Example #1
0
END_TEST


START_TEST(check_ec_serialization)
{
	EC_KEY *pair, *pair2;
	unsigned char *sbuf, *sbuf2;
	int res;
	size_t ssize, ssize2;

	res = crypto_init();
	ck_assert_msg(!res, "Crypto initialization routine failed.\n");

	for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) {
		pair = _generate_ec_keypair(0);
		ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n");

		sbuf = _serialize_ec_pubkey(pair, &ssize);
		ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");

		pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0);
		ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");

		sbuf2 = _serialize_ec_pubkey(pair, &ssize2);
		ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");

		ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);

		res = memcmp(sbuf, sbuf2, ssize);
		ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");

		free(sbuf);
		free(sbuf2);

		_free_ec_key(pair2);

		sbuf = _serialize_ec_privkey(pair, &ssize);
		ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");

		pair2 = _deserialize_ec_privkey(sbuf, ssize, 0);
		ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");

		sbuf2 = _serialize_ec_privkey(pair, &ssize2);
		ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");

		ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);

		res = memcmp(sbuf, sbuf2, ssize);
		ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");

		free(sbuf);
		free(sbuf2);
		free_ec_key(pair);
	}

	fprintf(stderr, "EC serialization check completed.\n");
}
Example #2
0
END_TEST


START_TEST(check_ecdh_kdf)
{

	EC_KEY *ec1, *ec2, *pub1, *pub2;
	int res;
	size_t serial_size;
	unsigned char *serial_temp, key1[48], key2[48];

	memset(key1, 0, 48);
	memset(key2, 0, 48);

	res = crypto_init();

	ec1 = _generate_ec_keypair(0);
	ec2 = _generate_ec_keypair(0);

	ck_assert_msg((ec1 != NULL), "EC key generation failed.\n");
	ck_assert_msg((ec2 != NULL), "EC key generation failed.\n");

	serial_temp = _serialize_ec_pubkey(ec1, &serial_size);

	ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n");

	pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);

	res = _compute_aes256_kek(pub1, ec2, key1);

	ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n");

	free(serial_temp);

	serial_temp = _serialize_ec_pubkey(ec2, &serial_size);

	ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n");

	pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);

	res = _compute_aes256_kek(pub2, ec1, key2);

	ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n");

	ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result");

	fprintf(stderr, "ECDH key derivation function check completed.\n");
}
Example #3
0
END_TEST


START_TEST(load_ec_key_file)
{
	char filename[256], *b64key;
	EC_KEY *result, *key;
	size_t size;
	unsigned char *serial;
	int res;

	res = _crypto_init();

	ck_assert_msg(!res, "Crypto initialization routine failed.\n");

	for (size_t i = 0; i < 5; ++i) {
		key = _generate_ec_keypair(0);
		snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
		serial = _serialize_ec_privkey(key, &size);
		b64key = _b64encode(serial, size);
		free(serial);
		_write_pem_data(b64key, "EC PRIVATE KEY", filename);
		free(b64key);

		snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
		serial = _serialize_ec_pubkey(key, &size);
		free_ec_key(key);
		b64key = _b64encode(serial, size);
		free(serial);
		_write_pem_data(b64key, "PUBLIC KEY", filename);
		free(b64key);
	}

	for (size_t i = 0; i < 5; i++) {
		snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
		result = _load_ec_privkey(filename);
		ck_assert_msg(result != NULL, "load_ec_privkey failed for %s", filename);
		free_ec_key(result);

		snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
		result = _load_ec_pubkey(filename);
		ck_assert_msg(result != NULL, "load_ec_pubkey failed for %s", filename);
		free_ec_key(result);
	}

	fprintf(stderr, "EC key load from file check completed.\n");
}
END_TEST

START_TEST(check_signet_keys_pairing)
{
	const char *filename_u = "keys_user.keys", *filename_o = "keys_org.keys",
	           *filename_s = "keys_ssr.keys", *filename_w = "keys_wrong.keys",
	           *to_sign = "AbcDEFghijKLMNOpqrstuVWXYZ";
	EC_KEY *priv_enckey, *pub_enckey;
	ED25519_KEY *priv_signkey, *pub_signkey;
	ed25519_signature sigbuf;
	int res = 0;
	signet_t *signet;
	signet_type_t type;
	size_t enc1_size, enc2_size;
	unsigned char *enc1_pub, *enc2_pub;

	_crypto_init();

/* creating user signet with keys */
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, filename_u);
	ck_assert_msg(signet != NULL, "Failure to create user signet.\n");

	type = dime_sgnt_type_get(signet);
	ck_assert_msg(type == SIGNET_TYPE_USER, "Corrupted signet type.\n");

	priv_signkey = dime_keys_signkey_fetch(filename_u);
	ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");

	res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
	ck_assert_msg(res == 0, "Failure to sign data buffer.\n");

	pub_signkey = dime_sgnt_signkey_fetch(signet);
	ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");

	res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
	ck_assert_msg(res = 1, "Failure to verify signature");

	priv_enckey = dime_keys_enckey_fetch(filename_u);
	ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");

	enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
	ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");

	pub_enckey = dime_sgnt_enckey_fetch(signet);
	ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");

	enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
	ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
	ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");

	_free_ed25519_key(priv_signkey);
	_free_ed25519_key(pub_signkey);
	_free_ec_key(pub_enckey);
	_free_ec_key(priv_enckey);
	free(enc1_pub);
	free(enc2_pub);
	dime_sgnt_signet_destroy(signet);

/* creating organizational signet with keys */
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, filename_o);
	ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n");

	type = dime_sgnt_type_get(signet);
	ck_assert_msg(type == SIGNET_TYPE_ORG, "Corrupted signet type.\n");

	priv_signkey = dime_keys_signkey_fetch(filename_o);
	ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");

	res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
	ck_assert_msg(res == 0, "Failure to sign data buffer.\n");

	pub_signkey = dime_sgnt_signkey_fetch(signet);
	ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");

	res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
	ck_assert_msg(res = 1, "Failure to verify signature");

	priv_enckey = dime_keys_enckey_fetch(filename_o);
	ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");

	enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
	ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");

	pub_enckey = dime_sgnt_enckey_fetch(signet);
	ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");

	enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
	ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
	ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");

	_free_ed25519_key(priv_signkey);
	_free_ed25519_key(pub_signkey);
	_free_ec_key(priv_enckey);
	_free_ec_key(pub_enckey);
	free(enc1_pub);
	free(enc2_pub);
	dime_sgnt_signet_destroy(signet);

/* creating ssr signet with keys */
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, filename_s);
	ck_assert_msg(signet != NULL, "Failure to create SSR.\n");

	type = dime_sgnt_type_get(signet);
	ck_assert_msg(type == SIGNET_TYPE_SSR, "Corrupted signet type.\n");

	priv_signkey = dime_keys_signkey_fetch(filename_s);
	ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");

	res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
	ck_assert_msg(res == 0, "Failure to sign data buffer.\n");

	pub_signkey = dime_sgnt_signkey_fetch(signet);
	ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");

	res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
	ck_assert_msg(res = 1, "Failure to verify signature");

	priv_enckey = dime_keys_enckey_fetch(filename_s);
	ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");

	enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
	ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");

	pub_enckey = dime_sgnt_enckey_fetch(signet);
	ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");

	enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
	ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
	ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");

	_free_ed25519_key(priv_signkey);
	_free_ed25519_key(pub_signkey);
	_free_ec_key(priv_enckey);
	_free_ec_key(pub_enckey);
	free(enc1_pub);
	free(enc2_pub);
	dime_sgnt_signet_destroy(signet);

/*creating invalid signet types*/
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ERROR, filename_w);
	ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type SIGNET_TYPE_ERROR.\n");
	ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type SIGNET_TYPE_ERROR.\n");

	signet = dime_sgnt_signet_create_w_keys(31, filename_w);
	ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type 31.\n");
	ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type 31.\n");

	fprintf(stderr, "Signet file keypair check completed.\n");
}