forked from wolfSSL/wolfssh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathunit.c
366 lines (313 loc) · 12.8 KB
/
unit.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
/* unit.c
*
* Copyright (C) 2014-2024 wolfSSL Inc.
*
* This file is part of wolfSSH.
*
* wolfSSH is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSH is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with wolfSSH. If not, see <http://www.gnu.org/licenses/>.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#else
#include <wolfssl/options.h>
#endif
#include <stdio.h>
#include <wolfssh/ssh.h>
#include <wolfssh/keygen.h>
#include <wolfssh/internal.h>
#define WOLFSSH_TEST_HEX2BIN
#include <wolfssh/test.h>
#include "unit.h"
/* Key Derivation Function (KDF) Unit Test */
typedef struct {
byte hashId;
byte keyId;
const char* k;
const char* h;
const char* sessionId;
const char* expectedKey;
} KdfTestVector;
#ifndef NO_SHA
/** Test Vector Set #1: SHA-1 **/
const char kdfTvSet1k[] =
"35618FD3AABF980A5F766408961600D4933C60DD7B22D69EEB4D7A987C938F6F"
"7BB2E60E0F638BB4289297B588E6109057325F010D021DF60EBF8BE67AD9C3E2"
"6376A326A16210C7AF07B3FE562B8DD1DCBECB17AA7BFAF38708B0136120B2FC"
"723E93EF4237AC3737BAE3A16EC03F605C7EEABFD526B38C826B506BBAECD2F7"
"9932F1371AEABFBEB4F8222313506677330C714A2A6FDC70CB859B581AA18625"
"ECCB6BA9DDEEAECF0E41D9E5076B899B477112E59DDADC4B4D9C13E9F07E1107"
"B560FEFDC146B8ED3E73441D05345031C35F9E6911B00319481D80015855BE4D"
"1C7D7ACC8579B1CC2E5F714109C0882C3B57529ABDA1F2255D2B27C4A83AE11E";
const char kdfTvSet1h[] = "40555741F6DE70CDC4E740104A97E75473F49064";
const char kdfTvSet1sid[] = "40555741F6DE70CDC4E740104A97E75473F49064";
const char kdfTvSet1a[] = "B2EC4CF6943632C39972EE2801DC7393";
const char kdfTvSet1b[] = "BC92238B6FA69ECC10B2B013C2FC9785";
const char kdfTvSet1c[] = "9EF0E2053F66C56F3E4503DA1C2FBD6B";
const char kdfTvSet1d[] = "47C8395B08277020A0645DA3959FA1A9";
const char kdfTvSet1e[] = "EE436BFDABF9B0313224EC800E7390445E2F575E";
const char kdfTvSet1f[] = "FB9FDEEC78B0FB258F1A4F47F6BCE166680994BB";
/** Test Vector Set #2: SHA-1 **/
const char kdfTvSet2k[] =
"19FA2B7C7F4FE7DE61CDE17468C792CCEAB0E3F2CE37CDE2DAA0974BCDFFEDD4"
"A29415CDB330FA6A97ECA742359DC1223B581D8AC61B43CFFDF66D20952840B0"
"2593B48354E352E2A396BDF7F1C9D414FD31C2BF47E6EED306069C4F4F5F66C3"
"003A90E85412A1FBE89CDFB457CDA0D832E8DA701627366ADEC95B70E8A8B7BF"
"3F85775CCF36E40631B83B32CF643088F01A82C97C5C3A820EB4149F551CAF8C"
"C98EE6B3065E6152FF877823F7C618C1CD93CE26DB9FAAFED222F1C93E8F4068"
"BFDA4480432E14F98FFC821F05647693040B07D71DC273121D53866294434D46"
"0E95CFA4AB4414705BF1F8224655F907A418A6A893F2A71019225869CB7FE988";
const char kdfTvSet2h[] = "DFB748905CC8647684C3E0B7F26A3E8E7414AC51";
const char kdfTvSet2sid[] = "DFB748905CC8647684C3E0B7F26A3E8E7414AC51";
const char kdfTvSet2a[] = "52EDBFD5E414A3CC6C7F7A0F4EA60503";
const char kdfTvSet2b[] = "926C6987696C5FFCC6511BFE34557878";
const char kdfTvSet2c[] = "CB6D56EC5B9AFECD326D544DA2D22DED";
const char kdfTvSet2d[] = "F712F6451F1BD6CE9BAA597AC87C5A24";
const char kdfTvSet2e[] = "E42FC62C76B76B37818F78292D3C2226D0264760";
const char kdfTvSet2f[] = "D14BE4DD0093A3E759580233C80BB8399CE4C4E7";
#endif
/** Test Vector Set #3: SHA-256 **/
const char kdfTvSet3k[] =
"6AC382EAACA093E125E25C24BEBC84640C11987507344B5C739CEB84A9E0B222"
"B9A8B51C839E5EBE49CFADBFB39599764ED522099DC912751950DC7DC97FBDC0"
"6328B68F22781FD315AF568009A5509E5B87A11BF527C056DAFFD82AB6CBC25C"
"CA37143459E7BC63BCDE52757ADEB7DF01CF12173F1FEF8102EC5AB142C213DD"
"9D30696278A8D8BC32DDE9592D28C078C6D92B947D825ACAAB6494846A49DE24"
"B9623F4889E8ADC38E8C669EFFEF176040AD945E90A7D3EEC15EFEEE78AE7104"
"3C96511103A16BA7CAF0ACD0642EFDBE809934FAA1A5F1BD11043649B25CCD1F"
"EE2E38815D4D5F5FC6B4102969F21C22AE1B0E7D3603A556A13262FF628DE222";
const char kdfTvSet3h[] =
"7B7001185E256D4493445F39A55FB905E6321F4B5DD8BBF3100D51BA0BDA3D2D";
const char kdfTvSet3sid[] =
"7B7001185E256D4493445F39A55FB905E6321F4B5DD8BBF3100D51BA0BDA3D2D";
const char kdfTvSet3a[] = "81F0330EF6F05361B3823BFDED6E1DE9";
const char kdfTvSet3b[] = "3F6FD2065EEB2B0B1D93195A1FED48A5";
const char kdfTvSet3c[] = "C35471034E6FD6547613178E23435F21";
const char kdfTvSet3d[] = "7E9D79032090D99F98B015634DD9F462";
const char kdfTvSet3e[] =
"24EE559AD7CE712B685D0B2271E443C17AB1D1DCEB5A360569D25D5DC243002F";
const char kdfTvSet3f[] =
"C3419C2B966235869D714BA5AC48DDB7D9E35C8C19AAC73422337A373453607E";
/** Test Vector Set #4: SHA-256 **/
const char kdfTvSet4k[] =
"44708C76616F700BD31B0C155EF74E36390EEB39BC5C32CDC90E21922B0ED930"
"B5B519C8AFEBEF0F4E4FB5B41B81D649D2127506620B594E9899F7F0D442ECDD"
"D68308307B82F00065E9D75220A5A6F5641795772132215A236064EA965C6493"
"C21F89879730EBBC3C20A22D8F5BFD07B525B194323B22D8A49944D1AA58502E"
"756101EF1E8A91C9310E71F6DB65A3AD0A542CFA751F83721A99E89F1DBE5497"
"1A3620ECFFC967AA55EED1A42D6E7A138B853557AC84689889F6D0C8553575FB"
"89B4E13EAB5537DA72EF16F0D72F5E8505D97F110745193D550FA315FE88F672"
"DB90D73843E97BA1F3D087BA8EB39025BBFFAD37589A6199227303D9D8E7F1E3";
const char kdfTvSet4h[] =
"FE3727FD99A5AC7987C2CFBE062129E3027BF5E10310C6BCCDE9C916C8329DC2";
const char kdfTvSet4sid[] =
"FFFA598BC0AD2AE84DC8DC05B1F72C5B0134025AE7EDF8A2E8DB11472E18E1FC";
const char kdfTvSet4a[] = "36730BAE8DE5CB98898D6B4A00B37058";
const char kdfTvSet4b[] = "5DFE446A83F40E8358D28CB97DF8F340";
const char kdfTvSet4c[] = "495B7AFED0872B761437728E9E94E2B8";
const char kdfTvSet4d[] = "C1474B3925BEC36F0B7F6CC698E949C8";
const char kdfTvSet4e[] =
"B730F8DF6A0697645BE261169486C32A11612229276CBAC5D8B3669AFB2E4262";
const char kdfTvSet4f[] =
"14A5EA98245FB058978B82A3CB092B1CCA7CE0109A4F98C16E1529579D58B819";
#define HASH_SHA WC_HASH_TYPE_SHA
#define HASH_SHA256 WC_HASH_TYPE_SHA256
static const KdfTestVector kdfTestVectors[] = {
#ifndef NO_SHA
{HASH_SHA, 'A', kdfTvSet1k, kdfTvSet1h, kdfTvSet1sid, kdfTvSet1a},
{HASH_SHA, 'B', kdfTvSet1k, kdfTvSet1h, kdfTvSet1sid, kdfTvSet1b},
{HASH_SHA, 'C', kdfTvSet1k, kdfTvSet1h, kdfTvSet1sid, kdfTvSet1c},
{HASH_SHA, 'D', kdfTvSet1k, kdfTvSet1h, kdfTvSet1sid, kdfTvSet1d},
{HASH_SHA, 'E', kdfTvSet1k, kdfTvSet1h, kdfTvSet1sid, kdfTvSet1e},
{HASH_SHA, 'F', kdfTvSet1k, kdfTvSet1h, kdfTvSet1sid, kdfTvSet1f},
{HASH_SHA, 'A', kdfTvSet2k, kdfTvSet2h, kdfTvSet2sid, kdfTvSet2a},
{HASH_SHA, 'B', kdfTvSet2k, kdfTvSet2h, kdfTvSet2sid, kdfTvSet2b},
{HASH_SHA, 'C', kdfTvSet2k, kdfTvSet2h, kdfTvSet2sid, kdfTvSet2c},
{HASH_SHA, 'D', kdfTvSet2k, kdfTvSet2h, kdfTvSet2sid, kdfTvSet2d},
{HASH_SHA, 'E', kdfTvSet2k, kdfTvSet2h, kdfTvSet2sid, kdfTvSet2e},
{HASH_SHA, 'F', kdfTvSet2k, kdfTvSet2h, kdfTvSet2sid, kdfTvSet2f},
#endif
{HASH_SHA256, 'A', kdfTvSet3k, kdfTvSet3h, kdfTvSet3sid, kdfTvSet3a},
{HASH_SHA256, 'B', kdfTvSet3k, kdfTvSet3h, kdfTvSet3sid, kdfTvSet3b},
{HASH_SHA256, 'C', kdfTvSet3k, kdfTvSet3h, kdfTvSet3sid, kdfTvSet3c},
{HASH_SHA256, 'D', kdfTvSet3k, kdfTvSet3h, kdfTvSet3sid, kdfTvSet3d},
{HASH_SHA256, 'E', kdfTvSet3k, kdfTvSet3h, kdfTvSet3sid, kdfTvSet3e},
{HASH_SHA256, 'F', kdfTvSet3k, kdfTvSet3h, kdfTvSet3sid, kdfTvSet3f},
{HASH_SHA256, 'A', kdfTvSet4k, kdfTvSet4h, kdfTvSet4sid, kdfTvSet4a},
{HASH_SHA256, 'B', kdfTvSet4k, kdfTvSet4h, kdfTvSet4sid, kdfTvSet4b},
{HASH_SHA256, 'C', kdfTvSet4k, kdfTvSet4h, kdfTvSet4sid, kdfTvSet4c},
{HASH_SHA256, 'D', kdfTvSet4k, kdfTvSet4h, kdfTvSet4sid, kdfTvSet4d},
{HASH_SHA256, 'E', kdfTvSet4k, kdfTvSet4h, kdfTvSet4sid, kdfTvSet4e},
{HASH_SHA256, 'F', kdfTvSet4k, kdfTvSet4h, kdfTvSet4sid, kdfTvSet4f}
};
static int test_KDF(void)
{
int result = 0;
word32 i;
word32 tc = sizeof(kdfTestVectors)/sizeof(KdfTestVector);
const KdfTestVector* tv = NULL;
byte* k = NULL;
byte* h = NULL;
byte* sId = NULL;
byte* eKey = NULL;
word32 kSz = 0, hSz = 0, sIdSz = 0, eKeySz = 0;
byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
/* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
for (i = 0, tv = kdfTestVectors; i < tc; i++, tv++) {
result = ConvertHexToBin(tv->k, &k, &kSz,
tv->h, &h, &hSz,
tv->sessionId, &sId, &sIdSz,
tv->expectedKey, &eKey, &eKeySz);
if (result != 0 || eKey == NULL) {
printf("KDF: Could not convert test vector %u.\n", i);
result = -100;
}
if (result == 0) {
result = wolfSSH_KDF(tv->hashId, tv->keyId, cKey, eKeySz,
k, kSz, h, hSz, sId, sIdSz);
if (result != 0) {
printf("KDF: Could not derive key.\n");
result = -101;
}
}
if (result == 0) {
if (memcmp(cKey, eKey, eKeySz) != 0) {
printf("KDF: Calculated Key does not match Expected Key.\n");
result = -102;
}
}
FreeBins(k, h, sId, eKey);
k = NULL;
h = NULL;
sId = NULL;
eKey = NULL;
if (result != 0) break;
}
return result;
}
/* Key Generation Unit Test */
#ifdef WOLFSSH_KEYGEN
#ifndef WOLFSSH_NO_RSA
static int test_RsaKeyGen(void)
{
int result = 0;
byte der[1200];
int derSz;
derSz = wolfSSH_MakeRsaKey(der, sizeof(der),
WOLFSSH_RSAKEY_DEFAULT_SZ,
WOLFSSH_RSAKEY_DEFAULT_E);
if (derSz < 0) {
printf("RsaKeyGen: MakeRsaKey failed\n");
result = -103;
}
return result;
}
#endif
#ifndef WOLFSSH_NO_ECDSA
static int test_EcdsaKeyGen(void)
{
int result = 0;
byte der[1200];
int derSz;
derSz = wolfSSH_MakeEcdsaKey(der, sizeof(der),
WOLFSSH_ECDSAKEY_PRIME256);
if (derSz < 0) {
printf("EcdsaKeyGen: MakeEcdsaKey failed\n");
result = -104;
}
return result;
}
#endif
#endif
/* Error Code And Message Test */
static int test_Errors(void)
{
const char* errStr;
const char* unknownStr = wolfSSH_ErrorToName(1);
int result = 0;
#ifdef NO_WOLFSSH_STRINGS
/* Ensure a valid error code's string matches an invalid code's.
* The string is that error strings are not available.
*/
errStr = wolfSSH_ErrorToName(WS_BAD_ARGUMENT);
if (errStr != unknownStr)
result = -104;
#else
int i, j = 0;
/* Values that are not or no longer error codes. */
int missing[] = { -1059 };
int missingSz = (int)sizeof(missing)/sizeof(missing[0]);
/* Check that all errors have a string and it's the same through the two
* APIs. Check that the values that are not errors map to the unknown
* string. */
for (i = WS_ERROR; i >= WS_LAST_E; i--) {
errStr = wolfSSH_ErrorToName(i);
if (j < missingSz && i == missing[j]) {
j++;
if (errStr != unknownStr) {
result = -105;
break;
}
}
else {
if (errStr == unknownStr) {
result = -106;
break;
}
}
}
/* Check if the next possible value has been given a string. */
if (result == 0) {
errStr = wolfSSH_ErrorToName(i);
if (errStr != unknownStr)
return -107;
}
#endif
return result;
}
int wolfSSH_UnitTest(int argc, char** argv)
{
int testResult = 0, unitResult = 0;
(void)argc;
(void)argv;
wolfSSH_Init();
unitResult = test_Errors();
printf("Errors: %s\n", (unitResult == 0 ? "SUCCESS" : "FAILED"));
testResult = testResult || unitResult;
unitResult = test_KDF();
printf("KDF: %s\n", (unitResult == 0 ? "SUCCESS" : "FAILED"));
testResult = testResult || unitResult;
#ifdef WOLFSSH_KEYGEN
#ifndef WOLFSSH_NO_RSA
unitResult = test_RsaKeyGen();
printf("RsaKeyGen: %s\n", (unitResult == 0 ? "SUCCESS" : "FAILED"));
testResult = testResult || unitResult;
#endif
#ifndef WOLFSSH_NO_ECDSA
unitResult = test_EcdsaKeyGen();
printf("EcdsaKeyGen: %s\n", (unitResult == 0 ? "SUCCESS" : "FAILED"));
testResult = testResult || unitResult;
#endif
#endif
wolfSSH_Cleanup();
return (testResult ? 1 : 0);
}
#ifndef NO_UNITTEST_MAIN_DRIVER
int main(int argc, char** argv)
{
return wolfSSH_UnitTest(argc, argv);
}
#endif