[people/ms/strongswan.git] / src / libstrongswan / plugins / bliss / tests / suites / test_bliss_sign.c

/*
 * Copyright (C) 2014-2015 Andreas Steffen
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "test_suite.h"

#include <bliss_private_key.h>
#include <bliss_public_key.h>

static u_int key_type[] = { 1, 3, 4 };
static u_int key_strength[] = { 128, 160, 192 };

START_TEST(test_bliss_sign_all)
{
	signature_scheme_t signature_scheme;
	private_key_t *privkey, *privkey1;
	public_key_t *pubkey, *pubkey1;
	chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
	int k;

	for (k = 0; k < 4; k++)
	{
		int verify_count = 1000;

		switch (k)
		{
			case 1:
				signature_scheme = SIGN_BLISS_WITH_SHA2_256;
				break;
			case 2:
				signature_scheme = SIGN_BLISS_WITH_SHA2_384;
				break;
			default:
				signature_scheme = SIGN_BLISS_WITH_SHA2_512;
		}

		/* enforce BLISS-B key for k = 2, 3 */
		lib->settings->set_bool(lib->settings,
				"%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);

		msg = chunk_from_str("Hello Dolly!");

		/* generate private key */
		privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
									 BUILD_KEY_SIZE, key_type[_i], BUILD_END);
		ck_assert(privkey);

		/* generate ASN.1 DER and PEM encoding of private key */
		ck_assert(privkey->get_encoding(privkey, (k % 2) ?
				  PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));

		/* extract public key from private key */
		pubkey = privkey->get_public_key(privkey);
		ck_assert(pubkey);

		/* generate ASN.1 DER and PEM encodings of public key */
		ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
				  PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));

		/* compare fingerprints of public and private key */
		ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
		ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
		ck_assert(chunk_equals(pubkey_fp, privkey_fp));

		/* retrieve fingerprints of public and private key from cache */
		ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
		ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
				  KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));

		/* get a reference of the private key and destroy both instances */
		privkey1 = privkey->get_ref(privkey);
		ck_assert(privkey1);
		ck_assert(privkey1 == privkey);
		privkey->destroy(privkey);
		privkey1->destroy(privkey1);

		/* get a reference of the public key and destroy both instances */
		pubkey1 = pubkey->get_ref(pubkey);
		ck_assert(pubkey1);
		ck_assert(pubkey1 == pubkey);
		pubkey->destroy(pubkey);
		pubkey1->destroy(pubkey1);

		/* enforce BLISS-B key for k = 1, 3 */
		lib->settings->set_bool(lib->settings,
				"%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);

		/* load private key from ASN.1 blob */
		privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
									 BUILD_BLOB, privkey_blob, BUILD_END);
		ck_assert(privkey);
		ck_assert(privkey->get_type(privkey) == KEY_BLISS);
		ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
		chunk_free(&privkey_blob);

		/* load public key from ASN.1 blob */
		pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
									BUILD_BLOB, pubkey_blob, BUILD_END);
		ck_assert(pubkey);
		ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
		ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
		chunk_free(&pubkey_blob);

		/* generate and verify 1000 BLISS signatures */
		while (verify_count--)
		{
			ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
									&signature));
			ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
									 signature));
			free(signature.ptr);
		}
		privkey->destroy(privkey);
		pubkey->destroy(pubkey);
	}
}
END_TEST

START_TEST(test_bliss_sign_fail)
{
	private_key_t *privkey;
	public_key_t *pubkey;
	chunk_t msg = chunk_empty, signature, encoding, fp;

	/* generate non-supported BLISS-II private key */
	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
								 BUILD_KEY_SIZE, BLISS_II, BUILD_END);
	ck_assert(!privkey);

	/* generate non-supported BLISS-B-II private key */
	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
								 BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
	ck_assert(!privkey);

	/* generate supported BLISS-B-I private key */
	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
								 BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
	ck_assert(privkey);

	/* wrong private key encoding format */
	ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));

	/* wrong fingerprint encoding format */
	ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));

	/* extract public key */
	pubkey = privkey->get_public_key(privkey);
	ck_assert(pubkey);

	/* wrong private key encoding format */
	ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));

	/* wrong fingerprint encoding format */
	ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));

	/* encryption / decryption operation is not defined for BLISS */
	ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
	ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));

	/* sign with invalid signature scheme */
	ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));

	/* generate valid signature */
	msg = chunk_from_str("Hello Dolly!");
	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));

	/* verify with invalid signature scheme */
	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));

	/* corrupt signature */
	signature.ptr[signature.len - 1] ^= 0x80;
	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));

	free(signature.ptr);
	privkey->destroy(privkey);
	pubkey->destroy(pubkey);
}
END_TEST

Suite *bliss_sign_suite_create()
{
	Suite *s;
	TCase *tc;

	s = suite_create("bliss_sign");

	tc = tcase_create("sign_all");
	test_case_set_timeout(tc, 30);
	tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
	suite_add_tcase(s, tc);

	tc = tcase_create("sign_fail");
	tcase_add_test(tc, test_bliss_sign_fail);
	suite_add_tcase(s, tc);

	return s;
}
Commit	Line	Data
3e1f6edc	1	/*
a7f0ab78	2	* Copyright (C) 2014-2015 Andreas Steffen
3e1f6edc AS	3	* HSR Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	#include "test_suite.h"
	17
	18	#include <bliss_private_key.h>
	19	#include <bliss_public_key.h>
	20
	21	static u_int key_type[] = { 1, 3, 4 };
a7f0ab78	22	static u_int key_strength[] = { 128, 160, 192 };
3e1f6edc AS	23
3e1f6edc AS	24	START_TEST(test_bliss_sign_all)
a7f0ab78	25	{
27bd0fed	26	signature_scheme_t signature_scheme;
a7f0ab78 AS	27	private_key_t privkey, privkey1;
	28	public_key_t pubkey, pubkey1;
	29	chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
	30	int k;
	31
	32	for (k = 0; k < 4; k++)
	33	{
	34	int verify_count = 1000;
	35
27bd0fed AS	36	switch (k)
	37	{
	38	case 1:
a88d9589	39	signature_scheme = SIGN_BLISS_WITH_SHA2_256;
27bd0fed AS	40	break;
27bd0fed AS	41	case 2:
a88d9589	42	signature_scheme = SIGN_BLISS_WITH_SHA2_384;
27bd0fed AS	43	break;
27bd0fed AS	44	default:
a88d9589	45	signature_scheme = SIGN_BLISS_WITH_SHA2_512;
27bd0fed AS	46	}
27bd0fed AS	47
a7f0ab78 AS	48	/* enforce BLISS-B key for k = 2, 3 */
	49	lib->settings->set_bool(lib->settings,
	50	"%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);
	51
	52	msg = chunk_from_str("Hello Dolly!");
	53
	54	/* generate private key */
	55	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	56	BUILD_KEY_SIZE, key_type[_i], BUILD_END);
	57	ck_assert(privkey);
	58
	59	/* generate ASN.1 DER and PEM encoding of private key */
	60	ck_assert(privkey->get_encoding(privkey, (k % 2) ?
	61	PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));
	62
	63	/* extract public key from private key */
	64	pubkey = privkey->get_public_key(privkey);
	65	ck_assert(pubkey);
	66
	67	/* generate ASN.1 DER and PEM encodings of public key */
	68	ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
	69	PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));
	70
	71	/* compare fingerprints of public and private key */
	72	ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
	73	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
	74	ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
	75	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
	76	ck_assert(chunk_equals(pubkey_fp, privkey_fp));
	77
	78	/* retrieve fingerprints of public and private key from cache */
	79	ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
	80	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
	81	ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
	82	KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
	83
	84	/* get a reference of the private key and destroy both instances */
	85	privkey1 = privkey->get_ref(privkey);
	86	ck_assert(privkey1);
	87	ck_assert(privkey1 == privkey);
	88	privkey->destroy(privkey);
	89	privkey1->destroy(privkey1);
	90
	91	/* get a reference of the public key and destroy both instances */
	92	pubkey1 = pubkey->get_ref(pubkey);
	93	ck_assert(pubkey1);
	94	ck_assert(pubkey1 == pubkey);
	95	pubkey->destroy(pubkey);
	96	pubkey1->destroy(pubkey1);
	97
	98	/* enforce BLISS-B key for k = 1, 3 */
	99	lib->settings->set_bool(lib->settings,
	100	"%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);
	101
	102	/* load private key from ASN.1 blob */
	103	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	104	BUILD_BLOB, privkey_blob, BUILD_END);
	105	ck_assert(privkey);
	106	ck_assert(privkey->get_type(privkey) == KEY_BLISS);
	107	ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
	108	chunk_free(&privkey_blob);
	109
	110	/* load public key from ASN.1 blob */
	111	pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
112	BUILD_BLOB, pubkey_blob, BUILD_END);
113	ck_assert(pubkey);
114	ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
115	ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
116	chunk_free(&pubkey_blob);
117
118	/* generate and verify 1000 BLISS signatures */
119	while (verify_count--)
120	{
de280c2e	121	ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
a7f0ab78	122	&signature));
a413571f	123	ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
a7f0ab78 AS	124	signature));
	125	free(signature.ptr);
	126	}
	127	privkey->destroy(privkey);
	128	pubkey->destroy(pubkey);
	129	}
	130	}
	131	END_TEST
	132
	133	START_TEST(test_bliss_sign_fail)
3e1f6edc AS	134	{
	135	private_key_t *privkey;
	136	public_key_t *pubkey;
7e7800e0	137	chunk_t msg = chunk_empty, signature, encoding, fp;
a7f0ab78 AS	138
	139	/* generate non-supported BLISS-II private key */
	140	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	141	BUILD_KEY_SIZE, BLISS_II, BUILD_END);
	142	ck_assert(!privkey);
	143
	144	/* generate non-supported BLISS-B-II private key */
	145	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
	146	BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
	147	ck_assert(!privkey);
	148
	149	/* generate supported BLISS-B-I private key */
3e1f6edc	150	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
a7f0ab78	151	BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
3e1f6edc AS	152	ck_assert(privkey);
3e1f6edc AS	153
a7f0ab78 AS	154	/* wrong private key encoding format */
	155	ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));
	156
	157	/* wrong fingerprint encoding format */
	158	ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));
	159
	160	/* extract public key */
3e1f6edc AS	161	pubkey = privkey->get_public_key(privkey);
	162	ck_assert(pubkey);
	163
a7f0ab78 AS	164	/* wrong private key encoding format */
	165	ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));
	166
	167	/* wrong fingerprint encoding format */
	168	ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));
	169
	170	/* encryption / decryption operation is not defined for BLISS */
4abb29f6 AS	171	ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
4abb29f6 AS	172	ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
a7f0ab78 AS	173
a7f0ab78 AS	174	/* sign with invalid signature scheme */
de280c2e	175	ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));
a7f0ab78 AS	176
	177	/* generate valid signature */
	178	msg = chunk_from_str("Hello Dolly!");
de280c2e	179	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));
a7f0ab78 AS	180
a7f0ab78 AS	181	/* verify with invalid signature scheme */
a413571f	182	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));
a7f0ab78 AS	183
	184	/* corrupt signature */
	185	signature.ptr[signature.len - 1] ^= 0x80;
a413571f	186	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));
a7f0ab78 AS	187
a7f0ab78 AS	188	free(signature.ptr);
3e1f6edc AS	189	privkey->destroy(privkey);
	190	pubkey->destroy(pubkey);
	191	}
	192	END_TEST
	193
	194	Suite *bliss_sign_suite_create()
	195	{
	196	Suite *s;
	197	TCase *tc;
	198
	199	s = suite_create("bliss_sign");
	200
a7f0ab78	201	tc = tcase_create("sign_all");
3e1f6edc AS	202	test_case_set_timeout(tc, 30);
	203	tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
	204	suite_add_tcase(s, tc);
	205
a7f0ab78 AS	206	tc = tcase_create("sign_fail");
	207	tcase_add_test(tc, test_bliss_sign_fail);
	208	suite_add_tcase(s, tc);
	209
3e1f6edc AS	210	return s;
3e1f6edc AS	211	}