BUG=129 Change-Id: I1fef45d662743e7210f93e4dc1bae0c55f75d3fe Reviewed-on: https://boringssl-review.googlesource.com/16864 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
@@ -253,6 +253,8 @@ add_executable( | |||||
hkdf/hkdf_test.cc | hkdf/hkdf_test.cc | ||||
hmac_extra/hmac_test.cc | hmac_extra/hmac_test.cc | ||||
lhash/lhash_test.cc | lhash/lhash_test.cc | ||||
pkcs7/pkcs7_test.cc | |||||
pkcs8/pkcs8_test.cc | |||||
poly1305/poly1305_test.cc | poly1305/poly1305_test.cc | ||||
pool/pool_test.cc | pool/pool_test.cc | ||||
refcount_test.cc | refcount_test.cc | ||||
@@ -8,14 +8,3 @@ add_library( | |||||
pkcs7.c | pkcs7.c | ||||
pkcs7_x509.c | pkcs7_x509.c | ||||
) | ) | ||||
add_executable( | |||||
pkcs7_test | |||||
pkcs7_test.c | |||||
$<TARGET_OBJECTS:test_support> | |||||
) | |||||
target_link_libraries(pkcs7_test crypto) | |||||
add_dependencies(all_tests pkcs7_test) |
@@ -12,9 +12,7 @@ | |||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | ||||
#include <stdio.h> | |||||
#include <stdlib.h> | |||||
#include <string.h> | |||||
#include <gtest/gtest.h> | |||||
#include <openssl/bytestring.h> | #include <openssl/bytestring.h> | ||||
#include <openssl/crypto.h> | #include <openssl/crypto.h> | ||||
@@ -24,6 +22,7 @@ | |||||
#include <openssl/x509.h> | #include <openssl/x509.h> | ||||
#include "../internal.h" | #include "../internal.h" | ||||
#include "../test/test_util.h" | |||||
/* kPKCS7NSS contains the certificate chain of mail.google.com, as saved by NSS | /* kPKCS7NSS contains the certificate chain of mail.google.com, as saved by NSS | ||||
@@ -470,188 +469,115 @@ static const char kPEMCRL[] = | |||||
"fNQMQoI9So4Vdy88Kow6BBBV3Lu6sZHue+cjxXETrmshNdNk8ABUMQA=\n" | "fNQMQoI9So4Vdy88Kow6BBBV3Lu6sZHue+cjxXETrmshNdNk8ABUMQA=\n" | ||||
"-----END PKCS7-----\n"; | "-----END PKCS7-----\n"; | ||||
static int test_cert_reparse(const uint8_t *der_bytes, size_t der_len) { | |||||
CBS pkcs7; | |||||
CBB cbb; | |||||
STACK_OF(X509) *certs = sk_X509_new_null(); | |||||
STACK_OF(X509) *certs2 = sk_X509_new_null(); | |||||
static void TestCertRepase(const uint8_t *der_bytes, size_t der_len) { | |||||
bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null()); | |||||
ASSERT_TRUE(certs); | |||||
bssl::UniquePtr<STACK_OF(X509)> certs2(sk_X509_new_null()); | |||||
ASSERT_TRUE(certs2); | |||||
uint8_t *result_data, *result2_data; | uint8_t *result_data, *result2_data; | ||||
size_t result_len, result2_len, i; | |||||
size_t result_len, result2_len; | |||||
CBS pkcs7; | |||||
CBS_init(&pkcs7, der_bytes, der_len); | CBS_init(&pkcs7, der_bytes, der_len); | ||||
if (!PKCS7_get_certificates(certs, &pkcs7)) { | |||||
fprintf(stderr, "PKCS7_get_certificates failed.\n"); | |||||
return 0; | |||||
} | |||||
ASSERT_TRUE(PKCS7_get_certificates(certs.get(), &pkcs7)); | |||||
CBB_init(&cbb, der_len); | |||||
if (!PKCS7_bundle_certificates(&cbb, certs) || | |||||
!CBB_finish(&cbb, &result_data, &result_len)) { | |||||
fprintf(stderr, "PKCS7_bundle_certificates failed.\n"); | |||||
return 0; | |||||
} | |||||
bssl::ScopedCBB cbb; | |||||
ASSERT_TRUE(CBB_init(cbb.get(), der_len)); | |||||
ASSERT_TRUE(PKCS7_bundle_certificates(cbb.get(), certs.get())); | |||||
ASSERT_TRUE(CBB_finish(cbb.get(), &result_data, &result_len)); | |||||
bssl::UniquePtr<uint8_t> free_result_data(result_data); | |||||
CBS_init(&pkcs7, result_data, result_len); | CBS_init(&pkcs7, result_data, result_len); | ||||
if (!PKCS7_get_certificates(certs2, &pkcs7)) { | |||||
fprintf(stderr, "PKCS7_get_certificates reparse failed.\n"); | |||||
return 0; | |||||
} | |||||
if (sk_X509_num(certs) != sk_X509_num(certs2)) { | |||||
fprintf(stderr, "Number of certs in results differ.\n"); | |||||
return 0; | |||||
} | |||||
for (i = 0; i < sk_X509_num(certs); i++) { | |||||
X509 *a = sk_X509_value(certs, i); | |||||
X509 *b = sk_X509_value(certs2, i); | |||||
if (X509_cmp(a, b) != 0) { | |||||
fprintf(stderr, "Certificate %zu differs.\n", i); | |||||
return 0; | |||||
} | |||||
} | |||||
ASSERT_TRUE(PKCS7_get_certificates(certs2.get(), &pkcs7)); | |||||
CBB_init(&cbb, der_len); | |||||
if (!PKCS7_bundle_certificates(&cbb, certs2) || | |||||
!CBB_finish(&cbb, &result2_data, &result2_len)) { | |||||
fprintf(stderr, | |||||
"PKCS7_bundle_certificates failed the second time.\n"); | |||||
return 0; | |||||
} | |||||
ASSERT_EQ(sk_X509_num(certs.get()), sk_X509_num(certs2.get())); | |||||
if (result_len != result2_len || | |||||
OPENSSL_memcmp(result_data, result2_data, result_len) != 0) { | |||||
fprintf(stderr, "Serialisation is not stable.\n"); | |||||
return 0; | |||||
for (size_t i = 0; i < sk_X509_num(certs.get()); i++) { | |||||
X509 *a = sk_X509_value(certs.get(), i); | |||||
X509 *b = sk_X509_value(certs2.get(), i); | |||||
ASSERT_EQ(0, X509_cmp(a, b)); | |||||
} | } | ||||
OPENSSL_free(result_data); | |||||
OPENSSL_free(result2_data); | |||||
sk_X509_pop_free(certs, X509_free); | |||||
sk_X509_pop_free(certs2, X509_free); | |||||
ASSERT_TRUE(CBB_init(cbb.get(), der_len)); | |||||
ASSERT_TRUE(PKCS7_bundle_certificates(cbb.get(), certs2.get())); | |||||
ASSERT_TRUE(CBB_finish(cbb.get(), &result2_data, &result2_len)); | |||||
bssl::UniquePtr<uint8_t> free_result2_data(result2_data); | |||||
return 1; | |||||
EXPECT_EQ(Bytes(result_data, result_len), Bytes(result2_data, result2_len)); | |||||
} | } | ||||
static int test_crl_reparse(const uint8_t *der_bytes, size_t der_len) { | |||||
CBS pkcs7; | |||||
CBB cbb; | |||||
STACK_OF(X509_CRL) *crls = sk_X509_CRL_new_null(); | |||||
STACK_OF(X509_CRL) *crls2 = sk_X509_CRL_new_null(); | |||||
static void TestCRLReparse(const uint8_t *der_bytes, size_t der_len) { | |||||
bssl::UniquePtr<STACK_OF(X509_CRL)> crls(sk_X509_CRL_new_null()); | |||||
ASSERT_TRUE(crls); | |||||
bssl::UniquePtr<STACK_OF(X509_CRL)> crls2(sk_X509_CRL_new_null()); | |||||
ASSERT_TRUE(crls2); | |||||
uint8_t *result_data, *result2_data; | uint8_t *result_data, *result2_data; | ||||
size_t result_len, result2_len, i; | |||||
size_t result_len, result2_len; | |||||
CBS pkcs7; | |||||
CBS_init(&pkcs7, der_bytes, der_len); | CBS_init(&pkcs7, der_bytes, der_len); | ||||
if (!PKCS7_get_CRLs(crls, &pkcs7)) { | |||||
fprintf(stderr, "PKCS7_get_CRLs failed.\n"); | |||||
return 0; | |||||
} | |||||
ASSERT_TRUE(PKCS7_get_CRLs(crls.get(), &pkcs7)); | |||||
CBB_init(&cbb, der_len); | |||||
if (!PKCS7_bundle_CRLs(&cbb, crls) || | |||||
!CBB_finish(&cbb, &result_data, &result_len)) { | |||||
fprintf(stderr, "PKCS7_bundle_CRLs failed.\n"); | |||||
return 0; | |||||
} | |||||
bssl::ScopedCBB cbb; | |||||
ASSERT_TRUE(CBB_init(cbb.get(), der_len)); | |||||
ASSERT_TRUE(PKCS7_bundle_CRLs(cbb.get(), crls.get())); | |||||
ASSERT_TRUE(CBB_finish(cbb.get(), &result_data, &result_len)); | |||||
bssl::UniquePtr<uint8_t> free_result_data(result_data); | |||||
CBS_init(&pkcs7, result_data, result_len); | CBS_init(&pkcs7, result_data, result_len); | ||||
if (!PKCS7_get_CRLs(crls2, &pkcs7)) { | |||||
fprintf(stderr, "PKCS7_get_CRLs reparse failed.\n"); | |||||
return 0; | |||||
} | |||||
if (sk_X509_CRL_num(crls) != sk_X509_CRL_num(crls)) { | |||||
fprintf(stderr, "Number of CRLs in results differ.\n"); | |||||
return 0; | |||||
} | |||||
ASSERT_TRUE(PKCS7_get_CRLs(crls2.get(), &pkcs7)); | |||||
for (i = 0; i < sk_X509_CRL_num(crls); i++) { | |||||
X509_CRL *a = sk_X509_CRL_value(crls, i); | |||||
X509_CRL *b = sk_X509_CRL_value(crls2, i); | |||||
ASSERT_EQ(sk_X509_CRL_num(crls.get()), sk_X509_CRL_num(crls.get())); | |||||
if (X509_CRL_cmp(a, b) != 0) { | |||||
fprintf(stderr, "CRL %zu differs.\n", i); | |||||
return 0; | |||||
} | |||||
for (size_t i = 0; i < sk_X509_CRL_num(crls.get()); i++) { | |||||
X509_CRL *a = sk_X509_CRL_value(crls.get(), i); | |||||
X509_CRL *b = sk_X509_CRL_value(crls2.get(), i); | |||||
ASSERT_EQ(0, X509_CRL_cmp(a, b)); | |||||
} | } | ||||
CBB_init(&cbb, der_len); | |||||
if (!PKCS7_bundle_CRLs(&cbb, crls2) || | |||||
!CBB_finish(&cbb, &result2_data, &result2_len)) { | |||||
fprintf(stderr, | |||||
"PKCS7_bundle_CRLs failed the second time.\n"); | |||||
return 0; | |||||
} | |||||
if (result_len != result2_len || | |||||
OPENSSL_memcmp(result_data, result2_data, result_len) != 0) { | |||||
fprintf(stderr, "Serialisation is not stable.\n"); | |||||
return 0; | |||||
} | |||||
ASSERT_TRUE(CBB_init(cbb.get(), der_len)); | |||||
ASSERT_TRUE(PKCS7_bundle_CRLs(cbb.get(), crls2.get())); | |||||
ASSERT_TRUE(CBB_finish(cbb.get(), &result2_data, &result2_len)); | |||||
bssl::UniquePtr<uint8_t> free_result2_data(result2_data); | |||||
OPENSSL_free(result_data); | |||||
OPENSSL_free(result2_data); | |||||
sk_X509_CRL_pop_free(crls, X509_CRL_free); | |||||
sk_X509_CRL_pop_free(crls2, X509_CRL_free); | |||||
return 1; | |||||
EXPECT_EQ(Bytes(result_data, result_len), Bytes(result2_data, result2_len)); | |||||
} | } | ||||
static int test_pem_certs(const char *pem) { | |||||
BIO *bio = BIO_new_mem_buf(pem, strlen(pem)); | |||||
STACK_OF(X509) *certs = sk_X509_new_null(); | |||||
if (!PKCS7_get_PEM_certificates(certs, bio)) { | |||||
fprintf(stderr, "PKCS7_get_PEM_certificates failed.\n"); | |||||
return 0; | |||||
} | |||||
if (sk_X509_num(certs) != 1) { | |||||
fprintf(stderr, | |||||
"Bad number of certificates from PKCS7_get_PEM_certificates: %zu\n", | |||||
sk_X509_num(certs)); | |||||
return 0; | |||||
} | |||||
BIO_free(bio); | |||||
sk_X509_pop_free(certs, X509_free); | |||||
static void TestPEMCerts(const char *pem) { | |||||
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem))); | |||||
ASSERT_TRUE(bio); | |||||
bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null()); | |||||
ASSERT_TRUE(certs); | |||||
return 1; | |||||
ASSERT_TRUE(PKCS7_get_PEM_certificates(certs.get(), bio.get())); | |||||
ASSERT_EQ(1u, sk_X509_num(certs.get())); | |||||
} | } | ||||
static int test_pem_crls(const char *pem) { | |||||
BIO *bio = BIO_new_mem_buf(pem, strlen(pem)); | |||||
STACK_OF(X509_CRL) *crls = sk_X509_CRL_new_null(); | |||||
static void TestPEMCRLs(const char *pem) { | |||||
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem))); | |||||
ASSERT_TRUE(bio); | |||||
bssl::UniquePtr<STACK_OF(X509_CRL)> crls(sk_X509_CRL_new_null()); | |||||
if (!PKCS7_get_PEM_CRLs(crls, bio)) { | |||||
fprintf(stderr, "PKCS7_get_PEM_CRLs failed.\n"); | |||||
return 0; | |||||
} | |||||
if (sk_X509_CRL_num(crls) != 1) { | |||||
fprintf(stderr, "Bad number of CRLs from PKCS7_get_PEM_CRLs: %zu\n", | |||||
sk_X509_CRL_num(crls)); | |||||
return 0; | |||||
} | |||||
ASSERT_TRUE(PKCS7_get_PEM_CRLs(crls.get(), bio.get())); | |||||
ASSERT_EQ(1u, sk_X509_CRL_num(crls.get())); | |||||
} | |||||
BIO_free(bio); | |||||
sk_X509_CRL_pop_free(crls, X509_CRL_free); | |||||
TEST(PKCS7Test, CertReparseNSS) { | |||||
TestCertRepase(kPKCS7NSS, sizeof(kPKCS7NSS)); | |||||
} | |||||
return 1; | |||||
TEST(PKCS7Test, CertReparseWindows) { | |||||
TestCertRepase(kPKCS7Windows, sizeof(kPKCS7Windows)); | |||||
} | } | ||||
int main(void) { | |||||
CRYPTO_library_init(); | |||||
TEST(PKCS7Test, CrlReparse) { | |||||
TestCRLReparse(kOpenSSLCRL, sizeof(kOpenSSLCRL)); | |||||
} | |||||
if (!test_cert_reparse(kPKCS7NSS, sizeof(kPKCS7NSS)) || | |||||
!test_cert_reparse(kPKCS7Windows, sizeof(kPKCS7Windows)) || | |||||
!test_crl_reparse(kOpenSSLCRL, sizeof(kOpenSSLCRL)) || | |||||
!test_pem_certs(kPEMCert) || | |||||
!test_pem_crls(kPEMCRL)) { | |||||
return 1; | |||||
} | |||||
TEST(PKCS7Test, PEMCerts) { | |||||
TestPEMCerts(kPEMCert); | |||||
} | |||||
printf("PASS\n"); | |||||
return 0; | |||||
TEST(PKCS7Test, PEMCRLs) { | |||||
TestPEMCRLs(kPEMCRL); | |||||
} | } |
@@ -18,12 +18,5 @@ add_executable( | |||||
$<TARGET_OBJECTS:test_support> | $<TARGET_OBJECTS:test_support> | ||||
) | ) | ||||
add_executable( | |||||
pkcs8_test | |||||
pkcs8_test.cc | |||||
) | |||||
target_link_libraries(pkcs8_test crypto) | |||||
target_link_libraries(pkcs12_test crypto) | target_link_libraries(pkcs12_test crypto) | ||||
add_dependencies(all_tests pkcs8_test pkcs12_test) | |||||
add_dependencies(all_tests pkcs12_test) |
@@ -12,9 +12,7 @@ | |||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | ||||
#include <stdio.h> | |||||
#include <stdlib.h> | |||||
#include <string.h> | |||||
#include <gtest/gtest.h> | |||||
#include <openssl/crypto.h> | #include <openssl/crypto.h> | ||||
#include <openssl/err.h> | #include <openssl/err.h> | ||||
@@ -168,27 +166,19 @@ static const uint8_t kExplicitHMACWithSHA1[] = { | |||||
0x68, 0xf9, 0x5e, 0x01, 0x66, 0x59, 0x5f, 0x3f, 0x05, 0x57, 0xcd, | 0x68, 0xf9, 0x5e, 0x01, 0x66, 0x59, 0x5f, 0x3f, 0x05, 0x57, 0xcd, | ||||
}; | }; | ||||
static bool TestDecrypt(const uint8_t *der, size_t der_len, | |||||
static void TestDecrypt(const uint8_t *der, size_t der_len, | |||||
const char *password) { | const char *password) { | ||||
const uint8_t *data = der; | const uint8_t *data = der; | ||||
bssl::UniquePtr<X509_SIG> sig(d2i_X509_SIG(NULL, &data, der_len)); | bssl::UniquePtr<X509_SIG> sig(d2i_X509_SIG(NULL, &data, der_len)); | ||||
if (sig.get() == NULL || data != der + der_len) { | |||||
fprintf(stderr, "d2i_X509_SIG failed or did not consume all bytes.\n"); | |||||
return false; | |||||
} | |||||
ASSERT_TRUE(sig.get()); | |||||
ASSERT_EQ(der + der_len, data); | |||||
bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> keypair( | bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> keypair( | ||||
PKCS8_decrypt(sig.get(), password, -1)); | PKCS8_decrypt(sig.get(), password, -1)); | ||||
if (!keypair) { | |||||
fprintf(stderr, "PKCS8_decrypt failed.\n"); | |||||
ERR_print_errors_fp(stderr); | |||||
return false; | |||||
} | |||||
return true; | |||||
ASSERT_TRUE(keypair); | |||||
} | } | ||||
static bool TestRoundTrip(int pbe_nid, const EVP_CIPHER *cipher, | |||||
static void TestRoundTrip(int pbe_nid, const EVP_CIPHER *cipher, | |||||
const char *password, const uint8_t *salt, | const char *password, const uint8_t *salt, | ||||
size_t salt_len, int iterations) { | size_t salt_len, int iterations) { | ||||
static const uint8_t kSampleKey[] = { | static const uint8_t kSampleKey[] = { | ||||
@@ -209,76 +199,82 @@ static bool TestRoundTrip(int pbe_nid, const EVP_CIPHER *cipher, | |||||
const uint8_t *ptr = kSampleKey; | const uint8_t *ptr = kSampleKey; | ||||
bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> key( | bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> key( | ||||
d2i_PKCS8_PRIV_KEY_INFO(nullptr, &ptr, sizeof(kSampleKey))); | d2i_PKCS8_PRIV_KEY_INFO(nullptr, &ptr, sizeof(kSampleKey))); | ||||
if (!key || ptr != kSampleKey + sizeof(kSampleKey)) { | |||||
return false; | |||||
} | |||||
ASSERT_TRUE(key); | |||||
ASSERT_EQ(kSampleKey + sizeof(kSampleKey), ptr); | |||||
bssl::UniquePtr<X509_SIG> encrypted(PKCS8_encrypt( | bssl::UniquePtr<X509_SIG> encrypted(PKCS8_encrypt( | ||||
pbe_nid, cipher, password, -1, salt, salt_len, iterations, key.get())); | pbe_nid, cipher, password, -1, salt, salt_len, iterations, key.get())); | ||||
if (!encrypted) { | |||||
fprintf(stderr, "Failed to encrypt private key.\n"); | |||||
return false; | |||||
} | |||||
ASSERT_TRUE(encrypted); | |||||
bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> key2( | bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> key2( | ||||
PKCS8_decrypt(encrypted.get(), password, -1)); | PKCS8_decrypt(encrypted.get(), password, -1)); | ||||
if (!key2) { | |||||
fprintf(stderr, "Failed to decrypt private key.\n"); | |||||
return false; | |||||
} | |||||
ASSERT_TRUE(key2); | |||||
uint8_t *encoded = nullptr; | uint8_t *encoded = nullptr; | ||||
int len = i2d_PKCS8_PRIV_KEY_INFO(key2.get(), &encoded); | int len = i2d_PKCS8_PRIV_KEY_INFO(key2.get(), &encoded); | ||||
bssl::UniquePtr<uint8_t> free_encoded(encoded); | bssl::UniquePtr<uint8_t> free_encoded(encoded); | ||||
if (len < 0 || | |||||
static_cast<size_t>(len) != sizeof(kSampleKey) || | |||||
OPENSSL_memcmp(encoded, kSampleKey, sizeof(kSampleKey)) != 0) { | |||||
fprintf(stderr, "Decrypted private key did not round-trip."); | |||||
return false; | |||||
} | |||||
ASSERT_GE(len, 0); | |||||
ASSERT_EQ(static_cast<size_t>(len), sizeof(kSampleKey)); | |||||
ASSERT_EQ(0, OPENSSL_memcmp(encoded, kSampleKey, sizeof(kSampleKey))); | |||||
} | |||||
TEST(PKCS8Test, DecryptString) { | |||||
TestDecrypt(kDER, sizeof(kDER), "testing"); | |||||
} | |||||
TEST(PKCS8Test, DecryptNull) { | |||||
TestDecrypt(kNullPassword, sizeof(kNullPassword), NULL); | |||||
} | |||||
TEST(PKCS8Test, DecryptNullNSS) { | |||||
TestDecrypt(kNullPasswordNSS, sizeof(kNullPasswordNSS), NULL); | |||||
} | |||||
return true; | |||||
TEST(PKCS8Test, DecryptEmptyStringOpenSSL) { | |||||
TestDecrypt(kEmptyPasswordOpenSSL, sizeof(kEmptyPasswordOpenSSL), ""); | |||||
} | } | ||||
int main(int argc, char **argv) { | |||||
CRYPTO_library_init(); | |||||
TEST(PKCS8Test, DecryptExplicitHMACWithSHA1) { | |||||
TestDecrypt(kExplicitHMACWithSHA1, sizeof(kExplicitHMACWithSHA1), "foo"); | |||||
} | |||||
TEST(PKCS8Test, RoundTripPBEWithrSHA1And3KeyTripleDES) { | |||||
// Test with different salts. | |||||
TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", nullptr, 0, 10); | |||||
TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", nullptr, 4, 10); | |||||
TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", (const uint8_t *)"salt", 4, 10); | |||||
// Test with a different iteration count. | |||||
TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", nullptr, 0, 1); | |||||
} | |||||
// Test that both "" (empty password, encoded as "\0\0") and nullptr (no | |||||
// password, encoded as "") work. | |||||
TEST(PKCS8Test, RoundTripPBEWithSHA1And3KeyTripleDESEmptyPassword) { | |||||
TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, "", | |||||
nullptr, 0, 1); | |||||
TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, nullptr, | |||||
nullptr, 0, 1); | |||||
} | |||||
TEST(PKCS8Test, RoundTripPBEWithSHA1And40BitRC2CBC) { | |||||
TestRoundTrip(NID_pbe_WithSHA1And40BitRC2_CBC, nullptr, "password", | |||||
nullptr, 0, 10); | |||||
} | |||||
if (!TestDecrypt(kDER, sizeof(kDER), "testing") || | |||||
!TestDecrypt(kNullPassword, sizeof(kNullPassword), NULL) || | |||||
!TestDecrypt(kNullPasswordNSS, sizeof(kNullPasswordNSS), NULL) || | |||||
!TestDecrypt(kEmptyPasswordOpenSSL, sizeof(kEmptyPasswordOpenSSL), "") || | |||||
!TestDecrypt(kExplicitHMACWithSHA1, sizeof(kExplicitHMACWithSHA1), | |||||
"foo") || | |||||
!TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", nullptr, 0, 10) || | |||||
// Vary the salt | |||||
!TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", nullptr, 4, 10) || | |||||
!TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", (const uint8_t *)"salt", 4, 10) || | |||||
// Vary the iteration count. | |||||
!TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, | |||||
"password", nullptr, 0, 1) || | |||||
// Vary the password. | |||||
!TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, "", | |||||
nullptr, 0, 1) || | |||||
!TestRoundTrip(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, nullptr, | |||||
nullptr, 0, 1) || | |||||
// Vary the PBE suite. | |||||
!TestRoundTrip(NID_pbe_WithSHA1And40BitRC2_CBC, nullptr, "password", | |||||
nullptr, 0, 10) || | |||||
!TestRoundTrip(NID_pbe_WithSHA1And128BitRC4, nullptr, "password", nullptr, | |||||
0, 10) || | |||||
// Test PBES2. | |||||
!TestRoundTrip(-1, EVP_aes_128_cbc(), "password", nullptr, 0, 10) || | |||||
!TestRoundTrip(-1, EVP_aes_128_cbc(), "password", nullptr, 4, 10) || | |||||
!TestRoundTrip(-1, EVP_aes_128_cbc(), "password", (const uint8_t *)"salt", | |||||
4, 10) || | |||||
!TestRoundTrip(-1, EVP_aes_128_cbc(), "password", nullptr, 0, 1) || | |||||
!TestRoundTrip(-1, EVP_rc2_cbc(), "password", nullptr, 0, 10)) { | |||||
return 1; | |||||
} | |||||
TEST(PKCS8Test, RoundTripPBEWithSHA1And128BitRC4) { | |||||
TestRoundTrip(NID_pbe_WithSHA1And128BitRC4, nullptr, "password", | |||||
nullptr, 0, 10); | |||||
} | |||||
printf("PASS\n"); | |||||
return 0; | |||||
TEST(PKCS8Test, RoundTripPBES2) { | |||||
TestRoundTrip(-1, EVP_aes_128_cbc(), "password", nullptr, 0, 10); | |||||
TestRoundTrip(-1, EVP_aes_128_cbc(), "password", nullptr, 4, 10); | |||||
TestRoundTrip(-1, EVP_aes_128_cbc(), "password", (const uint8_t *)"salt", | |||||
4, 10); | |||||
TestRoundTrip(-1, EVP_aes_128_cbc(), "password", nullptr, 0, 1); | |||||
TestRoundTrip(-1, EVP_rc2_cbc(), "password", nullptr, 0, 10); | |||||
} | } |
@@ -8,9 +8,7 @@ | |||||
["crypto/fipsmodule/example_mul"], | ["crypto/fipsmodule/example_mul"], | ||||
["crypto/fipsmodule/p256-x86_64_test", "crypto/fipsmodule/ec/p256-x86_64_tests.txt"], | ["crypto/fipsmodule/p256-x86_64_test", "crypto/fipsmodule/ec/p256-x86_64_tests.txt"], | ||||
["crypto/obj/obj_test"], | ["crypto/obj/obj_test"], | ||||
["crypto/pkcs7/pkcs7_test"], | |||||
["crypto/pkcs8/pkcs12_test"], | ["crypto/pkcs8/pkcs12_test"], | ||||
["crypto/pkcs8/pkcs8_test"], | |||||
["crypto/thread_test"], | ["crypto/thread_test"], | ||||
["crypto/x509v3/tab_test"], | ["crypto/x509v3/tab_test"], | ||||
["crypto/x509v3/v3name_test"], | ["crypto/x509v3/v3name_test"], | ||||