END_TEST
START_TEST(check_signet_signature_verification)
{
char *fp;
const char *org_keys = "check_org.keys";
unsigned char signature[ED25519_SIG_SIZE];
ED25519_KEY *orgkey;
int res;
signet_t *org_signet;
_crypto_init();
org_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, org_keys);
ck_assert_msg(org_signet != NULL, "Failure to create signet with keys file.\n");
orgkey = dime_keys_signkey_fetch(org_keys);
ck_assert_msg(orgkey != NULL, "Failure to fetch private signing key from keys file.\n");
res = dime_sgnt_sig_crypto_sign(org_signet, orgkey);
ck_assert_msg(res == 0, "Failure to create organizational cryptographic signet signature.\n");
fp = dime_sgnt_fingerprint_crypto(org_signet);
ck_assert_msg(fp != NULL, "Failed to fingerprint organiational signet.\n");
res = ed25519_sign_data((const unsigned char *)fp, strlen(fp), orgkey, signature);
ck_assert_msg(res == 0, "Failed to provided data with ed25519 key.\n");
res = dime_sgnt_msg_sig_verify(org_signet, signature, (const unsigned char *)fp, strlen(fp));
ck_assert_msg(res == 1, "Failed to verify signature using signet.\n");
fprintf(stderr, "Signet signature verification check complete.\n");
}
END_TEST
START_TEST(load_ec_key_file)
{
char filename[256], *b64key;
EC_KEY *result, *key;
size_t size;
unsigned char *serial;
int res;
res = _crypto_init();
ck_assert_msg(!res, "Crypto initialization routine failed.\n");
for (size_t i = 0; i < 5; ++i) {
key = _generate_ec_keypair(0);
snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
serial = _serialize_ec_privkey(key, &size);
b64key = _b64encode(serial, size);
free(serial);
_write_pem_data(b64key, "EC PRIVATE KEY", filename);
free(b64key);
snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
serial = _serialize_ec_pubkey(key, &size);
free_ec_key(key);
b64key = _b64encode(serial, size);
free(serial);
_write_pem_data(b64key, "PUBLIC KEY", filename);
free(b64key);
}
for (size_t i = 0; i < 5; i++) {
snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
result = _load_ec_privkey(filename);
ck_assert_msg(result != NULL, "load_ec_privkey failed for %s", filename);
free_ec_key(result);
snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
result = _load_ec_pubkey(filename);
ck_assert_msg(result != NULL, "load_ec_pubkey failed for %s", filename);
free_ec_key(result);
}
fprintf(stderr, "EC key load from file check completed.\n");
}
END_TEST
START_TEST(check_signet_sok)
{
ED25519_KEY *sok, *sok_from_signet;
int res;
signet_t *signet;
_crypto_init();
signet = dime_sgnt_signet_create(SIGNET_TYPE_USER);
ck_assert_msg(signet != NULL, "Failure to create user signet.\n");
sok = generate_ed25519_keypair();
ck_assert_msg(sok != NULL, "Failure to generate ed25519 key pair.\n");
res = dime_sgnt_sok_create(signet, sok, (unsigned char) SIGNKEY_DEFAULT_FORMAT, (SIGNET_SOK_SIGNET | SIGNET_SOK_MSG | SIGNET_SOK_TLS | SIGNET_SOK_SOFTWARE) );
ck_assert_msg(res == -1, "Error cause by inserting a SOK inside a user signet.\n");
dime_sgnt_signet_destroy(signet);
signet = dime_sgnt_signet_create(SIGNET_TYPE_ORG);
ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n");
res = dime_sgnt_sok_create(signet, sok, 214, (SIGNET_SOK_SIGNET | SIGNET_SOK_MSG) );
ck_assert_msg(res == -1, "Error caused by inserting a SOK with an invalid format.\n");
res = dime_sgnt_sok_create(signet, sok, (unsigned char) SIGNKEY_DEFAULT_FORMAT, (SIGNET_SOK_SIGNET | SIGNET_SOK_MSG | SIGNET_SOK_TLS | SIGNET_SOK_SOFTWARE) );
ck_assert_msg(res == 0, "Failure to add a SOK field to signet.\n");
sok_from_signet = dime_sgnt_sok_num_fetch(signet, 1);
ck_assert_msg(sok_from_signet != NULL, "Failure to fetch SOK from signet.\n");
res = memcmp(sok->public_key, sok_from_signet->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "SOK was corrupted during inserting and fetching into and from the signet.\n");
free_ed25519_key(sok_from_signet);
dime_sgnt_signet_destroy(signet);
fprintf(stderr, "Signet SOK check complete.\n");
}
END_TEST
START_TEST(check_signet_fingerprint)
{
char *fp1, *fp2;
int res;
signet_t *signet;
_crypto_init();
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, "fp_test.keys");
ck_assert_msg(signet != NULL, "Failed to create signet with keys.\n");
fp1 = dime_sgnt_fingerprint_ssr(signet);
ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");
fp2 = dime_sgnt_fingerprint_ssr(signet);
ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");
ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");
res = memcmp(fp1, fp2, strlen(fp1));
ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
free(fp2);
fp2 = dime_sgnt_fingerprint_crypto(signet);
ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");
ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");
res = memcmp(fp1, fp2, strlen(fp1));
ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
free(fp2);
fp2 = dime_sgnt_fingerprint_full(signet);
ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");
ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");
res = memcmp(fp1, fp2, strlen(fp1));
ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
free(fp2);
fp2 = dime_sgnt_fingerprint_id(signet);
ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");
ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");
res = memcmp(fp1, fp2, strlen(fp1));
ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
free(fp2);
res = dime_sgnt_id_set(signet, 7, (const unsigned char *)"some id");
ck_assert_msg(res == 0, "Failed to set signet id.\n");
fp2 = dime_sgnt_fingerprint_id(signet);
ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");
ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");
res = memcmp(fp1, fp2, strlen(fp1));
ck_assert_msg(res != 0, "Either a sha512 hash collision occurred or fingerprinting is broken.\n");
free(fp2);
free(fp1);
dime_sgnt_signet_destroy(signet);
fprintf(stderr, "Signet fingerprinting check complete.\n");
}
END_TEST
START_TEST(check_signet_multi_signkey)
{
EC_KEY *eckey;
ED25519_KEY *keys[5], **fetched;
int res;
signet_t *signet;
_crypto_init();
for(int i = 0; i < 5; ++i) {
keys[i] = generate_ed25519_keypair();
}
eckey = generate_ec_keypair(0);
signet = dime_sgnt_signet_create(SIGNET_TYPE_ORG);
ck_assert_msg(signet != NULL, "Failed to create organizational signet.\n");
res = dime_sgnt_signkey_set(signet, keys[0], SIGNKEY_DEFAULT_FORMAT);
ck_assert_msg(res == 0, "Failed to set signet POK.\n");
res += dime_sgnt_sok_create(signet, keys[1], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_SIGNET);
ck_assert_msg(res == 0, "Failed to create SOK 1.\n");
res += dime_sgnt_sok_create(signet, keys[2], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_MSG);
ck_assert_msg(res == 0, "Failed to create SOK 2.\n");
res += dime_sgnt_sok_create(signet, keys[3], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_TLS);
ck_assert_msg(res == 0, "Failed to create SOK 3.\n");
res += dime_sgnt_sok_create(signet, keys[4], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_SOFTWARE);
ck_assert_msg(res == 0, "Failed to create SOK 4.\n");
res = dime_sgnt_enckey_set(signet, eckey, 0);
ck_assert_msg(res == 0, "Failed to set signet encryption key.\n");
free_ec_key(eckey);
res = dime_sgnt_sig_crypto_sign(signet, keys[0]);
ck_assert_msg(res == 0, "Failed to sign organizational signet with its private POK.\n");
fetched = dime_sgnt_signkeys_signet_fetch(signet);
ck_assert_msg( (fetched != NULL), "Failed to fetch signing keys.\n");
ck_assert_msg( (fetched[0] != NULL), "Failed to fetch signing keys.\n");
ck_assert_msg( (fetched[1] != NULL), "Failed to fetch signing keys.\n");
ck_assert_msg( (fetched[2] == NULL), "Failed to fetch signing keys.\n");
res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "POK was corrupted.\n");
res = memcmp(fetched[1]->public_key, keys[1]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "SOK 1 was corrupted.\n");
free_ed25519_key_chain(fetched);
fetched = NULL;
fetched = dime_sgnt_signkeys_msg_fetch(signet);
ck_assert_msg( (fetched != NULL) &&
(fetched[0] != NULL) &&
(fetched[1] != NULL) &&
(fetched[2] == NULL), "Failed to fetch signing keys.\n");
res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "POK was corrupted.\n");
res = memcmp(fetched[1]->public_key, keys[2]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "SOK 2 was corrupted.\n");
free_ed25519_key_chain(fetched);
fetched = NULL;
fetched = dime_sgnt_signkeys_tls_fetch(signet);
ck_assert_msg( (fetched != NULL) &&
(fetched[0] != NULL) &&
(fetched[1] != NULL) &&
(fetched[2] == NULL), "Failed to fetch signing keys.\n");
res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "POK was corrupted.\n");
res = memcmp(fetched[1]->public_key, keys[3]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "SOK 3 was corrupted.\n");
free_ed25519_key_chain(fetched);
fetched = NULL;
fetched = dime_sgnt_signkeys_software_fetch(signet);
ck_assert_msg( (fetched != NULL) &&
(fetched[0] != NULL) &&
(fetched[1] != NULL) &&
(fetched[2] == NULL), "Failed to fetch signing keys.\n");
res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "POK was corrupted.\n");
res = memcmp(fetched[1]->public_key, keys[4]->public_key, ED25519_KEY_SIZE);
ck_assert_msg(res == 0, "SOK 4 was corrupted.\n");
free_ed25519_key_chain(fetched);
fetched = NULL;
for(int i = 0; i < 5; ++i) {
free_ed25519_key(keys[i]);
}
dime_sgnt_signet_destroy(signet);
fprintf(stderr, "Signet selective signing key multi-fetching check complete.\n");
}
END_TEST
START_TEST(check_signet_keys_pairing)
{
const char *filename_u = "keys_user.keys", *filename_o = "keys_org.keys",
*filename_s = "keys_ssr.keys", *filename_w = "keys_wrong.keys",
*to_sign = "AbcDEFghijKLMNOpqrstuVWXYZ";
EC_KEY *priv_enckey, *pub_enckey;
ED25519_KEY *priv_signkey, *pub_signkey;
ed25519_signature sigbuf;
int res = 0;
signet_t *signet;
signet_type_t type;
size_t enc1_size, enc2_size;
unsigned char *enc1_pub, *enc2_pub;
_crypto_init();
/* creating user signet with keys */
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, filename_u);
ck_assert_msg(signet != NULL, "Failure to create user signet.\n");
type = dime_sgnt_type_get(signet);
ck_assert_msg(type == SIGNET_TYPE_USER, "Corrupted signet type.\n");
priv_signkey = dime_keys_signkey_fetch(filename_u);
ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");
res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
ck_assert_msg(res == 0, "Failure to sign data buffer.\n");
pub_signkey = dime_sgnt_signkey_fetch(signet);
ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");
res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
ck_assert_msg(res = 1, "Failure to verify signature");
priv_enckey = dime_keys_enckey_fetch(filename_u);
ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");
enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");
pub_enckey = dime_sgnt_enckey_fetch(signet);
ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");
enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");
_free_ed25519_key(priv_signkey);
_free_ed25519_key(pub_signkey);
_free_ec_key(pub_enckey);
_free_ec_key(priv_enckey);
free(enc1_pub);
free(enc2_pub);
dime_sgnt_signet_destroy(signet);
/* creating organizational signet with keys */
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, filename_o);
ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n");
type = dime_sgnt_type_get(signet);
ck_assert_msg(type == SIGNET_TYPE_ORG, "Corrupted signet type.\n");
priv_signkey = dime_keys_signkey_fetch(filename_o);
ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");
res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
ck_assert_msg(res == 0, "Failure to sign data buffer.\n");
pub_signkey = dime_sgnt_signkey_fetch(signet);
ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");
res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
ck_assert_msg(res = 1, "Failure to verify signature");
priv_enckey = dime_keys_enckey_fetch(filename_o);
ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");
enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");
pub_enckey = dime_sgnt_enckey_fetch(signet);
ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");
enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");
_free_ed25519_key(priv_signkey);
_free_ed25519_key(pub_signkey);
_free_ec_key(priv_enckey);
_free_ec_key(pub_enckey);
free(enc1_pub);
free(enc2_pub);
dime_sgnt_signet_destroy(signet);
/* creating ssr signet with keys */
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, filename_s);
ck_assert_msg(signet != NULL, "Failure to create SSR.\n");
type = dime_sgnt_type_get(signet);
ck_assert_msg(type == SIGNET_TYPE_SSR, "Corrupted signet type.\n");
priv_signkey = dime_keys_signkey_fetch(filename_s);
ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");
res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
ck_assert_msg(res == 0, "Failure to sign data buffer.\n");
pub_signkey = dime_sgnt_signkey_fetch(signet);
ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");
res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
ck_assert_msg(res = 1, "Failure to verify signature");
priv_enckey = dime_keys_enckey_fetch(filename_s);
ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");
enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");
pub_enckey = dime_sgnt_enckey_fetch(signet);
ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");
enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");
_free_ed25519_key(priv_signkey);
_free_ed25519_key(pub_signkey);
_free_ec_key(priv_enckey);
_free_ec_key(pub_enckey);
free(enc1_pub);
free(enc2_pub);
dime_sgnt_signet_destroy(signet);
/*creating invalid signet types*/
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ERROR, filename_w);
ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type SIGNET_TYPE_ERROR.\n");
ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type SIGNET_TYPE_ERROR.\n");
signet = dime_sgnt_signet_create_w_keys(31, filename_w);
ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type 31.\n");
ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type 31.\n");
fprintf(stderr, "Signet file keypair check completed.\n");
}
END_TEST
START_TEST(check_signet_validation)
{
const char *org_keys = "check_org.keys", *user_keys = "check_user.keys", *newuser_keys = "check_newuser.keys";
ED25519_KEY *orgkey, *userkey, **keys_obj;
int res;
signet_state_t state;
signet_t *org_signet, *user_signet, *newuser_signet, *split, *split2;
unsigned char **org_signet_sign_keys;
size_t keysnum = 1;
_crypto_init();
//create org signet and keys file
org_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, org_keys);
ck_assert_msg(org_signet != NULL, "Failure to create signet with keys file.\n");
//retrieve org private signing key
orgkey = dime_keys_signkey_fetch(org_keys);
//ck_assert_msg(orgkey != NULL, "Failure to fetch private signing key from keys file.\n");
//sign org cryptographic signet signature
res = dime_sgnt_sig_crypto_sign(org_signet, orgkey);
//ck_assert_msg(res == 0, "Failure to create organizational cryptographic signet signature.\n");
//retrieve the list of all org signet-signing keys (note we're using this instead of retrieving the list of POKs from the dime record just to have a list of keys, 1 of which will be valid.)
keys_obj = dime_sgnt_signkeys_signet_fetch(org_signet);
res = dime_sgnt_sig_crypto_sign(org_signet, orgkey);
ck_assert_msg(keys_obj != NULL, "Failure to retrieve organizational signet signing keys.\n");
//convert ed25519 pointer chain to serialized ed25519 public key pointer chain
for(size_t i = 0; keys_obj[i]; ++i) {
++keysnum;
}
org_signet_sign_keys = malloc(sizeof(unsigned char *) * keysnum);
memset(org_signet_sign_keys, 0, sizeof(unsigned char *) * keysnum);
for(size_t i = 0; keys_obj[i]; ++i) {
org_signet_sign_keys[i] = malloc(ED25519_KEY_SIZE);
memcpy(org_signet_sign_keys[i], keys_obj[i]->public_key, ED25519_KEY_SIZE);
}
//verify that the org crypto signet is valid
state = dime_sgnt_validate_all(org_signet, NULL, NULL, (const unsigned char **)org_signet_sign_keys);
ck_assert_msg(state == SS_CRYPTO, "Failure to correctly validate organizational signet as a cryptographic signet.\n");
//sign org full signet signature
res = dime_sgnt_sig_full_sign(org_signet, orgkey);
ck_assert_msg(res == 0, "Failure to create organizational full signet signature.\n");
//verify that the org full signet is valid
state = dime_sgnt_validate_all(org_signet, NULL, NULL, (const unsigned char **)org_signet_sign_keys);
ck_assert_msg(state == SS_FULL, "Failure to correctly validate organizational signet as a full signet.\n");
//set organizational signet id
res = dime_sgnt_id_set(org_signet, strlen("test_org_signet"), (const unsigned char *)"test_org_signet");
ck_assert_msg(res == 0, "Failure to set organizational signet id.\n");
//sign identified signet signature
res = dime_sgnt_sig_id_sign(org_signet, orgkey);
ck_assert_msg(res == 0, "Failure to create organizational identifiable signet signature field.\n");
//verify that the org signet is a valid identifiable signet
state = dime_sgnt_validate_all(org_signet, NULL, NULL, (const unsigned char **)org_signet_sign_keys);
ck_assert_msg(state == SS_ID, "Failure to correctly validate organizational signet as an identifiable signet.\n");
//create ssr signet and user keys file
user_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, user_keys);
ck_assert_msg(user_signet != NULL, "Failure to create ssr with keys file.\n");
//retrieve user private signing key
userkey = dime_keys_signkey_fetch(user_keys);
ck_assert_msg(userkey != NULL, "Failure to fetch user's private signing key from keys file.\n");
//sign the ssr signature with user keys
res = dime_sgnt_sig_ssr_sign(user_signet, userkey);
ck_assert_msg(res == 0, "Failure to sign ssr with the user's private signing key.\n");
//verify that the signet is a valid ssr
state = dime_sgnt_validate_all(user_signet, NULL, NULL, NULL);
ck_assert_msg(state == SS_SSR, "Failure to correctly validate ssr.\n");
//sign ssr with org signing key
res = dime_sgnt_sig_crypto_sign(user_signet, orgkey);
ck_assert_msg(res == 0, "Failure to sign ssr into a user cryptographic signet using organizational private signing key.\n");
//verify that the signet is now a valid user core signet
state = dime_sgnt_validate_all(user_signet, NULL, org_signet, NULL);
ck_assert_msg(state == SS_CRYPTO, "Failure to correctly validate user cryptographic signet.\n");
//sign the full signature with org key
res = dime_sgnt_sig_full_sign(user_signet, orgkey);
ck_assert_msg(res == 0, "Failure to sign user signet with the full signet signature.\n");
//verify that the user signet is now a valid core signet
state = dime_sgnt_validate_all(user_signet, NULL, org_signet, NULL);
ck_assert_msg(state == SS_FULL, "Failure to correctly validate user full signet.\n");
//set user signet id (address)
res = dime_sgnt_id_set(user_signet, strlen("*****@*****.**"), (const unsigned char *)"*****@*****.**");
ck_assert_msg(res == 0, "Failure to set user signet id.\n");
//sign the user signature with the identifiable signet signature
res = dime_sgnt_sig_id_sign(user_signet, orgkey);
ck_assert_msg(res == 0, "Failure to sign user signet with the identifiable signet signature.\n");
//verify that the user signet is a valid full signet
state = dime_sgnt_validate_all(user_signet, NULL, org_signet, NULL);
ck_assert_msg(state == SS_ID, "Failure to correctly validate user identifiable signet.\n");
//create new ssr and keys file
newuser_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, newuser_keys);
ck_assert_msg(newuser_signet != NULL, "Failure to create ssr with keys file.\n");
//sign the new ssr with a chain of custody signature using the user's old signing key
res = dime_sgnt_sig_coc_sign(newuser_signet, userkey);
ck_assert_msg(res == 0, "Failure to create the chain of custody signature.\n");
_free_ed25519_key(userkey);
//retrieve user's new private signing key
userkey = dime_keys_signkey_fetch(newuser_keys);
ck_assert_msg(userkey != NULL, "Failure to retrieve user's new private signing key.\n");
//perform all the signatures on the new ssr (adding an address as the id is required for the identifiable signet signature.
dime_sgnt_sig_ssr_sign(newuser_signet, userkey);
dime_sgnt_sig_crypto_sign(newuser_signet, orgkey);
dime_sgnt_sig_full_sign(newuser_signet, orgkey);
dime_sgnt_id_set(newuser_signet, strlen("*****@*****.**"), (const unsigned char *)"*****@*****.**");
dime_sgnt_sig_id_sign(newuser_signet, orgkey);
//Confirm that without using the previous signet to verify the chain of custody, the signet validation returns broken chain of custody
state = dime_sgnt_validate_all(newuser_signet, NULL, org_signet, NULL);
ck_assert_msg(state == SS_BROKEN_COC, "Failure to invalidate signet due to no parent signet being provided to validate chain of custody signature.\n");
//Config that by using the previous signet to verify chain of custody, the new user signet is validate as identifiable signet.
//TODO it may be necessary to test intermediate states with presence of chain of custody also
state = dime_sgnt_validate_all(newuser_signet, user_signet, org_signet, NULL);
ck_assert_msg(state == SS_ID, "Failure to validate an identifiable signet with a chain of custody signature.\n");
//Now, lets test splitting.
split = dime_sgnt_signet_full_split(newuser_signet);
ck_assert_msg(split != NULL, "Failed to split identifiable user signet into a full user signet.\n");
dime_sgnt_signet_destroy(newuser_signet);
state = dime_sgnt_validate_all(split, user_signet, org_signet, NULL);
ck_assert_msg(state == SS_FULL, "Failure to validate full user signet with chain of custody.\n");
split2 = dime_sgnt_signet_crypto_split(split);
ck_assert_msg(split2 != NULL, "Failed to split full user signet into a cryptographic user signet.\n");
dime_sgnt_signet_destroy(split);
state = dime_sgnt_validate_all(split2, user_signet, org_signet, NULL);
ck_assert_msg(state = SS_CRYPTO, "Failure to validate cryptographic user signet with chain of custody.\n");
dime_sgnt_signet_destroy(split2);
_ptr_chain_free(org_signet_sign_keys);
_free_ed25519_key_chain(keys_obj);
_free_ed25519_key(orgkey);
_free_ed25519_key(userkey);
dime_sgnt_signet_destroy(user_signet);
dime_sgnt_signet_destroy(org_signet);
fprintf(stderr, "Signet signing and validation check complete.\n");
}
