nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'crypto_unit_tests_v2_squashed'

Browse Source
This commit is contained in:
Nick Mathewson 2016-05-16 08:26:11 -04:00
commit 060e0d0a75
9 changed files with 663 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug18956 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (memory leaks):
- Fix a small, uncommon memory leak that could occur when reading a
truncated ed25519 key file. Fixes bug 18956; bugfix on 0.2.6.1-alpha.

159
src/common/crypto.c
View File

@ -171,13 +171,9 @@ crypto_log_errors(int severity, const char *doing)
if (!msg) msg = "(null)";
if (!lib) lib = "(null)";
if (!func) func = "(null)";
if (doing) {
tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
if (BUG(!doing)) doing = "(null)";
tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
doing, msg, lib, func);
} else {
tor_log(severity, LD_CRYPTO, "crypto error: %s (in %s:%s)",
msg, lib, func);
}
}
}
@ -942,6 +938,10 @@ crypto_pk_copy_full(crypto_pk_t *env)
new_key = RSAPublicKey_dup(env->key);
}
if (!new_key) {
/* LCOV_EXCL_START
*
* We can't cause RSA*Key_dup() to fail, so we can't really test this.
*/
log_err(LD_CRYPTO, "Unable to duplicate a %s key: openssl failed.",
privatekey?"private":"public");
crypto_log_errors(LOG_ERR,
@ -949,6 +949,7 @@ crypto_pk_copy_full(crypto_pk_t *env)
"Duplicating a public key");
tor_fragile_assert();
return NULL;
/* LCOV_EXCL_STOP */
}
return crypto_new_pk_from_rsa_(new_key);
@ -1699,8 +1700,10 @@ crypto_digest_algorithm_get_name(digest_algorithm_t alg)
case DIGEST_SHA3_512:
return "sha3-512";
default:
// LCOV_EXCL_START
tor_fragile_assert();
return "??unknown_digest??";
// LCOV_EXCL_STOP
}
}
@ -1790,16 +1793,46 @@ crypto_digest_alloc_bytes(digest_algorithm_t alg)
#undef STRUCT_FIELD_SIZE
}
/**
* Internal function: create and return a new digest object for 'algorithm'.
* Does not typecheck the algorithm.
*/
static crypto_digest_t *
crypto_digest_new_internal(digest_algorithm_t algorithm)
{
crypto_digest_t *r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
r->algorithm = algorithm;
switch (algorithm)
{
case DIGEST_SHA1:
SHA1_Init(&r->d.sha1);
break;
case DIGEST_SHA256:
SHA256_Init(&r->d.sha2);
break;
case DIGEST_SHA512:
SHA512_Init(&r->d.sha512);
break;
case DIGEST_SHA3_256:
keccak_digest_init(&r->d.sha3, 256);
break;
case DIGEST_SHA3_512:
keccak_digest_init(&r->d.sha3, 512);
break;
default:
tor_assert_unreached();
}
return r;
}
/** Allocate and return a new digest object to compute SHA1 digests.
*/
crypto_digest_t *
crypto_digest_new(void)
{
crypto_digest_t *r;
r = tor_malloc(crypto_digest_alloc_bytes(DIGEST_SHA1));
SHA1_Init(&r->d.sha1);
r->algorithm = DIGEST_SHA1;
return r;
return crypto_digest_new_internal(DIGEST_SHA1);
}
/** Allocate and return a new digest object to compute 256-bit digests
@ -1807,15 +1840,8 @@ crypto_digest_new(void)
crypto_digest_t *
crypto_digest256_new(digest_algorithm_t algorithm)
{
crypto_digest_t *r;
tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
if (algorithm == DIGEST_SHA256)
SHA256_Init(&r->d.sha2);
else
keccak_digest_init(&r->d.sha3, 256);
r->algorithm = algorithm;
return r;
return crypto_digest_new_internal(algorithm);
}
/** Allocate and return a new digest object to compute 512-bit digests
@ -1823,15 +1849,8 @@ crypto_digest256_new(digest_algorithm_t algorithm)
crypto_digest_t *
crypto_digest512_new(digest_algorithm_t algorithm)
{
crypto_digest_t *r;
tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
if (algorithm == DIGEST_SHA512)
SHA512_Init(&r->d.sha512);
else
keccak_digest_init(&r->d.sha3, 512);
r->algorithm = algorithm;
return r;
return crypto_digest_new_internal(algorithm);
}
/** Deallocate a digest object.
@ -1874,8 +1893,10 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len);
break;
default:
/* LCOV_EXCL_START */
tor_fragile_assert();
break;
/* LCOV_EXCL_STOP */
}
}
@ -1917,10 +1938,10 @@ crypto_digest_get_digest(crypto_digest_t *digest,
//LCOV_EXCL_START
case DIGEST_SHA3_256: /* FALLSTHROUGH */
case DIGEST_SHA3_512:
log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm);
tor_assert(0); /* This is fatal, because it should never happen. */
default:
tor_assert(0); /* Unreachable. */
log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm);
/* This is fatal, because it should never happen. */
tor_assert_unreached();
break;
//LCOV_EXCL_STOP
}
@ -1981,27 +2002,7 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_t *d = NULL;
switch (alg) {
case DIGEST_SHA1:
d = crypto_digest_new();
break;
case DIGEST_SHA256: /* FALLSTHROUGH */
case DIGEST_SHA3_256:
d = crypto_digest256_new(alg);
break;
case DIGEST_SHA512: /* FALLSTHROUGH */
case DIGEST_SHA3_512:
d = crypto_digest512_new(alg);
break;
default:
log_warn(LD_BUG, "Called with unknown algorithm %d", alg);
/* If fragile_assert is not enabled, wipe output and return
* without running any calculations */
memwipe(digest_out, 0xff, len_out);
tor_fragile_assert();
goto free;
}
crypto_digest_t *d = crypto_digest_new_internal(alg);
if (prepend)
crypto_digest_add_bytes(d, prepend, strlen(prepend));
SMARTLIST_FOREACH(lst, const char *, cp,
@ -2009,8 +2010,6 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
if (append)
crypto_digest_add_bytes(d, append, strlen(append));
crypto_digest_get_digest(d, digest_out, len_out);
free:
crypto_digest_free(d);
}
@ -2169,9 +2168,14 @@ crypto_set_tls_dh_prime(void)
int r;
/* If the space is occupied, free the previous TLS DH prime */
if (dh_param_p_tls) {
if (BUG(dh_param_p_tls)) {
/* LCOV_EXCL_START
*
* We shouldn't be calling this twice.
*/
BN_clear_free(dh_param_p_tls);
dh_param_p_tls = NULL;
/* LCOV_EXCL_STOP */
}
tls_prime = BN_new();
@ -2203,8 +2207,8 @@ init_dh_param(void)
{
BIGNUM *circuit_dh_prime;
int r;
if (dh_param_p && dh_param_g)
return;
if (BUG(dh_param_p && dh_param_g))
return; // LCOV_EXCL_LINE This function isn't supposed to be called twice.
circuit_dh_prime = BN_new();
tor_assert(circuit_dh_prime);
@ -2269,10 +2273,13 @@ crypto_dh_new(int dh_type)
return res;
err:
/* LCOV_EXCL_START
* This error condition is only reached when an allocation fails */
crypto_log_errors(LOG_WARN, "creating DH object");
if (res->dh) DH_free(res->dh); /* frees p and g too */
tor_free(res);
return NULL;
/* LCOV_EXCL_STOP */
}
/** Return a copy of <b>dh</b>, sharing its internal state. */
@ -2304,10 +2311,15 @@ crypto_dh_generate_public(crypto_dh_t *dh)
{
again:
if (!DH_generate_key(dh->dh)) {
/* LCOV_EXCL_START
* To test this we would need some way to tell openssl to break DH. */
crypto_log_errors(LOG_WARN, "generating DH key");
return -1;
/* LCOV_EXCL_STOP */
}
if (tor_check_dh_key(LOG_WARN, dh->dh->pub_key)<0) {
/* LCOV_EXCL_START
* If this happens, then openssl's DH implementation is busted. */
log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
"the-universe chances really do happen. Trying again.");
/* Free and clear the keys, so OpenSSL will actually try again. */
@ -2315,6 +2327,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
BN_clear_free(dh->dh->priv_key);
dh->dh->pub_key = dh->dh->priv_key = NULL;
goto again;
/* LCOV_EXCL_STOP */
}
return 0;
}
@ -2361,8 +2374,8 @@ tor_check_dh_key(int severity, BIGNUM *bn)
tor_assert(bn);
x = BN_new();
tor_assert(x);
if (!dh_param_p)
init_dh_param();
if (BUG(!dh_param_p))
init_dh_param(); //LCOV_EXCL_LINE we already checked whether we did this.
BN_set_word(x, 1);
if (BN_cmp(bn,x)<=0) {
log_fn(severity, LD_CRYPTO, "DH key must be at least 2.");
@ -2571,6 +2584,11 @@ crypto_seed_weak_rng(tor_weak_rng_t *rng)
tor_init_weak_random(rng, seed);
}
#ifdef TOR_UNIT_TESTS
int break_strongest_rng_syscall = 0;
int break_strongest_rng_fallback = 0;
#endif
/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
* via system calls, storing it into <b>out</b>. Return 0 on success, -1 on
* failure. A maximum request size of 256 bytes is imposed.
@ -2580,6 +2598,11 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
{
tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
#ifdef TOR_UNIT_TESTS
if (break_strongest_rng_syscall)
return -1;
#endif
#if defined(_WIN32)
static int provider_set = 0;
static HCRYPTPROV provider;
@ -2629,6 +2652,7 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
} while (ret == -1 && ((errno == EINTR) ||(errno == EAGAIN)));
if (PREDICT_UNLIKELY(ret == -1)) {
/* LCOV_EXCL_START we can't actually make the syscall fail in testing. */
tor_assert(errno != EAGAIN);
tor_assert(errno != EINTR);
@ -2636,6 +2660,7 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
log_warn(LD_CRYPTO, "Can't get entropy from getrandom().");
getrandom_works = 0; /* Don't bother trying again. */
return -1;
/* LCOV_EXCL_STOP */
}
tor_assert(ret == (long)out_len);
@ -2664,6 +2689,11 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
static int
crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
{
#ifdef TOR_UNIT_TESTS
if (break_strongest_rng_fallback)
return -1;
#endif
#ifdef _WIN32
/* Windows exclusively uses crypto_strongest_rand_syscall(). */
(void)out;
@ -2684,10 +2714,13 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
n = read_all(fd, (char*)out, out_len, 0);
close(fd);
if (n != out_len) {
/* LCOV_EXCL_START
* We can't make /dev/foorandom actually fail. */
log_warn(LD_CRYPTO,
"Error reading from entropy source (read only %lu bytes).",
(unsigned long)n);
return -1;
/* LCOV_EXCL_STOP */
}
return 0;
@ -2701,7 +2734,7 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
* storing it into <b>out</b>. Return 0 on success, -1 on failure. A maximum
* request size of 256 bytes is imposed.
*/
static int
STATIC int
crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
{
static const size_t sanity_min_size = 16;
@ -2735,13 +2768,17 @@ crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
return 0;
}
/* We tried max_attempts times to fill a buffer >= 128 bits long,
/* LCOV_EXCL_START
*
* We tried max_attempts times to fill a buffer >= 128 bits long,
* and each time it returned all '0's. Either the system entropy
* source is busted, or the user should go out and buy a ticket to
* every lottery on the planet.
*/
log_warn(LD_CRYPTO, "Strong OS entropy returned all zero buffer.");
return -1;
/* LCOV_EXCL_STOP */
}
/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
@ -2796,7 +2833,7 @@ crypto_seed_rng(void)
* functions. If one succeeds, we'll accept the RNG as seeded. */
rand_poll_ok = RAND_poll();
if (rand_poll_ok == 0)
log_warn(LD_CRYPTO, "RAND_poll() failed.");
log_warn(LD_CRYPTO, "RAND_poll() failed."); // LCOV_EXCL_LINE
load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf));
if (load_entropy_ok) {

1
src/common/crypto.h
View File

@ -317,6 +317,7 @@ void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
#ifdef CRYPTO_PRIVATE
STATIC int crypto_force_rand_ssleay(void);
STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len);
#endif
#endif

9
src/common/crypto_curve25519.c
View File

@ -65,8 +65,10 @@ STATIC int
curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret)
{
int r = 0;
if (PREDICT_UNLIKELY(curve25519_use_ed == -1)) {
if (BUG(curve25519_use_ed == -1)) {
/* LCOV_EXCL_START - Only reached if we forgot to call curve25519_init() */
pick_curve25519_basepoint_impl();
/* LCOV_EXCL_STOP */
}
/* TODO: Someone should benchmark curved25519_scalarmult_basepoint versus
@ -290,10 +292,13 @@ pick_curve25519_basepoint_impl(void)
if (curve25519_basepoint_spot_check() == 0)
return;
log_warn(LD_CRYPTO, "The ed25519-based curve25519 basepoint "
/* LCOV_EXCL_START
* only reachable if our basepoint implementation broken */
log_warn(LD_BUG|LD_CRYPTO, "The ed25519-based curve25519 basepoint "
"multiplication seems broken; using the curve25519 "
"implementation.");
curve25519_use_ed = 0;
/* LCOV_EXCL_STOP */
}
/** Initialize the curve25519 implementations. This is necessary if you're

9
src/common/crypto_ed25519.c
View File

@ -94,8 +94,8 @@ static const ed25519_impl_t *ed25519_impl = NULL;
static inline const ed25519_impl_t *
get_ed_impl(void)
{
if (PREDICT_UNLIKELY(ed25519_impl == NULL)) {
pick_ed25519_impl();
if (BUG(ed25519_impl == NULL)) {
pick_ed25519_impl(); // LCOV_EXCL_LINE - We always call ed25519_init().
}
return ed25519_impl;
}
@ -433,6 +433,7 @@ ed25519_seckey_read_from_file(ed25519_secret_key_t *seckey_out,
errno = EINVAL;
}
tor_free(*tag_out);
return -1;
}
@ -472,6 +473,7 @@ ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
errno = EINVAL;
}
tor_free(*tag_out);
return -1;
}
@ -594,9 +596,12 @@ pick_ed25519_impl(void)
if (ed25519_impl_spot_check() == 0)
return;
/* LCOV_EXCL_START
* unreachable unless ed25519_donna is broken */
log_warn(LD_CRYPTO, "The Ed25519-donna implementation seems broken; using "
"the ref10 implementation.");
ed25519_impl = &impl_ref10;
/* LCOV_EXCL_STOP */
}
/* Initialize the Ed25519 implementation. This is neccessary if you're

28
src/common/crypto_pwbox.c
View File

@ -61,7 +61,7 @@ crypto_pwbox(uint8_t **out, size_t *outlen_out,
pwbox_encoded_getarray_skey_header(enc),
S2K_MAXLEN,
s2k_flags);
if (spec_len < 0 || spec_len > S2K_MAXLEN)
if (BUG(spec_len < 0 || spec_len > S2K_MAXLEN))
goto err;
pwbox_encoded_setlen_skey_header(enc, spec_len);
enc->header_len = spec_len;
@ -76,10 +76,11 @@ crypto_pwbox(uint8_t **out, size_t *outlen_out,
/* Now that all the data is in position, derive some keys, encrypt, and
* digest */
if (secret_to_key_derivekey(keys, sizeof(keys),
const int s2k_rv = secret_to_key_derivekey(keys, sizeof(keys),
pwbox_encoded_getarray_skey_header(enc),
spec_len,
secret, secret_len) < 0)
secret, secret_len);
if (BUG(s2k_rv < 0))
goto err;
cipher = crypto_cipher_new_with_iv((char*)keys, (char*)enc->iv);
@ -87,11 +88,11 @@ crypto_pwbox(uint8_t **out, size_t *outlen_out,
crypto_cipher_free(cipher);
result_len = pwbox_encoded_encoded_len(enc);
if (result_len < 0)
if (BUG(result_len < 0))
goto err;
result = tor_malloc(result_len);
enc_len = pwbox_encoded_encode(result, result_len, enc);
if (enc_len < 0)
if (BUG(enc_len < 0))
goto err;
tor_assert(enc_len == result_len);
@ -107,9 +108,24 @@ crypto_pwbox(uint8_t **out, size_t *outlen_out,
goto out;
err:
/* LCOV_EXCL_START
This error case is often unreachable if we're correctly coded, unless
somebody adds a new error case somewhere, or unless you're building
without scrypto support.
- make_specifier can't fail, unless S2K_MAX_LEN is too short.
- secret_to_key_derivekey can't really fail unless we're missing
scrypt, or the underlying function fails, or we pass it a bogus
algorithm or parameters.
- pwbox_encoded_encoded_len can't fail unless we're using trunnel
incorrectly.
- pwbox_encoded_encode can't fail unless we're using trunnel wrong,
or it's buggy.
*/
tor_free(result);
rv = -1;
/* LCOV_EXCL_STOP */
out:
pwbox_encoded_free(enc);
memwipe(keys, 0, sizeof(keys));

2
src/common/crypto_s2k.c
View File

@ -170,7 +170,7 @@ make_specifier(uint8_t *spec_out, uint8_t type, unsigned flags)
spec_out[SCRYPT_SPEC_LEN-1] = (3u << 4) | (1u << 0);
break;
default:
tor_fragile_assert();
tor_fragile_assert(); // LCOV_EXCL_LINE - we should have returned above.
return S2K_BAD_ALGORITHM;
}

525
src/test/test_crypto.c
View File

@ -27,6 +27,7 @@ static void
test_crypto_dh(void *arg)
{
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
crypto_dh_t *dh1_dup = NULL;
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
char p1[DH_BYTES];
char p2[DH_BYTES];
@ -41,6 +42,9 @@ test_crypto_dh(void *arg)
memset(p1, 0, DH_BYTES);
memset(p2, 0, DH_BYTES);
tt_mem_op(p1,OP_EQ, p2, DH_BYTES);
tt_int_op(-1, OP_EQ, crypto_dh_get_public(dh1, p1, 6)); /* too short */
tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
tt_mem_op(p1,OP_NE, p2, DH_BYTES);
tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
@ -54,15 +58,117 @@ test_crypto_dh(void *arg)
tt_int_op(s1len,OP_EQ, s2len);
tt_mem_op(s1,OP_EQ, s2, s1len);
/* test dh_dup; make sure it works the same. */
dh1_dup = crypto_dh_dup(dh1);
s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH_BYTES, s1, 50);
tt_mem_op(s1,OP_EQ, s2, s1len);
{
/* XXXX Now fabricate some bad values and make sure they get caught,
* Check 0, 1, N-1, >= N, etc.
*/
/* Now fabricate some bad values and make sure they get caught. */
/* 1 and 0 should both fail. */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x01", 1, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
memset(p1, 0, DH_BYTES); /* 0 with padding. */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
p1[DH_BYTES-1] = 1; /* 1 with padding*/
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
/* 2 is okay, though weird. */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x02", 1, s1, 50);
tt_int_op(50, OP_EQ, s1len);
const char P[] =
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
"49286651ECE65381FFFFFFFFFFFFFFFF";
/* p-1, p, and so on are not okay. */
base16_decode(p1, sizeof(p1), P, strlen(P));
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
p1[DH_BYTES-1] = 0xFE; /* p-1 */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
p1[DH_BYTES-1] = 0xFD; /* p-2 works fine */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(50, OP_EQ, s1len);
const char P_plus_one[] =
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
"49286651ECE653820000000000000000";
base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
p1[DH_BYTES-1] = 0x01; /* p+2 */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
p1[DH_BYTES-1] = 0xff; /* p+256 */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
memset(p1, 0xff, sizeof(DH_BYTES)), /* 2^1024-1 */
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
tt_int_op(-1, OP_EQ, s1len);
}
{
/* provoke an error in the openssl DH_compute_key function; make sure we
* survive. */
tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
crypto_dh_free(dh2);
dh2= crypto_dh_new(DH_TYPE_CIRCUIT); /* no private key set */
s1len = crypto_dh_compute_secret(LOG_WARN, dh2,
p1, DH_BYTES,
s1, 50);
tt_int_op(s1len, OP_EQ, -1);
}
done:
crypto_dh_free(dh1);
crypto_dh_free(dh2);
crypto_dh_free(dh1_dup);
}
static void
test_crypto_openssl_version(void *arg)
{
(void)arg;
const char *version = crypto_openssl_get_version_str();
const char *h_version = crypto_openssl_get_header_version_str();
tt_assert(version);
tt_assert(h_version);
tt_assert(!strcmpstart(version, h_version)); /* "-fips" suffix, etc */
tt_assert(!strstr(version, "OpenSSL"));
int a=-1,b=-1,c=-1;
sscanf(version, "%d.%d.%d", &a,&b,&c);
tt_int_op(a, OP_GE, 0);
tt_int_op(b, OP_GE, 0);
tt_int_op(c, OP_GE, 0);
done:
;
}
/** Run unit tests for our random number generation function and its wrappers.
@ -73,6 +179,7 @@ test_crypto_rng(void *arg)
int i, j, allok;
char data1[100], data2[100];
double d;
char *h=NULL;
/* Try out RNG. */
(void)arg;
@ -104,9 +211,16 @@ test_crypto_rng(void *arg)
allok = 0;
tor_free(host);
}
/* Make sure crypto_random_hostname clips its inputs properly. */
h = crypto_random_hostname(20000, 9000, "www.", ".onion");
tt_assert(! strcmpstart(h,"www."));
tt_assert(! strcmpend(h,".onion"));
tt_int_op(63+4+6, OP_EQ, strlen(h));
tt_assert(allok);
done:
;
tor_free(h);
}
static void
@ -125,14 +239,103 @@ test_crypto_rng_range(void *arg)
if (x == 8)
got_largest = 1;
}
/* These fail with probability 1/10^603. */
tt_assert(got_smallest);
tt_assert(got_largest);
got_smallest = got_largest = 0;
const uint64_t ten_billion = 10 * ((uint64_t)1000000000000);
for (i = 0; i < 1000; ++i) {
uint64_t x = crypto_rand_uint64_range(ten_billion, ten_billion+10);
tt_u64_op(x, OP_GE, ten_billion);
tt_u64_op(x, OP_LT, ten_billion+10);
if (x == ten_billion)
got_smallest = 1;
if (x == ten_billion+9)
got_largest = 1;
}
tt_assert(got_smallest);
tt_assert(got_largest);
const time_t now = time(NULL);
for (i = 0; i < 2000; ++i) {
time_t x = crypto_rand_time_range(now, now+60);
tt_i64_op(x, OP_GE, now);
tt_i64_op(x, OP_LT, now+60);
if (x == now)
got_smallest = 1;
if (x == now+59)
got_largest = 1;
}
tt_assert(got_smallest);
tt_assert(got_largest);
done:
;
}
extern int break_strongest_rng_fallback;
extern int break_strongest_rng_syscall;
static void
test_crypto_rng_strongest(void *arg)
{
const char *how = arg;
int broken = 0;
if (how == NULL) {
;
} else if (!strcmp(how, "nosyscall")) {
break_strongest_rng_syscall = 1;
} else if (!strcmp(how, "nofallback")) {
break_strongest_rng_fallback = 1;
} else if (!strcmp(how, "broken")) {
broken = break_strongest_rng_syscall = break_strongest_rng_fallback = 1;
}
#define N 128
uint8_t combine_and[N];
uint8_t combine_or[N];
int i, j;
memset(combine_and, 0xff, N);
memset(combine_or, 0, N);
for (i = 0; i < 100; ++i) { /* 2^-100 chances just don't happen. */
uint8_t output[N];
memset(output, 0, N);
if (how == NULL) {
/* this one can't fail. */
crypto_strongest_rand(output, sizeof(output));
} else {
int r = crypto_strongest_rand_raw(output, sizeof(output));
if (r == -1) {
if (broken) {
goto done; /* we're fine. */
}
/* This function is allowed to break, but only if it always breaks. */
tt_int_op(i, OP_EQ, 0);
tt_skip();
} else {
tt_assert(! broken);
}
}
for (j = 0; j < N; ++j) {
combine_and[j] &= output[j];
combine_or[j] |= output[j];
}
}
for (j = 0; j < N; ++j) {
tt_int_op(combine_and[j], OP_EQ, 0);
tt_int_op(combine_or[j], OP_EQ, 0xff);
}
done:
;
#undef N
}
/* Test for rectifying openssl RAND engine. */
static void
test_crypto_rng_engine(void *arg)
@ -312,6 +515,41 @@ test_crypto_aes(void *arg)
tor_free(data3);
}
static void
test_crypto_aes_ctr_testvec(void *arg)
{
(void)arg;
char *mem_op_hex_tmp=NULL;
/* from NIST SP800-38a, section F.5 */
const char key16[] = "2b7e151628aed2a6abf7158809cf4f3c";
const char ctr16[] = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff";
const char plaintext16[] =
"6bc1bee22e409f96e93d7e117393172a"
"ae2d8a571e03ac9c9eb76fac45af8e51"
"30c81c46a35ce411e5fbc1191a0a52ef"
"f69f2445df4f9b17ad2b417be66c3710";
const char ciphertext16[] =
"874d6191b620e3261bef6864990db6ce"
"9806f66b7970fdff8617187bb9fffdff"
"5ae4df3edbd5d35e5b4f09020db03eab"
"1e031dda2fbe03d1792170a0f3009cee";
char key[16];
char iv[16];
char plaintext[16*4];
base16_decode(key, sizeof(key), key16, strlen(key16));
base16_decode(iv, sizeof(iv), ctr16, strlen(ctr16));
base16_decode(plaintext, sizeof(plaintext), plaintext16, strlen(plaintext16));
crypto_cipher_t *c = crypto_cipher_new_with_iv(key, iv);
crypto_cipher_crypt_inplace(c, plaintext, sizeof(plaintext));
test_memeq_hex(plaintext, ciphertext16);
done:
tor_free(mem_op_hex_tmp);
}
/** Run unit tests for our SHA-1 functionality */
static void
test_crypto_sha(void *arg)
@ -1114,6 +1352,31 @@ test_crypto_digests(void *arg)
crypto_pk_free(k);
}
static void
test_crypto_digest_names(void *arg)
{
static const struct {
int a; const char *n;
} names[] = {
{ DIGEST_SHA1, "sha1" },
{ DIGEST_SHA256, "sha256" },
{ DIGEST_SHA512, "sha512" },
{ DIGEST_SHA3_256, "sha3-256" },
{ DIGEST_SHA3_512, "sha3-512" },
{ -1, NULL }
};
(void)arg;
int i;
for (i = 0; names[i].n; ++i) {
tt_str_op(names[i].n, OP_EQ,crypto_digest_algorithm_get_name(names[i].a));
tt_int_op(names[i].a, OP_EQ,crypto_digest_algorithm_parse_name(names[i].n));
}
tt_int_op(-1, OP_EQ, crypto_digest_algorithm_parse_name("TimeCubeHash-4444"));
done:
;
}
#ifndef OPENSSL_1_1_API
#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
@ -1507,12 +1770,98 @@ test_crypto_hkdf_sha256(void *arg)
"b206fa34e5bc78d063fc291501beec53b36e5a0e434561200c"
"5f8bd13e0f88b3459600b4dc21d69363e2895321c06184879d"
"94b18f078411be70b767c7fc40679a9440a0c95ea83a23efbf");
done:
tor_free(mem_op_hex_tmp);
#undef EXPAND
}
static void
test_crypto_hkdf_sha256_testvecs(void *arg)
{
(void) arg;
/* Test vectors from RFC5869, sections A.1 through A.3 */
const struct {
const char *ikm16, *salt16, *info16;
int L;
const char *okm16;
} vecs[] = {
{ /* from A.1 */
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
"000102030405060708090a0b0c",
"f0f1f2f3f4f5f6f7f8f9",
42,
"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
"34007208d5b887185865"
},
{ /* from A.2 */
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
"202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f"
"404142434445464748494a4b4c4d4e4f",
"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f"
"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f"
"a0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
"d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef"
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
82,
"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c"
"59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71"
"cc30c58179ec3e87c14c01d5c1f3434f1d87"
},
{ /* from A.3 */
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
"",
"",
42,
"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d"
"9d201395faa4b61a96c8",
},
{ NULL, NULL, NULL, -1, NULL }
};
int i;
char *ikm = NULL;
char *salt = NULL;
char *info = NULL;
char *okm = NULL;
char *mem_op_hex_tmp = NULL;
for (i = 0; vecs[i].ikm16; ++i) {
size_t ikm_len = strlen(vecs[i].ikm16)/2;
size_t salt_len = strlen(vecs[i].salt16)/2;
size_t info_len = strlen(vecs[i].info16)/2;
size_t okm_len = vecs[i].L;
ikm = tor_malloc(ikm_len);
salt = tor_malloc(salt_len);
info = tor_malloc(info_len);
okm = tor_malloc(okm_len);
base16_decode(ikm, ikm_len, vecs[i].ikm16, strlen(vecs[i].ikm16));
base16_decode(salt, salt_len, vecs[i].salt16, strlen(vecs[i].salt16));
base16_decode(info, info_len, vecs[i].info16, strlen(vecs[i].info16));
int r = crypto_expand_key_material_rfc5869_sha256(
(const uint8_t*)ikm, ikm_len,
(const uint8_t*)salt, salt_len,
(const uint8_t*)info, info_len,
(uint8_t*)okm, okm_len);
tt_int_op(r, OP_EQ, 0);
test_memeq_hex(okm, vecs[i].okm16);
tor_free(ikm);
tor_free(salt);
tor_free(info);
tor_free(okm);
}
done:
tor_free(ikm);
tor_free(salt);
tor_free(info);
tor_free(okm);
tor_free(mem_op_hex_tmp);
}
static void
test_crypto_curve25519_impl(void *arg)
{
@ -1604,6 +1953,47 @@ test_crypto_curve25519_basepoint(void *arg)
;
}
static void
test_crypto_curve25519_testvec(void *arg)
{
(void)arg;
char *mem_op_hex_tmp = NULL;
/* From RFC 7748, section 6.1 */
/* Alice's private key, a: */
const char a16[] =
"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a";
/* Alice's public key, X25519(a, 9): */
const char a_pub16[] =
"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a";
/* Bob's private key, b: */
const char b16[] =
"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb";
/* Bob's public key, X25519(b, 9): */
const char b_pub16[] =
"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f";
/* Their shared secret, K: */
const char k16[] =
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742";
uint8_t a[32], b[32], a_pub[32], b_pub[32], k1[32], k2[32];
base16_decode((char*)a, sizeof(a), a16, strlen(a16));
base16_decode((char*)b, sizeof(b), b16, strlen(b16));
curve25519_basepoint_impl(a_pub, a);
curve25519_basepoint_impl(b_pub, b);
curve25519_impl(k1, a, b_pub);
curve25519_impl(k2, b, a_pub);
test_memeq_hex(a, a16);
test_memeq_hex(b, b16);
test_memeq_hex(a_pub, a_pub16);
test_memeq_hex(b_pub, b_pub16);
test_memeq_hex(k1, k16);
test_memeq_hex(k2, k16);
done:
tor_free(mem_op_hex_tmp);
}
static void
test_crypto_curve25519_wrappers(void *arg)
{
@ -1896,7 +2286,67 @@ test_crypto_ed25519_test_vectors(void *arg)
"1fbc1e08682f2cc0c92efe8f4985dec61dcbd54d4b94a22547d24451271c8b00",
"0a688e79be24f866286d4646b5d81c"
},
/* These come from draft-irtf-cfrg-eddsa-05 section 7.1 */
{
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a",
"e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e06522490155"
"5fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b",
""
},
{
"4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb",
"3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c",
"92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da"
"085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00",
"72"
},
{
"f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5",
"278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e",
"0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350"
"aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03",
"08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98"
"fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d8"
"79de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d"
"658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc"
"1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4fe"
"ba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e"
"06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbef"
"efd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7"
"aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed1"
"85ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2"
"d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24"
"554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f270"
"88d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc"
"2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b07"
"07e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128ba"
"b27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51a"
"ddd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429e"
"c96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb7"
"51fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c"
"42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8"
"ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34df"
"f7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08"
"d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649"
"de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e4"
"88acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a3"
"2ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e"
"6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5f"
"b93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b5"
"0d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1"
"369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380d"
"b2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c"
"0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0"
},
{
"833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42",
"ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf",
"dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b589"
"09351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704",
"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a"
"2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"
},
{ NULL, NULL, NULL, NULL}
};
@ -2182,6 +2632,54 @@ test_crypto_ed25519_fuzz_donna(void *arg)
;
}
static void
test_crypto_ed25519_storage(void *arg)
{
(void)arg;
ed25519_keypair_t *keypair = NULL;
ed25519_public_key_t pub;
ed25519_secret_key_t sec;
char *fname_1 = tor_strdup(get_fname("ed_seckey_1"));
char *fname_2 = tor_strdup(get_fname("ed_pubkey_2"));
char *contents = NULL;
char *tag = NULL;
keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
tt_int_op(0,OP_EQ,ed25519_keypair_generate(keypair, 0));
tt_int_op(0,OP_EQ,
ed25519_seckey_write_to_file(&keypair->seckey, fname_1, "foo"));
tt_int_op(0,OP_EQ,
ed25519_pubkey_write_to_file(&keypair->pubkey, fname_2, "bar"));
tt_int_op(-1, OP_EQ, ed25519_pubkey_read_from_file(&pub, &tag, fname_1));
tt_ptr_op(tag, OP_EQ, NULL);
tt_int_op(-1, OP_EQ, ed25519_seckey_read_from_file(&sec, &tag, fname_2));
tt_ptr_op(tag, OP_EQ, NULL);
tt_int_op(0, OP_EQ, ed25519_pubkey_read_from_file(&pub, &tag, fname_2));
tt_str_op(tag, OP_EQ, "bar");
tor_free(tag);
tt_int_op(0, OP_EQ, ed25519_seckey_read_from_file(&sec, &tag, fname_1));
tt_str_op(tag, OP_EQ, "foo");
tor_free(tag);
/* whitebox test: truncated keys. */
tt_int_op(0, ==, truncate(fname_1, 40));
tt_int_op(0, ==, truncate(fname_2, 40));
tt_int_op(-1, OP_EQ, ed25519_pubkey_read_from_file(&pub, &tag, fname_2));
tt_ptr_op(tag, OP_EQ, NULL);
tor_free(tag);
tt_int_op(-1, OP_EQ, ed25519_seckey_read_from_file(&sec, &tag, fname_1));
tt_ptr_op(tag, OP_EQ, NULL);
done:
tor_free(fname_1);
tor_free(fname_2);
tor_free(contents);
tor_free(tag);
ed25519_keypair_free(keypair);
}
static void
test_crypto_siphash(void *arg)
{
@ -2398,13 +2896,23 @@ struct testcase_t crypto_tests[] = {
CRYPTO_LEGACY(rng),
{ "rng_range", test_crypto_rng_range, 0, NULL, NULL },
{ "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL },
{ "rng_strongest", test_crypto_rng_strongest, TT_FORK, NULL, NULL },
{ "rng_strongest_nosyscall", test_crypto_rng_strongest, TT_FORK,
&passthrough_setup, (void*)"nosyscall" },
{ "rng_strongest_nofallback", test_crypto_rng_strongest, TT_FORK,
&passthrough_setup, (void*)"nofallback" },
{ "rng_strongest_broken", test_crypto_rng_strongest, TT_FORK,
&passthrough_setup, (void*)"broken" },
{ "openssl_version", test_crypto_openssl_version, TT_FORK, NULL, NULL },
{ "aes_AES", test_crypto_aes, TT_FORK, &passthrough_setup, (void*)"aes" },
{ "aes_EVP", test_crypto_aes, TT_FORK, &passthrough_setup, (void*)"evp" },
{ "aes_ctr_testvec", test_crypto_aes_ctr_testvec, 0, NULL, NULL },
CRYPTO_LEGACY(sha),
CRYPTO_LEGACY(pk),
{ "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
{ "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL },
CRYPTO_LEGACY(digests),
{ "digest_names", test_crypto_digest_names, 0, NULL, NULL },
{ "sha3", test_crypto_sha3, TT_FORK, NULL, NULL},
{ "sha3_xof", test_crypto_sha3_xof, TT_FORK, NULL, NULL},
CRYPTO_LEGACY(dh),
@ -2415,8 +2923,10 @@ struct testcase_t crypto_tests[] = {
CRYPTO_LEGACY(base32_decode),
{ "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
{ "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
{ "hkdf_sha256_testvecs", test_crypto_hkdf_sha256_testvecs, 0, NULL, NULL },
{ "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
{ "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
{ "curve25516_testvec", test_crypto_curve25519_testvec, 0, NULL, NULL },
{ "curve25519_basepoint",
test_crypto_curve25519_basepoint, TT_FORK, NULL, NULL },
{ "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
@ -2429,6 +2939,7 @@ struct testcase_t crypto_tests[] = {
ED25519_TEST(blinding, 0),
ED25519_TEST(testvectors, 0),
ED25519_TEST(fuzz_donna, TT_FORK),
{ "ed25519_storage", test_crypto_ed25519_storage, 0, NULL, NULL },
{ "siphash", test_crypto_siphash, 0, NULL, NULL },
{ "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
END_OF_TESTCASES

5
src/test/test_ntor_cl.c
View File

@ -153,7 +153,10 @@ main(int argc, char **argv)
if (argc < 2) {
fprintf(stderr, "I need arguments. Read source for more info.\n");
return 1;
} else if (!strcmp(argv[1], "client1")) {
}
curve25519_init();
if (!strcmp(argv[1], "client1")) {
return client1(argc, argv);
} else if (!strcmp(argv[1], "server1")) {
return server1(argc, argv);