From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Mon, 23 Jan 2017 12:56:54 +0000 (+0200)
Subject: lib-dcrypt: Add unit tests for changes
X-Git-Tag: 2.3.8~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fdc7f5ea1a3b7d42e588e7fdd262ed7058aabde0;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Add unit tests for changes
---

diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c
index 10954c9f16..784c51ee32 100644
--- a/src/lib-dcrypt/test-crypto.c
+++ b/src/lib-dcrypt/test-crypto.c
@@ -1014,6 +1014,130 @@ static void test_raw_keys(void)
 			   "efb4619614cc5e19fe9b2d24dae834b:21d116b7b3e5c52e81f"
 			   "0437a10b0116cfafc467fb1b96e48926d021668fc1bea");
 
+	test_end();
+}
+
+static void test_sign_verify_rsa(void)
+{
+	const char *error = NULL;
+	bool valid;
+	struct dcrypt_private_key *priv_key = NULL;
+	struct dcrypt_public_key *pub_key = NULL;
+
+	buffer_t *signature =
+		buffer_create_dynamic(pool_datastack_create(), 128);
+	const char *data = "signed data";
+
+	test_begin("sign and verify (rsa)");
+	const char *key = "-----BEGIN PRIVATE KEY-----\n"
+"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALz2rTYj017MEtD6\n"
+"i2flctgTtL4awpTPn2iCvjkMD/owj2N7LRbnpJ5ZDUUkPW8OEDH9NEEx86aFwg+w\n"
+"GNzmxqRg5rA92iKouM4iU76IfCdtuYu4yyq57T2+C9mwqO5OvYXkM4VBjjcGr813\n"
+"7huMcki104znz7HADYj/y8Nu0jyPAgMBAAECgYEAkJStMx92OrIqM3t/7p7AoFNz\n"
+"l4EiIHo7ndtrcHqqPuOo0pUMitnyOrYoUR7JYo+AFL+Hm9p8co0lTpuOanaoxQk8\n"
+"Hs9MDzvp4OjRyr0+mVSqKGJOVckXA1Bi0X6jbtOjm3bn7mp1ICPrnv6VB8VP1ef1\n"
+"/NgcOai1RHEfXQWAWQECQQD7s3LqUFN5vdYuc/RQ98/NAuKUSvy7zU8tZ7r1Ea2w\n"
+"RoxAcakc6Xh75u+9VhsbVyDHDEjWbTW5H2uqkPeotR2tAkEAwDDpS83xH6ilhNnP\n"
+"Cors2WKKXZBkw+ZczThJXWIWrbo0zrTDYWYeo46HQRulJawW0iDEkVahk62uC7Go\n"
+"Im5SqwJAXcShd/dK0dzOEOozx4I6kPaVMIerFc/Lwm+Vb70RRs1RbKSrStETiJ0l\n"
+"DRUp7gqMdHr4G6H91KSG+Lke+mPW1QJAdG8tZ5dktWFepZWvMRvpUem5GeYYpfYx\n"
+"0sJ+7+w1ARsGUxSAKcnMVhpLJs6wxpnzWWowrDxntyhJgRwoWHOt8QJBAPuX7gGH\n"
+"Lxm7PpWgYYhnAiHGQmsiYEWZpTDHw3qODbSyANFjAKgaQZ3sHy4gdksmhbNJK60e\n"
+"K7mLk9hTLlVPXJM=\n"
+"-----END PRIVATE KEY-----";
+
+	test_assert(dcrypt_key_load_private(&priv_key,
+		key, NULL, NULL, &error));
+	if (priv_key == NULL)
+		i_fatal("%s", error);
+	dcrypt_key_convert_private_to_public(priv_key, &pub_key);
+	test_assert(dcrypt_sign(priv_key,
+		"sha256", data, strlen(data), signature, 0, &error));
+	/* verify signature */
+	test_assert(dcrypt_verify(pub_key,
+		"sha256", data, strlen(data),
+		 signature->data, signature->used, &valid, 0, &error) && valid);
+
+	dcrypt_key_unref_public(&pub_key);
+	dcrypt_key_unref_private(&priv_key);
+
+	test_end();
+}
+
+static void test_sign_verify_ecdsa(void)
+{
+	const char *error = NULL;
+	bool valid;
+	struct dcrypt_private_key *priv_key = NULL;
+	struct dcrypt_public_key *pub_key = NULL;
+
+	buffer_t *signature =
+		buffer_create_dynamic(pool_datastack_create(), 128);
+	const char *data = "signed data";
+
+	test_begin("sign and verify (ecdsa)");
+	const char *key = "-----BEGIN PRIVATE KEY-----\n"
+"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgZ4AMMyJ9XDl5lKM2\n"
+"vusbT1OQ6VzBWBkB3/4syovaKtyhRANCAAQHTR+6L2qMh5fdcMZF+Y1rctBsq8Oy\n"
+"7jZ4uV+MiuaoGNQ5sTxlcv6ETX/XrEDq4S/DUhFKzQ6u9VXYZImvRCT1\n"
+"-----END PRIVATE KEY-----";
+
+	test_assert(dcrypt_key_load_private(&priv_key,
+		key, NULL, NULL, &error));
+	if (priv_key == NULL)
+		i_fatal("%s", error);
+	dcrypt_key_convert_private_to_public(priv_key, &pub_key);
+	test_assert(dcrypt_sign(priv_key,
+		"sha256", data, strlen(data), signature, 0, &error));
+	/* verify signature */
+	test_assert(dcrypt_verify(pub_key,
+		"sha256", data, strlen(data), signature->data,
+		signature->used, &valid, 0, &error) && valid);
+
+	dcrypt_key_unref_public(&pub_key);
+	dcrypt_key_unref_private(&priv_key);
+
+	test_end();
+}
+
+static void test_static_verify_ecdsa(void)
+{
+	test_begin("static verify (ecdsa)");
+	const char *input = "hello, world";
+	const char *priv_key_pem =
+	   "-----BEGIN PRIVATE KEY-----\n"
+	   "MGcCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcETTBLAgEBBCC25AkD65uhlZXCAdwN\n"
+	   "yLJV2ui8A/CUyqyEMrezvwgMO6EkAyIAAybRUR3MsH0+0PQcDwkrXOJ9aePwzTQV\n"
+	   "DN51+n1JCxbI\n"
+	   "-----END PRIVATE KEY-----";
+	const char *pub_key_pem =
+	   "-----BEGIN PUBLIC KEY-----\n"
+	   "MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADJtFRHcywfT7Q9BwPCStc4n1p4/DN\n"
+	   "NBUM3nX6fUkLFsg=\n"
+	   "-----END PUBLIC KEY-----";
+
+	const unsigned char sig[] = {
+		0x30,0x45,0x02,0x20,0x2c,0x76,0x20,0x5e,0xfc,0xa6,0x9e,0x16,
+		0x44,0xb3,0xbc,0xbf,0xcc,0x43,0xc1,0x08,0x76,0x4a,0xe8,0x60,
+		0xc5,0x9b,0x99,0x20,0x5b,0x44,0x33,0x5c,0x38,0x84,0x63,0xcb,
+		0x02,0x21,0x00,0xa3,0x67,0xed,0x57,0xbf,0x59,0x46,0xb7,0x0c,
+		0x7b,0xec,0x4f,0x78,0x14,0xec,0xfa,0x8d,0xa2,0x85,0x48,0xea,
+		0xe1,0xaf,0x9e,0xbf,0x04,0xac,0x0e,0x41,0xfe,0x84,0x0e
+	};
+
+	struct dcrypt_keypair pair;
+	bool valid;
+	const char *error;
+
+	i_zero(&pair);
+	/* static key test */
+	test_assert(dcrypt_key_load_public(&pair.pub, pub_key_pem, NULL));
+	test_assert(dcrypt_key_load_private(&pair.priv, priv_key_pem, NULL, NULL, NULL));
+	/* validate signature */
+	test_assert(dcrypt_verify(pair.pub, "sha256", input, strlen(input),
+				  sig, sizeof(sig), &valid, 0, &error) &&
+		    valid == TRUE);
+
 	dcrypt_keypair_unref(&pair);
 
 	test_end();
@@ -1060,6 +1184,47 @@ static void test_jwk_keys(void)
 	test_end();
 }
 
+static void test_static_verify_rsa(void)
+{
+	const char *error = NULL;
+	bool valid;
+	struct dcrypt_public_key *pub_key = NULL;
+
+	test_begin("static verify (rsa)");
+	const char *data = "test signature input\n";
+	const unsigned char sig[] = {
+		0x6f,0x1b,0xfb,0xdd,0xdb,0xb1,0xcd,0x6f,0xf1,0x1b,
+		0xb8,0xad,0x71,0x75,0x6c,0x87,0x22,0x11,0xe4,0xc3,
+		0xe7,0xca,0x15,0x04,0xda,0x98,0xab,0x07,0x27,0xcc,
+		0x5a,0x4d,0xab,0xac,0x37,0x7a,0xff,0xd2,0xdf,0x37,
+		0x58,0x37,0x53,0x46,0xd5,0x6d,0x9d,0x73,0x83,0x90,
+		0xea,0x5e,0x2c,0xc7,0x51,0x9e,0xc4,0xda,0xc5,0x7d,
+		0xa5,0xcd,0xb7,0xd7,0x41,0x23,0x6d,0xb9,0x6d,0xe0,
+		0x99,0xa1,0x63,0x6b,0x60,0x5f,0x15,0x5b,0xda,0x21,
+		0x17,0x4c,0x37,0x68,0x67,0x7f,0x8e,0x02,0x93,0xd2,
+		0x86,0xdd,0xe5,0xa7,0xc3,0xd9,0x93,0x8b,0x0c,0x56,
+		0x1d,0x5c,0x60,0x63,0x3e,0x8b,0xbe,0x1f,0xb2,0xe7,
+		0x7f,0xe5,0x66,0x6f,0xcd,0x2b,0x0c,0x02,0x2a,0x12,
+		0x96,0x86,0x66,0x00,0xff,0x12,0x8a,0x79
+	};
+	const char *key = "-----BEGIN PUBLIC KEY-----\n"
+"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC89q02I9NezBLQ+otn5XLYE7S+\n"
+"GsKUz59ogr45DA/6MI9jey0W56SeWQ1FJD1vDhAx/TRBMfOmhcIPsBjc5sakYOaw\n"
+"PdoiqLjOIlO+iHwnbbmLuMsque09vgvZsKjuTr2F5DOFQY43Bq/Nd+4bjHJItdOM\n"
+"58+xwA2I/8vDbtI8jwIDAQAB\n"
+"-----END PUBLIC KEY-----";
+
+	test_assert(dcrypt_key_load_public(&pub_key, key, &error));
+	if (pub_key == NULL)
+		i_fatal("%s", error);
+	test_assert(dcrypt_verify(pub_key, "sha256", data, strlen(data),
+		sig, sizeof(sig), &valid, DCRYPT_PADDING_RSA_PKCS1, &error) &&
+		valid);
+	dcrypt_key_unref_public(&pub_key);
+
+	test_end();
+}
+
 int main(void)
 {
 	struct dcrypt_settings set = {
@@ -1092,6 +1257,10 @@ int main(void)
 		test_load_invalid_keys,
 		test_raw_keys,
 		test_jwk_keys,
+		test_sign_verify_rsa,
+		test_sign_verify_ecdsa,
+		test_static_verify_ecdsa,
+		test_static_verify_rsa,
 		NULL
 	};