1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
11 /** Run unit tests for Diffie-Hellman functionality. */
15 crypto_dh_env_t
*dh1
= crypto_dh_new(DH_TYPE_CIRCUIT
);
16 crypto_dh_env_t
*dh2
= crypto_dh_new(DH_TYPE_CIRCUIT
);
23 test_eq(crypto_dh_get_bytes(dh1
), DH_BYTES
);
24 test_eq(crypto_dh_get_bytes(dh2
), DH_BYTES
);
26 memset(p1
, 0, DH_BYTES
);
27 memset(p2
, 0, DH_BYTES
);
28 test_memeq(p1
, p2
, DH_BYTES
);
29 test_assert(! crypto_dh_get_public(dh1
, p1
, DH_BYTES
));
30 test_memneq(p1
, p2
, DH_BYTES
);
31 test_assert(! crypto_dh_get_public(dh2
, p2
, DH_BYTES
));
32 test_memneq(p1
, p2
, DH_BYTES
);
34 memset(s1
, 0, DH_BYTES
);
35 memset(s2
, 0xFF, DH_BYTES
);
36 s1len
= crypto_dh_compute_secret(LOG_WARN
, dh1
, p2
, DH_BYTES
, s1
, 50);
37 s2len
= crypto_dh_compute_secret(LOG_WARN
, dh2
, p1
, DH_BYTES
, s2
, 50);
38 test_assert(s1len
> 0);
39 test_eq(s1len
, s2len
);
40 test_memeq(s1
, s2
, s1len
);
43 /* XXXX Now fabricate some bad values and make sure they get caught,
44 * Check 0, 1, N-1, >= N, etc.
53 /** Run unit tests for our random number generation function and its wrappers.
59 char data1
[100], data2
[100];
63 test_assert(! crypto_seed_rng(0));
64 crypto_rand(data1
, 100);
65 crypto_rand(data2
, 100);
66 test_memneq(data1
,data2
,100);
68 for (i
= 0; i
< 100; ++i
) {
71 j
= crypto_rand_int(100);
72 if (j
< 0 || j
>= 100)
74 big
= crypto_rand_uint64(U64_LITERAL(1)<<40);
75 if (big
>= (U64_LITERAL(1)<<40))
77 big
= crypto_rand_uint64(U64_LITERAL(5));
80 d
= crypto_rand_double();
83 host
= crypto_random_hostname(3,8,"www.",".onion");
84 if (strcmpstart(host
,"www.") ||
85 strcmpend(host
,".onion") ||
96 /** Run unit tests for our AES functionality */
100 char *data1
= NULL
, *data2
= NULL
, *data3
= NULL
;
101 crypto_cipher_env_t
*env1
= NULL
, *env2
= NULL
;
103 char *mem_op_hex_tmp
=NULL
;
105 data1
= tor_malloc(1024);
106 data2
= tor_malloc(1024);
107 data3
= tor_malloc(1024);
109 /* Now, test encryption and decryption with stream cipher. */
111 for (i
= 1023; i
>0; i
-= 35)
112 strncat(data1
, "Now is the time for all good onions", i
);
114 memset(data2
, 0, 1024);
115 memset(data3
, 0, 1024);
116 env1
= crypto_new_cipher_env();
118 env2
= crypto_new_cipher_env();
120 j
= crypto_cipher_generate_key(env1
);
121 crypto_cipher_set_key(env2
, crypto_cipher_get_key(env1
));
122 crypto_cipher_encrypt_init_cipher(env1
);
123 crypto_cipher_decrypt_init_cipher(env2
);
125 /* Try encrypting 512 chars. */
126 crypto_cipher_encrypt(env1
, data2
, data1
, 512);
127 crypto_cipher_decrypt(env2
, data3
, data2
, 512);
128 test_memeq(data1
, data3
, 512);
129 test_memneq(data1
, data2
, 512);
131 /* Now encrypt 1 at a time, and get 1 at a time. */
132 for (j
= 512; j
< 560; ++j
) {
133 crypto_cipher_encrypt(env1
, data2
+j
, data1
+j
, 1);
135 for (j
= 512; j
< 560; ++j
) {
136 crypto_cipher_decrypt(env2
, data3
+j
, data2
+j
, 1);
138 test_memeq(data1
, data3
, 560);
139 /* Now encrypt 3 at a time, and get 5 at a time. */
140 for (j
= 560; j
< 1024-5; j
+= 3) {
141 crypto_cipher_encrypt(env1
, data2
+j
, data1
+j
, 3);
143 for (j
= 560; j
< 1024-5; j
+= 5) {
144 crypto_cipher_decrypt(env2
, data3
+j
, data2
+j
, 5);
146 test_memeq(data1
, data3
, 1024-5);
147 /* Now make sure that when we encrypt with different chunk sizes, we get
149 crypto_free_cipher_env(env2
);
152 memset(data3
, 0, 1024);
153 env2
= crypto_new_cipher_env();
155 crypto_cipher_set_key(env2
, crypto_cipher_get_key(env1
));
156 crypto_cipher_encrypt_init_cipher(env2
);
157 for (j
= 0; j
< 1024-16; j
+= 17) {
158 crypto_cipher_encrypt(env2
, data3
+j
, data1
+j
, 17);
160 for (j
= 0; j
< 1024-16; ++j
) {
161 if (data2
[j
] != data3
[j
]) {
162 printf("%d: %d\t%d\n", j
, (int) data2
[j
], (int) data3
[j
]);
165 test_memeq(data2
, data3
, 1024-16);
166 crypto_free_cipher_env(env1
);
168 crypto_free_cipher_env(env2
);
171 /* NIST test vector for aes. */
172 env1
= crypto_new_cipher_env(); /* IV starts at 0 */
173 crypto_cipher_set_key(env1
, "\x80\x00\x00\x00\x00\x00\x00\x00"
174 "\x00\x00\x00\x00\x00\x00\x00\x00");
175 crypto_cipher_encrypt_init_cipher(env1
);
176 crypto_cipher_encrypt(env1
, data1
,
177 "\x00\x00\x00\x00\x00\x00\x00\x00"
178 "\x00\x00\x00\x00\x00\x00\x00\x00", 16);
179 test_memeq_hex(data1
, "0EDD33D3C621E546455BD8BA1418BEC8");
181 /* Now test rollover. All these values are originally from a python
183 crypto_cipher_set_iv(env1
, "\x00\x00\x00\x00\x00\x00\x00\x00"
184 "\xff\xff\xff\xff\xff\xff\xff\xff");
185 memset(data2
, 0, 1024);
186 crypto_cipher_encrypt(env1
, data1
, data2
, 32);
187 test_memeq_hex(data1
, "335fe6da56f843199066c14a00a40231"
188 "cdd0b917dbc7186908a6bfb5ffd574d3");
190 crypto_cipher_set_iv(env1
, "\x00\x00\x00\x00\xff\xff\xff\xff"
191 "\xff\xff\xff\xff\xff\xff\xff\xff");
192 memset(data2
, 0, 1024);
193 crypto_cipher_encrypt(env1
, data1
, data2
, 32);
194 test_memeq_hex(data1
, "e627c6423fa2d77832a02b2794094b73"
195 "3e63c721df790d2c6469cc1953a3ffac");
197 crypto_cipher_set_iv(env1
, "\xff\xff\xff\xff\xff\xff\xff\xff"
198 "\xff\xff\xff\xff\xff\xff\xff\xff");
199 memset(data2
, 0, 1024);
200 crypto_cipher_encrypt(env1
, data1
, data2
, 32);
201 test_memeq_hex(data1
, "2aed2bff0de54f9328efd070bf48f70a"
202 "0EDD33D3C621E546455BD8BA1418BEC8");
204 /* Now check rollover on inplace cipher. */
205 crypto_cipher_set_iv(env1
, "\xff\xff\xff\xff\xff\xff\xff\xff"
206 "\xff\xff\xff\xff\xff\xff\xff\xff");
207 crypto_cipher_crypt_inplace(env1
, data2
, 64);
208 test_memeq_hex(data2
, "2aed2bff0de54f9328efd070bf48f70a"
209 "0EDD33D3C621E546455BD8BA1418BEC8"
210 "93e2c5243d6839eac58503919192f7ae"
211 "1908e67cafa08d508816659c2e693191");
212 crypto_cipher_set_iv(env1
, "\xff\xff\xff\xff\xff\xff\xff\xff"
213 "\xff\xff\xff\xff\xff\xff\xff\xff");
214 crypto_cipher_crypt_inplace(env1
, data2
, 64);
215 test_assert(tor_mem_is_zero(data2
, 64));
218 tor_free(mem_op_hex_tmp
);
220 crypto_free_cipher_env(env1
);
222 crypto_free_cipher_env(env2
);
228 /** Run unit tests for our SHA-1 functionality */
230 test_crypto_sha(void)
232 crypto_digest_env_t
*d1
= NULL
, *d2
= NULL
;
237 char d_out1
[DIGEST_LEN
], d_out2
[DIGEST256_LEN
];
238 char *mem_op_hex_tmp
=NULL
;
240 /* Test SHA-1 with a test vector from the specification. */
241 i
= crypto_digest(data
, "abc", 3);
242 test_memeq_hex(data
, "A9993E364706816ABA3E25717850C26C9CD0D89D");
245 /* Test SHA-256 with a test vector from the specification. */
246 i
= crypto_digest256(data
, "abc", 3, DIGEST_SHA256
);
247 test_memeq_hex(data
, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
248 "96177A9CB410FF61F20015AD");
251 /* Test HMAC-SHA-1 with test cases from RFC2202. */
254 memset(key
, 0x0b, 20);
255 crypto_hmac_sha1(digest
, key
, 20, "Hi There", 8);
256 test_streq(hex_str(digest
, 20),
257 "B617318655057264E28BC0B6FB378C8EF146BE00");
259 crypto_hmac_sha1(digest
, "Jefe", 4, "what do ya want for nothing?", 28);
260 test_streq(hex_str(digest
, 20),
261 "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
264 base16_decode(key
, 25,
265 "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
266 memset(data
, 0xcd, 50);
267 crypto_hmac_sha1(digest
, key
, 25, data
, 50);
268 test_streq(hex_str(digest
, 20),
269 "4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
272 memset(key
, 0xaa, 80);
273 crypto_hmac_sha1(digest
, key
, 80,
274 "Test Using Larger Than Block-Size Key - Hash Key First",
276 test_streq(hex_str(digest
, 20),
277 "AA4AE5E15272D00E95705637CE8A3B55ED402112");
279 /* Incremental digest code. */
280 d1
= crypto_new_digest_env();
282 crypto_digest_add_bytes(d1
, "abcdef", 6);
283 d2
= crypto_digest_dup(d1
);
285 crypto_digest_add_bytes(d2
, "ghijkl", 6);
286 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
287 crypto_digest(d_out2
, "abcdefghijkl", 12);
288 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
289 crypto_digest_assign(d2
, d1
);
290 crypto_digest_add_bytes(d2
, "mno", 3);
291 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
292 crypto_digest(d_out2
, "abcdefmno", 9);
293 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
294 crypto_digest_get_digest(d1
, d_out1
, sizeof(d_out1
));
295 crypto_digest(d_out2
, "abcdef", 6);
296 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
297 crypto_free_digest_env(d1
);
298 crypto_free_digest_env(d2
);
300 /* Incremental digest code with sha256 */
301 d1
= crypto_new_digest256_env(DIGEST_SHA256
);
303 crypto_digest_add_bytes(d1
, "abcdef", 6);
304 d2
= crypto_digest_dup(d1
);
306 crypto_digest_add_bytes(d2
, "ghijkl", 6);
307 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
308 crypto_digest256(d_out2
, "abcdefghijkl", 12, DIGEST_SHA256
);
309 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
310 crypto_digest_assign(d2
, d1
);
311 crypto_digest_add_bytes(d2
, "mno", 3);
312 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
313 crypto_digest256(d_out2
, "abcdefmno", 9, DIGEST_SHA256
);
314 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
315 crypto_digest_get_digest(d1
, d_out1
, sizeof(d_out1
));
316 crypto_digest256(d_out2
, "abcdef", 6, DIGEST_SHA256
);
317 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
321 crypto_free_digest_env(d1
);
323 crypto_free_digest_env(d2
);
324 tor_free(mem_op_hex_tmp
);
327 /** Run unit tests for our public key crypto functions */
331 crypto_pk_env_t
*pk1
= NULL
, *pk2
= NULL
;
332 char *encoded
= NULL
;
333 char data1
[1024], data2
[1024], data3
[1024];
337 /* Public-key ciphers */
338 pk1
= pk_generate(0);
339 pk2
= crypto_new_pk_env();
340 test_assert(pk1
&& pk2
);
341 test_assert(! crypto_pk_write_public_key_to_string(pk1
, &encoded
, &size
));
342 test_assert(! crypto_pk_read_public_key_from_string(pk2
, encoded
, size
));
343 test_eq(0, crypto_pk_cmp_keys(pk1
, pk2
));
345 test_eq(128, crypto_pk_keysize(pk1
));
346 test_eq(1024, crypto_pk_num_bits(pk1
));
347 test_eq(128, crypto_pk_keysize(pk2
));
348 test_eq(1024, crypto_pk_num_bits(pk2
));
350 test_eq(128, crypto_pk_public_encrypt(pk2
, data1
, sizeof(data1
),
351 "Hello whirled.", 15,
352 PK_PKCS1_OAEP_PADDING
));
353 test_eq(128, crypto_pk_public_encrypt(pk1
, data2
, sizeof(data1
),
354 "Hello whirled.", 15,
355 PK_PKCS1_OAEP_PADDING
));
356 /* oaep padding should make encryption not match */
357 test_memneq(data1
, data2
, 128);
358 test_eq(15, crypto_pk_private_decrypt(pk1
, data3
, sizeof(data3
), data1
, 128,
359 PK_PKCS1_OAEP_PADDING
,1));
360 test_streq(data3
, "Hello whirled.");
361 memset(data3
, 0, 1024);
362 test_eq(15, crypto_pk_private_decrypt(pk1
, data3
, sizeof(data3
), data2
, 128,
363 PK_PKCS1_OAEP_PADDING
,1));
364 test_streq(data3
, "Hello whirled.");
365 /* Can't decrypt with public key. */
366 test_eq(-1, crypto_pk_private_decrypt(pk2
, data3
, sizeof(data3
), data2
, 128,
367 PK_PKCS1_OAEP_PADDING
,1));
368 /* Try again with bad padding */
369 memcpy(data2
+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
370 test_eq(-1, crypto_pk_private_decrypt(pk1
, data3
, sizeof(data3
), data2
, 128,
371 PK_PKCS1_OAEP_PADDING
,1));
373 /* File operations: save and load private key */
374 test_assert(! crypto_pk_write_private_key_to_filename(pk1
,
375 get_fname("pkey1")));
376 /* failing case for read: can't read. */
377 test_assert(crypto_pk_read_private_key_from_filename(pk2
,
378 get_fname("xyzzy")) < 0);
379 write_str_to_file(get_fname("xyzzy"), "foobar", 6);
380 /* Failing case for read: no key. */
381 test_assert(crypto_pk_read_private_key_from_filename(pk2
,
382 get_fname("xyzzy")) < 0);
383 test_assert(! crypto_pk_read_private_key_from_filename(pk2
,
384 get_fname("pkey1")));
385 test_eq(15, crypto_pk_private_decrypt(pk2
, data3
, sizeof(data3
), data1
, 128,
386 PK_PKCS1_OAEP_PADDING
,1));
388 /* Now try signing. */
389 strlcpy(data1
, "Ossifrage", 1024);
390 test_eq(128, crypto_pk_private_sign(pk1
, data2
, sizeof(data2
), data1
, 10));
392 crypto_pk_public_checksig(pk1
, data3
, sizeof(data3
), data2
, 128));
393 test_streq(data3
, "Ossifrage");
394 /* Try signing digests. */
395 test_eq(128, crypto_pk_private_sign_digest(pk1
, data2
, sizeof(data2
),
398 crypto_pk_public_checksig(pk1
, data3
, sizeof(data3
), data2
, 128));
399 test_eq(0, crypto_pk_public_checksig_digest(pk1
, data1
, 10, data2
, 128));
400 test_eq(-1, crypto_pk_public_checksig_digest(pk1
, data1
, 11, data2
, 128));
402 /*XXXX test failed signing*/
405 crypto_free_pk_env(pk2
);
407 i
= crypto_pk_asn1_encode(pk1
, data1
, 1024);
409 pk2
= crypto_pk_asn1_decode(data1
, i
);
410 test_assert(crypto_pk_cmp_keys(pk1
,pk2
) == 0);
412 /* Try with hybrid encryption wrappers. */
413 crypto_rand(data1
, 1024);
414 for (i
= 0; i
< 3; ++i
) {
415 for (j
= 85; j
< 140; ++j
) {
416 memset(data2
,0,1024);
417 memset(data3
,0,1024);
418 if (i
== 0 && j
< 129)
420 p
= (i
==0)?PK_NO_PADDING
:
421 (i
==1)?PK_PKCS1_PADDING
:PK_PKCS1_OAEP_PADDING
;
422 len
= crypto_pk_public_hybrid_encrypt(pk1
,data2
,sizeof(data2
),
425 len
= crypto_pk_private_hybrid_decrypt(pk1
,data3
,sizeof(data3
),
428 test_memeq(data1
,data3
,j
);
433 crypto_free_pk_env(pk2
);
434 pk2
= crypto_pk_copy_full(pk1
);
435 test_assert(pk2
!= NULL
);
436 test_neq_ptr(pk1
, pk2
);
437 test_assert(crypto_pk_cmp_keys(pk1
,pk2
) == 0);
441 crypto_free_pk_env(pk1
);
443 crypto_free_pk_env(pk2
);
447 /** Run unit tests for misc crypto formatting functionality (base64, base32,
448 * fingerprints, etc) */
450 test_crypto_formats(void)
452 char *data1
= NULL
, *data2
= NULL
, *data3
= NULL
;
455 data1
= tor_malloc(1024);
456 data2
= tor_malloc(1024);
457 data3
= tor_malloc(1024);
458 test_assert(data1
&& data2
&& data3
);
461 memset(data1
, 6, 1024);
462 for (idx
= 0; idx
< 10; ++idx
) {
463 i
= base64_encode(data2
, 1024, data1
, idx
);
465 j
= base64_decode(data3
, 1024, data2
, i
);
467 test_memeq(data3
, data1
, idx
);
470 strlcpy(data1
, "Test string that contains 35 chars.", 1024);
471 strlcat(data1
, " 2nd string that contains 35 chars.", 1024);
473 i
= base64_encode(data2
, 1024, data1
, 71);
475 j
= base64_decode(data3
, 1024, data2
, i
);
477 test_streq(data3
, data1
);
478 test_assert(data2
[i
] == '\0');
480 crypto_rand(data1
, DIGEST_LEN
);
481 memset(data2
, 100, 1024);
482 digest_to_base64(data2
, data1
);
483 test_eq(BASE64_DIGEST_LEN
, strlen(data2
));
484 test_eq(100, data2
[BASE64_DIGEST_LEN
+2]);
485 memset(data3
, 99, 1024);
486 test_eq(digest_from_base64(data3
, data2
), 0);
487 test_memeq(data1
, data3
, DIGEST_LEN
);
488 test_eq(99, data3
[DIGEST_LEN
+1]);
490 test_assert(digest_from_base64(data3
, "###") < 0);
492 /* Encoding SHA256 */
493 crypto_rand(data2
, DIGEST256_LEN
);
494 memset(data2
, 100, 1024);
495 digest256_to_base64(data2
, data1
);
496 test_eq(BASE64_DIGEST256_LEN
, strlen(data2
));
497 test_eq(100, data2
[BASE64_DIGEST256_LEN
+2]);
498 memset(data3
, 99, 1024);
499 test_eq(digest256_from_base64(data3
, data2
), 0);
500 test_memeq(data1
, data3
, DIGEST256_LEN
);
501 test_eq(99, data3
[DIGEST256_LEN
+1]);
504 strlcpy(data1
, "5chrs", 1024);
505 /* bit pattern is: [35 63 68 72 73] ->
506 * [00110101 01100011 01101000 01110010 01110011]
507 * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
509 base32_encode(data2
, 9, data1
, 5);
510 test_streq(data2
, "gvrwq4tt");
512 strlcpy(data1
, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
513 base32_encode(data2
, 30, data1
, 10);
514 test_streq(data2
, "772w2rfobvomsywe");
517 strlcpy(data1
, "6chrs\xff", 1024);
518 base16_encode(data2
, 13, data1
, 6);
519 test_streq(data2
, "3663687273FF");
521 strlcpy(data1
, "f0d678affc000100", 1024);
522 i
= base16_decode(data2
, 8, data1
, 16);
524 test_memeq(data2
, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
526 /* now try some failing base16 decodes */
527 test_eq(-1, base16_decode(data2
, 8, data1
, 15)); /* odd input len */
528 test_eq(-1, base16_decode(data2
, 7, data1
, 16)); /* dest too short */
529 strlcpy(data1
, "f0dz!8affc000100", 1024);
530 test_eq(-1, base16_decode(data2
, 8, data1
, 16));
536 /* Add spaces to fingerprint */
538 data1
= tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
539 test_eq(strlen(data1
), 40);
540 data2
= tor_malloc(FINGERPRINT_LEN
+1);
541 add_spaces_to_fp(data2
, FINGERPRINT_LEN
+1, data1
);
542 test_streq(data2
, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
547 /* Check fingerprint */
549 test_assert(crypto_pk_check_fingerprint_syntax(
550 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000"));
551 test_assert(!crypto_pk_check_fingerprint_syntax(
552 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 000"));
553 test_assert(!crypto_pk_check_fingerprint_syntax(
554 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
555 test_assert(!crypto_pk_check_fingerprint_syntax(
556 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 0000"));
557 test_assert(!crypto_pk_check_fingerprint_syntax(
558 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 00000"));
559 test_assert(!crypto_pk_check_fingerprint_syntax(
560 "ACD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
569 /** Run unit tests for our secret-to-key passphrase hashing functionality. */
571 test_crypto_s2k(void)
578 memset(buf
, 0, sizeof(buf
));
579 memset(buf2
, 0, sizeof(buf2
));
580 buf3
= tor_malloc(65536);
581 memset(buf3
, 0, 65536);
583 secret_to_key(buf
+9, 20, "", 0, buf
);
584 crypto_digest(buf2
+9, buf3
, 1024);
585 test_memeq(buf
, buf2
, 29);
587 memcpy(buf
,"vrbacrda",8);
588 memcpy(buf2
,"vrbacrda",8);
591 secret_to_key(buf
+9, 20, "12345678", 8, buf
);
592 for (i
= 0; i
< 65536; i
+= 16) {
593 memcpy(buf3
+i
, "vrbacrda12345678", 16);
595 crypto_digest(buf2
+9, buf3
, 65536);
596 test_memeq(buf
, buf2
, 29);
602 /** Test AES-CTR encryption and decryption with IV. */
604 test_crypto_aes_iv(void)
606 crypto_cipher_env_t
*cipher
;
607 char *plain
, *encrypted1
, *encrypted2
, *decrypted1
, *decrypted2
;
608 char plain_1
[1], plain_15
[15], plain_16
[16], plain_17
[17];
609 char key1
[16], key2
[16];
610 ssize_t encrypted_size
, decrypted_size
;
612 plain
= tor_malloc(4095);
613 encrypted1
= tor_malloc(4095 + 1 + 16);
614 encrypted2
= tor_malloc(4095 + 1 + 16);
615 decrypted1
= tor_malloc(4095 + 1);
616 decrypted2
= tor_malloc(4095 + 1);
618 crypto_rand(plain
, 4095);
619 crypto_rand(key1
, 16);
620 crypto_rand(key2
, 16);
621 crypto_rand(plain_1
, 1);
622 crypto_rand(plain_15
, 15);
623 crypto_rand(plain_16
, 16);
624 crypto_rand(plain_17
, 17);
625 key1
[0] = key2
[0] + 128; /* Make sure that contents are different. */
626 /* Encrypt and decrypt with the same key. */
627 cipher
= crypto_create_init_cipher(key1
, 1);
628 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 4095,
630 crypto_free_cipher_env(cipher
);
632 test_eq(encrypted_size
, 16 + 4095);
633 tor_assert(encrypted_size
> 0); /* This is obviously true, since 4111 is
634 * greater than 0, but its truth is not
635 * obvious to all analysis tools. */
636 cipher
= crypto_create_init_cipher(key1
, 0);
637 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 4095,
638 encrypted1
, encrypted_size
);
639 crypto_free_cipher_env(cipher
);
641 test_eq(decrypted_size
, 4095);
642 tor_assert(decrypted_size
> 0);
643 test_memeq(plain
, decrypted1
, 4095);
644 /* Encrypt a second time (with a new random initialization vector). */
645 cipher
= crypto_create_init_cipher(key1
, 1);
646 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted2
, 16 + 4095,
648 crypto_free_cipher_env(cipher
);
650 test_eq(encrypted_size
, 16 + 4095);
651 tor_assert(encrypted_size
> 0);
652 cipher
= crypto_create_init_cipher(key1
, 0);
653 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted2
, 4095,
654 encrypted2
, encrypted_size
);
655 crypto_free_cipher_env(cipher
);
657 test_eq(decrypted_size
, 4095);
658 tor_assert(decrypted_size
> 0);
659 test_memeq(plain
, decrypted2
, 4095);
660 test_memneq(encrypted1
, encrypted2
, encrypted_size
);
661 /* Decrypt with the wrong key. */
662 cipher
= crypto_create_init_cipher(key2
, 0);
663 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted2
, 4095,
664 encrypted1
, encrypted_size
);
665 crypto_free_cipher_env(cipher
);
667 test_memneq(plain
, decrypted2
, encrypted_size
);
668 /* Alter the initialization vector. */
670 cipher
= crypto_create_init_cipher(key1
, 0);
671 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 4095,
672 encrypted1
, encrypted_size
);
673 crypto_free_cipher_env(cipher
);
675 test_memneq(plain
, decrypted2
, 4095);
676 /* Special length case: 1. */
677 cipher
= crypto_create_init_cipher(key1
, 1);
678 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 1,
680 crypto_free_cipher_env(cipher
);
682 test_eq(encrypted_size
, 16 + 1);
683 tor_assert(encrypted_size
> 0);
684 cipher
= crypto_create_init_cipher(key1
, 0);
685 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 1,
686 encrypted1
, encrypted_size
);
687 crypto_free_cipher_env(cipher
);
689 test_eq(decrypted_size
, 1);
690 tor_assert(decrypted_size
> 0);
691 test_memeq(plain_1
, decrypted1
, 1);
692 /* Special length case: 15. */
693 cipher
= crypto_create_init_cipher(key1
, 1);
694 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 15,
696 crypto_free_cipher_env(cipher
);
698 test_eq(encrypted_size
, 16 + 15);
699 tor_assert(encrypted_size
> 0);
700 cipher
= crypto_create_init_cipher(key1
, 0);
701 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 15,
702 encrypted1
, encrypted_size
);
703 crypto_free_cipher_env(cipher
);
705 test_eq(decrypted_size
, 15);
706 tor_assert(decrypted_size
> 0);
707 test_memeq(plain_15
, decrypted1
, 15);
708 /* Special length case: 16. */
709 cipher
= crypto_create_init_cipher(key1
, 1);
710 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 16,
712 crypto_free_cipher_env(cipher
);
714 test_eq(encrypted_size
, 16 + 16);
715 tor_assert(encrypted_size
> 0);
716 cipher
= crypto_create_init_cipher(key1
, 0);
717 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 16,
718 encrypted1
, encrypted_size
);
719 crypto_free_cipher_env(cipher
);
721 test_eq(decrypted_size
, 16);
722 tor_assert(decrypted_size
> 0);
723 test_memeq(plain_16
, decrypted1
, 16);
724 /* Special length case: 17. */
725 cipher
= crypto_create_init_cipher(key1
, 1);
726 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 17,
728 crypto_free_cipher_env(cipher
);
730 test_eq(encrypted_size
, 16 + 17);
731 tor_assert(encrypted_size
> 0);
732 cipher
= crypto_create_init_cipher(key1
, 0);
733 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 17,
734 encrypted1
, encrypted_size
);
735 test_eq(decrypted_size
, 17);
736 tor_assert(decrypted_size
> 0);
737 test_memeq(plain_17
, decrypted1
, 17);
742 tor_free(encrypted1
);
743 tor_free(encrypted2
);
744 tor_free(decrypted1
);
745 tor_free(decrypted2
);
747 crypto_free_cipher_env(cipher
);
750 /** Test base32 decoding. */
752 test_crypto_base32_decode(void)
754 char plain
[60], encoded
[96 + 1], decoded
[60];
756 crypto_rand(plain
, 60);
757 /* Encode and decode a random string. */
758 base32_encode(encoded
, 96 + 1, plain
, 60);
759 res
= base32_decode(decoded
, 60, encoded
, 96);
761 test_memeq(plain
, decoded
, 60);
762 /* Encode, uppercase, and decode a random string. */
763 base32_encode(encoded
, 96 + 1, plain
, 60);
764 tor_strupper(encoded
);
765 res
= base32_decode(decoded
, 60, encoded
, 96);
767 test_memeq(plain
, decoded
, 60);
768 /* Change encoded string and decode. */
769 if (encoded
[0] == 'A' || encoded
[0] == 'a')
773 res
= base32_decode(decoded
, 60, encoded
, 96);
775 test_memneq(plain
, decoded
, 60);
778 res
= base32_decode(decoded
, 60, encoded
, 96);
779 test_assert(res
< 0);
785 #define CRYPTO_LEGACY(name) \
786 { #name, legacy_test_helper, 0, &legacy_setup, test_crypto_ ## name }
788 struct testcase_t crypto_tests
[] = {
789 CRYPTO_LEGACY(formats
),
796 CRYPTO_LEGACY(aes_iv
),
797 CRYPTO_LEGACY(base32_decode
),