1/* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdint.h>
16#include <stdio.h>
17#include <string.h>
18
19#include <memory>
20
21#include <gtest/gtest.h>
22
23#include <openssl/asn1.h>
24#include <openssl/crypto.h>
25#include <openssl/digest.h>
26#include <openssl/err.h>
27#include <openssl/md4.h>
28#include <openssl/md5.h>
29#include <openssl/nid.h>
30#include <openssl/obj.h>
31#include <openssl/sha.h>
32
33#include "../internal.h"
34
35
36struct MD {
37  // name is the name of the digest.
38  const char* name;
39  // md_func is the digest to test.
40  const EVP_MD *(*func)(void);
41  // one_shot_func is the convenience one-shot version of the
42  // digest.
43  uint8_t *(*one_shot_func)(const uint8_t *, size_t, uint8_t *);
44};
45
46static const MD md4 = { "MD4", &EVP_md4, nullptr };
47static const MD md5 = { "MD5", &EVP_md5, &MD5 };
48static const MD sha1 = { "SHA1", &EVP_sha1, &SHA1 };
49static const MD sha224 = { "SHA224", &EVP_sha224, &SHA224 };
50static const MD sha256 = { "SHA256", &EVP_sha256, &SHA256 };
51static const MD sha384 = { "SHA384", &EVP_sha384, &SHA384 };
52static const MD sha512 = { "SHA512", &EVP_sha512, &SHA512 };
53static const MD md5_sha1 = { "MD5-SHA1", &EVP_md5_sha1, nullptr };
54
55struct TestVector {
56  // md is the digest to test.
57  const MD &md;
58  // input is a NUL-terminated string to hash.
59  const char *input;
60  // repeat is the number of times to repeat input.
61  size_t repeat;
62  // expected_hex is the expected digest in hexadecimal.
63  const char *expected_hex;
64};
65
66static const TestVector kTestVectors[] = {
67    // MD4 tests, from RFC 1320. (crypto/md4 does not provide a
68    // one-shot MD4 function.)
69    { md4, "", 1, "31d6cfe0d16ae931b73c59d7e0c089c0" },
70    { md4, "a", 1, "bde52cb31de33e46245e05fbdbd6fb24" },
71    { md4, "abc", 1, "a448017aaf21d8525fc10ae87aa6729d" },
72    { md4, "message digest", 1, "d9130a8164549fe818874806e1c7014b" },
73    { md4, "abcdefghijklmnopqrstuvwxyz", 1,
74      "d79e1c308aa5bbcdeea8ed63df412da9" },
75    { md4,
76      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1,
77      "043f8582f241db351ce627e153e7f0e4" },
78    { md4, "1234567890", 8, "e33b4ddc9c38f2199c3e7b164fcc0536" },
79
80    // MD5 tests, from RFC 1321.
81    { md5, "", 1, "d41d8cd98f00b204e9800998ecf8427e" },
82    { md5, "a", 1, "0cc175b9c0f1b6a831c399e269772661" },
83    { md5, "abc", 1, "900150983cd24fb0d6963f7d28e17f72" },
84    { md5, "message digest", 1, "f96b697d7cb7938d525a2f31aaf161d0" },
85    { md5, "abcdefghijklmnopqrstuvwxyz", 1,
86      "c3fcd3d76192e4007dfb496cca67e13b" },
87    { md5,
88      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1,
89      "d174ab98d277d9f5a5611c2c9f419d9f" },
90    { md5, "1234567890", 8, "57edf4a22be3c955ac49da2e2107b67a" },
91
92    // SHA-1 tests, from RFC 3174.
93    { sha1, "abc", 1, "a9993e364706816aba3e25717850c26c9cd0d89d" },
94    { sha1,
95      "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
96      "84983e441c3bd26ebaae4aa1f95129e5e54670f1" },
97    { sha1, "a", 1000000, "34aa973cd4c4daa4f61eeb2bdbad27316534016f" },
98    { sha1,
99      "0123456701234567012345670123456701234567012345670123456701234567", 10,
100      "dea356a2cddd90c7a7ecedc5ebb563934f460452" },
101
102    // SHA-224 tests, from RFC 3874.
103    { sha224, "abc", 1,
104      "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7" },
105    { sha224,
106      "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
107      "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525" },
108    { sha224,
109      "a", 1000000,
110      "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67" },
111
112    // SHA-256 tests, from NIST.
113    { sha256, "abc", 1,
114      "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" },
115    { sha256,
116      "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
117      "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1" },
118
119    // SHA-384 tests, from NIST.
120    { sha384, "abc", 1,
121      "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed"
122      "8086072ba1e7cc2358baeca134c825a7" },
123    { sha384,
124      "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
125      "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1,
126      "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712"
127      "fcc7c71a557e2db966c3e9fa91746039" },
128
129    // SHA-512 tests, from NIST.
130    { sha512, "abc", 1,
131      "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
132      "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f" },
133    { sha512,
134      "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
135      "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 1,
136      "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018"
137      "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" },
138
139    // MD5-SHA1 tests.
140    { md5_sha1, "abc", 1,
141      "900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d" },
142};
143
144static void CompareDigest(const TestVector *test,
145                          const uint8_t *digest,
146                          size_t digest_len) {
147  static const char kHexTable[] = "0123456789abcdef";
148  char digest_hex[2*EVP_MAX_MD_SIZE + 1];
149
150  for (size_t i = 0; i < digest_len; i++) {
151    digest_hex[2*i] = kHexTable[digest[i] >> 4];
152    digest_hex[2*i + 1] = kHexTable[digest[i] & 0xf];
153  }
154  digest_hex[2*digest_len] = '\0';
155
156  EXPECT_STREQ(test->expected_hex, digest_hex);
157}
158
159static void TestDigest(const TestVector *test) {
160  bssl::ScopedEVP_MD_CTX ctx;
161
162  // Test the input provided.
163  ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL));
164  for (size_t i = 0; i < test->repeat; i++) {
165    ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input)));
166  }
167  std::unique_ptr<uint8_t[]> digest(new uint8_t[EVP_MD_size(test->md.func())]);
168  unsigned digest_len;
169  ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len));
170  CompareDigest(test, digest.get(), digest_len);
171
172  // Test the input one character at a time.
173  ASSERT_TRUE(EVP_DigestInit_ex(ctx.get(), test->md.func(), NULL));
174  ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), NULL, 0));
175  for (size_t i = 0; i < test->repeat; i++) {
176    for (const char *p = test->input; *p; p++) {
177      ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), p, 1));
178    }
179  }
180  ASSERT_TRUE(EVP_DigestFinal_ex(ctx.get(), digest.get(), &digest_len));
181  EXPECT_EQ(EVP_MD_size(test->md.func()), digest_len);
182  CompareDigest(test, digest.get(), digest_len);
183
184  // Test the one-shot function.
185  if (test->md.one_shot_func && test->repeat == 1) {
186    uint8_t *out = test->md.one_shot_func((const uint8_t *)test->input,
187                                          strlen(test->input), digest.get());
188    // One-shot functions return their supplied buffers.
189    EXPECT_EQ(digest.get(), out);
190    CompareDigest(test, digest.get(), EVP_MD_size(test->md.func()));
191  }
192}
193
194TEST(DigestTest, TestVectors) {
195  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTestVectors); i++) {
196    SCOPED_TRACE(i);
197    TestDigest(&kTestVectors[i]);
198  }
199}
200
201TEST(DigestTest, Getters) {
202  EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("RSA-SHA512"));
203  EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512WithRSAEncryption"));
204  EXPECT_EQ(nullptr, EVP_get_digestbyname("nonsense"));
205  EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("SHA512"));
206  EXPECT_EQ(EVP_sha512(), EVP_get_digestbyname("sha512"));
207
208  EXPECT_EQ(EVP_sha512(), EVP_get_digestbynid(NID_sha512));
209  EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_sha512WithRSAEncryption));
210  EXPECT_EQ(nullptr, EVP_get_digestbynid(NID_undef));
211
212  bssl::UniquePtr<ASN1_OBJECT> obj(OBJ_txt2obj("1.3.14.3.2.26", 0));
213  ASSERT_TRUE(obj);
214  EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(obj.get()));
215  EXPECT_EQ(EVP_md5_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_md5_sha1)));
216  EXPECT_EQ(EVP_sha1(), EVP_get_digestbyobj(OBJ_nid2obj(NID_sha1)));
217}
218