1/* Copyright (c) 2014, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15#include <stdint.h> 16#include <stdio.h> 17#include <string.h> 18 19#include <memory> 20 21#include <gtest/gtest.h> 22 23#include <openssl/asn1.h> 24#include <openssl/crypto.h> 25#include <openssl/digest.h> 26#include <openssl/err.h> 27#include <openssl/md4.h> 28#include <openssl/md5.h> 29#include <openssl/nid.h> 30#include <openssl/obj.h> 31#include <openssl/sha.h> 32 33#include "../internal.h" 34 35 36struct MD { 37 // name is the name of the digest. 38 const char* name; 39 // md_func is the digest to test. 40 const EVP_MD *(*func)(void); 41 // one_shot_func is the convenience one-shot version of the 42 // digest. 43 uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *); 44}; 45 46static const MD md4 = { "MD4", &EVP_md4, nullptr }; 47static const MD md5 = { "MD5", &EVP_md5, &MD5 }; 48static const MD sha1 = { "SHA1", &EVP_sha1, &SHA1 }; 49static const MD sha224 = { "SHA224", &EVP_sha224, &SHA224 }; 50static const MD sha256 = { "SHA256", &EVP_sha256, &SHA256 }; 51static const MD sha384 = { "SHA384", &EVP_sha384, &SHA384 }; 52static const MD sha512 = { "SHA512", &EVP_sha512, &SHA512 }; 53static const MD md5_sha1 = { "MD5-SHA1", &EVP_md5_sha1, nullptr }; 54 55struct TestVector { 56 // md is the digest to test. 57 const MD &md; 58 // input is a NUL-terminated string to hash. 59 const char *input; 60 // repeat is the number of times to repeat input. 61 size_t repeat; 62 // expected_hex is the expected digest in hexadecimal. 63 const char *expected_hex; 64}; 65 66static const TestVector kTestVectors[] = { 67 // MD4 tests, from RFC 1320. (crypto/md4 does not provide a 68 // one-shot MD4 function.) 69 { md4, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0" }, 70 { md4, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24" }, 71 { md4, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d" }, 72 { md4, "message digest", 1, "d9130a8164549fe818874806e1c7014b" }, 73 { md4, "abcdefghijklmnopqrstuvwxyz", 1, 74 "d79e1c308aa5bbcdeea8ed63df412da9" }, 75 { md4, 76 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, 77 "043f8582f241db351ce627e153e7f0e4" }, 78 { md4, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536" }, 79 80 // MD5 tests, from RFC 1321. 81 { md5, "", 1, "d41d8cd98f00b204e9800998ecf8427e" }, 82 { md5, "a", 1, "0cc175b9c0f1b6a831c399e269772661" }, 83 { md5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72" }, 84 { md5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0" }, 85 { md5, "abcdefghijklmnopqrstuvwxyz", 1, 86 "c3fcd3d76192e4007dfb496cca67e13b" }, 87 { md5, 88 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1, 89 "d174ab98d277d9f5a5611c2c9f419d9f" }, 90 { md5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a" }, 91 92 // SHA-1 tests, from RFC 3174. 93 { sha1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d" }, 94 { sha1, 95 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, 96 "84983e441c3bd26ebaae4aa1f95129e5e54670f1" }, 97 { sha1, "a", 1000000, "34aa973cd4c4daa4f61eeb2bdbad27316534016f" }, 98 { sha1, 99 "0123456701234567012345670123456701234567012345670123456701234567", 10, 100 "dea356a2cddd90c7a7ecedc5ebb563934f460452" }, 101 102 // SHA-224 tests, from RFC 3874. 103 { sha224, "abc", 1, 104 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7" }, 105 { sha224, 106 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, 107 "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525" }, 108 { sha224, 109 "a", 1000000, 110 "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67" }, 111 112 // SHA-256 tests, from NIST. 113 { sha256, "abc", 1, 114 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" }, 115 { sha256, 116 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, 117 "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1" }, 118 119 // SHA-384 tests, from NIST. 120 { sha384, "abc", 1, 121 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed" 122 "8086072ba1e7cc2358baeca134c825a7" }, 123 { sha384, 124 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" 125 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, 126 "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712" 127 "fcc7c71a557e2db966c3e9fa91746039" }, 128 129 // SHA-512 tests, from NIST. 130 { sha512, "abc", 1, 131 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" 132 "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f" }, 133 { sha512, 134 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" 135 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1, 136 "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018" 137 "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" }, 138 139 // MD5-SHA1 tests. 140 { md5_sha1, "abc", 1, 141 "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d" }, 142}; 143 144static void CompareDigest(const TestVector *test, 145 const uint8_t *digest, 146 size_t digest_len) { 147 static const char kHexTable[] = "0123456789abcdef"; 148 char digest_hex[2*EVP_MAX_MD_SIZE + 1]; 149 150 for (size_t i = 0; i < digest_len; i++) { 151 digest_hex[2*i] = kHexTable[digest[i] >> 4]; 152 digest_hex[2*i + 1] = kHexTable[digest[i] & 0xf]; 153 } 154 digest_hex[2*digest_len] = '\0'; 155 156 EXPECT_STREQ(test->expected_hex, digest_hex); 157} 158 159static void TestDigest(const TestVector *test) { 160 bssl::ScopedEVP_MD_CTX ctx; 161 162 // Test the input provided. 163 ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL)); 164 for (size_t i = 0; i < test->repeat; i++) { 165 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input))); 166 } 167 std::unique_ptr<uint8_t[]> digest(new uint8_t[EVP_MD_size(test->md.func())]); 168 unsigned digest_len; 169 ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); 170 CompareDigest(test, digest.get(), digest_len); 171 172 // Test the input one character at a time. 173 ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL)); 174 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), NULL, 0)); 175 for (size_t i = 0; i < test->repeat; i++) { 176 for (const char *p = test->input; *p; p++) { 177 ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), p, 1)); 178 } 179 } 180 ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len)); 181 EXPECT_EQ(EVP_MD_size(test->md.func()), digest_len); 182 CompareDigest(test, digest.get(), digest_len); 183 184 // Test the one-shot function. 185 if (test->md.one_shot_func && test->repeat == 1) { 186 uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input, 187 strlen(test->input), digest.get()); 188 // One-shot functions return their supplied buffers. 189 EXPECT_EQ(digest.get(), out); 190 CompareDigest(test, digest.get(), EVP_MD_size(test->md.func())); 191 } 192} 193 194TEST(DigestTest, TestVectors) { 195 for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTestVectors); i++) { 196 SCOPED_TRACE(i); 197 TestDigest(&kTestVectors[i]); 198 } 199} 200 201TEST(DigestTest, Getters) { 202 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("RSA-SHA512")); 203 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512WithRSAEncryption")); 204 EXPECT_EQ(nullptr, EVP_get_digestbyname("nonsense")); 205 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("SHA512")); 206 EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512")); 207 208 EXPECT_EQ(EVP_sha512(), EVP_get_digestbynid(NID_sha512)); 209 EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_sha512WithRSAEncryption)); 210 EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_undef)); 211 212 bssl::UniquePtr<ASN1_OBJECT> obj(OBJ_txt2obj("1.3.14.3.2.26", 0)); 213 ASSERT_TRUE(obj); 214 EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(obj.get())); 215 EXPECT_EQ(EVP_md5_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_md5_sha1))); 216 EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_sha1))); 217} 218