Back to index

tor  0.2.3.18-rc
test_crypto.c
Go to the documentation of this file.
00001 /* Copyright (c) 2001-2004, Roger Dingledine.
00002  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
00003  * Copyright (c) 2007-2012, The Tor Project, Inc. */
00004 /* See LICENSE for licensing information */
00005 
00006 #include "orconfig.h"
00007 #define CRYPTO_PRIVATE
00008 #include "or.h"
00009 #include "test.h"
00010 #include "aes.h"
00011 
00013 static void
00014 test_crypto_dh(void)
00015 {
00016   crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
00017   crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
00018   char p1[DH_BYTES];
00019   char p2[DH_BYTES];
00020   char s1[DH_BYTES];
00021   char s2[DH_BYTES];
00022   ssize_t s1len, s2len;
00023 
00024   test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
00025   test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
00026 
00027   memset(p1, 0, DH_BYTES);
00028   memset(p2, 0, DH_BYTES);
00029   test_memeq(p1, p2, DH_BYTES);
00030   test_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
00031   test_memneq(p1, p2, DH_BYTES);
00032   test_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
00033   test_memneq(p1, p2, DH_BYTES);
00034 
00035   memset(s1, 0, DH_BYTES);
00036   memset(s2, 0xFF, DH_BYTES);
00037   s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
00038   s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
00039   test_assert(s1len > 0);
00040   test_eq(s1len, s2len);
00041   test_memeq(s1, s2, s1len);
00042 
00043   {
00044     /* XXXX Now fabricate some bad values and make sure they get caught,
00045      * Check 0, 1, N-1, >= N, etc.
00046      */
00047   }
00048 
00049  done:
00050   crypto_dh_free(dh1);
00051   crypto_dh_free(dh2);
00052 }
00053 
00056 static void
00057 test_crypto_rng(void)
00058 {
00059   int i, j, allok;
00060   char data1[100], data2[100];
00061   double d;
00062 
00063   /* Try out RNG. */
00064   test_assert(! crypto_seed_rng(0));
00065   crypto_rand(data1, 100);
00066   crypto_rand(data2, 100);
00067   test_memneq(data1,data2,100);
00068   allok = 1;
00069   for (i = 0; i < 100; ++i) {
00070     uint64_t big;
00071     char *host;
00072     j = crypto_rand_int(100);
00073     if (j < 0 || j >= 100)
00074       allok = 0;
00075     big = crypto_rand_uint64(U64_LITERAL(1)<<40);
00076     if (big >= (U64_LITERAL(1)<<40))
00077       allok = 0;
00078     big = crypto_rand_uint64(U64_LITERAL(5));
00079     if (big >= 5)
00080       allok = 0;
00081     d = crypto_rand_double();
00082     test_assert(d >= 0);
00083     test_assert(d < 1.0);
00084     host = crypto_random_hostname(3,8,"www.",".onion");
00085     if (strcmpstart(host,"www.") ||
00086         strcmpend(host,".onion") ||
00087         strlen(host) < 13 ||
00088         strlen(host) > 18)
00089       allok = 0;
00090     tor_free(host);
00091   }
00092   test_assert(allok);
00093  done:
00094   ;
00095 }
00096 
00098 static void
00099 test_crypto_aes(void *arg)
00100 {
00101   char *data1 = NULL, *data2 = NULL, *data3 = NULL;
00102   crypto_cipher_t *env1 = NULL, *env2 = NULL;
00103   int i, j;
00104   char *mem_op_hex_tmp=NULL;
00105 
00106   int use_evp = !strcmp(arg,"evp");
00107   evaluate_evp_for_aes(use_evp);
00108   evaluate_ctr_for_aes();
00109 
00110   data1 = tor_malloc(1024);
00111   data2 = tor_malloc(1024);
00112   data3 = tor_malloc(1024);
00113 
00114   /* Now, test encryption and decryption with stream cipher. */
00115   data1[0]='\0';
00116   for (i = 1023; i>0; i -= 35)
00117     strncat(data1, "Now is the time for all good onions", i);
00118 
00119   memset(data2, 0, 1024);
00120   memset(data3, 0, 1024);
00121   env1 = crypto_cipher_new(NULL);
00122   test_neq(env1, 0);
00123   env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
00124   test_neq(env2, 0);
00125 
00126   /* Try encrypting 512 chars. */
00127   crypto_cipher_encrypt(env1, data2, data1, 512);
00128   crypto_cipher_decrypt(env2, data3, data2, 512);
00129   test_memeq(data1, data3, 512);
00130   test_memneq(data1, data2, 512);
00131 
00132   /* Now encrypt 1 at a time, and get 1 at a time. */
00133   for (j = 512; j < 560; ++j) {
00134     crypto_cipher_encrypt(env1, data2+j, data1+j, 1);
00135   }
00136   for (j = 512; j < 560; ++j) {
00137     crypto_cipher_decrypt(env2, data3+j, data2+j, 1);
00138   }
00139   test_memeq(data1, data3, 560);
00140   /* Now encrypt 3 at a time, and get 5 at a time. */
00141   for (j = 560; j < 1024-5; j += 3) {
00142     crypto_cipher_encrypt(env1, data2+j, data1+j, 3);
00143   }
00144   for (j = 560; j < 1024-5; j += 5) {
00145     crypto_cipher_decrypt(env2, data3+j, data2+j, 5);
00146   }
00147   test_memeq(data1, data3, 1024-5);
00148   /* Now make sure that when we encrypt with different chunk sizes, we get
00149      the same results. */
00150   crypto_cipher_free(env2);
00151   env2 = NULL;
00152 
00153   memset(data3, 0, 1024);
00154   env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
00155   test_neq(env2, 0);
00156   for (j = 0; j < 1024-16; j += 17) {
00157     crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
00158   }
00159   for (j= 0; j < 1024-16; ++j) {
00160     if (data2[j] != data3[j]) {
00161       printf("%d:  %d\t%d\n", j, (int) data2[j], (int) data3[j]);
00162     }
00163   }
00164   test_memeq(data2, data3, 1024-16);
00165   crypto_cipher_free(env1);
00166   env1 = NULL;
00167   crypto_cipher_free(env2);
00168   env2 = NULL;
00169 
00170   /* NIST test vector for aes. */
00171   /* IV starts at 0 */
00172   env1 = crypto_cipher_new("\x80\x00\x00\x00\x00\x00\x00\x00"
00173                            "\x00\x00\x00\x00\x00\x00\x00\x00");
00174   crypto_cipher_encrypt(env1, data1,
00175                         "\x00\x00\x00\x00\x00\x00\x00\x00"
00176                         "\x00\x00\x00\x00\x00\x00\x00\x00", 16);
00177   test_memeq_hex(data1, "0EDD33D3C621E546455BD8BA1418BEC8");
00178 
00179   /* Now test rollover.  All these values are originally from a python
00180    * script. */
00181   crypto_cipher_free(env1);
00182   env1 = crypto_cipher_new_with_iv(
00183                                    "\x80\x00\x00\x00\x00\x00\x00\x00"
00184                                    "\x00\x00\x00\x00\x00\x00\x00\x00",
00185                                    "\x00\x00\x00\x00\x00\x00\x00\x00"
00186                                    "\xff\xff\xff\xff\xff\xff\xff\xff");
00187   memset(data2, 0,  1024);
00188   crypto_cipher_encrypt(env1, data1, data2, 32);
00189   test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231"
00190                         "cdd0b917dbc7186908a6bfb5ffd574d3");
00191   crypto_cipher_free(env1);
00192   env1 = crypto_cipher_new_with_iv(
00193                                    "\x80\x00\x00\x00\x00\x00\x00\x00"
00194                                    "\x00\x00\x00\x00\x00\x00\x00\x00",
00195                                    "\x00\x00\x00\x00\xff\xff\xff\xff"
00196                                    "\xff\xff\xff\xff\xff\xff\xff\xff");
00197   memset(data2, 0,  1024);
00198   crypto_cipher_encrypt(env1, data1, data2, 32);
00199   test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73"
00200                         "3e63c721df790d2c6469cc1953a3ffac");
00201   crypto_cipher_free(env1);
00202   env1 = crypto_cipher_new_with_iv(
00203                                    "\x80\x00\x00\x00\x00\x00\x00\x00"
00204                                    "\x00\x00\x00\x00\x00\x00\x00\x00",
00205                                    "\xff\xff\xff\xff\xff\xff\xff\xff"
00206                                    "\xff\xff\xff\xff\xff\xff\xff\xff");
00207   memset(data2, 0,  1024);
00208   crypto_cipher_encrypt(env1, data1, data2, 32);
00209   test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a"
00210                         "0EDD33D3C621E546455BD8BA1418BEC8");
00211 
00212   /* Now check rollover on inplace cipher. */
00213   crypto_cipher_free(env1);
00214   env1 = crypto_cipher_new_with_iv(
00215                                    "\x80\x00\x00\x00\x00\x00\x00\x00"
00216                                    "\x00\x00\x00\x00\x00\x00\x00\x00",
00217                                    "\xff\xff\xff\xff\xff\xff\xff\xff"
00218                                    "\xff\xff\xff\xff\xff\xff\xff\xff");
00219   crypto_cipher_crypt_inplace(env1, data2, 64);
00220   test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a"
00221                         "0EDD33D3C621E546455BD8BA1418BEC8"
00222                         "93e2c5243d6839eac58503919192f7ae"
00223                         "1908e67cafa08d508816659c2e693191");
00224   crypto_cipher_free(env1);
00225   env1 = crypto_cipher_new_with_iv(
00226                                    "\x80\x00\x00\x00\x00\x00\x00\x00"
00227                                    "\x00\x00\x00\x00\x00\x00\x00\x00",
00228                                    "\xff\xff\xff\xff\xff\xff\xff\xff"
00229                                    "\xff\xff\xff\xff\xff\xff\xff\xff");
00230   crypto_cipher_crypt_inplace(env1, data2, 64);
00231   test_assert(tor_mem_is_zero(data2, 64));
00232 
00233  done:
00234   tor_free(mem_op_hex_tmp);
00235   if (env1)
00236     crypto_cipher_free(env1);
00237   if (env2)
00238     crypto_cipher_free(env2);
00239   tor_free(data1);
00240   tor_free(data2);
00241   tor_free(data3);
00242 }
00243 
00245 static void
00246 test_crypto_sha(void)
00247 {
00248   crypto_digest_t *d1 = NULL, *d2 = NULL;
00249   int i;
00250   char key[160];
00251   char digest[32];
00252   char data[50];
00253   char d_out1[DIGEST_LEN], d_out2[DIGEST256_LEN];
00254   char *mem_op_hex_tmp=NULL;
00255 
00256   /* Test SHA-1 with a test vector from the specification. */
00257   i = crypto_digest(data, "abc", 3);
00258   test_memeq_hex(data, "A9993E364706816ABA3E25717850C26C9CD0D89D");
00259   tt_int_op(i, ==, 0);
00260 
00261   /* Test SHA-256 with a test vector from the specification. */
00262   i = crypto_digest256(data, "abc", 3, DIGEST_SHA256);
00263   test_memeq_hex(data, "BA7816BF8F01CFEA414140DE5DAE2223B00361A3"
00264                        "96177A9CB410FF61F20015AD");
00265   tt_int_op(i, ==, 0);
00266 
00267   /* Test HMAC-SHA-1 with test cases from RFC2202. */
00268 
00269   /* Case 1. */
00270   memset(key, 0x0b, 20);
00271   crypto_hmac_sha1(digest, key, 20, "Hi There", 8);
00272   test_streq(hex_str(digest, 20),
00273              "B617318655057264E28BC0B6FB378C8EF146BE00");
00274   /* Case 2. */
00275   crypto_hmac_sha1(digest, "Jefe", 4, "what do ya want for nothing?", 28);
00276   test_streq(hex_str(digest, 20),
00277              "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
00278 
00279   /* Case 4. */
00280   base16_decode(key, 25,
00281                 "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
00282   memset(data, 0xcd, 50);
00283   crypto_hmac_sha1(digest, key, 25, data, 50);
00284   test_streq(hex_str(digest, 20),
00285              "4C9007F4026250C6BC8414F9BF50C86C2D7235DA");
00286 
00287   /* Case 5. */
00288   memset(key, 0xaa, 80);
00289   crypto_hmac_sha1(digest, key, 80,
00290                    "Test Using Larger Than Block-Size Key - Hash Key First",
00291                    54);
00292   test_streq(hex_str(digest, 20),
00293              "AA4AE5E15272D00E95705637CE8A3B55ED402112");
00294 
00295   /* Test HMAC-SHA256 with test cases from wikipedia and RFC 4231 */
00296 
00297   /* Case empty (wikipedia) */
00298   crypto_hmac_sha256(digest, "", 0, "", 0);
00299   test_streq(hex_str(digest, 32),
00300            "B613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD");
00301 
00302   /* Case quick-brown (wikipedia) */
00303   crypto_hmac_sha256(digest, "key", 3,
00304                      "The quick brown fox jumps over the lazy dog", 43);
00305   test_streq(hex_str(digest, 32),
00306            "F7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8");
00307 
00308   /* "Test Case 1" from RFC 4231 */
00309   memset(key, 0x0b, 20);
00310   crypto_hmac_sha256(digest, key, 20, "Hi There", 8);
00311   test_memeq_hex(digest,
00312                  "b0344c61d8db38535ca8afceaf0bf12b"
00313                  "881dc200c9833da726e9376c2e32cff7");
00314 
00315   /* "Test Case 2" from RFC 4231 */
00316   memset(key, 0x0b, 20);
00317   crypto_hmac_sha256(digest, "Jefe", 4, "what do ya want for nothing?", 28);
00318   test_memeq_hex(digest,
00319                  "5bdcc146bf60754e6a042426089575c7"
00320                  "5a003f089d2739839dec58b964ec3843");
00321 
00322   /* "Test case 3" from RFC 4231 */
00323   memset(key, 0xaa, 20);
00324   memset(data, 0xdd, 50);
00325   crypto_hmac_sha256(digest, key, 20, data, 50);
00326   test_memeq_hex(digest,
00327                  "773ea91e36800e46854db8ebd09181a7"
00328                  "2959098b3ef8c122d9635514ced565fe");
00329 
00330   /* "Test case 4" from RFC 4231 */
00331   base16_decode(key, 25,
00332                 "0102030405060708090a0b0c0d0e0f10111213141516171819", 50);
00333   memset(data, 0xcd, 50);
00334   crypto_hmac_sha256(digest, key, 25, data, 50);
00335   test_memeq_hex(digest,
00336                  "82558a389a443c0ea4cc819899f2083a"
00337                  "85f0faa3e578f8077a2e3ff46729665b");
00338 
00339   /* "Test case 5" from RFC 4231 */
00340   memset(key, 0x0c, 20);
00341   crypto_hmac_sha256(digest, key, 20, "Test With Truncation", 20);
00342   test_memeq_hex(digest,
00343                  "a3b6167473100ee06e0c796c2955552b");
00344 
00345   /* "Test case 6" from RFC 4231 */
00346   memset(key, 0xaa, 131);
00347   crypto_hmac_sha256(digest, key, 131,
00348                      "Test Using Larger Than Block-Size Key - Hash Key First",
00349                      54);
00350   test_memeq_hex(digest,
00351                  "60e431591ee0b67f0d8a26aacbf5b77f"
00352                  "8e0bc6213728c5140546040f0ee37f54");
00353 
00354   /* "Test case 7" from RFC 4231 */
00355   memset(key, 0xaa, 131);
00356   crypto_hmac_sha256(digest, key, 131,
00357                      "This is a test using a larger than block-size key and a "
00358                      "larger than block-size data. The key needs to be hashed "
00359                      "before being used by the HMAC algorithm.", 152);
00360   test_memeq_hex(digest,
00361                  "9b09ffa71b942fcb27635fbcd5b0e944"
00362                  "bfdc63644f0713938a7f51535c3a35e2");
00363 
00364   /* Incremental digest code. */
00365   d1 = crypto_digest_new();
00366   test_assert(d1);
00367   crypto_digest_add_bytes(d1, "abcdef", 6);
00368   d2 = crypto_digest_dup(d1);
00369   test_assert(d2);
00370   crypto_digest_add_bytes(d2, "ghijkl", 6);
00371   crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
00372   crypto_digest(d_out2, "abcdefghijkl", 12);
00373   test_memeq(d_out1, d_out2, DIGEST_LEN);
00374   crypto_digest_assign(d2, d1);
00375   crypto_digest_add_bytes(d2, "mno", 3);
00376   crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
00377   crypto_digest(d_out2, "abcdefmno", 9);
00378   test_memeq(d_out1, d_out2, DIGEST_LEN);
00379   crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
00380   crypto_digest(d_out2, "abcdef", 6);
00381   test_memeq(d_out1, d_out2, DIGEST_LEN);
00382   crypto_digest_free(d1);
00383   crypto_digest_free(d2);
00384 
00385   /* Incremental digest code with sha256 */
00386   d1 = crypto_digest256_new(DIGEST_SHA256);
00387   test_assert(d1);
00388   crypto_digest_add_bytes(d1, "abcdef", 6);
00389   d2 = crypto_digest_dup(d1);
00390   test_assert(d2);
00391   crypto_digest_add_bytes(d2, "ghijkl", 6);
00392   crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
00393   crypto_digest256(d_out2, "abcdefghijkl", 12, DIGEST_SHA256);
00394   test_memeq(d_out1, d_out2, DIGEST_LEN);
00395   crypto_digest_assign(d2, d1);
00396   crypto_digest_add_bytes(d2, "mno", 3);
00397   crypto_digest_get_digest(d2, d_out1, sizeof(d_out1));
00398   crypto_digest256(d_out2, "abcdefmno", 9, DIGEST_SHA256);
00399   test_memeq(d_out1, d_out2, DIGEST_LEN);
00400   crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
00401   crypto_digest256(d_out2, "abcdef", 6, DIGEST_SHA256);
00402   test_memeq(d_out1, d_out2, DIGEST_LEN);
00403 
00404  done:
00405   if (d1)
00406     crypto_digest_free(d1);
00407   if (d2)
00408     crypto_digest_free(d2);
00409   tor_free(mem_op_hex_tmp);
00410 }
00411 
00413 static void
00414 test_crypto_pk(void)
00415 {
00416   crypto_pk_t *pk1 = NULL, *pk2 = NULL;
00417   char *encoded = NULL;
00418   char data1[1024], data2[1024], data3[1024];
00419   size_t size;
00420   int i, j, p, len;
00421 
00422   /* Public-key ciphers */
00423   pk1 = pk_generate(0);
00424   pk2 = crypto_pk_new();
00425   test_assert(pk1 && pk2);
00426   test_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
00427   test_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
00428   test_eq(0, crypto_pk_cmp_keys(pk1, pk2));
00429 
00430   test_eq(128, crypto_pk_keysize(pk1));
00431   test_eq(1024, crypto_pk_num_bits(pk1));
00432   test_eq(128, crypto_pk_keysize(pk2));
00433   test_eq(1024, crypto_pk_num_bits(pk2));
00434 
00435   test_eq(128, crypto_pk_public_encrypt(pk2, data1, sizeof(data1),
00436                                         "Hello whirled.", 15,
00437                                         PK_PKCS1_OAEP_PADDING));
00438   test_eq(128, crypto_pk_public_encrypt(pk1, data2, sizeof(data1),
00439                                         "Hello whirled.", 15,
00440                                         PK_PKCS1_OAEP_PADDING));
00441   /* oaep padding should make encryption not match */
00442   test_memneq(data1, data2, 128);
00443   test_eq(15, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data1, 128,
00444                                         PK_PKCS1_OAEP_PADDING,1));
00445   test_streq(data3, "Hello whirled.");
00446   memset(data3, 0, 1024);
00447   test_eq(15, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
00448                                         PK_PKCS1_OAEP_PADDING,1));
00449   test_streq(data3, "Hello whirled.");
00450   /* Can't decrypt with public key. */
00451   test_eq(-1, crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data2, 128,
00452                                         PK_PKCS1_OAEP_PADDING,1));
00453   /* Try again with bad padding */
00454   memcpy(data2+1, "XYZZY", 5);  /* This has fails ~ once-in-2^40 */
00455   test_eq(-1, crypto_pk_private_decrypt(pk1, data3, sizeof(data3), data2, 128,
00456                                         PK_PKCS1_OAEP_PADDING,1));
00457 
00458   /* File operations: save and load private key */
00459   test_assert(! crypto_pk_write_private_key_to_filename(pk1,
00460                                                         get_fname("pkey1")));
00461   /* failing case for read: can't read. */
00462   test_assert(crypto_pk_read_private_key_from_filename(pk2,
00463                                                    get_fname("xyzzy")) < 0);
00464   write_str_to_file(get_fname("xyzzy"), "foobar", 6);
00465   /* Failing case for read: no key. */
00466   test_assert(crypto_pk_read_private_key_from_filename(pk2,
00467                                                    get_fname("xyzzy")) < 0);
00468   test_assert(! crypto_pk_read_private_key_from_filename(pk2,
00469                                                          get_fname("pkey1")));
00470   test_eq(15, crypto_pk_private_decrypt(pk2, data3, sizeof(data3), data1, 128,
00471                                         PK_PKCS1_OAEP_PADDING,1));
00472 
00473   /* Now try signing. */
00474   strlcpy(data1, "Ossifrage", 1024);
00475   test_eq(128, crypto_pk_private_sign(pk1, data2, sizeof(data2), data1, 10));
00476   test_eq(10,
00477           crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
00478   test_streq(data3, "Ossifrage");
00479   /* Try signing digests. */
00480   test_eq(128, crypto_pk_private_sign_digest(pk1, data2, sizeof(data2),
00481                                              data1, 10));
00482   test_eq(20,
00483           crypto_pk_public_checksig(pk1, data3, sizeof(data3), data2, 128));
00484   test_eq(0, crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128));
00485   test_eq(-1, crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128));
00486 
00487   /*XXXX test failed signing*/
00488 
00489   /* Try encoding */
00490   crypto_pk_free(pk2);
00491   pk2 = NULL;
00492   i = crypto_pk_asn1_encode(pk1, data1, 1024);
00493   test_assert(i>0);
00494   pk2 = crypto_pk_asn1_decode(data1, i);
00495   test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
00496 
00497   /* Try with hybrid encryption wrappers. */
00498   crypto_rand(data1, 1024);
00499   for (i = 0; i < 2; ++i) {
00500     for (j = 85; j < 140; ++j) {
00501       memset(data2,0,1024);
00502       memset(data3,0,1024);
00503       p = (i==0)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
00504       len = crypto_pk_public_hybrid_encrypt(pk1,data2,sizeof(data2),
00505                                             data1,j,p,0);
00506       test_assert(len>=0);
00507       len = crypto_pk_private_hybrid_decrypt(pk1,data3,sizeof(data3),
00508                                              data2,len,p,1);
00509       test_eq(len,j);
00510       test_memeq(data1,data3,j);
00511     }
00512   }
00513 
00514   /* Try copy_full */
00515   crypto_pk_free(pk2);
00516   pk2 = crypto_pk_copy_full(pk1);
00517   test_assert(pk2 != NULL);
00518   test_neq_ptr(pk1, pk2);
00519   test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0);
00520 
00521  done:
00522   if (pk1)
00523     crypto_pk_free(pk1);
00524   if (pk2)
00525     crypto_pk_free(pk2);
00526   tor_free(encoded);
00527 }
00528 
00531 static void
00532 test_crypto_formats(void)
00533 {
00534   char *data1 = NULL, *data2 = NULL, *data3 = NULL;
00535   int i, j, idx;
00536 
00537   data1 = tor_malloc(1024);
00538   data2 = tor_malloc(1024);
00539   data3 = tor_malloc(1024);
00540   test_assert(data1 && data2 && data3);
00541 
00542   /* Base64 tests */
00543   memset(data1, 6, 1024);
00544   for (idx = 0; idx < 10; ++idx) {
00545     i = base64_encode(data2, 1024, data1, idx);
00546     test_assert(i >= 0);
00547     j = base64_decode(data3, 1024, data2, i);
00548     test_eq(j,idx);
00549     test_memeq(data3, data1, idx);
00550   }
00551 
00552   strlcpy(data1, "Test string that contains 35 chars.", 1024);
00553   strlcat(data1, " 2nd string that contains 35 chars.", 1024);
00554 
00555   i = base64_encode(data2, 1024, data1, 71);
00556   test_assert(i >= 0);
00557   j = base64_decode(data3, 1024, data2, i);
00558   test_eq(j, 71);
00559   test_streq(data3, data1);
00560   test_assert(data2[i] == '\0');
00561 
00562   crypto_rand(data1, DIGEST_LEN);
00563   memset(data2, 100, 1024);
00564   digest_to_base64(data2, data1);
00565   test_eq(BASE64_DIGEST_LEN, strlen(data2));
00566   test_eq(100, data2[BASE64_DIGEST_LEN+2]);
00567   memset(data3, 99, 1024);
00568   test_eq(digest_from_base64(data3, data2), 0);
00569   test_memeq(data1, data3, DIGEST_LEN);
00570   test_eq(99, data3[DIGEST_LEN+1]);
00571 
00572   test_assert(digest_from_base64(data3, "###") < 0);
00573 
00574   /* Encoding SHA256 */
00575   crypto_rand(data2, DIGEST256_LEN);
00576   memset(data2, 100, 1024);
00577   digest256_to_base64(data2, data1);
00578   test_eq(BASE64_DIGEST256_LEN, strlen(data2));
00579   test_eq(100, data2[BASE64_DIGEST256_LEN+2]);
00580   memset(data3, 99, 1024);
00581   test_eq(digest256_from_base64(data3, data2), 0);
00582   test_memeq(data1, data3, DIGEST256_LEN);
00583   test_eq(99, data3[DIGEST256_LEN+1]);
00584 
00585   /* Base32 tests */
00586   strlcpy(data1, "5chrs", 1024);
00587   /* bit pattern is:  [35 63 68 72 73] ->
00588    *        [00110101 01100011 01101000 01110010 01110011]
00589    * By 5s: [00110 10101 10001 10110 10000 11100 10011 10011]
00590    */
00591   base32_encode(data2, 9, data1, 5);
00592   test_streq(data2, "gvrwq4tt");
00593 
00594   strlcpy(data1, "\xFF\xF5\x6D\x44\xAE\x0D\x5C\xC9\x62\xC4", 1024);
00595   base32_encode(data2, 30, data1, 10);
00596   test_streq(data2, "772w2rfobvomsywe");
00597 
00598   /* Base16 tests */
00599   strlcpy(data1, "6chrs\xff", 1024);
00600   base16_encode(data2, 13, data1, 6);
00601   test_streq(data2, "3663687273FF");
00602 
00603   strlcpy(data1, "f0d678affc000100", 1024);
00604   i = base16_decode(data2, 8, data1, 16);
00605   test_eq(i,0);
00606   test_memeq(data2, "\xf0\xd6\x78\xaf\xfc\x00\x01\x00",8);
00607 
00608   /* now try some failing base16 decodes */
00609   test_eq(-1, base16_decode(data2, 8, data1, 15)); /* odd input len */
00610   test_eq(-1, base16_decode(data2, 7, data1, 16)); /* dest too short */
00611   strlcpy(data1, "f0dz!8affc000100", 1024);
00612   test_eq(-1, base16_decode(data2, 8, data1, 16));
00613 
00614   tor_free(data1);
00615   tor_free(data2);
00616   tor_free(data3);
00617 
00618   /* Add spaces to fingerprint */
00619   {
00620     data1 = tor_strdup("ABCD1234ABCD56780000ABCD1234ABCD56780000");
00621     test_eq(strlen(data1), 40);
00622     data2 = tor_malloc(FINGERPRINT_LEN+1);
00623     add_spaces_to_fp(data2, FINGERPRINT_LEN+1, data1);
00624     test_streq(data2, "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000");
00625     tor_free(data1);
00626     tor_free(data2);
00627   }
00628 
00629   /* Check fingerprint */
00630   {
00631     test_assert(crypto_pk_check_fingerprint_syntax(
00632                 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 0000"));
00633     test_assert(!crypto_pk_check_fingerprint_syntax(
00634                 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 000"));
00635     test_assert(!crypto_pk_check_fingerprint_syntax(
00636                 "ABCD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
00637     test_assert(!crypto_pk_check_fingerprint_syntax(
00638                 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 0000"));
00639     test_assert(!crypto_pk_check_fingerprint_syntax(
00640                 "ABCD 1234 ABCD 5678 0000 ABCD1234 ABCD 5678 00000"));
00641     test_assert(!crypto_pk_check_fingerprint_syntax(
00642                 "ACD 1234 ABCD 5678 0000 ABCD 1234 ABCD 5678 00000"));
00643   }
00644 
00645  done:
00646   tor_free(data1);
00647   tor_free(data2);
00648   tor_free(data3);
00649 }
00650 
00652 static void
00653 test_crypto_s2k(void)
00654 {
00655   char buf[29];
00656   char buf2[29];
00657   char *buf3 = NULL;
00658   int i;
00659 
00660   memset(buf, 0, sizeof(buf));
00661   memset(buf2, 0, sizeof(buf2));
00662   buf3 = tor_malloc(65536);
00663   memset(buf3, 0, 65536);
00664 
00665   secret_to_key(buf+9, 20, "", 0, buf);
00666   crypto_digest(buf2+9, buf3, 1024);
00667   test_memeq(buf, buf2, 29);
00668 
00669   memcpy(buf,"vrbacrda",8);
00670   memcpy(buf2,"vrbacrda",8);
00671   buf[8] = 96;
00672   buf2[8] = 96;
00673   secret_to_key(buf+9, 20, "12345678", 8, buf);
00674   for (i = 0; i < 65536; i += 16) {
00675     memcpy(buf3+i, "vrbacrda12345678", 16);
00676   }
00677   crypto_digest(buf2+9, buf3, 65536);
00678   test_memeq(buf, buf2, 29);
00679 
00680  done:
00681   tor_free(buf3);
00682 }
00683 
00685 static void
00686 test_crypto_aes_iv(void *arg)
00687 {
00688   char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2;
00689   char plain_1[1], plain_15[15], plain_16[16], plain_17[17];
00690   char key1[16], key2[16];
00691   ssize_t encrypted_size, decrypted_size;
00692 
00693   int use_evp = !strcmp(arg,"evp");
00694   evaluate_evp_for_aes(use_evp);
00695 
00696   plain = tor_malloc(4095);
00697   encrypted1 = tor_malloc(4095 + 1 + 16);
00698   encrypted2 = tor_malloc(4095 + 1 + 16);
00699   decrypted1 = tor_malloc(4095 + 1);
00700   decrypted2 = tor_malloc(4095 + 1);
00701 
00702   crypto_rand(plain, 4095);
00703   crypto_rand(key1, 16);
00704   crypto_rand(key2, 16);
00705   crypto_rand(plain_1, 1);
00706   crypto_rand(plain_15, 15);
00707   crypto_rand(plain_16, 16);
00708   crypto_rand(plain_17, 17);
00709   key1[0] = key2[0] + 128; /* Make sure that contents are different. */
00710   /* Encrypt and decrypt with the same key. */
00711   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 4095,
00712                                                  plain, 4095);
00713 
00714   test_eq(encrypted_size, 16 + 4095);
00715   tt_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
00716                                    * greater than 0, but its truth is not
00717                                    * obvious to all analysis tools. */
00718   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
00719                                              encrypted1, encrypted_size);
00720 
00721   test_eq(decrypted_size, 4095);
00722   tt_assert(decrypted_size > 0);
00723   test_memeq(plain, decrypted1, 4095);
00724   /* Encrypt a second time (with a new random initialization vector). */
00725   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted2, 16 + 4095,
00726                                              plain, 4095);
00727 
00728   test_eq(encrypted_size, 16 + 4095);
00729   tt_assert(encrypted_size > 0);
00730   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted2, 4095,
00731                                              encrypted2, encrypted_size);
00732   test_eq(decrypted_size, 4095);
00733   tt_assert(decrypted_size > 0);
00734   test_memeq(plain, decrypted2, 4095);
00735   test_memneq(encrypted1, encrypted2, encrypted_size);
00736   /* Decrypt with the wrong key. */
00737   decrypted_size = crypto_cipher_decrypt_with_iv(key2, decrypted2, 4095,
00738                                              encrypted1, encrypted_size);
00739   test_memneq(plain, decrypted2, encrypted_size);
00740   /* Alter the initialization vector. */
00741   encrypted1[0] += 42;
00742   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
00743                                              encrypted1, encrypted_size);
00744   test_memneq(plain, decrypted2, 4095);
00745   /* Special length case: 1. */
00746   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 1,
00747                                              plain_1, 1);
00748   test_eq(encrypted_size, 16 + 1);
00749   tt_assert(encrypted_size > 0);
00750   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 1,
00751                                              encrypted1, encrypted_size);
00752   test_eq(decrypted_size, 1);
00753   tt_assert(decrypted_size > 0);
00754   test_memeq(plain_1, decrypted1, 1);
00755   /* Special length case: 15. */
00756   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 15,
00757                                              plain_15, 15);
00758   test_eq(encrypted_size, 16 + 15);
00759   tt_assert(encrypted_size > 0);
00760   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 15,
00761                                              encrypted1, encrypted_size);
00762   test_eq(decrypted_size, 15);
00763   tt_assert(decrypted_size > 0);
00764   test_memeq(plain_15, decrypted1, 15);
00765   /* Special length case: 16. */
00766   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 16,
00767                                              plain_16, 16);
00768   test_eq(encrypted_size, 16 + 16);
00769   tt_assert(encrypted_size > 0);
00770   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 16,
00771                                              encrypted1, encrypted_size);
00772   test_eq(decrypted_size, 16);
00773   tt_assert(decrypted_size > 0);
00774   test_memeq(plain_16, decrypted1, 16);
00775   /* Special length case: 17. */
00776   encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 17,
00777                                              plain_17, 17);
00778   test_eq(encrypted_size, 16 + 17);
00779   tt_assert(encrypted_size > 0);
00780   decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 17,
00781                                              encrypted1, encrypted_size);
00782   test_eq(decrypted_size, 17);
00783   tt_assert(decrypted_size > 0);
00784   test_memeq(plain_17, decrypted1, 17);
00785 
00786  done:
00787   /* Free memory. */
00788   tor_free(plain);
00789   tor_free(encrypted1);
00790   tor_free(encrypted2);
00791   tor_free(decrypted1);
00792   tor_free(decrypted2);
00793 }
00794 
00796 static void
00797 test_crypto_base32_decode(void)
00798 {
00799   char plain[60], encoded[96 + 1], decoded[60];
00800   int res;
00801   crypto_rand(plain, 60);
00802   /* Encode and decode a random string. */
00803   base32_encode(encoded, 96 + 1, plain, 60);
00804   res = base32_decode(decoded, 60, encoded, 96);
00805   test_eq(res, 0);
00806   test_memeq(plain, decoded, 60);
00807   /* Encode, uppercase, and decode a random string. */
00808   base32_encode(encoded, 96 + 1, plain, 60);
00809   tor_strupper(encoded);
00810   res = base32_decode(decoded, 60, encoded, 96);
00811   test_eq(res, 0);
00812   test_memeq(plain, decoded, 60);
00813   /* Change encoded string and decode. */
00814   if (encoded[0] == 'A' || encoded[0] == 'a')
00815     encoded[0] = 'B';
00816   else
00817     encoded[0] = 'A';
00818   res = base32_decode(decoded, 60, encoded, 96);
00819   test_eq(res, 0);
00820   test_memneq(plain, decoded, 60);
00821   /* Bad encodings. */
00822   encoded[0] = '!';
00823   res = base32_decode(decoded, 60, encoded, 96);
00824   test_assert(res < 0);
00825 
00826  done:
00827   ;
00828 }
00829 
00830 static void *
00831 pass_data_setup_fn(const struct testcase_t *testcase)
00832 {
00833   return testcase->setup_data;
00834 }
00835 static int
00836 pass_data_cleanup_fn(const struct testcase_t *testcase, void *ptr)
00837 {
00838   (void)ptr;
00839   (void)testcase;
00840   return 1;
00841 }
00842 static const struct testcase_setup_t pass_data = {
00843   pass_data_setup_fn, pass_data_cleanup_fn
00844 };
00845 
00846 #define CRYPTO_LEGACY(name)                                            \
00847   { #name, legacy_test_helper, 0, &legacy_setup, test_crypto_ ## name }
00848 
00849 struct testcase_t crypto_tests[] = {
00850   CRYPTO_LEGACY(formats),
00851   CRYPTO_LEGACY(rng),
00852   { "aes_AES", test_crypto_aes, TT_FORK, &pass_data, (void*)"aes" },
00853   { "aes_EVP", test_crypto_aes, TT_FORK, &pass_data, (void*)"evp" },
00854   CRYPTO_LEGACY(sha),
00855   CRYPTO_LEGACY(pk),
00856   CRYPTO_LEGACY(dh),
00857   CRYPTO_LEGACY(s2k),
00858   { "aes_iv_AES", test_crypto_aes_iv, TT_FORK, &pass_data, (void*)"aes" },
00859   { "aes_iv_EVP", test_crypto_aes_iv, TT_FORK, &pass_data, (void*)"evp" },
00860   CRYPTO_LEGACY(base32_decode),
00861   END_OF_TESTCASES
00862 };
00863