1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
11 /** Run unit tests for Diffie-Hellman functionality. */
15 crypto_dh_env_t
*dh1
= crypto_dh_new();
16 crypto_dh_env_t
*dh2
= crypto_dh_new();
23 test_eq(crypto_dh_get_bytes(dh1
), DH_BYTES
);
24 test_eq(crypto_dh_get_bytes(dh2
), DH_BYTES
);
26 memset(p1
, 0, DH_BYTES
);
27 memset(p2
, 0, DH_BYTES
);
28 test_memeq(p1
, p2
, DH_BYTES
);
29 test_assert(! crypto_dh_get_public(dh1
, p1
, DH_BYTES
));
30 test_memneq(p1
, p2
, DH_BYTES
);
31 test_assert(! crypto_dh_get_public(dh2
, p2
, DH_BYTES
));
32 test_memneq(p1
, p2
, DH_BYTES
);
34 memset(s1
, 0, DH_BYTES
);
35 memset(s2
, 0xFF, DH_BYTES
);
36 s1len
= crypto_dh_compute_secret(LOG_WARN
, dh1
, p2
, DH_BYTES
, s1
, 50);
37 s2len
= crypto_dh_compute_secret(LOG_WARN
, dh2
, p1
, DH_BYTES
, s2
, 50);
38 test_assert(s1len
> 0);
39 test_eq(s1len
, s2len
);
40 test_memeq(s1
, s2
, s1len
);
43 /* XXXX Now fabricate some bad values and make sure they get caught,
44 * Check 0, 1, N-1, >= N, etc.
53 /** Run unit tests for our random number generation function and its wrappers.
59 char data1
[100], data2
[100];
63 test_assert(! crypto_seed_rng(0));
64 crypto_rand(data1
, 100);
65 crypto_rand(data2
, 100);
66 test_memneq(data1
,data2
,100);
68 for (i
= 0; i
< 100; ++i
) {
71 j
= crypto_rand_int(100);
72 if (i
< 0 || i
>= 100)
74 big
= crypto_rand_uint64(U64_LITERAL(1)<<40);
75 if (big
>= (U64_LITERAL(1)<<40))
77 big
= crypto_rand_uint64(U64_LITERAL(5));
80 d
= crypto_rand_double();
83 host
= crypto_random_hostname(3,8,"www.",".onion");
84 if (strcmpstart(host
,"www.") ||
85 strcmpend(host
,".onion") ||
96 /** Run unit tests for our AES functionality */
100 char *data1
= NULL
, *data2
= NULL
, *data3
= NULL
;
101 crypto_cipher_env_t
*env1
= NULL
, *env2
= NULL
;
103 char *mem_op_hex_tmp
=NULL
;
105 data1
= tor_malloc(1024);
106 data2
= tor_malloc(1024);
107 data3
= tor_malloc(1024);
109 /* Now, test encryption and decryption with stream cipher. */
111 for (i
= 1023; i
>0; i
-= 35)
112 strncat(data1
, "Now is the time for all good onions", i
);
114 memset(data2
, 0, 1024);
115 memset(data3
, 0, 1024);
116 env1
= crypto_new_cipher_env();
118 env2
= crypto_new_cipher_env();
120 j
= crypto_cipher_generate_key(env1
);
121 crypto_cipher_set_key(env2
, crypto_cipher_get_key(env1
));
122 crypto_cipher_encrypt_init_cipher(env1
);
123 crypto_cipher_decrypt_init_cipher(env2
);
125 /* Try encrypting 512 chars. */
126 crypto_cipher_encrypt(env1
, data2
, data1
, 512);
127 crypto_cipher_decrypt(env2
, data3
, data2
, 512);
128 test_memeq(data1
, data3
, 512);
129 test_memneq(data1
, data2
, 512);
131 /* Now encrypt 1 at a time, and get 1 at a time. */
132 for (j
= 512; j
< 560; ++j
) {
133 crypto_cipher_encrypt(env1
, data2
+j
, data1
+j
, 1);
135 for (j
= 512; j
< 560; ++j
) {
136 crypto_cipher_decrypt(env2
, data3
+j
, data2
+j
, 1);
138 test_memeq(data1
, data3
, 560);
139 /* Now encrypt 3 at a time, and get 5 at a time. */
140 for (j
= 560; j
< 1024-5; j
+= 3) {
141 crypto_cipher_encrypt(env1
, data2
+j
, data1
+j
, 3);
143 for (j
= 560; j
< 1024-5; j
+= 5) {
144 crypto_cipher_decrypt(env2
, data3
+j
, data2
+j
, 5);
146 test_memeq(data1
, data3
, 1024-5);
147 /* Now make sure that when we encrypt with different chunk sizes, we get
149 crypto_free_cipher_env(env2
);
152 memset(data3
, 0, 1024);
153 env2
= crypto_new_cipher_env();
155 crypto_cipher_set_key(env2
, crypto_cipher_get_key(env1
));
156 crypto_cipher_encrypt_init_cipher(env2
);
157 for (j
= 0; j
< 1024-16; j
+= 17) {
158 crypto_cipher_encrypt(env2
, data3
+j
, data1
+j
, 17);
160 for (j
= 0; j
< 1024-16; ++j
) {
161 if (data2
[j
] != data3
[j
]) {
162 printf("%d: %d\t%d\n", j
, (int) data2
[j
], (int) data3
[j
]);
165 test_memeq(data2
, data3
, 1024-16);
166 crypto_free_cipher_env(env1
);
168 crypto_free_cipher_env(env2
);
171 /* NIST test vector for aes. */
172 env1
= crypto_new_cipher_env(); /* IV starts at 0 */
173 crypto_cipher_set_key(env1
, "\x80\x00\x00\x00\x00\x00\x00\x00"
174 "\x00\x00\x00\x00\x00\x00\x00\x00");
175 crypto_cipher_encrypt_init_cipher(env1
);
176 crypto_cipher_encrypt(env1
, data1
,
177 "\x00\x00\x00\x00\x00\x00\x00\x00"
178 "\x00\x00\x00\x00\x00\x00\x00\x00", 16);
179 test_memeq_hex(data1
, "0EDD33D3C621E546455BD8BA1418BEC8");
181 /* Now test rollover. All these values are originally from a python
183 crypto_cipher_set_iv(env1
, "\x00\x00\x00\x00\x00\x00\x00\x00"
184 "\xff\xff\xff\xff\xff\xff\xff\xff");
185 memset(data2
, 0, 1024);
186 crypto_cipher_encrypt(env1
, data1
, data2
, 32);
187 test_memeq_hex(data1
, "335fe6da56f843199066c14a00a40231"
188 "cdd0b917dbc7186908a6bfb5ffd574d3");
190 crypto_cipher_set_iv(env1
, "\x00\x00\x00\x00\xff\xff\xff\xff"
191 "\xff\xff\xff\xff\xff\xff\xff\xff");
192 memset(data2
, 0, 1024);
193 crypto_cipher_encrypt(env1
, data1
, data2
, 32);
194 test_memeq_hex(data1
, "e627c6423fa2d77832a02b2794094b73"
195 "3e63c721df790d2c6469cc1953a3ffac");
197 crypto_cipher_set_iv(env1
, "\xff\xff\xff\xff\xff\xff\xff\xff"
198 "\xff\xff\xff\xff\xff\xff\xff\xff");
199 memset(data2
, 0, 1024);
200 crypto_cipher_encrypt(env1
, data1
, data2
, 32);
201 test_memeq_hex(data1
, "2aed2bff0de54f9328efd070bf48f70a"
202 "0EDD33D3C621E546455BD8BA1418BEC8");
204 /* Now check rollover on inplace cipher. */
205 crypto_cipher_set_iv(env1
, "\xff\xff\xff\xff\xff\xff\xff\xff"
206 "\xff\xff\xff\xff\xff\xff\xff\xff");
207 crypto_cipher_crypt_inplace(env1
, data2
, 64);
208 test_memeq_hex(data2
, "2aed2bff0de54f9328efd070bf48f70a"
209 "0EDD33D3C621E546455BD8BA1418BEC8"
210 "93e2c5243d6839eac58503919192f7ae"
211 "1908e67cafa08d508816659c2e693191");
212 crypto_cipher_set_iv(env1
, "\xff\xff\xff\xff\xff\xff\xff\xff"
213 "\xff\xff\xff\xff\xff\xff\xff\xff");
214 crypto_cipher_crypt_inplace(env1
, data2
, 64);
215 test_assert(tor_mem_is_zero(data2
, 64));
218 tor_free(mem_op_hex_tmp
);
220 crypto_free_cipher_env(env1
);
222 crypto_free_cipher_env(env2
);
228 /** Run unit tests for our SHA-1 functionality */
230 test_crypto_sha(void)
232 crypto_digest_env_t
*d1
= NULL
, *d2
= NULL
;
237 char d_out1
[DIGEST_LEN
], d_out2
[DIGEST256_LEN
];
238 char *mem_op_hex_tmp
=NULL
;
240 /* Test SHA-1 with a test vector from the specification. */
241 i
= crypto_digest(data
, "abc", 3);
242 test_memeq_hex(data
, "A9993E364706816ABA3E25717850C26C9CD0D89D");
244 /* Test SHA-256 with a test vector from the specification. */
245 i
= crypto_digest256(data
, "abc", 3, DIGEST_SHA256
);
246 test_memeq_hex(data
, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
247 "96177A9CB410FF61F20015AD");
249 /* Test HMAC-SHA-1 with test cases from RFC2202. */
252 memset(key
, 0x0b, 20);
253 crypto_hmac_sha1(digest
, key
, 20, "Hi There", 8);
254 test_streq(hex_str(digest
, 20),
255 "B617318655057264E28BC0B6FB378C8EF146BE00");
257 crypto_hmac_sha1(digest
, "Jefe", 4, "what do ya want for nothing?", 28);
258 test_streq(hex_str(digest
, 20),
259 "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
262 base16_decode(key
, 25,
263 "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
264 memset(data
, 0xcd, 50);
265 crypto_hmac_sha1(digest
, key
, 25, data
, 50);
266 test_streq(hex_str(digest
, 20),
267 "4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
270 memset(key
, 0xaa, 80);
271 crypto_hmac_sha1(digest
, key
, 80,
272 "Test Using Larger Than Block-Size Key - Hash Key First",
274 test_streq(hex_str(digest
, 20),
275 "AA4AE5E15272D00E95705637CE8A3B55ED402112");
277 /* Incremental digest code. */
278 d1
= crypto_new_digest_env();
280 crypto_digest_add_bytes(d1
, "abcdef", 6);
281 d2
= crypto_digest_dup(d1
);
283 crypto_digest_add_bytes(d2
, "ghijkl", 6);
284 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
285 crypto_digest(d_out2
, "abcdefghijkl", 12);
286 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
287 crypto_digest_assign(d2
, d1
);
288 crypto_digest_add_bytes(d2
, "mno", 3);
289 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
290 crypto_digest(d_out2
, "abcdefmno", 9);
291 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
292 crypto_digest_get_digest(d1
, d_out1
, sizeof(d_out1
));
293 crypto_digest(d_out2
, "abcdef", 6);
294 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
295 crypto_free_digest_env(d1
);
296 crypto_free_digest_env(d2
);
298 /* Incremental digest code with sha256 */
299 d1
= crypto_new_digest256_env(DIGEST_SHA256
);
301 crypto_digest_add_bytes(d1
, "abcdef", 6);
302 d2
= crypto_digest_dup(d1
);
304 crypto_digest_add_bytes(d2
, "ghijkl", 6);
305 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
306 crypto_digest256(d_out2
, "abcdefghijkl", 12, DIGEST_SHA256
);
307 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
308 crypto_digest_assign(d2
, d1
);
309 crypto_digest_add_bytes(d2
, "mno", 3);
310 crypto_digest_get_digest(d2
, d_out1
, sizeof(d_out1
));
311 crypto_digest256(d_out2
, "abcdefmno", 9, DIGEST_SHA256
);
312 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
313 crypto_digest_get_digest(d1
, d_out1
, sizeof(d_out1
));
314 crypto_digest256(d_out2
, "abcdef", 6, DIGEST_SHA256
);
315 test_memeq(d_out1
, d_out2
, DIGEST_LEN
);
319 crypto_free_digest_env(d1
);
321 crypto_free_digest_env(d2
);
322 tor_free(mem_op_hex_tmp
);
325 /** Run unit tests for our public key crypto functions */
329 crypto_pk_env_t
*pk1
= NULL
, *pk2
= NULL
;
330 char *encoded
= NULL
;
331 char data1
[1024], data2
[1024], data3
[1024];
335 /* Public-key ciphers */
336 pk1
= pk_generate(0);
337 pk2
= crypto_new_pk_env();
338 test_assert(pk1
&& pk2
);
339 test_assert(! crypto_pk_write_public_key_to_string(pk1
, &encoded
, &size
));
340 test_assert(! crypto_pk_read_public_key_from_string(pk2
, encoded
, size
));
341 test_eq(0, crypto_pk_cmp_keys(pk1
, pk2
));
343 test_eq(128, crypto_pk_keysize(pk1
));
344 test_eq(128, crypto_pk_keysize(pk2
));
346 test_eq(128, crypto_pk_public_encrypt(pk2
, data1
, sizeof(data1
),
347 "Hello whirled.", 15,
348 PK_PKCS1_OAEP_PADDING
));
349 test_eq(128, crypto_pk_public_encrypt(pk1
, data2
, sizeof(data1
),
350 "Hello whirled.", 15,
351 PK_PKCS1_OAEP_PADDING
));
352 /* oaep padding should make encryption not match */
353 test_memneq(data1
, data2
, 128);
354 test_eq(15, crypto_pk_private_decrypt(pk1
, data3
, sizeof(data3
), data1
, 128,
355 PK_PKCS1_OAEP_PADDING
,1));
356 test_streq(data3
, "Hello whirled.");
357 memset(data3
, 0, 1024);
358 test_eq(15, crypto_pk_private_decrypt(pk1
, data3
, sizeof(data3
), data2
, 128,
359 PK_PKCS1_OAEP_PADDING
,1));
360 test_streq(data3
, "Hello whirled.");
361 /* Can't decrypt with public key. */
362 test_eq(-1, crypto_pk_private_decrypt(pk2
, data3
, sizeof(data3
), data2
, 128,
363 PK_PKCS1_OAEP_PADDING
,1));
364 /* Try again with bad padding */
365 memcpy(data2
+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
366 test_eq(-1, crypto_pk_private_decrypt(pk1
, data3
, sizeof(data3
), data2
, 128,
367 PK_PKCS1_OAEP_PADDING
,1));
369 /* File operations: save and load private key */
370 test_assert(! crypto_pk_write_private_key_to_filename(pk1
,
371 get_fname("pkey1")));
372 /* failing case for read: can't read. */
373 test_assert(crypto_pk_read_private_key_from_filename(pk2
,
374 get_fname("xyzzy")) < 0);
375 write_str_to_file(get_fname("xyzzy"), "foobar", 6);
376 /* Failing case for read: no key. */
377 test_assert(crypto_pk_read_private_key_from_filename(pk2
,
378 get_fname("xyzzy")) < 0);
379 test_assert(! crypto_pk_read_private_key_from_filename(pk2
,
380 get_fname("pkey1")));
381 test_eq(15, crypto_pk_private_decrypt(pk2
, data3
, sizeof(data3
), data1
, 128,
382 PK_PKCS1_OAEP_PADDING
,1));
384 /* Now try signing. */
385 strlcpy(data1
, "Ossifrage", 1024);
386 test_eq(128, crypto_pk_private_sign(pk1
, data2
, sizeof(data2
), data1
, 10));
387 test_eq(10, crypto_pk_public_checksig(pk1
, data3
, sizeof(data3
), data2
, 128));
388 test_streq(data3
, "Ossifrage");
389 /* Try signing digests. */
390 test_eq(128, crypto_pk_private_sign_digest(pk1
, data2
, sizeof(data2
),
392 test_eq(20, crypto_pk_public_checksig(pk1
, data3
, sizeof(data3
), data2
, 128));
393 test_eq(0, crypto_pk_public_checksig_digest(pk1
, data1
, 10, data2
, 128));
394 test_eq(-1, crypto_pk_public_checksig_digest(pk1
, data1
, 11, data2
, 128));
396 /*XXXX test failed signing*/
399 crypto_free_pk_env(pk2
);
401 i
= crypto_pk_asn1_encode(pk1
, data1
, 1024);
403 pk2
= crypto_pk_asn1_decode(data1
, i
);
404 test_assert(crypto_pk_cmp_keys(pk1
,pk2
) == 0);
406 /* Try with hybrid encryption wrappers. */
407 crypto_rand(data1
, 1024);
408 for (i
= 0; i
< 3; ++i
) {
409 for (j
= 85; j
< 140; ++j
) {
410 memset(data2
,0,1024);
411 memset(data3
,0,1024);
412 if (i
== 0 && j
< 129)
414 p
= (i
==0)?PK_NO_PADDING
:
415 (i
==1)?PK_PKCS1_PADDING
:PK_PKCS1_OAEP_PADDING
;
416 len
= crypto_pk_public_hybrid_encrypt(pk1
,data2
,sizeof(data2
),
419 len
= crypto_pk_private_hybrid_decrypt(pk1
,data3
,sizeof(data3
),
422 test_memeq(data1
,data3
,j
);
427 crypto_free_pk_env(pk2
);
428 pk2
= crypto_pk_copy_full(pk1
);
429 test_assert(pk2
!= NULL
);
430 test_neq_ptr(pk1
, pk2
);
431 test_assert(crypto_pk_cmp_keys(pk1
,pk2
) == 0);
435 crypto_free_pk_env(pk1
);
437 crypto_free_pk_env(pk2
);
441 /** Run unit tests for misc crypto formatting functionality (base64, base32,
442 * fingerprints, etc) */
444 test_crypto_formats(void)
446 char *data1
= NULL
, *data2
= NULL
, *data3
= NULL
;
449 data1
= tor_malloc(1024);
450 data2
= tor_malloc(1024);
451 data3
= tor_malloc(1024);
452 test_assert(data1
&& data2
&& data3
);
455 memset(data1
, 6, 1024);
456 for (idx
= 0; idx
< 10; ++idx
) {
457 i
= base64_encode(data2
, 1024, data1
, idx
);
459 j
= base64_decode(data3
, 1024, data2
, i
);
461 test_memeq(data3
, data1
, idx
);
464 strlcpy(data1
, "Test string that contains 35 chars.", 1024);
465 strlcat(data1
, " 2nd string that contains 35 chars.", 1024);
467 i
= base64_encode(data2
, 1024, data1
, 71);
469 j
= base64_decode(data3
, 1024, data2
, i
);
471 test_streq(data3
, data1
);
472 test_assert(data2
[i
] == '\0');
474 crypto_rand(data1
, DIGEST_LEN
);
475 memset(data2
, 100, 1024);
476 digest_to_base64(data2
, data1
);
477 test_eq(BASE64_DIGEST_LEN
, strlen(data2
));
478 test_eq(100, data2
[BASE64_DIGEST_LEN
+2]);
479 memset(data3
, 99, 1024);
480 test_eq(digest_from_base64(data3
, data2
), 0);
481 test_memeq(data1
, data3
, DIGEST_LEN
);
482 test_eq(99, data3
[DIGEST_LEN
+1]);
484 test_assert(digest_from_base64(data3
, "###") < 0);
486 /* Encoding SHA256 */
487 crypto_rand(data2
, DIGEST256_LEN
);
488 memset(data2
, 100, 1024);
489 digest256_to_base64(data2
, data1
);
490 test_eq(BASE64_DIGEST256_LEN
, strlen(data2
));
491 test_eq(100, data2
[BASE64_DIGEST256_LEN
+2]);
492 memset(data3
, 99, 1024);
493 test_eq(digest256_from_base64(data3
, data2
), 0);
494 test_memeq(data1
, data3
, DIGEST256_LEN
);
495 test_eq(99, data3
[DIGEST256_LEN
+1]);
498 strlcpy(data1
, "5chrs", 1024);
499 /* bit pattern is: [35 63 68 72 73] ->
500 * [00110101 01100011 01101000 01110010 01110011]
501 * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
503 base32_encode(data2
, 9, data1
, 5);
504 test_streq(data2
, "gvrwq4tt");
506 strlcpy(data1
, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
507 base32_encode(data2
, 30, data1
, 10);
508 test_streq(data2
, "772w2rfobvomsywe");
511 strlcpy(data1
, "6chrs\xff", 1024);
512 base16_encode(data2
, 13, data1
, 6);
513 test_streq(data2
, "3663687273FF");
515 strlcpy(data1
, "f0d678affc000100", 1024);
516 i
= base16_decode(data2
, 8, data1
, 16);
518 test_memeq(data2
, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
520 /* now try some failing base16 decodes */
521 test_eq(-1, base16_decode(data2
, 8, data1
, 15)); /* odd input len */
522 test_eq(-1, base16_decode(data2
, 7, data1
, 16)); /* dest too short */
523 strlcpy(data1
, "f0dz!8affc000100", 1024);
524 test_eq(-1, base16_decode(data2
, 8, data1
, 16));
530 /* Add spaces to fingerprint */
532 data1
= tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
533 test_eq(strlen(data1
), 40);
534 data2
= tor_malloc(FINGERPRINT_LEN
+1);
535 add_spaces_to_fp(data2
, FINGERPRINT_LEN
+1, data1
);
536 test_streq(data2
, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
541 /* Check fingerprint */
543 test_assert(crypto_pk_check_fingerprint_syntax(
544 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000"));
545 test_assert(!crypto_pk_check_fingerprint_syntax(
546 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 000"));
547 test_assert(!crypto_pk_check_fingerprint_syntax(
548 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
549 test_assert(!crypto_pk_check_fingerprint_syntax(
550 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 0000"));
551 test_assert(!crypto_pk_check_fingerprint_syntax(
552 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 00000"));
553 test_assert(!crypto_pk_check_fingerprint_syntax(
554 "ACD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
563 /** Run unit tests for our secret-to-key passphrase hashing functionality. */
565 test_crypto_s2k(void)
572 memset(buf
, 0, sizeof(buf
));
573 memset(buf2
, 0, sizeof(buf2
));
574 buf3
= tor_malloc(65536);
575 memset(buf3
, 0, 65536);
577 secret_to_key(buf
+9, 20, "", 0, buf
);
578 crypto_digest(buf2
+9, buf3
, 1024);
579 test_memeq(buf
, buf2
, 29);
581 memcpy(buf
,"vrbacrda",8);
582 memcpy(buf2
,"vrbacrda",8);
585 secret_to_key(buf
+9, 20, "12345678", 8, buf
);
586 for (i
= 0; i
< 65536; i
+= 16) {
587 memcpy(buf3
+i
, "vrbacrda12345678", 16);
589 crypto_digest(buf2
+9, buf3
, 65536);
590 test_memeq(buf
, buf2
, 29);
596 /** Test AES-CTR encryption and decryption with IV. */
598 test_crypto_aes_iv(void)
600 crypto_cipher_env_t
*cipher
;
601 char *plain
, *encrypted1
, *encrypted2
, *decrypted1
, *decrypted2
;
602 char plain_1
[1], plain_15
[15], plain_16
[16], plain_17
[17];
603 char key1
[16], key2
[16];
604 ssize_t encrypted_size
, decrypted_size
;
606 plain
= tor_malloc(4095);
607 encrypted1
= tor_malloc(4095 + 1 + 16);
608 encrypted2
= tor_malloc(4095 + 1 + 16);
609 decrypted1
= tor_malloc(4095 + 1);
610 decrypted2
= tor_malloc(4095 + 1);
612 crypto_rand(plain
, 4095);
613 crypto_rand(key1
, 16);
614 crypto_rand(key2
, 16);
615 crypto_rand(plain_1
, 1);
616 crypto_rand(plain_15
, 15);
617 crypto_rand(plain_16
, 16);
618 crypto_rand(plain_17
, 17);
619 key1
[0] = key2
[0] + 128; /* Make sure that contents are different. */
620 /* Encrypt and decrypt with the same key. */
621 cipher
= crypto_create_init_cipher(key1
, 1);
622 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 4095,
624 crypto_free_cipher_env(cipher
);
626 test_eq(encrypted_size
, 16 + 4095);
627 tor_assert(encrypted_size
> 0); /* This is obviously true, since 4111 is
628 * greater than 0, but its truth is not
629 * obvious to all analysis tools. */
630 cipher
= crypto_create_init_cipher(key1
, 0);
631 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 4095,
632 encrypted1
, encrypted_size
);
633 crypto_free_cipher_env(cipher
);
635 test_eq(decrypted_size
, 4095);
636 tor_assert(decrypted_size
> 0);
637 test_memeq(plain
, decrypted1
, 4095);
638 /* Encrypt a second time (with a new random initialization vector). */
639 cipher
= crypto_create_init_cipher(key1
, 1);
640 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted2
, 16 + 4095,
642 crypto_free_cipher_env(cipher
);
644 test_eq(encrypted_size
, 16 + 4095);
645 tor_assert(encrypted_size
> 0);
646 cipher
= crypto_create_init_cipher(key1
, 0);
647 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted2
, 4095,
648 encrypted2
, encrypted_size
);
649 crypto_free_cipher_env(cipher
);
651 test_eq(decrypted_size
, 4095);
652 tor_assert(decrypted_size
> 0);
653 test_memeq(plain
, decrypted2
, 4095);
654 test_memneq(encrypted1
, encrypted2
, encrypted_size
);
655 /* Decrypt with the wrong key. */
656 cipher
= crypto_create_init_cipher(key2
, 0);
657 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted2
, 4095,
658 encrypted1
, encrypted_size
);
659 crypto_free_cipher_env(cipher
);
661 test_memneq(plain
, decrypted2
, encrypted_size
);
662 /* Alter the initialization vector. */
664 cipher
= crypto_create_init_cipher(key1
, 0);
665 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 4095,
666 encrypted1
, encrypted_size
);
667 crypto_free_cipher_env(cipher
);
669 test_memneq(plain
, decrypted2
, 4095);
670 /* Special length case: 1. */
671 cipher
= crypto_create_init_cipher(key1
, 1);
672 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 1,
674 crypto_free_cipher_env(cipher
);
676 test_eq(encrypted_size
, 16 + 1);
677 tor_assert(encrypted_size
> 0);
678 cipher
= crypto_create_init_cipher(key1
, 0);
679 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 1,
680 encrypted1
, encrypted_size
);
681 crypto_free_cipher_env(cipher
);
683 test_eq(decrypted_size
, 1);
684 tor_assert(decrypted_size
> 0);
685 test_memeq(plain_1
, decrypted1
, 1);
686 /* Special length case: 15. */
687 cipher
= crypto_create_init_cipher(key1
, 1);
688 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 15,
690 crypto_free_cipher_env(cipher
);
692 test_eq(encrypted_size
, 16 + 15);
693 tor_assert(encrypted_size
> 0);
694 cipher
= crypto_create_init_cipher(key1
, 0);
695 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 15,
696 encrypted1
, encrypted_size
);
697 crypto_free_cipher_env(cipher
);
699 test_eq(decrypted_size
, 15);
700 tor_assert(decrypted_size
> 0);
701 test_memeq(plain_15
, decrypted1
, 15);
702 /* Special length case: 16. */
703 cipher
= crypto_create_init_cipher(key1
, 1);
704 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 16,
706 crypto_free_cipher_env(cipher
);
708 test_eq(encrypted_size
, 16 + 16);
709 tor_assert(encrypted_size
> 0);
710 cipher
= crypto_create_init_cipher(key1
, 0);
711 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 16,
712 encrypted1
, encrypted_size
);
713 crypto_free_cipher_env(cipher
);
715 test_eq(decrypted_size
, 16);
716 tor_assert(decrypted_size
> 0);
717 test_memeq(plain_16
, decrypted1
, 16);
718 /* Special length case: 17. */
719 cipher
= crypto_create_init_cipher(key1
, 1);
720 encrypted_size
= crypto_cipher_encrypt_with_iv(cipher
, encrypted1
, 16 + 17,
722 crypto_free_cipher_env(cipher
);
724 test_eq(encrypted_size
, 16 + 17);
725 tor_assert(encrypted_size
> 0);
726 cipher
= crypto_create_init_cipher(key1
, 0);
727 decrypted_size
= crypto_cipher_decrypt_with_iv(cipher
, decrypted1
, 17,
728 encrypted1
, encrypted_size
);
729 test_eq(decrypted_size
, 17);
730 tor_assert(decrypted_size
> 0);
731 test_memeq(plain_17
, decrypted1
, 17);
736 tor_free(encrypted1
);
737 tor_free(encrypted2
);
738 tor_free(decrypted1
);
739 tor_free(decrypted2
);
741 crypto_free_cipher_env(cipher
);
744 /** Test base32 decoding. */
746 test_crypto_base32_decode(void)
748 char plain
[60], encoded
[96 + 1], decoded
[60];
750 crypto_rand(plain
, 60);
751 /* Encode and decode a random string. */
752 base32_encode(encoded
, 96 + 1, plain
, 60);
753 res
= base32_decode(decoded
, 60, encoded
, 96);
755 test_memeq(plain
, decoded
, 60);
756 /* Encode, uppercase, and decode a random string. */
757 base32_encode(encoded
, 96 + 1, plain
, 60);
758 tor_strupper(encoded
);
759 res
= base32_decode(decoded
, 60, encoded
, 96);
761 test_memeq(plain
, decoded
, 60);
762 /* Change encoded string and decode. */
763 if (encoded
[0] == 'A' || encoded
[0] == 'a')
767 res
= base32_decode(decoded
, 60, encoded
, 96);
769 test_memneq(plain
, decoded
, 60);
772 res
= base32_decode(decoded
, 60, encoded
, 96);
773 test_assert(res
< 0);
779 #define CRYPTO_LEGACY(name) \
780 { #name, legacy_test_helper, 0, &legacy_setup, test_crypto_ ## name }
782 struct testcase_t crypto_tests
[] = {
783 CRYPTO_LEGACY(formats
),
790 CRYPTO_LEGACY(aes_iv
),
791 CRYPTO_LEGACY(base32_decode
),