#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
+#include <openssl/pkcs12.h>
#include "internal/numbers.h"
/* Remove spaces from beginning and end of a string */
/* PBE tests */
#define PBE_TYPE_SCRYPT 1
+#define PBE_TYPE_PBKDF2 2
+#define PBE_TYPE_PKCS12 3
struct pbe_data {
/* scrypt parameters */
uint64_t N, r, p, maxmem;
+ /* PKCS#12 parameters */
+ int id, iter;
+ const EVP_MD *md;
+
/* password */
unsigned char *pass;
size_t pass_len;
const char *keyword, const char *value)
{
struct pbe_data *pdata = t->data;
+
if (strcmp(keyword, "N") == 0)
return test_uint64(value, &pdata->N);
if (strcmp(keyword, "p") == 0)
return 0;
}
-static int scrypt_test_run(struct evp_test *t)
+static int pbkdf2_test_parse(struct evp_test *t,
+ const char *keyword, const char *value)
{
struct pbe_data *pdata = t->data;
- const char *err = "INTERNAL_ERROR";
- unsigned char *key;
- key = OPENSSL_malloc(pdata->key_len);
- if (!key)
- goto err;
- err = "SCRYPT_ERROR";
- if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
- pdata->salt, pdata->salt_len,
- pdata->N, pdata->r, pdata->p, pdata->maxmem,
- key, pdata->key_len) == 0)
- goto err;
- err = "KEY_MISMATCH";
- if (check_output(t, pdata->key, key, pdata->key_len))
- goto err;
- err = NULL;
- err:
- OPENSSL_free(key);
- t->err = err;
- return 1;
+
+ if (strcmp(keyword, "iter") == 0) {
+ pdata->iter = atoi(value);
+ if (pdata->iter <= 0)
+ return 0;
+ return 1;
+ }
+ if (strcmp(keyword, "MD") == 0) {
+ pdata->md = EVP_get_digestbyname(value);
+ if (pdata->md == NULL)
+ return 0;
+ return 1;
+ }
+ return 0;
+}
+
+static int pkcs12_test_parse(struct evp_test *t,
+ const char *keyword, const char *value)
+{
+ struct pbe_data *pdata = t->data;
+
+ if (strcmp(keyword, "id") == 0) {
+ pdata->id = atoi(value);
+ if (pdata->id <= 0)
+ return 0;
+ return 1;
+ }
+ return pbkdf2_test_parse(t, keyword, value);
}
static int pbe_test_init(struct evp_test *t, const char *alg)
{
struct pbe_data *pdat;
int pbe_type = 0;
+
if (strcmp(alg, "scrypt") == 0)
pbe_type = PBE_TYPE_SCRYPT;
+ else if (strcmp(alg, "pbkdf2") == 0)
+ pbe_type = PBE_TYPE_PBKDF2;
+ else if (strcmp(alg, "pkcs12") == 0)
+ pbe_type = PBE_TYPE_PKCS12;
else
fprintf(stderr, "Unknown pbe algorithm %s\n", alg);
pdat = OPENSSL_malloc(sizeof(*pdat));
pdat->r = 0;
pdat->p = 0;
pdat->maxmem = 0;
+ pdat->id = 0;
+ pdat->iter = 0;
+ pdat->md = NULL;
t->data = pdat;
return 1;
}
const char *keyword, const char *value)
{
struct pbe_data *pdata = t->data;
+
if (strcmp(keyword, "Password") == 0)
return test_bin(value, &pdata->pass, &pdata->pass_len);
if (strcmp(keyword, "Salt") == 0)
return test_bin(value, &pdata->key, &pdata->key_len);
if (pdata->pbe_type == PBE_TYPE_SCRYPT)
return scrypt_test_parse(t, keyword, value);
+ else if (pdata->pbe_type == PBE_TYPE_PBKDF2)
+ return pbkdf2_test_parse(t, keyword, value);
+ else if (pdata->pbe_type == PBE_TYPE_PKCS12)
+ return pkcs12_test_parse(t, keyword, value);
return 0;
}
static int pbe_test_run(struct evp_test *t)
{
struct pbe_data *pdata = t->data;
- if (pdata->pbe_type == PBE_TYPE_SCRYPT)
- return scrypt_test_run(t);
- return 0;
+ const char *err = "INTERNAL_ERROR";
+ unsigned char *key;
+
+ key = OPENSSL_malloc(pdata->key_len);
+ if (!key)
+ goto err;
+ if (pdata->pbe_type == PBE_TYPE_PBKDF2) {
+ err = "PBKDF2_ERROR";
+ if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,
+ pdata->salt, pdata->salt_len,
+ pdata->iter, pdata->md,
+ pdata->key_len, key) == 0)
+ goto err;
+ } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
+ err = "SCRYPT_ERROR";
+ if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
+ pdata->salt, pdata->salt_len,
+ pdata->N, pdata->r, pdata->p, pdata->maxmem,
+ key, pdata->key_len) == 0)
+ goto err;
+ } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
+ err = "PKCS12_ERROR";
+ if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
+ pdata->salt, pdata->salt_len,
+ pdata->id, pdata->iter, pdata->key_len,
+ key, pdata->md) == 0)
+ goto err;
+ }
+ err = "KEY_MISMATCH";
+ if (check_output(t, pdata->key, key, pdata->key_len))
+ goto err;
+ err = NULL;
+ err:
+ OPENSSL_free(key);
+ t->err = err;
+ return 1;
}
static const struct evp_test_method pbe_test_method = {
Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4
#maxmem = 10000000000
Result = SCRYPT_ERROR
+
+# PKCS#12 tests
+
+PBE = pkcs12
+id = 1
+iter = 1
+MD = SHA1
+Password = 0073006D006500670000
+Salt = 0A58CF64530D823F
+Key = 8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3
+
+PBE = pkcs12
+id = 2
+iter = 1
+MD = SHA1
+Password = 0073006D006500670000
+Salt = 0A58CF64530D823F
+Key = 79993DFE048D3B76
+
+PBE = pkcs12
+id = 3
+iter 1
+MD = SHA1
+Password = 0073006D006500670000
+Salt = 3D83C0E4546AC140
+Key = 8D967D88F6CAA9D714800AB3D48051D63F73A312
+
+PBE = pkcs12
+id = 1
+iter = 1000
+MD = SHA1
+Password = 007100750065006500670000
+Salt = 1682C0FC5B3F7EC5
+Key = 483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F
+
+PBE = pkcs12
+id = 2
+iter = 1000
+MD = SHA1
+Password = 007100750065006500670000
+Salt = 1682C0FC5B3F7EC5
+Key = 9D461D1B00355C50
+
+PBE = pkcs12
+id = 3
+iter = 1000
+MD = SHA1
+Password = 007100750065006500670000
+Salt = 263216FCC2FAB31C
+Key = 5EC4C7A80DF652294C3925B6489A7AB857C83476
+
+# PBKDF2 tests from p5_crpt2_test.c
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 1
+MD = sha1
+Key = 0c60c80f961f0e71f3a9b524af6012062fe037a6
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 1
+MD = sha256
+Key = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 1
+MD = sha512
+Key = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 2
+MD = sha1
+Key = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 2
+MD = sha256
+Key = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 2
+MD = sha512
+Key = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 4096
+MD = sha1
+Key = 4b007901b765489abead49d926f721d065a429c1
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 4096
+MD = sha256
+Key = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a
+
+PBE = pbkdf2
+Password = "password"
+Salt = "salt"
+iter = 4096
+MD = sha512
+Key = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5
+
+PBE = pbkdf2
+Password = "passwordPASSWORDpassword"
+Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+iter = 4096
+MD = sha1
+Key = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038
+
+PBE = pbkdf2
+Password = "passwordPASSWORDpassword"
+Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+iter = 4096
+MD = sha256
+Key = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9
+
+PBE = pbkdf2
+Password = "passwordPASSWORDpassword"
+Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt"
+iter = 4096
+MD = sha512
+Key = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8
+
+PBE = pbkdf2
+Password = 7061737300776f7264
+Salt = 7361006c74
+iter = 4096
+MD = sha1
+Key = 56fa6aa75548099dcc37d7f03425e0c3
+
+PBE = pbkdf2
+Password = 7061737300776f7264
+Salt = 7361006c74
+iter = 4096
+MD = sha256
+Key = 89b69d0516f829893c696226650a8687
+
+PBE = pbkdf2
+Password = 7061737300776f7264
+Salt = 7361006c74
+iter = 4096
+MD = sha512
+Key = 9d9e9c4cd21fe4be24d5b8244c759665