X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fsrptest.c;h=d28c3bcafcc44519056d44a7137258c573264071;hp=1d463cd782fe0bca8c79dbffe616e4eb3164b194;hb=b6e3250671654e0344127be9dd49b3fb4a82f94b;hpb=dee502be89e78e2979e3bd1d7724cf79daa6ef61 diff --git a/test/srptest.c b/test/srptest.c index 1d463cd782..d28c3bcafc 100644 --- a/test/srptest.c +++ b/test/srptest.c @@ -1,14 +1,17 @@ +/* + * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + #include -#ifdef OPENSSL_NO_SRP +# include "testutil.h" +#ifdef OPENSSL_NO_SRP # include - -int main(int argc, char *argv[]) -{ - printf("No SRP support\n"); - return (0); -} - #else # include @@ -17,10 +20,18 @@ int main(int argc, char *argv[]) static void showbn(const char *name, const BIGNUM *bn) { - fputs(name, stdout); - fputs(" = ", stdout); - BN_print_fp(stdout, bn); - putc('\n', stdout); + BIO *b; + const char *text; + + if (!TEST_ptr(b = BIO_new(BIO_s_mem()))) + return; + BIO_write(b, name, strlen(name)); + BIO_write(b, " = ", 3); + BN_print(b, bn); + BIO_write(b, "\0", 1); + BIO_get_mem_data(b, &text); + TEST_info("%s", text); + BIO_free(b); } # define RANDOM_SIZE 32 /* use 256 bits on each side */ @@ -28,7 +39,7 @@ static void showbn(const char *name, const BIGNUM *bn) static int run_srp(const char *username, const char *client_pass, const char *server_pass) { - int ret = -1; + int ret = 0; BIGNUM *s = NULL; BIGNUM *v = NULL; BIGNUM *a = NULL; @@ -41,17 +52,15 @@ static int run_srp(const char *username, const char *client_pass, BIGNUM *Kserver = NULL; unsigned char rand_tmp[RANDOM_SIZE]; /* use builtin 1024-bit params */ - const SRP_gN *GN = SRP_get_default_gN("1024"); + const SRP_gN *GN; + + if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) + return 0; - if (GN == NULL) { - fprintf(stderr, "Failed to get SRP parameters\n"); - return -1; - } /* Set up server's password entry */ - if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) { - fprintf(stderr, "Failed to create SRP verifier\n"); - return -1; - } + if (!TEST_true(SRP_create_verifier_BN(username, server_pass, + &s, &v, GN->N, GN->g))) + goto end; showbn("N", GN->N); showbn("g", GN->g); @@ -61,32 +70,30 @@ static int run_srp(const char *username, const char *client_pass, /* Server random */ RAND_bytes(rand_tmp, sizeof(rand_tmp)); b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); - /* TODO - check b != 0 */ + if (!TEST_false(BN_is_zero(b))) + goto end; showbn("b", b); /* Server's first message */ Bpub = SRP_Calc_B(b, GN->N, GN->g, v); showbn("B", Bpub); - if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { - fprintf(stderr, "Invalid B\n"); - return -1; - } + if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) + goto end; /* Client random */ RAND_bytes(rand_tmp, sizeof(rand_tmp)); a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); - /* TODO - check a != 0 */ + if (!TEST_false(BN_is_zero(a))) + goto end; showbn("a", a); /* Client's response */ Apub = SRP_Calc_A(a, GN->N, GN->g); showbn("A", Apub); - if (!SRP_Verify_A_mod_N(Apub, GN->N)) { - fprintf(stderr, "Invalid A\n"); - return -1; - } + if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) + goto end; /* Both sides calculate u */ u = SRP_Calc_u(Apub, Bpub, GN->N); @@ -100,13 +107,12 @@ static int run_srp(const char *username, const char *client_pass, Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); showbn("Server's key", Kserver); - if (BN_cmp(Kclient, Kserver) == 0) { - ret = 0; - } else { - fprintf(stderr, "Keys mismatch\n"); - ret = 1; - } + if (!TEST_int_eq(BN_cmp(Kclient, Kserver), 0)) + goto end; + ret = 1; + +end: BN_clear_free(Kclient); BN_clear_free(Kserver); BN_clear_free(x); @@ -121,34 +127,156 @@ static int run_srp(const char *username, const char *client_pass, return ret; } -int main(int argc, char **argv) +static int check_bn(const char *name, const BIGNUM *bn, const char *hexbn) +{ + BIGNUM *tmp = NULL; + + if (!TEST_true(BN_hex2bn(&tmp, hexbn))) + return 0; + + if (!TEST_int_eq(BN_cmp(bn, tmp), 0)) { + TEST_info("Unexpected %s value", name); + showbn("expecting", tmp); + showbn("received", bn); + BN_free(tmp); + return 0; + } + BN_free(tmp); + return 1; +} + +/* SRP test vectors from RFC5054 */ +static int run_srp_kat(void) { - BIO *bio_err; - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + int ret = 0; + BIGNUM *s = NULL; + BIGNUM *v = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *u = NULL; + BIGNUM *x = NULL; + BIGNUM *Apub = NULL; + BIGNUM *Bpub = NULL; + BIGNUM *Kclient = NULL; + BIGNUM *Kserver = NULL; + /* use builtin 1024-bit params */ + const SRP_gN *GN; + + if (!TEST_ptr(GN = SRP_get_default_gN("1024"))) + goto err; + BN_hex2bn(&s, "BEB25379D1A8581EB5A727673A2441EE"); + /* Set up server's password entry */ + if (!TEST_true(SRP_create_verifier_BN("alice", "password123", &s, &v, GN->N, + GN->g))) + goto err; + + if (!TEST_true(check_bn("v", v, + "7E273DE8696FFC4F4E337D05B4B375BEB0DDE1569E8FA00A9886D812" + "9BADA1F1822223CA1A605B530E379BA4729FDC59F105B4787E5186F5" + "C671085A1447B52A48CF1970B4FB6F8400BBF4CEBFBB168152E08AB5" + "EA53D15C1AFF87B2B9DA6E04E058AD51CC72BFC9033B564E26480D78" + "E955A5E29E7AB245DB2BE315E2099AFB"))) + goto err; + + /* Server random */ + BN_hex2bn(&b, "E487CB59D31AC550471E81F00F6928E01DDA08E974A004F49E61F5D1" + "05284D20"); - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + /* Server's first message */ + Bpub = SRP_Calc_B(b, GN->N, GN->g, v); + if (!TEST_true(SRP_Verify_B_mod_N(Bpub, GN->N))) + goto err; - ERR_load_crypto_strings(); + if (!TEST_true(check_bn("B", Bpub, + "BD0C61512C692C0CB6D041FA01BB152D4916A1E77AF46AE105393011" + "BAF38964DC46A0670DD125B95A981652236F99D9B681CBF87837EC99" + "6C6DA04453728610D0C6DDB58B318885D7D82C7F8DEB75CE7BD4FBAA" + "37089E6F9C6059F388838E7A00030B331EB76840910440B1B27AAEAE" + "EB4012B7D7665238A8E3FB004B117B58"))) + goto err; + /* Client random */ + BN_hex2bn(&a, "60975527035CF2AD1989806F0407210BC81EDC04E2762A56AFD529DD" + "DA2D4393"); + + /* Client's response */ + Apub = SRP_Calc_A(a, GN->N, GN->g); + if (!TEST_true(SRP_Verify_A_mod_N(Apub, GN->N))) + goto err; + + if (!TEST_true(check_bn("A", Apub, + "61D5E490F6F1B79547B0704C436F523DD0E560F0C64115BB72557EC4" + "4352E8903211C04692272D8B2D1A5358A2CF1B6E0BFCF99F921530EC" + "8E39356179EAE45E42BA92AEACED825171E1E8B9AF6D9C03E1327F44" + "BE087EF06530E69F66615261EEF54073CA11CF5858F0EDFDFE15EFEA" + "B349EF5D76988A3672FAC47B0769447B"))) + goto err; + + /* Both sides calculate u */ + u = SRP_Calc_u(Apub, Bpub, GN->N); + + if (!TEST_true(check_bn("u", u, + "CE38B9593487DA98554ED47D70A7AE5F462EF019"))) + goto err; + + /* Client's key */ + x = SRP_Calc_x(s, "alice", "password123"); + Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); + if (!TEST_true(check_bn("Client's key", Kclient, + "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" + "C346D7E474B29EDE8A469FFECA686E5A"))) + goto err; + + /* Server's key */ + Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); + if (!TEST_true(check_bn("Server's key", Kserver, + "B0DC82BABCF30674AE450C0287745E7990A3381F63B387AAF271A10D" + "233861E359B48220F7C4693C9AE12B0A6F67809F0876E2D013800D6C" + "41BB59B6D5979B5C00A172B4A2A5903A0BDCAF8A709585EB2AFAFA8F" + "3499B200210DCC1F10EB33943CD67FC88A2F39A4BE5BEC4EC0A3212D" + "C346D7E474B29EDE8A469FFECA686E5A"))) + goto err; + + ret = 1; + +err: + BN_clear_free(Kclient); + BN_clear_free(Kserver); + BN_clear_free(x); + BN_free(u); + BN_free(Apub); + BN_clear_free(a); + BN_free(Bpub); + BN_clear_free(b); + BN_free(s); + BN_clear_free(v); + + return ret; +} + +static int run_srp_tests(void) +{ /* "Negative" test, expect a mismatch */ - if (run_srp("alice", "password1", "password2") == 0) { - fprintf(stderr, "Mismatched SRP run failed\n"); - return 1; - } + if (!TEST_false(run_srp("alice", "password1", "password2"))) + return 0; /* "Positive" test, should pass */ - if (run_srp("alice", "password", "password") != 0) { - fprintf(stderr, "Plain SRP run failed\n"); - return 1; - } - - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - ERR_free_strings(); - CRYPTO_mem_leaks(bio_err); + if (!TEST_true(run_srp("alice", "password", "password"))) + return 0; - return 0; + return 1; } #endif + +void register_tests(void) +{ +#ifdef OPENSSL_NO_SRP + printf("No SRP support\n"); +#else + ADD_TEST(run_srp_tests); + ADD_TEST(run_srp_kat); +#endif +}