be/src/util/openssl-util-test.cc

// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

#include <random>

#include <gtest/gtest.h>
#include <openssl/err.h>
#include <openssl/rand.h>

#include "common/init.h"
#include "testutil/gtest-util.h"
#include "util/openssl-util.h"

using std::uniform_int_distribution;
using std::mt19937_64;

namespace impala {

class OpenSSLUtilTest : public ::testing::Test {
 protected:
  virtual void SetUp() { SeedOpenSSLRNG(); }
  virtual void TearDown() {
    EXPECT_EQ(ERR_peek_error(), 0) << "Did not clear OpenSSL error queue";
  }

  /// Fill buffer 'data' with 'len' bytes of random binary data from 'rng_'.
  /// 'len' must be a multiple of 8 bytes'.
  void GenerateRandomData(uint8_t* data, int64_t len) {
    DCHECK_EQ(len % 8, 0);
    for (int64_t i = 0; i < len; i += sizeof(uint64_t)) {
      *(reinterpret_cast<uint64_t*>(&data[i])) =
          uniform_int_distribution<uint64_t>(0, numeric_limits<uint64_t>::max())(rng_);
    }
  }

  /// Fill arbitrary-length buffer with random bytes
  void GenerateRandomBytes(uint8_t* data, int64_t len) {
    DCHECK_GE(len, 0);
    for (int64_t i = 0; i < len; i++) {
      data[i] = uniform_int_distribution<uint8_t>(0, UINT8_MAX)(rng_);
    }
  }

  void TestEncryptionDecryption(const int64_t buffer_size) {
    vector<uint8_t> original(buffer_size);
    vector<uint8_t> scratch(buffer_size); // Scratch buffer for in-place encryption.
    if (buffer_size % 8 == 0) {
      GenerateRandomData(original.data(), buffer_size);
    } else {
      GenerateRandomBytes(original.data(), buffer_size);
    }

    // Check all the modes
    AES_CIPHER_MODE modes[] = {AES_256_GCM, AES_256_CTR, AES_256_CFB};
    for (auto m : modes) {
      memcpy(scratch.data(), original.data(), buffer_size);

      EncryptionKey key;
      key.InitializeRandom();
      key.SetCipherMode(m);

      ASSERT_OK(key.Encrypt(scratch.data(), buffer_size, scratch.data()));
      // Check that encryption did something
      ASSERT_NE(0, memcmp(original.data(), scratch.data(), buffer_size));
      ASSERT_OK(key.Decrypt(scratch.data(), buffer_size, scratch.data()));
      // Check that we get the original data back.
      ASSERT_EQ(0, memcmp(original.data(), scratch.data(), buffer_size));
    }
  }

  mt19937_64 rng_;
};

/// Test basic encryption functionality.
TEST_F(OpenSSLUtilTest, Encryption) {
  const int buffer_size = 1024 * 1024;
  vector<uint8_t> original(buffer_size);
  vector<uint8_t> prev_encrypted(buffer_size);
  vector<uint8_t> encrypted(buffer_size);
  vector<uint8_t> decrypted(buffer_size);
  GenerateRandomData(original.data(), buffer_size);

  // Check both CTR & CFB
  AES_CIPHER_MODE modes[] = {AES_256_GCM, AES_256_CTR, AES_256_CFB};
  for (auto m : modes) {
    // Iterate multiple times to ensure that key regeneration works correctly.
    EncryptionKey key;
    for (int i = 0; i < 2; ++i) {
      key.InitializeRandom(); // Generate a new key for each iteration.
      key.SetCipherMode(m);

      // Check that OpenSSL is happy with the amount of entropy we're feeding it.
      DCHECK_EQ(1, RAND_status());

      ASSERT_OK(key.Encrypt(original.data(), buffer_size, encrypted.data()));
      if (i > 0) {
        // Check that we're not somehow reusing the same key.
        ASSERT_NE(0, memcmp(encrypted.data(), prev_encrypted.data(), buffer_size));
      }
      memcpy(prev_encrypted.data(), encrypted.data(), buffer_size);

      // We should get the original data by decrypting it.
      ASSERT_OK(key.Decrypt(encrypted.data(), buffer_size, decrypted.data()));
      ASSERT_EQ(0, memcmp(original.data(), decrypted.data(), buffer_size));
    }
  }
}

/// Test that encryption and decryption work in-place.
TEST_F(OpenSSLUtilTest, EncryptInPlace) {
  const int buffer_size = 1024 * 1024;
  TestEncryptionDecryption(buffer_size);
}

/// Test that encryption works with buffer lengths that don't fit in a 32-bit integer.
TEST_F(OpenSSLUtilTest, EncryptInPlaceHugeBuffer) {
  const int64_t buffer_size = 3 * 1024L * 1024L * 1024L;
  TestEncryptionDecryption(buffer_size);
}

/// Test that encryption works with arbitrary-length buffer
TEST_F(OpenSSLUtilTest, EncryptArbitraryLength) {
  std::uniform_int_distribution<uint64_t> dis(0, 1024 * 1024);
  const int buffer_size = dis(rng_);
  TestEncryptionDecryption(buffer_size);
}

/// Test integrity in GCM mode
TEST_F(OpenSSLUtilTest, GcmIntegrity) {
  const int buffer_size = 1024 * 1024;
  vector<uint8_t> buffer(buffer_size);

  EncryptionKey key;
  key.InitializeRandom();
  key.SetCipherMode(AES_256_GCM);

  // Even it has been set as GCM mode, it may fall back to other modes.
  // Check if GCM mode is supported at runtime.
  if (key.IsGcmMode()) {
    GenerateRandomData(buffer.data(), buffer_size);
    ASSERT_OK(key.Encrypt(buffer.data(), buffer_size, buffer.data()));

    // tamper the data
    ++buffer[0];
    Status s = key.Decrypt(buffer.data(), buffer_size, buffer.data());
    EXPECT_STR_CONTAINS(s.GetDetail(), "EVP_DecryptFinal");
  }
}

/// Test basic integrity hash functionality.
TEST_F(OpenSSLUtilTest, IntegrityHash) {
  const int buffer_size = 1024 * 1024;
  vector<uint8_t> buf1(buffer_size);
  vector<uint8_t> buf1_copy(buffer_size);
  vector<uint8_t> buf2(buffer_size);
  GenerateRandomData(buf1.data(), buffer_size);
  memcpy(buf1_copy.data(), buf1.data(), buffer_size);
  memcpy(buf2.data(), buf1.data(), buffer_size);
  ++buf2[buffer_size - 1]; // Alter a byte in buf2 to ensure it's different.

  IntegrityHash buf1_hash;
  buf1_hash.Compute(buf1.data(), buffer_size);
  EXPECT_TRUE(buf1_hash.Verify(buf1.data(), buffer_size));
  EXPECT_TRUE(buf1_hash.Verify(buf1_copy.data(), buffer_size));

  EXPECT_FALSE(buf1_hash.Verify(buf2.data(), buffer_size));
  // We should generally get different results for different buffer sizes (unless we're
  // cosmically lucky and get a hash collision).
  EXPECT_FALSE(buf1_hash.Verify(buf1.data(), buffer_size / 2));
}

/// Test that integrity hash works with buffer lengths that don't fit in a 32-bit integer.
TEST_F(OpenSSLUtilTest, IntegrityHashHugeBuffer) {
  const int64_t buffer_size = 3L * 1024L * 1024L * 1024L;
  vector<uint8_t> buf(buffer_size);
  GenerateRandomData(buf.data(), buffer_size);

  IntegrityHash hash;
  hash.Compute(buf.data(), buffer_size);
  EXPECT_TRUE(hash.Verify(buf.data(), buffer_size));
  // We should generally get different results for different buffer sizes (unless we're
  // cosmically lucky and get a hash collision).
  EXPECT_FALSE(hash.Verify(buf.data(), buffer_size - 10));
}

/// Test that we are seeding the OpenSSL random number generator well enough to
/// generate lots of encryption keys.
TEST_F(OpenSSLUtilTest, RandSeeding) {
  for (int i = 0; i < 100000; ++i) {
    // Check that OpenSSL is happy with the amount of entropy we're feeding it.
    DCHECK_EQ(1, RAND_status());

    EncryptionKey key;
    key.InitializeRandom();
  }
}
}