Example #1
0
void ECDSATests::testSigningVerifying()
{
	AsymmetricKeyPair* kp;
	ECParameters *p;

	// Curves/Hashes to test
	std::vector<std::pair<ByteString, const char*> > totest;
	// Add X9.62 prime256v1
	totest.push_back(std::make_pair(ByteString("06082a8648ce3d030107"), "sha256"));
	// Add secp384r1
	totest.push_back(std::make_pair(ByteString("06052b81040022"), "sha384"));


	for (std::vector<std::pair<ByteString, const char*> >::iterator k = totest.begin(); k != totest.end(); k++)
	{
		// Get parameters
		p = new ECParameters;
		CPPUNIT_ASSERT(p != NULL);
		p->setEC(k->first);
		HashAlgorithm *hash;
		hash = CryptoFactory::i()->getHashAlgorithm(k->second);
		CPPUNIT_ASSERT(hash != NULL);

		// Generate key-pair
		CPPUNIT_ASSERT(ecdsa->generateKeyPair(&kp, p));

		// Generate some data to sign
		ByteString dataToSign;

		RNG* rng = CryptoFactory::i()->getRNG();
		CPPUNIT_ASSERT(rng != NULL);

		CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));

		// Sign the data
		CPPUNIT_ASSERT(hash->hashInit());
		CPPUNIT_ASSERT(hash->hashUpdate(dataToSign));
		ByteString hResult;
		CPPUNIT_ASSERT(hash->hashFinal(hResult));
		ByteString sig;
		CPPUNIT_ASSERT(ecdsa->sign(kp->getPrivateKey(), hResult, sig, "ECDSA"));

		// And verify it
		CPPUNIT_ASSERT(ecdsa->verify(kp->getPublicKey(), hResult, sig, "ECDSA"));

		ecdsa->recycleKeyPair(kp);
		ecdsa->recycleParameters(p);
		CryptoFactory::i()->recycleHashAlgorithm(hash);
	}
}
Example #2
0
void EDDSATests::testSigningVerifying()
{
	AsymmetricKeyPair* kp;
	ECParameters *p;

	// Curves to test
	std::vector<ByteString> curves;
	// Add ed25519
	curves.push_back(ByteString("06032b6570"));

	for (std::vector<ByteString>::iterator c = curves.begin(); c != curves.end(); c++)
	{
		// Get parameters
		p = new ECParameters;
		CPPUNIT_ASSERT(p != NULL);
		p->setEC(*c);

		// Generate key-pair
		CPPUNIT_ASSERT(eddsa->generateKeyPair(&kp, p));

		// Generate some data to sign
		ByteString dataToSign;

		RNG* rng = CryptoFactory::i()->getRNG();
		CPPUNIT_ASSERT(rng != NULL);

		CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));

		// Sign the data
		ByteString sig;
		CPPUNIT_ASSERT(eddsa->sign(kp->getPrivateKey(), dataToSign, sig, AsymMech::EDDSA));

		// And verify it
		CPPUNIT_ASSERT(eddsa->verify(kp->getPublicKey(), dataToSign, sig, AsymMech::EDDSA));

		eddsa->recycleKeyPair(kp);
		eddsa->recycleParameters(p);
	}
}
void GOSTTests::testSigningVerifying()
{
	AsymmetricKeyPair* kp;
	ECParameters *p;
	ByteString curve = "06072a850302022301";

	CPPUNIT_ASSERT((gost = CryptoFactory::i()->getAsymmetricAlgorithm("gost")));

	// Get parameters
	p = new ECParameters;
	CPPUNIT_ASSERT(p != NULL);
	p->setEC(curve);

	// Generate key-pair
	CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p));

	// Generate some data to sign
	ByteString dataToSign;

	RNG* rng = CryptoFactory::i()->getRNG();
	CPPUNIT_ASSERT(rng != NULL);

	CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));

	// Sign the data
	ByteString sig;
	CPPUNIT_ASSERT(gost->sign(kp->getPrivateKey(), dataToSign, sig, "gost-gost"));

	// And verify it
	CPPUNIT_ASSERT(gost->verify(kp->getPublicKey(), dataToSign, sig, "gost-gost"));

	gost->recycleKeyPair(kp);
	gost->recycleParameters(p);

	CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
	gost = NULL;
}
Example #4
0
void FileTests::testWriteRead()
{
	// Generate some test data
	RNG* rng = CryptoFactory::i()->getRNG();

	ByteString testData1;

	CPPUNIT_ASSERT(rng->generateRandom(testData1, 187));

	// More test data
	std::string testString = "This is a test of the File class";
	std::set<CK_MECHANISM_TYPE> testSet;
	testSet.insert(CKM_RSA_PKCS);
	testSet.insert(CKM_SHA256_RSA_PKCS);

	// Create a file for writing
	{
#ifndef _WIN32
		File newFile("testdir/newFile", false, true);
#else
		File newFile("testdir\\newFile", false, true);
#endif

		CPPUNIT_ASSERT(newFile.isValid());

		// Write two booleans into the file
		CPPUNIT_ASSERT(newFile.writeBool(true));
		CPPUNIT_ASSERT(newFile.writeBool(false));

		// Write an ulong into the file
		CPPUNIT_ASSERT(newFile.writeULong(0x12345678));

		// Write a ByteString into the file
		CPPUNIT_ASSERT(newFile.writeByteString(testData1));

		// Write a string into the file
		CPPUNIT_ASSERT(newFile.writeString(testString));

		// Write a set into the file
		CPPUNIT_ASSERT(newFile.writeMechanismTypeSet(testSet));
	}

	CPPUNIT_ASSERT(exists("newFile"));

	// Read the created file back
	{
#ifndef _WIN32
		File newFile("testdir/newFile");
#else
		File newFile("testdir\\newFile");
#endif

		CPPUNIT_ASSERT(newFile.isValid());

		// Read back the two booleans
		bool b1, b2;

		CPPUNIT_ASSERT(newFile.readBool(b1) && newFile.readBool(b2));
		CPPUNIT_ASSERT(b1 && !b2);

		// Read back the ulong
		unsigned long ulongValue;

		CPPUNIT_ASSERT(newFile.readULong(ulongValue));
		CPPUNIT_ASSERT(ulongValue == 0x12345678);

		// Read back the byte string
		ByteString bsValue;

		CPPUNIT_ASSERT(newFile.readByteString(bsValue));
		CPPUNIT_ASSERT(bsValue == testData1);

		// Read back the string value
		std::string stringVal;

		CPPUNIT_ASSERT(newFile.readString(stringVal));
		CPPUNIT_ASSERT(!testString.compare(stringVal));

		// Read back the set value
		std::set<CK_MECHANISM_TYPE> setVal;

		CPPUNIT_ASSERT(newFile.readMechanismTypeSet(setVal));
		CPPUNIT_ASSERT(setVal == testSet);

		// Check for EOF
		CPPUNIT_ASSERT(!newFile.readBool(b1));
		CPPUNIT_ASSERT(newFile.isEOF());
	}
}
Example #5
0
void DSATests::testSigningVerifying()
{
	AsymmetricKeyPair* kp;

	// Key sizes to test
	std::vector<size_t> keySizes;
#ifndef WITH_FIPS
	keySizes.push_back(512);
	keySizes.push_back(768);
	keySizes.push_back(1024);
	keySizes.push_back(1536);
#else
	keySizes.push_back(1024);
#endif
#ifndef WITH_BOTAN
	keySizes.push_back(2048);
#endif

	// Mechanisms to test
	std::vector<AsymMech::Type> mechanisms;
	mechanisms.push_back(AsymMech::DSA_SHA1);
	mechanisms.push_back(AsymMech::DSA_SHA224);
	mechanisms.push_back(AsymMech::DSA_SHA256);

	for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
	{
		// Generate parameters
		AsymmetricParameters* p;

		CPPUNIT_ASSERT(dsa->generateParameters(&p, (void*) *k));

		// Generate key-pair
		CPPUNIT_ASSERT(dsa->generateKeyPair(&kp, p));

		// Generate some data to sign
		ByteString dataToSign;

		RNG* rng = CryptoFactory::i()->getRNG();

		CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));

		// Test mechanisms that perform internal hashing
		for (std::vector<AsymMech::Type>::iterator m = mechanisms.begin(); m != mechanisms.end(); m++)
		{
			ByteString blockSignature, singlePartSignature;

			// Sign the data in blocks
			CPPUNIT_ASSERT(dsa->signInit(kp->getPrivateKey(), *m));
			CPPUNIT_ASSERT(dsa->signUpdate(dataToSign.substr(0, 134)));
			CPPUNIT_ASSERT(dsa->signUpdate(dataToSign.substr(134, 289)));
			CPPUNIT_ASSERT(dsa->signUpdate(dataToSign.substr(134 + 289)));
			CPPUNIT_ASSERT(dsa->signFinal(blockSignature));

			// Sign the data in one pass
			CPPUNIT_ASSERT(dsa->sign(kp->getPrivateKey(), dataToSign, singlePartSignature, *m));

			// Now perform multi-pass verification
			CPPUNIT_ASSERT(dsa->verifyInit(kp->getPublicKey(), *m));
			CPPUNIT_ASSERT(dsa->verifyUpdate(dataToSign.substr(0, 125)));
			CPPUNIT_ASSERT(dsa->verifyUpdate(dataToSign.substr(125, 247)));
			CPPUNIT_ASSERT(dsa->verifyUpdate(dataToSign.substr(125 + 247)));
			CPPUNIT_ASSERT(dsa->verifyFinal(blockSignature));

			// And single-pass verification
			CPPUNIT_ASSERT(dsa->verify(kp->getPublicKey(), dataToSign, singlePartSignature, *m));
		}

		// Test mechanisms that do not perform internal hashing
		CPPUNIT_ASSERT(rng->generateRandom(dataToSign, *k >= 2048 ? 32 : 20));

		// Sign the data
		ByteString signature;
		CPPUNIT_ASSERT(dsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::DSA));

		// Verify the signature
		CPPUNIT_ASSERT(dsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::DSA));

		dsa->recycleKeyPair(kp);
		dsa->recycleParameters(p);
	}
}
Example #6
0
void RSATests::testSigningVerifying()
{
	AsymmetricKeyPair* kp;
	RSAParameters p;

	// Public exponents to test
	std::vector<ByteString> exponents;
	exponents.push_back("010001");
	exponents.push_back("03");
	exponents.push_back("0B");
	exponents.push_back("11");

	// Key sizes to test
	std::vector<size_t> keySizes;
	keySizes.push_back(1024);
	keySizes.push_back(1280);
	keySizes.push_back(2048);
	//keySizes.push_back(4096);

	// Mechanisms to test
	std::vector<AsymMech::Type> mechanisms;
#ifndef WITH_FIPS
	mechanisms.push_back(AsymMech::RSA_MD5_PKCS);
#endif
	mechanisms.push_back(AsymMech::RSA_SHA1_PKCS);
	mechanisms.push_back(AsymMech::RSA_SHA224_PKCS);
	mechanisms.push_back(AsymMech::RSA_SHA256_PKCS);
	mechanisms.push_back(AsymMech::RSA_SHA384_PKCS);
	mechanisms.push_back(AsymMech::RSA_SHA512_PKCS);
	mechanisms.push_back(AsymMech::RSA_SHA1_PKCS_PSS);
	mechanisms.push_back(AsymMech::RSA_SHA224_PKCS_PSS);
	mechanisms.push_back(AsymMech::RSA_SHA256_PKCS_PSS);
	mechanisms.push_back(AsymMech::RSA_SHA384_PKCS_PSS);
	mechanisms.push_back(AsymMech::RSA_SHA512_PKCS_PSS);
#ifndef WITH_FIPS
	mechanisms.push_back(AsymMech::RSA_SSL);
#endif

	/* Max salt length for SHA512 and 1024-bit RSA is 62 bytes */
	RSA_PKCS_PSS_PARAMS pssParams[] = {
		{ HashAlgo::SHA1,   AsymRSAMGF::MGF1_SHA1,   20 },
		{ HashAlgo::SHA224, AsymRSAMGF::MGF1_SHA224, 0  },
		{ HashAlgo::SHA256, AsymRSAMGF::MGF1_SHA256, 0  },
		{ HashAlgo::SHA384, AsymRSAMGF::MGF1_SHA384, 48 },
		{ HashAlgo::SHA512, AsymRSAMGF::MGF1_SHA512, 62 }
	};

	for (std::vector<ByteString>::iterator e = exponents.begin(); e != exponents.end(); e++)
	{
		for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
		{
			p.setE(*e);
			p.setBitLength(*k);

			// Generate key-pair
			CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));

			// Generate some data to sign
			ByteString dataToSign;

			RNG* rng = CryptoFactory::i()->getRNG();

			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));

			// Test mechanisms that perform internal hashing
			for (std::vector<AsymMech::Type>::iterator m = mechanisms.begin(); m != mechanisms.end(); m++)
			{
				ByteString blockSignature, singlePartSignature;
				void* param = NULL;
				size_t paramLen = 0;
				bool isPSS = false;

				switch (*m)
				{
					case AsymMech::RSA_SHA1_PKCS_PSS:
						param = &pssParams[0];
						paramLen = sizeof(pssParams[0]);
						isPSS = true;
						break;
					case AsymMech::RSA_SHA224_PKCS_PSS:
						param = &pssParams[1];
						paramLen = sizeof(pssParams[1]);
						isPSS = true;
						break;
					case AsymMech::RSA_SHA256_PKCS_PSS:
						param = &pssParams[2];
						paramLen = sizeof(pssParams[2]);
						isPSS = true;
						break;
					case AsymMech::RSA_SHA384_PKCS_PSS:
						param = &pssParams[3];
						paramLen = sizeof(pssParams[3]);
						isPSS = true;
						break;
					case AsymMech::RSA_SHA512_PKCS_PSS:
						param = &pssParams[4];
						paramLen = sizeof(pssParams[4]);
						isPSS = true;
						break;
					default:
						break;
				}

				// Sign the data in blocks
				CPPUNIT_ASSERT(rsa->signInit(kp->getPrivateKey(), *m, param, paramLen));
				CPPUNIT_ASSERT(rsa->signUpdate(dataToSign.substr(0, 134)));
				CPPUNIT_ASSERT(rsa->signUpdate(dataToSign.substr(134, 289)));
				CPPUNIT_ASSERT(rsa->signUpdate(dataToSign.substr(134 + 289)));
				CPPUNIT_ASSERT(rsa->signFinal(blockSignature));

				// Sign the data in one pass
				CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, singlePartSignature, *m, param, paramLen));

				// If it is not a PSS signature, check if the two signatures match
				if (!isPSS)
				{
					// Check if the two signatures match
					CPPUNIT_ASSERT(blockSignature == singlePartSignature);
				}

				// Now perform multi-pass verification
				CPPUNIT_ASSERT(rsa->verifyInit(kp->getPublicKey(), *m, param, paramLen));
				CPPUNIT_ASSERT(rsa->verifyUpdate(dataToSign.substr(0, 125)));
				CPPUNIT_ASSERT(rsa->verifyUpdate(dataToSign.substr(125, 247)));
				CPPUNIT_ASSERT(rsa->verifyUpdate(dataToSign.substr(125 + 247)));
				CPPUNIT_ASSERT(rsa->verifyFinal(blockSignature));

				// And single-pass verification
				CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, singlePartSignature, *m, param, paramLen));
			}

			// Test mechanisms that do not perform internal hashing

			// Test PKCS #1 signing
			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 35));

			// Sign the data
			ByteString signature;
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS));

			// Verify the signature
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS));

			// Test raw RSA signing
			size_t byteSize = *k >> 3;

			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, byteSize));

			// Strip the topmost bit
			dataToSign[0] &= 0x7F;

			// Sign the data
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA));

			// Verify the signature
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA));

#ifdef WITH_RAW_PSS
			// Test raw (SHA1) PKCS PSS signing
			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 20));
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[0], sizeof(pssParams[0])));
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[0], sizeof(pssParams[0])));

			// Test raw (SHA224) PKCS PSS signing
			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 28));
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[1], sizeof(pssParams[1])));
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[1], sizeof(pssParams[1])));

			// Test raw (SHA256) PKCS PSS signing
			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 32));
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[2], sizeof(pssParams[2])));
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[2], sizeof(pssParams[2])));

			// Test raw (SHA384) PKCS PSS signing
			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 48));
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[3], sizeof(pssParams[3])));
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[3], sizeof(pssParams[3])));

			// Test raw (SHA512) PKCS PSS signing
			CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 64));
			CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[4], sizeof(pssParams[4])));
			CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[4], sizeof(pssParams[4])));
#endif

			rsa->recycleKeyPair(kp);
		}
	}
}