search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scripted-diff: Use new naming style for insecure_rand* functions
[bitcoinplatinum.git] / src / wallet / test / crypto_tests.cpp
blob524a72c303fba2c0c9f3fd02b031f97c94d56b7d
1 // Copyright (c) 2014-2016 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include "test/test_bitcoin.h"
6 #include "utilstrencodings.h"
7 #include "wallet/crypter.h"
8
9 #include <vector>
10
11 #include <boost/test/unit_test.hpp>
12 #include <openssl/aes.h>
13 #include <openssl/evp.h>
14
15 BOOST_FIXTURE_TEST_SUITE(wallet_crypto, BasicTestingSetup)
16
17 bool OldSetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod, unsigned char* chKey, unsigned char* chIV)
18 {
19 if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
20 return false;
21
22 int i = 0;
23 if (nDerivationMethod == 0)
24 i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
25 (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);
26
27 if (i != (int)WALLET_CRYPTO_KEY_SIZE)
28 {
29 memory_cleanse(chKey, sizeof(chKey));
30 memory_cleanse(chIV, sizeof(chIV));
31 return false;
32 }
33 return true;
34 }
35
36 bool OldEncrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext, const unsigned char chKey[32], const unsigned char chIV[16])
37 {
38 // max ciphertext len for a n bytes of plaintext is
39 // n + AES_BLOCK_SIZE - 1 bytes
40 int nLen = vchPlaintext.size();
41 int nCLen = nLen + AES_BLOCK_SIZE, nFLen = 0;
42 vchCiphertext = std::vector<unsigned char> (nCLen);
43
44 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
45
46 if (!ctx) return false;
47
48 bool fOk = true;
49
50 EVP_CIPHER_CTX_init(ctx);
51 if (fOk) fOk = EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
52 if (fOk) fOk = EVP_EncryptUpdate(ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0;
53 if (fOk) fOk = EVP_EncryptFinal_ex(ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0;
54 EVP_CIPHER_CTX_cleanup(ctx);
55
56 EVP_CIPHER_CTX_free(ctx);
57
58 if (!fOk) return false;
59
60 vchCiphertext.resize(nCLen + nFLen);
61 return true;
62 }
63
64 bool OldDecrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext, const unsigned char chKey[32], const unsigned char chIV[16])
65 {
66 // plaintext will always be equal to or lesser than length of ciphertext
67 int nLen = vchCiphertext.size();
68 int nPLen = nLen, nFLen = 0;
69
70 vchPlaintext = CKeyingMaterial(nPLen);
71
72 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
73
74 if (!ctx) return false;
75
76 bool fOk = true;
77
78 EVP_CIPHER_CTX_init(ctx);
79 if (fOk) fOk = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
80 if (fOk) fOk = EVP_DecryptUpdate(ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0;
81 if (fOk) fOk = EVP_DecryptFinal_ex(ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0;
82 EVP_CIPHER_CTX_cleanup(ctx);
83
84 EVP_CIPHER_CTX_free(ctx);
85
86 if (!fOk) return false;
87
88 vchPlaintext.resize(nPLen + nFLen);
89 return true;
90 }
91
92 class TestCrypter
93 {
94 public:
95 static void TestPassphraseSingle(const std::vector<unsigned char>& vchSalt, const SecureString& passphrase, uint32_t rounds,
96 const std::vector<unsigned char>& correctKey = std::vector<unsigned char>(),
97 const std::vector<unsigned char>& correctIV=std::vector<unsigned char>())
98 {
99 unsigned char chKey[WALLET_CRYPTO_KEY_SIZE];
100 unsigned char chIV[WALLET_CRYPTO_IV_SIZE];
101
102 CCrypter crypt;
103 crypt.SetKeyFromPassphrase(passphrase, vchSalt, rounds, 0);
104
105 OldSetKeyFromPassphrase(passphrase, vchSalt, rounds, 0, chKey, chIV);
106
107 BOOST_CHECK_MESSAGE(memcmp(chKey, crypt.vchKey.data(), crypt.vchKey.size()) == 0, \
108 HexStr(chKey, chKey+sizeof(chKey)) + std::string(" != ") + HexStr(crypt.vchKey));
109 BOOST_CHECK_MESSAGE(memcmp(chIV, crypt.vchIV.data(), crypt.vchIV.size()) == 0, \
110 HexStr(chIV, chIV+sizeof(chIV)) + std::string(" != ") + HexStr(crypt.vchIV));
111
112 if(!correctKey.empty())
113 BOOST_CHECK_MESSAGE(memcmp(chKey, &correctKey[0], sizeof(chKey)) == 0, \
114 HexStr(chKey, chKey+sizeof(chKey)) + std::string(" != ") + HexStr(correctKey.begin(), correctKey.end()));
115 if(!correctIV.empty())
116 BOOST_CHECK_MESSAGE(memcmp(chIV, &correctIV[0], sizeof(chIV)) == 0,
117 HexStr(chIV, chIV+sizeof(chIV)) + std::string(" != ") + HexStr(correctIV.begin(), correctIV.end()));
118 }
119
120 static void TestPassphrase(const std::vector<unsigned char>& vchSalt, const SecureString& passphrase, uint32_t rounds,
121 const std::vector<unsigned char>& correctKey = std::vector<unsigned char>(),
122 const std::vector<unsigned char>& correctIV=std::vector<unsigned char>())
123 {
124 TestPassphraseSingle(vchSalt, passphrase, rounds, correctKey, correctIV);
125 for(SecureString::const_iterator i(passphrase.begin()); i != passphrase.end(); ++i)
126 TestPassphraseSingle(vchSalt, SecureString(i, passphrase.end()), rounds);
127 }
128
129
130 static void TestDecrypt(const CCrypter& crypt, const std::vector<unsigned char>& vchCiphertext, \
131 const std::vector<unsigned char>& vchPlaintext = std::vector<unsigned char>())
132 {
133 CKeyingMaterial vchDecrypted1;
134 CKeyingMaterial vchDecrypted2;
135 int result1, result2;
136 result1 = crypt.Decrypt(vchCiphertext, vchDecrypted1);
137 result2 = OldDecrypt(vchCiphertext, vchDecrypted2, crypt.vchKey.data(), crypt.vchIV.data());
138 BOOST_CHECK(result1 == result2);
139
140 // These two should be equal. However, OpenSSL 1.0.1j introduced a change
141 // that would zero all padding except for the last byte for failed decrypts.
142 // This behavior was reverted for 1.0.1k.
143 if (vchDecrypted1 != vchDecrypted2 && vchDecrypted1.size() >= AES_BLOCK_SIZE && SSLeay() == 0x100010afL)
144 {
145 for(CKeyingMaterial::iterator it = vchDecrypted1.end() - AES_BLOCK_SIZE; it != vchDecrypted1.end() - 1; it++)
146 *it = 0;
147 }
148
149 BOOST_CHECK_MESSAGE(vchDecrypted1 == vchDecrypted2, HexStr(vchDecrypted1.begin(), vchDecrypted1.end()) + " != " + HexStr(vchDecrypted2.begin(), vchDecrypted2.end()));
150
151 if (vchPlaintext.size())
152 BOOST_CHECK(CKeyingMaterial(vchPlaintext.begin(), vchPlaintext.end()) == vchDecrypted2);
153 }
154
155 static void TestEncryptSingle(const CCrypter& crypt, const CKeyingMaterial& vchPlaintext,
156 const std::vector<unsigned char>& vchCiphertextCorrect = std::vector<unsigned char>())
157 {
158 std::vector<unsigned char> vchCiphertext1;
159 std::vector<unsigned char> vchCiphertext2;
160 int result1 = crypt.Encrypt(vchPlaintext, vchCiphertext1);
161
162 int result2 = OldEncrypt(vchPlaintext, vchCiphertext2, crypt.vchKey.data(), crypt.vchIV.data());
163 BOOST_CHECK(result1 == result2);
164 BOOST_CHECK(vchCiphertext1 == vchCiphertext2);
165
166 if (!vchCiphertextCorrect.empty())
167 BOOST_CHECK(vchCiphertext2 == vchCiphertextCorrect);
168
169 const std::vector<unsigned char> vchPlaintext2(vchPlaintext.begin(), vchPlaintext.end());
170
171 if(vchCiphertext1 == vchCiphertext2)
172 TestDecrypt(crypt, vchCiphertext1, vchPlaintext2);
173 }
174
175 static void TestEncrypt(const CCrypter& crypt, const std::vector<unsigned char>& vchPlaintextIn, \
176 const std::vector<unsigned char>& vchCiphertextCorrect = std::vector<unsigned char>())
177 {
178 TestEncryptSingle(crypt, CKeyingMaterial(vchPlaintextIn.begin(), vchPlaintextIn.end()), vchCiphertextCorrect);
179 for(std::vector<unsigned char>::const_iterator i(vchPlaintextIn.begin()); i != vchPlaintextIn.end(); ++i)
180 TestEncryptSingle(crypt, CKeyingMaterial(i, vchPlaintextIn.end()));
181 }
182
183 };
184
185 BOOST_AUTO_TEST_CASE(passphrase) {
186 // These are expensive.
187
188 TestCrypter::TestPassphrase(ParseHex("0000deadbeef0000"), "test", 25000, \
189 ParseHex("fc7aba077ad5f4c3a0988d8daa4810d0d4a0e3bcb53af662998898f33df0556a"), \
190 ParseHex("cf2f2691526dd1aa220896fb8bf7c369"));
191
192 std::string hash(GetRandHash().ToString());
193 std::vector<unsigned char> vchSalt(8);
194 GetRandBytes(&vchSalt[0], vchSalt.size());
195 uint32_t rounds = InsecureRand32();
196 if (rounds > 30000)
197 rounds = 30000;
198 TestCrypter::TestPassphrase(vchSalt, SecureString(hash.begin(), hash.end()), rounds);
199 }
200
201 BOOST_AUTO_TEST_CASE(encrypt) {
202 std::vector<unsigned char> vchSalt = ParseHex("0000deadbeef0000");
203 BOOST_CHECK(vchSalt.size() == WALLET_CRYPTO_SALT_SIZE);
204 CCrypter crypt;
205 crypt.SetKeyFromPassphrase("passphrase", vchSalt, 25000, 0);
206 TestCrypter::TestEncrypt(crypt, ParseHex("22bcade09ac03ff6386914359cfe885cfeb5f77ff0d670f102f619687453b29d"));
207
208 for (int i = 0; i != 100; i++)
209 {
210 uint256 hash(GetRandHash());
211 TestCrypter::TestEncrypt(crypt, std::vector<unsigned char>(hash.begin(), hash.end()));
212 }
213
214 }
215
216 BOOST_AUTO_TEST_CASE(decrypt) {
217 std::vector<unsigned char> vchSalt = ParseHex("0000deadbeef0000");
218 BOOST_CHECK(vchSalt.size() == WALLET_CRYPTO_SALT_SIZE);
219 CCrypter crypt;
220 crypt.SetKeyFromPassphrase("passphrase", vchSalt, 25000, 0);
221
222 // Some corner cases the came up while testing
223 TestCrypter::TestDecrypt(crypt,ParseHex("795643ce39d736088367822cdc50535ec6f103715e3e48f4f3b1a60a08ef59ca"));
224 TestCrypter::TestDecrypt(crypt,ParseHex("de096f4a8f9bd97db012aa9d90d74de8cdea779c3ee8bc7633d8b5d6da703486"));
225 TestCrypter::TestDecrypt(crypt,ParseHex("32d0a8974e3afd9c6c3ebf4d66aa4e6419f8c173de25947f98cf8b7ace49449c"));
226 TestCrypter::TestDecrypt(crypt,ParseHex("e7c055cca2faa78cb9ac22c9357a90b4778ded9b2cc220a14cea49f931e596ea"));
227 TestCrypter::TestDecrypt(crypt,ParseHex("b88efddd668a6801d19516d6830da4ae9811988ccbaf40df8fbb72f3f4d335fd"));
228 TestCrypter::TestDecrypt(crypt,ParseHex("8cae76aa6a43694e961ebcb28c8ca8f8540b84153d72865e8561ddd93fa7bfa9"));
229
230 for (int i = 0; i != 100; i++)
231 {
232 uint256 hash(GetRandHash());
233 TestCrypter::TestDecrypt(crypt, std::vector<unsigned char>(hash.begin(), hash.end()));
234 }
235 }
236
237 BOOST_AUTO_TEST_SUITE_END()