From 351fe21402496dfdb2673a610162519b80991665 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 May 2015 17:17:21 +0100 Subject: [PATCH] Add PBE tests. Add support for PKCS#12 and PBKDF2 password based encryption tests. Add additional test data. Reviewed-by: Rich Salz --- test/evp_test.c | 110 +++++++++++++++++++++++++------- test/evptests.txt | 156 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 243 insertions(+), 23 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index e0e4857657..90441f36fa 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -60,6 +60,7 @@ #include #include #include +#include #include "internal/numbers.h" /* Remove spaces from beginning and end of a string */ @@ -1283,6 +1284,8 @@ static const struct evp_test_method pverify_test_method = { /* PBE tests */ #define PBE_TYPE_SCRYPT 1 +#define PBE_TYPE_PBKDF2 2 +#define PBE_TYPE_PKCS12 3 struct pbe_data { @@ -1291,6 +1294,10 @@ struct pbe_data { /* scrypt parameters */ uint64_t N, r, p, maxmem; + /* PKCS#12 parameters */ + int id, iter; + const EVP_MD *md; + /* password */ unsigned char *pass; size_t pass_len; @@ -1308,6 +1315,7 @@ static int scrypt_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct pbe_data *pdata = t->data; + if (strcmp(keyword, "N") == 0) return test_uint64(value, &pdata->N); if (strcmp(keyword, "p") == 0) @@ -1319,36 +1327,51 @@ static int scrypt_test_parse(struct evp_test *t, return 0; } -static int scrypt_test_run(struct evp_test *t) +static int pbkdf2_test_parse(struct evp_test *t, + const char *keyword, const char *value) { struct pbe_data *pdata = t->data; - const char *err = "INTERNAL_ERROR"; - unsigned char *key; - key = OPENSSL_malloc(pdata->key_len); - if (!key) - goto err; - err = "SCRYPT_ERROR"; - if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, - pdata->salt, pdata->salt_len, - pdata->N, pdata->r, pdata->p, pdata->maxmem, - key, pdata->key_len) == 0) - goto err; - err = "KEY_MISMATCH"; - if (check_output(t, pdata->key, key, pdata->key_len)) - goto err; - err = NULL; - err: - OPENSSL_free(key); - t->err = err; - return 1; + + if (strcmp(keyword, "iter") == 0) { + pdata->iter = atoi(value); + if (pdata->iter <= 0) + return 0; + return 1; + } + if (strcmp(keyword, "MD") == 0) { + pdata->md = EVP_get_digestbyname(value); + if (pdata->md == NULL) + return 0; + return 1; + } + return 0; +} + +static int pkcs12_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + + if (strcmp(keyword, "id") == 0) { + pdata->id = atoi(value); + if (pdata->id <= 0) + return 0; + return 1; + } + return pbkdf2_test_parse(t, keyword, value); } static int pbe_test_init(struct evp_test *t, const char *alg) { struct pbe_data *pdat; int pbe_type = 0; + if (strcmp(alg, "scrypt") == 0) pbe_type = PBE_TYPE_SCRYPT; + else if (strcmp(alg, "pbkdf2") == 0) + pbe_type = PBE_TYPE_PBKDF2; + else if (strcmp(alg, "pkcs12") == 0) + pbe_type = PBE_TYPE_PKCS12; else fprintf(stderr, "Unknown pbe algorithm %s\n", alg); pdat = OPENSSL_malloc(sizeof(*pdat)); @@ -1359,6 +1382,9 @@ static int pbe_test_init(struct evp_test *t, const char *alg) pdat->r = 0; pdat->p = 0; pdat->maxmem = 0; + pdat->id = 0; + pdat->iter = 0; + pdat->md = NULL; t->data = pdat; return 1; } @@ -1375,6 +1401,7 @@ static int pbe_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct pbe_data *pdata = t->data; + if (strcmp(keyword, "Password") == 0) return test_bin(value, &pdata->pass, &pdata->pass_len); if (strcmp(keyword, "Salt") == 0) @@ -1383,15 +1410,52 @@ static int pbe_test_parse(struct evp_test *t, return test_bin(value, &pdata->key, &pdata->key_len); if (pdata->pbe_type == PBE_TYPE_SCRYPT) return scrypt_test_parse(t, keyword, value); + else if (pdata->pbe_type == PBE_TYPE_PBKDF2) + return pbkdf2_test_parse(t, keyword, value); + else if (pdata->pbe_type == PBE_TYPE_PKCS12) + return pkcs12_test_parse(t, keyword, value); return 0; } static int pbe_test_run(struct evp_test *t) { struct pbe_data *pdata = t->data; - if (pdata->pbe_type == PBE_TYPE_SCRYPT) - return scrypt_test_run(t); - return 0; + const char *err = "INTERNAL_ERROR"; + unsigned char *key; + + key = OPENSSL_malloc(pdata->key_len); + if (!key) + goto err; + if (pdata->pbe_type == PBE_TYPE_PBKDF2) { + err = "PBKDF2_ERROR"; + if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->iter, pdata->md, + pdata->key_len, key) == 0) + goto err; + } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) { + err = "SCRYPT_ERROR"; + if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->N, pdata->r, pdata->p, pdata->maxmem, + key, pdata->key_len) == 0) + goto err; + } else if (pdata->pbe_type == PBE_TYPE_PKCS12) { + err = "PKCS12_ERROR"; + if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->id, pdata->iter, pdata->key_len, + key, pdata->md) == 0) + goto err; + } + err = "KEY_MISMATCH"; + if (check_output(t, pdata->key, key, pdata->key_len)) + goto err; + err = NULL; + err: + OPENSSL_free(key); + t->err = err; + return 1; } static const struct evp_test_method pbe_test_method = { diff --git a/test/evptests.txt b/test/evptests.txt index db6336261f..a4faba7d07 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2353,3 +2353,159 @@ p = 1 Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4 #maxmem = 10000000000 Result = SCRYPT_ERROR + +# PKCS#12 tests + +PBE = pkcs12 +id = 1 +iter = 1 +MD = SHA1 +Password = 0073006D006500670000 +Salt = 0A58CF64530D823F +Key = 8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3 + +PBE = pkcs12 +id = 2 +iter = 1 +MD = SHA1 +Password = 0073006D006500670000 +Salt = 0A58CF64530D823F +Key = 79993DFE048D3B76 + +PBE = pkcs12 +id = 3 +iter 1 +MD = SHA1 +Password = 0073006D006500670000 +Salt = 3D83C0E4546AC140 +Key = 8D967D88F6CAA9D714800AB3D48051D63F73A312 + +PBE = pkcs12 +id = 1 +iter = 1000 +MD = SHA1 +Password = 007100750065006500670000 +Salt = 1682C0FC5B3F7EC5 +Key = 483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F + +PBE = pkcs12 +id = 2 +iter = 1000 +MD = SHA1 +Password = 007100750065006500670000 +Salt = 1682C0FC5B3F7EC5 +Key = 9D461D1B00355C50 + +PBE = pkcs12 +id = 3 +iter = 1000 +MD = SHA1 +Password = 007100750065006500670000 +Salt = 263216FCC2FAB31C +Key = 5EC4C7A80DF652294C3925B6489A7AB857C83476 + +# PBKDF2 tests from p5_crpt2_test.c +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 1 +MD = sha1 +Key = 0c60c80f961f0e71f3a9b524af6012062fe037a6 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 1 +MD = sha256 +Key = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 1 +MD = sha512 +Key = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 2 +MD = sha1 +Key = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 2 +MD = sha256 +Key = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 2 +MD = sha512 +Key = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha1 +Key = 4b007901b765489abead49d926f721d065a429c1 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha256 +Key = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha512 +Key = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5 + +PBE = pbkdf2 +Password = "passwordPASSWORDpassword" +Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt" +iter = 4096 +MD = sha1 +Key = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038 + +PBE = pbkdf2 +Password = "passwordPASSWORDpassword" +Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt" +iter = 4096 +MD = sha256 +Key = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9 + +PBE = pbkdf2 +Password = "passwordPASSWORDpassword" +Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt" +iter = 4096 +MD = sha512 +Key = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8 + +PBE = pbkdf2 +Password = 7061737300776f7264 +Salt = 7361006c74 +iter = 4096 +MD = sha1 +Key = 56fa6aa75548099dcc37d7f03425e0c3 + +PBE = pbkdf2 +Password = 7061737300776f7264 +Salt = 7361006c74 +iter = 4096 +MD = sha256 +Key = 89b69d0516f829893c696226650a8687 + +PBE = pbkdf2 +Password = 7061737300776f7264 +Salt = 7361006c74 +iter = 4096 +MD = sha512 +Key = 9d9e9c4cd21fe4be24d5b8244c759665 -- 2.25.1