1 // Copyright (c) 2014-2016 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 #include "test/test_bitcoin.h"
6 #include "utilstrencodings.h"
7 #include "wallet/crypter.h"
11 #include <boost/test/unit_test.hpp>
12 #include <openssl/aes.h>
13 #include <openssl/evp.h>
15 BOOST_FIXTURE_TEST_SUITE(wallet_crypto
, BasicTestingSetup
)
17 bool OldSetKeyFromPassphrase(const SecureString
& strKeyData
, const std::vector
<unsigned char>& chSalt
, const unsigned int nRounds
, const unsigned int nDerivationMethod
, unsigned char* chKey
, unsigned char* chIV
)
19 if (nRounds
< 1 || chSalt
.size() != WALLET_CRYPTO_SALT_SIZE
)
23 if (nDerivationMethod
== 0)
24 i
= EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt
[0],
25 (unsigned char *)&strKeyData
[0], strKeyData
.size(), nRounds
, chKey
, chIV
);
27 if (i
!= (int)WALLET_CRYPTO_KEY_SIZE
)
29 memory_cleanse(chKey
, sizeof(chKey
));
30 memory_cleanse(chIV
, sizeof(chIV
));
36 bool OldEncrypt(const CKeyingMaterial
& vchPlaintext
, std::vector
<unsigned char> &vchCiphertext
, const unsigned char chKey
[32], const unsigned char chIV
[16])
38 // max ciphertext len for a n bytes of plaintext is
39 // n + AES_BLOCK_SIZE - 1 bytes
40 int nLen
= vchPlaintext
.size();
41 int nCLen
= nLen
+ AES_BLOCK_SIZE
, nFLen
= 0;
42 vchCiphertext
= std::vector
<unsigned char> (nCLen
);
44 EVP_CIPHER_CTX
*ctx
= EVP_CIPHER_CTX_new();
46 if (!ctx
) return false;
50 EVP_CIPHER_CTX_init(ctx
);
51 if (fOk
) fOk
= EVP_EncryptInit_ex(ctx
, EVP_aes_256_cbc(), NULL
, chKey
, chIV
) != 0;
52 if (fOk
) fOk
= EVP_EncryptUpdate(ctx
, &vchCiphertext
[0], &nCLen
, &vchPlaintext
[0], nLen
) != 0;
53 if (fOk
) fOk
= EVP_EncryptFinal_ex(ctx
, (&vchCiphertext
[0]) + nCLen
, &nFLen
) != 0;
54 EVP_CIPHER_CTX_cleanup(ctx
);
56 EVP_CIPHER_CTX_free(ctx
);
58 if (!fOk
) return false;
60 vchCiphertext
.resize(nCLen
+ nFLen
);
64 bool OldDecrypt(const std::vector
<unsigned char>& vchCiphertext
, CKeyingMaterial
& vchPlaintext
, const unsigned char chKey
[32], const unsigned char chIV
[16])
66 // plaintext will always be equal to or lesser than length of ciphertext
67 int nLen
= vchCiphertext
.size();
68 int nPLen
= nLen
, nFLen
= 0;
70 vchPlaintext
= CKeyingMaterial(nPLen
);
72 EVP_CIPHER_CTX
*ctx
= EVP_CIPHER_CTX_new();
74 if (!ctx
) return false;
78 EVP_CIPHER_CTX_init(ctx
);
79 if (fOk
) fOk
= EVP_DecryptInit_ex(ctx
, EVP_aes_256_cbc(), NULL
, chKey
, chIV
) != 0;
80 if (fOk
) fOk
= EVP_DecryptUpdate(ctx
, &vchPlaintext
[0], &nPLen
, &vchCiphertext
[0], nLen
) != 0;
81 if (fOk
) fOk
= EVP_DecryptFinal_ex(ctx
, (&vchPlaintext
[0]) + nPLen
, &nFLen
) != 0;
82 EVP_CIPHER_CTX_cleanup(ctx
);
84 EVP_CIPHER_CTX_free(ctx
);
86 if (!fOk
) return false;
88 vchPlaintext
.resize(nPLen
+ nFLen
);
95 static void TestPassphraseSingle(const std::vector
<unsigned char>& vchSalt
, const SecureString
& passphrase
, uint32_t rounds
,
96 const std::vector
<unsigned char>& correctKey
= std::vector
<unsigned char>(),
97 const std::vector
<unsigned char>& correctIV
=std::vector
<unsigned char>())
99 unsigned char chKey
[WALLET_CRYPTO_KEY_SIZE
];
100 unsigned char chIV
[WALLET_CRYPTO_IV_SIZE
];
103 crypt
.SetKeyFromPassphrase(passphrase
, vchSalt
, rounds
, 0);
105 OldSetKeyFromPassphrase(passphrase
, vchSalt
, rounds
, 0, chKey
, chIV
);
107 BOOST_CHECK_MESSAGE(memcmp(chKey
, crypt
.vchKey
.data(), crypt
.vchKey
.size()) == 0, \
108 HexStr(chKey
, chKey
+sizeof(chKey
)) + std::string(" != ") + HexStr(crypt
.vchKey
));
109 BOOST_CHECK_MESSAGE(memcmp(chIV
, crypt
.vchIV
.data(), crypt
.vchIV
.size()) == 0, \
110 HexStr(chIV
, chIV
+sizeof(chIV
)) + std::string(" != ") + HexStr(crypt
.vchIV
));
112 if(!correctKey
.empty())
113 BOOST_CHECK_MESSAGE(memcmp(chKey
, &correctKey
[0], sizeof(chKey
)) == 0, \
114 HexStr(chKey
, chKey
+sizeof(chKey
)) + std::string(" != ") + HexStr(correctKey
.begin(), correctKey
.end()));
115 if(!correctIV
.empty())
116 BOOST_CHECK_MESSAGE(memcmp(chIV
, &correctIV
[0], sizeof(chIV
)) == 0,
117 HexStr(chIV
, chIV
+sizeof(chIV
)) + std::string(" != ") + HexStr(correctIV
.begin(), correctIV
.end()));
120 static void TestPassphrase(const std::vector
<unsigned char>& vchSalt
, const SecureString
& passphrase
, uint32_t rounds
,
121 const std::vector
<unsigned char>& correctKey
= std::vector
<unsigned char>(),
122 const std::vector
<unsigned char>& correctIV
=std::vector
<unsigned char>())
124 TestPassphraseSingle(vchSalt
, passphrase
, rounds
, correctKey
, correctIV
);
125 for(SecureString::const_iterator
i(passphrase
.begin()); i
!= passphrase
.end(); ++i
)
126 TestPassphraseSingle(vchSalt
, SecureString(i
, passphrase
.end()), rounds
);
130 static void TestDecrypt(const CCrypter
& crypt
, const std::vector
<unsigned char>& vchCiphertext
, \
131 const std::vector
<unsigned char>& vchPlaintext
= std::vector
<unsigned char>())
133 CKeyingMaterial vchDecrypted1
;
134 CKeyingMaterial vchDecrypted2
;
135 int result1
, result2
;
136 result1
= crypt
.Decrypt(vchCiphertext
, vchDecrypted1
);
137 result2
= OldDecrypt(vchCiphertext
, vchDecrypted2
, crypt
.vchKey
.data(), crypt
.vchIV
.data());
138 BOOST_CHECK(result1
== result2
);
140 // These two should be equal. However, OpenSSL 1.0.1j introduced a change
141 // that would zero all padding except for the last byte for failed decrypts.
142 // This behavior was reverted for 1.0.1k.
143 if (vchDecrypted1
!= vchDecrypted2
&& vchDecrypted1
.size() >= AES_BLOCK_SIZE
&& SSLeay() == 0x100010afL
)
145 for(CKeyingMaterial::iterator it
= vchDecrypted1
.end() - AES_BLOCK_SIZE
; it
!= vchDecrypted1
.end() - 1; it
++)
149 BOOST_CHECK_MESSAGE(vchDecrypted1
== vchDecrypted2
, HexStr(vchDecrypted1
.begin(), vchDecrypted1
.end()) + " != " + HexStr(vchDecrypted2
.begin(), vchDecrypted2
.end()));
151 if (vchPlaintext
.size())
152 BOOST_CHECK(CKeyingMaterial(vchPlaintext
.begin(), vchPlaintext
.end()) == vchDecrypted2
);
155 static void TestEncryptSingle(const CCrypter
& crypt
, const CKeyingMaterial
& vchPlaintext
,
156 const std::vector
<unsigned char>& vchCiphertextCorrect
= std::vector
<unsigned char>())
158 std::vector
<unsigned char> vchCiphertext1
;
159 std::vector
<unsigned char> vchCiphertext2
;
160 int result1
= crypt
.Encrypt(vchPlaintext
, vchCiphertext1
);
162 int result2
= OldEncrypt(vchPlaintext
, vchCiphertext2
, crypt
.vchKey
.data(), crypt
.vchIV
.data());
163 BOOST_CHECK(result1
== result2
);
164 BOOST_CHECK(vchCiphertext1
== vchCiphertext2
);
166 if (!vchCiphertextCorrect
.empty())
167 BOOST_CHECK(vchCiphertext2
== vchCiphertextCorrect
);
169 const std::vector
<unsigned char> vchPlaintext2(vchPlaintext
.begin(), vchPlaintext
.end());
171 if(vchCiphertext1
== vchCiphertext2
)
172 TestDecrypt(crypt
, vchCiphertext1
, vchPlaintext2
);
175 static void TestEncrypt(const CCrypter
& crypt
, const std::vector
<unsigned char>& vchPlaintextIn
, \
176 const std::vector
<unsigned char>& vchCiphertextCorrect
= std::vector
<unsigned char>())
178 TestEncryptSingle(crypt
, CKeyingMaterial(vchPlaintextIn
.begin(), vchPlaintextIn
.end()), vchCiphertextCorrect
);
179 for(std::vector
<unsigned char>::const_iterator
i(vchPlaintextIn
.begin()); i
!= vchPlaintextIn
.end(); ++i
)
180 TestEncryptSingle(crypt
, CKeyingMaterial(i
, vchPlaintextIn
.end()));
185 BOOST_AUTO_TEST_CASE(passphrase
) {
186 // These are expensive.
188 TestCrypter::TestPassphrase(ParseHex("0000deadbeef0000"), "test", 25000, \
189 ParseHex("fc7aba077ad5f4c3a0988d8daa4810d0d4a0e3bcb53af662998898f33df0556a"), \
190 ParseHex("cf2f2691526dd1aa220896fb8bf7c369"));
192 std::string
hash(GetRandHash().ToString());
193 std::vector
<unsigned char> vchSalt(8);
194 GetRandBytes(&vchSalt
[0], vchSalt
.size());
195 uint32_t rounds
= InsecureRand32();
198 TestCrypter::TestPassphrase(vchSalt
, SecureString(hash
.begin(), hash
.end()), rounds
);
201 BOOST_AUTO_TEST_CASE(encrypt
) {
202 std::vector
<unsigned char> vchSalt
= ParseHex("0000deadbeef0000");
203 BOOST_CHECK(vchSalt
.size() == WALLET_CRYPTO_SALT_SIZE
);
205 crypt
.SetKeyFromPassphrase("passphrase", vchSalt
, 25000, 0);
206 TestCrypter::TestEncrypt(crypt
, ParseHex("22bcade09ac03ff6386914359cfe885cfeb5f77ff0d670f102f619687453b29d"));
208 for (int i
= 0; i
!= 100; i
++)
210 uint256
hash(GetRandHash());
211 TestCrypter::TestEncrypt(crypt
, std::vector
<unsigned char>(hash
.begin(), hash
.end()));
216 BOOST_AUTO_TEST_CASE(decrypt
) {
217 std::vector
<unsigned char> vchSalt
= ParseHex("0000deadbeef0000");
218 BOOST_CHECK(vchSalt
.size() == WALLET_CRYPTO_SALT_SIZE
);
220 crypt
.SetKeyFromPassphrase("passphrase", vchSalt
, 25000, 0);
222 // Some corner cases the came up while testing
223 TestCrypter::TestDecrypt(crypt
,ParseHex("795643ce39d736088367822cdc50535ec6f103715e3e48f4f3b1a60a08ef59ca"));
224 TestCrypter::TestDecrypt(crypt
,ParseHex("de096f4a8f9bd97db012aa9d90d74de8cdea779c3ee8bc7633d8b5d6da703486"));
225 TestCrypter::TestDecrypt(crypt
,ParseHex("32d0a8974e3afd9c6c3ebf4d66aa4e6419f8c173de25947f98cf8b7ace49449c"));
226 TestCrypter::TestDecrypt(crypt
,ParseHex("e7c055cca2faa78cb9ac22c9357a90b4778ded9b2cc220a14cea49f931e596ea"));
227 TestCrypter::TestDecrypt(crypt
,ParseHex("b88efddd668a6801d19516d6830da4ae9811988ccbaf40df8fbb72f3f4d335fd"));
228 TestCrypter::TestDecrypt(crypt
,ParseHex("8cae76aa6a43694e961ebcb28c8ca8f8540b84153d72865e8561ddd93fa7bfa9"));
230 for (int i
= 0; i
!= 100; i
++)
232 uint256
hash(GetRandHash());
233 TestCrypter::TestDecrypt(crypt
, std::vector
<unsigned char>(hash
.begin(), hash
.end()));
237 BOOST_AUTO_TEST_SUITE_END()