Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / a5c947b7c91bac52eeb5086507b67e52a59ef980 / . / src / crypto / digest_extra / digest_test.cc
blob: 6d02c087229142f339a9378215653896f046579d [file] [log] [blame]
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdint.h>
16#include <stdio.h>
17#include <string.h>
18
David Benjaminc895d6b2016-08-11 13:26:41 -0400[diff] [blame]19#include <memory>
Robert Sloan4c22c5f2019-03-01 15:53:37 -0800[diff] [blame]20#include <vector>
David Benjaminc895d6b2016-08-11 13:26:41 -0400[diff] [blame]21
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]22#include <gtest/gtest.h>
23
Robert Sloan47f43ed2017-02-06 14:55:15 -0800[diff] [blame]24#include <openssl/asn1.h>
Robert Sloan4562e9d2017-10-02 10:26:51 -0700[diff] [blame]25#include <openssl/bytestring.h>
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]26#include <openssl/crypto.h>
David Benjaminf0c4a6c2016-08-11 13:26:41 -0400[diff] [blame]27#include <openssl/digest.h>
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]28#include <openssl/err.h>
29#include <openssl/md4.h>
30#include <openssl/md5.h>
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]31#include <openssl/nid.h>
Robert Sloan47f43ed2017-02-06 14:55:15 -0800[diff] [blame]32#include <openssl/obj.h>
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]33#include <openssl/sha.h>
34
David Benjaminf0c4a6c2016-08-11 13:26:41 -0400[diff] [blame]35#include "../internal.h"
Robert Sloan4562e9d2017-10-02 10:26:51 -0700[diff] [blame]36#include "../test/test_util.h"
David Benjaminf0c4a6c2016-08-11 13:26:41 -0400[diff] [blame]37
38
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]39struct MD {
40 // name is the name of the digest.
41 const char* name;
42 // md_func is the digest to test.
43 const EVP_MD *(*func)(void);
44 // one_shot_func is the convenience one-shot version of the
45 // digest.
46 uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *);
47};
48
49static const MD md4 = { "MD4", &EVP_md4, nullptr };
50static const MD md5 = { "MD5", &EVP_md5, &MD5 };
51static const MD sha1 = { "SHA1", &EVP_sha1, &SHA1 };
52static const MD sha224 = { "SHA224", &EVP_sha224, &SHA224 };
53static const MD sha256 = { "SHA256", &EVP_sha256, &SHA256 };
54static const MD sha384 = { "SHA384", &EVP_sha384, &SHA384 };
55static const MD sha512 = { "SHA512", &EVP_sha512, &SHA512 };
56static const MD md5_sha1 = { "MD5-SHA1", &EVP_md5_sha1, nullptr };
57
Pete Bentleya5c947b2019-08-09 14:24:27 +0000[diff] [blame^]58struct DigestTestVector {
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]59 // md is the digest to test.
60 const MD &md;
61 // input is a NUL-terminated string to hash.
62 const char *input;
63 // repeat is the number of times to repeat input.
64 size_t repeat;
65 // expected_hex is the expected digest in hexadecimal.
66 const char *expected_hex;
67};
68
Pete Bentleya5c947b2019-08-09 14:24:27 +0000[diff] [blame^]69static const DigestTestVector kTestVectors[] = {
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]70 // MD4 tests, from RFC 1320. (crypto/md4 does not provide a
71 // one-shot MD4 function.)
72 { md4, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0" },
73 { md4, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24" },
74 { md4, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d" },
75 { md4, "message digest", 1, "d9130a8164549fe818874806e1c7014b" },
76 { md4, "abcdefghijklmnopqrstuvwxyz", 1,
77 "d79e1c308aa5bbcdeea8ed63df412da9" },
78 { md4,
79 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1,
80 "043f8582f241db351ce627e153e7f0e4" },
81 { md4, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536" },
82
83 // MD5 tests, from RFC 1321.
84 { md5, "", 1, "d41d8cd98f00b204e9800998ecf8427e" },
85 { md5, "a", 1, "0cc175b9c0f1b6a831c399e269772661" },
86 { md5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72" },
87 { md5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0" },
88 { md5, "abcdefghijklmnopqrstuvwxyz", 1,
89 "c3fcd3d76192e4007dfb496cca67e13b" },
90 { md5,
91 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1,
92 "d174ab98d277d9f5a5611c2c9f419d9f" },
93 { md5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a" },
94
95 // SHA-1 tests, from RFC 3174.
96 { sha1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d" },
97 { sha1,
98 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
99 "84983e441c3bd26ebaae4aa1f95129e5e54670f1" },
100 { sha1, "a", 1000000, "34aa973cd4c4daa4f61eeb2bdbad27316534016f" },
101 { sha1,
102 "0123456701234567012345670123456701234567012345670123456701234567", 10,
103 "dea356a2cddd90c7a7ecedc5ebb563934f460452" },
104
105 // SHA-224 tests, from RFC 3874.
106 { sha224, "abc", 1,
107 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7" },
108 { sha224,
109 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
110 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525" },
111 { sha224,
112 "a", 1000000,
113 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67" },
114
115 // SHA-256 tests, from NIST.
116 { sha256, "abc", 1,
117 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" },
118 { sha256,
119 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
120 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1" },
121
122 // SHA-384 tests, from NIST.
123 { sha384, "abc", 1,
124 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed"
125 "8086072ba1e7cc2358baeca134c825a7" },
126 { sha384,
127 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
128 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1,
129 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712"
130 "fcc7c71a557e2db966c3e9fa91746039" },
131
132 // SHA-512 tests, from NIST.
133 { sha512, "abc", 1,
134 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
135 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f" },
136 { sha512,
137 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
138 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1,
139 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
140 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" },
141
142 // MD5-SHA1 tests.
143 { md5_sha1, "abc", 1,
144 "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d" },
145};
146
Pete Bentleya5c947b2019-08-09 14:24:27 +0000[diff] [blame^]147static void CompareDigest(const DigestTestVector *test,
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]148 const uint8_t *digest,
149 size_t digest_len) {
150 static const char kHexTable[] = "0123456789abcdef";
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]151 char digest_hex[2*EVP_MAX_MD_SIZE + 1];
152
David Benjamin7c0d06c2016-08-11 13:26:41 -0400[diff] [blame]153 for (size_t i = 0; i < digest_len; i++) {
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]154 digest_hex[2*i] = kHexTable[digest[i] >> 4];
155 digest_hex[2*i + 1] = kHexTable[digest[i] & 0xf];
156 }
157 digest_hex[2*digest_len] = '\0';
158
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]159 EXPECT_STREQ(test->expected_hex, digest_hex);
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]160}
161
Pete Bentleya5c947b2019-08-09 14:24:27 +0000[diff] [blame^]162static void TestDigest(const DigestTestVector *test) {
David Benjamin1b249672016-12-06 18:25:50 -0500[diff] [blame]163 bssl::ScopedEVP_MD_CTX ctx;
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]164
165 // Test the input provided.
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]166 ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL));
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]167 for (size_t i = 0; i < test->repeat; i++) {
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]168 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input)));
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]169 }
David Benjaminc895d6b2016-08-11 13:26:41 -0400[diff] [blame]170 std::unique_ptr<uint8_t[]> digest(new uint8_t[EVP_MD_size(test->md.func())]);
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]171 unsigned digest_len;
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]172 ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len));
173 CompareDigest(test, digest.get(), digest_len);
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]174
175 // Test the input one character at a time.
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]176 ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL));
177 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), NULL, 0));
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]178 for (size_t i = 0; i < test->repeat; i++) {
179 for (const char *p = test->input; *p; p++) {
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]180 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), p, 1));
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]181 }
182 }
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]183 ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len));
184 EXPECT_EQ(EVP_MD_size(test->md.func()), digest_len);
185 CompareDigest(test, digest.get(), digest_len);
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]186
Robert Sloan4c22c5f2019-03-01 15:53:37 -0800[diff] [blame]187 // Test with unaligned input.
188 ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL));
189 std::vector<char> unaligned(strlen(test->input) + 1);
190 char *ptr = unaligned.data();
191 if ((reinterpret_cast<uintptr_t>(ptr) & 1) == 0) {
192 ptr++;
193 }
194 OPENSSL_memcpy(ptr, test->input, strlen(test->input));
195 for (size_t i = 0; i < test->repeat; i++) {
196 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), ptr, strlen(test->input)));
197 }
198 ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len));
199 CompareDigest(test, digest.get(), digest_len);
200
Robert Sloanf63bd1f2019-04-16 09:26:20 -0700[diff] [blame]201 // Make a copy of the digest in the initial state.
202 ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL));
203 bssl::ScopedEVP_MD_CTX copy;
204 ASSERT_TRUE(EVP_MD_CTX_copy_ex(copy.get(), ctx.get()));
205 for (size_t i = 0; i < test->repeat; i++) {
206 ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input)));
207 }
208 ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len));
209 CompareDigest(test, digest.get(), digest_len);
210
211 // Make a copy of the digest with half the input provided.
212 size_t half = strlen(test->input) / 2;
213 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, half));
214 ASSERT_TRUE(EVP_MD_CTX_copy_ex(copy.get(), ctx.get()));
215 ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input + half,
216 strlen(test->input) - half));
217 for (size_t i = 1; i < test->repeat; i++) {
218 ASSERT_TRUE(EVP_DigestUpdate(copy.get(), test->input, strlen(test->input)));
219 }
220 ASSERT_TRUE(EVP_DigestFinal_ex(copy.get(), digest.get(), &digest_len));
221 CompareDigest(test, digest.get(), digest_len);
222
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]223 // Test the one-shot function.
224 if (test->md.one_shot_func && test->repeat == 1) {
225 uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input,
David Benjaminc895d6b2016-08-11 13:26:41 -0400[diff] [blame]226 strlen(test->input), digest.get());
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]227 // One-shot functions return their supplied buffers.
228 EXPECT_EQ(digest.get(), out);
229 CompareDigest(test, digest.get(), EVP_MD_size(test->md.func()));
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]230 }
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]231}
232
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]233TEST(DigestTest, TestVectors) {
234 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTestVectors); i++) {
235 SCOPED_TRACE(i);
236 TestDigest(&kTestVectors[i]);
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]237 }
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]238}
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]239
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]240TEST(DigestTest, Getters) {
241 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("RSA-SHA512"));
242 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512WithRSAEncryption"));
243 EXPECT_EQ(nullptr, EVP_get_digestbyname("nonsense"));
244 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("SHA512"));
245 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512"));
246
247 EXPECT_EQ(EVP_sha512(), EVP_get_digestbynid(NID_sha512));
248 EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_sha512WithRSAEncryption));
249 EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_undef));
Adam Langley53b272a2015-06-04 17:45:09 -0700[diff] [blame]250
Robert Sloan47f43ed2017-02-06 14:55:15 -0800[diff] [blame]251 bssl::UniquePtr<ASN1_OBJECT> obj(OBJ_txt2obj("1.3.14.3.2.26", 0));
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]252 ASSERT_TRUE(obj);
253 EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(obj.get()));
254 EXPECT_EQ(EVP_md5_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_md5_sha1)));
255 EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_sha1)));
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]256}
Robert Sloan4562e9d2017-10-02 10:26:51 -0700[diff] [blame]257
258TEST(DigestTest, ASN1) {
259 bssl::ScopedCBB cbb;
260 ASSERT_TRUE(CBB_init(cbb.get(), 0));
261 EXPECT_FALSE(EVP_marshal_digest_algorithm(cbb.get(), EVP_md5_sha1()));
262
263 static const uint8_t kSHA256[] = {0x30, 0x0d, 0x06, 0x09, 0x60,
264 0x86, 0x48, 0x01, 0x65, 0x03,
265 0x04, 0x02, 0x01, 0x05, 0x00};
266 static const uint8_t kSHA256NoParam[] = {0x30, 0x0b, 0x06, 0x09, 0x60,
267 0x86, 0x48, 0x01, 0x65, 0x03,
268 0x04, 0x02, 0x01};
269 static const uint8_t kSHA256GarbageParam[] = {
270 0x30, 0x0e, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
271 0x65, 0x03, 0x04, 0x02, 0x01, 0x02, 0x01, 0x2a};
272
273 // Serialize SHA-256.
274 cbb.Reset();
275 ASSERT_TRUE(CBB_init(cbb.get(), 0));
276 ASSERT_TRUE(EVP_marshal_digest_algorithm(cbb.get(), EVP_sha256()));
277 uint8_t *der;
278 size_t der_len;
279 ASSERT_TRUE(CBB_finish(cbb.get(), &der, &der_len));
280 bssl::UniquePtr<uint8_t> free_der(der);
281 EXPECT_EQ(Bytes(kSHA256), Bytes(der, der_len));
282
283 // Parse SHA-256.
284 CBS cbs;
285 CBS_init(&cbs, kSHA256, sizeof(kSHA256));
286 EXPECT_EQ(EVP_sha256(), EVP_parse_digest_algorithm(&cbs));
287 EXPECT_EQ(0u, CBS_len(&cbs));
288
289 // Missing parameters are tolerated for compatibility.
290 CBS_init(&cbs, kSHA256NoParam, sizeof(kSHA256NoParam));
291 EXPECT_EQ(EVP_sha256(), EVP_parse_digest_algorithm(&cbs));
292 EXPECT_EQ(0u, CBS_len(&cbs));
293
294 // Garbage parameters are not.
295 CBS_init(&cbs, kSHA256GarbageParam, sizeof(kSHA256GarbageParam));
296 EXPECT_FALSE(EVP_parse_digest_algorithm(&cbs));
297}
Robert Sloanc6ebb282018-04-30 10:10:26 -0700[diff] [blame]298
299TEST(DigestTest, TransformBlocks) {
300 uint8_t blocks[SHA256_CBLOCK * 10];
301 for (size_t i = 0; i < sizeof(blocks); i++) {
302 blocks[i] = i*3;
303 }
304
305 SHA256_CTX ctx1;
306 SHA256_Init(&ctx1);
307 SHA256_Update(&ctx1, blocks, sizeof(blocks));
308
309 SHA256_CTX ctx2;
310 SHA256_Init(&ctx2);
311 SHA256_TransformBlocks(ctx2.h, blocks, sizeof(blocks) / SHA256_CBLOCK);
312
313 EXPECT_TRUE(0 == OPENSSL_memcmp(ctx1.h, ctx2.h, sizeof(ctx1.h)));
314}