ref" implementation of
- * ed25519 from SUPERCOP-20130419 */
- { "4c6574277320686f706520746865726520617265206e6f206275677320696e20",
- "f3e0e493b30f56e501aeb868fc912fe0c8b76621efca47a78f6d75875193dd87",
- "b5d7fd6fd3adf643647ce1fe87a2931dedd1a4e38e6c662bedd35cdd80bfac51"
- "1b2c7d1ee6bd929ac213014e1a8dc5373854c7b25dbe15ec96bf6c94196fae06",
- "506c6561736520657863757365206d7920667269656e642e2048652069736e2774"
- "204e554c2d7465726d696e617465642e"
- },
- { "74686520696d706c656d656e746174696f6e20776869636820617265206e6f74",
- "407f0025a1e1351a4cb68e92f5c0ebaf66e7aaf93a4006a4d1a66e3ede1cfeac",
- "02884fde1c3c5944d0ecf2d133726fc820c303aae695adceabf3a1e01e95bf28"
- "da88c0966f5265e9c6f8edc77b3b96b5c91baec3ca993ccd21a3f64203600601",
- "506c6561736520657863757365206d7920667269656e642e2048652069736e2774"
- "204e554c2d7465726d696e617465642e"
- },
- { "6578706f73656420627920456e676c697368207465787420617320696e707574",
- "61681cb5fbd69f9bc5a462a21a7ab319011237b940bc781cdc47fcbe327e7706",
- "6a127d0414de7510125d4bc214994ffb9b8857a46330832d05d1355e882344ad"
- "f4137e3ca1f13eb9cc75c887ef2309b98c57528b4acd9f6376c6898889603209",
- "506c6561736520657863757365206d7920667269656e642e2048652069736e2774"
- "204e554c2d7465726d696e617465642e"
- },
- /* These come from "sign.input" in ed25519's page */
- { "5b5a619f8ce1c66d7ce26e5a2ae7b0c04febcd346d286c929e19d0d5973bfef9",
- "6fe83693d011d111131c4f3fbaaa40a9d3d76b30012ff73bb0e39ec27ab18257",
- "0f9ad9793033a2fa06614b277d37381e6d94f65ac2a5a94558d09ed6ce922258"
- "c1a567952e863ac94297aec3c0d0c8ddf71084e504860bb6ba27449b55adc40e",
- "5a8d9d0a22357e6655f9c785"
- },
- { "940c89fe40a81dafbdb2416d14ae469119869744410c3303bfaa0241dac57800",
- "a2eb8c0501e30bae0cf842d2bde8dec7386f6b7fc3981b8c57c9792bb94cf2dd",
- "d8bb64aad8c9955a115a793addd24f7f2b077648714f49c4694ec995b330d09d"
- "640df310f447fd7b6cb5c14f9fe9f490bcf8cfadbfd2169c8ac20d3b8af49a0c",
- "b87d3813e03f58cf19fd0b6395"
- },
- { "9acad959d216212d789a119252ebfe0c96512a23c73bd9f3b202292d6916a738",
- "cf3af898467a5b7a52d33d53bc037e2642a8da996903fc252217e9c033e2f291",
- "6ee3fe81e23c60eb2312b2006b3b25e6838e02106623f844c44edb8dafd66ab0"
- "671087fd195df5b8f58a1d6e52af42908053d55c7321010092748795ef94cf06",
- "55c7fa434f5ed8cdec2b7aeac173",
- },
- { "d5aeee41eeb0e9d1bf8337f939587ebe296161e6bf5209f591ec939e1440c300",
- "fd2a565723163e29f53c9de3d5e8fbe36a7ab66e1439ec4eae9c0a604af291a5",
- "f68d04847e5b249737899c014d31c805c5007a62c0a10d50bb1538c5f3550395"
- "1fbc1e08682f2cc0c92efe8f4985dec61dcbd54d4b94a22547d24451271c8b00",
- "0a688e79be24f866286d4646b5d81c"
- },
- { NULL, NULL, NULL, NULL}
- };
- (void)arg;
- for (i = 0; items[i].pk; ++i) {
- ed25519_keypair_t kp;
- ed25519_signature_t sig;
- uint8_t sk_seed[32];
- uint8_t *msg;
- size_t msg_len;
- base16_decode((char*)sk_seed, sizeof(sk_seed),
- items[i].sk, 64);
- ed25519_secret_key_from_seed(&kp.seckey, sk_seed);
- tt_int_op(0, ==, ed25519_public_key_generate(&kp.pubkey, &kp.seckey));
- test_memeq_hex(kp.pubkey.pubkey, items[i].pk);
- msg_len = strlen(items[i].msg) / 2;
- msg = tor_malloc(msg_len);
- base16_decode((char*)msg, msg_len, items[i].msg, strlen(items[i].msg));
- tt_int_op(0, ==, ed25519_sign(&sig, msg, msg_len, &kp));
- test_memeq_hex(sig.sig, items[i].sig);
- tor_free(msg);
- }
- done:
- tor_free(mem_op_hex_tmp);
- }
- static void
- test_crypto_ed25519_encode(void *arg)
- {
- char buf[ED25519_BASE64_LEN+1];
- ed25519_keypair_t kp;
- ed25519_public_key_t pk;
- char *mem_op_hex_tmp = NULL;
- (void) arg;
- /* Test roundtrip. */
- tt_int_op(0, ==, ed25519_keypair_generate(&kp, 0));
- tt_int_op(0, ==, ed25519_public_to_base64(buf, &kp.pubkey));
- tt_int_op(ED25519_BASE64_LEN, ==, strlen(buf));
- tt_int_op(0, ==, ed25519_public_from_base64(&pk, buf));
- tt_mem_op(kp.pubkey.pubkey, ==, pk.pubkey, ED25519_PUBKEY_LEN);
- /* Test known value. */
- tt_int_op(0, ==, ed25519_public_from_base64(&pk,
- "lVIuIctLjbGZGU5wKMNXxXlSE3cW4kaqkqm04u6pxvM"));
- test_memeq_hex(pk.pubkey,
- "95522e21cb4b8db199194e7028c357c57952137716e246aa92a9b4e2eea9c6f3");
- done:
- tor_free(mem_op_hex_tmp);
- }
- static void
- test_crypto_ed25519_convert(void *arg)
- {
- const uint8_t msg[] =
- "The eyes are not here / There are no eyes here.";
- const int N = 30;
- int i;
- (void)arg;
- for (i = 0; i < N; ++i) {
- curve25519_keypair_t curve25519_keypair;
- ed25519_keypair_t ed25519_keypair;
- ed25519_public_key_t ed25519_pubkey;
- int bit=0;
- ed25519_signature_t sig;
- tt_int_op(0,==,curve25519_keypair_generate(&curve25519_keypair, i&1));
- tt_int_op(0,==,ed25519_keypair_from_curve25519_keypair(
- &ed25519_keypair, &bit, &curve25519_keypair));
- tt_int_op(0,==,ed25519_public_key_from_curve25519_public_key(
- &ed25519_pubkey, &curve25519_keypair.pubkey, bit));
- tt_mem_op(ed25519_pubkey.pubkey, ==, ed25519_keypair.pubkey.pubkey, 32);
- tt_int_op(0,==,ed25519_sign(&sig, msg, sizeof(msg), &ed25519_keypair));
- tt_int_op(0,==,ed25519_checksig(&sig, msg, sizeof(msg),
- &ed25519_pubkey));
- tt_int_op(-1,==,ed25519_checksig(&sig, msg, sizeof(msg)-1,
- &ed25519_pubkey));
- sig.sig[0] ^= 15;
- tt_int_op(-1,==,ed25519_checksig(&sig, msg, sizeof(msg),
- &ed25519_pubkey));
- }
- done:
- ;
- }
- static void
- test_crypto_ed25519_blinding(void *arg)
- {
- const uint8_t msg[] =
- "Eyes I dare not meet in dreams / In death's dream kingdom";
- const int N = 30;
- int i;
- (void)arg;
- for (i = 0; i < N; ++i) {
- uint8_t blinding[32];
- ed25519_keypair_t ed25519_keypair;
- ed25519_keypair_t ed25519_keypair_blinded;
- ed25519_public_key_t ed25519_pubkey_blinded;
- ed25519_signature_t sig;
- crypto_rand((char*) blinding, sizeof(blinding));
- tt_int_op(0,==,ed25519_keypair_generate(&ed25519_keypair, 0));
- tt_int_op(0,==,ed25519_keypair_blind(&ed25519_keypair_blinded,
- &ed25519_keypair, blinding));
- tt_int_op(0,==,ed25519_public_blind(&ed25519_pubkey_blinded,
- &ed25519_keypair.pubkey, blinding));
- tt_mem_op(ed25519_pubkey_blinded.pubkey, ==,
- ed25519_keypair_blinded.pubkey.pubkey, 32);
- tt_int_op(0,==,ed25519_sign(&sig, msg, sizeof(msg),
- &ed25519_keypair_blinded));
- tt_int_op(0,==,ed25519_checksig(&sig, msg, sizeof(msg),
- &ed25519_pubkey_blinded));
- tt_int_op(-1,==,ed25519_checksig(&sig, msg, sizeof(msg)-1,
- &ed25519_pubkey_blinded));
- sig.sig[0] ^= 15;
- tt_int_op(-1,==,ed25519_checksig(&sig, msg, sizeof(msg),
- &ed25519_pubkey_blinded));
- }
- done:
- ;
- }
- static void
- test_crypto_ed25519_testvectors(void *arg)
- {
- unsigned i;
- char *mem_op_hex_tmp = NULL;
- (void)arg;
- for (i = 0; i < ARRAY_LENGTH(ED25519_SECRET_KEYS); ++i) {
- uint8_t sk[32];
- ed25519_secret_key_t esk;
- ed25519_public_key_t pk, blind_pk, pkfromcurve;
- ed25519_keypair_t keypair, blind_keypair;
- curve25519_keypair_t curvekp;
- uint8_t blinding_param[32];
- ed25519_signature_t sig;
- int sign;
- #define DECODE(p,s) base16_decode((char*)(p),sizeof(p),(s),strlen(s))
- #define EQ(a,h) test_memeq_hex((const char*)(a), (h))
- tt_int_op(0, ==, DECODE(sk, ED25519_SECRET_KEYS[i]));
- tt_int_op(0, ==, DECODE(blinding_param, ED25519_BLINDING_PARAMS[i]));
- tt_int_op(0, ==, ed25519_secret_key_from_seed(&esk, sk));
- EQ(esk.seckey, ED25519_EXPANDED_SECRET_KEYS[i]);
- tt_int_op(0, ==, ed25519_public_key_generate(&pk, &esk));
- EQ(pk.pubkey, ED25519_PUBLIC_KEYS[i]);
- memcpy(&curvekp.seckey.secret_key, esk.seckey, 32);
- curve25519_public_key_generate(&curvekp.pubkey, &curvekp.seckey);
- tt_int_op(0, ==,
- ed25519_keypair_from_curve25519_keypair(&keypair, &sign, &curvekp));
- tt_int_op(0, ==, ed25519_public_key_from_curve25519_public_key(
- &pkfromcurve, &curvekp.pubkey, sign));
- tt_mem_op(keypair.pubkey.pubkey, ==, pkfromcurve.pubkey, 32);
- EQ(curvekp.pubkey.public_key, ED25519_CURVE25519_PUBLIC_KEYS[i]);
- /* Self-signing */
- memcpy(&keypair.seckey, &esk, sizeof(esk));
- memcpy(&keypair.pubkey, &pk, sizeof(pk));
- tt_int_op(0, ==, ed25519_sign(&sig, pk.pubkey, 32, &keypair));
- EQ(sig.sig, ED25519_SELF_SIGNATURES[i]);
- /* Blinding */
- tt_int_op(0, ==,
- ed25519_keypair_blind(&blind_keypair, &keypair, blinding_param));
- tt_int_op(0, ==,
- ed25519_public_blind(&blind_pk, &pk, blinding_param));
- EQ(blind_keypair.seckey.seckey, ED25519_BLINDED_SECRET_KEYS[i]);
- EQ(blind_pk.pubkey, ED25519_BLINDED_PUBLIC_KEYS[i]);
- tt_mem_op(blind_pk.pubkey, ==, blind_keypair.pubkey.pubkey, 32);
- #undef DECODE
- #undef EQ
- }
- done:
- tor_free(mem_op_hex_tmp);
- }
- static void
- test_crypto_siphash(void *arg)
- {
- /* From the reference implementation, taking
- k = 00 01 02 ... 0f
- and in = 00; 00 01; 00 01 02; ...
- */
- const uint8_t VECTORS[64][8] =
- {
- { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
- { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
- { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
- { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
- { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
- { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
- { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
- { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
- { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
- { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
- { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
- { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
- { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
- { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
- { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
- { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
- { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
- { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
- { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
- { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
- { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
- { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
- { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
- { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
- { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
- { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
- { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
- { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
- { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
- { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
- { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
- { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
- { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
- { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
- { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
- { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
- { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
- { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
- { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
- { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
- { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
- { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
- { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
- { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
- { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
- { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
- { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
- { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
- { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
- { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
- { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
- { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
- { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
- { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
- { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
- { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
- { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
- { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
- { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
- { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
- { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
- { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
- { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
- { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
- };
- const struct sipkey K = { U64_LITERAL(0x0706050403020100),
- U64_LITERAL(0x0f0e0d0c0b0a0908) };
- uint8_t input[64];
- int i, j;
- (void)arg;
- for (i = 0; i < 64; ++i)
- input[i] = i;
- for (i = 0; i < 64; ++i) {
- uint64_t r = siphash24(input, i, &K);
- for (j = 0; j < 8; ++j) {
- tt_int_op( (r >> (j*8)) & 0xff, ==, VECTORS[i][j]);
- }
- }
- done:
- ;
- }
- static void *
- pass_data_setup_fn(const struct testcase_t *testcase)
- {
- return testcase->setup_data;
- }
- static int
- pass_data_cleanup_fn(const struct testcase_t *testcase, void *ptr)
- {
- (void)ptr;
- (void)testcase;
- return 1;
- }
- static const struct testcase_setup_t pass_data = {
- pass_data_setup_fn, pass_data_cleanup_fn
- };
- #define CRYPTO_LEGACY(name) \
- { #name, test_crypto_ ## name , 0, NULL, NULL }
- struct testcase_t crypto_tests[] = {
- CRYPTO_LEGACY(formats),
- CRYPTO_LEGACY(rng),
- { "aes_AES", test_crypto_aes, TT_FORK, &pass_data, (void*)"aes" },
- { "aes_EVP", test_crypto_aes, TT_FORK, &pass_data, (void*)"evp" },
- CRYPTO_LEGACY(sha),
- CRYPTO_LEGACY(pk),
- { "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
- CRYPTO_LEGACY(digests),
- CRYPTO_LEGACY(dh),
- CRYPTO_LEGACY(s2k_rfc2440),
- #ifdef HAVE_LIBSCRYPT_H
- { "s2k_scrypt", test_crypto_s2k_general, 0, &pass_data,
- (void*)"scrypt" },
- { "s2k_scrypt_low", test_crypto_s2k_general, 0, &pass_data,
- (void*)"scrypt-low" },
- #endif
- { "s2k_pbkdf2", test_crypto_s2k_general, 0, &pass_data,
- (void*)"pbkdf2" },
- { "s2k_rfc2440_general", test_crypto_s2k_general, 0, &pass_data,
- (void*)"rfc2440" },
- { "s2k_rfc2440_legacy", test_crypto_s2k_general, 0, &pass_data,
- (void*)"rfc2440-legacy" },
- { "s2k_errors", test_crypto_s2k_errors, 0, NULL, NULL },
- { "scrypt_vectors", test_crypto_scrypt_vectors, 0, NULL, NULL },
- { "pbkdf2_vectors", test_crypto_pbkdf2_vectors, 0, NULL, NULL },
- { "pwbox", test_crypto_pwbox, 0, NULL, NULL },
- { "aes_iv_AES", test_crypto_aes_iv, TT_FORK, &pass_data, (void*)"aes" },
- { "aes_iv_EVP", test_crypto_aes_iv, TT_FORK, &pass_data, (void*)"evp" },
- CRYPTO_LEGACY(base32_decode),
- { "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
- { "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
- { "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
- { "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
- { "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
- { "curve25519_encode", test_crypto_curve25519_encode, 0, NULL, NULL },
- { "curve25519_persist", test_crypto_curve25519_persist, 0, NULL, NULL },
- { "ed25519_simple", test_crypto_ed25519_simple, 0, NULL, NULL },
- { "ed25519_test_vectors", test_crypto_ed25519_test_vectors, 0, NULL, NULL },
- { "ed25519_encode", test_crypto_ed25519_encode, 0, NULL, NULL },
- { "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL },
- { "ed25519_blinding", test_crypto_ed25519_blinding, 0, NULL, NULL },
- { "ed25519_testvectors", test_crypto_ed25519_testvectors, 0, NULL, NULL },
- { "siphash", test_crypto_siphash, 0, NULL, NULL },
- END_OF_TESTCASES
- };
|