1 // Copyright 2020 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <stdio.h>
16 #include <string.h>
17 
18 #include <array>
19 #include <string>
20 
21 #include <openssl/aead.h>
22 #include <openssl/base.h>
23 #include <openssl/cipher.h>
24 #include <openssl/crypto.h>
25 #include <openssl/mem.h>
26 
27 #include <gtest/gtest.h>
28 
29 #include "internal.h"
30 
31 
32 // Test that OPENSSL_VERSION_NUMBER and OPENSSL_VERSION_TEXT are consistent.
33 // Node.js parses the version out of OPENSSL_VERSION_TEXT instead of using
34 // OPENSSL_VERSION_NUMBER.
TEST(CryptoTest,Version)35 TEST(CryptoTest, Version) {
36   char expected[512];
37   snprintf(expected, sizeof(expected), "OpenSSL %d.%d.%d ",
38            OPENSSL_VERSION_NUMBER >> 28, (OPENSSL_VERSION_NUMBER >> 20) & 0xff,
39            (OPENSSL_VERSION_NUMBER >> 12) & 0xff);
40   EXPECT_EQ(expected,
41             std::string(OPENSSL_VERSION_TEXT).substr(0, strlen(expected)));
42 }
43 
TEST(CryptoTest,Strndup)44 TEST(CryptoTest, Strndup) {
45   bssl::UniquePtr<char> str(OPENSSL_strndup(nullptr, 0));
46   EXPECT_TRUE(str);
47   EXPECT_STREQ("", str.get());
48 }
49 
TEST(CryptoTest,ByteSwap)50 TEST(CryptoTest, ByteSwap) {
51   EXPECT_EQ(0x04030201u, CRYPTO_bswap4(0x01020304u));
52   EXPECT_EQ(UINT64_C(0x0807060504030201),
53             CRYPTO_bswap8(UINT64_C(0x0102030405060708)));
54 }
55 
56 #if defined(BORINGSSL_FIPS_COUNTERS)
57 using CounterArray = size_t[fips_counter_max + 1];
58 
read_all_counters(CounterArray counters)59 static void read_all_counters(CounterArray counters) {
60   for (int counter = 0; counter <= fips_counter_max; counter++) {
61     counters[counter] = FIPS_read_counter(static_cast<fips_counter_t>(counter));
62   }
63 }
64 
expect_counter_delta_is_zero_except_for_a_one_at(CounterArray before,CounterArray after,fips_counter_t position)65 static void expect_counter_delta_is_zero_except_for_a_one_at(
66     CounterArray before, CounterArray after, fips_counter_t position) {
67   for (int counter = 0; counter <= fips_counter_max; counter++) {
68     const size_t expected_delta = counter == position ? 1 : 0;
69     EXPECT_EQ(after[counter], before[counter] + expected_delta) << counter;
70   }
71 }
72 
TEST(CryptoTest,FIPSCountersEVP)73 TEST(CryptoTest, FIPSCountersEVP) {
74   constexpr struct {
75     const EVP_CIPHER *(*cipher)();
76     fips_counter_t counter;
77   } kTests[] = {
78       {
79           EVP_aes_128_gcm,
80           fips_counter_evp_aes_128_gcm,
81       },
82       {
83           EVP_aes_256_gcm,
84           fips_counter_evp_aes_256_gcm,
85       },
86       {
87           EVP_aes_128_ctr,
88           fips_counter_evp_aes_128_ctr,
89       },
90       {
91           EVP_aes_256_ctr,
92           fips_counter_evp_aes_256_ctr,
93       },
94   };
95 
96   uint8_t key[EVP_MAX_KEY_LENGTH] = {0};
97   uint8_t iv[EVP_MAX_IV_LENGTH] = {1};
98   CounterArray before, after;
99   for (const auto &test : kTests) {
100     read_all_counters(before);
101     bssl::ScopedEVP_CIPHER_CTX ctx;
102     ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), test.cipher(), /*engine=*/nullptr,
103                                    key, iv));
104     read_all_counters(after);
105 
106     expect_counter_delta_is_zero_except_for_a_one_at(before, after,
107                                                      test.counter);
108   }
109 }
110 
TEST(CryptoTest,FIPSCountersEVP_AEAD)111 TEST(CryptoTest, FIPSCountersEVP_AEAD) {
112   constexpr struct {
113     const EVP_AEAD *(*aead)();
114     unsigned key_len;
115     fips_counter_t counter;
116   } kTests[] = {
117       {
118           EVP_aead_aes_128_gcm,
119           16,
120           fips_counter_evp_aes_128_gcm,
121       },
122       {
123           EVP_aead_aes_256_gcm,
124           32,
125           fips_counter_evp_aes_256_gcm,
126       },
127   };
128 
129   uint8_t key[EVP_AEAD_MAX_KEY_LENGTH] = {0};
130   CounterArray before, after;
131   for (const auto &test : kTests) {
132     ASSERT_LE(test.key_len, sizeof(key));
133 
134     read_all_counters(before);
135     bssl::ScopedEVP_AEAD_CTX ctx;
136     ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), test.aead(), key, test.key_len,
137                                   EVP_AEAD_DEFAULT_TAG_LENGTH,
138                                   /*engine=*/nullptr));
139     read_all_counters(after);
140 
141     expect_counter_delta_is_zero_except_for_a_one_at(before, after,
142                                                      test.counter);
143   }
144 }
145 
146 #endif  // BORINGSSL_FIPS_COUNTERS
147 
TEST(Crypto,QueryAlgorithmStatus)148 TEST(Crypto, QueryAlgorithmStatus) {
149 #if defined(BORINGSSL_FIPS)
150   const bool is_fips_build = true;
151 #else
152   const bool is_fips_build = false;
153 #endif
154 
155   EXPECT_EQ(FIPS_query_algorithm_status("AES-GCM"), is_fips_build);
156   EXPECT_EQ(FIPS_query_algorithm_status("AES-ECB"), is_fips_build);
157 
158   EXPECT_FALSE(FIPS_query_algorithm_status("FakeEncrypt"));
159   EXPECT_FALSE(FIPS_query_algorithm_status(""));
160 }
161 
162 #if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN)
TEST(Crypto,OnDemandIntegrityTest)163 TEST(Crypto, OnDemandIntegrityTest) { BORINGSSL_integrity_test(); }
164 #endif
165 
DeprecatedFunction()166 OPENSSL_DEPRECATED static void DeprecatedFunction() {}
167 
168 OPENSSL_BEGIN_ALLOW_DEPRECATED
TEST(CryptoTest,DeprecatedFunction)169 TEST(CryptoTest, DeprecatedFunction) {
170   // This is deprecated, but should not trigger any warnings.
171   DeprecatedFunction();
172 }
173 OPENSSL_END_ALLOW_DEPRECATED
174 
175 
176 #if (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) && \
177     !defined(OPENSSL_NO_ASM) && !defined(BORINGSSL_SHARED_LIBRARY)
TEST(Crypto,CPUIDEnvVariable)178 TEST(Crypto, CPUIDEnvVariable) {
179   const struct {
180     std::array<uint32_t, 4> in;
181     const char *env;
182     std::array<uint32_t, 4> out;
183   } kTests[] = {
184       // It should be possible to disable RDRAND with OPENSSL_ia32cap_P.
185       {{0x12345678, 0xffffffff, 0x12345678, 0x12345678},
186        "~0x4000000000000000",
187        {0x12345678, 0xbfffffff, 0x12345678, 0x12345678}},
188 
189       // Disable RDRAND in decimal and also all post-AVX extensions. RR does
190       // this, though they probably meant to just disable RDRAND.
191       {{0x12345678, 0xffffffff, 0x12345678, 0x12345678},
192        "~4611686018427387904:0",
193        {0x12345678, 0xbfffffff, 0x00000000, 0x00000000}},
194 
195       // Set the bitmasks to something else.
196       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
197        "0x8877665544332211:0x1122334455667788",
198        {0x44332211, 0x88776655, 0x55667788, 0x11223344}},
199       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
200        "1",
201        {0x00000001, 0x00000000, 0x12345678, 0x12345678}},
202       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
203        "1:2",
204        {0x00000001, 0x00000000, 0x00000002, 0x00000000}},
205       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
206        "0:0",
207        {0x00000000, 0x00000000, 0x00000000, 0x00000000}},
208 
209       // Enable bits.
210       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
211         "|0xf0f0f0f0f0f0f0f0:|0x0f0f0f0f0f0f0f0f",
212        {0xf2f4f6f8, 0xf2f4f6f8, 0x1f3f5f7f, 0x1f3f5f7f}},
213 
214       // Clear bits.
215       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
216         "~0xf0f0f0f0f0f0f0f0:~0x0f0f0f0f0f0f0f0f",
217        {0x02040608, 0x02040608, 0x10305070, 0x10305070}},
218 
219       // Syntax errors are silently ignored.
220       // TODO(davidben): We should also test something like " 1: 2", but that
221       // currently fails because |strtoull| skips leading spaces.
222       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
223        "nope",
224        {0x12345678, 0x12345678, 0x12345678, 0x12345678}},
225       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
226        "1nope:2nope",
227        {0x12345678, 0x12345678, 0x12345678, 0x12345678}},
228 
229       // Overflows are caught and silently ignored.
230       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
231        "0x10000000000000000:0x10000000000000000",
232        {0x12345678, 0x12345678, 0x12345678, 0x12345678}},
233       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
234        "~0x1ffffffffffffffff:~0x1ffffffffffffffff",
235        {0x12345678, 0x12345678, 0x12345678, 0x12345678}},
236       {{0x12345678, 0x12345678, 0x12345678, 0x12345678},
237        "|0x1ffffffffffffffff:|0x1ffffffffffffffff",
238        {0x12345678, 0x12345678, 0x12345678, 0x12345678}},
239   };
240   for (const auto &t : kTests) {
241     SCOPED_TRACE(t.env);
242     std::array<uint32_t, 4> cap = t.in;
243     OPENSSL_adjust_ia32cap(cap.data(), t.env);
244     EXPECT_EQ(cap, t.out);
245   }
246 }
247 #endif
248