S4Err TestUtilties()
{
S4Err err = kS4Err_NoErr;
OPTESTLogInfo("\nTesting z-base-32 Encoding\n");
err = testZbase32();
OPTESTLogInfo("\n\n");
done:
return err;
}
SCLError TestECC()
{
SCLError err = kSCLError_NoErr;
OPTESTLogInfo("\nTesting ECC\n");
err = sTestECC(384); CKERR;
err = sTestECC(414); CKERR;
OPTESTLogInfo("\n");
OPTESTLogInfo("\nTesting ECC-DH\n");
err = sTestECC_DH(384); CKERR;
OPTESTLogVerbose("\n");
err = sTestECC_DH(414); CKERR;
OPTESTLogInfo("\n");
done:
return err;
}
S4Err TestSecretSharing()
{
S4Err err = kS4Err_NoErr;
uint8_t PT[PTsize];
uint8_t PT1[sizeof (PT)];
size_t keyLen = 0;
SHARES_ShareInfo* shareInfo[kNumShares];
SHARES_ShareInfo* testShares[kShareThreshold];
uint8_t testOffset[kShareThreshold];
SHARES_ContextRef shareCTX = kInvalidSHARES_ContextRef;
uint32_t i;
OPTESTLogInfo("\nTesting Shamir Key Spliting\n");
// create a random key
err = RNG_GetBytes(PT, sizeof(PT)); CKERR;
OPTESTLogVerbose("\t\tKey Data: (%ld bytes)\n", PTsize);
dumpHex(IF_LOG_DEBUG, PT, (int)sizeof (PT), 0);
OPTESTLogDebug("\n");
err = SHARES_Init( PT, sizeof(PT),
kNumShares,
kShareThreshold,
&shareCTX); CKERR;
for(i = 0; i < kNumShares; i++)
{
size_t shareLen = 0;
err = SHARES_GetShareInfo(shareCTX, i, &shareInfo[i], &shareLen); CKERR;
if(IF_LOG_VERBOSE)
{
OPTESTLogVerbose("\t Share %d: (%d bytes)\n", i,shareLen);
dumpHex(IF_LOG_DEBUG, shareInfo[i]->shareSecret , (int)shareInfo[i]->shareSecretLen, 0);
OPTESTLogVerbose("\n");
}
// OPTESTLogVerbose("\t Check shares for data leakage against known original message...");
// /* check shares for data leakage against known original message */
// err = CMP(shareBuf+(shareSize *i) + kSHAMIR_HEADERSIZE,
// PT, sizeof (PT))
// ? kS4Err_SelfTestFailed : kS4Err_NoErr;
// CKERR;
}
// create threshold number of shares to test with
sCreateTestOffsets(testOffset, sizeof(testOffset));
for(i = 0; i < kShareThreshold; i++)
testShares[i] = shareInfo[testOffset[i]];
/* attempt to combine with not enough shares */
err = SHARES_CombineShareInfo(kShareThreshold -1, testShares, PT1, sizeof(PT1),
&keyLen);
OPTESTLogVerbose("\t Attempt to combine with not enough shares = %s\n",
IsS4Err(err)?"fail":"pass");
if(err == kS4Err_NotEnoughShares) err = kS4Err_NoErr;
CKERR;
/* Reconstruct data */
OPTESTLogVerbose("\t Reconstructing data with just %d shares...",kShareThreshold);
err = SHARES_CombineShareInfo(kShareThreshold, testShares, PT1, sizeof(PT1),
&keyLen); CKERR;
OPTESTLogVerbose("OK\n");
/* check result against known original message */
OPTESTLogVerbose("\t Check result against known original message...\n");
err = compare2Results(PT, sizeof(PT), PT1, keyLen, kResultFormat_Byte, "SHAMIR Reconstruct"); //CKERR;
OPTESTLogInfo("\n");
done:
for(i = 0; i < kNumShares; i++)
{
if(shareInfo[i]) XFREE(shareInfo[i]);
}
if(SHARES_ContextRefIsValid(shareCTX))
SHARES_Free(shareCTX);
return err;
}
static SCLError sTestECC(int keySize)
{
#define PTsize 32
SCLError err = kSCLError_NoErr;
int i;
uint8_t PT[PTsize];
uint8_t CT[256];
size_t CTlen = 0;
uint8_t DT[PTsize];
size_t DTlen = 0;
uint8_t pubKey[256];
size_t pubKeyLen = 0;
uint8_t privKey[256];
size_t privKeyLen = 0;
bool isPrivate = false;
size_t importKeySize = 0;
bool isANSIx963 = false;
// uint8_t tempBuf[256];
// unsigned long tempLen;
OPTESTLogInfo("\tECC-%d \n", keySize);
ECC_ContextRef ecc = kInvalidECC_ContextRef;
ECC_ContextRef eccPub = kInvalidECC_ContextRef;
// fill PT
for(i = 0; i< PTsize; i++) PT[i]= i;
err = ECC_Init(&ecc);
OPTESTLogVerbose("\t\tGenerate Pub Key (%ld bytes)\n", pubKeyLen);
err = ECC_Generate(ecc, keySize); CKERR;
err = ECC_Export_ANSI_X963( ecc, pubKey, sizeof(pubKey), &pubKeyLen);CKERR;
OPTESTLogVerbose("\t\tExport Public Key (%ld bytes)\n", pubKeyLen);
dumpHex(IF_LOG_DEBUG, pubKey, (int)pubKeyLen, 0);
err = ECC_Import_Info( pubKey, pubKeyLen, &isPrivate, &isANSIx963, &importKeySize );CKERR;
OPTESTLogVerbose("\t\t\t%d bit %s%s key\n", (int)importKeySize , isANSIx963 ?"ANSI x9.63 ":"", isPrivate ?"private":"public");
err = ECC_Export(ecc, true, privKey, sizeof(privKey), &privKeyLen);CKERR;
OPTESTLogVerbose("\t\tExport Private Key (%ld bytes)\n", privKeyLen);
dumpHex(IF_LOG_DEBUG, privKey, (int)privKeyLen, 0);
err = ECC_Import_Info( privKey, privKeyLen, &isPrivate, &isANSIx963, &importKeySize );CKERR;
OPTESTLogVerbose("\t\t\t%d bit %s%s key\n", (int)importKeySize , isANSIx963 ?"ANSI x9.63 ":"", isPrivate ?"private":"public");
// delete keys
if(ECC_ContextRefIsValid(ecc) ) ECC_Free(ecc );
ecc = kInvalidECC_ContextRef;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey, pubKeyLen);CKERR;
importKeySize = 0;
err = ECC_KeySize(eccPub, &importKeySize);
OPTESTLogVerbose("\t\tImported %d bit public key\n", (int)importKeySize );
err = ECC_Encrypt(eccPub, PT, sizeof(PT), CT, sizeof(CT), &CTlen);CKERR;
OPTESTLogVerbose("\t\tEncrypt message: (%ld bytes)\n", CTlen);
dumpHex(IF_LOG_DEBUG, CT, (int)CTlen, 0);
err = ECC_Init(&ecc);
err = ECC_Import(ecc, privKey, privKeyLen);CKERR;
err = ECC_KeySize(ecc, &importKeySize);
OPTESTLogVerbose("\t\tImported %d bit private key\n", (int)importKeySize );
err = ECC_Decrypt(ecc, CT, CTlen, DT, sizeof(DT), &DTlen); CKERR;
/* check against know-answer */
err= compareResults( DT, PT, PTsize , kResultFormat_Byte, "ECC Decrypt"); CKERR;
OPTESTLogVerbose("\t\tDecrypted OK\n");
dumpHex(IF_LOG_DEBUG, DT, (int)DTlen, 0);
err = ECC_Sign(ecc, PT, sizeof(PT), CT, sizeof(CT), &CTlen);CKERR;
OPTESTLogVerbose("\t\tSigned message (%ld bytes)\n", CTlen);
dumpHex(IF_LOG_DEBUG, CT, (int)CTlen, 0);
err = ECC_Verify(ecc, CT, CTlen, PT, sizeof(PT));
OPTESTLogVerbose("\t\tVerify = %s\n", IsSCLError(err)?"fail":"pass");
PT[3]= 9;
err = ECC_Verify(ecc, CT, CTlen, PT, sizeof(PT));
OPTESTLogVerbose("\t\tVerify bad packet = %s\n", IsSCLError(err)?"fail":"pass");
if(err == kSCLError_BadIntegrity) err = kSCLError_NoErr;
OPTESTLogVerbose("\n");
done:
if(ECC_ContextRefIsValid(ecc) ) ECC_Free(ecc );
if(ECC_ContextRefIsValid(eccPub)) ECC_Free(eccPub);
return err;
}
SCLError sTestECC_DH(int keySize)
{
SCLError err = kSCLError_NoErr;
uint8_t pubKey1[256];
size_t pubKeyLen1 = 0;
uint8_t privKey1[256];
size_t privKeyLen1 = 0;
uint8_t pubKey2[256];
size_t pubKeyLen2 = 0;
uint8_t privKey2[256];
size_t privKeyLen2 = 0;
ECC_ContextRef eccPriv = kInvalidECC_ContextRef;
ECC_ContextRef eccPub = kInvalidECC_ContextRef;
uint8_t Z1 [256];
size_t Zlen1;
uint8_t Z2 [256];
size_t Zlen2;
OPTESTLogInfo("\tTesting ECC-DH (%d)\n", keySize);
/* create keys */
OPTESTLogDebug("\t\tGenerate Key 1\n");
err = ECC_Init(&eccPriv); CKERR;
err = ECC_Generate(eccPriv, keySize ); CKERR;
err = ECC_Export_ANSI_X963( eccPriv, pubKey1, sizeof(pubKey1), &pubKeyLen1);CKERR;
err = ECC_Export(eccPriv, true, privKey1, sizeof(privKey1), &privKeyLen1);CKERR;
OPTESTLogDebug("\t\tKey 1 Pub/Priv (%ld,%ld) bytes\n", pubKeyLen1, privKeyLen1);
OPTESTLogDebug("\t\tPublic\n");
dumpHex(IF_LOG_DEBUG, pubKey1, (int)pubKeyLen1, 0);
OPTESTLogDebug("\t\tPrivate\n");
dumpHex(IF_LOG_DEBUG, privKey1, (int)privKeyLen1, 0);
OPTESTLogDebug("\n");
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tGenerate Key 2\n");
err = ECC_Init(&eccPriv); CKERR;
err = ECC_Generate(eccPriv, keySize ); CKERR;
err = ECC_Export_ANSI_X963( eccPriv, pubKey2, sizeof(pubKey2), &pubKeyLen2);CKERR;
err = ECC_Export(eccPriv, true, privKey2, sizeof(privKey2), &privKeyLen2);CKERR;
OPTESTLogDebug("\t\tKey 2 Pub/Priv (%ld,%ld) bytes\n", pubKeyLen2, privKeyLen2);
OPTESTLogDebug("\t\tPublic\n");
dumpHex(IF_LOG_DEBUG, pubKey2, (int)pubKeyLen2, 0);
OPTESTLogDebug("\t\tPrivate\n");
dumpHex(IF_LOG_DEBUG, privKey2, (int)privKeyLen2, 0);
OPTESTLogDebug("\n");
// delete keys
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tCalculate Secret for Key1 -> Key2\n");
err = ECC_Init(&eccPriv);
err = ECC_Import(eccPriv, privKey1, privKeyLen1);CKERR;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey2, pubKeyLen2);CKERR;
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
Zlen1 = sizeof(Z1);
err = ECC_SharedSecret(eccPriv, eccPub, Z1, sizeof(Z1), &Zlen1);CKERR;
OPTESTLogVerbose("\t\tECC Shared Secret (Z1): (%ld bytes)\n",Zlen1);
dumpHex(IF_LOG_DEBUG, Z1, (int)Zlen1 , 0);
OPTESTLogDebug("\n");
// delete keys
if(ECC_ContextRefIsValid(eccPriv) ) ECC_Free(eccPriv );
eccPriv = kInvalidECC_ContextRef;
// delete keys
if(ECC_ContextRefIsValid(eccPub) ) ECC_Free(eccPub );
eccPub = kInvalidECC_ContextRef;
OPTESTLogDebug("\t\tCalculate Secret for Key2 -> Key1\n");
err = ECC_Init(&eccPriv);
err = ECC_Import(eccPriv, privKey2, privKeyLen2);CKERR;
err = ECC_Init(&eccPub);
err = ECC_Import_ANSI_X963( eccPub, pubKey1, pubKeyLen1);CKERR;
/* Kdk = MAC(Htotal,Z) where Z is the DH of Pki and PKr */
Zlen2 = sizeof(Z2);
err = ECC_SharedSecret(eccPriv, eccPub, Z2, sizeof(Z2), &Zlen2);CKERR;
OPTESTLogVerbose("\t\tECC Shared Secret (Z2): (%ld bytes)\n",Zlen2);
dumpHex(IF_LOG_DEBUG, Z2, (int)Zlen2 , 0);
OPTESTLogDebug("\n");
OPTESTLogVerbose("\t\tCompare Secrets\n");
err = compare2Results(Z1, Zlen1, Z2, Zlen2, kResultFormat_Byte, "ECC Shared Secret");CKERR;
done:
if(eccPriv)
{
ECC_Free(eccPriv);
eccPriv = kInvalidECC_ContextRef;
}
if(eccPub)
{
ECC_Free(eccPub);
eccPub = kInvalidECC_ContextRef;
}
return err;
}
C4Err TestHash()
{
C4Err err = kC4Err_NoErr;
unsigned int i;
int last_algor = -1;
/* Test vectors, first line from each FIPS-180 SHA-1 known answer test */
typedef struct {
int algor;
char *name;
char *msg;
int passes;
uint8_t* kat;
size_t kat_len;
} katvector;
katvector kat_vector_array[] =
{
{
kHASH_Algorithm_SHA1,
"Short",
"abc",
1,
(uint8_t*)"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C"
"\x9C\xD0\xD8\x9D",
20
},
{
kHASH_Algorithm_SHA1,
"Multi",
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1,
(uint8_t*)"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5"
"\xE5\x46\x70\xF1",
20
},
{
kHASH_Algorithm_SHA1,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31"
"\x65\x34\x01\x6F",
20
},
{
kHASH_Algorithm_SHA224,
"Short",
"abc",
1,
(uint8_t*)"\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
"\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7",
28
},
{
kHASH_Algorithm_SHA224,
"Multi",
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1,
(uint8_t*)"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
"\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25",
28
},
{
kHASH_Algorithm_SHA224,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)"\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
"\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67",
28
},
{
kHASH_Algorithm_SHA256,
"Short",
"abc",
1,
(uint8_t*)"\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22\x23"
"\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00\x15\xAD",
32
},
{
kHASH_Algorithm_SHA256,
"Multi",
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
1,
(uint8_t*)"\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60\x39"
"\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB\x06\xC1",
32
},
{
kHASH_Algorithm_SHA256,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)"\xCD\xC7\x6E\x5C\x99\x14\xFB\x92\x81\xA1\xC7\xE2\x84\xD7\x3E\x67"
"\xF1\x80\x9A\x48\xA4\x97\x20\x0E\x04\x6D\x39\xCC\xC7\x11\x2C\xD0",
32
},
{
kHASH_Algorithm_SHA384,
"Short",
"abc",
1,
(uint8_t*)"\xCB\x00\x75\x3F\x45\xA3\x5E\x8B\xB5\xA0\x3D\x69\x9A\xC6\x50\x07"
"\x27\x2C\x32\xAB\x0E\xDE\xD1\x63\x1A\x8B\x60\x5A\x43\xFF\x5B\xED"
"\x80\x86\x07\x2B\xA1\xE7\xCC\x23\x58\xBA\xEC\xA1\x34\xC8\x25\xA7",
48
},
{
kHASH_Algorithm_SHA384,
"Multi",
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
1,
(uint8_t*)"\x09\x33\x0C\x33\xF7\x11\x47\xE8\x3D\x19\x2F\xC7\x82\xCD\x1B\x47"
"\x53\x11\x1B\x17\x3B\x3B\x05\xD2\x2F\xA0\x80\x86\xE3\xB0\xF7\x12"
"\xFC\xC7\xC7\x1A\x55\x7E\x2D\xB9\x66\xC3\xE9\xFA\x91\x74\x60\x39",
48
},
{
kHASH_Algorithm_SHA384,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)"\x9D\x0E\x18\x09\x71\x64\x74\xCB\x08\x6E\x83\x4E\x31\x0A\x4A\x1C"
"\xED\x14\x9E\x9C\x00\xF2\x48\x52\x79\x72\xCE\xC5\x70\x4C\x2A\x5B"
"\x07\xB8\xB3\xDC\x38\xEC\xC4\xEB\xAE\x97\xDD\xD8\x7F\x3D\x89\x85",
48
},
{
kHASH_Algorithm_SHA512,
"Short",
"abc",
1,
(uint8_t*)"\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
"\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
"\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD"
"\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F",
64
},
{
kHASH_Algorithm_SHA512,
"Multi",
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
1,
(uint8_t*)"\x8E\x95\x9B\x75\xDA\xE3\x13\xDA\x8C\xF4\xF7\x28\x14\xFC\x14\x3F"
"\x8F\x77\x79\xC6\xEB\x9F\x7F\xA1\x72\x99\xAE\xAD\xB6\x88\x90\x18"
"\x50\x1D\x28\x9E\x49\x00\xF7\xE4\x33\x1B\x99\xDE\xC4\xB5\x43\x3A"
"\xC7\xD3\x29\xEE\xB6\xDD\x26\x54\x5E\x96\xE5\x5B\x87\x4B\xE9\x09",
64
},
{
kHASH_Algorithm_SHA512,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)"\xE7\x18\x48\x3D\x0C\xE7\x69\x64\x4E\x2E\x42\xC7\xBC\x15\xB4\x63"
"\x8E\x1F\x98\xB1\x3B\x20\x44\x28\x56\x32\xA8\x03\xAF\xA9\x73\xEB"
"\xDE\x0F\xF2\x44\x87\x7E\xA6\x0A\x4C\xB0\x43\x2C\xE5\x77\xC3\x1B"
"\xEB\x00\x9C\x5C\x2C\x49\xAA\x2E\x4E\xAD\xB2\x17\xAD\x8C\xC0\x9B",
64
},
{
kHASH_Algorithm_SHA512_256,
"Short",
"abc",
1,
(uint8_t*)
"\x53\x04\x8e\x26\x81\x94\x1e\xf9"
"\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab"
"\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46"
"\xe0\xe2\xf1\x31\x07\xe7\xaf\x23",
32
},
{
kHASH_Algorithm_SHA512_256,
"Multi",
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
1,
(uint8_t*)
"\x39\x28\xe1\x84\xfb\x86\x90\xf8"
"\x40\xda\x39\x88\x12\x1d\x31\xbe"
"\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14"
"\x6f\xea\xc8\x61\xe1\x9b\x56\x3a",
32
},
{
kHASH_Algorithm_SHA512_256,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)
"\x9A\x59\xA0\x52\x93\x01\x87\xA9\x70\x38\xCA\xE6\x92\xF3\x07\x08"
"\xAA\x64\x91\x92\x3E\xF5\x19\x43\x94\xDC\x68\xD5\x6C\x74\xFB\x21",
32
},
{
kHASH_Algorithm_SKEIN256,
"Short",
(char*)
"\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0"
"\xEF\xEE\xED\xEC\xEB\xEA\xE9\xE8\xE7\xE6\xE5\xE4\xE3\xE2\xE1\xE0",
1,
(uint8_t*)
"\x8D\x0F\xA4\xEF\x77\x7F\xD7\x59\xDF\xD4\x04\x4E\x6F\x6A\x5A\xC3"
"\xC7\x74\xAE\xC9\x43\xDC\xFC\x07\x92\x7B\x72\x3B\x5D\xBF\x40\x8B",
32
},
{
kHASH_Algorithm_SKEIN256,
"Multi",
"\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0"
"\xEF\xEE\xED\xEC\xEB\xEA\xE9\xE8\xE7\xE6\xE5\xE4\xE3\xE2\xE1\xE0"
"\xDF\xDE\xDD\xDC\xDB\xDA\xD9\xD8\xD7\xD6\xD5\xD4\xD3\xD2\xD1\xD0"
"\xCF\xCE\xCD\xCC\xCB\xCA\xC9\xC8\xC7\xC6\xC5\xC4\xC3\xC2\xC1\xC0"
"\xBF\xBE\xBD\xBC\xBB\xBA\xB9\xB8\xB7\xB6\xB5\xB4\xB3\xB2\xB1\xB0"
"\xAF\xAE\xAD\xAC\xAB\xAA\xA9\xA8\xA7\xA6\xA5\xA4\xA3\xA2\xA1\xA0"
"\x9F\x9E\x9D\x9C\x9B\x9A\x99\x98\x97\x96\x95\x94\x93\x92\x91\x90"
"\x8F\x8E\x8D\x8C\x8B\x8A\x89\x88\x87\x86\x85\x84\x83\x82\x81\x80",
1,
(uint8_t*)
"\x18\x0D\xE1\x06\xA7\x04\x01\xBA\x38\xF2\x59\x7C\x25\xCB\xEF\xC7"
"\x36\xDF\xD8\x8D\x90\xF2\xD3\x35\x2E\x0E\xB2\x55\xAF\xB6\xDB\x63",
32
},
{
kHASH_Algorithm_SKEIN256,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)
"\x57\x0C\x70\x90\x1E\x31\x99\x4C\x1F\x7B\x96\x0F\x3F\xBD\xCF\x8D"
"\xB0\x03\xE5\x33\x39\x6D\x48\x38\x9F\x46\xD3\x7C\x3E\xD1\x47\x38",
32
},
{
kHASH_Algorithm_SKEIN512,
"Short",
(char*)
"\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0"
"\xEF\xEE\xED\xEC\xEB\xEA\xE9\xE8\xE7\xE6\xE5\xE4\xE3\xE2\xE1\xE0",
1,
(uint8_t*)
"\x0B\x7F\xD0\x53\xAE\x63\x5E\xE8\xE5\x19\x64\x6E\xB4\x1E\xA0\xCF"
"\x7E\xA3\x40\x15\x23\x78\x06\x2F\xB2\x44\x0A\xA0\x25\x0F\xF1\x95"
"\xFE\x32\xD9\xA0\x69\x1E\x68\xA0\xFE\xB1\x7D\xC2\x85\xAA\x67\x56"
"\xCE\xF1\x94\x04\xE4\xDB\x92\xBF\x83\x6C\x4A\xE6\x53\x81\x50\x4A",
64
},
{
kHASH_Algorithm_SKEIN512,
"Multi",
"\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0"
"\xEF\xEE\xED\xEC\xEB\xEA\xE9\xE8\xE7\xE6\xE5\xE4\xE3\xE2\xE1\xE0"
"\xDF\xDE\xDD\xDC\xDB\xDA\xD9\xD8\xD7\xD6\xD5\xD4\xD3\xD2\xD1\xD0"
"\xCF\xCE\xCD\xCC\xCB\xCA\xC9\xC8\xC7\xC6\xC5\xC4\xC3\xC2\xC1\xC0"
"\xBF\xBE\xBD\xBC\xBB\xBA\xB9\xB8\xB7\xB6\xB5\xB4\xB3\xB2\xB1\xB0"
"\xAF\xAE\xAD\xAC\xAB\xAA\xA9\xA8\xA7\xA6\xA5\xA4\xA3\xA2\xA1\xA0"
"\x9F\x9E\x9D\x9C\x9B\x9A\x99\x98\x97\x96\x95\x94\x93\x92\x91\x90"
"\x8F\x8E\x8D\x8C\x8B\x8A\x89\x88\x87\x86\x85\x84\x83\x82\x81\x80",
1,
(uint8_t*)
"\x91\xCC\xA5\x10\xC2\x63\xC4\xDD\xD0\x10\x53\x0A\x33\x07\x33\x09"
"\x62\x86\x31\xF3\x08\x74\x7E\x1B\xCB\xAA\x90\xE4\x51\xCA\xB9\x2E"
"\x51\x88\x08\x7A\xF4\x18\x87\x73\xA3\x32\x30\x3E\x66\x67\xA7\xA2"
"\x10\x85\x6F\x74\x21\x39\x00\x00\x71\xF4\x8E\x8B\xA2\xA5\xAD\xB7",
64
},
{
kHASH_Algorithm_SKEIN512,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)
"\xC9\xD4\x1B\x77\xB7\x7B\x77\xE9\x54\x28\x41\x85\xAF\x68\x2A\x5A"
"\x8B\x25\xB9\xD3\x1E\x6D\x58\xEB\x9F\xD3\x29\xF5\xBC\xCA\x34\xD7"
"\xB2\x85\xAB\x13\x0A\x9C\x14\xC8\x72\x19\x2B\xCD\xF2\xB6\x7D\x88"
"\x32\x80\xA7\x54\xAC\xBA\x94\x2A\x7C\xF4\x48\xE8\x41\xA7\x4E\xD2",
64
},
{
kHASH_Algorithm_SKEIN1024,
"Short",
(char*)
"\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0"
"\xEF\xEE\xED\xEC\xEB\xEA\xE9\xE8\xE7\xE6\xE5\xE4\xE3\xE2\xE1\xE0",
1,
(uint8_t*)
"\xD9\xF3\x81\xEA\xAD\xA5\x7D\x8F\x40\x7A\x01\xD8\x76\xE6\xB3\xC2"
"\x09\x34\x18\xA4\x86\x04\x5F\x7C\xE2\x3A\x90\x15\x0D\x93\x16\x01"
"\x3B\xB5\x4E\x56\x38\xB3\x72\xE3\x75\x59\x72\x89\xCF\x74\x50\xEB"
"\x47\x89\xB5\x55\x3E\x2B\x29\x47\xD2\xAA\x81\x09\x7F\x4A\x8E\x84"
"\xD3\x9E\x0F\xCA\x2F\x30\xB5\xEE\x7A\x8E\xD7\x3C\x31\xF7\x8B\x58"
"\x04\xB6\xEF\x79\xF5\x7F\xE4\x43\xAF\xBA\x11\x51\xCC\x48\xE0\x19"
"\x1A\xC6\x25\xE9\xD5\xF7\x2B\x84\x3D\x77\x10\xB2\x9E\x7F\x98\x9D"
"\x8D\x3F\xC2\x1B\xBA\x49\xD4\x6B\x9F\x75\xA0\x7B\x22\x08\x67\x3C",
128
},
{
kHASH_Algorithm_SKEIN1024,
"Multi",
"\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0"
"\xEF\xEE\xED\xEC\xEB\xEA\xE9\xE8\xE7\xE6\xE5\xE4\xE3\xE2\xE1\xE0"
"\xDF\xDE\xDD\xDC\xDB\xDA\xD9\xD8\xD7\xD6\xD5\xD4\xD3\xD2\xD1\xD0"
"\xCF\xCE\xCD\xCC\xCB\xCA\xC9\xC8\xC7\xC6\xC5\xC4\xC3\xC2\xC1\xC0"
"\xBF\xBE\xBD\xBC\xBB\xBA\xB9\xB8\xB7\xB6\xB5\xB4\xB3\xB2\xB1\xB0"
"\xAF\xAE\xAD\xAC\xAB\xAA\xA9\xA8\xA7\xA6\xA5\xA4\xA3\xA2\xA1\xA0"
"\x9F\x9E\x9D\x9C\x9B\x9A\x99\x98\x97\x96\x95\x94\x93\x92\x91\x90"
"\x8F\x8E\x8D\x8C\x8B\x8A\x89\x88\x87\x86\x85\x84\x83\x82\x81\x80",
1,
(uint8_t*)
"\x1F\x3E\x02\xC4\x6F\xB8\x0A\x3F\xCD\x2D\xFB\xBC\x7C\x17\x38\x00"
"\xB4\x0C\x60\xC2\x35\x4A\xF5\x51\x18\x9E\xBF\x43\x3C\x3D\x85\xF9"
"\xFF\x18\x03\xE6\xD9\x20\x49\x31\x79\xED\x7A\xE7\xFC\xE6\x9C\x35"
"\x81\xA5\xA2\xF8\x2D\x3E\x0C\x7A\x29\x55\x74\xD0\xCD\x7D\x21\x7C"
"\x48\x4D\x2F\x63\x13\xD5\x9A\x77\x18\xEA\xD0\x7D\x07\x29\xC2\x48"
"\x51\xD7\xE7\xD2\x49\x1B\x90\x2D\x48\x91\x94\xE6\xB7\xD3\x69\xDB"
"\x0A\xB7\xAA\x10\x6F\x0E\xE0\xA3\x9A\x42\xEF\xC5\x4F\x18\xD9\x37"
"\x76\x08\x09\x85\xF9\x07\x57\x4F\x99\x5E\xC6\xA3\x71\x53\xA5\x78",
128
},
{
kHASH_Algorithm_SKEIN1024,
"Long",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
15625,
(uint8_t*)
"\x6C\xB2\x95\x4A\xED\xDE\xDC\x50\x67\x00\x8D\xB1\x94\x53\x33\xBD"
"\x9C\xFE\x9E\x46\xC1\x07\x57\x23\xCB\x57\xC5\x6C\x1C\xC3\x76\xA8"
"\xCE\x4D\xA1\x95\xF4\x2E\x01\xBC\x00\x98\xB4\x81\x7A\xB6\x86\xB9"
"\x81\xC9\x37\xE0\x53\x7E\x11\xED\xDF\x62\xF0\x44\x22\xAE\x6F\x1E"
"\xDA\x87\xEF\x09\x29\x9D\x87\x85\x2F\xAF\x89\xB6\xCA\xE3\xD3\x6E"
"\x63\x91\x40\x69\x80\x6F\x82\x3B\xBC\xE4\x36\xB3\xC5\xF4\xAB\x6C"
"\x8A\xA6\x93\x16\x46\x7C\x59\xA1\xCB\xDB\xC3\x5D\xD9\x74\x40\x32"
"\x3C\x4C\x70\xEF\x17\xFB\x1B\xFC\xFC\x4E\xF6\xE3\xE1\xD7\xA2\x60",
128
},
};
OPTESTLogInfo("\nTesting Secure Hash Algorithms:\n");
/* run test array */
for (i = 0; i < sizeof(kat_vector_array)/ sizeof(katvector) ; i++)
{
katvector* kat = &kat_vector_array[i];
unsigned long length = strlen( (const char *) kat->msg) * kat->passes ;
if(last_algor != kat->algor)
{
OPTESTLogInfo("%s\t%10s\t",
(last_algor != -1 ?"\n":""),
hash_algor_table(kat->algor));
last_algor = kat->algor;
}
OPTESTLogInfo("%6lu%s", length > 999?length/1000:length, length > 999?"K":"");
err = TestHashKAT(kat_vector_array[i].algor,
kat_vector_array[i].name,
(uint8_t*) kat_vector_array[i].msg,
strlen( (const char *) kat_vector_array[i].msg),
kat_vector_array[i].passes,
kat_vector_array[i].kat,
kat_vector_array[i].kat_len); CKERR;
}
OPTESTLogInfo("\n\n");
done:
return( err );
}
static SCLError scSaveRestoreKeyTest(SCKeySuite storageKeySuite, SCKeySuite eccKeySuite )
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef sKey = kInvalidSCKeyContextRef; // storage key
SCKeyContextRef signKey = kInvalidSCKeyContextRef;
SCKeyContextRef pKey = kInvalidSCKeyContextRef; // pbdkf2 encrypted storage key
Cipher_Algorithm algorithm = kCipher_Algorithm_Invalid;
size_t symKeyLen = 0;
time_t startDate = time(NULL) ;
time_t expireDate = startDate + (3600 * 24);
char* user1 = "*****@*****.**";
uint8_t* keyData = NULL;
size_t keyDataLen = 0;
uint8_t* sKeyData = NULL;
size_t sKeyDataLen = 0;
bool isLocked = true;
char* passPhrase = "Pedicabo ego vos et irrumabo";
// used for comparison test
ECC_ContextRef ecc = kInvalidECC_ContextRef;
ECC_ContextRef ecc1 = kInvalidECC_ContextRef;
OPTESTLogInfo("\tTesting SCKeys %s Save/Restore using %s\n", sckey_suite_table(eccKeySuite), sckey_suite_table(storageKeySuite));
// setup a storage key for the private SCC key */
// we do this code just one time and export the encrypted passphrase for later use.
char* nonce = "some stupid nonce data";
uint8_t IV[32];
err = SCKeyCipherForKeySuite(storageKeySuite, &algorithm, &symKeyLen); CKERR;
err = RNG_GetBytes(IV,symKeyLen); CKERR;
err = SCKeyNew(storageKeySuite, (uint8_t*)nonce, strlen(nonce), &sKey); CKERR;
err = SCKeySetProperty (sKey, kSCKeyProp_IV, SCKeyPropertyType_Binary, IV , symKeyLen ); CKERR;
err = SCKeyEncryptToPassPhrase(sKey, (const uint8_t*)passPhrase, strlen(passPhrase), &pKey); CKERR;
err = SCKeySerialize(pKey, &sKeyData, &sKeyDataLen); CKERR;
OPTESTLogVerbose("\t\tExport storage key (%d bytes)\n", (int)sKeyDataLen );
OPTESTLogDebug("\t\tEncrypted Storage Key Packet: (%ld bytes)\n%s\n",sKeyDataLen, (char*)sKeyData);
SCKeyFree(pKey); pKey = NULL;
/* create a signing key for things like voicemail, etc */
err = SCKeyNew(eccKeySuite, (uint8_t*)nonce, strlen(nonce), &signKey); CKERR;
err = SCKeySetProperty (signKey, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user1 , strlen(user1) ); CKERR;
err = SCKeySetProperty(signKey, kSCKeyProp_StartDate, SCKeyPropertyType_Time , &startDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty(signKey, kSCKeyProp_ExpireDate, SCKeyPropertyType_Time , &expireDate, sizeof(time_t)); CKERR;
// used for testing
err = SCKeyExport_ECC(signKey, &ecc); CKERR;
/* save the private ecc key */
err = SCKeySerializePrivateWithSCKey(signKey, sKey, &keyData, &keyDataLen); CKERR;
OPTESTLogVerbose("\t\tExport ECC key (%d bytes)\n", (int)keyDataLen );
OPTESTLogDebug("\t\tPrivate Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
SCKeyFree(sKey); sKey = NULL;
SCKeyFree(signKey); signKey = NULL;
// pretend we readin keyData and sKeyData from some device..
OPTESTLogVerbose("\t\tReconstitute the storage key \n" );
// reconstitute the storage key
err = SCKeyDeserialize(sKeyData, strlen((char*) sKeyData) , &pKey); CKERR;
err = SCKeyDecryptFromPassPhrase(pKey, (const uint8_t*)passPhrase, strlen(passPhrase), &sKey); CKERR;
// resconstitute the ECC key
OPTESTLogVerbose("\t\tReconstitute the ECC key \n" );
err = SCKeyDeserialize(keyData, strlen((char*) keyData) , &signKey); CKERR;
OPTESTLogVerbose("\t\tUnlock Private Key Packet \n" );
err = SCKeyUnlockWithSCKey(signKey, sKey); CKERR;
err = SCKeyIsLocked(signKey,&isLocked); CKERR;
ASSERTERR(isLocked, kSCLError_SelfTestFailed);
OPTESTLogVerbose("\t\tConsistency check of reimported key \n" );
{
uint8_t pk[128];
size_t pkLen = sizeof (pk);
uint8_t pk1[128];
size_t pk1Len = sizeof (pk1);
uint8_t privKey[256];
size_t privKeyLen = sizeof (privKey);
uint8_t privKey1[256];
size_t privKey1Len = sizeof (privKey1);
err = SCKeyExport_ECC(signKey, &ecc1); CKERR;
err = ECC_Export_ANSI_X963(ecc , pk, pkLen, &pkLen);
err = ECC_Export_ANSI_X963(ecc1 , pk1, pk1Len, &pk1Len);
err = compare2Results(pk, pkLen, pk1, pk1Len, kResultFormat_Byte, "ECC public Key");
err = ECC_Export(ecc, true, privKey, sizeof(privKey), &privKeyLen);CKERR;
err = ECC_Export(ecc1, true, privKey1, sizeof(privKey1), &privKey1Len);CKERR;
err = compare2Results(privKey, privKeyLen, privKey1, privKey1Len, kResultFormat_Byte, "ECC private Key");
}
done:
OPTESTLogDebug("\n" );
if(ECC_ContextRefIsValid(ecc))
ECC_Free(ecc);
if(ECC_ContextRefIsValid(ecc1))
ECC_Free(ecc1);
if(SCKeyContextRefIsValid(pKey))
SCKeyFree(pKey);
if(SCKeyContextRefIsValid(pKey))
SCKeyFree(pKey);
if(SCKeyContextRefIsValid(signKey))
SCKeyFree(signKey);
if(SCKeyContextRefIsValid(sKey))
SCKeyFree(sKey);
return err;
}
static SCLError sSCKeyTest4(SCKeySuite keySuite)
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef key1 = kInvalidSCKeyContextRef;
char* nonce = "some stupid nonce data";
char* user1 = "*****@*****.**";
uint8_t* fingerPrintData = NULL;
size_t fingerPrintDataSize = 0;
uint8_t* locator = NULL;
uint8_t* fp = NULL;
uint8_t* ownerData = NULL;
size_t ownerDataSize = 0;
uint8_t* hashWords = NULL;
size_t hashWordsSize = 0;
OPTESTLogInfo("\tTesting %s Key Fingerprint APIs \n", sckey_suite_table(keySuite));
err = SCKeyNew(keySuite, (uint8_t*)nonce, strlen(nonce), &key1); CKERR;
err = SCKeySetProperty (key1, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user1 , strlen(user1) ); CKERR;
err = SCKeySerialize_Fingerprint(key1, &fingerPrintData, &fingerPrintDataSize); CKERR;
OPTESTLogDebug("\n\t%3d bytes\n", (int)fingerPrintDataSize);
dumpHex(IF_LOG_DEBUG, fingerPrintData, (int)fingerPrintDataSize, 0);
OPTESTLogDebug("\n");
err = SCKeyDeserialize_Fingerprint( fingerPrintData, fingerPrintDataSize, &locator, &fp,
&ownerData, &ownerDataSize,
&hashWords, &hashWordsSize);
OPTESTLogDebug("\t%10s: %s\n\t%10s: %s\n\t%10s: %s\n\t%10s: %s\n",
"Locator",locator,
"Hash",fp,
"Hash Words", hashWords,
"Owner", ownerData? (char*)ownerData:"<none>");
// test key fingerprint reassembly
err = SCKeyVerify_Fingerprint(key1, fingerPrintData, fingerPrintDataSize); CKERR;
OPTESTLogVerbose("\n");
SCKeyFree(key1); key1 = NULL;
done:
if(SCKeyContextRefIsValid(key1))
SCKeyFree(key1);
if(hashWords)
XFREE(hashWords);
if(ownerData)
XFREE(ownerData);
if(fp)
XFREE(fp);
if(locator)
XFREE(locator);
return err;
}
static SCLError sSCKeyTest3(SCKeySuite keySuite)
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef key1 = kInvalidSCKeyContextRef;
char* nonce = "some stupid nonce data";
// Cipher_Algorithm algorithm = kCipher_Algorithm_Invalid;
// size_t symKeyLen = 0;
#define PTsize 32
uint8_t PT[PTsize];
uint8_t CT[256];
size_t CTlen = 0;
uint8_t DT[PTsize];
size_t DTlen = 0;
uint8_t* sigData = NULL;
size_t sigDataLen = 0;
// uint8_t* keyData = NULL;
// size_t keyDataLen = 0;
// time_t startDate = time(NULL) ;
// time_t expireDate = startDate + (3600 * 24);
// fixed PT key test
for(int i = 0; i< PTsize; i++) PT[i] = i;
OPTESTLogInfo("\tTesting %s Signing and Encryption Consistency \n", sckey_suite_table(keySuite));
// err = SCKeyCipherForKeySuite(keySuite, &algorithm, NULL); CKERR;
// OPTESTLogVerbose("\t\tCreate %s encyption key\n",cipher_algor_table(algorithm));
err = SCKeyNew(keySuite, (uint8_t*)nonce, strlen(nonce), &key1); CKERR;
OPTESTLogVerbose("\t\tPublic Key Encrypt %d byte key \n", sizeof(PT));
err = SCKeyPublicEncrypt(key1, PT, sizeof(PT), CT, sizeof(CT), &CTlen);CKERR;
dumpHex(IF_LOG_DEBUG, CT, (int)CTlen, 0);
OPTESTLogVerbose("\t\tTest Decryption \n");
err = SCKeyPublicDecrypt(key1, CT, CTlen, DT, sizeof(DT), &DTlen); CKERR;
err = compareResults( DT, PT, PTsize , kResultFormat_Byte, "ECC Decrypt"); CKERR;
err = SCKeySignHash(key1, PT,sizeof(PT),CT, sizeof(CT), &CTlen); CKERR;
OPTESTLogVerbose("\t\tPublic Key Sign - low level (%ld bytes) \n", CTlen);
dumpHex(IF_LOG_DEBUG, CT, (int)CTlen, 0);
err = SCKeySign(key1,PT,sizeof(PT), &sigData, &sigDataLen); CKERR;
OPTESTLogVerbose("\t\tPublic Key Sign - JSON (%ld bytes) \n",sigDataLen);
OPTESTLogDebug("%s",sigData );
OPTESTLogVerbose("\t\tTest Signature Verification\n");
err = SCKeyVerifyHash(key1, PT,sizeof(PT), CT, CTlen); CKERR;
err = SCKeyVerify(key1, PT,sizeof(PT), sigData, sigDataLen); CKERR;
// force sig fail
PT[3] ^=1;
ASSERTERR(SCKeyVerifyHash(key1, PT,sizeof(PT), CT, CTlen) != kSCLError_BadIntegrity, kSCLError_SelfTestFailed );
ASSERTERR(SCKeyVerify(key1, PT,sizeof(PT), sigData, sigDataLen) != kSCLError_BadIntegrity, kSCLError_SelfTestFailed );
#if 0
{
// get pub key
SCKeyContextRef iKey = kInvalidSCKeyContextRef;
err = SCKeyGetAllocatedProperty(key1, kSCKeyProp_PubKeyANSI_X963, NULL, (void*)&keyData , &keyDataLen); CKERR;
// make commit code
err = SCKeyMakeHMACcode(keySuite, keyData, keyDataLen, PT, PTsize, expireDate, key1, &iKey); CKERR;
XFREE(keyData); keyData = NULL;
err = SCKeySerialize(iKey, &keyData, &keyDataLen); CKERR;
printf("HMAC_code: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
SCKeyFree(iKey); iKey = NULL;
err = SCKeyDeserialize(keyData, keyDataLen, &iKey);CKERR;
XFREE(keyData); keyData = NULL;
}
#endif
OPTESTLogVerbose("\n");
SCKeyFree(key1); key1 = NULL;
done:
if(SCKeyContextRefIsValid(key1))
SCKeyFree(key1);
if(sigData)
XFREE(sigData);
//
// if(keyData)
// XFREE(keyData);
return err;
}
static SCLError sSCKeyTest1(SCKeySuite keySuite)
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef key = kInvalidSCKeyContextRef;
SCKeyContextRef key1 = kInvalidSCKeyContextRef;
uint8_t symKey[32];
uint8_t symKey1[32];
uint8_t* keyData = NULL;
size_t keyDataLen = 0;
uint8_t* keyData1 = NULL;
size_t keyDataLen1 = 0;
char comment[256] = {0};
char comment1[256] = {0};
char* nonce = "some stupid nonce data";
time_t startDate = time(NULL) ;
time_t expireDate = startDate + (3600 * 24);
char* commentProperty = "comment";
SCKeySuite keyType1 = kSCKeySuite_Invalid ;
SCKeyPropertyType propType = SCKeyPropertyType_Invalid;
// fixed SYM key test
for(int i = 0; i< 32; i++) symKey[i] = i;
sprintf(comment,"Optest %s Symmetric Key", sckey_suite_table(keySuite));
OPTESTLogInfo("\tTesting Symmetric Key Save/Restore (%s)\n", sckey_suite_table(keySuite));
// create a SCKey with sym data and add some properties
err = SCKeyImport_Symmetric(keySuite, symKey, (uint8_t*)nonce, strlen(nonce), &key);
err = SCKeySetProperty (key, commentProperty, SCKeyPropertyType_UTF8String, comment, strlen(comment) ); CKERR;
err = SCKeySetProperty(key, kSCKeyProp_StartDate, SCKeyPropertyType_Time , &startDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty(key, kSCKeyProp_ExpireDate, SCKeyPropertyType_Time , &expireDate, sizeof(time_t)); CKERR;
// serialize it
err = SCKeySerialize(key, &keyData, &keyDataLen); CKERR;
OPTESTLogDebug("\t\tKey Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
// deserialize it
err = SCKeyDeserialize(keyData, keyDataLen, &key1);CKERR;
XFREE(keyData); keyData = NULL;
err = SCKeyGetProperty(key1, kSCKeyProp_SCKeySuite, NULL, &keyType1, sizeof(SCKeySuite), NULL); CKERR;
err = compareResults(&keySuite, &keyType1, sizeof(SCKeySuite), kResultFormat_Byte, "keySuite");CKERR;
err = SCKeyGetProperty(key1, kSCKeyProp_SymmetricKey, NULL, &symKey1 , sizeof(symKey1), &keyDataLen); CKERR;
err = compareResults(symKey, symKey1, keyDataLen, kResultFormat_Byte, "symKey");CKERR;
XFREE(keyData); keyData = NULL;
err = SCKeyGetAllocatedProperty(key, kSCKeyProp_Locator, NULL, (void*)&keyData , &keyDataLen); CKERR;
err = SCKeyGetAllocatedProperty(key1, kSCKeyProp_Locator, &propType, (void*)&keyData1 , &keyDataLen1); CKERR;
err = compareResults(keyData, keyData1, keyDataLen, kResultFormat_Byte, "locator");CKERR;
err = SCKeyGetProperty(key1, commentProperty, &propType, comment1 , sizeof(comment1), &keyDataLen1); CKERR;
err = compare2Results(comment, strlen(comment), comment1, keyDataLen1, kResultFormat_Byte, "comment");CKERR;
if(keyData) XFREE(keyData);
if(keyData1) XFREE(keyData1);
if(key) SCKeyFree(key);
if(key1) SCKeyFree(key1);
done:
return err;
}
static SCLError sSCKeyTest2(SCKeySuite keySuite, SCKeySuite lockingKeySuite)
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef sKey = kInvalidSCKeyContextRef;
SCKeyContextRef key1 = kInvalidSCKeyContextRef;
SCKeyContextRef key2 = kInvalidSCKeyContextRef;
SCKeyContextRef signKey = kInvalidSCKeyContextRef;
ECC_ContextRef ecc = kInvalidECC_ContextRef;
SCKeySuite keyType;
SCKeySuite keyType1;
SCKeyPropertyType propType;
Cipher_Algorithm algorithm = kCipher_Algorithm_Invalid;
size_t symKeyLen = 0;
uint8_t* keyData = NULL;
size_t keyDataLen = 0;
uint8_t* keyData1 = NULL;
size_t keyDataLen1 = 0;
size_t ecckeysize = 0;
uint8_t symKey[32];
uint8_t IV[32];
char* user1 = "*****@*****.**";
char* user2 = "*****@*****.**";
char comment[256] = {0};
char* nonce = "some stupid nonce data";
time_t startDate = time(NULL) ;
time_t expireDate = startDate + (3600 * 24);
time_t date1;
char* commentProperty = "comment";
bool isLocked = true;
sprintf(comment,"Optest %s ECC Key", sckey_suite_table(keySuite));
OPTESTLogInfo("\tTesting %s Key Save/Restore using %s\n",
sckey_suite_table(keySuite),sckey_suite_table(lockingKeySuite));
switch (keySuite) {
case kSCKeySuite_ECC384:
ecckeysize = 384;
break;
case kSCKeySuite_ECC414:
ecckeysize = 414;
break;
default:
RETERR(kSCLError_BadParams);
break;
}
// fixed SYM key test
for(int i = 0; i< sizeof(symKey); i++) symKey[i] = i;
for(int i = 0; i< sizeof(IV); i++) IV[i] = i;
// create a SCKey with sym data
err = SCKeyImport_Symmetric(lockingKeySuite, symKey, (uint8_t*)nonce, strlen(nonce), &sKey); CKERR;
err = SCKeyCipherForKeySuite(lockingKeySuite, &algorithm, &symKeyLen); CKERR;
err = SCKeySetProperty (sKey, kSCKeyProp_IV, SCKeyPropertyType_Binary, IV, symKeyLen ); CKERR;
OPTESTLogVerbose("\t\tGenerate %d bit ECC key \n", ecckeysize);
err = ECC_Init(&ecc);
err = ECC_Generate(ecc, ecckeysize); CKERR;
OPTESTLogVerbose("\t\tImport %d bit ECC key to SCKEy \n", ecckeysize);
err = SCKeyImport_ECC( ecc, (uint8_t*)nonce, strlen(nonce), &key1); CKERR;
ECC_Free(ecc );
ecc = kInvalidECC_ContextRef;
err = SCKeySetProperty (key1, commentProperty, SCKeyPropertyType_UTF8String, comment, strlen(comment) ); CKERR;
err = SCKeySetProperty(key1, kSCKeyProp_StartDate, SCKeyPropertyType_Time , &startDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty(key1, kSCKeyProp_ExpireDate, SCKeyPropertyType_Time , &expireDate, sizeof(time_t)); CKERR;
err = SCKeySetProperty (key1, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user1, strlen(user1) ); CKERR;
// create a signing key to sign test wkey with
err = SCKeyNew(keySuite, (uint8_t*)nonce, strlen(nonce), &signKey); CKERR;
err = SCKeySetProperty (signKey, kSCKeyProp_Owner, SCKeyPropertyType_UTF8String, user2 , strlen(user2) ); CKERR;
err = SCKeySignKey( signKey, key1,NULL); CKERR;
// serialize it
err = SCKeySerialize(key1, &keyData, &keyDataLen); CKERR;
OPTESTLogDebug("\t\tPublic Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
XFREE(keyData); keyData = NULL;
err = SCKeySerializePrivateWithSCKey(key1, sKey, &keyData, &keyDataLen); CKERR;
OPTESTLogDebug("\t\tPrivate Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
OPTESTLogVerbose("\t\tImport Private Key Packet \n" );
err = SCKeyDeserialize(keyData, keyDataLen, &key2);CKERR;
XFREE(keyData); keyData = NULL;
OPTESTLogVerbose("\t\tUnlock Private Key Packet \n" );
err = SCKeyIsLocked(key2,&isLocked); CKERR;
// the freshly iported key should be locked
ASSERTERR(!isLocked, kSCLError_SelfTestFailed);
err = SCKeyUnlockWithSCKey(key2, sKey); CKERR;
// check reimport
OPTESTLogVerbose("\t\tCompare Deserialized Key \n" );
err = SCKeyGetProperty(key2, kSCKeyProp_SCKeySuite, NULL, &keyType1, sizeof(SCKeySuite), NULL); CKERR;
err = compareResults(&keyType, &keyType, sizeof(SCKeySuite), kResultFormat_Byte, "keySuite");CKERR;
err = SCKeyGetAllocatedProperty(key1, kSCKeyProp_Locator,NULL, (void*)&keyData , &keyDataLen); CKERR;
err = SCKeyGetAllocatedProperty(key2, kSCKeyProp_Locator,&propType, (void*)&keyData1 , &keyDataLen1); CKERR;
ASSERTERR(propType != SCKeyPropertyType_Binary, kSCLError_SelfTestFailed);
err = compareResults(keyData, keyData1, keyDataLen, kResultFormat_Byte, "locator");CKERR;
XFREE(keyData); keyData = NULL;
XFREE(keyData1); keyData1 = NULL;
err = SCKeyGetProperty(key2, kSCKeyProp_StartDate, &propType, &date1, sizeof(time_t), &keyDataLen); CKERR;
ASSERTERR(propType != SCKeyPropertyType_Time, kSCLError_SelfTestFailed);
err = compareResults(&startDate, &date1, sizeof(time_t), kResultFormat_Byte, "startDate");CKERR;
err = SCKeyGetProperty(key2, kSCKeyProp_ExpireDate, &propType, &date1, sizeof(time_t), &keyDataLen); CKERR;
ASSERTERR(propType != SCKeyPropertyType_Time, kSCLError_SelfTestFailed);
err = compareResults(&expireDate, &date1, sizeof(time_t), kResultFormat_Byte, "expireDate");CKERR;
// TODO: we need to add code in SCKeys to xport the key signatures and verify them
OPTESTLogVerbose(" \n" );
done:
if(ECC_ContextRefIsValid(ecc) )
ECC_Free(ecc );
if(SCKeyContextRefIsValid(key1))
SCKeyFree(key1);
if(SCKeyContextRefIsValid(key2))
SCKeyFree(key2);
if(keyData)
XFREE(keyData);
if(keyData1)
XFREE(keyData1);
return err;
};
static SCLError sSCKeysStorageTest(SCKeySuite keySuite)
{
SCLError err = kSCLError_NoErr;
SCKeyContextRef storageKey = kInvalidSCKeyContextRef;
SCKeyContextRef pKey = kInvalidSCKeyContextRef;
const char* passphrase = "Tant las fotei com auziretz";
uint8_t* keyData = NULL;
size_t keyDataLen = 0;
Cipher_Algorithm algorithm = kCipher_Algorithm_Invalid;
size_t symKeyLen = 0;
int msg_count = ( sizeof(Msgs) / sizeof(char*)) -1;
typedef struct {
uint8_t *data;
size_t len;
}storage_entry;
storage_entry *msg_store = NULL;
uint8_t deviceUUID[32];
uint8_t IV[32];
OPTESTLogInfo("\tTesting SCKeys Storage API (%s)\n", sckey_suite_table(keySuite));
msg_store = XMALLOC(sizeof(storage_entry) * msg_count); CKNULL(msg_store);
ZERO(msg_store,sizeof(storage_entry) * msg_count);
// we use the UUID only as a nonce, it should be unique but doesnt have to be secure
err = RNG_GetBytes(deviceUUID,sizeof(deviceUUID));
// generate a 128 bit storagre key and a 128 bit IV
err = RNG_GetBytes(IV,sizeof(IV));
err = SCKeyCipherForKeySuite(keySuite, &algorithm, &symKeyLen); CKERR;
OPTESTLogVerbose("\t\tCreate %s encyption key\n",cipher_algor_table(algorithm));
err = SCKeyNew(keySuite, deviceUUID, sizeof(deviceUUID), &storageKey); CKERR;
err = SCKeySetProperty (storageKey, kSCKeyProp_IV, SCKeyPropertyType_Binary, IV , symKeyLen); CKERR;
OPTESTLogVerbose("\t\tEncrypt %d test messages\n", msg_count);
// Encrypt a bunch of messages
for(int i = 0; Msgs[i] != NULL; i++)
{
unsigned long msgLen;
msgLen = strlen(Msgs[i]);
OPTESTLogDebug("\t\t %3d - %3d bytes |%.*s|\n", i+1, (int)msgLen,(int)msgLen, Msgs[i] );
err = SCKeyStorageEncrypt(storageKey,
(uint8_t*) Msgs[i], msgLen,
&msg_store[i].data, &msg_store[i].len); CKERR;
dumpHex(IF_LOG_DEBUG, msg_store[i].data, (int)msg_store[i].len, 0);
OPTESTLogDebug("\n");
}
OPTESTLogVerbose("\t\tSecure the storage key to a passphrase\n");
// secure the storage key to a passphrase
err = SCKeyEncryptToPassPhrase(storageKey, (uint8_t*)passphrase, strlen(passphrase), &pKey); CKERR;
// get rid of orignial storage key
SCKeyFree(storageKey); storageKey = NULL;
err = SCKeySerialize(pKey, &keyData, &keyDataLen); CKERR;
SCKeyFree(pKey); pKey = NULL;
ZERO(IV,sizeof(IV));
// save the passphrase key somewhere
OPTESTLogDebug("\t\tPBKDF2 Passphrase Key Packet: (%ld bytes)\n%s\n",keyDataLen, (char*)keyData);
// restore the passphrase key
err = SCKeyDeserialize(keyData, keyDataLen, &pKey);CKERR;
// unlock passphrase key and make a SKey
err = SCKeyDecryptFromPassPhrase(pKey, (uint8_t*)passphrase, strlen(passphrase), &storageKey ); CKERR;
SCKeyFree(pKey); pKey = NULL;
OPTESTLogVerbose("\t\tDecrypt and compare %d messages\n", msg_count);
for(int i = 0; Msgs[i] != NULL; i++)
{
unsigned long msgLen;
uint8_t* PT = NULL;
size_t PTLen = 0;
msgLen = strlen(Msgs[i]);
err = SCKeyStorageDecrypt(storageKey,
msg_store[i].data, msg_store[i].len,
&PT, &PTLen); CKERR;
if(msgLen != PTLen)
{
OPTESTLogInfo("ERROR MSG Decrypt: Expecting %d bytes, got %d\n", (int)msgLen, (int)PTLen );
RETERR(kSCLError_SelfTestFailed);
}
err = compareResults( Msgs[i], PT, msgLen , kResultFormat_Byte, "MSG Decrypt"); CKERR;
if(PT) XFREE(PT);
PT = NULL;
}
SCKeyFree(storageKey);
storageKey = NULL;
OPTESTLogVerbose("\n");
done:
for(int i = 0; i < msg_count; i++)
{
if(msg_store[i].data )
{
XFREE(msg_store[i].data);
}
}
XFREE(msg_store);
if(SCKeyContextRefIsValid(pKey))
SCKeyFree(pKey);
if(SCKeyContextRefIsValid(storageKey))
SCKeyFree(storageKey);
return err;
}
