1 /* Copyright 2014 The ChromiumOS Authors
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
6 /* FIPS 180-2 Tests for message digest functions. */
7
8 #include <stdio.h>
9
10 #include "2return_codes.h"
11 #include "2rsa.h"
12 #include "2sha.h"
13 #include "2sysincludes.h"
14 #include "common/tests.h"
15 #include "sha_test_vectors.h"
16
sha1_tests(void)17 static void sha1_tests(void)
18 {
19 struct vb2_hash hash;
20 uint8_t *test_inputs[3];
21 int i;
22
23 test_inputs[0] = (uint8_t *) oneblock_msg;
24 test_inputs[1] = (uint8_t *) multiblock_msg1;
25 test_inputs[2] = (uint8_t *) long_msg;
26
27 for (i = 0; i < 3; i++) {
28 TEST_SUCC(vb2_hash_calculate(false, test_inputs[i],
29 strlen((const char *)test_inputs[i]),
30 VB2_HASH_SHA1, &hash),
31 "vb2_hash_calculate() SHA-1");
32 TEST_EQ(memcmp(hash.sha1, sha1_results[i],
33 sizeof(sha1_results[i])), 0, " SHA-1 digest");
34 }
35
36 struct vb2_digest_context dc;
37 vb2_digest_init(&dc, false, VB2_HASH_SHA1, 0);
38 vb2_digest_extend(&dc, test_inputs[0],
39 strlen((const char *)test_inputs[0]));
40 TEST_EQ(vb2_digest_finalize(&dc, hash.sha1, sizeof(hash.sha1) - 1),
41 VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE,
42 "vb2_digest_finalize() SHA-1 too small");
43
44 TEST_EQ(vb2_hash_block_size(VB2_HASH_SHA1), VB2_SHA1_BLOCK_SIZE,
45 "vb2_hash_block_size(VB2_HASH_SHA1)");
46 }
47
sha256_tests(void)48 static void sha256_tests(void)
49 {
50 struct vb2_hash hash;
51 uint8_t *test_inputs[3];
52 struct vb2_sha256_context ctx;
53 const uint8_t expect_multiple[VB2_SHA256_DIGEST_SIZE] = {
54 0x07, 0x08, 0xb4, 0xca, 0x46, 0x4c, 0x40, 0x39,
55 0x07, 0x06, 0x88, 0x80, 0x30, 0x55, 0x5d, 0x86,
56 0x0e, 0x4a, 0x0d, 0x2b, 0xc6, 0xc4, 0x87, 0x39,
57 0x2c, 0x16, 0x55, 0xb0, 0x82, 0x13, 0x16, 0x29 };
58 const uint8_t extend_from[VB2_SHA256_DIGEST_SIZE] = { 0x00, };
59 const uint8_t extend_by[VB2_SHA256_BLOCK_SIZE] = { 0x00, };
60 const uint8_t expected_extend[VB2_SHA256_DIGEST_SIZE] = {
61 0x7c, 0xa5, 0x16, 0x14, 0x42, 0x5c, 0x3b, 0xa8, 0xce, 0x54,
62 0xdd, 0x2f, 0xc2, 0x02, 0x0a, 0xe7, 0xb6, 0xe5, 0x74, 0xd1,
63 0x98, 0x13, 0x6d, 0x0f, 0xae, 0x7e, 0x26, 0xcc, 0xbf, 0x0b,
64 0xe7, 0xa6 };
65 int i;
66
67 test_inputs[0] = (uint8_t *) oneblock_msg;
68 test_inputs[1] = (uint8_t *) multiblock_msg1;
69 test_inputs[2] = (uint8_t *) long_msg;
70
71 for (i = 0; i < 3; i++) {
72 TEST_SUCC(vb2_hash_calculate(false, test_inputs[i],
73 strlen((const char *)test_inputs[i]),
74 VB2_HASH_SHA256, &hash),
75 "vb2_hash_calculate() SHA-256");
76 TEST_EQ(memcmp(hash.sha256, sha256_results[i],
77 sizeof(sha256_results[i])), 0, " SHA-256 digest");
78 }
79
80 struct vb2_digest_context dc;
81 vb2_digest_init(&dc, false, VB2_HASH_SHA256, 0);
82 vb2_digest_extend(&dc, test_inputs[0], strlen((const char *)test_inputs[0]));
83 TEST_EQ(vb2_digest_finalize(&dc, hash.sha256, sizeof(hash.sha256) - 1),
84 VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE,
85 "vb2_digest_finalize() SHA-256 too small");
86
87 /* Test multiple small extends */
88 vb2_sha256_init(&ctx, VB2_HASH_SHA256);
89 vb2_sha256_update(&ctx, (uint8_t *)"test1", 5);
90 vb2_sha256_update(&ctx, (uint8_t *)"test2", 5);
91 vb2_sha256_update(&ctx, (uint8_t *)"test3", 5);
92 vb2_sha256_finalize(&ctx, hash.sha256, VB2_HASH_SHA256);
93 TEST_EQ(memcmp(hash.sha256, expect_multiple, sizeof(hash.sha256)), 0,
94 "SHA-256 multiple extends");
95
96 TEST_EQ(vb2_hash_block_size(VB2_HASH_SHA256), VB2_SHA256_BLOCK_SIZE,
97 "vb2_hash_block_size(VB2_HASH_SHA256)");
98
99 /* Test SHA256 hash extend */
100 vb2_sha256_extend(extend_from, extend_by, hash.sha256);
101 TEST_SUCC(memcmp(hash.sha256, expected_extend, sizeof(hash.sha256)), NULL);
102 }
103
sha512_tests(void)104 static void sha512_tests(void)
105 {
106 struct vb2_hash hash;
107 uint8_t *test_inputs[3];
108 int i;
109
110 test_inputs[0] = (uint8_t *) oneblock_msg;
111 test_inputs[1] = (uint8_t *) multiblock_msg2;
112 test_inputs[2] = (uint8_t *) long_msg;
113
114 for (i = 0; i < 3; i++) {
115 TEST_SUCC(vb2_hash_calculate(false, test_inputs[i],
116 strlen((const char *)test_inputs[i]),
117 VB2_HASH_SHA512, &hash),
118 "vb2_hash_calculate() SHA512");
119 TEST_EQ(memcmp(hash.sha512, sha512_results[i],
120 sizeof(sha512_results[i])), 0, " SHA-512 digest");
121 }
122
123 struct vb2_digest_context dc;
124 vb2_digest_init(&dc, false, VB2_HASH_SHA512, 0);
125 vb2_digest_extend(&dc, test_inputs[0], strlen((const char *)test_inputs[0]));
126 TEST_EQ(vb2_digest_finalize(&dc, hash.sha512, sizeof(hash.sha512) - 1),
127 VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE,
128 "vb2_digest_finalize() SHA-512 too small");
129
130 TEST_EQ(vb2_hash_block_size(VB2_HASH_SHA512), VB2_SHA512_BLOCK_SIZE,
131 "vb2_hash_block_size(VB2_HASH_SHA512)");
132 }
133
misc_tests(void)134 static void misc_tests(void)
135 {
136 uint8_t digest[VB2_SHA512_DIGEST_SIZE];
137 struct vb2_digest_context dc;
138
139 /* Crypto algorithm to hash algorithm mapping */
140 TEST_EQ(vb2_crypto_to_hash(VB2_ALG_RSA1024_SHA1), VB2_HASH_SHA1,
141 "Crypto map to SHA1");
142 TEST_EQ(vb2_crypto_to_hash(VB2_ALG_RSA2048_SHA256), VB2_HASH_SHA256,
143 "Crypto map to SHA256");
144 TEST_EQ(vb2_crypto_to_hash(VB2_ALG_RSA4096_SHA256), VB2_HASH_SHA256,
145 "Crypto map to SHA256 2");
146 TEST_EQ(vb2_crypto_to_hash(VB2_ALG_RSA8192_SHA512), VB2_HASH_SHA512,
147 "Crypto map to SHA512");
148 TEST_EQ(vb2_crypto_to_hash(VB2_ALG_COUNT), VB2_HASH_INVALID,
149 "Crypto map to invalid");
150
151 TEST_EQ(vb2_digest_size(VB2_HASH_INVALID), 0,
152 "digest size invalid alg");
153
154 TEST_EQ(vb2_hash_block_size(VB2_HASH_INVALID), 0,
155 "vb2_hash_block_size(VB2_HASH_INVALID)");
156
157 /* Test bad algorithm inside extend and finalize */
158 vb2_digest_init(&dc, false, VB2_HASH_SHA256, 0);
159 dc.hash_alg = VB2_HASH_INVALID;
160 TEST_EQ(vb2_digest_extend(&dc, digest, sizeof(digest)),
161 VB2_ERROR_SHA_EXTEND_ALGORITHM,
162 "vb2_digest_extend() invalid alg");
163 TEST_EQ(vb2_digest_finalize(&dc, digest, sizeof(digest)),
164 VB2_ERROR_SHA_FINALIZE_ALGORITHM,
165 "vb2_digest_finalize() invalid alg");
166 }
167
known_value_tests(void)168 static void known_value_tests(void)
169 {
170 const char sentinel[] = "keepme";
171 union {
172 struct vb2_hash hash;
173 char overflow[sizeof(struct vb2_hash) + 8];
174 } test;
175
176
177 #define TEST_KNOWN_VALUE(algo, str, value) \
178 TEST_EQ(vb2_digest_size(algo), sizeof(value) - 1, \
179 "Known hash size " #algo ": " #str); \
180 { \
181 char *sent_base = test.overflow + \
182 offsetof(struct vb2_hash, raw) + sizeof(value) - 1; \
183 strcpy(sent_base, sentinel); \
184 TEST_SUCC(vb2_hash_calculate(false, str, sizeof(str) - 1, \
185 algo, &test.hash), \
186 "Calculate known hash " #algo ": " #str); \
187 TEST_EQ(memcmp(test.hash.raw, value, sizeof(value) - 1), 0, \
188 "Known hash " #algo ": " #str); \
189 TEST_EQ(strcmp(sent_base, sentinel), 0, \
190 "Overflow known hash " #algo ": " #str); \
191 }
192
193 TEST_KNOWN_VALUE(VB2_HASH_SHA1, "",
194 "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
195 "\x90\xaf\xd8\x07\x09");
196 TEST_KNOWN_VALUE(VB2_HASH_SHA256, "",
197 "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
198 "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
199 "\xb8\x55");
200 TEST_KNOWN_VALUE(VB2_HASH_SHA512, "",
201 "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
202 "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
203 "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
204 "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
205 "\xf9\x27\xda\x3e");
206 TEST_KNOWN_VALUE(VB2_HASH_SHA224, "",
207 "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
208 "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f");
209 TEST_KNOWN_VALUE(VB2_HASH_SHA384, "",
210 "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
211 "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
212 "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
213 "\x98\xb9\x5b");
214
215 const char long_test_string[] = "abcdefghbcdefghicdefghijdefghijkefgh"
216 "ijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrs"
217 "mnopqrstnopqrstu";
218 TEST_KNOWN_VALUE(VB2_HASH_SHA1, long_test_string,
219 "\xa4\x9b\x24\x46\xa0\x2c\x64\x5b\xf4\x19\xf9\x95\xb6\x70\x91"
220 "\x25\x3a\x04\xa2\x59");
221 TEST_KNOWN_VALUE(VB2_HASH_SHA256, long_test_string,
222 "\xcf\x5b\x16\xa7\x78\xaf\x83\x80\x03\x6c\xe5\x9e\x7b\x04\x92"
223 "\x37\x0b\x24\x9b\x11\xe8\xf0\x7a\x51\xaf\xac\x45\x03\x7a\xfe"
224 "\xe9\xd1");
225 TEST_KNOWN_VALUE(VB2_HASH_SHA512, long_test_string,
226 "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
227 "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
228 "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
229 "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
230 "\x87\x4b\xe9\x09");
231 TEST_KNOWN_VALUE(VB2_HASH_SHA224, long_test_string,
232 "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
233 "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3");
234 TEST_KNOWN_VALUE(VB2_HASH_SHA384, long_test_string,
235 "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
236 "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
237 "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
238 "\x74\x60\x39");
239
240 /* vim helper to escape hex: <Shift+V>:s/\([a-f0-9]\{2\}\)/\\x\1/g */
241 #undef TEST_KNOWN_VALUE
242 }
243
main(int argc,char * argv[])244 int main(int argc, char *argv[])
245 {
246 /* Initialize long_msg with 'a' x 1,000,000 */
247 long_msg = (char *) malloc(1000001);
248 memset(long_msg, 'a', 1000000);
249 long_msg[1000000]=0;
250
251 sha1_tests();
252 sha256_tests();
253 sha512_tests();
254 misc_tests();
255 known_value_tests();
256
257 free(long_msg);
258
259 return gTestSuccess ? 0 : 255;
260 }
261