END_TEST START_TEST(check_ecdh_kdf) { EC_KEY *ec1, *ec2, *pub1, *pub2; int res; size_t serial_size; unsigned char *serial_temp, key1[48], key2[48]; memset(key1, 0, 48); memset(key2, 0, 48); res = crypto_init(); ec1 = _generate_ec_keypair(0); ec2 = _generate_ec_keypair(0); ck_assert_msg((ec1 != NULL), "EC key generation failed.\n"); ck_assert_msg((ec2 != NULL), "EC key generation failed.\n"); serial_temp = _serialize_ec_pubkey(ec1, &serial_size); ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n"); pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0); res = _compute_aes256_kek(pub1, ec2, key1); ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n"); free(serial_temp); serial_temp = _serialize_ec_pubkey(ec2, &serial_size); ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n"); pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0); res = _compute_aes256_kek(pub2, ec1, key2); ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n"); ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result"); fprintf(stderr, "ECDH key derivation function check completed.\n"); }
/** * @brief * Load an EC public key from a file. * @param filename * the name of the file from which the key should be loaded * @return * a pointer to the deserialized public key from the the file. */ EC_KEY * _load_ec_pubkey(char const *filename) { char *filedata; unsigned char *bin; size_t binsize; EC_KEY *result; if (!filename) { RET_ERROR_PTR(ERR_BAD_PARAM, NULL); } if (!(filedata = _read_pem_data(filename, "PUBLIC KEY", 1))) { RET_ERROR_PTR(ERR_UNSPEC, "could not read ec pubkey pem file"); } bin = _b64decode(filedata, strlen(filedata), &binsize); _secure_wipe(filedata, strlen(filedata)); free(filedata); if (!bin) { RET_ERROR_PTR(ERR_UNSPEC, "could not decode b64 data"); } result = _deserialize_ec_pubkey(bin, binsize); _secure_wipe(bin, binsize); free(bin); if (!result) { RET_ERROR_PTR(ERR_UNSPEC, "could not deserialize binary ec pubkey"); } return result; }
END_TEST START_TEST(check_ec_serialization) { EC_KEY *pair, *pair2; unsigned char *sbuf, *sbuf2; int res; size_t ssize, ssize2; res = crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) { pair = _generate_ec_keypair(0); ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n"); sbuf = _serialize_ec_pubkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_pubkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); _free_ec_key(pair2); sbuf = _serialize_ec_privkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_privkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_privkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); free_ec_key(pair); } fprintf(stderr, "EC serialization check completed.\n"); }