]>
Commit | Line | Data |
---|---|---|
3e1f6edc | 1 | /* |
a7f0ab78 | 2 | * Copyright (C) 2014-2015 Andreas Steffen |
3e1f6edc AS |
3 | * HSR Hochschule fuer Technik Rapperswil |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License as published by the | |
7 | * Free Software Foundation; either version 2 of the License, or (at your | |
8 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, but | |
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
13 | * for more details. | |
14 | */ | |
15 | ||
16 | #include "test_suite.h" | |
17 | ||
18 | #include <bliss_private_key.h> | |
19 | #include <bliss_public_key.h> | |
20 | ||
21 | static u_int key_type[] = { 1, 3, 4 }; | |
a7f0ab78 | 22 | static u_int key_strength[] = { 128, 160, 192 }; |
3e1f6edc AS |
23 | |
24 | START_TEST(test_bliss_sign_all) | |
a7f0ab78 | 25 | { |
27bd0fed | 26 | signature_scheme_t signature_scheme; |
a7f0ab78 AS |
27 | private_key_t *privkey, *privkey1; |
28 | public_key_t *pubkey, *pubkey1; | |
29 | chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp; | |
30 | int k; | |
31 | ||
32 | for (k = 0; k < 4; k++) | |
33 | { | |
34 | int verify_count = 1000; | |
35 | ||
27bd0fed AS |
36 | switch (k) |
37 | { | |
38 | case 1: | |
a88d9589 | 39 | signature_scheme = SIGN_BLISS_WITH_SHA2_256; |
27bd0fed AS |
40 | break; |
41 | case 2: | |
a88d9589 | 42 | signature_scheme = SIGN_BLISS_WITH_SHA2_384; |
27bd0fed AS |
43 | break; |
44 | default: | |
a88d9589 | 45 | signature_scheme = SIGN_BLISS_WITH_SHA2_512; |
27bd0fed AS |
46 | } |
47 | ||
a7f0ab78 AS |
48 | /* enforce BLISS-B key for k = 2, 3 */ |
49 | lib->settings->set_bool(lib->settings, | |
50 | "%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns); | |
51 | ||
52 | msg = chunk_from_str("Hello Dolly!"); | |
53 | ||
54 | /* generate private key */ | |
55 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
56 | BUILD_KEY_SIZE, key_type[_i], BUILD_END); | |
57 | ck_assert(privkey); | |
58 | ||
59 | /* generate ASN.1 DER and PEM encoding of private key */ | |
60 | ck_assert(privkey->get_encoding(privkey, (k % 2) ? | |
61 | PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob)); | |
62 | ||
63 | /* extract public key from private key */ | |
64 | pubkey = privkey->get_public_key(privkey); | |
65 | ck_assert(pubkey); | |
66 | ||
67 | /* generate ASN.1 DER and PEM encodings of public key */ | |
68 | ck_assert(pubkey->get_encoding(pubkey, (k % 2) ? | |
69 | PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob)); | |
70 | ||
71 | /* compare fingerprints of public and private key */ | |
72 | ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ? | |
73 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp)); | |
74 | ck_assert(privkey->get_fingerprint(privkey, (k % 2) ? | |
75 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp)); | |
76 | ck_assert(chunk_equals(pubkey_fp, privkey_fp)); | |
77 | ||
78 | /* retrieve fingerprints of public and private key from cache */ | |
79 | ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ? | |
80 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp)); | |
81 | ck_assert(privkey->get_fingerprint(privkey, (k % 2) ? | |
82 | KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp)); | |
83 | ||
84 | /* get a reference of the private key and destroy both instances */ | |
85 | privkey1 = privkey->get_ref(privkey); | |
86 | ck_assert(privkey1); | |
87 | ck_assert(privkey1 == privkey); | |
88 | privkey->destroy(privkey); | |
89 | privkey1->destroy(privkey1); | |
90 | ||
91 | /* get a reference of the public key and destroy both instances */ | |
92 | pubkey1 = pubkey->get_ref(pubkey); | |
93 | ck_assert(pubkey1); | |
94 | ck_assert(pubkey1 == pubkey); | |
95 | pubkey->destroy(pubkey); | |
96 | pubkey1->destroy(pubkey1); | |
97 | ||
98 | /* enforce BLISS-B key for k = 1, 3 */ | |
99 | lib->settings->set_bool(lib->settings, | |
100 | "%s.plugins.bliss.use_bliss_b", k % 2, lib->ns); | |
101 | ||
102 | /* load private key from ASN.1 blob */ | |
103 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
104 | BUILD_BLOB, privkey_blob, BUILD_END); | |
105 | ck_assert(privkey); | |
106 | ck_assert(privkey->get_type(privkey) == KEY_BLISS); | |
107 | ck_assert(privkey->get_keysize(privkey) == key_strength[_i]); | |
108 | chunk_free(&privkey_blob); | |
109 | ||
110 | /* load public key from ASN.1 blob */ | |
111 | pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, | |
112 | BUILD_BLOB, pubkey_blob, BUILD_END); | |
113 | ck_assert(pubkey); | |
114 | ck_assert(pubkey->get_type(pubkey) == KEY_BLISS); | |
115 | ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]); | |
116 | chunk_free(&pubkey_blob); | |
117 | ||
118 | /* generate and verify 1000 BLISS signatures */ | |
119 | while (verify_count--) | |
120 | { | |
de280c2e | 121 | ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg, |
a7f0ab78 | 122 | &signature)); |
a413571f | 123 | ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg, |
a7f0ab78 AS |
124 | signature)); |
125 | free(signature.ptr); | |
126 | } | |
127 | privkey->destroy(privkey); | |
128 | pubkey->destroy(pubkey); | |
129 | } | |
130 | } | |
131 | END_TEST | |
132 | ||
133 | START_TEST(test_bliss_sign_fail) | |
3e1f6edc AS |
134 | { |
135 | private_key_t *privkey; | |
136 | public_key_t *pubkey; | |
7e7800e0 | 137 | chunk_t msg = chunk_empty, signature, encoding, fp; |
a7f0ab78 AS |
138 | |
139 | /* generate non-supported BLISS-II private key */ | |
140 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
141 | BUILD_KEY_SIZE, BLISS_II, BUILD_END); | |
142 | ck_assert(!privkey); | |
143 | ||
144 | /* generate non-supported BLISS-B-II private key */ | |
145 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, | |
146 | BUILD_KEY_SIZE, BLISS_B_II, BUILD_END); | |
147 | ck_assert(!privkey); | |
148 | ||
149 | /* generate supported BLISS-B-I private key */ | |
3e1f6edc | 150 | privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS, |
a7f0ab78 | 151 | BUILD_KEY_SIZE, BLISS_B_I, BUILD_END); |
3e1f6edc AS |
152 | ck_assert(privkey); |
153 | ||
a7f0ab78 AS |
154 | /* wrong private key encoding format */ |
155 | ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding)); | |
156 | ||
157 | /* wrong fingerprint encoding format */ | |
158 | ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp)); | |
159 | ||
160 | /* extract public key */ | |
3e1f6edc AS |
161 | pubkey = privkey->get_public_key(privkey); |
162 | ck_assert(pubkey); | |
163 | ||
a7f0ab78 AS |
164 | /* wrong private key encoding format */ |
165 | ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding)); | |
166 | ||
167 | /* wrong fingerprint encoding format */ | |
168 | ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp)); | |
169 | ||
170 | /* encryption / decryption operation is not defined for BLISS */ | |
4abb29f6 AS |
171 | ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL)); |
172 | ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL)); | |
a7f0ab78 AS |
173 | |
174 | /* sign with invalid signature scheme */ | |
de280c2e | 175 | ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature)); |
a7f0ab78 AS |
176 | |
177 | /* generate valid signature */ | |
178 | msg = chunk_from_str("Hello Dolly!"); | |
de280c2e | 179 | ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature)); |
a7f0ab78 AS |
180 | |
181 | /* verify with invalid signature scheme */ | |
a413571f | 182 | ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature)); |
a7f0ab78 AS |
183 | |
184 | /* corrupt signature */ | |
185 | signature.ptr[signature.len - 1] ^= 0x80; | |
a413571f | 186 | ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature)); |
a7f0ab78 AS |
187 | |
188 | free(signature.ptr); | |
3e1f6edc AS |
189 | privkey->destroy(privkey); |
190 | pubkey->destroy(pubkey); | |
191 | } | |
192 | END_TEST | |
193 | ||
194 | Suite *bliss_sign_suite_create() | |
195 | { | |
196 | Suite *s; | |
197 | TCase *tc; | |
198 | ||
199 | s = suite_create("bliss_sign"); | |
200 | ||
a7f0ab78 | 201 | tc = tcase_create("sign_all"); |
3e1f6edc AS |
202 | test_case_set_timeout(tc, 30); |
203 | tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type)); | |
204 | suite_add_tcase(s, tc); | |
205 | ||
a7f0ab78 AS |
206 | tc = tcase_create("sign_fail"); |
207 | tcase_add_test(tc, test_bliss_sign_fail); | |
208 | suite_add_tcase(s, tc); | |
209 | ||
3e1f6edc AS |
210 | return s; |
211 | } |