Commit 351fe214 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add PBE tests. 



Add support for PKCS#12 and PBKDF2 password based encryption tests. Add
additional test data.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent e8356e32

test/evp_test.c

+87 −23
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ 
#include <openssl/pem.h>

#include <openssl/err.h>

#include <openssl/x509v3.h>

#include <openssl/pkcs12.h>

#include "internal/numbers.h"



/* Remove spaces from beginning and end of a string */
@@ -1283,6 +1284,8 @@ static const struct evp_test_method pverify_test_method = { 
/* PBE tests */



#define PBE_TYPE_SCRYPT 1

#define PBE_TYPE_PBKDF2 2

#define PBE_TYPE_PKCS12 3



struct pbe_data {
@@ -1291,6 +1294,10 @@ struct pbe_data { 
    /* scrypt parameters */

    uint64_t N, r, p, maxmem;



    /* PKCS#12 parameters */

    int id, iter;

    const EVP_MD *md;



    /* password */

    unsigned char *pass;

    size_t pass_len;
@@ -1308,6 +1315,7 @@ static int scrypt_test_parse(struct evp_test *t, 
                             const char *keyword, const char *value)

{

    struct pbe_data *pdata = t->data;



    if (strcmp(keyword, "N") == 0)

        return test_uint64(value, &pdata->N);

    if (strcmp(keyword, "p") == 0)
@@ -1319,36 +1327,51 @@ static int scrypt_test_parse(struct evp_test *t, 
    return 0;

}



static int scrypt_test_run(struct evp_test *t)

static int pbkdf2_test_parse(struct evp_test *t,

                             const char *keyword, const char *value)

{

    struct pbe_data *pdata = t->data;

    const char *err = "INTERNAL_ERROR";

    unsigned char *key;

    key = OPENSSL_malloc(pdata->key_len);

    if (!key)

        goto err;

    err = "SCRYPT_ERROR";

    if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,

                       pdata->salt, pdata->salt_len,

                       pdata->N, pdata->r, pdata->p, pdata->maxmem,

                       key, pdata->key_len) == 0)

        goto err;

    err = "KEY_MISMATCH";

    if (check_output(t, pdata->key, key, pdata->key_len))

        goto err;

    err = NULL;

    err:

    OPENSSL_free(key);

    t->err = err;



    if (strcmp(keyword, "iter") == 0) {

        pdata->iter = atoi(value);

        if (pdata->iter <= 0)

            return 0;

        return 1;

    }

    if (strcmp(keyword, "MD") == 0) {

        pdata->md = EVP_get_digestbyname(value);

        if (pdata->md == NULL)

            return 0;

        return 1;

    }

    return 0;

}



static int pkcs12_test_parse(struct evp_test *t,

                             const char *keyword, const char *value)

{

    struct pbe_data *pdata = t->data;



    if (strcmp(keyword, "id") == 0) {

        pdata->id = atoi(value);

        if (pdata->id <= 0)

            return 0;

        return 1;

    }

    return pbkdf2_test_parse(t, keyword, value);

}



static int pbe_test_init(struct evp_test *t, const char *alg)

{

    struct pbe_data *pdat;

    int pbe_type = 0;



    if (strcmp(alg, "scrypt") == 0)

        pbe_type = PBE_TYPE_SCRYPT;

    else if (strcmp(alg, "pbkdf2") == 0)

        pbe_type = PBE_TYPE_PBKDF2;

    else if (strcmp(alg, "pkcs12") == 0)

        pbe_type = PBE_TYPE_PKCS12;

    else

        fprintf(stderr, "Unknown pbe algorithm %s\n", alg);

    pdat = OPENSSL_malloc(sizeof(*pdat));
@@ -1359,6 +1382,9 @@ static int pbe_test_init(struct evp_test *t, const char *alg) 
    pdat->r = 0;

    pdat->p = 0;

    pdat->maxmem = 0;

    pdat->id = 0;

    pdat->iter = 0;

    pdat->md = NULL;

    t->data = pdat;

    return 1;

}
@@ -1375,6 +1401,7 @@ static int pbe_test_parse(struct evp_test *t, 
                             const char *keyword, const char *value)

{

    struct pbe_data *pdata = t->data;



    if (strcmp(keyword, "Password") == 0)

        return test_bin(value, &pdata->pass, &pdata->pass_len);

    if (strcmp(keyword, "Salt") == 0)
@@ -1383,15 +1410,52 @@ static int pbe_test_parse(struct evp_test *t, 
        return test_bin(value, &pdata->key, &pdata->key_len);

    if (pdata->pbe_type == PBE_TYPE_SCRYPT)

        return scrypt_test_parse(t, keyword, value);

    else if (pdata->pbe_type == PBE_TYPE_PBKDF2)

        return pbkdf2_test_parse(t, keyword, value);

    else if (pdata->pbe_type == PBE_TYPE_PKCS12)

        return pkcs12_test_parse(t, keyword, value);

    return 0;

}



static int pbe_test_run(struct evp_test *t)

{

    struct pbe_data *pdata = t->data;

    if (pdata->pbe_type == PBE_TYPE_SCRYPT)

        return scrypt_test_run(t);

    return 0;

    const char *err = "INTERNAL_ERROR";

    unsigned char *key;



    key = OPENSSL_malloc(pdata->key_len);

    if (!key)

        goto err;

    if (pdata->pbe_type == PBE_TYPE_PBKDF2) {

        err = "PBKDF2_ERROR";

        if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,

                              pdata->salt, pdata->salt_len,

                              pdata->iter, pdata->md,

                              pdata->key_len, key) == 0)

            goto err;

    } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {

        err = "SCRYPT_ERROR";

        if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,

                           pdata->salt, pdata->salt_len,

                           pdata->N, pdata->r, pdata->p, pdata->maxmem,

                           key, pdata->key_len) == 0)

            goto err;

    } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {

        err = "PKCS12_ERROR";

        if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,

                               pdata->salt, pdata->salt_len,

                               pdata->id, pdata->iter, pdata->key_len,

                               key, pdata->md) == 0)

            goto err;

    }

    err = "KEY_MISMATCH";

    if (check_output(t, pdata->key, key, pdata->key_len))

        goto err;

    err = NULL;

    err:

    OPENSSL_free(key);

    t->err = err;

    return 1;

}



static const struct evp_test_method pbe_test_method = {

test/evptests.txt

+156 −0
Original line number Diff line number Diff line
@@ -2353,3 +2353,159 @@ p = 1 
Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4

#maxmem = 10000000000

Result = SCRYPT_ERROR



# PKCS#12 tests



PBE = pkcs12

id = 1

iter = 1

MD = SHA1

Password = 0073006D006500670000

Salt = 0A58CF64530D823F

Key = 8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3



PBE = pkcs12

id = 2

iter = 1

MD = SHA1

Password = 0073006D006500670000

Salt = 0A58CF64530D823F

Key = 79993DFE048D3B76



PBE = pkcs12

id = 3

iter 1

MD = SHA1

Password = 0073006D006500670000

Salt = 3D83C0E4546AC140

Key = 8D967D88F6CAA9D714800AB3D48051D63F73A312



PBE = pkcs12

id = 1

iter = 1000

MD = SHA1

Password = 007100750065006500670000

Salt = 1682C0FC5B3F7EC5

Key = 483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F



PBE = pkcs12

id = 2

iter = 1000

MD = SHA1

Password = 007100750065006500670000

Salt = 1682C0FC5B3F7EC5

Key = 9D461D1B00355C50



PBE = pkcs12

id = 3

iter = 1000

MD = SHA1

Password = 007100750065006500670000

Salt = 263216FCC2FAB31C

Key = 5EC4C7A80DF652294C3925B6489A7AB857C83476



# PBKDF2 tests from p5_crpt2_test.c

PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 1

MD = sha1

Key = 0c60c80f961f0e71f3a9b524af6012062fe037a6



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 1

MD = sha256

Key = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 1

MD = sha512

Key = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 2

MD = sha1

Key = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 2

MD = sha256

Key = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 2

MD = sha512

Key = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 4096

MD = sha1

Key = 4b007901b765489abead49d926f721d065a429c1



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 4096

MD = sha256

Key = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a



PBE = pbkdf2

Password = "password"

Salt = "salt"

iter = 4096

MD = sha512

Key = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5



PBE = pbkdf2

Password = "passwordPASSWORDpassword"

Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"

iter = 4096

MD = sha1

Key = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038



PBE = pbkdf2

Password = "passwordPASSWORDpassword"

Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"

iter = 4096

MD = sha256

Key = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9



PBE = pbkdf2

Password = "passwordPASSWORDpassword"

Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"

iter = 4096

MD = sha512

Key = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8



PBE = pbkdf2

Password = 7061737300776f7264

Salt = 7361006c74

iter = 4096

MD = sha1

Key = 56fa6aa75548099dcc37d7f03425e0c3



PBE = pbkdf2

Password = 7061737300776f7264

Salt = 7361006c74

iter = 4096

MD = sha256

Key = 89b69d0516f829893c696226650a8687



PBE = pbkdf2

Password = 7061737300776f7264

Salt = 7361006c74

iter = 4096

MD = sha512

Key = 9d9e9c4cd21fe4be24d5b8244c759665