Add file-based test framework and convert hmac_test. This adds a file-based test framework to crypto/test. It knows how to parse formats similar to either upstream's evp_test and our aead_test. hmac_test has been converted to that with tests from upstream's evp_test. Upstream tests it against the deprecated EVP_PKEY_HMAC API, which will be tested by running evp_test against the same input file, to avoid having to duplicate the test vectors. hmac_test runs those same inputs against the supported HMAC_CTX APIs. Change-Id: I9d2b6adb9be519760d1db282b9d43efd6f9adffb Reviewed-on: https://boringssl-review.googlesource.com/4701 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 5927a05..6433dc6 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt
@@ -138,6 +138,9 @@ # Level 4 add_subdirectory(pkcs8) +# Test support code +add_subdirectory(test) + add_library( crypto
diff --git a/crypto/hmac/CMakeLists.txt b/crypto/hmac/CMakeLists.txt index 5d8c298..1a08c55 100644 --- a/crypto/hmac/CMakeLists.txt +++ b/crypto/hmac/CMakeLists.txt
@@ -13,6 +13,7 @@ hmac_test hmac_test.cc + $<TARGET_OBJECTS:test_support> ) target_link_libraries(hmac_test crypto)
diff --git a/crypto/hmac/hmac_test.cc b/crypto/hmac/hmac_test.cc index 68e6c8f..e512827 100644 --- a/crypto/hmac/hmac_test.cc +++ b/crypto/hmac/hmac_test.cc
@@ -54,169 +54,118 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include <assert.h> #include <stdio.h> #include <string.h> #include <string> +#include <vector> #include <openssl/crypto.h> #include <openssl/digest.h> #include <openssl/hmac.h> -#include <openssl/mem.h> +#include "../test/file_test.h" #include "../test/scoped_types.h" +#include "../test/stl_compat.h" -struct Test { - uint8_t key[16]; - size_t key_len; - uint8_t data[64]; - size_t data_len; - const char *hex_digest; -}; - -static const Test kTests[] = { - { - "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, - "e9139d1e6ee064ef8cf514fc7dc83e86", - }, - { - { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, - }, - 16, - "Hi There", - 8, - "9294727a3638bb1c13f48ef8158bfc9d", - }, - { - "Jefe", 4, "what do ya want for nothing?", 28, - "750c783e6ab0b503eaa86e310a5db738", - }, - { - { - 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, - 0xaa, 0xaa, 0xaa, 0xaa, - }, - 16, - { - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, - 0xdd, 0xdd, - }, - 50, - "56be34521d144c88dbb8c733f0e8b3f6", - }, -}; - -static std::string ToHex(const uint8_t *md, size_t md_len) { - std::string ret; - for (size_t i = 0; i < md_len; i++) { - char buf[2 + 1 /* NUL */]; - BIO_snprintf(buf, sizeof(buf), "%02x", md[i]); - ret.append(buf, 2); +static const EVP_MD *GetDigest(const std::string &name) { + if (name == "MD5") { + return EVP_md5(); + } else if (name == "SHA1") { + return EVP_sha1(); + } else if (name == "SHA224") { + return EVP_sha224(); + } else if (name == "SHA256") { + return EVP_sha256(); + } else if (name == "SHA384") { + return EVP_sha384(); + } else if (name == "SHA512") { + return EVP_sha512(); } - return ret; + return nullptr; +} + +static bool TestHMAC(FileTest *t) { + std::string digest_str; + if (!t->GetAttribute(&digest_str, "HMAC")) { + return false; + } + const EVP_MD *digest = GetDigest(digest_str); + if (digest == nullptr) { + t->PrintLine("Unknown digest '%s'", digest_str.c_str()); + return false; + } + + std::vector<uint8_t> key, input, output; + if (!t->GetBytes(&key, "Key") || + !t->GetBytes(&input, "Input") || + !t->GetBytes(&output, "Output")) { + return false; + } + + // Test using the one-shot API. + uint8_t mac[EVP_MAX_MD_SIZE]; + unsigned mac_len; + if (nullptr == HMAC(digest, bssl::vector_data(&key), key.size(), + bssl::vector_data(&input), input.size(), mac, + &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("One-shot API failed."); + return false; + } + + // Test using HMAC_CTX. + ScopedHMAC_CTX ctx; + if (!HMAC_Init_ex(ctx.get(), bssl::vector_data(&key), key.size(), digest, + nullptr) || + !HMAC_Update(ctx.get(), bssl::vector_data(&input), input.size()) || + !HMAC_Final(ctx.get(), mac, &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("HMAC_CTX failed."); + return false; + } + + // Test that an HMAC_CTX may be reset with the same key. + if (!HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr) || + !HMAC_Update(ctx.get(), bssl::vector_data(&input), input.size()) || + !HMAC_Final(ctx.get(), mac, &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("HMAC_CTX with reset failed."); + return false; + } + + // Test feeding the input in byte by byte. + if (!HMAC_Init_ex(ctx.get(), nullptr, 0, nullptr, nullptr)) { + t->PrintLine("HMAC_CTX streaming failed."); + return false; + } + for (size_t i = 0; i < input.size(); i++) { + if (!HMAC_Update(ctx.get(), &input[i], 1)) { + t->PrintLine("HMAC_CTX streaming failed."); + return false; + } + } + if (!HMAC_Final(ctx.get(), mac, &mac_len) || + !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac, + mac_len)) { + t->PrintLine("HMAC_CTX streaming failed."); + return false; + } + + return true; } int main(int argc, char *argv[]) { - int err = 0; - uint8_t out[EVP_MAX_MD_SIZE]; - unsigned out_len; - CRYPTO_library_init(); - for (unsigned i = 0; i < sizeof(kTests) / sizeof(kTests[0]); i++) { - const Test *test = &kTests[i]; - - // Test using the one-shot API. - if (NULL == HMAC(EVP_md5(), test->key, test->key_len, test->data, - test->data_len, out, &out_len)) { - fprintf(stderr, "%u: HMAC failed.\n", i); - err++; - continue; - } - std::string out_hex = ToHex(out, out_len); - if (out_hex != test->hex_digest) { - fprintf(stderr, "%u: got %s instead of %s\n", i, out_hex.c_str(), - test->hex_digest); - err++; - } - - // Test using HMAC_CTX. - ScopedHMAC_CTX ctx; - if (!HMAC_Init_ex(ctx.get(), test->key, test->key_len, EVP_md5(), NULL) || - !HMAC_Update(ctx.get(), test->data, test->data_len) || - !HMAC_Final(ctx.get(), out, &out_len)) { - fprintf(stderr, "%u: HMAC failed.\n", i); - err++; - continue; - } - out_hex = ToHex(out, out_len); - if (out_hex != test->hex_digest) { - fprintf(stderr, "%u: got %s instead of %s\n", i, out_hex.c_str(), - test->hex_digest); - err++; - } - - // Test that an HMAC_CTX may be reset with the same key. - if (!HMAC_Init_ex(ctx.get(), NULL, 0, EVP_md5(), NULL) || - !HMAC_Update(ctx.get(), test->data, test->data_len) || - !HMAC_Final(ctx.get(), out, &out_len)) { - fprintf(stderr, "%u: HMAC failed.\n", i); - err++; - continue; - } - out_hex = ToHex(out, out_len); - if (out_hex != test->hex_digest) { - fprintf(stderr, "%u: got %s instead of %s\n", i, out_hex.c_str(), - test->hex_digest); - err++; - } - } - - // Test that HMAC() uses the empty key when called with key = NULL. - const Test *test = &kTests[0]; - assert(test->key_len == 0); - if (NULL == HMAC(EVP_md5(), NULL, 0, test->data, test->data_len, out, - &out_len)) { - fprintf(stderr, "HMAC failed.\n"); - err++; - } else { - std::string out_hex = ToHex(out, out_len); - if (out_hex != test->hex_digest) { - fprintf(stderr, "got %s instead of %s\n", out_hex.c_str(), - test->hex_digest); - err++; - } - } - - // Test that HMAC_Init, etc., uses the empty key when called initially with - // key = NULL. - assert(test->key_len == 0); - ScopedHMAC_CTX ctx; - if (!HMAC_Init_ex(ctx.get(), NULL, 0, EVP_md5(), NULL) || - !HMAC_Update(ctx.get(), test->data, test->data_len) || - !HMAC_Final(ctx.get(), out, &out_len)) { - fprintf(stderr, "HMAC failed.\n"); - err++; - } else { - std::string out_hex = ToHex(out, out_len); - if (out_hex != test->hex_digest) { - fprintf(stderr, "got %s instead of %s\n", out_hex.c_str(), - test->hex_digest); - err++; - } - } - - if (err) { + if (argc != 2) { + fprintf(stderr, "%s <test file.txt>\n", argv[0]); return 1; } - printf("PASS\n"); - return 0; + return FileTestMain(TestHMAC, argv[1]); }
diff --git a/crypto/hmac/hmac_tests.txt b/crypto/hmac/hmac_tests.txt new file mode 100644 index 0000000..141b1ed --- /dev/null +++ b/crypto/hmac/hmac_tests.txt
@@ -0,0 +1,99 @@ +HMAC = MD5 +# Note: The empty key results in passing NULL to HMAC_Init_ex, so this tests +# that HMAC_CTX and HMAC treat NULL as the empty key initially. +Key = +Input = "More text test vectors to stuff up EBCDIC machines :-)" +Output = e9139d1e6ee064ef8cf514fc7dc83e86 + +# HMAC tests from RFC2104 +HMAC = MD5 +Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Input = "Hi There" +Output = 9294727a3638bb1c13f48ef8158bfc9d + +HMAC = MD5 +Key = "Jefe" +Input = "what do ya want for nothing?" +Output = 750c783e6ab0b503eaa86e310a5db738 + +HMAC = MD5 +Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD +Output = 56be34521d144c88dbb8c733f0e8b3f6 + +# HMAC tests from NIST test data + +HMAC = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29 + +HMAC = SHA1 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F10111213 +Output = 4C99FF0CB1B31BD33F8431DBAF4D17FCD356A807 + +HMAC = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = 2D51B2F7750E410584662E38F133435F4C4FD42A + +HMAC = SHA224 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B + +HMAC = SHA224 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B +Output = E3D249A8CFB67EF8B7A169E9A0A599714A2CECBA65999A51BEB8FBBE + +HMAC = SHA224 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = 91C52509E5AF8531601AE6230099D90BEF88AAEFB961F4080ABC014D + +HMAC = SHA256 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 8BB9A1DB9806F20DF7F77B82138C7914D174D59E13DC4D0169C9057B133E1D62 + +HMAC = SHA256 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Output = A28CF43130EE696A98F14A37678B56BCFCBDD9E5CF69717FECF5480F0EBDF790 + +HMAC = SHA256 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = BDCCB6C72DDEADB500AE768386CB38CC41C63DBB0878DDB9C7A38A431B78378D + +HMAC = SHA384 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Output = 63C5DAA5E651847CA897C95814AB830BEDEDC7D25E83EEF9195CD45857A37F448947858F5AF50CC2B1B730DDF29671A9 + +HMAC = SHA384 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F +Output = 6EB242BDBB582CA17BEBFA481B1E23211464D2B7F8C20B9FF2201637B93646AF5AE9AC316E98DB45D9CAE773675EEED0 + +HMAC = SHA384 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 5B664436DF69B0CA22551231A3F0A3D5B4F97991713CFA84BFF4D0792EFF96C27DCCBBB6F79B65D548B40E8564CEF594 + +HMAC = SHA512 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Output = FC25E240658CA785B7A811A8D3F7B4CA48CFA26A8A366BF2CD1F836B05FCB024BD36853081811D6CEA4216EBAD79DA1CFCB95EA4586B8A0CE356596A55FB1347 + +HMAC = SHA512 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = FD44C18BDA0BB0A6CE0E82B031BF2818F6539BD56EC00BDC10A8A2D730B3634DE2545D639B0F2CF710D0692C72A1896F1F211C2B922D1A96C392E07E7EA9FEDC + +HMAC = SHA512 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = D93EC8D2DE1AD2A9957CB9B83F14E76AD6B5E0CCE285079A127D3B14BCCB7AA7286D4AC0D4CE64215F2BC9E6870B33D97438BE4AAA20CDA5C5A912B48B8E27F3
diff --git a/crypto/test/CMakeLists.txt b/crypto/test/CMakeLists.txt new file mode 100644 index 0000000..0d5ca81 --- /dev/null +++ b/crypto/test/CMakeLists.txt
@@ -0,0 +1,7 @@ +add_library( + test_support + + OBJECT + + file_test.cc +)
diff --git a/crypto/test/file_test.cc b/crypto/test/file_test.cc new file mode 100644 index 0000000..907e57b --- /dev/null +++ b/crypto/test/file_test.cc
@@ -0,0 +1,295 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "file_test.h" + +#include <ctype.h> +#include <errno.h> +#include <stdarg.h> +#include <string.h> + +#include "stl_compat.h" + + +FileTest::FileTest(const char *path) { + file_ = fopen(path, "r"); + if (file_ == nullptr) { + fprintf(stderr, "Could not open file %s: %s.\n", path, strerror(errno)); + } +} + +FileTest::~FileTest() { + if (file_ != nullptr) { + fclose(file_); + } +} + +// FindDelimiter returns a pointer to the first '=' or ':' in |str| or nullptr +// if there is none. +static const char *FindDelimiter(const char *str) { + while (*str) { + if (*str == ':' || *str == '=') { + return str; + } + str++; + } + return nullptr; +} + +// StripSpace returns a string containing up to |len| characters from |str| with +// leading and trailing whitespace removed. +static std::string StripSpace(const char *str, size_t len) { + // Remove leading space. + while (len > 0 && isspace(*str)) { + str++; + len--; + } + while (len > 0 && isspace(str[len-1])) { + len--; + } + return std::string(str, len); +} + +FileTest::ReadResult FileTest::ReadNext() { + // If the previous test had unused attributes or block, it is an error. + if (!unused_attributes_.empty()) { + for (const std::string &key : unused_attributes_) { + PrintLine("Unused attribute: %s", key.c_str()); + } + return kReadError; + } + if (!block_.empty() && !used_block_) { + PrintLine("Unused block"); + return kReadError; + } + + ClearTest(); + + bool in_block = false; + while (true) { + // Read the next line. + char buf[4096]; + if (fgets(buf, sizeof(buf), file_) == nullptr) { + if (feof(file_)) { + if (in_block) { + fprintf(stderr, "Unterminated block.\n"); + return kReadError; + } + // EOF is a valid terminator for a test. + return start_line_ > 0 ? kReadSuccess : kReadEOF; + } + fprintf(stderr, "Error reading from input.\n"); + return kReadError; + } + + line_++; + size_t len = strlen(buf); + // Check for truncation. + if (len > 0 && buf[len - 1] != '\n' && !feof(file_)) { + fprintf(stderr, "Line %u too long.\n", line_); + return kReadError; + } + + bool is_delimiter = strncmp(buf, "---", 3) == 0; + if (in_block) { + block_ += buf; + if (is_delimiter) { + // Ending the block completes the test. + return kReadSuccess; + } + } else if (is_delimiter) { + if (start_line_ == 0) { + fprintf(stderr, "Line %u: Unexpected block.\n", line_); + return kReadError; + } + in_block = true; + block_ += buf; + } else if (buf[0] == '\n' || buf[0] == '\0') { + // Empty lines delimit tests. + if (start_line_ > 0) { + return kReadSuccess; + } + } else if (buf[0] != '#') { // Comment lines are ignored. + // Parse the line as an attribute. + const char *delimiter = FindDelimiter(buf); + if (delimiter == nullptr) { + fprintf(stderr, "Line %u: Could not parse attribute.\n", line_); + } + std::string key = StripSpace(buf, delimiter - buf); + std::string value = StripSpace(delimiter + 1, + buf + len - delimiter - 1); + + unused_attributes_.insert(key); + attributes_[key] = value; + if (start_line_ == 0) { + // This is the start of a test. + type_ = key; + parameter_ = value; + start_line_ = line_; + } + } + } +} + +void FileTest::PrintLine(const char *format, ...) { + va_list args; + va_start(args, format); + + fprintf(stderr, "Line %u: ", start_line_); + vfprintf(stderr, format, args); + fprintf(stderr, "\n"); + + va_end(args); +} + +const std::string &FileTest::GetType() { + OnKeyUsed(type_); + return type_; +} + +const std::string &FileTest::GetParameter() { + OnKeyUsed(type_); + return parameter_; +} + +const std::string &FileTest::GetBlock() { + used_block_ = true; + return block_; +} + +bool FileTest::HasAttribute(const std::string &key) { + OnKeyUsed(key); + return attributes_.count(key) > 0; +} + +bool FileTest::GetAttribute(std::string *out_value, const std::string &key) { + OnKeyUsed(key); + auto iter = attributes_.find(key); + if (iter == attributes_.end()) { + PrintLine("Missing attribute '%s'.", key.c_str()); + return false; + } + *out_value = iter->second; + return true; +} + +static bool FromHexDigit(uint8_t *out, char c) { + if ('0' <= c && c <= '9') { + *out = c - '0'; + return true; + } + if ('a' <= c && c <= 'f') { + *out = c - 'a' + 10; + return true; + } + if ('A' <= c && c <= 'F') { + *out = c - 'A' + 10; + return true; + } + return false; +} + +bool FileTest::GetBytes(std::vector<uint8_t> *out, const std::string &key) { + std::string value; + if (!GetAttribute(&value, key)) { + return false; + } + + if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') { + out->assign(value.begin() + 1, value.end() - 1); + return true; + } + + if (value.size() % 2 != 0) { + PrintLine("Error decoding value: %s", value.c_str()); + return false; + } + out->reserve(value.size() / 2); + for (size_t i = 0; i < value.size(); i += 2) { + uint8_t hi, lo; + if (!FromHexDigit(&hi, value[i]) || !FromHexDigit(&lo, value[i+1])) { + PrintLine("Error decoding value: %s", value.c_str()); + return false; + } + out->push_back((hi << 4) | lo); + } + return true; +} + +static std::string EncodeHex(const uint8_t *in, size_t in_len) { + static const char kHexDigits[] = "0123456789abcdef"; + std::string ret; + ret.reserve(in_len * 2); + for (size_t i = 0; i < in_len; i++) { + ret += kHexDigits[in[i] >> 4]; + ret += kHexDigits[in[i] & 0xf]; + } + return ret; +} + +bool FileTest::ExpectBytesEqual(const uint8_t *expected, size_t expected_len, + const uint8_t *actual, size_t actual_len) { + if (expected_len == actual_len && + memcmp(expected, actual, expected_len) == 0) { + return true; + } + + std::string expected_hex = EncodeHex(expected, expected_len); + std::string actual_hex = EncodeHex(actual, actual_len); + PrintLine("Expected: %s", expected_hex.c_str()); + PrintLine("Actual: %s", actual_hex.c_str()); + return false; +} + +void FileTest::ClearTest() { + start_line_ = 0; + type_.clear(); + parameter_.clear(); + attributes_.clear(); + block_.clear(); + unused_attributes_.clear(); + used_block_ = false; +} + +void FileTest::OnKeyUsed(const std::string &key) { + unused_attributes_.erase(key); +} + +int FileTestMain(bool (*run_test)(FileTest *t), const char *path) { + FileTest t(path); + if (!t.is_open()) { + return 1; + } + + bool failed = false; + while (true) { + FileTest::ReadResult ret = t.ReadNext(); + if (ret == FileTest::kReadError) { + return 1; + } else if (ret == FileTest::kReadEOF) { + break; + } + + if (!run_test(&t)) { + failed = true; + } + } + + if (failed) { + return 1; + } + + printf("PASS\n"); + return 0; +}
diff --git a/crypto/test/file_test.h b/crypto/test/file_test.h new file mode 100644 index 0000000..5ea65c1 --- /dev/null +++ b/crypto/test/file_test.h
@@ -0,0 +1,159 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H +#define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H + +#include <stdint.h> +#include <stdio.h> + +#include <string> +#include <map> +#include <set> +#include <vector> + + +// File-based test framework. +// +// This module provides a file-based test framework. The file format is based on +// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. Each input +// file is a sequence of attributes, blocks, and blank lines. +// +// Each attribute has the form: +// +// Name = Value +// +// Either '=' or ':' may be used to delimit the name from the value. Both the +// name and value have leading and trailing spaces stripped. +// +// Blocks are delimited by lines beginning with three hyphens, "---". One such +// line begins a block and another ends it. Blocks are intended as a convenient +// way to embed PEM data and include their delimiters. +// +// Outside a block, lines beginning with # are ignored. +// +// A test is a sequence of one or more attributes followed by a block or blank +// line. Blank lines are otherwise ignored. For tests that process multiple +// kinds of test cases, the first attribute is parsed out as the test's type and +// parameter. Otherwise, attributes are unordered. The first attribute is also +// included in the set of attributes, so tests which do not dispatch may ignore +// this mechanism. +// +// Functions in this module freely output to |stderr| on failure. Tests should +// also do so, and it is recommended they include the corresponding test's line +// number in any output. |PrintLine| does this automatically. +// +// Each attribute in a test must be consumed. When a test completes, if any +// attributes haven't been processed, the framework reports an error. + + +class FileTest { + public: + explicit FileTest(const char *path); + ~FileTest(); + + // is_open returns true if the file was successfully opened. + bool is_open() const { return file_ != nullptr; } + + enum ReadResult { + kReadSuccess, + kReadEOF, + kReadError, + }; + + // ReadNext reads the next test from the file. It returns |kReadSuccess| if + // successfully reading a test and |kReadEOF| at the end of the file. On + // error or if the previous test had unconsumed attributes, it returns + // |kReadError|. + ReadResult ReadNext(); + + // PrintLine is a variant of printf which prepends the line number and appends + // a trailing newline. + void PrintLine(const char *format, ...) +#ifdef __GNUC__ + __attribute__((__format__(__printf__, 2, 3))) +#endif + ; + + unsigned start_line() const { return start_line_; } + + // GetType returns the name of the first attribute of the current test. + const std::string &GetType(); + // GetParameter returns the value of the first attribute of the current test. + const std::string &GetParameter(); + // GetBlock returns the optional block of the current test, or the empty + // if there was no block. + const std::string &GetBlock(); + + // HasAttribute returns true if the current test has an attribute named |key|. + bool HasAttribute(const std::string &key); + + // GetAttribute looks up the attribute with key |key|. It sets |*out_value| to + // the value and returns true if it exists and returns false with an error to + // |stderr| otherwise. + bool GetAttribute(std::string *out_value, const std::string &key); + + // GetBytes looks up the attribute with key |key| and decodes it as a byte + // string. On success, it writes the result to |*out| and returns + // true. Otherwise it returns false with an error to |stderr|. The value may + // be either a hexadecimal string or a quoted ASCII string. It returns true on + // success and returns false with an error to |stderr| on failure. + bool GetBytes(std::vector<uint8_t> *out, const std::string &key); + + // ExpectBytesEqual returns true if |expected| and |actual| are equal. + // Otherwise, it returns false and prints a message to |stderr|. + bool ExpectBytesEqual(const uint8_t *expected, size_t expected_len, + const uint8_t *actual, size_t actual_len); + + private: + void ClearTest(); + void OnKeyUsed(const std::string &key); + + FILE *file_ = nullptr; + // line_ is the number of lines read. + unsigned line_ = 0; + + // start_line_ is the line number of the first attribute of the test. + unsigned start_line_ = 0; + // type_ is the name of the first attribute of the test. + std::string type_; + // parameter_ is the value of the first attribute. + std::string parameter_; + // attributes_ contains all attributes in the test, including the first. + std::map<std::string, std::string> attributes_; + // block_, if non-empty, is the test's optional trailing block. + std::string block_; + + // unused_attributes_ is the set of attributes that have been queried. + std::set<std::string> unused_attributes_; + // used_block_ is true if the block has been queried. + bool used_block_ = false; + + FileTest(const FileTest&) = delete; + FileTest &operator=(const FileTest&) = delete; +}; + +// FileTestMain runs a file-based test out of |path| and returns an exit code +// suitable to return out of |main|. |run_test| should return true on pass and +// false on failure. +// +// Tests are guaranteed to run serially and may affect global state if need be. +// It is legal to use "tests" which, for example, import a private key into a +// list of keys. This may be used to initialize a shared set of keys for many +// tests. However, if one test fails, the framework will continue to run +// subsequent tests. +int FileTestMain(bool (*run_test)(FileTest *t), const char *path); + + +#endif /* OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H */
diff --git a/util/all_tests.go b/util/all_tests.go index 3cd5798..90aa424 100644 --- a/util/all_tests.go +++ b/util/all_tests.go
@@ -77,7 +77,7 @@ {"crypto/evp/evp_test"}, {"crypto/evp/pbkdf_test"}, {"crypto/hkdf/hkdf_test"}, - {"crypto/hmac/hmac_test"}, + {"crypto/hmac/hmac_test", "crypto/hmac/hmac_tests.txt"}, {"crypto/lhash/lhash_test"}, {"crypto/modes/gcm_test"}, {"crypto/pkcs8/pkcs12_test"},