search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
[tor/rransom.git] / src / test / test_crypto.c
blob6ea7f295ed8c5a42fa2257e4c6750509b0541e4e
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 #include "orconfig.h"
7 #define CRYPTO_PRIVATE
8 #include "or.h"
9 #include "test.h"
10
11 /** Run unit tests for Diffie-Hellman functionality. */
12 static void
13 test_crypto_dh(void)
14 {
15 crypto_dh_env_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
16 crypto_dh_env_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
17 char p1[DH_BYTES];
18 char p2[DH_BYTES];
19 char s1[DH_BYTES];
20 char s2[DH_BYTES];
21 ssize_t s1len, s2len;
22
23 test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
24 test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
25
26 memset(p1, 0, DH_BYTES);
27 memset(p2, 0, DH_BYTES);
28 test_memeq(p1, p2, DH_BYTES);
29 test_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
30 test_memneq(p1, p2, DH_BYTES);
31 test_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
32 test_memneq(p1, p2, DH_BYTES);
33
34 memset(s1, 0, DH_BYTES);
35 memset(s2, 0xFF, DH_BYTES);
36 s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
37 s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
38 test_assert(s1len > 0);
39 test_eq(s1len, s2len);
40 test_memeq(s1, s2, s1len);
41
42 {
43 /* XXXX Now fabricate some bad values and make sure they get caught,
44 * Check 0, 1, N-1, >= N, etc.
45 */
46 }
47
48 done:
49 crypto_dh_free(dh1);
50 crypto_dh_free(dh2);
51 }
52
53 /** Run unit tests for our random number generation function and its wrappers.
54 */
55 static void
56 test_crypto_rng(void)
57 {
58 int i, j, allok;
59 char data1[100], data2[100];
60 double d;
61
62 /* Try out RNG. */
63 test_assert(! crypto_seed_rng(0));
64 crypto_rand(data1, 100);
65 crypto_rand(data2, 100);
66 test_memneq(data1,data2,100);
67 allok = 1;
68 for (i = 0; i < 100; ++i) {
69 uint64_t big;
70 char *host;
71 j = crypto_rand_int(100);
72 if (i < 0 || i >= 100)
73 allok = 0;
74 big = crypto_rand_uint64(U64_LITERAL(1)<<40);
75 if (big >= (U64_LITERAL(1)<<40))
76 allok = 0;
77 big = crypto_rand_uint64(U64_LITERAL(5));
78 if (big >= 5)
79 allok = 0;
80 d = crypto_rand_double();
81 test_assert(d >= 0);
82 test_assert(d < 1.0);
83 host = crypto_random_hostname(3,8,"www.",".onion");
84 if (strcmpstart(host,"www.") ||
85 strcmpend(host,".onion") ||
86 strlen(host) < 13 ||
87 strlen(host) > 18)
88 allok = 0;
89 tor_free(host);
90 }
91 test_assert(allok);
92 done:
93 ;
94 }
95
96 /** Run unit tests for our AES functionality */
97 static void
98 test_crypto_aes(void)
99 {
100 char *data1 = NULL, *data2 = NULL, *data3 = NULL;
101 crypto_cipher_env_t *env1 = NULL, *env2 = NULL;
102 int i, j;
103 char *mem_op_hex_tmp=NULL;
104
105 data1 = tor_malloc(1024);
106 data2 = tor_malloc(1024);
107 data3 = tor_malloc(1024);
108
109 /* Now, test encryption and decryption with stream cipher. */
110 data1[0]='\0';
111 for (i = 1023; i>0; i -= 35)
112 strncat(data1, "Now is the time for all good onions", i);
113
114 memset(data2, 0, 1024);
115 memset(data3, 0, 1024);
116 env1 = crypto_new_cipher_env();
117 test_neq(env1, 0);
118 env2 = crypto_new_cipher_env();
119 test_neq(env2, 0);
120 j = crypto_cipher_generate_key(env1);
121 crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
122 crypto_cipher_encrypt_init_cipher(env1);
123 crypto_cipher_decrypt_init_cipher(env2);
124
125 /* Try encrypting 512 chars. */
126 crypto_cipher_encrypt(env1, data2, data1, 512);
127 crypto_cipher_decrypt(env2, data3, data2, 512);
128 test_memeq(data1, data3, 512);
129 test_memneq(data1, data2, 512);
130
131 /* Now encrypt 1 at a time, and get 1 at a time. */
132 for (j = 512; j < 560; ++j) {
133 crypto_cipher_encrypt(env1, data2+j, data1+j, 1);
134 }
135 for (j = 512; j < 560; ++j) {
136 crypto_cipher_decrypt(env2, data3+j, data2+j, 1);
137 }
138 test_memeq(data1, data3, 560);
139 /* Now encrypt 3 at a time, and get 5 at a time. */
140 for (j = 560; j < 1024-5; j += 3) {
141 crypto_cipher_encrypt(env1, data2+j, data1+j, 3);
142 }
143 for (j = 560; j < 1024-5; j += 5) {
144 crypto_cipher_decrypt(env2, data3+j, data2+j, 5);
145 }
146 test_memeq(data1, data3, 1024-5);
147 /* Now make sure that when we encrypt with different chunk sizes, we get
148 the same results. */
149 crypto_free_cipher_env(env2);
150 env2 = NULL;
151
152 memset(data3, 0, 1024);
153 env2 = crypto_new_cipher_env();
154 test_neq(env2, 0);
155 crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
156 crypto_cipher_encrypt_init_cipher(env2);
157 for (j = 0; j < 1024-16; j += 17) {
158 crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
159 }
160 for (j= 0; j < 1024-16; ++j) {
161 if (data2[j] != data3[j]) {
162 printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]);
163 }
164 }
165 test_memeq(data2, data3, 1024-16);
166 crypto_free_cipher_env(env1);
167 env1 = NULL;
168 crypto_free_cipher_env(env2);
169 env2 = NULL;
170
171 /* NIST test vector for aes. */
172 env1 = crypto_new_cipher_env(); /* IV starts at 0 */
173 crypto_cipher_set_key(env1, "\x80\x00\x00\x00\x00\x00\x00\x00"
174 "\x00\x00\x00\x00\x00\x00\x00\x00");
175 crypto_cipher_encrypt_init_cipher(env1);
176 crypto_cipher_encrypt(env1, data1,
177 "\x00\x00\x00\x00\x00\x00\x00\x00"
178 "\x00\x00\x00\x00\x00\x00\x00\x00", 16);
179 test_memeq_hex(data1, "0EDD33D3C621E546455BD8BA1418BEC8");
180
181 /* Now test rollover. All these values are originally from a python
182 * script. */
183 crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\x00\x00\x00\x00"
184 "\xff\xff\xff\xff\xff\xff\xff\xff");
185 memset(data2, 0, 1024);
186 crypto_cipher_encrypt(env1, data1, data2, 32);
187 test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231"
188 "cdd0b917dbc7186908a6bfb5ffd574d3");
189
190 crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\xff\xff\xff\xff"
191 "\xff\xff\xff\xff\xff\xff\xff\xff");
192 memset(data2, 0, 1024);
193 crypto_cipher_encrypt(env1, data1, data2, 32);
194 test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73"
195 "3e63c721df790d2c6469cc1953a3ffac");
196
197 crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
198 "\xff\xff\xff\xff\xff\xff\xff\xff");
199 memset(data2, 0, 1024);
200 crypto_cipher_encrypt(env1, data1, data2, 32);
201 test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a"
202 "0EDD33D3C621E546455BD8BA1418BEC8");
203
204 /* Now check rollover on inplace cipher. */
205 crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
206 "\xff\xff\xff\xff\xff\xff\xff\xff");
207 crypto_cipher_crypt_inplace(env1, data2, 64);
208 test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a"
209 "0EDD33D3C621E546455BD8BA1418BEC8"
210 "93e2c5243d6839eac58503919192f7ae"
211 "1908e67cafa08d508816659c2e693191");
212 crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
213 "\xff\xff\xff\xff\xff\xff\xff\xff");
214 crypto_cipher_crypt_inplace(env1, data2, 64);
215 test_assert(tor_mem_is_zero(data2, 64));
216
217 done:
218 tor_free(mem_op_hex_tmp);
219 if (env1)
220 crypto_free_cipher_env(env1);
221 if (env2)
222 crypto_free_cipher_env(env2);
223 tor_free(data1);
224 tor_free(data2);
225 tor_free(data3);
226 }
227
228 /** Run unit tests for our SHA-1 functionality */
229 static void
230 test_crypto_sha(void)
231 {
232 crypto_digest_env_t *d1 = NULL, *d2 = NULL;
233 int i;
234 char key[80];
235 char digest[32];
236 char data[50];
237 char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
238 char *mem_op_hex_tmp=NULL;
239
240 /* Test SHA-1 with a test vector from the specification. */
241 i = crypto_digest(data, "abc", 3);
242 test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
243
244 /* Test SHA-256 with a test vector from the specification. */
245 i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
246 test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
247 "96177A9CB410FF61F20015AD");
248
249 /* Test HMAC-SHA-1 with test cases from RFC2202. */
250
251 /* Case 1. */
252 memset(key, 0x0b, 20);
253 crypto_hmac_sha1(digest, key, 20, "Hi There", 8);
254 test_streq(hex_str(digest, 20),
255 "B617318655057264E28BC0B6FB378C8EF146BE00");
256 /* Case 2. */
257 crypto_hmac_sha1(digest, "Jefe", 4, "what do ya want for nothing?", 28);
258 test_streq(hex_str(digest, 20),
259 "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
260
261 /* Case 4. */
262 base16_decode(key, 25,
263 "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
264 memset(data, 0xcd, 50);
265 crypto_hmac_sha1(digest, key, 25, data, 50);
266 test_streq(hex_str(digest, 20),
267 "4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
268
269 /* Case 5. */
270 memset(key, 0xaa, 80);
271 crypto_hmac_sha1(digest, key, 80,
272 "Test Using Larger Than Block-Size Key - Hash Key First",
273 54);
274 test_streq(hex_str(digest, 20),
275 "AA4AE5E15272D00E95705637CE8A3B55ED402112");
276
277 /* Incremental digest code. */
278 d1 = crypto_new_digest_env();
279 test_assert(d1);
280 crypto_digest_add_bytes(d1, "abcdef", 6);
281 d2 = crypto_digest_dup(d1);
282 test_assert(d2);
283 crypto_digest_add_bytes(d2, "ghijkl", 6);
284 crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
285 crypto_digest(d_out2, "abcdefghijkl", 12);
286 test_memeq(d_out1, d_out2, DIGEST_LEN);
287 crypto_digest_assign(d2, d1);
288 crypto_digest_add_bytes(d2, "mno", 3);
289 crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
290 crypto_digest(d_out2, "abcdefmno", 9);
291 test_memeq(d_out1, d_out2, DIGEST_LEN);
292 crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
293 crypto_digest(d_out2, "abcdef", 6);
294 test_memeq(d_out1, d_out2, DIGEST_LEN);
295 crypto_free_digest_env(d1);
296 crypto_free_digest_env(d2);
297
298 /* Incremental digest code with sha256 */
299 d1 = crypto_new_digest256_env(DIGEST_SHA256);
300 test_assert(d1);
301 crypto_digest_add_bytes(d1, "abcdef", 6);
302 d2 = crypto_digest_dup(d1);
303 test_assert(d2);
304 crypto_digest_add_bytes(d2, "ghijkl", 6);
305 crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
306 crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
307 test_memeq(d_out1, d_out2, DIGEST_LEN);
308 crypto_digest_assign(d2, d1);
309 crypto_digest_add_bytes(d2, "mno", 3);
310 crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
311 crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
312 test_memeq(d_out1, d_out2, DIGEST_LEN);
313 crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
314 crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
315 test_memeq(d_out1, d_out2, DIGEST_LEN);
316
317 done:
318 if (d1)
319 crypto_free_digest_env(d1);
320 if (d2)
321 crypto_free_digest_env(d2);
322 tor_free(mem_op_hex_tmp);
323 }
324
325 /** Run unit tests for our public key crypto functions */
326 static void
327 test_crypto_pk(void)
328 {
329 crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
330 char *encoded = NULL;
331 char data1[1024], data2[1024], data3[1024];
332 size_t size;
333 int i, j, p, len;
334
335 /* Public-key ciphers */
336 pk1 = pk_generate(0);
337 pk2 = crypto_new_pk_env();
338 test_assert(pk1 && pk2);
339 test_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
340 test_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
341 test_eq(0, crypto_pk_cmp_keys(pk1, pk2));
342
343 test_eq(128, crypto_pk_keysize(pk1));
344 test_eq(128, crypto_pk_keysize(pk2));
345
346 test_eq(128, crypto_pk_public_encrypt(pk2, data1, sizeof(data1),
347 "Hello whirled.", 15,
348 PK_PKCS1_OAEP_PADDING));
349 test_eq(128, crypto_pk_public_encrypt(pk1, data2, sizeof(data1),
350 "Hello whirled.", 15,
351 PK_PKCS1_OAEP_PADDING));
352 /* oaep padding should make encryption not match */
353 test_memneq(data1, data2, 128);
354 test_eq(15, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data1, 128,
355 PK_PKCS1_OAEP_PADDING,1));
356 test_streq(data3, "Hello whirled.");
357 memset(data3, 0, 1024);
358 test_eq(15, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
359 PK_PKCS1_OAEP_PADDING,1));
360 test_streq(data3, "Hello whirled.");
361 /* Can't decrypt with public key. */
362 test_eq(-1, crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data2, 128,
363 PK_PKCS1_OAEP_PADDING,1));
364 /* Try again with bad padding */
365 memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
366 test_eq(-1, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
367 PK_PKCS1_OAEP_PADDING,1));
368
369 /* File operations: save and load private key */
370 test_assert(! crypto_pk_write_private_key_to_filename(pk1,
371 get_fname("pkey1")));
372 /* failing case for read: can't read. */
373 test_assert(crypto_pk_read_private_key_from_filename(pk2,
374 get_fname("xyzzy")) < 0);
375 write_str_to_file(get_fname("xyzzy"), "foobar", 6);
376 /* Failing case for read: no key. */
377 test_assert(crypto_pk_read_private_key_from_filename(pk2,
378 get_fname("xyzzy")) < 0);
379 test_assert(! crypto_pk_read_private_key_from_filename(pk2,
380 get_fname("pkey1")));
381 test_eq(15, crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data1, 128,
382 PK_PKCS1_OAEP_PADDING,1));
383
384 /* Now try signing. */
385 strlcpy(data1, "Ossifrage", 1024);
386 test_eq(128, crypto_pk_private_sign(pk1, data2, sizeof(data2), data1, 10));
387 test_eq(10, crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
388 test_streq(data3, "Ossifrage");
389 /* Try signing digests. */
390 test_eq(128, crypto_pk_private_sign_digest(pk1, data2, sizeof(data2),
391 data1, 10));
392 test_eq(20, crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
393 test_eq(0, crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128));
394 test_eq(-1, crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128));
395
396 /*XXXX test failed signing*/
397
398 /* Try encoding */
399 crypto_free_pk_env(pk2);
400 pk2 = NULL;
401 i = crypto_pk_asn1_encode(pk1, data1, 1024);
402 test_assert(i>0);
403 pk2 = crypto_pk_asn1_decode(data1, i);
404 test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
405
406 /* Try with hybrid encryption wrappers. */
407 crypto_rand(data1, 1024);
408 for (i = 0; i < 3; ++i) {
409 for (j = 85; j < 140; ++j) {
410 memset(data2,0,1024);
411 memset(data3,0,1024);
412 if (i == 0 && j < 129)
413 continue;
414 p = (i==0)?PK_NO_PADDING:
415 (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
416 len = crypto_pk_public_hybrid_encrypt(pk1,data2,sizeof(data2),
417 data1,j,p,0);
418 test_assert(len>=0);
419 len = crypto_pk_private_hybrid_decrypt(pk1,data3,sizeof(data3),
420 data2,len,p,1);
421 test_eq(len,j);
422 test_memeq(data1,data3,j);
423 }
424 }
425
426 /* Try copy_full */
427 crypto_free_pk_env(pk2);
428 pk2 = crypto_pk_copy_full(pk1);
429 test_assert(pk2 != NULL);
430 test_neq_ptr(pk1, pk2);
431 test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
432
433 done:
434 if (pk1)
435 crypto_free_pk_env(pk1);
436 if (pk2)
437 crypto_free_pk_env(pk2);
438 tor_free(encoded);
439 }
440
441 /** Run unit tests for misc crypto formatting functionality (base64, base32,
442 * fingerprints, etc) */
443 static void
444 test_crypto_formats(void)
445 {
446 char *data1 = NULL, *data2 = NULL, *data3 = NULL;
447 int i, j, idx;
448
449 data1 = tor_malloc(1024);
450 data2 = tor_malloc(1024);
451 data3 = tor_malloc(1024);
452 test_assert(data1 && data2 && data3);
453
454 /* Base64 tests */
455 memset(data1, 6, 1024);
456 for (idx = 0; idx < 10; ++idx) {
457 i = base64_encode(data2, 1024, data1, idx);
458 test_assert(i >= 0);
459 j = base64_decode(data3, 1024, data2, i);
460 test_eq(j,idx);
461 test_memeq(data3, data1, idx);
462 }
463
464 strlcpy(data1, "Test string that contains 35 chars.", 1024);
465 strlcat(data1, " 2nd string that contains 35 chars.", 1024);
466
467 i = base64_encode(data2, 1024, data1, 71);
468 test_assert(i >= 0);
469 j = base64_decode(data3, 1024, data2, i);
470 test_eq(j, 71);
471 test_streq(data3, data1);
472 test_assert(data2[i] == '\0');
473
474 crypto_rand(data1, DIGEST_LEN);
475 memset(data2, 100, 1024);
476 digest_to_base64(data2, data1);
477 test_eq(BASE64_DIGEST_LEN, strlen(data2));
478 test_eq(100, data2[BASE64_DIGEST_LEN+2]);
479 memset(data3, 99, 1024);
480 test_eq(digest_from_base64(data3, data2), 0);
481 test_memeq(data1, data3, DIGEST_LEN);
482 test_eq(99, data3[DIGEST_LEN+1]);
483
484 test_assert(digest_from_base64(data3, "###") < 0);
485
486 /* Encoding SHA256 */
487 crypto_rand(data2, DIGEST256_LEN);
488 memset(data2, 100, 1024);
489 digest256_to_base64(data2, data1);
490 test_eq(BASE64_DIGEST256_LEN, strlen(data2));
491 test_eq(100, data2[BASE64_DIGEST256_LEN+2]);
492 memset(data3, 99, 1024);
493 test_eq(digest256_from_base64(data3, data2), 0);
494 test_memeq(data1, data3, DIGEST256_LEN);
495 test_eq(99, data3[DIGEST256_LEN+1]);
496
497 /* Base32 tests */
498 strlcpy(data1, "5chrs", 1024);
499 /* bit pattern is: [35 63 68 72 73] ->
500 * [00110101 01100011 01101000 01110010 01110011]
501 * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
502 */
503 base32_encode(data2, 9, data1, 5);
504 test_streq(data2, "gvrwq4tt");
505
506 strlcpy(data1, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
507 base32_encode(data2, 30, data1, 10);
508 test_streq(data2, "772w2rfobvomsywe");
509
510 /* Base16 tests */
511 strlcpy(data1, "6chrs\xff", 1024);
512 base16_encode(data2, 13, data1, 6);
513 test_streq(data2, "3663687273FF");
514
515 strlcpy(data1, "f0d678affc000100", 1024);
516 i = base16_decode(data2, 8, data1, 16);
517 test_eq(i,0);
518 test_memeq(data2, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
519
520 /* now try some failing base16 decodes */
521 test_eq(-1, base16_decode(data2, 8, data1, 15)); /* odd input len */
522 test_eq(-1, base16_decode(data2, 7, data1, 16)); /* dest too short */
523 strlcpy(data1, "f0dz!8affc000100", 1024);
524 test_eq(-1, base16_decode(data2, 8, data1, 16));
525
526 tor_free(data1);
527 tor_free(data2);
528 tor_free(data3);
529
530 /* Add spaces to fingerprint */
531 {
532 data1 = tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
533 test_eq(strlen(data1), 40);
534 data2 = tor_malloc(FINGERPRINT_LEN+1);
535 add_spaces_to_fp(data2, FINGERPRINT_LEN+1, data1);
536 test_streq(data2, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
537 tor_free(data1);
538 tor_free(data2);
539 }
540
541 /* Check fingerprint */
542 {
543 test_assert(crypto_pk_check_fingerprint_syntax(
544 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000"));
545 test_assert(!crypto_pk_check_fingerprint_syntax(
546 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 000"));
547 test_assert(!crypto_pk_check_fingerprint_syntax(
548 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
549 test_assert(!crypto_pk_check_fingerprint_syntax(
550 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 0000"));
551 test_assert(!crypto_pk_check_fingerprint_syntax(
552 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 00000"));
553 test_assert(!crypto_pk_check_fingerprint_syntax(
554 "ACD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
555 }
556
557 done:
558 tor_free(data1);
559 tor_free(data2);
560 tor_free(data3);
561 }
562
563 /** Run unit tests for our secret-to-key passphrase hashing functionality. */
564 static void
565 test_crypto_s2k(void)
566 {
567 char buf[29];
568 char buf2[29];
569 char *buf3 = NULL;
570 int i;
571
572 memset(buf, 0, sizeof(buf));
573 memset(buf2, 0, sizeof(buf2));
574 buf3 = tor_malloc(65536);
575 memset(buf3, 0, 65536);
576
577 secret_to_key(buf+9, 20, "", 0, buf);
578 crypto_digest(buf2+9, buf3, 1024);
579 test_memeq(buf, buf2, 29);
580
581 memcpy(buf,"vrbacrda",8);
582 memcpy(buf2,"vrbacrda",8);
583 buf[8] = 96;
584 buf2[8] = 96;
585 secret_to_key(buf+9, 20, "12345678", 8, buf);
586 for (i = 0; i < 65536; i += 16) {
587 memcpy(buf3+i, "vrbacrda12345678", 16);
588 }
589 crypto_digest(buf2+9, buf3, 65536);
590 test_memeq(buf, buf2, 29);
591
592 done:
593 tor_free(buf3);
594 }
595
596 /** Test AES-CTR encryption and decryption with IV. */
597 static void
598 test_crypto_aes_iv(void)
599 {
600 crypto_cipher_env_t *cipher;
601 char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2;
602 char plain_1[1], plain_15[15], plain_16[16], plain_17[17];
603 char key1[16], key2[16];
604 ssize_t encrypted_size, decrypted_size;
605
606 plain = tor_malloc(4095);
607 encrypted1 = tor_malloc(4095 + 1 + 16);
608 encrypted2 = tor_malloc(4095 + 1 + 16);
609 decrypted1 = tor_malloc(4095 + 1);
610 decrypted2 = tor_malloc(4095 + 1);
611
612 crypto_rand(plain, 4095);
613 crypto_rand(key1, 16);
614 crypto_rand(key2, 16);
615 crypto_rand(plain_1, 1);
616 crypto_rand(plain_15, 15);
617 crypto_rand(plain_16, 16);
618 crypto_rand(plain_17, 17);
619 key1[0] = key2[0] + 128; /* Make sure that contents are different. */
620 /* Encrypt and decrypt with the same key. */
621 cipher = crypto_create_init_cipher(key1, 1);
622 encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 4095,
623 plain, 4095);
624 crypto_free_cipher_env(cipher);
625 cipher = NULL;
626 test_eq(encrypted_size, 16 + 4095);
627 tor_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
628 * greater than 0, but its truth is not
629 * obvious to all analysis tools. */
630 cipher = crypto_create_init_cipher(key1, 0);
631 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
632 encrypted1, encrypted_size);
633 crypto_free_cipher_env(cipher);
634 cipher = NULL;
635 test_eq(decrypted_size, 4095);
636 tor_assert(decrypted_size > 0);
637 test_memeq(plain, decrypted1, 4095);
638 /* Encrypt a second time (with a new random initialization vector). */
639 cipher = crypto_create_init_cipher(key1, 1);
640 encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted2, 16 + 4095,
641 plain, 4095);
642 crypto_free_cipher_env(cipher);
643 cipher = NULL;
644 test_eq(encrypted_size, 16 + 4095);
645 tor_assert(encrypted_size > 0);
646 cipher = crypto_create_init_cipher(key1, 0);
647 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
648 encrypted2, encrypted_size);
649 crypto_free_cipher_env(cipher);
650 cipher = NULL;
651 test_eq(decrypted_size, 4095);
652 tor_assert(decrypted_size > 0);
653 test_memeq(plain, decrypted2, 4095);
654 test_memneq(encrypted1, encrypted2, encrypted_size);
655 /* Decrypt with the wrong key. */
656 cipher = crypto_create_init_cipher(key2, 0);
657 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
658 encrypted1, encrypted_size);
659 crypto_free_cipher_env(cipher);
660 cipher = NULL;
661 test_memneq(plain, decrypted2, encrypted_size);
662 /* Alter the initialization vector. */
663 encrypted1[0] += 42;
664 cipher = crypto_create_init_cipher(key1, 0);
665 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
666 encrypted1, encrypted_size);
667 crypto_free_cipher_env(cipher);
668 cipher = NULL;
669 test_memneq(plain, decrypted2, 4095);
670 /* Special length case: 1. */
671 cipher = crypto_create_init_cipher(key1, 1);
672 encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 1,
673 plain_1, 1);
674 crypto_free_cipher_env(cipher);
675 cipher = NULL;
676 test_eq(encrypted_size, 16 + 1);
677 tor_assert(encrypted_size > 0);
678 cipher = crypto_create_init_cipher(key1, 0);
679 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 1,
680 encrypted1, encrypted_size);
681 crypto_free_cipher_env(cipher);
682 cipher = NULL;
683 test_eq(decrypted_size, 1);
684 tor_assert(decrypted_size > 0);
685 test_memeq(plain_1, decrypted1, 1);
686 /* Special length case: 15. */
687 cipher = crypto_create_init_cipher(key1, 1);
688 encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 15,
689 plain_15, 15);
690 crypto_free_cipher_env(cipher);
691 cipher = NULL;
692 test_eq(encrypted_size, 16 + 15);
693 tor_assert(encrypted_size > 0);
694 cipher = crypto_create_init_cipher(key1, 0);
695 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 15,
696 encrypted1, encrypted_size);
697 crypto_free_cipher_env(cipher);
698 cipher = NULL;
699 test_eq(decrypted_size, 15);
700 tor_assert(decrypted_size > 0);
701 test_memeq(plain_15, decrypted1, 15);
702 /* Special length case: 16. */
703 cipher = crypto_create_init_cipher(key1, 1);
704 encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 16,
705 plain_16, 16);
706 crypto_free_cipher_env(cipher);
707 cipher = NULL;
708 test_eq(encrypted_size, 16 + 16);
709 tor_assert(encrypted_size > 0);
710 cipher = crypto_create_init_cipher(key1, 0);
711 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 16,
712 encrypted1, encrypted_size);
713 crypto_free_cipher_env(cipher);
714 cipher = NULL;
715 test_eq(decrypted_size, 16);
716 tor_assert(decrypted_size > 0);
717 test_memeq(plain_16, decrypted1, 16);
718 /* Special length case: 17. */
719 cipher = crypto_create_init_cipher(key1, 1);
720 encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 17,
721 plain_17, 17);
722 crypto_free_cipher_env(cipher);
723 cipher = NULL;
724 test_eq(encrypted_size, 16 + 17);
725 tor_assert(encrypted_size > 0);
726 cipher = crypto_create_init_cipher(key1, 0);
727 decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 17,
728 encrypted1, encrypted_size);
729 test_eq(decrypted_size, 17);
730 tor_assert(decrypted_size > 0);
731 test_memeq(plain_17, decrypted1, 17);
732
733 done:
734 /* Free memory. */
735 tor_free(plain);
736 tor_free(encrypted1);
737 tor_free(encrypted2);
738 tor_free(decrypted1);
739 tor_free(decrypted2);
740 if (cipher)
741 crypto_free_cipher_env(cipher);
742 }
743
744 /** Test base32 decoding. */
745 static void
746 test_crypto_base32_decode(void)
747 {
748 char plain[60], encoded[96 + 1], decoded[60];
749 int res;
750 crypto_rand(plain, 60);
751 /* Encode and decode a random string. */
752 base32_encode(encoded, 96 + 1, plain, 60);
753 res = base32_decode(decoded, 60, encoded, 96);
754 test_eq(res, 0);
755 test_memeq(plain, decoded, 60);
756 /* Encode, uppercase, and decode a random string. */
757 base32_encode(encoded, 96 + 1, plain, 60);
758 tor_strupper(encoded);
759 res = base32_decode(decoded, 60, encoded, 96);
760 test_eq(res, 0);
761 test_memeq(plain, decoded, 60);
762 /* Change encoded string and decode. */
763 if (encoded[0] == 'A' || encoded[0] == 'a')
764 encoded[0] = 'B';
765 else
766 encoded[0] = 'A';
767 res = base32_decode(decoded, 60, encoded, 96);
768 test_eq(res, 0);
769 test_memneq(plain, decoded, 60);
770 /* Bad encodings. */
771 encoded[0] = '!';
772 res = base32_decode(decoded, 60, encoded, 96);
773 test_assert(res < 0);
774
775 done:
776 ;
777 }
778
779 #define CRYPTO_LEGACY(name) \
780 { #name, legacy_test_helper, 0, &legacy_setup, test_crypto_ ## name }
781
782 struct testcase_t crypto_tests[] = {
783 CRYPTO_LEGACY(formats),
784 CRYPTO_LEGACY(rng),
785 CRYPTO_LEGACY(aes),
786 CRYPTO_LEGACY(sha),
787 CRYPTO_LEGACY(pk),
788 CRYPTO_LEGACY(dh),
789 CRYPTO_LEGACY(s2k),
790 CRYPTO_LEGACY(aes_iv),
791 CRYPTO_LEGACY(base32_decode),
792 END_OF_TESTCASES
793 };
794