From 52a555cd7d54a9adb4d9c868812111d4b80b60b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 18:49:32 +0100 Subject: [PATCH 01/22] Also test backwards compat strerror() function --- tests/suites/test_suite_error.function | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function index a514cee77..4532530e2 100644 --- a/tests/suites/test_suite_error.function +++ b/tests/suites/test_suite_error.function @@ -12,8 +12,18 @@ void error_strerror( int code, char *result_str ) { char buf[500]; + memset( buf, 0, sizeof( buf ) ); + polarssl_strerror( code, buf, 500 ); TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + +#if defined(POLARSSL_ERROR_STRERROR_BC) + memset( buf, 0, sizeof( buf ) ); + + error_strerror( code, buf, 500 ); + + TEST_ASSERT( strcmp( buf, result_str ) == 0 ); +#endif } /* END_CASE */ From 388dac403778c7ce40265e4b1fa2a346fa96b019 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 18:57:52 +0100 Subject: [PATCH 02/22] Still test pbkdf2 while it's there --- programs/test/selftest.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 0fb5886a7..c029e9b33 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -49,6 +49,7 @@ #include "polarssl/x509.h" #include "polarssl/xtea.h" #include "polarssl/pkcs5.h" +#include "polarssl/pbkdf2.h" #include "polarssl/ecp.h" #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) @@ -171,10 +172,15 @@ int main( int argc, char *argv[] ) return( ret ); #endif +#if defined(POLARSSL_PBKDF2_C) + if( ( ret = pbkdf2_self_test( v ) ) != 0 ) + return( ret ); +#else #if defined(POLARSSL_PKCS5_C) if( ( ret = pkcs5_self_test( v ) ) != 0 ) return( ret ); #endif +#endif #if defined(POLARSSL_ECP_C) if( ( ret = ecp_self_test( v ) ) != 0 ) From 487588d0bf8b450cf7cefd18ef77587d78034512 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 19:02:07 +0100 Subject: [PATCH 03/22] Whitespace fixes --- library/timing.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/timing.c b/library/timing.c index f1d8a1fed..8322411b4 100644 --- a/library/timing.c +++ b/library/timing.c @@ -55,7 +55,7 @@ struct _hr_time #endif #if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \ - (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) + (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) #define POLARSSL_HAVE_HARDCLOCK @@ -89,7 +89,7 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long lo, hi; - asm( "rdtsc" : "=a" (lo), "=d" (hi) ); + asm( "rdtsc" : "=a" (lo), "=d" (hi) ); return( lo | (hi << 32) ); } #endif @@ -181,9 +181,9 @@ unsigned long hardclock( void ) { LARGE_INTEGER offset; - QueryPerformanceCounter( &offset ); + QueryPerformanceCounter( &offset ); - return (unsigned long)( offset.QuadPart ); + return (unsigned long)( offset.QuadPart ); } #endif @@ -234,17 +234,17 @@ unsigned long get_timer( struct hr_time *val, int reset ) } DWORD WINAPI TimerProc( LPVOID uElapse ) -{ +{ Sleep( (DWORD) uElapse ); - alarmed = 1; + alarmed = 1; return( TRUE ); } void set_alarm( int seconds ) -{ +{ DWORD ThreadId; - alarmed = 0; + alarmed = 0; CloseHandle( CreateThread( NULL, 0, TimerProc, (LPVOID) ( seconds * 1000 ), 0, &ThreadId ) ); } @@ -285,7 +285,7 @@ void m_sleep( int milliseconds ) #else static void sighandler( int signum ) -{ +{ alarmed = 1; signal( signum, sighandler ); } From 470fc935b5f4778529f7f048c5f6812af97acabf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 20:07:08 +0100 Subject: [PATCH 04/22] Add timing_self_test() with consistency tests --- include/polarssl/timing.h | 9 +++ library/timing.c | 129 ++++++++++++++++++++++++++++++++++++-- programs/test/selftest.c | 6 ++ 3 files changed, 140 insertions(+), 4 deletions(-) diff --git a/include/polarssl/timing.h b/include/polarssl/timing.h index cb6abe35e..09624fcf1 100644 --- a/include/polarssl/timing.h +++ b/include/polarssl/timing.h @@ -74,6 +74,15 @@ void set_alarm( int seconds ); */ void m_sleep( int milliseconds ); +#if defined(POLARSSL_SELF_TEST) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if a test failed + */ +int timing_self_test( int verbose ); +#endif + #ifdef __cplusplus } #endif diff --git a/library/timing.c b/library/timing.c index 8322411b4..c8fa653ce 100644 --- a/library/timing.c +++ b/library/timing.c @@ -25,6 +25,13 @@ #include "polarssl/config.h" +#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#include +#define polarssl_printf printf +#endif + #if defined(POLARSSL_TIMING_C) && !defined(POLARSSL_TIMING_ALT) #include "polarssl/timing.h" @@ -254,7 +261,7 @@ void m_sleep( int milliseconds ) Sleep( milliseconds ); } -#else +#else /* _WIN32 && !EFIX64 && !EFI32 */ unsigned long get_timer( struct hr_time *val, int reset ) { @@ -282,7 +289,7 @@ void m_sleep( int milliseconds ) usleep( milliseconds * 1000 ); } -#else +#else /* INTEGRITY */ static void sighandler( int signum ) { @@ -308,6 +315,120 @@ void m_sleep( int milliseconds ) } #endif /* INTEGRITY */ -#endif +#endif /* _WIN32 && !EFIX64 && !EFI32 */ -#endif +#if defined(POLARSSL_SELF_TEST) + +/* + * Checkup routine + */ +int timing_self_test( int verbose ) +{ + unsigned long cycles, ratio; + unsigned long millisecs, secs; + int hardfail; + struct hr_time hires; + + if( verbose != 0) + polarssl_printf( " TIMING tests warning: will take some time!\n" ); + + if( verbose != 0 ) + polarssl_printf( " TIMING test #1 (m_sleep / get_timer): " ); + + for( secs = 1; secs <= 3; secs++ ) + { + (void) get_timer( &hires, 1 ); + + m_sleep( 1000 * secs ); + + millisecs = get_timer( &hires, 0 ); + + if( millisecs < 900 * secs || millisecs > 1100 * secs ) + { + if( verbose != 0 ) + polarssl_printf( "failed\n" ); + + return( 1 ); + } + } + + if( verbose != 0 ) + polarssl_printf( "passed\n" ); + + if( verbose != 0 ) + polarssl_printf( " TIMING test #2 (set_alarm / get_timer): " ); + + for( secs = 1; secs <= 3; secs++ ) + { + (void) get_timer( &hires, 1 ); + + set_alarm( secs ); + while( !alarmed ) + ; + + millisecs = get_timer( &hires, 0 ); + + if( millisecs < 900 * secs || millisecs > 1100 * secs ) + { + if( verbose != 0 ) + polarssl_printf( "failed\n" ); + + return( 1 ); + } + } + + if( verbose != 0 ) + polarssl_printf( "passed\n" ); + + if( verbose != 0 ) + polarssl_printf( " TIMING test #3 (hardclock / m_sleep ): " ); + + /* + * Allow one failure for possible counter wrapping. + * On a 4Ghz 32-bit machine the cycle counter wraps about once per second; + * since the whole test is about 10ms, it shouldn't happen twice in a row. + */ + hardfail = 0; + +hard_test: + if( hardfail > 1 ) + { + if( verbose != 0 ) + polarssl_printf( "failed\n" ); + + return( 1 ); + } + + /* Get a reference ratio cycles/ms */ + cycles = hardclock(); + m_sleep( 1 ); + cycles = hardclock() - cycles; + ratio = cycles / 1; + + for( millisecs = 2; millisecs <= 4; millisecs++ ) + { + cycles = hardclock(); + m_sleep( millisecs ); + cycles = hardclock() - cycles; + + /* Allow variation up to 20% */ + if( cycles / millisecs < ratio - ratio / 5 || + cycles / millisecs > ratio + ratio / 5 ) + { + hardfail++; + goto hard_test; + } + } + + if( verbose != 0 ) + polarssl_printf( "passed\n" ); + + if( verbose != 0 ) + polarssl_printf( "\n" ); + + return( 0 ); +} + +#endif /* POLARSSL_SELF_TEST */ + +#endif /* POLARSSL_TIMING_C && !POLARSSL_TIMING_ALT */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index c029e9b33..6f7360850 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -51,6 +51,7 @@ #include "polarssl/pkcs5.h" #include "polarssl/pbkdf2.h" #include "polarssl/ecp.h" +#include "polarssl/timing.h" #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) #include "polarssl/memory.h" @@ -192,6 +193,11 @@ int main( int argc, char *argv[] ) return( ret ); #endif +#if defined(POLARSSL_TIMING_C) + if( ( ret = timing_self_test( v ) ) != 0 ) + return( ret ); +#endif + #else printf( " POLARSSL_SELF_TEST not defined.\n" ); #endif From 13a1ef86000e235e7d5549c49ff32052cdf6a782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 20:12:44 +0100 Subject: [PATCH 05/22] Misc selftest adjustements --- include/polarssl/ecp.h | 4 +++- library/pkcs5.c | 6 +++++- programs/test/selftest.c | 22 ++++++++++++---------- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 1cafc467b..3942891c6 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -621,12 +621,14 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q, int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#if defined(POLARSSL_SELF_TEST) /** * \brief Checkup routine * - * \return 0 if successful, or 1 if the test failed + * \return 0 if successful, or 1 if a test failed */ int ecp_self_test( int verbose ); +#endif #ifdef __cplusplus } diff --git a/library/pkcs5.c b/library/pkcs5.c index c4cdf0354..2845f6812 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -361,9 +361,13 @@ int pkcs5_self_test( int verbose ) if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 ) return( 1 ); + if( verbose != 0 ) + polarssl_printf( " PBKDF2 warning: test #3 may be slow!\n" ); + for( i = 0; i < MAX_TESTS; i++ ) { - polarssl_printf( " PBKDF2 (SHA1) #%d: ", i ); + if( verbose != 0 ) + polarssl_printf( " PBKDF2 (SHA1) #%d: ", i ); ret = pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i], slen[i], it_cnt[i], key_len[i], key ); diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 6f7360850..82477e507 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -173,16 +173,6 @@ int main( int argc, char *argv[] ) return( ret ); #endif -#if defined(POLARSSL_PBKDF2_C) - if( ( ret = pbkdf2_self_test( v ) ) != 0 ) - return( ret ); -#else -#if defined(POLARSSL_PKCS5_C) - if( ( ret = pkcs5_self_test( v ) ) != 0 ) - return( ret ); -#endif -#endif - #if defined(POLARSSL_ECP_C) if( ( ret = ecp_self_test( v ) ) != 0 ) return( ret ); @@ -193,6 +183,18 @@ int main( int argc, char *argv[] ) return( ret ); #endif +/* Slow tests last */ + +#if defined(POLARSSL_PBKDF2_C) + if( ( ret = pbkdf2_self_test( v ) ) != 0 ) + return( ret ); +#else +#if defined(POLARSSL_PKCS5_C) + if( ( ret = pkcs5_self_test( v ) ) != 0 ) + return( ret ); +#endif +#endif + #if defined(POLARSSL_TIMING_C) if( ( ret = timing_self_test( v ) ) != 0 ) return( ret ); From 2be0b5225e44b5d85ef5b1ec732fe79c9e96e941 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 20:16:07 +0100 Subject: [PATCH 06/22] Add selftest program to the list of tests --- tests/Descriptions.txt | 7 ++++++- tests/scripts/all.sh | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/Descriptions.txt b/tests/Descriptions.txt index b6309f3f4..8b13bb39f 100644 --- a/tests/Descriptions.txt +++ b/tests/Descriptions.txt @@ -4,12 +4,17 @@ test_suites (reference test vectors, sanity checks, malformed input for parsing functions, etc.) for all modules except the SSL modules. +selftests + The 'programs/test/selftest' program runs the 'XXX_self_test()' functions + of each individual module. Most of them are included in the respective + test suite, but some slower ones are only included here. + compat The 'tests/compat.sh' script checks interoperability with OpenSSL and GnuTLS (and ourselves!) for every common ciphersuite, in every TLS version, both ways (client/server), using client authentication or not. For each ciphersuite/version/side/authmode it performs a full handshake - and a small data exchange. + and a small data exchange. ssl_opt The 'tests/ssl-opt.sh' script checks various options and/or operations not diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 249be3b50..8dba3ecab 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -74,6 +74,7 @@ cleanup cmake -D CMAKE_BUILD_TYPE:String=ASan . make make test +programs/test/selftest cd tests ./compat.sh ./ssl-opt.sh From d6aebe108ad2bd54789b3a8f6ecc7e6a33c44333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2014 21:15:40 +0100 Subject: [PATCH 07/22] Add 'volatile' to hardclock()'s asm Prevents calls from being optimised away in timing_self_test(). (Should no be a problem for calls from other files.) --- library/timing.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/timing.c b/library/timing.c index c8fa653ce..9a6129bf8 100644 --- a/library/timing.c +++ b/library/timing.c @@ -83,7 +83,7 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long lo, hi; - asm( "rdtsc" : "=a" (lo), "=d" (hi) ); + asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); return( lo ); } #endif @@ -96,7 +96,7 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long lo, hi; - asm( "rdtsc" : "=a" (lo), "=d" (hi) ); + asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); return( lo | (hi << 32) ); } #endif @@ -112,9 +112,9 @@ unsigned long hardclock( void ) do { - asm( "mftbu %0" : "=r" (tbu0) ); - asm( "mftb %0" : "=r" (tbl ) ); - asm( "mftbu %0" : "=r" (tbu1) ); + asm volatile( "mftbu %0" : "=r" (tbu0) ); + asm volatile( "mftb %0" : "=r" (tbl ) ); + asm volatile( "mftbu %0" : "=r" (tbu1) ); } while( tbu0 != tbu1 ); @@ -133,7 +133,7 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long tick; - asm( "rdpr %%tick, %0;" : "=&r" (tick) ); + asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) ); return( tick ); } #endif @@ -147,8 +147,8 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long tick; - asm( ".byte 0x83, 0x41, 0x00, 0x00" ); - asm( "mov %%g1, %0" : "=r" (tick) ); + asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" ); + asm volatile( "mov %%g1, %0" : "=r" (tick) ); return( tick ); } #endif @@ -161,7 +161,7 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long cc; - asm( "rpcc %0" : "=r" (cc) ); + asm volatile( "rpcc %0" : "=r" (cc) ); return( cc & 0xFFFFFFFF ); } #endif @@ -174,7 +174,7 @@ unsigned long hardclock( void ) unsigned long hardclock( void ) { unsigned long itc; - asm( "mov %0 = ar.itc" : "=r" (itc) ); + asm volatile( "mov %0 = ar.itc" : "=r" (itc) ); return( itc ); } #endif From 913030c28633b8038ea6c376548f36d463e7503b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2014 10:12:38 +0100 Subject: [PATCH 08/22] Enable SSLv2 testing if OPENSSL_CMD is set --- tests/compat.sh | 7 +++---- tests/ssl-opt.sh | 18 +++++++++++++++--- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index e29d29f9c..8a4a9bf2c 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -5,16 +5,15 @@ # Check each common ciphersuite, with each version, both ways (client/server), # with and without client authentication. +set -u + # test if those two are set in the environment before assigning defaults -if [ -n "$GNUTLS_CLI" -a -n "$GNUTLS_SERV" ]; then +if [ -n "${GNUTLS_CLI:-}" -a -n "${GNUTLS_SERV:-}" ]; then GNUTLS_AVAILABLE=1 else GNUTLS_AVAILABLE=0 fi -# catch undefined variables from now on -set -u - # initialise counters let "tests = 0" let "failed = 0" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 60efe8d83..2a297bd1c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10,6 +10,14 @@ set -u +# test if it is defined from the environment before assining default +# if yes, assume it means it's a build with all the options we need (SSLv2) +if [ -n "${OPENSSL_CMD:-}" ]; then + OPENSSL_OK=1 +else + OPENSSL_OK=0 +fi + # default values, can be overriden by the environment : ${P_SRV:=../programs/ssl/ssl_server2} : ${P_CLI:=../programs/ssl/ssl_client2} @@ -23,7 +31,11 @@ FAILS=0 MEMCHECK=0 FILTER='.*' -EXCLUDE='SSLv2' # disabled by default, needs OpenSSL compiled with SSLv2 +if [ "$OPENSSL_OK" -gt 0 ]; then + EXCLUDE='^$' +else + EXCLUDE='SSLv2' +fi print_usage() { echo "Usage: $0 [options]" @@ -245,6 +257,8 @@ cleanup() { # MAIN # +get_options "$@" + # sanity checks, avoid an avalanche of errors if [ ! -x "$P_SRV" ]; then echo "Command '$P_SRV' is not an executable file" @@ -259,8 +273,6 @@ if which $OPENSSL_CMD >/dev/null 2>&1; then :; else exit 1 fi -get_options "$@" - killall -q openssl ssl_server ssl_server2 trap cleanup INT TERM HUP From c5ce83a3b8a9cf98c5e3e0b4d009839067a8f6d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2014 12:46:44 +0100 Subject: [PATCH 09/22] Improve x509xrite_csr testing: extensions, ECDSA --- tests/data_files/server1.req.cert_type | 17 ++++++++++++ tests/data_files/server1.req.key_usage | 17 ++++++++++++ tests/data_files/server1.req.ku-ct | 17 ++++++++++++ tests/data_files/server5.req.ku.sha1 | 8 ++++++ tests/suites/test_suite_x509write.data | 30 +++++++++++++++++----- tests/suites/test_suite_x509write.function | 8 ++++-- 6 files changed, 88 insertions(+), 9 deletions(-) create mode 100644 tests/data_files/server1.req.cert_type create mode 100644 tests/data_files/server1.req.key_usage create mode 100644 tests/data_files/server1.req.ku-ct create mode 100644 tests/data_files/server5.req.ku.sha1 diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type new file mode 100644 index 000000000..5677f32be --- /dev/null +++ b/tests/data_files/server1.req.cert_type @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV +MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQB95Pkjpg/N +Jbgl5nZcAk8maGMpUFlrhJS4kGutQKZugNX9v8cfABW905IHYXV1dm6zxVcyeqZM +FiOgbV943fu5JbufoazdYXnnR2/iKMigqX4CzZrK3F5ZzegxkfDIfDrn/shC+rWb +SS5WBVLJ3QNj9vwn3/b66IRbp/ViOwHx7+9JT4K/rLId/ynjYf2T57AsmNd/jptc +Zs19fGgtrUXweWkliEZN2zE47Cc53jkx6+Li4TNs4Bjk5P/aXrCP0fBwgGt2K6YW +dQ/nr0PwIbXzVlgUukSTHkJJfhF4Y/WqcUfOPrRdw+zxOLusJ9nzJBR0FOohcBxM +kPBVna0dze/o +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage new file mode 100644 index 000000000..053aed909 --- /dev/null +++ b/tests/data_files/server1.req.key_usage @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP +MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQCj6jCu0wE5OQ1JGQwZ +FNwPqZrvKntSq2yLIbgmGxwlvDLxOzn0KmidSFiKRqh0KXwj9siodlz5C0d9tUqq +7xUXg+j+wDHqUV8zo42Jke+UmWXFPpnXx/fDFGTITdLSn8ZDxkt31ESLTEVZvPFD +odm+C+zWJtKpyL+9op4KvyBQ1MZ9nWZpwMaK4g4mdtOIsz75gMa74w8ZT7VzhGMY +cZGmafsl7x++GDDtf0oCPgrj9xy+Ovv/GyUBaB+6lweflTfPDTRSoN0meFlP5ynF +vqcBM5JKH2FUQIizfc9o6Z8tKxe9FCov3x8szAuoMRA7bjhVngeQIrEkTcaQBvBY +NalC +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct new file mode 100644 index 000000000..0e057d58a --- /dev/null +++ b/tests/data_files/server1.req.ku-ct @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi +MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF +AAOCAQEANlNG9hW852OzVKj2Z8TtU9jxstAoSCH9yc9Coj4Vw2TTjs1zcuBWsMl1 +2bf2I6ZvEH6ZhcQY7i7nyHQyPlqE4l6U9D8ct967QN7smuAHNY2HiQ2++eCBTHck +PdtGJAzIvNlXcoqNi8UC5fGepNtI1usNo41SKMvbg6nGA5gdcQKk7CVlk8lrD0qI +Xn/HvjSRoDE4ZGxAtNvPXWorGSxtgcy8EMPoXVUab5fNt8q//x/NQ4yEQKPrexmR +IuOiQ8VW8QZtkORGpZbGSvskU0WfKANui4zCcXYRc4mVR4Wf0C+fyHeihhjslSnT +RbC7nQn5HSHp31qJlr80QodywaK1Dg== +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1 new file mode 100644 index 000000000..7556d1a05 --- /dev/null +++ b/tests/data_files/server5.req.ku.sha1 @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGjAY +BgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d +Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD +AgHAMAsGByqGSM49BAEFAANIADBFAiBjnnD7nwsFnCL+MpPPFJE3K/Tgj+5rAgXj +e5UejDX2CAIhAKdbigWJL/ZatvG9CFHq7ykrRns2x8JEXehWu8DsXdx9 +-----END CERTIFICATE REQUEST----- diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 1b2754ee5..fdc72322d 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -1,30 +1,46 @@ Certificate Request check Server1 SHA1 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA1:"data_files/server1.req.sha1" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":POLARSSL_MD_SHA1:0:0 Certificate Request check Server1 SHA224 depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA224:"data_files/server1.req.sha224" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":POLARSSL_MD_SHA224:0:0 Certificate Request check Server1 SHA256 depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA256:"data_files/server1.req.sha256" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":POLARSSL_MD_SHA256:0:0 Certificate Request check Server1 SHA384 depends_on:POLARSSL_SHA512_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA384:"data_files/server1.req.sha384" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":POLARSSL_MD_SHA384:0:0 Certificate Request check Server1 SHA512 depends_on:POLARSSL_SHA512_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_SHA512:"data_files/server1.req.sha512" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":POLARSSL_MD_SHA512:0:0 Certificate Request check Server1 MD4 depends_on:POLARSSL_MD4_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_MD4:"data_files/server1.req.md4" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":POLARSSL_MD_MD4:0:0 Certificate Request check Server1 MD5 depends_on:POLARSSL_MD5_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 -x509_csr_check:"data_files/server1.key":POLARSSL_MD_MD5:"data_files/server1.req.md5" +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":POLARSSL_MD_MD5:0:0 + +Certificate Request check Server1 key_usage +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0 + +Certificate Request check Server1 ns_cert_type +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER + +Certificate Request check Server1 key_usage + ns_cert_type +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:NS_CERT_TYPE_SSL_SERVER + +Certificate Request check Server5 ECDSA, key_usage +depends_on:POLARSSL_SHA1_C:POLARSSL_ECDSA_C:POLARSSL_ECDSA_DETERMINISTIC +x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION:0 Certificate write check Server1 SHA1 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ca097e7ad..e2055192a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -11,8 +11,8 @@ */ /* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C:POLARSSL_X509_CSR_WRITE_C */ -void x509_csr_check( char *key_file, int md_type, - char *cert_req_check_file ) +void x509_csr_check( char *key_file, char *cert_req_check_file, + int md_type, int key_usage, int cert_type ) { pk_context key; x509write_csr req; @@ -33,6 +33,10 @@ void x509_csr_check( char *key_file, int md_type, x509write_csr_set_md_alg( &req, md_type ); x509write_csr_set_key( &req, &key ); TEST_ASSERT( x509write_csr_set_subject_name( &req, subject_name ) == 0 ); + if( key_usage != 0 ) + TEST_ASSERT( x509write_csr_set_key_usage( &req, key_usage ) == 0 ); + if( cert_type != 0 ) + TEST_ASSERT( x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = x509write_csr_pem( &req, buf, sizeof(buf), rnd_pseudo_rand, &rnd_info ); From 6c1a73e0613921ea0129acb64c5c81a7c72040a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2014 14:03:22 +0100 Subject: [PATCH 10/22] Improve x509xrite_csr testing: extensions, version --- tests/data_files/server1.v1.crt | 18 ++++++++++++++++++ tests/suites/test_suite_x509write.data | 14 +++++++++++++- tests/suites/test_suite_x509write.function | 20 +++++++++++++++----- 3 files changed, 46 insertions(+), 6 deletions(-) create mode 100644 tests/data_files/server1.v1.crt diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt new file mode 100644 index 000000000..0a4b2a5cc --- /dev/null +++ b/tests/data_files/server1.v1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK +b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd +Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/ +9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u +6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m +OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A== +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index fdc72322d..04a24deb5 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -44,4 +44,16 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSS Certificate write check Server1 SHA1 depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:"data_files/server1.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:-1:"data_files/server1.crt" + +Certificate write check Server1 SHA1, key_usage +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" + +Certificate write check Server1 SHA1, ns_cert_type +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" + +Certificate write check Server1 SHA1, version 1 +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e2055192a..0cea5f949 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -62,7 +62,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, - int md_type, char *cert_check_file ) + int md_type, int key_usage, int cert_type, int ver, + char *cert_check_file ) { pk_context subject_key, issuer_key; x509write_cert crt; @@ -86,7 +87,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 ); x509write_crt_init( &crt ); - x509write_crt_set_serial( &crt, &serial ); + if( ver != -1 ) + x509write_crt_set_version( &crt, ver ); + TEST_ASSERT( x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( x509write_crt_set_validity( &crt, not_before, not_after ) == 0 ); x509write_crt_set_md_alg( &crt, md_type ); @@ -95,9 +98,16 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, x509write_crt_set_subject_key( &crt, &subject_key ); x509write_crt_set_issuer_key( &crt, &issuer_key ); - TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); - TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 ); - TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 ); + if( crt.version >= X509_CRT_VERSION_3 ) + { + TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); + TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 ); + TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 ); + if( key_usage != 0 ) + TEST_ASSERT( x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); + if( cert_type != 0 ) + TEST_ASSERT( x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); + } ret = x509write_crt_pem( &crt, buf, sizeof(buf), rnd_pseudo_rand, &rnd_info ); From 7afdb88216957dae57e80c0c255b3638b52fae17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2014 16:06:35 +0100 Subject: [PATCH 11/22] Test and fix x509_oid functions --- ChangeLog | 2 + include/polarssl/error.h | 2 +- include/polarssl/oid.h | 4 +- include/polarssl/x509.h | 6 ++- library/error.c | 2 + library/oid.c | 10 ++--- tests/suites/test_suite_x509parse.data | 24 ++++++++++ tests/suites/test_suite_x509parse.function | 51 ++++++++++++++++++++++ 8 files changed, 91 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4e2d97be5..b9d44d94f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,8 @@ Bugfix Gergely Budai). * Fix #include path in ecdsa.h which wasn't accepted by some compilers. (found by Gergely Budai) + * oid_get_numeric_string() used to truncate the output without returning an + error if the output buffer was just 1 byte too small. = PolarSSL 1.3.5 released on 2014-03-26 Features diff --git a/include/polarssl/error.h b/include/polarssl/error.h index feba67ba1..23c0ed704 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -60,7 +60,7 @@ * CAMELLIA 2 0x0024-0x0026 * XTEA 1 0x0028-0x0028 * BASE64 2 0x002A-0x002C - * OID 1 0x002E-0x002E + * OID 1 0x002E-0x002E 0x000B-0x000B * PADLOCK 1 0x0030-0x0030 * DES 1 0x0032-0x0032 * CTR_DBRG 4 0x0034-0x003A diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h index 2470d5e1d..0c471c545 100644 --- a/include/polarssl/oid.h +++ b/include/polarssl/oid.h @@ -44,6 +44,7 @@ #endif #define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */ +#define POLARSSL_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */ /* * Top level OID tuples @@ -376,7 +377,8 @@ typedef struct { * \param size size of the buffer * \param oid OID to translate * - * \return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL or actual length used + * \return Length of the string written (excluding final NULL) or + * POLARSSL_ERR_OID_BUF_TO_SMALL in case of error */ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid ); diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index ad8049a0e..003154bf1 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -212,6 +212,8 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial ); /** * \brief Give an known OID, return its descriptive string. + * (Deprecated. Use oid_get_extended_key_usage() instead.) + * Warning: only works for extended_key_usage OIDs! * * \param oid buffer containing the oid * @@ -228,8 +230,8 @@ const char *x509_oid_get_description( x509_buf *oid ); * \param size Maximum size of buffer * \param oid Buffer containing the OID * - * \return The amount of data written to the buffer, or -1 in - * case of an error. + * \return Length of the string written (exluding final NULL) or + * POLARSSL_ERR_OID_BUF_TO_SMALL in case of error */ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ); diff --git a/library/error.c b/library/error.c index 9980a9100..2ca755c64 100644 --- a/library/error.c +++ b/library/error.c @@ -655,6 +655,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) #if defined(POLARSSL_OID_C) if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) ) snprintf( buf, buflen, "OID - OID is not found" ); + if( use_ret == -(POLARSSL_ERR_OID_BUF_TOO_SMALL) ) + snprintf( buf, buflen, "OID - output buffer is too small" ); #endif /* POLARSSL_OID_C */ #if defined(POLARSSL_PADLOCK_C) diff --git a/library/oid.c b/library/oid.c index f943c6d34..a2b929b3d 100644 --- a/library/oid.c +++ b/library/oid.c @@ -590,16 +590,14 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...) #define snprintf compat_snprintf #endif -#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2 - #define SAFE_SNPRINTF() \ { \ if( ret == -1 ) \ - return( -1 ); \ + return POLARSSL_ERR_OID_BUF_TOO_SMALL; \ \ - if ( (unsigned int) ret > n ) { \ + if ( (unsigned int) ret >= n ) { \ p[n - 1] = '\0'; \ - return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\ + return POLARSSL_ERR_OID_BUF_TOO_SMALL; \ } \ \ n -= (unsigned int) ret; \ @@ -630,7 +628,7 @@ int oid_get_numeric_string( char *buf, size_t size, { /* Prevent overflow in value. */ if ( ( ( value << 7 ) >> 7 ) != value ) - return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); + return( POLARSSL_ERR_OID_BUF_TOO_SMALL ); value <<= 7; value += oid->p[i] & 0x7F; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 03caa74cf..ef9a331f5 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -802,3 +802,27 @@ x509_crt_parse_path:"data_files/dir2":0:2 X509 CRT parse path #4 (two certs, one non-cert) depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED x509_crt_parse_path:"data_files/dir3":1:2 + +X509 OID description #1 +x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" + +X509 OID description #2 +x509_oid_desc:"2B0601050507030f":"notfound" + +X509 OID description #3 +x509_oid_desc:"2B0601050507030100":"notfound" + +X509 OID numstring #1 (wide buffer) +x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":20:17 + +X509 OID numstring #2 (buffer just fits) +x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":18:17 + +X509 OID numstring #3 (buffer too small) +x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":17:POLARSSL_ERR_OID_BUF_TOO_SMALL + +X509 OID numstring #4 (larger number) +x509_oid_numstr:"2A864886F70D":"1.2.840.113549":15:14 + +X509 OID numstring #5 (arithmetic overflow) +x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:POLARSSL_ERR_OID_BUF_TOO_SMALL diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 863823545..effa4cc30 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -265,6 +265,57 @@ void x509_crt_parse_path( char *crt_path, int ret, int nb_crt ) } /* END_CASE */ +/* BEGIN_CASE */ +void x509_oid_desc( char *oid_str, char *ref_desc ) +{ + x509_buf oid; + const char *desc; + unsigned char buf[20]; + + memset( buf, 0, sizeof buf ); + + oid.tag = ASN1_OID; + oid.len = unhexify( buf, oid_str ); + oid.p = buf; + + desc = x509_oid_get_description( &oid ); + + if( strcmp( ref_desc, "notfound" ) == 0 ) + TEST_ASSERT( desc == NULL ); + else + { + TEST_ASSERT( desc != NULL ); + TEST_ASSERT( strcmp( desc, ref_desc ) == 0 ); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret ) +{ + x509_buf oid; + unsigned char oid_buf[20]; + char num_buf[100]; + + memset( oid_buf, 0x00, sizeof oid_buf ); + memset( num_buf, 0x2a, sizeof num_buf ); + + oid.tag = ASN1_OID; + oid.len = unhexify( oid_buf, oid_str ); + oid.p = oid_buf; + + TEST_ASSERT( (size_t) blen <= sizeof num_buf ); + + TEST_ASSERT( x509_oid_get_numeric_string( num_buf, blen, &oid ) == ret ); + + if( ret >= 0 ) + { + TEST_ASSERT( num_buf[ret] == 0 ); + TEST_ASSERT( strcmp( num_buf, numstr ) == 0 ); + } +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_SELF_TEST */ void x509_selftest() { From 58319e7f5caa8df68f50a5416c29ba8090d758fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 14:05:06 +0100 Subject: [PATCH 12/22] Test mdX_hmax_reset() functions --- tests/suites/test_suite_mdx.function | 152 ++++++++++++++++++++++++--- 1 file changed, 136 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 6b21b2d20..0676d8200 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -94,18 +94,48 @@ void md2_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, unsigned char hash_str[33]; unsigned char output[16]; int key_len, src_len; + md2_context ctx; memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); - memset( hash_str, 0x00, sizeof hash_str ); - memset( output, 0x00, sizeof output ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - md2_hmac( key_str, key_len, src_str, src_len, output ); - hexify( hash_str, output, sizeof output ); + /* Test the all-in-one interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + md2_hmac( key_str, key_len, src_str, src_len, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + md2_hmac_starts( &ctx, key_str, key_len ); + md2_hmac_update( &ctx, src_str, 0 ); + md2_hmac_update( &ctx, src_str, src_len / 2 ); + md2_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + md2_hmac_update( &ctx, src_str + src_len, 0 ); + md2_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + md2_hmac_reset( &ctx ); + md2_hmac_update( &ctx, src_str, src_len / 2 ); + md2_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + md2_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -119,18 +149,48 @@ void md4_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, unsigned char hash_str[33]; unsigned char output[16]; int key_len, src_len; + md4_context ctx; memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); - memset( hash_str, 0x00, sizeof hash_str ); - memset( output, 0x00, sizeof output ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - md4_hmac( key_str, key_len, src_str, src_len, output ); - hexify( hash_str, output, sizeof output ); + /* Test the all-in-one interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + md4_hmac( key_str, key_len, src_str, src_len, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + md4_hmac_starts( &ctx, key_str, key_len ); + md4_hmac_update( &ctx, src_str, 0 ); + md4_hmac_update( &ctx, src_str, src_len / 2 ); + md4_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + md4_hmac_update( &ctx, src_str + src_len, 0 ); + md4_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + md4_hmac_reset( &ctx ); + md4_hmac_update( &ctx, src_str, src_len / 2 ); + md4_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + md4_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -144,18 +204,48 @@ void md5_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, unsigned char hash_str[33]; unsigned char output[16]; int key_len, src_len; + md5_context ctx; memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); - memset( hash_str, 0x00, sizeof hash_str ); - memset( output, 0x00, sizeof output ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - md5_hmac( key_str, key_len, src_str, src_len, output ); - hexify( hash_str, output, sizeof output ); + /* Test the all-in-one interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + md5_hmac( key_str, key_len, src_str, src_len, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + md5_hmac_starts( &ctx, key_str, key_len ); + md5_hmac_update( &ctx, src_str, 0 ); + md5_hmac_update( &ctx, src_str, src_len / 2 ); + md5_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + md5_hmac_update( &ctx, src_str + src_len, 0 ); + md5_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + md5_hmac_reset( &ctx ); + md5_hmac_update( &ctx, src_str, src_len / 2 ); + md5_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + md5_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -169,18 +259,48 @@ void ripemd160_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, unsigned char hash_str[41]; unsigned char output[20]; int key_len, src_len; + ripemd160_context ctx; memset( src_str, 0x00, sizeof src_str ); memset( key_str, 0x00, sizeof key_str ); - memset( hash_str, 0x00, sizeof hash_str ); - memset( output, 0x00, sizeof output ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - ripemd160_hmac( key_str, key_len, src_str, src_len, output ); - hexify( hash_str, output, sizeof output ); + /* Test the all-in-one interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + ripemd160_hmac( key_str, key_len, src_str, src_len, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + ripemd160_hmac_starts( &ctx, key_str, key_len ); + ripemd160_hmac_update( &ctx, src_str, 0 ); + ripemd160_hmac_update( &ctx, src_str, src_len / 2 ); + ripemd160_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + ripemd160_hmac_update( &ctx, src_str + src_len, 0 ); + ripemd160_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + ripemd160_hmac_reset( &ctx ); + ripemd160_hmac_update( &ctx, src_str, src_len / 2 ); + ripemd160_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + ripemd160_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ From 59ba4e983b5a51e87ba86d0ed835b3850a0305cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 14:43:44 +0100 Subject: [PATCH 13/22] Test generic md_hmac_reset() --- tests/suites/test_suite_md.function | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index c972cc2cf..502df4533 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -197,11 +197,23 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, TEST_ASSERT ( ctx.md_ctx != NULL ); TEST_ASSERT ( 0 == md_hmac_update( &ctx, src_str, src_len ) ); TEST_ASSERT ( 0 == md_hmac_finish( &ctx, output ) ); + + hexify( hash_str, output, md_get_size(md_info) ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Test again, for reset() */ + memset(hash_str, 0x00, 10000); + memset(output, 0x00, 100); + + TEST_ASSERT ( 0 == md_hmac_reset( &ctx ) ); + TEST_ASSERT ( 0 == md_hmac_update( &ctx, src_str, src_len ) ); + TEST_ASSERT ( 0 == md_hmac_finish( &ctx, output ) ); TEST_ASSERT ( 0 == md_free_ctx( &ctx ) ); hexify( hash_str, output, md_get_size(md_info) ); - TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + TEST_ASSERT ( 0 == md_free_ctx( &ctx ) ); } /* END_CASE */ From 5819db1384cda3897eb9eb41b479d99fc825caa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 15:10:29 +0100 Subject: [PATCH 14/22] Test RIPEMD160 via MD layer more completely --- tests/suites/test_suite_md.data | 130 +++++++++++++++++++++++--------- 1 file changed, 95 insertions(+), 35 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index cc1851cd8..349e18fc0 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -82,35 +82,35 @@ generic md5 Test vector RFC1321 #7 depends_on:POLARSSL_MD5_C md_text:"md5":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"57edf4a22be3c955ac49da2e2107b67a" -ripemd160 Test vector from paper #1 +generic ripemd160 Test vector from paper #1 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"":"9c1185a5c5e9fc54612808977ee8f548b2258d31" -ripemd160 Test vector from paper #2 +generic ripemd160 Test vector from paper #2 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"a":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe" -ripemd160 Test vector from paper #3 +generic ripemd160 Test vector from paper #3 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"abc":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc" -ripemd160 Test vector from paper #4 +generic ripemd160 Test vector from paper #4 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"message digest":"5d0689ef49d2fae572b881b123a85ffa21595f36" -ripemd160 Test vector from paper #5 +generic ripemd160 Test vector from paper #5 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"abcdefghijklmnopqrstuvwxyz":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc" -ripemd160 Test vector from paper #6 +generic ripemd160 Test vector from paper #6 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq":"12a053384a9c0c88e405a06c27dcf49ada62eb2b" -ripemd160 Test vector from paper #7 +generic ripemd160 Test vector from paper #7 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"b0e20b6e3116640286ed3a87a5713079b21f5189" -ripemd160 Test vector from paper #8 +generic ripemd160 Test vector from paper #8 depends_on:POLARSSL_RIPEMD160_C md_text:"ripemd160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" @@ -178,31 +178,31 @@ generic HMAC-MD5 Test Vector RFC2202 #7 depends_on:POLARSSL_MD5_C md_hmac:"md5":16:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"6f630fad67cda0ee1fb1f562db3aa53e" -HMAC-RIPEMD160 Test vector RFC 2286 #1 +generic HMAC-RIPEMD160 Test vector RFC 2286 #1 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668" -HMAC-RIPEMD160 Test vector RFC 2286 #2 +generic HMAC-RIPEMD160 Test vector RFC 2286 #2 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"4a656665":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"dda6c0213a485a9e24f4742064a7f033b43c4069" -HMAC-RIPEMD160 Test vector RFC 2286 #3 +generic HMAC-RIPEMD160 Test vector RFC 2286 #3 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"b0b105360de759960ab4f35298e116e295d8e7c1" -HMAC-RIPEMD160 Test vector RFC 2286 #4 +generic HMAC-RIPEMD160 Test vector RFC 2286 #4 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"0102030405060708090a0b0c0d0e0f10111213141516171819":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4" -HMAC-RIPEMD160 Test vector RFC 2286 #5 +generic HMAC-RIPEMD160 Test vector RFC 2286 #5 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"546573742057697468205472756e636174696f6e":"7619693978f91d90539ae786500ff3d8e0518e39" -HMAC-RIPEMD160 Test vector RFC 2286 #6 +generic HMAC-RIPEMD160 Test vector RFC 2286 #6 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"6466ca07ac5eac29e1bd523e5ada7605b791fd8b" -HMAC-RIPEMD160 Test vector RFC 2286 #7 +generic HMAC-RIPEMD160 Test vector RFC 2286 #7 depends_on:POLARSSL_RIPEMD160_C md_hmac:"ripemd160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a" @@ -290,6 +290,38 @@ generic multi step md5 Test vector RFC1321 #7 depends_on:POLARSSL_MD5_C md_text_multi:"md5":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"57edf4a22be3c955ac49da2e2107b67a" +generic multi step ripemd160 Test vector from paper #1 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"":"9c1185a5c5e9fc54612808977ee8f548b2258d31" + +generic multi step ripemd160 Test vector from paper #2 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"a":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe" + +generic multi step ripemd160 Test vector from paper #3 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"abc":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc" + +generic multi step ripemd160 Test vector from paper #4 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"message digest":"5d0689ef49d2fae572b881b123a85ffa21595f36" + +generic multi step ripemd160 Test vector from paper #5 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"abcdefghijklmnopqrstuvwxyz":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc" + +generic multi step ripemd160 Test vector from paper #6 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq":"12a053384a9c0c88e405a06c27dcf49ada62eb2b" + +generic multi step ripemd160 Test vector from paper #7 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"b0e20b6e3116640286ed3a87a5713079b21f5189" + +generic multi step ripemd160 Test vector from paper #8 +depends_on:POLARSSL_RIPEMD160_C +md_text_multi:"ripemd160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" + generic multi step HMAC-MD2 Hash File OpenSSL test #1 depends_on:POLARSSL_MD2_C md_hmac_multi:"md2":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d5732582f494f5ddf35efd166c85af9c" @@ -354,6 +386,34 @@ generic multi step HMAC-MD5 Test Vector RFC2202 #7 depends_on:POLARSSL_MD5_C md_hmac_multi:"md5":16:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"6f630fad67cda0ee1fb1f562db3aa53e" +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #1 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668" + +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #2 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"4a656665":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"dda6c0213a485a9e24f4742064a7f033b43c4069" + +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #3 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"b0b105360de759960ab4f35298e116e295d8e7c1" + +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #4 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"0102030405060708090a0b0c0d0e0f10111213141516171819":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4" + +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #5 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"546573742057697468205472756e636174696f6e":"7619693978f91d90539ae786500ff3d8e0518e39" + +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #6 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"6466ca07ac5eac29e1bd523e5ada7605b791fd8b" + +generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #7 +depends_on:POLARSSL_RIPEMD160_C +md_hmac_multi:"ripemd160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a" + generic MD2 Hash file #1 depends_on:POLARSSL_MD2_C md_file:"md2":"data_files/hash_file_1":"b593c098712d2e21628c8986695451a8" @@ -402,6 +462,26 @@ generic MD5 Hash file #4 depends_on:POLARSSL_MD5_C md_file:"md5":"data_files/hash_file_4":"d41d8cd98f00b204e9800998ecf8427e" +generic RIPEMD160 Hash file #0 (from paper) +depends_on:POLARSSL_RIPEMD160_C +md_file:"ripemd160":"data_files/hash_file_5":"52783243c1697bdbe16d37f97f68f08325dc1528" + +generic RIPEMD160 Hash file #1 +depends_on:POLARSSL_RIPEMD160_C +md_file:"ripemd160":"data_files/hash_file_1":"82f1d072f0ec0c2b353703a7b575a04c113af1a6" + +generic RIPEMD160 Hash file #2 +depends_on:POLARSSL_RIPEMD160_C +md_file:"ripemd160":"data_files/hash_file_2":"996fbc8b79206ba7393ebcd246584069b1c08f0f" + +generic RIPEMD160 Hash file #3 +depends_on:POLARSSL_RIPEMD160_C +md_file:"ripemd160":"data_files/hash_file_3":"8653b46d65998fa8c8846efa17937e742533ae48" + +generic RIPEMD160 Hash file #4 +depends_on:POLARSSL_RIPEMD160_C +md_file:"ripemd160":"data_files/hash_file_4":"9c1185a5c5e9fc54612808977ee8f548b2258d31" + generic HMAC-SHA-1 Test Vector FIPS-198a #1 depends_on:POLARSSL_SHA1_C md_hmac:"sha1":20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65202331":"4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a" @@ -1010,26 +1090,6 @@ generic multi step SHA-512 Test Vector NIST CAVS #8 depends_on:POLARSSL_SHA512_C md_hex_multi:"sha512":"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9" -RIPEMD160 Hash file #0 (from paper) -depends_on:POLARSSL_RIPEMD160_C -md_file:"ripemd160":"data_files/hash_file_5":"52783243c1697bdbe16d37f97f68f08325dc1528" - -RIPEMD160 Hash file #1 -depends_on:POLARSSL_RIPEMD160_C -md_file:"ripemd160":"data_files/hash_file_1":"82f1d072f0ec0c2b353703a7b575a04c113af1a6" - -RIPEMD160 Hash file #2 -depends_on:POLARSSL_RIPEMD160_C -md_file:"ripemd160":"data_files/hash_file_2":"996fbc8b79206ba7393ebcd246584069b1c08f0f" - -RIPEMD160 Hash file #3 -depends_on:POLARSSL_RIPEMD160_C -md_file:"ripemd160":"data_files/hash_file_3":"8653b46d65998fa8c8846efa17937e742533ae48" - -RIPEMD160 Hash file #4 -depends_on:POLARSSL_RIPEMD160_C -md_file:"ripemd160":"data_files/hash_file_4":"9c1185a5c5e9fc54612808977ee8f548b2258d31" - generic SHA1 Hash file #1 depends_on:POLARSSL_SHA1_C md_file:"sha1":"data_files/hash_file_1":"d21c965b1e768bd7a6aa6869f5f821901d255f9f" From f3013830cc43d57bbcefb546c55a810a96a02c5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 15:54:50 +0100 Subject: [PATCH 15/22] Tests for MD info functions --- tests/suites/test_suite_md.data | 39 +++++++++++++++++++++++++++++ tests/suites/test_suite_md.function | 31 +++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 349e18fc0..cb0281488 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,3 +1,42 @@ +MD list +md_list: + +Information on MD2 +depends_on:POLARSSL_MD2_C +md_info:POLARSSL_MD_MD2:"MD2":16 + +Information on MD4 +depends_on:POLARSSL_MD4_C +md_info:POLARSSL_MD_MD4:"MD4":16 + +Information on MD5 +depends_on:POLARSSL_MD5_C +md_info:POLARSSL_MD_MD5:"MD5":16 + +Information on RIPEMD160 +depends_on:POLARSSL_RIPEMD160_C +md_info:POLARSSL_MD_RIPEMD160:"RIPEMD160":20 + +Information on SHA1 +depends_on:POLARSSL_SHA1_C +md_info:POLARSSL_MD_SHA1:"SHA1":20 + +Information on SHA224 +depends_on:POLARSSL_SHA256_C +md_info:POLARSSL_MD_SHA224:"SHA224":28 + +Information on SHA256 +depends_on:POLARSSL_SHA256_C +md_info:POLARSSL_MD_SHA256:"SHA256":32 + +Information on SHA384 +depends_on:POLARSSL_SHA512_C +md_info:POLARSSL_MD_SHA384:"SHA384":48 + +Information on SHA512 +depends_on:POLARSSL_SHA512_C +md_info:POLARSSL_MD_SHA512:"SHA512":64 + generic md2 Test vector RFC1319 #1 depends_on:POLARSSL_MD2_C md_text:"md2":"":"8350e5a3e24c153df2275c9f80692773" diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 502df4533..1931154b1 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -7,6 +7,37 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void md_list( ) +{ + const int *md_type_ptr; + + for( md_type_ptr = md_list(); *md_type_ptr != 0; md_type_ptr++ ) + TEST_ASSERT( md_info_from_type( *md_type_ptr ) != NULL ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void md_info( int md_type, char *md_name, int md_size ) +{ + const md_info_t *md_info; + const int *md_type_ptr; + int found; + + TEST_ASSERT( ( md_info = md_info_from_type( md_type ) ) != NULL ); + TEST_ASSERT( md_info == md_info_from_string( md_name ) ); + + TEST_ASSERT( md_get_type( md_info ) == (md_type_t) md_type ); + TEST_ASSERT( md_get_size( md_info ) == (unsigned char) md_size ); + + found = 0; + for( md_type_ptr = md_list(); *md_type_ptr != 0; md_type_ptr++ ) + if( *md_type_ptr == md_type ) + found = 1; + TEST_ASSERT( found == 1 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void md_text( char *text_md_name, char *text_src_string, char *hex_hash_string ) { From 66dfc5a68934ca3d2b6dd6f3dc40a8cde11419e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 16:10:55 +0100 Subject: [PATCH 16/22] Add test for cipher_list() --- tests/suites/test_suite_cipher.function | 10 ++++++++++ tests/suites/test_suite_cipher.padding.data | 3 +++ 2 files changed, 13 insertions(+) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index b8f1df3d9..c39da5b3f 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -11,6 +11,16 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void cipher_list( ) +{ + const int *cipher_type; + + for( cipher_type = cipher_list(); *cipher_type != 0; cipher_type++ ) + TEST_ASSERT( cipher_info_from_type( *cipher_type ) != NULL ); +} +/* END_CASE */ + /* BEGIN_CASE */ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len, int length_val, int pad_mode ) diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data index 8776a2852..702c88ff7 100644 --- a/tests/suites/test_suite_cipher.padding.data +++ b/tests/suites/test_suite_cipher.padding.data @@ -1,3 +1,6 @@ +Cipher list +cipher_list: + Set padding with AES-CBC depends_on:POLARSSL_AES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_CIPHER_PADDING_PKCS7 set_padding:POLARSSL_CIPHER_AES_128_CBC:POLARSSL_PADDING_PKCS7:0 From 3fec220a33bf86c201074f5da86da385c698b01a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 16:42:38 +0100 Subject: [PATCH 17/22] Add test for dhm_parse_dhmfile --- ChangeLog | 1 + library/dhm.c | 2 ++ tests/data_files/dhparams.pem | 5 +++++ tests/suites/test_suite_dhm.data | 3 +++ tests/suites/test_suite_dhm.function | 23 +++++++++++++++++++++++ 5 files changed, 34 insertions(+) create mode 100644 tests/data_files/dhparams.pem diff --git a/ChangeLog b/ChangeLog index b9d44d94f..01c9c876b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ Bugfix (found by Gergely Budai) * oid_get_numeric_string() used to truncate the output without returning an error if the output buffer was just 1 byte too small. + * dhm_parse_dhm() (hence dhm_parse_dhmfile()) did not set dhm->len. = PolarSSL 1.3.5 released on 2014-03-26 Features diff --git a/library/dhm.c b/library/dhm.c index 8bc9f0e34..406404aea 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -460,6 +460,8 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ret = 0; + dhm->len = mpi_size( &dhm->P ); + exit: #if defined(POLARSSL_PEM_PARSE_C) pem_free( &pem ); diff --git a/tests/data_files/dhparams.pem b/tests/data_files/dhparams.pem new file mode 100644 index 000000000..7ce05f0c0 --- /dev/null +++ b/tests/data_files/dhparams.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh +1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32 +9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC +-----END DH PARAMETERS----- diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index aecbfc5c9..57db3dbc9 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -7,5 +7,8 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622" Diffie-Hellman full exchange #3 dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271" +Diffie-Hallman load parameters from file +dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128 + Diffie-Hellman selftest dhm_selftest: diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index d66998ffe..b0df9fdbb 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -97,6 +97,29 @@ void dhm_do_dhm( int radix_P, char *input_P, } /* END_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_FS_IO */ +void dhm_file( char *filename, char *p, char *g, int len ) +{ + dhm_context ctx; + mpi P, G; + + memset( &ctx, 0, sizeof ctx ); + mpi_init( &P ); mpi_init( &G ); + + TEST_ASSERT( mpi_read_string( &P, 16, p ) == 0 ); + TEST_ASSERT( mpi_read_string( &G, 16, g ) == 0 ); + + TEST_ASSERT( dhm_parse_dhmfile( &ctx, filename ) == 0 ); + + TEST_ASSERT( ctx.len == (size_t) len ); + TEST_ASSERT( mpi_cmp_mpi( &ctx.P, &P ) == 0 ); + TEST_ASSERT( mpi_cmp_mpi( &ctx.G, &G ) == 0 ); + + mpi_free( &P ); mpi_free( &G ); + dhm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:POLARSSL_SELF_TEST */ void dhm_selftest() { From 9ce7e8414a2afd8c2e0626a5406d1811ec1842f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 29 Mar 2014 17:06:43 +0100 Subject: [PATCH 18/22] Add test for des_key_check_weak() --- tests/suites/test_suite_des.data | 12 ++++++++++++ tests/suites/test_suite_des.function | 13 +++++++++++++ 2 files changed, 25 insertions(+) diff --git a/tests/suites/test_suite_des.data b/tests/suites/test_suite_des.data index 729164905..559d5de8e 100644 --- a/tests/suites/test_suite_des.data +++ b/tests/suites/test_suite_des.data @@ -1,3 +1,15 @@ +DES check weak key #1 +des_check_weak:"0101010101010101":1 + +DES check weak key #2 +des_check_weak:"FEE0FEE0FEF1FEF1":1 + +DES check weak key #3 +des_check_weak:"0101010101010100":0 + +DES check weak key #4 +des_check_weak:"EEE0FEE0FEF1FEF1":0 + DES Encrypt OpenSSL Test Vector #1 des_encrypt_ecb:"0000000000000000":"0000000000000000":"8CA64DE9C1B123A7" diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index ee327c917..d5d0f11ed 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -7,6 +7,19 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void des_check_weak( char *key_hex, int ret ) +{ + unsigned char key[DES_KEY_SIZE]; + + memset( key, 0, sizeof key ); + + unhexify( key, key_hex ); + + TEST_ASSERT( des_key_check_weak( key ) == ret ); +} +/* END_CASE */ + /* BEGIN_CASE */ void des_encrypt_ecb( char *hex_key_string, char *hex_src_string, char *hex_dst_string ) From f8708ddc950431bd9bc6e73b523925ddc316d073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Apr 2014 17:17:19 +0200 Subject: [PATCH 19/22] Also test shax_hmac_reset in test_suite_hmac_shax --- tests/suites/test_suite_hmac_shax.function | 230 +++++++++++++++++---- 1 file changed, 190 insertions(+), 40 deletions(-) diff --git a/tests/suites/test_suite_hmac_shax.function b/tests/suites/test_suite_hmac_shax.function index 4a1532266..d65437b0e 100644 --- a/tests/suites/test_suite_hmac_shax.function +++ b/tests/suites/test_suite_hmac_shax.function @@ -10,21 +10,51 @@ void sha1_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, { unsigned char src_str[10000]; unsigned char key_str[10000]; - unsigned char hash_str[10000]; - unsigned char output[41]; + unsigned char hash_str[41]; + unsigned char output[20]; int key_len, src_len; + sha1_context ctx; - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 41); + memset(src_str, 0x00, sizeof src_str); + memset(key_str, 0x00, sizeof key_str); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - sha1_hmac( key_str, key_len, src_str, src_len, output ); - hexify( hash_str, output, 20 ); + /* Test the all-in-one interface */ + memset(hash_str, 0x00, sizeof hash_str); + memset(output, 0x00, sizeof output); + sha1_hmac( key_str, key_len, src_str, src_len, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + sha1_hmac_starts( &ctx, key_str, key_len ); + sha1_hmac_update( &ctx, src_str, 0 ); + sha1_hmac_update( &ctx, src_str, src_len / 2 ); + sha1_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha1_hmac_update( &ctx, src_str + src_len, 0 ); + sha1_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + sha1_hmac_reset( &ctx ); + sha1_hmac_update( &ctx, src_str, src_len / 2 ); + sha1_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha1_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -35,21 +65,51 @@ void sha224_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, { unsigned char src_str[10000]; unsigned char key_str[10000]; - unsigned char hash_str[10000]; - unsigned char output[57]; + unsigned char hash_str[57]; + unsigned char output[28]; int key_len, src_len; + sha256_context ctx; - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 57); + memset(src_str, 0x00, sizeof src_str); + memset(key_str, 0x00, sizeof key_str); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - sha256_hmac( key_str, key_len, src_str, src_len, output, 1 ); - hexify( hash_str, output, 28 ); + /* Test the all-in-one interface */ + memset(hash_str, 0x00, sizeof hash_str); + memset(output, 0x00, sizeof output); + sha256_hmac( key_str, key_len, src_str, src_len, output, 1 ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + sha256_hmac_starts( &ctx, key_str, key_len, 1 ); + sha256_hmac_update( &ctx, src_str, 0 ); + sha256_hmac_update( &ctx, src_str, src_len / 2 ); + sha256_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha256_hmac_update( &ctx, src_str + src_len, 0 ); + sha256_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + sha256_hmac_reset( &ctx ); + sha256_hmac_update( &ctx, src_str, src_len / 2 ); + sha256_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha256_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -60,21 +120,51 @@ void sha256_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, { unsigned char src_str[10000]; unsigned char key_str[10000]; - unsigned char hash_str[10000]; - unsigned char output[65]; + unsigned char hash_str[65]; + unsigned char output[32]; int key_len, src_len; + sha256_context ctx; - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 65); + memset(src_str, 0x00, sizeof src_str); + memset(key_str, 0x00, sizeof key_str); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - sha256_hmac( key_str, key_len, src_str, src_len, output, 0 ); - hexify( hash_str, output, 32 ); + /* Test the all-in-one interface */ + memset(hash_str, 0x00, sizeof hash_str); + memset(output, 0x00, sizeof output); + sha256_hmac( key_str, key_len, src_str, src_len, output, 0 ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + sha256_hmac_starts( &ctx, key_str, key_len, 0 ); + sha256_hmac_update( &ctx, src_str, 0 ); + sha256_hmac_update( &ctx, src_str, src_len / 2 ); + sha256_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha256_hmac_update( &ctx, src_str + src_len, 0 ); + sha256_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + sha256_hmac_reset( &ctx ); + sha256_hmac_update( &ctx, src_str, src_len / 2 ); + sha256_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha256_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -85,21 +175,51 @@ void sha384_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, { unsigned char src_str[10000]; unsigned char key_str[10000]; - unsigned char hash_str[10000]; - unsigned char output[97]; + unsigned char hash_str[97]; + unsigned char output[48]; int key_len, src_len; + sha512_context ctx; - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 97); + memset(src_str, 0x00, sizeof src_str); + memset(key_str, 0x00, sizeof key_str); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - sha512_hmac( key_str, key_len, src_str, src_len, output, 1 ); - hexify( hash_str, output, 48 ); + /* Test the all-in-one interface */ + memset(hash_str, 0x00, sizeof hash_str); + memset(output, 0x00, sizeof output); + sha512_hmac( key_str, key_len, src_str, src_len, output, 1 ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + sha512_hmac_starts( &ctx, key_str, key_len, 1 ); + sha512_hmac_update( &ctx, src_str, 0 ); + sha512_hmac_update( &ctx, src_str, src_len / 2 ); + sha512_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha512_hmac_update( &ctx, src_str + src_len, 0 ); + sha512_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + sha512_hmac_reset( &ctx ); + sha512_hmac_update( &ctx, src_str, src_len / 2 ); + sha512_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha512_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ @@ -110,21 +230,51 @@ void sha512_hmac( int trunc_size, char *hex_key_string, char *hex_src_string, { unsigned char src_str[10000]; unsigned char key_str[10000]; - unsigned char hash_str[10000]; - unsigned char output[129]; + unsigned char hash_str[129]; + unsigned char output[64]; int key_len, src_len; + sha512_context ctx; - memset(src_str, 0x00, 10000); - memset(key_str, 0x00, 10000); - memset(hash_str, 0x00, 10000); - memset(output, 0x00, 129); + memset(src_str, 0x00, sizeof src_str); + memset(key_str, 0x00, sizeof key_str); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); - sha512_hmac( key_str, key_len, src_str, src_len, output, 0 ); - hexify( hash_str, output, 64 ); + /* Test the all-in-one interface */ + memset(hash_str, 0x00, sizeof hash_str); + memset(output, 0x00, sizeof output); + sha512_hmac( key_str, key_len, src_str, src_len, output, 0 ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Also test the "streaming" interface */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + memset( &ctx, 0x00, sizeof ctx ); + + sha512_hmac_starts( &ctx, key_str, key_len, 0 ); + sha512_hmac_update( &ctx, src_str, 0 ); + sha512_hmac_update( &ctx, src_str, src_len / 2 ); + sha512_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha512_hmac_update( &ctx, src_str + src_len, 0 ); + sha512_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); + TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); + + /* Again, to test hmac_reset() */ + memset( hash_str, 0x00, sizeof hash_str ); + memset( output, 0x00, sizeof output ); + + sha512_hmac_reset( &ctx ); + sha512_hmac_update( &ctx, src_str, src_len / 2 ); + sha512_hmac_update( &ctx, src_str + src_len / 2, src_len - src_len / 2 ); + sha512_hmac_finish( &ctx, output ); + + hexify( hash_str, output, sizeof output ); TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 ); } /* END_CASE */ From edb242fb2f07ea386bc04a166b66b3bd5b223fab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Apr 2014 17:52:04 +0200 Subject: [PATCH 20/22] Minimally test md_process and associated wrappers --- tests/suites/test_suite_md.data | 4 ++-- tests/suites/test_suite_md.function | 22 ++++++++++++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index cb0281488..bd25a5353 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,5 +1,5 @@ -MD list -md_list: +MD process +md_process: Information on MD2 depends_on:POLARSSL_MD2_C diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 1931154b1..4b5921f7c 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -8,12 +8,30 @@ */ /* BEGIN_CASE */ -void md_list( ) +void md_process( ) { const int *md_type_ptr; + const md_info_t *info; + md_context_t ctx; + unsigned char buf[150]; + memset( &ctx, 0, sizeof ctx ); + + /* + * Very minimal testing of md_process, just make sure the various + * xxx_process_wrap() function pointers are valid. (Testing that they + * indeed do the right thing whould require messing with the internal + * state of the underlying md/sha context.) + * + * Also tests that md_list() only returns valid MDs. + */ for( md_type_ptr = md_list(); *md_type_ptr != 0; md_type_ptr++ ) - TEST_ASSERT( md_info_from_type( *md_type_ptr ) != NULL ); + { + TEST_ASSERT( ( info = md_info_from_type( *md_type_ptr ) ) != NULL ); + TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); + TEST_ASSERT( md_process( &ctx, buf ) == 0 ); + TEST_ASSERT( md_free_ctx( &ctx ) == 0 ); + } } /* END_CASE */ From 79e58421be7222ca7d1df824571eb05749f5cfda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Apr 2014 18:42:01 +0200 Subject: [PATCH 21/22] Also test net_usleep in timing_selttest() --- library/timing.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/library/timing.c b/library/timing.c index 9a6129bf8..7085b3b6a 100644 --- a/library/timing.c +++ b/library/timing.c @@ -319,6 +319,11 @@ void m_sleep( int milliseconds ) #if defined(POLARSSL_SELF_TEST) +/* To test net_usleep against our functions */ +#if defined(POLARSSL_NET_C) +#include "polarssl/net.h" +#endif + /* * Checkup routine */ @@ -339,11 +344,11 @@ int timing_self_test( int verbose ) { (void) get_timer( &hires, 1 ); - m_sleep( 1000 * secs ); + m_sleep( 500 * secs ); millisecs = get_timer( &hires, 0 ); - if( millisecs < 900 * secs || millisecs > 1100 * secs ) + if( millisecs < 450 * secs || millisecs > 550 * secs ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); @@ -426,6 +431,31 @@ hard_test: if( verbose != 0 ) polarssl_printf( "\n" ); +#if defined(POLARSSL_NET_C) + if( verbose != 0 ) + polarssl_printf( " TIMING test #4 (net_usleep/ get_timer): " ); + + for( secs = 1; secs <= 3; secs++ ) + { + (void) get_timer( &hires, 1 ); + + net_usleep( 500000 * secs ); + + millisecs = get_timer( &hires, 0 ); + + if( millisecs < 450 * secs || millisecs > 550 * secs ) + { + if( verbose != 0 ) + polarssl_printf( "failed\n" ); + + return( 1 ); + } + } + + if( verbose != 0 ) + polarssl_printf( "passed\n" ); +#endif + return( 0 ); } From 0148875cfc0d528c3c11b0162ffa5046560055f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 3 Apr 2014 22:09:18 +0200 Subject: [PATCH 22/22] Add tests and fix bugs for RSA-alt contexts --- ChangeLog | 2 + include/polarssl/pk.h | 2 +- library/pk.c | 3 + library/pk_wrap.c | 2 +- tests/suites/test_suite_pk.data | 4 ++ tests/suites/test_suite_pk.function | 101 +++++++++++++++++++++++++++- 6 files changed, 111 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 01c9c876b..e4147bd06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Bugfix * oid_get_numeric_string() used to truncate the output without returning an error if the output buffer was just 1 byte too small. * dhm_parse_dhm() (hence dhm_parse_dhmfile()) did not set dhm->len. + * Calling pk_debug() on an RSA-alt key would segfault. + * pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys. = PolarSSL 1.3.5 released on 2014-03-26 Features diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index 6f21dab52..b764d5554 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -234,7 +234,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info ); * \param key RSA key pointer * \param decrypt_func Decryption function * \param sign_func Signing function - * \param key_len_func Function returning key length + * \param key_len_func Function returning key length in bytes * * \return 0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the * context wasn't already initialized as RSA_ALT. diff --git a/library/pk.c b/library/pk.c index 80eccc911..cfde265bf 100644 --- a/library/pk.c +++ b/library/pk.c @@ -258,6 +258,9 @@ int pk_debug( const pk_context *ctx, pk_debug_item *items ) if( ctx == NULL || ctx->pk_info == NULL ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + if( ctx->pk_info->debug_func == NULL ) + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + ctx->pk_info->debug_func( ctx->pk_ctx, items ); return( 0 ); } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 99535d613..96695d462 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -357,7 +357,7 @@ static size_t rsa_alt_get_size( const void *ctx ) { const rsa_alt_context *rsa_alt = (const rsa_alt_context *) ctx; - return( rsa_alt->key_len_func( rsa_alt->key ) ); + return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); } static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg, diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e07495a41..974748c6b 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -77,3 +77,7 @@ pk_ec_nocrypt:POLARSSL_PK_ECKEY_DH ECDSA nocrypt depends_on:POLARSSL_ECDSA_C pk_ec_nocrypt:POLARSSL_PK_ECDSA + +RSA_ALT consistency +depends_on:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_GENPRIME +pk_rsa_alt: diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 85cdb7498..f82ed6748 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -3,13 +3,16 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); +#define RSA_KEY_SIZE 512 +#define RSA_KEY_LEN 64 + static int pk_genkey( pk_context *pk ) { ((void) pk); #if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME) if( pk_get_type( pk ) == POLARSSL_PK_RSA ) - return rsa_gen_key( pk_rsa( *pk ), rnd_std_rand, NULL, 512, 3 ); + return rsa_gen_key( pk_rsa( *pk ), rnd_std_rand, NULL, RSA_KEY_SIZE, 3 ); #endif #if defined(POLARSSL_ECP_C) if( pk_get_type( pk ) == POLARSSL_PK_ECKEY || @@ -27,6 +30,28 @@ static int pk_genkey( pk_context *pk ) #endif return( -1 ); } + +#if defined(POLARSSL_RSA_C) +int rsa_decrypt_func( void *ctx, int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len ) +{ + return( rsa_pkcs1_decrypt( (rsa_context *) ctx, NULL, NULL, mode, olen, + input, output, output_max_len ) ); +} +int rsa_sign_func( void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int mode, md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig ) +{ + return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode, + md_alg, hashlen, hash, sig ) ); +} +size_t rsa_key_len_func( void *ctx ) +{ + return( ((const rsa_context *) ctx)->len ); +} +#endif /* POLARSSL_RSA_C */ /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -282,3 +307,77 @@ void pk_ec_nocrypt( int type ) pk_free( &pk ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ +void pk_rsa_alt( ) +{ + /* + * An rsa_alt context can only do private operations (decrypt, sign). + * Test it against the public operations (encrypt, verify) of a + * corresponding rsa context. + */ + rsa_context raw; + pk_context rsa, alt; + pk_debug_item dbg_items[10]; + unsigned char hash[50], sig[1000]; + unsigned char msg[50], ciph[1000], test[1000]; + size_t sig_len, ciph_len, test_len; + int ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + + rsa_init( &raw, RSA_PKCS_V15, POLARSSL_MD_NONE ); + pk_init( &rsa ); pk_init( &alt ); + + memset( hash, 0x2a, sizeof hash ); + memset( sig, 0, sizeof sig ); + memset( msg, 0x2a, sizeof msg ); + memset( ciph, 0, sizeof ciph ); + memset( test, 0, sizeof test ); + + /* Initiliaze PK RSA context with random key */ + TEST_ASSERT( pk_init_ctx( &rsa, + pk_info_from_type( POLARSSL_PK_RSA ) ) == 0 ); + TEST_ASSERT( pk_genkey( &rsa ) == 0 ); + + /* Extract key to the raw rsa context */ + TEST_ASSERT( rsa_copy( &raw, pk_rsa( rsa ) ) == 0 ); + + /* Initialize PK RSA_ALT context */ + TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, (void *) &raw, + rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 ); + + /* Test administrative functions */ + TEST_ASSERT( pk_can_do( &alt, POLARSSL_PK_RSA ) ); + TEST_ASSERT( pk_get_size( &alt ) == RSA_KEY_SIZE ); + TEST_ASSERT( pk_get_len( &alt ) == RSA_KEY_LEN ); + TEST_ASSERT( pk_get_type( &alt ) == POLARSSL_PK_RSA_ALT ); + TEST_ASSERT( strcmp( pk_get_name( &alt ), "RSA-alt" ) == 0 ); + + /* Test signature */ + TEST_ASSERT( pk_sign( &alt, POLARSSL_MD_NONE, hash, sizeof hash, + sig, &sig_len, rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( sig_len == RSA_KEY_LEN ); + TEST_ASSERT( pk_verify( &rsa, POLARSSL_MD_NONE, + hash, sizeof hash, sig, sig_len ) == 0 ); + + /* Test decrypt */ + TEST_ASSERT( pk_encrypt( &rsa, msg, sizeof msg, + ciph, &ciph_len, sizeof ciph, + rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( pk_decrypt( &alt, ciph, ciph_len, + test, &test_len, sizeof test, + rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( test_len == sizeof msg ); + TEST_ASSERT( memcmp( test, msg, test_len ) == 0 ); + + /* Test forbidden operations */ + TEST_ASSERT( pk_encrypt( &alt, msg, sizeof msg, + ciph, &ciph_len, sizeof ciph, + rnd_std_rand, NULL ) == ret ); + TEST_ASSERT( pk_verify( &alt, POLARSSL_MD_NONE, + hash, sizeof hash, sig, sig_len ) == ret ); + TEST_ASSERT( pk_debug( &alt, dbg_items ) == ret ); + + rsa_free( &raw ); + pk_free( &rsa ); pk_free( &alt ); +} +/* END_CASE */