]>
Commit | Line | Data |
---|---|---|
3e1f6edc | 1 | /* |
a7f0ab78 | 2 | * Copyright (C) 2014-2015 Andreas Steffen |
19ef2aec TB |
3 | * |
4 | * Copyright (C) secunet Security Networks AG | |
3e1f6edc AS |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
15 | */ | |
16 | ||
17 | #include "test_suite.h" | |
18 | ||
19 | #include <bliss_private_key.h> | |
20 | #include <bliss_public_key.h> | |
21 | ||
22 | static u_int key_type[] = { 1, 3, 4 }; | |
a7f0ab78 | 23 | static u_int key_strength[] = { 128, 160, 192 }; |
3e1f6edc AS |
24 | |
25 | START_TEST(test_bliss_sign_all) | |
a7f0ab78 | 26 | { |
27bd0fed | 27 | signature_scheme_t signature_scheme; |
a7f0ab78 AS |
28 | private_key_t *privkey, *privkey1; |
29 | public_key_t *pubkey, *pubkey1; | |
30 | chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp; | |
31 | int k; | |
32 | ||
33 | for (k = 0; k < 4; k++) | |
34 | { | |
35 | int verify_count = 1000; | |
36 | ||
27bd0fed AS |
37 | switch (k) |
38 | { | |
39 | case 1: | |
a88d9589 | 40 | signature_scheme = SIGN_BLISS_WITH_SHA2_256; |
27bd0fed AS |
41 | break; |
42 | case 2: | |
a88d9589 | 43 | signature_scheme = SIGN_BLISS_WITH_SHA2_384; |
27bd0fed AS |
44 | break; |
45 | default: | |
a88d9589 | 46 | signature_scheme = SIGN_BLISS_WITH_SHA2_512; |
27bd0fed AS |
47 | } |
48 | ||
a7f0ab78 AS |
49 | /* enforce BLISS-B key for k = 2, 3 */ |
50 | lib->settings->set_bool(lib->settings, | |
51 | "%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns); | |
52 | ||
53 | msg = chunk_from_str("Hello Dolly!"); | |
54 | ||
55 | /* generate private key */ | |
56 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
57 | BUILD_KEY_SIZE, key_type[_i], BUILD_END); | |
58 | ck_assert(privkey); | |
59 | ||
60 | /* generate ASN.1 DER and PEM encoding of private key */ | |
61 | ck_assert(privkey->get_encoding(privkey, (k % 2) ? | |
62 | PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob)); | |
63 | ||
64 | /* extract public key from private key */ | |
65 | pubkey = privkey->get_public_key(privkey); | |
66 | ck_assert(pubkey); | |
67 | ||
68 | /* generate ASN.1 DER and PEM encodings of public key */ | |
69 | ck_assert(pubkey->get_encoding(pubkey, (k % 2) ? | |
70 | PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob)); | |
71 | ||
72 | /* compare fingerprints of public and private key */ | |
73 | ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ? | |
74 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp)); | |
75 | ck_assert(privkey->get_fingerprint(privkey, (k % 2) ? | |
76 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp)); | |
77 | ck_assert(chunk_equals(pubkey_fp, privkey_fp)); | |
78 | ||
79 | /* retrieve fingerprints of public and private key from cache */ | |
80 | ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ? | |
81 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp)); | |
82 | ck_assert(privkey->get_fingerprint(privkey, (k % 2) ? | |
83 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp)); | |
84 | ||
85 | /* get a reference of the private key and destroy both instances */ | |
86 | privkey1 = privkey->get_ref(privkey); | |
87 | ck_assert(privkey1); | |
88 | ck_assert(privkey1 == privkey); | |
89 | privkey->destroy(privkey); | |
90 | privkey1->destroy(privkey1); | |
91 | ||
92 | /* get a reference of the public key and destroy both instances */ | |
93 | pubkey1 = pubkey->get_ref(pubkey); | |
94 | ck_assert(pubkey1); | |
95 | ck_assert(pubkey1 == pubkey); | |
96 | pubkey->destroy(pubkey); | |
97 | pubkey1->destroy(pubkey1); | |
98 | ||
99 | /* enforce BLISS-B key for k = 1, 3 */ | |
100 | lib->settings->set_bool(lib->settings, | |
101 | "%s.plugins.bliss.use_bliss_b", k % 2, lib->ns); | |
102 | ||
103 | /* load private key from ASN.1 blob */ | |
104 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
105 | BUILD_BLOB, privkey_blob, BUILD_END); | |
106 | ck_assert(privkey); | |
107 | ck_assert(privkey->get_type(privkey) == KEY_BLISS); | |
108 | ck_assert(privkey->get_keysize(privkey) == key_strength[_i]); | |
109 | chunk_free(&privkey_blob); | |
110 | ||
111 | /* load public key from ASN.1 blob */ | |
112 | pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, | |
113 | BUILD_BLOB, pubkey_blob, BUILD_END); | |
114 | ck_assert(pubkey); | |
115 | ck_assert(pubkey->get_type(pubkey) == KEY_BLISS); | |
116 | ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]); | |
117 | chunk_free(&pubkey_blob); | |
118 | ||
119 | /* generate and verify 1000 BLISS signatures */ | |
120 | while (verify_count--) | |
121 | { | |
de280c2e | 122 | ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg, |
a7f0ab78 | 123 | &signature)); |
a413571f | 124 | ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg, |
a7f0ab78 AS |
125 | signature)); |
126 | free(signature.ptr); | |
127 | } | |
128 | privkey->destroy(privkey); | |
129 | pubkey->destroy(pubkey); | |
130 | } | |
131 | } | |
132 | END_TEST | |
133 | ||
134 | START_TEST(test_bliss_sign_fail) | |
3e1f6edc AS |
135 | { |
136 | private_key_t *privkey; | |
137 | public_key_t *pubkey; | |
7e7800e0 | 138 | chunk_t msg = chunk_empty, signature, encoding, fp; |
a7f0ab78 AS |
139 | |
140 | /* generate non-supported BLISS-II private key */ | |
141 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
142 | BUILD_KEY_SIZE, BLISS_II, BUILD_END); | |
143 | ck_assert(!privkey); | |
144 | ||
145 | /* generate non-supported BLISS-B-II private key */ | |
146 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
147 | BUILD_KEY_SIZE, BLISS_B_II, BUILD_END); | |
148 | ck_assert(!privkey); | |
149 | ||
150 | /* generate supported BLISS-B-I private key */ | |
3e1f6edc | 151 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, |
a7f0ab78 | 152 | BUILD_KEY_SIZE, BLISS_B_I, BUILD_END); |
3e1f6edc AS |
153 | ck_assert(privkey); |
154 | ||
a7f0ab78 AS |
155 | /* wrong private key encoding format */ |
156 | ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding)); | |
157 | ||
158 | /* wrong fingerprint encoding format */ | |
159 | ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp)); | |
160 | ||
161 | /* extract public key */ | |
3e1f6edc AS |
162 | pubkey = privkey->get_public_key(privkey); |
163 | ck_assert(pubkey); | |
164 | ||
a7f0ab78 AS |
165 | /* wrong private key encoding format */ |
166 | ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding)); | |
167 | ||
168 | /* wrong fingerprint encoding format */ | |
169 | ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp)); | |
170 | ||
171 | /* encryption / decryption operation is not defined for BLISS */ | |
4abb29f6 AS |
172 | ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL)); |
173 | ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL)); | |
a7f0ab78 AS |
174 | |
175 | /* sign with invalid signature scheme */ | |
de280c2e | 176 | ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature)); |
a7f0ab78 AS |
177 | |
178 | /* generate valid signature */ | |
179 | msg = chunk_from_str("Hello Dolly!"); | |
de280c2e | 180 | ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature)); |
a7f0ab78 AS |
181 | |
182 | /* verify with invalid signature scheme */ | |
a413571f | 183 | ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature)); |
a7f0ab78 AS |
184 | |
185 | /* corrupt signature */ | |
186 | signature.ptr[signature.len - 1] ^= 0x80; | |
a413571f | 187 | ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature)); |
a7f0ab78 AS |
188 | |
189 | free(signature.ptr); | |
3e1f6edc AS |
190 | privkey->destroy(privkey); |
191 | pubkey->destroy(pubkey); | |
192 | } | |
193 | END_TEST | |
194 | ||
195 | Suite *bliss_sign_suite_create() | |
196 | { | |
197 | Suite *s; | |
198 | TCase *tc; | |
199 | ||
200 | s = suite_create("bliss_sign"); | |
201 | ||
a7f0ab78 | 202 | tc = tcase_create("sign_all"); |
3e1f6edc AS |
203 | test_case_set_timeout(tc, 30); |
204 | tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type)); | |
205 | suite_add_tcase(s, tc); | |
206 | ||
a7f0ab78 AS |
207 | tc = tcase_create("sign_fail"); |
208 | tcase_add_test(tc, test_bliss_sign_fail); | |
209 | suite_add_tcase(s, tc); | |
210 | ||
3e1f6edc AS |
211 | return s; |
212 | } |