summaryrefslogtreecommitdiff
path: root/test/testcrypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/testcrypto.c')
-rw-r--r--test/testcrypto.c909
1 files changed, 783 insertions, 126 deletions
diff --git a/test/testcrypto.c b/test/testcrypto.c
index 335c3ae65d775..865cffc6d5ede 100644
--- a/test/testcrypto.c
+++ b/test/testcrypto.c
@@ -33,22 +33,32 @@ static const apr_crypto_driver_t *get_driver(abts_case *tc, apr_pool_t *pool,
{
const apr_crypto_driver_t *driver = NULL;
- const apu_err_t *err = NULL;
+ const apu_err_t *result = NULL;
apr_status_t rv;
rv = apr_crypto_init(pool);
ABTS_ASSERT(tc, "failed to init apr_crypto", rv == APR_SUCCESS);
- rv = apr_crypto_get_driver(&driver, name, params, &err, pool);
- if (APR_SUCCESS != rv && err) {
- ABTS_NOT_IMPL(tc, err->msg);
+ rv = apr_crypto_get_driver(&driver, name, params, &result, pool);
+ if (APR_ENOTIMPL == rv) {
+ ABTS_NOT_IMPL(tc,
+ apr_psprintf(pool, "Crypto driver '%s' not implemented", (char *)name));
return NULL;
}
- if (APR_ENOTIMPL == rv) {
- ABTS_NOT_IMPL(tc, (char *)driver);
+ if (APR_EDSOOPEN == rv) {
+ ABTS_NOT_IMPL(tc,
+ apr_psprintf(pool, "Crypto driver '%s' DSO could not be opened", (char *)name));
return NULL;
}
- ABTS_ASSERT(tc, "failed to apr_crypto_get_driver", rv == APR_SUCCESS);
+ if (APR_SUCCESS != rv && result) {
+ char err[1024];
+ apr_strerror(rv, err, sizeof(err) - 1);
+ fprintf(stderr, "get_driver error %d: %s: '%s' native error %d: %s (%s),",
+ rv, err, name, result->rc, result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
+ }
+ ABTS_ASSERT(tc, apr_psprintf(pool, "failed to apr_crypto_get_driver for '%s' with %d",
+ name, rv), rv == APR_SUCCESS);
ABTS_ASSERT(tc, "apr_crypto_get_driver returned NULL", driver != NULL);
if (!driver || rv) {
return NULL;
@@ -63,7 +73,7 @@ static const apr_crypto_driver_t *get_nss_driver(abts_case *tc,
{
/* initialise NSS */
- return get_driver(tc, pool, "nss", "dir=data");
+ return get_driver(tc, pool, "nss", "");
}
@@ -75,6 +85,14 @@ static const apr_crypto_driver_t *get_openssl_driver(abts_case *tc,
}
+static const apr_crypto_driver_t *get_commoncrypto_driver(abts_case *tc,
+ apr_pool_t *pool)
+{
+
+ return get_driver(tc, pool, "commoncrypto", NULL);
+
+}
+
static apr_crypto_t *make(abts_case *tc, apr_pool_t *pool,
const apr_crypto_driver_t *driver)
{
@@ -93,6 +111,59 @@ static apr_crypto_t *make(abts_case *tc, apr_pool_t *pool,
}
+static const apr_crypto_key_t *keysecret(abts_case *tc, apr_pool_t *pool,
+ const apr_crypto_driver_t *driver, const apr_crypto_t *f,
+ apr_crypto_block_key_type_e type, apr_crypto_block_key_mode_e mode,
+ int doPad, apr_size_t secretLen, const char *description)
+{
+ apr_crypto_key_t *key = NULL;
+ const apu_err_t *result = NULL;
+ apr_crypto_key_rec_t *rec = apr_pcalloc(pool, sizeof(apr_crypto_key_rec_t));
+ apr_status_t rv;
+
+ if (!f) {
+ return NULL;
+ }
+
+ rec->ktype = APR_CRYPTO_KTYPE_SECRET;
+ rec->type = type;
+ rec->mode = mode;
+ rec->pad = doPad;
+ rec->k.secret.secret = apr_pcalloc(pool, secretLen);
+ rec->k.secret.secretLen = secretLen;
+
+ /* init the passphrase */
+ rv = apr_crypto_key(&key, rec, f, pool);
+ if (APR_ENOCIPHER == rv) {
+ apr_crypto_error(&result, f);
+ ABTS_NOT_IMPL(tc,
+ apr_psprintf(pool, "skipped: %s %s key return APR_ENOCIPHER: error %d: %s (%s)\n", description, apr_crypto_driver_name(driver), result->rc, result->reason ? result->reason : "", result->msg ? result->msg : ""));
+ return NULL;
+ }
+ else {
+ if (APR_SUCCESS != rv) {
+ apr_crypto_error(&result, f);
+ fprintf(stderr, "key: %s %s apr error %d / native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
+ result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
+ }
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_EKEYLENGTH", rv != APR_EKEYLENGTH);
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_ENOKEY", rv != APR_ENOKEY);
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_EPADDING",
+ rv != APR_EPADDING);
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_EKEYTYPE",
+ rv != APR_EKEYTYPE);
+ ABTS_ASSERT(tc, "failed to apr_crypto_key", rv == APR_SUCCESS);
+ ABTS_ASSERT(tc, "apr_crypto_key returned NULL context", key != NULL);
+ }
+ if (rv) {
+ return NULL;
+ }
+ return key;
+
+}
+
static const apr_crypto_key_t *passphrase(abts_case *tc, apr_pool_t *pool,
const apr_crypto_driver_t *driver, const apr_crypto_t *f,
apr_crypto_block_key_type_e type, apr_crypto_block_key_mode_e mode,
@@ -124,8 +195,8 @@ static const apr_crypto_key_t *passphrase(abts_case *tc, apr_pool_t *pool,
else {
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "passphrase: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
+ fprintf(stderr, "passphrase: %s %s apr error %d / native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
result->reason ? result->reason : "",
result->msg ? result->msg : "");
}
@@ -142,6 +213,64 @@ static const apr_crypto_key_t *passphrase(abts_case *tc, apr_pool_t *pool,
}
+static const apr_crypto_key_t *keypassphrase(abts_case *tc, apr_pool_t *pool,
+ const apr_crypto_driver_t *driver, const apr_crypto_t *f,
+ apr_crypto_block_key_type_e type, apr_crypto_block_key_mode_e mode,
+ int doPad, const char *description)
+{
+
+ apr_crypto_key_t *key = NULL;
+ const apu_err_t *result = NULL;
+ const char *pass = "secret";
+ const char *salt = "salt";
+ apr_crypto_key_rec_t *rec = apr_pcalloc(pool, sizeof(apr_crypto_key_rec_t));
+ apr_status_t rv;
+
+ if (!f) {
+ return NULL;
+ }
+
+ rec->ktype = APR_CRYPTO_KTYPE_PASSPHRASE;
+ rec->type = type;
+ rec->mode = mode;
+ rec->pad = doPad;
+ rec->k.passphrase.pass = pass;
+ rec->k.passphrase.passLen = strlen(pass);
+ rec->k.passphrase.salt = (unsigned char *)salt;
+ rec->k.passphrase.saltLen = strlen(salt);
+ rec->k.passphrase.iterations = 4096;
+
+ /* init the passphrase */
+ rv = apr_crypto_key(&key, rec, f, pool);
+ if (APR_ENOCIPHER == rv) {
+ apr_crypto_error(&result, f);
+ ABTS_NOT_IMPL(tc, apr_psprintf(pool,
+ "skipped: %s %s key passphrase return APR_ENOCIPHER: error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), result->rc,
+ result->reason ? result->reason : "", result->msg ? result->msg : ""));
+ return NULL;
+ }
+ else {
+ if (APR_SUCCESS != rv) {
+ apr_crypto_error(&result, f);
+ fprintf(stderr, "key passphrase: %s %s apr error %d / native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
+ result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
+ }
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_ENOKEY", rv != APR_ENOKEY);
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_EPADDING", rv != APR_EPADDING);
+ ABTS_ASSERT(tc, "apr_crypto_key returned APR_EKEYTYPE", rv != APR_EKEYTYPE);
+ ABTS_ASSERT(tc, "failed to apr_crypto_key", rv == APR_SUCCESS);
+ ABTS_ASSERT(tc, "apr_crypto_key returned NULL context", key != NULL);
+ }
+ if (rv) {
+ return NULL;
+ }
+ return key;
+
+}
+
static unsigned char *encrypt_block(abts_case *tc, apr_pool_t *pool,
const apr_crypto_driver_t *driver, const apr_crypto_t *f,
const apr_crypto_key_t *key, const unsigned char *in,
@@ -167,17 +296,27 @@ static unsigned char *encrypt_block(abts_case *tc, apr_pool_t *pool,
else {
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "encrypt_init: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
+ fprintf(stderr,
+ "encrypt_init: %s %s (APR %d) native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
result->reason ? result->reason : "",
result->msg ? result->msg : "");
}
- ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_ENOKEY", rv != APR_ENOKEY);
- ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_ENOIV", rv != APR_ENOIV);
- ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_EKEYTYPE", rv != APR_EKEYTYPE);
- ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_EKEYLENGTH", rv != APR_EKEYLENGTH);
- ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt_init", rv == APR_SUCCESS);
- ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned NULL context", block != NULL);
+ ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_ENOKEY",
+ rv != APR_ENOKEY);
+ ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_ENOIV",
+ rv != APR_ENOIV);
+ ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_EKEYTYPE",
+ rv != APR_EKEYTYPE);
+ ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_EKEYLENGTH",
+ rv != APR_EKEYLENGTH);
+ ABTS_ASSERT(tc,
+ "apr_crypto_block_encrypt_init returned APR_ENOTENOUGHENTROPY",
+ rv != APR_ENOTENOUGHENTROPY);
+ ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt_init",
+ rv == APR_SUCCESS);
+ ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned NULL context",
+ block != NULL);
}
if (!block || rv) {
return NULL;
@@ -187,10 +326,10 @@ static unsigned char *encrypt_block(abts_case *tc, apr_pool_t *pool,
rv = apr_crypto_block_encrypt(cipherText, cipherTextLen, in, inlen, block);
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "encrypt: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
- result->reason ? result->reason : "", result->msg ? result->msg
- : "");
+ fprintf(stderr, "encrypt: %s %s (APR %d) native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
+ result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
}
ABTS_ASSERT(tc, "apr_crypto_block_encrypt returned APR_ECRYPT", rv != APR_ECRYPT);
ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt", rv == APR_SUCCESS);
@@ -204,13 +343,15 @@ static unsigned char *encrypt_block(abts_case *tc, apr_pool_t *pool,
block);
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "encrypt_finish: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
- result->reason ? result->reason : "", result->msg ? result->msg
- : "");
+ fprintf(stderr,
+ "encrypt_finish: %s %s (APR %d) native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
+ result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
}
ABTS_ASSERT(tc, "apr_crypto_block_encrypt_finish returned APR_ECRYPT", rv != APR_ECRYPT);
ABTS_ASSERT(tc, "apr_crypto_block_encrypt_finish returned APR_EPADDING", rv != APR_EPADDING);
+ ABTS_ASSERT(tc, "apr_crypto_block_encrypt_finish returned APR_ENOSPACE", rv != APR_ENOSPACE);
ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt_finish", rv == APR_SUCCESS);
*cipherTextLen += len;
apr_crypto_block_cleanup(block);
@@ -247,8 +388,9 @@ static unsigned char *decrypt_block(abts_case *tc, apr_pool_t *pool,
else {
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "decrypt_init: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
+ fprintf(stderr,
+ "decrypt_init: %s %s (APR %d) native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
result->reason ? result->reason : "",
result->msg ? result->msg : "");
}
@@ -268,10 +410,10 @@ static unsigned char *decrypt_block(abts_case *tc, apr_pool_t *pool,
cipherTextLen, block);
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "decrypt: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
- result->reason ? result->reason : "", result->msg ? result->msg
- : "");
+ fprintf(stderr, "decrypt: %s %s (APR %d) native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
+ result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
}
ABTS_ASSERT(tc, "apr_crypto_block_decrypt returned APR_ECRYPT", rv != APR_ECRYPT);
ABTS_ASSERT(tc, "failed to apr_crypto_block_decrypt", rv == APR_SUCCESS);
@@ -285,13 +427,15 @@ static unsigned char *decrypt_block(abts_case *tc, apr_pool_t *pool,
block);
if (APR_SUCCESS != rv) {
apr_crypto_error(&result, f);
- fprintf(stderr, "decrypt_finish: %s %s native error %d: %s (%s)\n",
- description, apr_crypto_driver_name(driver), result->rc,
- result->reason ? result->reason : "", result->msg ? result->msg
- : "");
+ fprintf(stderr,
+ "decrypt_finish: %s %s (APR %d) native error %d: %s (%s)\n",
+ description, apr_crypto_driver_name(driver), rv, result->rc,
+ result->reason ? result->reason : "",
+ result->msg ? result->msg : "");
}
ABTS_ASSERT(tc, "apr_crypto_block_decrypt_finish returned APR_ECRYPT", rv != APR_ECRYPT);
ABTS_ASSERT(tc, "apr_crypto_block_decrypt_finish returned APR_EPADDING", rv != APR_EPADDING);
+ ABTS_ASSERT(tc, "apr_crypto_block_decrypt_finish returned APR_ENOSPACE", rv != APR_ENOSPACE);
ABTS_ASSERT(tc, "failed to apr_crypto_block_decrypt_finish", rv == APR_SUCCESS);
if (rv) {
return NULL;
@@ -316,7 +460,8 @@ static void crypto_block_cross(abts_case *tc, apr_pool_t *pool,
const apr_crypto_driver_t **drivers,
const apr_crypto_block_key_type_e type,
const apr_crypto_block_key_mode_e mode, int doPad,
- const unsigned char *in, apr_size_t inlen, const char *description)
+ const unsigned char *in, apr_size_t inlen, apr_size_t secretLen,
+ const char *description)
{
const apr_crypto_driver_t *driver1 = drivers[0];
const apr_crypto_driver_t *driver2 = drivers[1];
@@ -324,6 +469,10 @@ static void crypto_block_cross(abts_case *tc, apr_pool_t *pool,
apr_crypto_t *f2 = NULL;
const apr_crypto_key_t *key1 = NULL;
const apr_crypto_key_t *key2 = NULL;
+ const apr_crypto_key_t *key3 = NULL;
+ const apr_crypto_key_t *key4 = NULL;
+ const apr_crypto_key_t *key5 = NULL;
+ const apr_crypto_key_t *key6 = NULL;
unsigned char *cipherText = NULL;
apr_size_t cipherTextLen = 0;
@@ -345,7 +494,51 @@ static void crypto_block_cross(abts_case *tc, apr_pool_t *pool,
if (cipherText && plainText) {
if (memcmp(in, plainText, inlen)) {
- fprintf(stderr, "cross mismatch: %s %s/%s\n", description,
+ fprintf(stderr, "passphrase cross mismatch: %s %s/%s\n", description,
+ apr_crypto_driver_name(driver1), apr_crypto_driver_name(
+ driver2));
+ }
+ ABTS_STR_EQUAL(tc, (char *)in, (char *)plainText);
+ }
+
+ key3 = keysecret(tc, pool, driver1, f1, type, mode, doPad, secretLen, description);
+ key4 = keysecret(tc, pool, driver2, f2, type, mode, doPad, secretLen, description);
+
+ iv = NULL;
+ blockSize = 0;
+ cipherText = NULL;
+ plainText = NULL;
+ cipherText = encrypt_block(tc, pool, driver1, f1, key3, in, inlen,
+ &cipherText, &cipherTextLen, &iv, &blockSize, description);
+ plainText = decrypt_block(tc, pool, driver2, f2, key4, cipherText,
+ cipherTextLen, &plainText, &plainTextLen, iv, &blockSize,
+ description);
+
+ if (cipherText && plainText) {
+ if (memcmp(in, plainText, inlen)) {
+ fprintf(stderr, "key secret cross mismatch: %s %s/%s\n", description,
+ apr_crypto_driver_name(driver1), apr_crypto_driver_name(
+ driver2));
+ }
+ ABTS_STR_EQUAL(tc, (char *)in, (char *)plainText);
+ }
+
+ key5 = keypassphrase(tc, pool, driver1, f1, type, mode, doPad, description);
+ key6 = keypassphrase(tc, pool, driver2, f2, type, mode, doPad, description);
+
+ iv = NULL;
+ blockSize = 0;
+ cipherText = NULL;
+ plainText = NULL;
+ cipherText = encrypt_block(tc, pool, driver1, f1, key5, in, inlen,
+ &cipherText, &cipherTextLen, &iv, &blockSize, description);
+ plainText = decrypt_block(tc, pool, driver2, f2, key6, cipherText,
+ cipherTextLen, &plainText, &plainTextLen, iv, &blockSize,
+ description);
+
+ if (cipherText && plainText) {
+ if (memcmp(in, plainText, inlen)) {
+ fprintf(stderr, "key passphrase cross mismatch: %s %s/%s\n", description,
apr_crypto_driver_name(driver1), apr_crypto_driver_name(
driver2));
}
@@ -372,6 +565,63 @@ static void test_crypto_init(abts_case *tc, void *data)
}
/**
+ * Simple test of OpenSSL key.
+ */
+static void test_crypto_key_openssl(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *driver;
+ apr_crypto_t *f = NULL;
+
+ apr_pool_create(&pool, NULL);
+ driver = get_openssl_driver(tc, pool);
+
+ f = make(tc, pool, driver);
+ keysecret(tc, pool, driver, f, APR_KEY_AES_256, APR_MODE_CBC, 1, 32,
+ "KEY_AES_256/MODE_CBC");
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Simple test of NSS key.
+ */
+static void test_crypto_key_nss(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *driver;
+ apr_crypto_t *f = NULL;
+
+ apr_pool_create(&pool, NULL);
+ driver = get_nss_driver(tc, pool);
+
+ f = make(tc, pool, driver);
+ keysecret(tc, pool, driver, f, APR_KEY_AES_256, APR_MODE_CBC, 1, 32,
+ "KEY_AES_256/MODE_CBC");
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Simple test of CommonCrypto key.
+ */
+static void test_crypto_key_commoncrypto(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *driver;
+ apr_crypto_t *f = NULL;
+
+ apr_pool_create(&pool, NULL);
+ driver = get_commoncrypto_driver(tc, pool);
+
+ f = make(tc, pool, driver);
+ keysecret(tc, pool, driver, f, APR_KEY_AES_256, APR_MODE_CBC, 1, 32,
+ "KEY_AES_256/MODE_CBC");
+ apr_pool_destroy(pool);
+
+}
+
+/**
* Simple test of OpenSSL block crypt.
*/
static void test_crypto_block_openssl(abts_case *tc, void *data)
@@ -386,21 +636,21 @@ static void test_crypto_block_openssl(abts_case *tc, void *data)
drivers[0] = get_openssl_driver(tc, pool);
drivers[1] = get_openssl_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 0,
- in, inlen, "KEY_3DES_192/MODE_ECB");
+ in, inlen, 24, "KEY_3DES_192/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_256/MODE_ECB");
+ inlen, 32, "KEY_AES_256/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_192/MODE_CBC");
+ inlen, 24, "KEY_AES_192/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_192/MODE_ECB");
+ inlen, 24, "KEY_AES_192/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_128/MODE_CBC");
+ inlen, 16, "KEY_AES_128/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_128/MODE_ECB");
+ inlen, 16, "KEY_AES_128/MODE_ECB");
apr_pool_destroy(pool);
}
@@ -420,21 +670,55 @@ static void test_crypto_block_nss(abts_case *tc, void *data)
drivers[0] = get_nss_driver(tc, pool);
drivers[1] = get_nss_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
/* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
/* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, "KEY_3DES_192/MODE_ECB"); */
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Simple test of Common Crypto block crypt.
+ */
+static void test_crypto_block_commoncrypto(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *drivers[] = { NULL, NULL };
+
+ const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
+ apr_size_t inlen = sizeof(ALIGNED_STRING);
+
+ apr_pool_create(&pool, NULL);
+ drivers[0] = get_commoncrypto_driver(tc, pool);
+ drivers[1] = get_commoncrypto_driver(tc, pool);
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 0,
+ in, inlen, 24, "KEY_3DES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
+ inlen, 32, "KEY_AES_256/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_256/MODE_ECB");
+ inlen, 32, "KEY_AES_256/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_192/MODE_CBC");
+ inlen, 24, "KEY_AES_192/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_192/MODE_ECB");
+ inlen, 24, "KEY_AES_192/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_128/MODE_CBC");
+ inlen, 16, "KEY_AES_128/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_128/MODE_ECB");
+ inlen, 16, "KEY_AES_128/MODE_ECB");
apr_pool_destroy(pool);
}
@@ -455,25 +739,22 @@ static void test_crypto_block_nss_openssl(abts_case *tc, void *data)
drivers[1] = get_openssl_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
/* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
- /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, "KEY_3DES_192/MODE_ECB"); */
+ /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, 24, "KEY_3DES_192/MODE_ECB"); */
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_256/MODE_ECB");
-
- /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
- * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
- * investigated.
- */
- /*
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 0, in, inlen, "KEY_AES_192/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 0, in, inlen, "KEY_AES_192/MODE_ECB");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 0, in, inlen, "KEY_AES_128/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 0, in, inlen, "KEY_AES_128/MODE_ECB");
- */
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
apr_pool_destroy(pool);
}
@@ -493,26 +774,95 @@ static void test_crypto_block_openssl_nss(abts_case *tc, void *data)
drivers[0] = get_openssl_driver(tc, pool);
drivers[1] = get_nss_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
/* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
- /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, "KEY_3DES_192/MODE_ECB"); */
+ /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, 24, "KEY_3DES_192/MODE_ECB"); */
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
- inlen, "KEY_AES_256/MODE_ECB");
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
+ apr_pool_destroy(pool);
- /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
- * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
- * investigated.
- */
- /*
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 0, in, inlen, "KEY_AES_192/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 0, in, inlen, "KEY_AES_192/MODE_ECB");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 0, in, inlen, "KEY_AES_128/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 0, in, inlen, "KEY_AES_128/MODE_ECB");
- */
+}
+
+/**
+ * Encrypt OpenSSL, decrypt CommonCrypto.
+ */
+static void test_crypto_block_openssl_commoncrypto(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *drivers[] =
+ { NULL, NULL };
+
+ const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
+ apr_size_t inlen = sizeof(ALIGNED_STRING);
+
+ apr_pool_create(&pool, NULL);
+ drivers[0] = get_openssl_driver(tc, pool);
+ drivers[1] = get_commoncrypto_driver(tc, pool);
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_3DES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_3DES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
+ inlen, 32, "KEY_AES_256/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Encrypt OpenSSL, decrypt CommonCrypto.
+ */
+static void test_crypto_block_commoncrypto_openssl(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *drivers[] =
+ { NULL, NULL };
+
+ const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
+ apr_size_t inlen = sizeof(ALIGNED_STRING);
+
+ apr_pool_create(&pool, NULL);
+ drivers[0] = get_commoncrypto_driver(tc, pool);
+ drivers[1] = get_openssl_driver(tc, pool);
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_3DES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_3DES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
+ inlen, 32, "KEY_AES_256/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
apr_pool_destroy(pool);
}
@@ -533,21 +883,21 @@ static void test_crypto_block_openssl_pad(abts_case *tc, void *data)
drivers[1] = get_openssl_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 1,
- in, inlen, "KEY_3DES_192/MODE_ECB");
+ in, inlen, 24, "KEY_3DES_192/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 1, in,
- inlen, "KEY_AES_256/MODE_ECB");
+ inlen, 32, "KEY_AES_256/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_192/MODE_CBC");
+ inlen, 24, "KEY_AES_192/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in,
- inlen, "KEY_AES_192/MODE_ECB");
+ inlen, 24, "KEY_AES_192/MODE_ECB");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_128/MODE_CBC");
+ inlen, 16, "KEY_AES_128/MODE_CBC");
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in,
- inlen, "KEY_AES_128/MODE_ECB");
+ inlen, 16, "KEY_AES_128/MODE_ECB");
apr_pool_destroy(pool);
@@ -570,27 +920,63 @@ static void test_crypto_block_nss_pad(abts_case *tc, void *data)
drivers[1] = get_nss_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
/* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
- /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, "KEY_3DES_192/MODE_ECB"); */
+ /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, 24, "KEY_3DES_192/MODE_ECB"); */
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
/* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
- /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, "KEY_AES_256/MODE_ECB");*/
+ /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, 32, "KEY_AES_256/MODE_ECB");*/
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_192/MODE_CBC");
+ inlen, 24, "KEY_AES_192/MODE_CBC");
/* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
- /*crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, "KEY_AES_192/MODE_ECB");*/
+ /*crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, 24, "KEY_AES_192/MODE_ECB");*/
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_128/MODE_CBC");
+ inlen, 16, "KEY_AES_128/MODE_CBC");
/* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
- /*crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, "KEY_AES_128/MODE_ECB");*/
+ /*crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, 16, "KEY_AES_128/MODE_ECB");*/
+
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Simple test of Common Crypto block crypt.
+ */
+static void test_crypto_block_commoncrypto_pad(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *drivers[] = { NULL, NULL };
+
+ const unsigned char *in = (const unsigned char *) TEST_STRING;
+ apr_size_t inlen = sizeof(TEST_STRING);
+
+ apr_pool_create(&pool, NULL);
+ drivers[0] = get_commoncrypto_driver(tc, pool);
+ drivers[1] = get_commoncrypto_driver(tc, pool);
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 1,
+ in, inlen, 24, "KEY_3DES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
+ inlen, 32, "KEY_AES_256/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 1, in,
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
apr_pool_destroy(pool);
@@ -612,27 +998,31 @@ static void test_crypto_block_nss_openssl_pad(abts_case *tc, void *data)
drivers[1] = get_openssl_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
/* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
- /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, "KEY_3DES_192/MODE_ECB"); */
+ /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, 24, "KEY_3DES_192/MODE_ECB"); */
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
/* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
- /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, "KEY_AES_256/MODE_ECB");*/
+ /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, 32, "KEY_AES_256/MODE_ECB");*/
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+
+ /* KEY_AES_192 / MODE_ECB doesn't support padding on NSS */
+ /*crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");*/
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+
+ /* KEY_AES_192 / MODE_ECB doesn't support padding on NSS */
+ /*crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");*/
- /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
- * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
- * investigated.
- */
- /*
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 1, in, inlen, "KEY_AES_192/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, "KEY_AES_192/MODE_ECB");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 1, in, inlen, "KEY_AES_128/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, "KEY_AES_128/MODE_ECB");
- */
apr_pool_destroy(pool);
}
@@ -652,27 +1042,107 @@ static void test_crypto_block_openssl_nss_pad(abts_case *tc, void *data)
drivers[0] = get_openssl_driver(tc, pool);
drivers[1] = get_nss_driver(tc, pool);
crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
- in, inlen, "KEY_3DES_192/MODE_CBC");
+ in, inlen, 24, "KEY_3DES_192/MODE_CBC");
/* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
- /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, "KEY_3DES_192/MODE_ECB"); */
+ /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, 24, "KEY_3DES_192/MODE_ECB"); */
crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
- inlen, "KEY_AES_256/MODE_CBC");
+ inlen, 32, "KEY_AES_256/MODE_CBC");
/* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
- /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, "KEY_AES_256/MODE_ECB");*/
+ /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, 32, "KEY_AES_256/MODE_ECB");*/
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in, inlen,
+ 24, "KEY_AES_192/MODE_CBC");
+
+ /* KEY_AES_192 / MODE_ECB doesn't support padding on NSS */
+ /*crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in, inlen,
+ 24, "KEY_AES_192/MODE_ECB");*/
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in, inlen,
+ 16, "KEY_AES_128/MODE_CBC");
+
+ /* KEY_AES_128 / MODE_ECB doesn't support padding on NSS */
+ /*crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in, inlen,
+ 16, "KEY_AES_128/MODE_ECB");*/
+
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Encrypt CommonCrypto, decrypt OpenSSL.
+ */
+static void test_crypto_block_commoncrypto_openssl_pad(abts_case *tc,
+ void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *drivers[] =
+ { NULL, NULL };
+
+ const unsigned char *in = (const unsigned char *) TEST_STRING;
+ apr_size_t inlen = sizeof(TEST_STRING);
+
+ apr_pool_create(&pool, NULL);
+ drivers[0] = get_commoncrypto_driver(tc, pool);
+ drivers[1] = get_openssl_driver(tc, pool);
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1, in,
+ inlen, 24, "KEY_3DES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 1, in,
+ inlen, 24, "KEY_3DES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
+ inlen, 32, "KEY_AES_256/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 1, in,
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
+
+ apr_pool_destroy(pool);
+
+}
+
+/**
+ * Encrypt OpenSSL, decrypt CommonCrypto.
+ */
+static void test_crypto_block_openssl_commoncrypto_pad(abts_case *tc,
+ void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *drivers[] =
+ { NULL, NULL };
+
+ const unsigned char *in = (const unsigned char *) TEST_STRING;
+ apr_size_t inlen = sizeof(TEST_STRING);
+
+ apr_pool_create(&pool, NULL);
+ drivers[0] = get_openssl_driver(tc, pool);
+ drivers[1] = get_commoncrypto_driver(tc, pool);
+
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1, in,
+ inlen, 24, "KEY_3DES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 1, in,
+ inlen, 24, "KEY_3DES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
+ inlen, 32, "KEY_AES_256/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 1, in,
+ inlen, 32, "KEY_AES_256/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in,
+ inlen, 24, "KEY_AES_192/MODE_ECB");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_CBC");
+ crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in,
+ inlen, 16, "KEY_AES_128/MODE_ECB");
- /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
- * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
- * investigated.
- */
- /*
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 1, in, inlen, "KEY_AES_192/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, "KEY_AES_192/MODE_ECB");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 1, in, inlen, "KEY_AES_128/MODE_CBC");
- crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, "KEY_AES_128/MODE_ECB");
- */
apr_pool_destroy(pool);
}
@@ -764,6 +1234,49 @@ static void test_crypto_get_block_key_types_nss(abts_case *tc, void *data)
}
/**
+ * Get Types, Common Crypto.
+ */
+static void test_crypto_get_block_key_types_commoncrypto(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *driver;
+ apr_crypto_t *f;
+ apr_hash_t *types;
+ int *key_3des_192;
+ int *key_aes_128;
+ int *key_aes_192;
+ int *key_aes_256;
+
+ apr_pool_create(&pool, NULL);
+ driver = get_commoncrypto_driver(tc, pool);
+ if (driver) {
+
+ f = make(tc, pool, driver);
+ apr_crypto_get_block_key_types(&types, f);
+
+ key_3des_192 = apr_hash_get(types, "3des192", APR_HASH_KEY_STRING);
+ ABTS_PTR_NOTNULL(tc, key_3des_192);
+ ABTS_INT_EQUAL(tc, *key_3des_192, APR_KEY_3DES_192);
+
+ key_aes_128 = apr_hash_get(types, "aes128", APR_HASH_KEY_STRING);
+ ABTS_PTR_NOTNULL(tc, key_aes_128);
+ ABTS_INT_EQUAL(tc, *key_aes_128, APR_KEY_AES_128);
+
+ key_aes_192 = apr_hash_get(types, "aes192", APR_HASH_KEY_STRING);
+ ABTS_PTR_NOTNULL(tc, key_aes_192);
+ ABTS_INT_EQUAL(tc, *key_aes_192, APR_KEY_AES_192);
+
+ key_aes_256 = apr_hash_get(types, "aes256", APR_HASH_KEY_STRING);
+ ABTS_PTR_NOTNULL(tc, key_aes_256);
+ ABTS_INT_EQUAL(tc, *key_aes_256, APR_KEY_AES_256);
+
+ }
+
+ apr_pool_destroy(pool);
+
+}
+
+/**
* Get Modes, OpenSSL.
*/
static void test_crypto_get_block_key_modes_openssl(abts_case *tc, void *data)
@@ -829,6 +1342,114 @@ static void test_crypto_get_block_key_modes_nss(abts_case *tc, void *data)
}
+/**
+ * Get Modes, Common Crypto.
+ */
+static void test_crypto_get_block_key_modes_commoncrypto(abts_case *tc, void *data)
+{
+ apr_pool_t *pool = NULL;
+ const apr_crypto_driver_t *driver;
+ apr_crypto_t *f;
+ apr_hash_t *modes;
+ int *mode_ecb;
+ int *mode_cbc;
+
+ apr_pool_create(&pool, NULL);
+ driver = get_commoncrypto_driver(tc, pool);
+ if (driver) {
+
+ f = make(tc, pool, driver);
+ apr_crypto_get_block_key_modes(&modes, f);
+
+ mode_ecb = apr_hash_get(modes, "ecb", APR_HASH_KEY_STRING);
+ ABTS_PTR_NOTNULL(tc, mode_ecb);
+ ABTS_INT_EQUAL(tc, *mode_ecb, APR_MODE_ECB);
+
+ mode_cbc = apr_hash_get(modes, "cbc", APR_HASH_KEY_STRING);
+ ABTS_PTR_NOTNULL(tc, mode_cbc);
+ ABTS_INT_EQUAL(tc, *mode_cbc, APR_MODE_CBC);
+
+ }
+
+ apr_pool_destroy(pool);
+
+}
+
+static void test_crypto_memzero(abts_case *tc, void *data)
+{
+ /* Aligned message */
+ struct {
+ char buf[7 * sizeof(int)];
+ int untouched;
+ } msg;
+ /* A bit of type punning such that 'msg' might look unused
+ * after the call to apr_crypto_memzero().
+ */
+ int *ptr = (int *)&msg;
+ int i;
+
+ /* Fill buf with non-zeros (odds) */
+ for (i = 1; i < 2 * sizeof(msg.buf); i += 2) {
+ msg.buf[i / 2] = (char)i;
+ ABTS_ASSERT(tc, "test_crypto_memzero() barrier", msg.buf[i / 2] != 0);
+ }
+
+ /* Zero out the whole, and check it */
+ apr_crypto_memzero(&msg, sizeof msg);
+ for (i = 0; i < sizeof(msg) / sizeof(*ptr); ++i) {
+ ABTS_ASSERT(tc, "test_crypto_memzero() optimized out", ptr[i] == 0);
+ }
+}
+
+static void test_crypto_equals(abts_case *tc, void *data)
+{
+ /* Buffers of each type of scalar */
+ union {
+ char c;
+ short s;
+ int i;
+ long l;
+ float f;
+ double d;
+ void *p;
+ } buf0[7], buf1[7], buf[7];
+ char *ptr = (char *)buf;
+ int i;
+
+#define TEST_SCALAR_MATCH(i, x, r) \
+ ABTS_ASSERT(tc, "test_crypto_equals(" APR_STRINGIFY(x) ")" \
+ " != " APR_STRINGIFY(r), \
+ apr_crypto_equals(&buf##r[i].x, &buf[i].x, \
+ sizeof(buf[i].x)) == r)
+
+ /* Fill buf with non-zeros (odds) */
+ for (i = 1; i < 2 * sizeof(buf); i += 2) {
+ ptr[i / 2] = (char)i;
+ }
+ /* Set buf1 = buf */
+ memcpy(buf1, buf, sizeof buf);
+ /* Set buf0 = {0} */
+ memset(buf0, 0, sizeof buf0);
+
+ /* Check that buf1 == buf for each scalar */
+ TEST_SCALAR_MATCH(0, c, 1);
+ TEST_SCALAR_MATCH(1, s, 1);
+ TEST_SCALAR_MATCH(2, i, 1);
+ TEST_SCALAR_MATCH(3, l, 1);
+ TEST_SCALAR_MATCH(4, f, 1);
+ TEST_SCALAR_MATCH(5, d, 1);
+ TEST_SCALAR_MATCH(6, p, 1);
+
+ /* Check that buf0 != buf for each scalar */
+ TEST_SCALAR_MATCH(0, c, 0);
+ TEST_SCALAR_MATCH(1, s, 0);
+ TEST_SCALAR_MATCH(2, i, 0);
+ TEST_SCALAR_MATCH(3, l, 0);
+ TEST_SCALAR_MATCH(4, f, 0);
+ TEST_SCALAR_MATCH(5, d, 0);
+ TEST_SCALAR_MATCH(6, p, 0);
+}
+
abts_suite *testcrypto(abts_suite *suite)
{
suite = ADD_SUITE(suite);
@@ -836,6 +1457,15 @@ abts_suite *testcrypto(abts_suite *suite)
/* test simple init and shutdown */
abts_run_test(suite, test_crypto_init, NULL);
+ /* test key parsing - openssl */
+ abts_run_test(suite, test_crypto_key_openssl, NULL);
+
+ /* test key parsing - nss */
+ abts_run_test(suite, test_crypto_key_nss, NULL);
+
+ /* test key parsing - commoncrypto */
+ abts_run_test(suite, test_crypto_key_commoncrypto, NULL);
+
/* test a simple encrypt / decrypt operation - openssl */
abts_run_test(suite, test_crypto_block_openssl, NULL);
@@ -848,6 +1478,12 @@ abts_suite *testcrypto(abts_suite *suite)
/* test a padded encrypt / decrypt operation - nss */
abts_run_test(suite, test_crypto_block_nss_pad, NULL);
+ /* test a simple encrypt / decrypt operation - commoncrypto */
+ abts_run_test(suite, test_crypto_block_commoncrypto, NULL);
+
+ /* test a padded encrypt / decrypt operation - commoncrypto */
+ abts_run_test(suite, test_crypto_block_commoncrypto_pad, NULL);
+
/* test encrypt nss / decrypt openssl */
abts_run_test(suite, test_crypto_block_nss_openssl, NULL);
@@ -860,18 +1496,39 @@ abts_suite *testcrypto(abts_suite *suite)
/* test padded encrypt openssl / decrypt nss */
abts_run_test(suite, test_crypto_block_openssl_nss_pad, NULL);
+ /* test encrypt openssl / decrypt commoncrypto */
+ abts_run_test(suite, test_crypto_block_openssl_commoncrypto, NULL);
+
+ /* test padded encrypt openssl / decrypt commoncrypto */
+ abts_run_test(suite, test_crypto_block_openssl_commoncrypto_pad, NULL);
+
+ /* test encrypt commoncrypto / decrypt openssl */
+ abts_run_test(suite, test_crypto_block_commoncrypto_openssl, NULL);
+
+ /* test padded encrypt commoncrypto / decrypt openssl */
+ abts_run_test(suite, test_crypto_block_commoncrypto_openssl_pad, NULL);
+
/* test block key types openssl */
abts_run_test(suite, test_crypto_get_block_key_types_openssl, NULL);
/* test block key types nss */
abts_run_test(suite, test_crypto_get_block_key_types_nss, NULL);
+ /* test block key types commoncrypto */
+ abts_run_test(suite, test_crypto_get_block_key_types_commoncrypto, NULL);
+
/* test block key modes openssl */
abts_run_test(suite, test_crypto_get_block_key_modes_openssl, NULL);
/* test block key modes nss */
abts_run_test(suite, test_crypto_get_block_key_modes_nss, NULL);
+ /* test block key modes commoncrypto */
+ abts_run_test(suite, test_crypto_get_block_key_modes_commoncrypto, NULL);
+
+ abts_run_test(suite, test_crypto_memzero, NULL);
+ abts_run_test(suite, test_crypto_equals, NULL);
+
return suite;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 11:42:30 +0000