END_TEST START_TEST(check_ec_serialization) { EC_KEY *pair, *pair2; unsigned char *sbuf, *sbuf2; int res; size_t ssize, ssize2; res = crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) { pair = _generate_ec_keypair(0); ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n"); sbuf = _serialize_ec_pubkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_pubkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); _free_ec_key(pair2); sbuf = _serialize_ec_privkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_privkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_privkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); free_ec_key(pair); } fprintf(stderr, "EC serialization check completed.\n"); }
END_TEST START_TEST(check_ecdh_kdf) { EC_KEY *ec1, *ec2, *pub1, *pub2; int res; size_t serial_size; unsigned char *serial_temp, key1[48], key2[48]; memset(key1, 0, 48); memset(key2, 0, 48); res = crypto_init(); ec1 = _generate_ec_keypair(0); ec2 = _generate_ec_keypair(0); ck_assert_msg((ec1 != NULL), "EC key generation failed.\n"); ck_assert_msg((ec2 != NULL), "EC key generation failed.\n"); serial_temp = _serialize_ec_pubkey(ec1, &serial_size); ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n"); pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0); res = _compute_aes256_kek(pub1, ec2, key1); ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n"); free(serial_temp); serial_temp = _serialize_ec_pubkey(ec2, &serial_size); ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n"); pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0); res = _compute_aes256_kek(pub2, ec1, key2); ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n"); ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result"); fprintf(stderr, "ECDH key derivation function check completed.\n"); }
END_TEST START_TEST(load_ec_key_file) { char filename[256], *b64key; EC_KEY *result, *key; size_t size; unsigned char *serial; int res; res = _crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); for (size_t i = 0; i < 5; ++i) { key = _generate_ec_keypair(0); snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1); serial = _serialize_ec_privkey(key, &size); b64key = _b64encode(serial, size); free(serial); _write_pem_data(b64key, "EC PRIVATE KEY", filename); free(b64key); snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1); serial = _serialize_ec_pubkey(key, &size); free_ec_key(key); b64key = _b64encode(serial, size); free(serial); _write_pem_data(b64key, "PUBLIC KEY", filename); free(b64key); } for (size_t i = 0; i < 5; i++) { snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1); result = _load_ec_privkey(filename); ck_assert_msg(result != NULL, "load_ec_privkey failed for %s", filename); free_ec_key(result); snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1); result = _load_ec_pubkey(filename); ck_assert_msg(result != NULL, "load_ec_pubkey failed for %s", filename); free_ec_key(result); } fprintf(stderr, "EC key load from file check completed.\n"); }
END_TEST START_TEST(check_signet_keys_pairing) { const char *filename_u = "keys_user.keys", *filename_o = "keys_org.keys", *filename_s = "keys_ssr.keys", *filename_w = "keys_wrong.keys", *to_sign = "AbcDEFghijKLMNOpqrstuVWXYZ"; EC_KEY *priv_enckey, *pub_enckey; ED25519_KEY *priv_signkey, *pub_signkey; ed25519_signature sigbuf; int res = 0; signet_t *signet; signet_type_t type; size_t enc1_size, enc2_size; unsigned char *enc1_pub, *enc2_pub; _crypto_init(); /* creating user signet with keys */ signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, filename_u); ck_assert_msg(signet != NULL, "Failure to create user signet.\n"); type = dime_sgnt_type_get(signet); ck_assert_msg(type == SIGNET_TYPE_USER, "Corrupted signet type.\n"); priv_signkey = dime_keys_signkey_fetch(filename_u); ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n"); res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf); ck_assert_msg(res == 0, "Failure to sign data buffer.\n"); pub_signkey = dime_sgnt_signkey_fetch(signet); ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n"); res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf); ck_assert_msg(res = 1, "Failure to verify signature"); priv_enckey = dime_keys_enckey_fetch(filename_u); ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n"); enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size); ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n"); pub_enckey = dime_sgnt_enckey_fetch(signet); ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n"); enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size); ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n"); ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n"); _free_ed25519_key(priv_signkey); _free_ed25519_key(pub_signkey); _free_ec_key(pub_enckey); _free_ec_key(priv_enckey); free(enc1_pub); free(enc2_pub); dime_sgnt_signet_destroy(signet); /* creating organizational signet with keys */ signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, filename_o); ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n"); type = dime_sgnt_type_get(signet); ck_assert_msg(type == SIGNET_TYPE_ORG, "Corrupted signet type.\n"); priv_signkey = dime_keys_signkey_fetch(filename_o); ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n"); res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf); ck_assert_msg(res == 0, "Failure to sign data buffer.\n"); pub_signkey = dime_sgnt_signkey_fetch(signet); ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n"); res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf); ck_assert_msg(res = 1, "Failure to verify signature"); priv_enckey = dime_keys_enckey_fetch(filename_o); ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n"); enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size); ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n"); pub_enckey = dime_sgnt_enckey_fetch(signet); ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n"); enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size); ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n"); ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n"); _free_ed25519_key(priv_signkey); _free_ed25519_key(pub_signkey); _free_ec_key(priv_enckey); _free_ec_key(pub_enckey); free(enc1_pub); free(enc2_pub); dime_sgnt_signet_destroy(signet); /* creating ssr signet with keys */ signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, filename_s); ck_assert_msg(signet != NULL, "Failure to create SSR.\n"); type = dime_sgnt_type_get(signet); ck_assert_msg(type == SIGNET_TYPE_SSR, "Corrupted signet type.\n"); priv_signkey = dime_keys_signkey_fetch(filename_s); ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n"); res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf); ck_assert_msg(res == 0, "Failure to sign data buffer.\n"); pub_signkey = dime_sgnt_signkey_fetch(signet); ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n"); res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf); ck_assert_msg(res = 1, "Failure to verify signature"); priv_enckey = dime_keys_enckey_fetch(filename_s); ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n"); enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size); ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n"); pub_enckey = dime_sgnt_enckey_fetch(signet); ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n"); enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size); ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n"); ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n"); _free_ed25519_key(priv_signkey); _free_ed25519_key(pub_signkey); _free_ec_key(priv_enckey); _free_ec_key(pub_enckey); free(enc1_pub); free(enc2_pub); dime_sgnt_signet_destroy(signet); /*creating invalid signet types*/ signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ERROR, filename_w); ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type SIGNET_TYPE_ERROR.\n"); ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type SIGNET_TYPE_ERROR.\n"); signet = dime_sgnt_signet_create_w_keys(31, filename_w); ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type 31.\n"); ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type 31.\n"); fprintf(stderr, "Signet file keypair check completed.\n"); }