Add file-based test framework and convert hmac_test.
This adds a file-based test framework to crypto/test. It knows how to
parse formats similar to either upstream's evp_test and our aead_test.
hmac_test has been converted to that with tests from upstream's
evp_test. Upstream tests it against the deprecated EVP_PKEY_HMAC API,
which will be tested by running evp_test against the same input file, to
avoid having to duplicate the test vectors. hmac_test runs those same
inputs against the supported HMAC_CTX APIs.
Change-Id: I9d2b6adb9be519760d1db282b9d43efd6f9adffb
Reviewed-on: https://boringssl-review.googlesource.com/4701
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 5927a05..6433dc6 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -138,6 +138,9 @@
# Level 4
add_subdirectory(pkcs8)
+# Test support code
+add_subdirectory(test)
+
add_library(
crypto
diff --git a/crypto/hmac/CMakeLists.txt b/crypto/hmac/CMakeLists.txt
index 5d8c298..1a08c55 100644
--- a/crypto/hmac/CMakeLists.txt
+++ b/crypto/hmac/CMakeLists.txt
@@ -13,6 +13,7 @@
hmac_test
hmac_test.cc
+ $<TARGET_OBJECTS:test_support>
)
target_link_libraries(hmac_test crypto)
diff --git a/crypto/hmac/hmac_test.cc b/crypto/hmac/hmac_test.cc
index 68e6c8f..e512827 100644
--- a/crypto/hmac/hmac_test.cc
+++ b/crypto/hmac/hmac_test.cc
@@ -54,169 +54,118 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <string>
+#include <vector>
#include <openssl/crypto.h>
#include <openssl/digest.h>
#include <openssl/hmac.h>
-#include <openssl/mem.h>
+#include "../test/file_test.h"
#include "../test/scoped_types.h"
+#include "../test/stl_compat.h"
-struct Test {
- uint8_t key[16];
- size_t key_len;
- uint8_t data[64];
- size_t data_len;
- const char *hex_digest;
-};
-
-static const Test kTests[] = {
- {
- "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
- "e9139d1e6ee064ef8cf514fc7dc83e86",
- },
- {
- {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b,
- },
- 16,
- "Hi There",
- 8,
- "9294727a3638bb1c13f48ef8158bfc9d",
- },
- {
- "Jefe", 4, "what do ya want for nothing?", 28,
- "750c783e6ab0b503eaa86e310a5db738",
- },
- {
- {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa,
- },
- 16,
- {
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd,
- },
- 50,
- "56be34521d144c88dbb8c733f0e8b3f6",
- },
-};
-
-static std::string ToHex(const uint8_t *md, size_t md_len) {
- std::string ret;
- for (size_t i = 0; i < md_len; i++) {
- char buf[2 + 1 /* NUL */];
- BIO_snprintf(buf, sizeof(buf), "%02x", md[i]);
- ret.append(buf, 2);
+static const EVP_MD *GetDigest(const std::string &name) {
+ if (name == "MD5") {
+ return EVP_md5();
+ } else if (name == "SHA1") {
+ return EVP_sha1();
+ } else if (name == "SHA224") {
+ return EVP_sha224();
+ } else if (name == "SHA256") {
+ return EVP_sha256();
+ } else if (name == "SHA384") {
+ return EVP_sha384();
+ } else if (name == "SHA512") {
+ return EVP_sha512();
}
- return ret;
+ return nullptr;
+}
+
+static bool TestHMAC(FileTest *t) {
+ std::string digest_str;
+ if (!t->GetAttribute(&digest_str, "HMAC")) {
+ return false;
+ }
+ const EVP_MD *digest = GetDigest(digest_str);
+ if (digest == nullptr) {
+ t->PrintLine("Unknown digest '%s'", digest_str.c_str());
+ return false;
+ }
+
+ std::vector<uint8_t> key, input, output;
+ if (!t->GetBytes(&key, "Key") ||
+ !t->GetBytes(&input, "Input") ||
+ !t->GetBytes(&output, "Output")) {
+ return false;
+ }
+
+ // Test using the one-shot API.
+ uint8_t mac[EVP_MAX_MD_SIZE];
+ unsigned mac_len;
+ if (nullptr == HMAC(digest, bssl::vector_data(&key), key.size(),
+ bssl::vector_data(&input), input.size(), mac,
+ &mac_len) ||
+ !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac,
+ mac_len)) {
+ t->PrintLine("One-shot API failed.");
+ return false;
+ }
+
+ // Test using HMAC_CTX.
+ ScopedHMAC_CTX ctx;
+ if (!HMAC_Init_ex(ctx.get(), bssl::vector_data(&key), key.size(), digest,
+ nullptr) ||
+ !HMAC_Update(ctx.get(), bssl::vector_data(&input), input.size()) ||
+ !HMAC_Final(ctx.get(), mac, &mac_len) ||
+ !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac,
+ mac_len)) {
+ t->PrintLine("HMAC_CTX failed.");
+ return false;
+ }
+
+ // Test that an HMAC_CTX may be reset with the same key.
+ if (!HMAC_Init_ex(ctx.get(), nullptr, 0, digest, nullptr) ||
+ !HMAC_Update(ctx.get(), bssl::vector_data(&input), input.size()) ||
+ !HMAC_Final(ctx.get(), mac, &mac_len) ||
+ !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac,
+ mac_len)) {
+ t->PrintLine("HMAC_CTX with reset failed.");
+ return false;
+ }
+
+ // Test feeding the input in byte by byte.
+ if (!HMAC_Init_ex(ctx.get(), nullptr, 0, nullptr, nullptr)) {
+ t->PrintLine("HMAC_CTX streaming failed.");
+ return false;
+ }
+ for (size_t i = 0; i < input.size(); i++) {
+ if (!HMAC_Update(ctx.get(), &input[i], 1)) {
+ t->PrintLine("HMAC_CTX streaming failed.");
+ return false;
+ }
+ }
+ if (!HMAC_Final(ctx.get(), mac, &mac_len) ||
+ !t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), mac,
+ mac_len)) {
+ t->PrintLine("HMAC_CTX streaming failed.");
+ return false;
+ }
+
+ return true;
}
int main(int argc, char *argv[]) {
- int err = 0;
- uint8_t out[EVP_MAX_MD_SIZE];
- unsigned out_len;
-
CRYPTO_library_init();
- for (unsigned i = 0; i < sizeof(kTests) / sizeof(kTests[0]); i++) {
- const Test *test = &kTests[i];
-
- // Test using the one-shot API.
- if (NULL == HMAC(EVP_md5(), test->key, test->key_len, test->data,
- test->data_len, out, &out_len)) {
- fprintf(stderr, "%u: HMAC failed.\n", i);
- err++;
- continue;
- }
- std::string out_hex = ToHex(out, out_len);
- if (out_hex != test->hex_digest) {
- fprintf(stderr, "%u: got %s instead of %s\n", i, out_hex.c_str(),
- test->hex_digest);
- err++;
- }
-
- // Test using HMAC_CTX.
- ScopedHMAC_CTX ctx;
- if (!HMAC_Init_ex(ctx.get(), test->key, test->key_len, EVP_md5(), NULL) ||
- !HMAC_Update(ctx.get(), test->data, test->data_len) ||
- !HMAC_Final(ctx.get(), out, &out_len)) {
- fprintf(stderr, "%u: HMAC failed.\n", i);
- err++;
- continue;
- }
- out_hex = ToHex(out, out_len);
- if (out_hex != test->hex_digest) {
- fprintf(stderr, "%u: got %s instead of %s\n", i, out_hex.c_str(),
- test->hex_digest);
- err++;
- }
-
- // Test that an HMAC_CTX may be reset with the same key.
- if (!HMAC_Init_ex(ctx.get(), NULL, 0, EVP_md5(), NULL) ||
- !HMAC_Update(ctx.get(), test->data, test->data_len) ||
- !HMAC_Final(ctx.get(), out, &out_len)) {
- fprintf(stderr, "%u: HMAC failed.\n", i);
- err++;
- continue;
- }
- out_hex = ToHex(out, out_len);
- if (out_hex != test->hex_digest) {
- fprintf(stderr, "%u: got %s instead of %s\n", i, out_hex.c_str(),
- test->hex_digest);
- err++;
- }
- }
-
- // Test that HMAC() uses the empty key when called with key = NULL.
- const Test *test = &kTests[0];
- assert(test->key_len == 0);
- if (NULL == HMAC(EVP_md5(), NULL, 0, test->data, test->data_len, out,
- &out_len)) {
- fprintf(stderr, "HMAC failed.\n");
- err++;
- } else {
- std::string out_hex = ToHex(out, out_len);
- if (out_hex != test->hex_digest) {
- fprintf(stderr, "got %s instead of %s\n", out_hex.c_str(),
- test->hex_digest);
- err++;
- }
- }
-
- // Test that HMAC_Init, etc., uses the empty key when called initially with
- // key = NULL.
- assert(test->key_len == 0);
- ScopedHMAC_CTX ctx;
- if (!HMAC_Init_ex(ctx.get(), NULL, 0, EVP_md5(), NULL) ||
- !HMAC_Update(ctx.get(), test->data, test->data_len) ||
- !HMAC_Final(ctx.get(), out, &out_len)) {
- fprintf(stderr, "HMAC failed.\n");
- err++;
- } else {
- std::string out_hex = ToHex(out, out_len);
- if (out_hex != test->hex_digest) {
- fprintf(stderr, "got %s instead of %s\n", out_hex.c_str(),
- test->hex_digest);
- err++;
- }
- }
-
- if (err) {
+ if (argc != 2) {
+ fprintf(stderr, "%s <test file.txt>\n", argv[0]);
return 1;
}
- printf("PASS\n");
- return 0;
+ return FileTestMain(TestHMAC, argv[1]);
}
diff --git a/crypto/hmac/hmac_tests.txt b/crypto/hmac/hmac_tests.txt
new file mode 100644
index 0000000..141b1ed
--- /dev/null
+++ b/crypto/hmac/hmac_tests.txt
@@ -0,0 +1,99 @@
+HMAC = MD5
+# Note: The empty key results in passing NULL to HMAC_Init_ex, so this tests
+# that HMAC_CTX and HMAC treat NULL as the empty key initially.
+Key =
+Input = "More text test vectors to stuff up EBCDIC machines :-)"
+Output = e9139d1e6ee064ef8cf514fc7dc83e86
+
+# HMAC tests from RFC2104
+HMAC = MD5
+Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Input = "Hi There"
+Output = 9294727a3638bb1c13f48ef8158bfc9d
+
+HMAC = MD5
+Key = "Jefe"
+Input = "what do ya want for nothing?"
+Output = 750c783e6ab0b503eaa86e310a5db738
+
+HMAC = MD5
+Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
+Output = 56be34521d144c88dbb8c733f0e8b3f6
+
+# HMAC tests from NIST test data
+
+HMAC = SHA1
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29
+
+HMAC = SHA1
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F10111213
+Output = 4C99FF0CB1B31BD33F8431DBAF4D17FCD356A807
+
+HMAC = SHA1
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = 2D51B2F7750E410584662E38F133435F4C4FD42A
+
+HMAC = SHA224
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B
+
+HMAC = SHA224
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B
+Output = E3D249A8CFB67EF8B7A169E9A0A599714A2CECBA65999A51BEB8FBBE
+
+HMAC = SHA224
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = 91C52509E5AF8531601AE6230099D90BEF88AAEFB961F4080ABC014D
+
+HMAC = SHA256
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = 8BB9A1DB9806F20DF7F77B82138C7914D174D59E13DC4D0169C9057B133E1D62
+
+HMAC = SHA256
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Output = A28CF43130EE696A98F14A37678B56BCFCBDD9E5CF69717FECF5480F0EBDF790
+
+HMAC = SHA256
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Output = BDCCB6C72DDEADB500AE768386CB38CC41C63DBB0878DDB9C7A38A431B78378D
+
+HMAC = SHA384
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Output = 63C5DAA5E651847CA897C95814AB830BEDEDC7D25E83EEF9195CD45857A37F448947858F5AF50CC2B1B730DDF29671A9
+
+HMAC = SHA384
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F
+Output = 6EB242BDBB582CA17BEBFA481B1E23211464D2B7F8C20B9FF2201637B93646AF5AE9AC316E98DB45D9CAE773675EEED0
+
+HMAC = SHA384
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Output = 5B664436DF69B0CA22551231A3F0A3D5B4F97991713CFA84BFF4D0792EFF96C27DCCBBB6F79B65D548B40E8564CEF594
+
+HMAC = SHA512
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Output = FC25E240658CA785B7A811A8D3F7B4CA48CFA26A8A366BF2CD1F836B05FCB024BD36853081811D6CEA4216EBAD79DA1CFCB95EA4586B8A0CE356596A55FB1347
+
+HMAC = SHA512
+Input = "Sample message for keylen<blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+Output = FD44C18BDA0BB0A6CE0E82B031BF2818F6539BD56EC00BDC10A8A2D730B3634DE2545D639B0F2CF710D0692C72A1896F1F211C2B922D1A96C392E07E7EA9FEDC
+
+HMAC = SHA512
+Input = "Sample message for keylen=blocklen"
+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Output = D93EC8D2DE1AD2A9957CB9B83F14E76AD6B5E0CCE285079A127D3B14BCCB7AA7286D4AC0D4CE64215F2BC9E6870B33D97438BE4AAA20CDA5C5A912B48B8E27F3
diff --git a/crypto/test/CMakeLists.txt b/crypto/test/CMakeLists.txt
new file mode 100644
index 0000000..0d5ca81
--- /dev/null
+++ b/crypto/test/CMakeLists.txt
@@ -0,0 +1,7 @@
+add_library(
+ test_support
+
+ OBJECT
+
+ file_test.cc
+)
diff --git a/crypto/test/file_test.cc b/crypto/test/file_test.cc
new file mode 100644
index 0000000..907e57b
--- /dev/null
+++ b/crypto/test/file_test.cc
@@ -0,0 +1,295 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "file_test.h"
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include "stl_compat.h"
+
+
+FileTest::FileTest(const char *path) {
+ file_ = fopen(path, "r");
+ if (file_ == nullptr) {
+ fprintf(stderr, "Could not open file %s: %s.\n", path, strerror(errno));
+ }
+}
+
+FileTest::~FileTest() {
+ if (file_ != nullptr) {
+ fclose(file_);
+ }
+}
+
+// FindDelimiter returns a pointer to the first '=' or ':' in |str| or nullptr
+// if there is none.
+static const char *FindDelimiter(const char *str) {
+ while (*str) {
+ if (*str == ':' || *str == '=') {
+ return str;
+ }
+ str++;
+ }
+ return nullptr;
+}
+
+// StripSpace returns a string containing up to |len| characters from |str| with
+// leading and trailing whitespace removed.
+static std::string StripSpace(const char *str, size_t len) {
+ // Remove leading space.
+ while (len > 0 && isspace(*str)) {
+ str++;
+ len--;
+ }
+ while (len > 0 && isspace(str[len-1])) {
+ len--;
+ }
+ return std::string(str, len);
+}
+
+FileTest::ReadResult FileTest::ReadNext() {
+ // If the previous test had unused attributes or block, it is an error.
+ if (!unused_attributes_.empty()) {
+ for (const std::string &key : unused_attributes_) {
+ PrintLine("Unused attribute: %s", key.c_str());
+ }
+ return kReadError;
+ }
+ if (!block_.empty() && !used_block_) {
+ PrintLine("Unused block");
+ return kReadError;
+ }
+
+ ClearTest();
+
+ bool in_block = false;
+ while (true) {
+ // Read the next line.
+ char buf[4096];
+ if (fgets(buf, sizeof(buf), file_) == nullptr) {
+ if (feof(file_)) {
+ if (in_block) {
+ fprintf(stderr, "Unterminated block.\n");
+ return kReadError;
+ }
+ // EOF is a valid terminator for a test.
+ return start_line_ > 0 ? kReadSuccess : kReadEOF;
+ }
+ fprintf(stderr, "Error reading from input.\n");
+ return kReadError;
+ }
+
+ line_++;
+ size_t len = strlen(buf);
+ // Check for truncation.
+ if (len > 0 && buf[len - 1] != '\n' && !feof(file_)) {
+ fprintf(stderr, "Line %u too long.\n", line_);
+ return kReadError;
+ }
+
+ bool is_delimiter = strncmp(buf, "---", 3) == 0;
+ if (in_block) {
+ block_ += buf;
+ if (is_delimiter) {
+ // Ending the block completes the test.
+ return kReadSuccess;
+ }
+ } else if (is_delimiter) {
+ if (start_line_ == 0) {
+ fprintf(stderr, "Line %u: Unexpected block.\n", line_);
+ return kReadError;
+ }
+ in_block = true;
+ block_ += buf;
+ } else if (buf[0] == '\n' || buf[0] == '\0') {
+ // Empty lines delimit tests.
+ if (start_line_ > 0) {
+ return kReadSuccess;
+ }
+ } else if (buf[0] != '#') { // Comment lines are ignored.
+ // Parse the line as an attribute.
+ const char *delimiter = FindDelimiter(buf);
+ if (delimiter == nullptr) {
+ fprintf(stderr, "Line %u: Could not parse attribute.\n", line_);
+ }
+ std::string key = StripSpace(buf, delimiter - buf);
+ std::string value = StripSpace(delimiter + 1,
+ buf + len - delimiter - 1);
+
+ unused_attributes_.insert(key);
+ attributes_[key] = value;
+ if (start_line_ == 0) {
+ // This is the start of a test.
+ type_ = key;
+ parameter_ = value;
+ start_line_ = line_;
+ }
+ }
+ }
+}
+
+void FileTest::PrintLine(const char *format, ...) {
+ va_list args;
+ va_start(args, format);
+
+ fprintf(stderr, "Line %u: ", start_line_);
+ vfprintf(stderr, format, args);
+ fprintf(stderr, "\n");
+
+ va_end(args);
+}
+
+const std::string &FileTest::GetType() {
+ OnKeyUsed(type_);
+ return type_;
+}
+
+const std::string &FileTest::GetParameter() {
+ OnKeyUsed(type_);
+ return parameter_;
+}
+
+const std::string &FileTest::GetBlock() {
+ used_block_ = true;
+ return block_;
+}
+
+bool FileTest::HasAttribute(const std::string &key) {
+ OnKeyUsed(key);
+ return attributes_.count(key) > 0;
+}
+
+bool FileTest::GetAttribute(std::string *out_value, const std::string &key) {
+ OnKeyUsed(key);
+ auto iter = attributes_.find(key);
+ if (iter == attributes_.end()) {
+ PrintLine("Missing attribute '%s'.", key.c_str());
+ return false;
+ }
+ *out_value = iter->second;
+ return true;
+}
+
+static bool FromHexDigit(uint8_t *out, char c) {
+ if ('0' <= c && c <= '9') {
+ *out = c - '0';
+ return true;
+ }
+ if ('a' <= c && c <= 'f') {
+ *out = c - 'a' + 10;
+ return true;
+ }
+ if ('A' <= c && c <= 'F') {
+ *out = c - 'A' + 10;
+ return true;
+ }
+ return false;
+}
+
+bool FileTest::GetBytes(std::vector<uint8_t> *out, const std::string &key) {
+ std::string value;
+ if (!GetAttribute(&value, key)) {
+ return false;
+ }
+
+ if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') {
+ out->assign(value.begin() + 1, value.end() - 1);
+ return true;
+ }
+
+ if (value.size() % 2 != 0) {
+ PrintLine("Error decoding value: %s", value.c_str());
+ return false;
+ }
+ out->reserve(value.size() / 2);
+ for (size_t i = 0; i < value.size(); i += 2) {
+ uint8_t hi, lo;
+ if (!FromHexDigit(&hi, value[i]) || !FromHexDigit(&lo, value[i+1])) {
+ PrintLine("Error decoding value: %s", value.c_str());
+ return false;
+ }
+ out->push_back((hi << 4) | lo);
+ }
+ return true;
+}
+
+static std::string EncodeHex(const uint8_t *in, size_t in_len) {
+ static const char kHexDigits[] = "0123456789abcdef";
+ std::string ret;
+ ret.reserve(in_len * 2);
+ for (size_t i = 0; i < in_len; i++) {
+ ret += kHexDigits[in[i] >> 4];
+ ret += kHexDigits[in[i] & 0xf];
+ }
+ return ret;
+}
+
+bool FileTest::ExpectBytesEqual(const uint8_t *expected, size_t expected_len,
+ const uint8_t *actual, size_t actual_len) {
+ if (expected_len == actual_len &&
+ memcmp(expected, actual, expected_len) == 0) {
+ return true;
+ }
+
+ std::string expected_hex = EncodeHex(expected, expected_len);
+ std::string actual_hex = EncodeHex(actual, actual_len);
+ PrintLine("Expected: %s", expected_hex.c_str());
+ PrintLine("Actual: %s", actual_hex.c_str());
+ return false;
+}
+
+void FileTest::ClearTest() {
+ start_line_ = 0;
+ type_.clear();
+ parameter_.clear();
+ attributes_.clear();
+ block_.clear();
+ unused_attributes_.clear();
+ used_block_ = false;
+}
+
+void FileTest::OnKeyUsed(const std::string &key) {
+ unused_attributes_.erase(key);
+}
+
+int FileTestMain(bool (*run_test)(FileTest *t), const char *path) {
+ FileTest t(path);
+ if (!t.is_open()) {
+ return 1;
+ }
+
+ bool failed = false;
+ while (true) {
+ FileTest::ReadResult ret = t.ReadNext();
+ if (ret == FileTest::kReadError) {
+ return 1;
+ } else if (ret == FileTest::kReadEOF) {
+ break;
+ }
+
+ if (!run_test(&t)) {
+ failed = true;
+ }
+ }
+
+ if (failed) {
+ return 1;
+ }
+
+ printf("PASS\n");
+ return 0;
+}
diff --git a/crypto/test/file_test.h b/crypto/test/file_test.h
new file mode 100644
index 0000000..5ea65c1
--- /dev/null
+++ b/crypto/test/file_test.h
@@ -0,0 +1,159 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H
+#define OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include <string>
+#include <map>
+#include <set>
+#include <vector>
+
+
+// File-based test framework.
+//
+// This module provides a file-based test framework. The file format is based on
+// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. Each input
+// file is a sequence of attributes, blocks, and blank lines.
+//
+// Each attribute has the form:
+//
+// Name = Value
+//
+// Either '=' or ':' may be used to delimit the name from the value. Both the
+// name and value have leading and trailing spaces stripped.
+//
+// Blocks are delimited by lines beginning with three hyphens, "---". One such
+// line begins a block and another ends it. Blocks are intended as a convenient
+// way to embed PEM data and include their delimiters.
+//
+// Outside a block, lines beginning with # are ignored.
+//
+// A test is a sequence of one or more attributes followed by a block or blank
+// line. Blank lines are otherwise ignored. For tests that process multiple
+// kinds of test cases, the first attribute is parsed out as the test's type and
+// parameter. Otherwise, attributes are unordered. The first attribute is also
+// included in the set of attributes, so tests which do not dispatch may ignore
+// this mechanism.
+//
+// Functions in this module freely output to |stderr| on failure. Tests should
+// also do so, and it is recommended they include the corresponding test's line
+// number in any output. |PrintLine| does this automatically.
+//
+// Each attribute in a test must be consumed. When a test completes, if any
+// attributes haven't been processed, the framework reports an error.
+
+
+class FileTest {
+ public:
+ explicit FileTest(const char *path);
+ ~FileTest();
+
+ // is_open returns true if the file was successfully opened.
+ bool is_open() const { return file_ != nullptr; }
+
+ enum ReadResult {
+ kReadSuccess,
+ kReadEOF,
+ kReadError,
+ };
+
+ // ReadNext reads the next test from the file. It returns |kReadSuccess| if
+ // successfully reading a test and |kReadEOF| at the end of the file. On
+ // error or if the previous test had unconsumed attributes, it returns
+ // |kReadError|.
+ ReadResult ReadNext();
+
+ // PrintLine is a variant of printf which prepends the line number and appends
+ // a trailing newline.
+ void PrintLine(const char *format, ...)
+#ifdef __GNUC__
+ __attribute__((__format__(__printf__, 2, 3)))
+#endif
+ ;
+
+ unsigned start_line() const { return start_line_; }
+
+ // GetType returns the name of the first attribute of the current test.
+ const std::string &GetType();
+ // GetParameter returns the value of the first attribute of the current test.
+ const std::string &GetParameter();
+ // GetBlock returns the optional block of the current test, or the empty
+ // if there was no block.
+ const std::string &GetBlock();
+
+ // HasAttribute returns true if the current test has an attribute named |key|.
+ bool HasAttribute(const std::string &key);
+
+ // GetAttribute looks up the attribute with key |key|. It sets |*out_value| to
+ // the value and returns true if it exists and returns false with an error to
+ // |stderr| otherwise.
+ bool GetAttribute(std::string *out_value, const std::string &key);
+
+ // GetBytes looks up the attribute with key |key| and decodes it as a byte
+ // string. On success, it writes the result to |*out| and returns
+ // true. Otherwise it returns false with an error to |stderr|. The value may
+ // be either a hexadecimal string or a quoted ASCII string. It returns true on
+ // success and returns false with an error to |stderr| on failure.
+ bool GetBytes(std::vector<uint8_t> *out, const std::string &key);
+
+ // ExpectBytesEqual returns true if |expected| and |actual| are equal.
+ // Otherwise, it returns false and prints a message to |stderr|.
+ bool ExpectBytesEqual(const uint8_t *expected, size_t expected_len,
+ const uint8_t *actual, size_t actual_len);
+
+ private:
+ void ClearTest();
+ void OnKeyUsed(const std::string &key);
+
+ FILE *file_ = nullptr;
+ // line_ is the number of lines read.
+ unsigned line_ = 0;
+
+ // start_line_ is the line number of the first attribute of the test.
+ unsigned start_line_ = 0;
+ // type_ is the name of the first attribute of the test.
+ std::string type_;
+ // parameter_ is the value of the first attribute.
+ std::string parameter_;
+ // attributes_ contains all attributes in the test, including the first.
+ std::map<std::string, std::string> attributes_;
+ // block_, if non-empty, is the test's optional trailing block.
+ std::string block_;
+
+ // unused_attributes_ is the set of attributes that have been queried.
+ std::set<std::string> unused_attributes_;
+ // used_block_ is true if the block has been queried.
+ bool used_block_ = false;
+
+ FileTest(const FileTest&) = delete;
+ FileTest &operator=(const FileTest&) = delete;
+};
+
+// FileTestMain runs a file-based test out of |path| and returns an exit code
+// suitable to return out of |main|. |run_test| should return true on pass and
+// false on failure.
+//
+// Tests are guaranteed to run serially and may affect global state if need be.
+// It is legal to use "tests" which, for example, import a private key into a
+// list of keys. This may be used to initialize a shared set of keys for many
+// tests. However, if one test fails, the framework will continue to run
+// subsequent tests.
+int FileTestMain(bool (*run_test)(FileTest *t), const char *path);
+
+
+#endif /* OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H */
diff --git a/util/all_tests.go b/util/all_tests.go
index 3cd5798..90aa424 100644
--- a/util/all_tests.go
+++ b/util/all_tests.go
@@ -77,7 +77,7 @@
{"crypto/evp/evp_test"},
{"crypto/evp/pbkdf_test"},
{"crypto/hkdf/hkdf_test"},
- {"crypto/hmac/hmac_test"},
+ {"crypto/hmac/hmac_test", "crypto/hmac/hmac_tests.txt"},
{"crypto/lhash/lhash_test"},
{"crypto/modes/gcm_test"},
{"crypto/pkcs8/pkcs12_test"},
