1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 #include "apu_errno.h"
21 #include "apr_pools.h"
23 #include "apr_crypto.h"
24 #include "apr_strings.h"
28 #define TEST_STRING "12345"
29 #define ALIGNED_STRING "123456789012345"
31 static const apr_crypto_driver_t *get_driver(abts_case *tc, apr_pool_t *pool,
32 const char *name, const char *params)
35 const apr_crypto_driver_t *driver = NULL;
36 const apu_err_t *err = NULL;
39 rv = apr_crypto_init(pool);
40 ABTS_ASSERT(tc, "failed to init apr_crypto", rv == APR_SUCCESS);
42 rv = apr_crypto_get_driver(&driver, name, params, &err, pool);
43 if (APR_SUCCESS != rv && err) {
44 ABTS_NOT_IMPL(tc, err->msg);
47 if (APR_ENOTIMPL == rv) {
48 ABTS_NOT_IMPL(tc, (char *)driver);
51 ABTS_ASSERT(tc, "failed to apr_crypto_get_driver", rv == APR_SUCCESS);
52 ABTS_ASSERT(tc, "apr_crypto_get_driver returned NULL", driver != NULL);
61 static const apr_crypto_driver_t *get_nss_driver(abts_case *tc,
66 return get_driver(tc, pool, "nss", "dir=data");
70 static const apr_crypto_driver_t *get_openssl_driver(abts_case *tc,
74 return get_driver(tc, pool, "openssl", NULL);
78 static apr_crypto_t *make(abts_case *tc, apr_pool_t *pool,
79 const apr_crypto_driver_t *driver)
82 apr_crypto_t *f = NULL;
89 apr_crypto_make(&f, driver, "engine=openssl", pool);
90 ABTS_ASSERT(tc, "apr_crypto_make returned NULL", f != NULL);
96 static const apr_crypto_key_t *passphrase(abts_case *tc, apr_pool_t *pool,
97 const apr_crypto_driver_t *driver, const apr_crypto_t *f,
98 apr_crypto_block_key_type_e type, apr_crypto_block_key_mode_e mode,
99 int doPad, const char *description)
102 apr_crypto_key_t *key = NULL;
103 const apu_err_t *result = NULL;
104 const char *pass = "secret";
105 const char *salt = "salt";
112 /* init the passphrase */
113 rv = apr_crypto_passphrase(&key, NULL, pass, strlen(pass),
114 (unsigned char *) salt, strlen(salt), type, mode, doPad, 4096, f,
116 if (APR_ENOCIPHER == rv) {
117 apr_crypto_error(&result, f);
118 ABTS_NOT_IMPL(tc, apr_psprintf(pool,
119 "skipped: %s %s passphrase return APR_ENOCIPHER: error %d: %s (%s)\n",
120 description, apr_crypto_driver_name(driver), result->rc,
121 result->reason ? result->reason : "", result->msg ? result->msg : ""));
125 if (APR_SUCCESS != rv) {
126 apr_crypto_error(&result, f);
127 fprintf(stderr, "passphrase: %s %s native error %d: %s (%s)\n",
128 description, apr_crypto_driver_name(driver), result->rc,
129 result->reason ? result->reason : "",
130 result->msg ? result->msg : "");
132 ABTS_ASSERT(tc, "apr_crypto_passphrase returned APR_ENOKEY", rv != APR_ENOKEY);
133 ABTS_ASSERT(tc, "apr_crypto_passphrase returned APR_EPADDING", rv != APR_EPADDING);
134 ABTS_ASSERT(tc, "apr_crypto_passphrase returned APR_EKEYTYPE", rv != APR_EKEYTYPE);
135 ABTS_ASSERT(tc, "failed to apr_crypto_passphrase", rv == APR_SUCCESS);
136 ABTS_ASSERT(tc, "apr_crypto_passphrase returned NULL context", key != NULL);
145 static unsigned char *encrypt_block(abts_case *tc, apr_pool_t *pool,
146 const apr_crypto_driver_t *driver, const apr_crypto_t *f,
147 const apr_crypto_key_t *key, const unsigned char *in,
148 const apr_size_t inlen, unsigned char **cipherText,
149 apr_size_t *cipherTextLen, const unsigned char **iv,
150 apr_size_t *blockSize, const char *description)
153 apr_crypto_block_t *block = NULL;
154 const apu_err_t *result = NULL;
158 if (!driver || !f || !key || !in) {
162 /* init the encryption */
163 rv = apr_crypto_block_encrypt_init(&block, iv, key, blockSize, pool);
164 if (APR_ENOTIMPL == rv) {
165 ABTS_NOT_IMPL(tc, "apr_crypto_block_encrypt_init returned APR_ENOTIMPL");
168 if (APR_SUCCESS != rv) {
169 apr_crypto_error(&result, f);
170 fprintf(stderr, "encrypt_init: %s %s native error %d: %s (%s)\n",
171 description, apr_crypto_driver_name(driver), result->rc,
172 result->reason ? result->reason : "",
173 result->msg ? result->msg : "");
175 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_ENOKEY", rv != APR_ENOKEY);
176 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_ENOIV", rv != APR_ENOIV);
177 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_EKEYTYPE", rv != APR_EKEYTYPE);
178 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned APR_EKEYLENGTH", rv != APR_EKEYLENGTH);
179 ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt_init", rv == APR_SUCCESS);
180 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_init returned NULL context", block != NULL);
186 /* encrypt the block */
187 rv = apr_crypto_block_encrypt(cipherText, cipherTextLen, in, inlen, block);
188 if (APR_SUCCESS != rv) {
189 apr_crypto_error(&result, f);
190 fprintf(stderr, "encrypt: %s %s native error %d: %s (%s)\n",
191 description, apr_crypto_driver_name(driver), result->rc,
192 result->reason ? result->reason : "", result->msg ? result->msg
195 ABTS_ASSERT(tc, "apr_crypto_block_encrypt returned APR_ECRYPT", rv != APR_ECRYPT);
196 ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt", rv == APR_SUCCESS);
197 ABTS_ASSERT(tc, "apr_crypto_block_encrypt failed to allocate buffer", *cipherText != NULL);
202 /* finalise the encryption */
203 rv = apr_crypto_block_encrypt_finish(*cipherText + *cipherTextLen, &len,
205 if (APR_SUCCESS != rv) {
206 apr_crypto_error(&result, f);
207 fprintf(stderr, "encrypt_finish: %s %s native error %d: %s (%s)\n",
208 description, apr_crypto_driver_name(driver), result->rc,
209 result->reason ? result->reason : "", result->msg ? result->msg
212 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_finish returned APR_ECRYPT", rv != APR_ECRYPT);
213 ABTS_ASSERT(tc, "apr_crypto_block_encrypt_finish returned APR_EPADDING", rv != APR_EPADDING);
214 ABTS_ASSERT(tc, "failed to apr_crypto_block_encrypt_finish", rv == APR_SUCCESS);
215 *cipherTextLen += len;
216 apr_crypto_block_cleanup(block);
225 static unsigned char *decrypt_block(abts_case *tc, apr_pool_t *pool,
226 const apr_crypto_driver_t *driver, const apr_crypto_t *f,
227 const apr_crypto_key_t *key, unsigned char *cipherText,
228 apr_size_t cipherTextLen, unsigned char **plainText,
229 apr_size_t *plainTextLen, const unsigned char *iv,
230 apr_size_t *blockSize, const char *description)
233 apr_crypto_block_t *block = NULL;
234 const apu_err_t *result = NULL;
238 if (!driver || !f || !key || !cipherText) {
242 /* init the decryption */
243 rv = apr_crypto_block_decrypt_init(&block, blockSize, iv, key, pool);
244 if (APR_ENOTIMPL == rv) {
245 ABTS_NOT_IMPL(tc, "apr_crypto_block_decrypt_init returned APR_ENOTIMPL");
248 if (APR_SUCCESS != rv) {
249 apr_crypto_error(&result, f);
250 fprintf(stderr, "decrypt_init: %s %s native error %d: %s (%s)\n",
251 description, apr_crypto_driver_name(driver), result->rc,
252 result->reason ? result->reason : "",
253 result->msg ? result->msg : "");
255 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_init returned APR_ENOKEY", rv != APR_ENOKEY);
256 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_init returned APR_ENOIV", rv != APR_ENOIV);
257 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_init returned APR_EKEYTYPE", rv != APR_EKEYTYPE);
258 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_init returned APR_EKEYLENGTH", rv != APR_EKEYLENGTH);
259 ABTS_ASSERT(tc, "failed to apr_crypto_block_decrypt_init", rv == APR_SUCCESS);
260 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_init returned NULL context", block != NULL);
266 /* decrypt the block */
267 rv = apr_crypto_block_decrypt(plainText, plainTextLen, cipherText,
268 cipherTextLen, block);
269 if (APR_SUCCESS != rv) {
270 apr_crypto_error(&result, f);
271 fprintf(stderr, "decrypt: %s %s native error %d: %s (%s)\n",
272 description, apr_crypto_driver_name(driver), result->rc,
273 result->reason ? result->reason : "", result->msg ? result->msg
276 ABTS_ASSERT(tc, "apr_crypto_block_decrypt returned APR_ECRYPT", rv != APR_ECRYPT);
277 ABTS_ASSERT(tc, "failed to apr_crypto_block_decrypt", rv == APR_SUCCESS);
278 ABTS_ASSERT(tc, "apr_crypto_block_decrypt failed to allocate buffer", *plainText != NULL);
283 /* finalise the decryption */
284 rv = apr_crypto_block_decrypt_finish(*plainText + *plainTextLen, &len,
286 if (APR_SUCCESS != rv) {
287 apr_crypto_error(&result, f);
288 fprintf(stderr, "decrypt_finish: %s %s native error %d: %s (%s)\n",
289 description, apr_crypto_driver_name(driver), result->rc,
290 result->reason ? result->reason : "", result->msg ? result->msg
293 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_finish returned APR_ECRYPT", rv != APR_ECRYPT);
294 ABTS_ASSERT(tc, "apr_crypto_block_decrypt_finish returned APR_EPADDING", rv != APR_EPADDING);
295 ABTS_ASSERT(tc, "failed to apr_crypto_block_decrypt_finish", rv == APR_SUCCESS);
300 *plainTextLen += len;
301 apr_crypto_block_cleanup(block);
308 * Interoperability test.
310 * data must point at an array of two driver structures. Data will be encrypted
311 * with the first driver, and decrypted with the second.
313 * If the two drivers interoperate, the test passes.
315 static void crypto_block_cross(abts_case *tc, apr_pool_t *pool,
316 const apr_crypto_driver_t **drivers,
317 const apr_crypto_block_key_type_e type,
318 const apr_crypto_block_key_mode_e mode, int doPad,
319 const unsigned char *in, apr_size_t inlen, const char *description)
321 const apr_crypto_driver_t *driver1 = drivers[0];
322 const apr_crypto_driver_t *driver2 = drivers[1];
323 apr_crypto_t *f1 = NULL;
324 apr_crypto_t *f2 = NULL;
325 const apr_crypto_key_t *key1 = NULL;
326 const apr_crypto_key_t *key2 = NULL;
328 unsigned char *cipherText = NULL;
329 apr_size_t cipherTextLen = 0;
330 unsigned char *plainText = NULL;
331 apr_size_t plainTextLen = 0;
332 const unsigned char *iv = NULL;
333 apr_size_t blockSize = 0;
335 f1 = make(tc, pool, driver1);
336 f2 = make(tc, pool, driver2);
337 key1 = passphrase(tc, pool, driver1, f1, type, mode, doPad, description);
338 key2 = passphrase(tc, pool, driver2, f2, type, mode, doPad, description);
340 cipherText = encrypt_block(tc, pool, driver1, f1, key1, in, inlen,
341 &cipherText, &cipherTextLen, &iv, &blockSize, description);
342 plainText = decrypt_block(tc, pool, driver2, f2, key2, cipherText,
343 cipherTextLen, &plainText, &plainTextLen, iv, &blockSize,
346 if (cipherText && plainText) {
347 if (memcmp(in, plainText, inlen)) {
348 fprintf(stderr, "cross mismatch: %s %s/%s\n", description,
349 apr_crypto_driver_name(driver1), apr_crypto_driver_name(
352 ABTS_STR_EQUAL(tc, (char *)in, (char *)plainText);
358 * Test initialisation.
360 static void test_crypto_init(abts_case *tc, void *data)
362 apr_pool_t *pool = NULL;
365 apr_pool_create(&pool, NULL);
367 rv = apr_crypto_init(pool);
368 ABTS_ASSERT(tc, "failed to init apr_crypto", rv == APR_SUCCESS);
370 apr_pool_destroy(pool);
375 * Simple test of OpenSSL block crypt.
377 static void test_crypto_block_openssl(abts_case *tc, void *data)
379 apr_pool_t *pool = NULL;
380 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
382 const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
383 apr_size_t inlen = sizeof(ALIGNED_STRING);
385 apr_pool_create(&pool, NULL);
386 drivers[0] = get_openssl_driver(tc, pool);
387 drivers[1] = get_openssl_driver(tc, pool);
388 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
389 in, inlen, "KEY_3DES_192/MODE_CBC");
390 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 0,
391 in, inlen, "KEY_3DES_192/MODE_ECB");
392 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
393 inlen, "KEY_AES_256/MODE_CBC");
394 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
395 inlen, "KEY_AES_256/MODE_ECB");
396 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
397 inlen, "KEY_AES_192/MODE_CBC");
398 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
399 inlen, "KEY_AES_192/MODE_ECB");
400 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
401 inlen, "KEY_AES_128/MODE_CBC");
402 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
403 inlen, "KEY_AES_128/MODE_ECB");
404 apr_pool_destroy(pool);
409 * Simple test of NSS block crypt.
411 static void test_crypto_block_nss(abts_case *tc, void *data)
413 apr_pool_t *pool = NULL;
414 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
416 const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
417 apr_size_t inlen = sizeof(ALIGNED_STRING);
419 apr_pool_create(&pool, NULL);
420 drivers[0] = get_nss_driver(tc, pool);
421 drivers[1] = get_nss_driver(tc, pool);
422 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
423 in, inlen, "KEY_3DES_192/MODE_CBC");
424 /* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
425 /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, "KEY_3DES_192/MODE_ECB"); */
426 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
427 inlen, "KEY_AES_256/MODE_CBC");
428 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
429 inlen, "KEY_AES_256/MODE_ECB");
430 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 0, in,
431 inlen, "KEY_AES_192/MODE_CBC");
432 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 0, in,
433 inlen, "KEY_AES_192/MODE_ECB");
434 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 0, in,
435 inlen, "KEY_AES_128/MODE_CBC");
436 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 0, in,
437 inlen, "KEY_AES_128/MODE_ECB");
438 apr_pool_destroy(pool);
443 * Encrypt NSS, decrypt OpenSSL.
445 static void test_crypto_block_nss_openssl(abts_case *tc, void *data)
447 apr_pool_t *pool = NULL;
448 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
450 const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
451 apr_size_t inlen = sizeof(ALIGNED_STRING);
453 apr_pool_create(&pool, NULL);
454 drivers[0] = get_nss_driver(tc, pool);
455 drivers[1] = get_openssl_driver(tc, pool);
457 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
458 in, inlen, "KEY_3DES_192/MODE_CBC");
460 /* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
461 /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, "KEY_3DES_192/MODE_ECB"); */
462 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
463 inlen, "KEY_AES_256/MODE_CBC");
464 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
465 inlen, "KEY_AES_256/MODE_ECB");
467 /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
468 * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
472 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 0, in, inlen, "KEY_AES_192/MODE_CBC");
473 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 0, in, inlen, "KEY_AES_192/MODE_ECB");
474 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 0, in, inlen, "KEY_AES_128/MODE_CBC");
475 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 0, in, inlen, "KEY_AES_128/MODE_ECB");
477 apr_pool_destroy(pool);
482 * Encrypt OpenSSL, decrypt NSS.
484 static void test_crypto_block_openssl_nss(abts_case *tc, void *data)
486 apr_pool_t *pool = NULL;
487 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
489 const unsigned char *in = (const unsigned char *) ALIGNED_STRING;
490 apr_size_t inlen = sizeof(ALIGNED_STRING);
492 apr_pool_create(&pool, NULL);
493 drivers[0] = get_openssl_driver(tc, pool);
494 drivers[1] = get_nss_driver(tc, pool);
495 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 0,
496 in, inlen, "KEY_3DES_192/MODE_CBC");
498 /* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
499 /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 0, in, inlen, "KEY_3DES_192/MODE_ECB"); */
501 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 0, in,
502 inlen, "KEY_AES_256/MODE_CBC");
503 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 0, in,
504 inlen, "KEY_AES_256/MODE_ECB");
506 /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
507 * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
511 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 0, in, inlen, "KEY_AES_192/MODE_CBC");
512 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 0, in, inlen, "KEY_AES_192/MODE_ECB");
513 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 0, in, inlen, "KEY_AES_128/MODE_CBC");
514 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 0, in, inlen, "KEY_AES_128/MODE_ECB");
516 apr_pool_destroy(pool);
521 * Simple test of OpenSSL block crypt.
523 static void test_crypto_block_openssl_pad(abts_case *tc, void *data)
525 apr_pool_t *pool = NULL;
526 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
528 const unsigned char *in = (const unsigned char *) TEST_STRING;
529 apr_size_t inlen = sizeof(TEST_STRING);
531 apr_pool_create(&pool, NULL);
532 drivers[0] = get_openssl_driver(tc, pool);
533 drivers[1] = get_openssl_driver(tc, pool);
535 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
536 in, inlen, "KEY_3DES_192/MODE_CBC");
537 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_ECB, 1,
538 in, inlen, "KEY_3DES_192/MODE_ECB");
539 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
540 inlen, "KEY_AES_256/MODE_CBC");
541 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_ECB, 1, in,
542 inlen, "KEY_AES_256/MODE_ECB");
543 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
544 inlen, "KEY_AES_192/MODE_CBC");
545 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_ECB, 1, in,
546 inlen, "KEY_AES_192/MODE_ECB");
547 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
548 inlen, "KEY_AES_128/MODE_CBC");
549 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_ECB, 1, in,
550 inlen, "KEY_AES_128/MODE_ECB");
552 apr_pool_destroy(pool);
557 * Simple test of NSS block crypt.
559 static void test_crypto_block_nss_pad(abts_case *tc, void *data)
561 apr_pool_t *pool = NULL;
562 const apr_crypto_driver_t *drivers[] =
565 const unsigned char *in = (const unsigned char *) TEST_STRING;
566 apr_size_t inlen = sizeof(TEST_STRING);
568 apr_pool_create(&pool, NULL);
569 drivers[0] = get_nss_driver(tc, pool);
570 drivers[1] = get_nss_driver(tc, pool);
572 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
573 in, inlen, "KEY_3DES_192/MODE_CBC");
574 /* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
575 /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, "KEY_3DES_192/MODE_ECB"); */
577 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
578 inlen, "KEY_AES_256/MODE_CBC");
580 /* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
581 /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, "KEY_AES_256/MODE_ECB");*/
583 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_192, APR_MODE_CBC, 1, in,
584 inlen, "KEY_AES_192/MODE_CBC");
586 /* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
587 /*crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, "KEY_AES_192/MODE_ECB");*/
589 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_128, APR_MODE_CBC, 1, in,
590 inlen, "KEY_AES_128/MODE_CBC");
592 /* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
593 /*crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, "KEY_AES_128/MODE_ECB");*/
595 apr_pool_destroy(pool);
600 * Encrypt NSS, decrypt OpenSSL.
602 static void test_crypto_block_nss_openssl_pad(abts_case *tc, void *data)
604 apr_pool_t *pool = NULL;
605 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
607 const unsigned char *in = (const unsigned char *) TEST_STRING;
608 apr_size_t inlen = sizeof(TEST_STRING);
610 apr_pool_create(&pool, NULL);
611 drivers[0] = get_nss_driver(tc, pool);
612 drivers[1] = get_openssl_driver(tc, pool);
614 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
615 in, inlen, "KEY_3DES_192/MODE_CBC");
617 /* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
618 /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, "KEY_3DES_192/MODE_ECB"); */
620 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
621 inlen, "KEY_AES_256/MODE_CBC");
623 /* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
624 /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, "KEY_AES_256/MODE_ECB");*/
626 /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
627 * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
631 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 1, in, inlen, "KEY_AES_192/MODE_CBC");
632 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, "KEY_AES_192/MODE_ECB");
633 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 1, in, inlen, "KEY_AES_128/MODE_CBC");
634 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, "KEY_AES_128/MODE_ECB");
636 apr_pool_destroy(pool);
641 * Encrypt OpenSSL, decrypt NSS.
643 static void test_crypto_block_openssl_nss_pad(abts_case *tc, void *data)
645 apr_pool_t *pool = NULL;
646 const apr_crypto_driver_t *drivers[] = { NULL, NULL };
648 const unsigned char *in = (const unsigned char *) TEST_STRING;
649 apr_size_t inlen = sizeof(TEST_STRING);
651 apr_pool_create(&pool, NULL);
652 drivers[0] = get_openssl_driver(tc, pool);
653 drivers[1] = get_nss_driver(tc, pool);
654 crypto_block_cross(tc, pool, drivers, APR_KEY_3DES_192, APR_MODE_CBC, 1,
655 in, inlen, "KEY_3DES_192/MODE_CBC");
657 /* KEY_3DES_192 / MODE_ECB doesn't work on NSS */
658 /* crypto_block_cross(tc, pool, drivers, KEY_3DES_192, MODE_ECB, 1, in, inlen, "KEY_3DES_192/MODE_ECB"); */
660 crypto_block_cross(tc, pool, drivers, APR_KEY_AES_256, APR_MODE_CBC, 1, in,
661 inlen, "KEY_AES_256/MODE_CBC");
663 /* KEY_AES_256 / MODE_ECB doesn't support padding on NSS */
664 /*crypto_block_cross(tc, pool, drivers, KEY_AES_256, MODE_ECB, 1, in, inlen, "KEY_AES_256/MODE_ECB");*/
666 /* all 4 of these tests fail to interoperate - a clue from the xml-security code is that
667 * NSS cannot distinguish between the 128 and 192 bit versions of AES. Will need to be
671 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_CBC, 1, in, inlen, "KEY_AES_192/MODE_CBC");
672 crypto_block_cross(tc, pool, drivers, KEY_AES_192, MODE_ECB, 1, in, inlen, "KEY_AES_192/MODE_ECB");
673 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_CBC, 1, in, inlen, "KEY_AES_128/MODE_CBC");
674 crypto_block_cross(tc, pool, drivers, KEY_AES_128, MODE_ECB, 1, in, inlen, "KEY_AES_128/MODE_ECB");
676 apr_pool_destroy(pool);
681 * Get Types, OpenSSL.
683 static void test_crypto_get_block_key_types_openssl(abts_case *tc, void *data)
685 apr_pool_t *pool = NULL;
686 const apr_crypto_driver_t *driver;
694 apr_pool_create(&pool, NULL);
695 driver = get_openssl_driver(tc, pool);
698 f = make(tc, pool, driver);
699 apr_crypto_get_block_key_types(&types, f);
701 key_3des_192 = apr_hash_get(types, "3des192", APR_HASH_KEY_STRING);
702 ABTS_PTR_NOTNULL(tc, key_3des_192);
703 ABTS_INT_EQUAL(tc, *key_3des_192, APR_KEY_3DES_192);
705 key_aes_128 = apr_hash_get(types, "aes128", APR_HASH_KEY_STRING);
706 ABTS_PTR_NOTNULL(tc, key_aes_128);
707 ABTS_INT_EQUAL(tc, *key_aes_128, APR_KEY_AES_128);
709 key_aes_192 = apr_hash_get(types, "aes192", APR_HASH_KEY_STRING);
710 ABTS_PTR_NOTNULL(tc, key_aes_192);
711 ABTS_INT_EQUAL(tc, *key_aes_192, APR_KEY_AES_192);
713 key_aes_256 = apr_hash_get(types, "aes256", APR_HASH_KEY_STRING);
714 ABTS_PTR_NOTNULL(tc, key_aes_256);
715 ABTS_INT_EQUAL(tc, *key_aes_256, APR_KEY_AES_256);
719 apr_pool_destroy(pool);
726 static void test_crypto_get_block_key_types_nss(abts_case *tc, void *data)
728 apr_pool_t *pool = NULL;
729 const apr_crypto_driver_t *driver;
737 apr_pool_create(&pool, NULL);
738 driver = get_nss_driver(tc, pool);
741 f = make(tc, pool, driver);
742 apr_crypto_get_block_key_types(&types, f);
744 key_3des_192 = apr_hash_get(types, "3des192", APR_HASH_KEY_STRING);
745 ABTS_PTR_NOTNULL(tc, key_3des_192);
746 ABTS_INT_EQUAL(tc, *key_3des_192, APR_KEY_3DES_192);
748 key_aes_128 = apr_hash_get(types, "aes128", APR_HASH_KEY_STRING);
749 ABTS_PTR_NOTNULL(tc, key_aes_128);
750 ABTS_INT_EQUAL(tc, *key_aes_128, APR_KEY_AES_128);
752 key_aes_192 = apr_hash_get(types, "aes192", APR_HASH_KEY_STRING);
753 ABTS_PTR_NOTNULL(tc, key_aes_192);
754 ABTS_INT_EQUAL(tc, *key_aes_192, APR_KEY_AES_192);
756 key_aes_256 = apr_hash_get(types, "aes256", APR_HASH_KEY_STRING);
757 ABTS_PTR_NOTNULL(tc, key_aes_256);
758 ABTS_INT_EQUAL(tc, *key_aes_256, APR_KEY_AES_256);
762 apr_pool_destroy(pool);
767 * Get Modes, OpenSSL.
769 static void test_crypto_get_block_key_modes_openssl(abts_case *tc, void *data)
771 apr_pool_t *pool = NULL;
772 const apr_crypto_driver_t *driver;
778 apr_pool_create(&pool, NULL);
779 driver = get_openssl_driver(tc, pool);
782 f = make(tc, pool, driver);
783 apr_crypto_get_block_key_modes(&modes, f);
785 mode_ecb = apr_hash_get(modes, "ecb", APR_HASH_KEY_STRING);
786 ABTS_PTR_NOTNULL(tc, mode_ecb);
787 ABTS_INT_EQUAL(tc, *mode_ecb, APR_MODE_ECB);
789 mode_cbc = apr_hash_get(modes, "cbc", APR_HASH_KEY_STRING);
790 ABTS_PTR_NOTNULL(tc, mode_cbc);
791 ABTS_INT_EQUAL(tc, *mode_cbc, APR_MODE_CBC);
795 apr_pool_destroy(pool);
802 static void test_crypto_get_block_key_modes_nss(abts_case *tc, void *data)
804 apr_pool_t *pool = NULL;
805 const apr_crypto_driver_t *driver;
811 apr_pool_create(&pool, NULL);
812 driver = get_nss_driver(tc, pool);
815 f = make(tc, pool, driver);
816 apr_crypto_get_block_key_modes(&modes, f);
818 mode_ecb = apr_hash_get(modes, "ecb", APR_HASH_KEY_STRING);
819 ABTS_PTR_NOTNULL(tc, mode_ecb);
820 ABTS_INT_EQUAL(tc, *mode_ecb, APR_MODE_ECB);
822 mode_cbc = apr_hash_get(modes, "cbc", APR_HASH_KEY_STRING);
823 ABTS_PTR_NOTNULL(tc, mode_cbc);
824 ABTS_INT_EQUAL(tc, *mode_cbc, APR_MODE_CBC);
828 apr_pool_destroy(pool);
832 abts_suite *testcrypto(abts_suite *suite)
834 suite = ADD_SUITE(suite);
836 /* test simple init and shutdown */
837 abts_run_test(suite, test_crypto_init, NULL);
839 /* test a simple encrypt / decrypt operation - openssl */
840 abts_run_test(suite, test_crypto_block_openssl, NULL);
842 /* test a padded encrypt / decrypt operation - openssl */
843 abts_run_test(suite, test_crypto_block_openssl_pad, NULL);
845 /* test a simple encrypt / decrypt operation - nss */
846 abts_run_test(suite, test_crypto_block_nss, NULL);
848 /* test a padded encrypt / decrypt operation - nss */
849 abts_run_test(suite, test_crypto_block_nss_pad, NULL);
851 /* test encrypt nss / decrypt openssl */
852 abts_run_test(suite, test_crypto_block_nss_openssl, NULL);
854 /* test padded encrypt nss / decrypt openssl */
855 abts_run_test(suite, test_crypto_block_nss_openssl_pad, NULL);
857 /* test encrypt openssl / decrypt nss */
858 abts_run_test(suite, test_crypto_block_openssl_nss, NULL);
860 /* test padded encrypt openssl / decrypt nss */
861 abts_run_test(suite, test_crypto_block_openssl_nss_pad, NULL);
863 /* test block key types openssl */
864 abts_run_test(suite, test_crypto_get_block_key_types_openssl, NULL);
866 /* test block key types nss */
867 abts_run_test(suite, test_crypto_get_block_key_types_nss, NULL);
869 /* test block key modes openssl */
870 abts_run_test(suite, test_crypto_get_block_key_modes_openssl, NULL);
872 /* test block key modes nss */
873 abts_run_test(suite, test_crypto_get_block_key_modes_nss, NULL);
881 * Dummy test suite when crypto is turned off.
883 abts_suite *testcrypto(abts_suite *suite)
885 return ADD_SUITE(suite);
888 #endif /* APU_HAVE_CRYPTO */