1 /* Copyright (c) 2020, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <stdio.h>
16 #include <string.h>
17
18 #include <string>
19
20 #include <openssl/base.h>
21 #include <openssl/aead.h>
22 #include <openssl/crypto.h>
23 #include <openssl/cipher.h>
24 #include <openssl/mem.h>
25
26 #include <gtest/gtest.h>
27
28 #include "internal.h"
29
30
31 // Test that OPENSSL_VERSION_NUMBER and OPENSSL_VERSION_TEXT are consistent.
32 // Node.js parses the version out of OPENSSL_VERSION_TEXT instead of using
33 // OPENSSL_VERSION_NUMBER.
TEST(CryptoTest,Version)34 TEST(CryptoTest, Version) {
35 char expected[512];
36 snprintf(expected, sizeof(expected), "OpenSSL %d.%d.%d ",
37 OPENSSL_VERSION_NUMBER >> 28, (OPENSSL_VERSION_NUMBER >> 20) & 0xff,
38 (OPENSSL_VERSION_NUMBER >> 12) & 0xff);
39 EXPECT_EQ(expected,
40 std::string(OPENSSL_VERSION_TEXT).substr(0, strlen(expected)));
41 }
42
TEST(CryptoTest,Strndup)43 TEST(CryptoTest, Strndup) {
44 bssl::UniquePtr<char> str(OPENSSL_strndup(nullptr, 0));
45 EXPECT_TRUE(str);
46 EXPECT_STREQ("", str.get());
47 }
48
TEST(CryptoTest,ByteSwap)49 TEST(CryptoTest, ByteSwap) {
50 EXPECT_EQ(0x04030201u, CRYPTO_bswap4(0x01020304u));
51 EXPECT_EQ(UINT64_C(0x0807060504030201),
52 CRYPTO_bswap8(UINT64_C(0x0102030405060708)));
53 }
54
55 #if defined(BORINGSSL_FIPS_COUNTERS)
56 using CounterArray = size_t[fips_counter_max + 1];
57
read_all_counters(CounterArray counters)58 static void read_all_counters(CounterArray counters) {
59 for (int counter = 0; counter <= fips_counter_max; counter++) {
60 counters[counter] = FIPS_read_counter(static_cast<fips_counter_t>(counter));
61 }
62 }
63
expect_counter_delta_is_zero_except_for_a_one_at(CounterArray before,CounterArray after,fips_counter_t position)64 static void expect_counter_delta_is_zero_except_for_a_one_at(
65 CounterArray before, CounterArray after, fips_counter_t position) {
66 for (int counter = 0; counter <= fips_counter_max; counter++) {
67 const size_t expected_delta = counter == position ? 1 : 0;
68 EXPECT_EQ(after[counter], before[counter] + expected_delta) << counter;
69 }
70 }
71
TEST(CryptoTest,FIPSCountersEVP)72 TEST(CryptoTest, FIPSCountersEVP) {
73 constexpr struct {
74 const EVP_CIPHER *(*cipher)();
75 fips_counter_t counter;
76 } kTests[] = {
77 {
78 EVP_aes_128_gcm,
79 fips_counter_evp_aes_128_gcm,
80 },
81 {
82 EVP_aes_256_gcm,
83 fips_counter_evp_aes_256_gcm,
84 },
85 {
86 EVP_aes_128_ctr,
87 fips_counter_evp_aes_128_ctr,
88 },
89 {
90 EVP_aes_256_ctr,
91 fips_counter_evp_aes_256_ctr,
92 },
93 };
94
95 uint8_t key[EVP_MAX_KEY_LENGTH] = {0};
96 uint8_t iv[EVP_MAX_IV_LENGTH] = {1};
97 CounterArray before, after;
98 for (const auto &test : kTests) {
99 read_all_counters(before);
100 bssl::ScopedEVP_CIPHER_CTX ctx;
101 ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), test.cipher(), /*engine=*/nullptr,
102 key, iv));
103 read_all_counters(after);
104
105 expect_counter_delta_is_zero_except_for_a_one_at(before, after,
106 test.counter);
107 }
108 }
109
TEST(CryptoTest,FIPSCountersEVP_AEAD)110 TEST(CryptoTest, FIPSCountersEVP_AEAD) {
111 constexpr struct {
112 const EVP_AEAD *(*aead)();
113 unsigned key_len;
114 fips_counter_t counter;
115 } kTests[] = {
116 {
117 EVP_aead_aes_128_gcm,
118 16,
119 fips_counter_evp_aes_128_gcm,
120 },
121 {
122 EVP_aead_aes_256_gcm,
123 32,
124 fips_counter_evp_aes_256_gcm,
125 },
126 };
127
128 uint8_t key[EVP_AEAD_MAX_KEY_LENGTH] = {0};
129 CounterArray before, after;
130 for (const auto &test : kTests) {
131 ASSERT_LE(test.key_len, sizeof(key));
132
133 read_all_counters(before);
134 bssl::ScopedEVP_AEAD_CTX ctx;
135 ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), test.aead(), key, test.key_len,
136 EVP_AEAD_DEFAULT_TAG_LENGTH,
137 /*engine=*/nullptr));
138 read_all_counters(after);
139
140 expect_counter_delta_is_zero_except_for_a_one_at(before, after,
141 test.counter);
142 }
143 }
144
145 #endif // BORINGSSL_FIPS_COUNTERS
146
TEST(Crypto,QueryAlgorithmStatus)147 TEST(Crypto, QueryAlgorithmStatus) {
148 #if defined(BORINGSSL_FIPS)
149 const bool is_fips_build = true;
150 #else
151 const bool is_fips_build = false;
152 #endif
153
154 EXPECT_EQ(FIPS_query_algorithm_status("AES-GCM"), is_fips_build);
155 EXPECT_EQ(FIPS_query_algorithm_status("AES-ECB"), is_fips_build);
156
157 EXPECT_FALSE(FIPS_query_algorithm_status("FakeEncrypt"));
158 EXPECT_FALSE(FIPS_query_algorithm_status(""));
159 }
160
161 #if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN)
TEST(Crypto,OnDemandIntegrityTest)162 TEST(Crypto, OnDemandIntegrityTest) {
163 BORINGSSL_integrity_test();
164 }
165 #endif
166
DeprecatedFunction()167 OPENSSL_DEPRECATED static void DeprecatedFunction() {}
168
169 OPENSSL_BEGIN_ALLOW_DEPRECATED
TEST(CryptoTest,DeprecatedFunction)170 TEST(CryptoTest, DeprecatedFunction) {
171 // This is deprecated, but should not trigger any warnings.
172 DeprecatedFunction();
173 }
174 OPENSSL_END_ALLOW_DEPRECATED
175