[thirdparty/strongswan.git] / src / libstrongswan / plugins / bliss / tests / suites / test_bliss_sign.c

/*
 * Copyright (C) 2014-2015 Andreas Steffen
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "test_suite.h"

#include <bliss_private_key.h>
#include <bliss_public_key.h>

static u_int key_type[] = { 1, 3, 4 };
static u_int key_strength[] = { 128, 160, 192 };

START_TEST(test_bliss_sign_all)
{
	signature_scheme_t signature_scheme;
	private_key_t *privkey, *privkey1;
	public_key_t *pubkey, *pubkey1;
	chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
	int k;

	for (k = 0; k < 4; k++)
	{
		int verify_count = 1000;

		switch (k)
		{
			case 1:
				signature_scheme = SIGN_BLISS_WITH_SHA2_256;
				break;
			case 2:
				signature_scheme = SIGN_BLISS_WITH_SHA2_384;
				break;
			default:
				signature_scheme = SIGN_BLISS_WITH_SHA2_512;
		}

		/* enforce BLISS-B key for k = 2, 3 */
		lib->settings->set_bool(lib->settings,
				"%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);

		msg = chunk_from_str("Hello Dolly!");

		/* generate private key */
		privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
									 BUILD_KEY_SIZE, key_type[_i], BUILD_END);
		ck_assert(privkey);

		/* generate ASN.1 DER and PEM encoding of private key */
		ck_assert(privkey->get_encoding(privkey, (k % 2) ?
				  PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));

		/* extract public key from private key */
		pubkey = privkey->get_public_key(privkey);
		ck_assert(pubkey);

		/* generate ASN.1 DER and PEM encodings of public key */
		ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
				  PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));

		/* compare fingerprints of public and private key */
		ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
		ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
		ck_assert(chunk_equals(pubkey_fp, privkey_fp));

		/* retrieve fingerprints of public and private key from cache */
		ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
		ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));

		/* get a reference of the private key and destroy both instances */
		privkey1 = privkey->get_ref(privkey);
		ck_assert(privkey1);
		ck_assert(privkey1 == privkey);
		privkey->destroy(privkey);
		privkey1->destroy(privkey1);

		/* get a reference of the public key and destroy both instances */
		pubkey1 = pubkey->get_ref(pubkey);
		ck_assert(pubkey1);
		ck_assert(pubkey1 == pubkey);
		pubkey->destroy(pubkey);
		pubkey1->destroy(pubkey1);

		/* enforce BLISS-B key for k = 1, 3 */
		lib->settings->set_bool(lib->settings,
				"%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);

		/* load private key from ASN.1 blob */
		privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
									 BUILD_BLOB, privkey_blob, BUILD_END);
		ck_assert(privkey);
		ck_assert(privkey->get_type(privkey) == KEY_BLISS);
		ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
		chunk_free(&privkey_blob);

		/* load public key from ASN.1 blob */
		pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
									BUILD_BLOB, pubkey_blob, BUILD_END);
		ck_assert(pubkey);
		ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
		ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
		chunk_free(&pubkey_blob);

		/* generate and verify 1000 BLISS signatures */
		while (verify_count--)
		{
			ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
									&signature));
			ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
									 signature));
			free(signature.ptr);
		}
		privkey->destroy(privkey);
		pubkey->destroy(pubkey);
	}
}
END_TEST

START_TEST(test_bliss_sign_fail)
{
	private_key_t *privkey;
	public_key_t *pubkey;
	chunk_t msg = chunk_empty, signature, encoding, fp;

	/* generate non-supported BLISS-II private key */
	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
								 BUILD_KEY_SIZE, BLISS_II, BUILD_END);
	ck_assert(!privkey);

	/* generate non-supported BLISS-B-II private key */
	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
								 BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
	ck_assert(!privkey);

	/* generate supported BLISS-B-I private key */
	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
								 BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
	ck_assert(privkey);

	/* wrong private key encoding format */
	ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));

	/* wrong fingerprint encoding format */
	ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));

	/* extract public key */
	pubkey = privkey->get_public_key(privkey);
	ck_assert(pubkey);

	/* wrong private key encoding format */
	ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));

	/* wrong fingerprint encoding format */
	ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));

	/* encryption / decryption operation is not defined for BLISS */
	ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
	ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));

	/* sign with invalid signature scheme */
	ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));

	/* generate valid signature */
	msg = chunk_from_str("Hello Dolly!");
	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));

	/* verify with invalid signature scheme */
	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));

	/* corrupt signature */
	signature.ptr[signature.len - 1] ^= 0x80;
	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));

	free(signature.ptr);
	privkey->destroy(privkey);
	pubkey->destroy(pubkey);
}
END_TEST

Suite *bliss_sign_suite_create()
{
	Suite *s;
	TCase *tc;

	s = suite_create("bliss_sign");

	tc = tcase_create("sign_all");
	test_case_set_timeout(tc, 30);
	tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
	suite_add_tcase(s, tc);

	tc = tcase_create("sign_fail");
	tcase_add_test(tc, test_bliss_sign_fail);
	suite_add_tcase(s, tc);

	return s;
}
Commit	Line	Data
3e1f6edc	1	/*
a7f0ab78	2	* Copyright (C) 2014-2015 Andreas Steffen
19ef2aec TB	3	*
19ef2aec TB	4	* Copyright (C) secunet Security Networks AG
3e1f6edc AS	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2 of the License, or (at your
	9	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	13	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	14	* for more details.
	15	*/
	16
	17	#include "test_suite.h"
	18
	19	#include <bliss_private_key.h>
	20	#include <bliss_public_key.h>
	21
	22	static u_int key_type[] = { 1, 3, 4 };
a7f0ab78	23	static u_int key_strength[] = { 128, 160, 192 };
3e1f6edc AS	24
3e1f6edc AS	25	START_TEST(test_bliss_sign_all)
a7f0ab78	26	{
27bd0fed	27	signature_scheme_t signature_scheme;
a7f0ab78 AS	28	private_key_t privkey, privkey1;
	29	public_key_t pubkey, pubkey1;
	30	chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
	31	int k;
	32
	33	for (k = 0; k < 4; k++)
	34	{
	35	int verify_count = 1000;
	36
27bd0fed AS	37	switch (k)
	38	{
	39	case 1:
a88d9589	40	signature_scheme = SIGN_BLISS_WITH_SHA2_256;
27bd0fed AS	41	break;
27bd0fed AS	42	case 2:
a88d9589	43	signature_scheme = SIGN_BLISS_WITH_SHA2_384;
27bd0fed AS	44	break;
27bd0fed AS	45	default:
a88d9589	46	signature_scheme = SIGN_BLISS_WITH_SHA2_512;
27bd0fed AS	47	}
27bd0fed AS	48
a7f0ab78 AS	49	/* enforce BLISS-B key for k = 2, 3 */
	50	lib->settings->set_bool(lib->settings,
	51	"%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);
	52
	53	msg = chunk_from_str("Hello Dolly!");
	54
	55	/* generate private key */
	56	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	57	BUILD_KEY_SIZE, key_type[_i], BUILD_END);
	58	ck_assert(privkey);
	59
	60	/* generate ASN.1 DER and PEM encoding of private key */
	61	ck_assert(privkey->get_encoding(privkey, (k % 2) ?
	62	PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));
	63
	64	/* extract public key from private key */
	65	pubkey = privkey->get_public_key(privkey);
	66	ck_assert(pubkey);
	67
	68	/* generate ASN.1 DER and PEM encodings of public key */
	69	ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
	70	PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));
	71
	72	/* compare fingerprints of public and private key */
	73	ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
	74	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
	75	ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
	76	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
	77	ck_assert(chunk_equals(pubkey_fp, privkey_fp));
	78
	79	/* retrieve fingerprints of public and private key from cache */
	80	ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
	81	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
	82	ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
	83	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
	84
	85	/* get a reference of the private key and destroy both instances */
	86	privkey1 = privkey->get_ref(privkey);
	87	ck_assert(privkey1);
	88	ck_assert(privkey1 == privkey);
	89	privkey->destroy(privkey);
	90	privkey1->destroy(privkey1);
	91
	92	/* get a reference of the public key and destroy both instances */
	93	pubkey1 = pubkey->get_ref(pubkey);
	94	ck_assert(pubkey1);
	95	ck_assert(pubkey1 == pubkey);
	96	pubkey->destroy(pubkey);
	97	pubkey1->destroy(pubkey1);
	98
	99	/* enforce BLISS-B key for k = 1, 3 */
	100	lib->settings->set_bool(lib->settings,
	101	"%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);
	102
	103	/* load private key from ASN.1 blob */
	104	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	105	BUILD_BLOB, privkey_blob, BUILD_END);
	106	ck_assert(privkey);
	107	ck_assert(privkey->get_type(privkey) == KEY_BLISS);
	108	ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
	109	chunk_free(&privkey_blob);
	110
	111	/* load public key from ASN.1 blob */
	112	pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
113	BUILD_BLOB, pubkey_blob, BUILD_END);
114	ck_assert(pubkey);
115	ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
116	ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
117	chunk_free(&pubkey_blob);
118
119	/* generate and verify 1000 BLISS signatures */
120	while (verify_count--)
121	{
de280c2e	122	ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
a7f0ab78	123	&signature));
a413571f	124	ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
a7f0ab78 AS	125	signature));
	126	free(signature.ptr);
	127	}
	128	privkey->destroy(privkey);
	129	pubkey->destroy(pubkey);
	130	}
	131	}
	132	END_TEST
	133
	134	START_TEST(test_bliss_sign_fail)
3e1f6edc AS	135	{
	136	private_key_t *privkey;
	137	public_key_t *pubkey;
7e7800e0	138	chunk_t msg = chunk_empty, signature, encoding, fp;
a7f0ab78 AS	139
	140	/* generate non-supported BLISS-II private key */
	141	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	142	BUILD_KEY_SIZE, BLISS_II, BUILD_END);
	143	ck_assert(!privkey);
	144
	145	/* generate non-supported BLISS-B-II private key */
	146	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	147	BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
	148	ck_assert(!privkey);
	149
	150	/* generate supported BLISS-B-I private key */
3e1f6edc	151	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
a7f0ab78	152	BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
3e1f6edc AS	153	ck_assert(privkey);
3e1f6edc AS	154
a7f0ab78 AS	155	/* wrong private key encoding format */
	156	ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));
	157
	158	/* wrong fingerprint encoding format */
	159	ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));
	160
	161	/* extract public key */
3e1f6edc AS	162	pubkey = privkey->get_public_key(privkey);
	163	ck_assert(pubkey);
	164
a7f0ab78 AS	165	/* wrong private key encoding format */
	166	ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));
	167
	168	/* wrong fingerprint encoding format */
	169	ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));
	170
	171	/* encryption / decryption operation is not defined for BLISS */
4abb29f6 AS	172	ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
4abb29f6 AS	173	ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
a7f0ab78 AS	174
a7f0ab78 AS	175	/* sign with invalid signature scheme */
de280c2e	176	ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));
a7f0ab78 AS	177
	178	/* generate valid signature */
	179	msg = chunk_from_str("Hello Dolly!");
de280c2e	180	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));
a7f0ab78 AS	181
a7f0ab78 AS	182	/* verify with invalid signature scheme */
a413571f	183	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));
a7f0ab78 AS	184
	185	/* corrupt signature */
	186	signature.ptr[signature.len - 1] ^= 0x80;
a413571f	187	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));
a7f0ab78 AS	188
a7f0ab78 AS	189	free(signature.ptr);
3e1f6edc AS	190	privkey->destroy(privkey);
	191	pubkey->destroy(pubkey);
	192	}
	193	END_TEST
	194
	195	Suite *bliss_sign_suite_create()
	196	{
	197	Suite *s;
	198	TCase *tc;
	199
	200	s = suite_create("bliss_sign");
	201
a7f0ab78	202	tc = tcase_create("sign_all");
3e1f6edc AS	203	test_case_set_timeout(tc, 30);
	204	tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
	205	suite_add_tcase(s, tc);
	206
a7f0ab78 AS	207	tc = tcase_create("sign_fail");
	208	tcase_add_test(tc, test_bliss_sign_fail);
	209	suite_add_tcase(s, tc);
	210
3e1f6edc AS	211	return s;
3e1f6edc AS	212	}