pbetest.c 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
  1. /*
  2. * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include "testutil.h"
  11. #include <openssl/evp.h>
  12. #include <openssl/x509.h>
  13. #include <openssl/rc4.h>
  14. #include <openssl/md5.h>
  15. #include <openssl/configuration.h>
  16. #include <openssl/provider.h>
  17. #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 \
  18. || !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
  19. static const char pbe_password[] = "MyVoiceIsMyPassport";
  20. static unsigned char pbe_salt[] = {
  21. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  22. };
  23. static const int pbe_iter = 1000;
  24. static unsigned char pbe_plaintext[] = {
  25. 0x57, 0x65, 0x20, 0x61, 0x72, 0x65, 0x20, 0x61,
  26. 0x6c, 0x6c, 0x20, 0x6d, 0x61, 0x64, 0x65, 0x20,
  27. 0x6f, 0x66, 0x20, 0x73, 0x74, 0x61, 0x72, 0x73,
  28. };
  29. #endif
  30. /* Expected output generated using OpenSSL 1.1.1 */
  31. #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
  32. static const unsigned char pbe_ciphertext_rc4_md5[] = {
  33. 0x21, 0x90, 0xfa, 0xee, 0x95, 0x66, 0x59, 0x45,
  34. 0xfa, 0x1e, 0x9f, 0xe2, 0x25, 0xd2, 0xf9, 0x71,
  35. 0x94, 0xe4, 0x3d, 0xc9, 0x7c, 0xb0, 0x07, 0x23,
  36. };
  37. #endif
  38. #if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
  39. static const unsigned char pbe_ciphertext_des_sha1[] = {
  40. 0xce, 0x4b, 0xb0, 0x0a, 0x7b, 0x48, 0xd7, 0xe3,
  41. 0x9a, 0x9f, 0x46, 0xd6, 0x41, 0x42, 0x4b, 0x44,
  42. 0x36, 0x45, 0x5f, 0x60, 0x8f, 0x3c, 0xd0, 0x55,
  43. 0xd0, 0x8d, 0xa9, 0xab, 0x78, 0x5b, 0x63, 0xaf,
  44. };
  45. #endif
  46. #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5 \
  47. || !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
  48. static int test_pkcs5_pbe(const EVP_CIPHER *cipher, const EVP_MD *md,
  49. const unsigned char *exp, const int exp_len)
  50. {
  51. int ret = 0;
  52. EVP_CIPHER_CTX *ctx;
  53. X509_ALGOR *algor = NULL;
  54. int i, outlen;
  55. unsigned char out[32];
  56. ctx = EVP_CIPHER_CTX_new();
  57. if (!TEST_ptr(ctx))
  58. goto err;
  59. algor = X509_ALGOR_new();
  60. if (!TEST_ptr(algor))
  61. goto err;
  62. if (!TEST_true(PKCS5_pbe_set0_algor(algor, EVP_CIPHER_nid(cipher), pbe_iter,
  63. pbe_salt, sizeof(pbe_salt)))
  64. || !TEST_true(PKCS5_PBE_keyivgen(ctx, pbe_password, strlen(pbe_password),
  65. algor->parameter, cipher, md, 1))
  66. || !TEST_true(EVP_CipherUpdate(ctx, out, &i, pbe_plaintext,
  67. sizeof(pbe_plaintext))))
  68. goto err;
  69. outlen = i;
  70. if (!TEST_true(EVP_CipherFinal_ex(ctx, out + i, &i)))
  71. goto err;
  72. outlen += i;
  73. if (!TEST_mem_eq(out, outlen, exp, exp_len))
  74. goto err;
  75. /* Decrypt */
  76. if (!TEST_true(PKCS5_PBE_keyivgen(ctx, pbe_password, strlen(pbe_password),
  77. algor->parameter, cipher, md, 0))
  78. || !TEST_true(EVP_CipherUpdate(ctx, out, &i, exp, exp_len)))
  79. goto err;
  80. outlen = i;
  81. if (!TEST_true(EVP_CipherFinal_ex(ctx, out + i, &i)))
  82. goto err;
  83. if (!TEST_mem_eq(out, outlen, pbe_plaintext, sizeof(pbe_plaintext)))
  84. goto err;
  85. ret = 1;
  86. err:
  87. EVP_CIPHER_CTX_free(ctx);
  88. X509_ALGOR_free(algor);
  89. return ret;
  90. }
  91. #endif
  92. #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
  93. static int test_pkcs5_pbe_rc4_md5(void)
  94. {
  95. return test_pkcs5_pbe(EVP_rc4(), EVP_md5(), pbe_ciphertext_rc4_md5, sizeof(pbe_ciphertext_rc4_md5));
  96. }
  97. #endif
  98. #if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
  99. static int test_pkcs5_pbe_des_sha1(void)
  100. {
  101. return test_pkcs5_pbe(EVP_des_cbc(), EVP_sha1(), pbe_ciphertext_des_sha1, sizeof(pbe_ciphertext_des_sha1));
  102. }
  103. #endif
  104. #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
  105. /*
  106. * For configurations where we are not autoloading configuration, we need
  107. * to access the legacy provider. The easiest way is to load both the
  108. * legacy and default providers directly and unload them on termination.
  109. */
  110. static OSSL_PROVIDER *legacy, *dflt;
  111. #endif
  112. int setup_tests(void)
  113. {
  114. #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
  115. /* Load required providers if not done via configuration */
  116. legacy = OSSL_PROVIDER_load(NULL, "legacy");
  117. dflt = OSSL_PROVIDER_load(NULL, "default");
  118. if (!TEST_ptr(legacy) || !TEST_ptr(dflt)) {
  119. cleanup_tests();
  120. return -1;
  121. }
  122. #endif
  123. #if !defined OPENSSL_NO_RC4 && !defined OPENSSL_NO_MD5
  124. ADD_TEST(test_pkcs5_pbe_rc4_md5);
  125. #endif
  126. #if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_SHA1
  127. ADD_TEST(test_pkcs5_pbe_des_sha1);
  128. #endif
  129. return 1;
  130. }
  131. #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
  132. void cleanup_tests(void)
  133. {
  134. /* Dispose of providers */
  135. OSSL_PROVIDER_unload(legacy);
  136. OSSL_PROVIDER_unload(dflt);
  137. legacy = dflt = NULL;
  138. }
  139. #endif