END_TEST
START_TEST(check_ec_serialization)
{
EC_KEY *pair, *pair2;
unsigned char *sbuf, *sbuf2;
int res;
size_t ssize, ssize2;
res = crypto_init();
ck_assert_msg(!res, "Crypto initialization routine failed.\n");
for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) {
pair = _generate_ec_keypair(0);
ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n");
sbuf = _serialize_ec_pubkey(pair, &ssize);
ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");
pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0);
ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");
sbuf2 = _serialize_ec_pubkey(pair, &ssize2);
ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");
ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);
res = memcmp(sbuf, sbuf2, ssize);
ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");
free(sbuf);
free(sbuf2);
_free_ec_key(pair2);
sbuf = _serialize_ec_privkey(pair, &ssize);
ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");
pair2 = _deserialize_ec_privkey(sbuf, ssize, 0);
ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");
sbuf2 = _serialize_ec_privkey(pair, &ssize2);
ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");
ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);
res = memcmp(sbuf, sbuf2, ssize);
ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");
free(sbuf);
free(sbuf2);
free_ec_key(pair);
}
fprintf(stderr, "EC serialization check completed.\n");
}
END_TEST
START_TEST(check_ecdh_kdf)
{
EC_KEY *ec1, *ec2, *pub1, *pub2;
int res;
size_t serial_size;
unsigned char *serial_temp, key1[48], key2[48];
memset(key1, 0, 48);
memset(key2, 0, 48);
res = crypto_init();
ec1 = _generate_ec_keypair(0);
ec2 = _generate_ec_keypair(0);
ck_assert_msg((ec1 != NULL), "EC key generation failed.\n");
ck_assert_msg((ec2 != NULL), "EC key generation failed.\n");
serial_temp = _serialize_ec_pubkey(ec1, &serial_size);
ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n");
pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);
res = _compute_aes256_kek(pub1, ec2, key1);
ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n");
free(serial_temp);
serial_temp = _serialize_ec_pubkey(ec2, &serial_size);
ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n");
pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);
res = _compute_aes256_kek(pub2, ec1, key2);
ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n");
ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result");
fprintf(stderr, "ECDH key derivation function check completed.\n");
}
END_TEST
START_TEST(load_ec_key_file)
{
char filename[256], *b64key;
EC_KEY *result, *key;
size_t size;
unsigned char *serial;
int res;
res = _crypto_init();
ck_assert_msg(!res, "Crypto initialization routine failed.\n");
for (size_t i = 0; i < 5; ++i) {
key = _generate_ec_keypair(0);
snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
serial = _serialize_ec_privkey(key, &size);
b64key = _b64encode(serial, size);
free(serial);
_write_pem_data(b64key, "EC PRIVATE KEY", filename);
free(b64key);
snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
serial = _serialize_ec_pubkey(key, &size);
free_ec_key(key);
b64key = _b64encode(serial, size);
free(serial);
_write_pem_data(b64key, "PUBLIC KEY", filename);
free(b64key);
}
for (size_t i = 0; i < 5; i++) {
snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
result = _load_ec_privkey(filename);
ck_assert_msg(result != NULL, "load_ec_privkey failed for %s", filename);
free_ec_key(result);
snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
result = _load_ec_pubkey(filename);
ck_assert_msg(result != NULL, "load_ec_pubkey failed for %s", filename);
free_ec_key(result);
}
fprintf(stderr, "EC key load from file check completed.\n");
}
END_TEST
START_TEST(check_signet_keys_pairing)
{
const char *filename_u = "keys_user.keys", *filename_o = "keys_org.keys",
*filename_s = "keys_ssr.keys", *filename_w = "keys_wrong.keys",
*to_sign = "AbcDEFghijKLMNOpqrstuVWXYZ";
EC_KEY *priv_enckey, *pub_enckey;
ED25519_KEY *priv_signkey, *pub_signkey;
ed25519_signature sigbuf;
int res = 0;
signet_t *signet;
signet_type_t type;
size_t enc1_size, enc2_size;
unsigned char *enc1_pub, *enc2_pub;
_crypto_init();
/* creating user signet with keys */
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, filename_u);
ck_assert_msg(signet != NULL, "Failure to create user signet.\n");
type = dime_sgnt_type_get(signet);
ck_assert_msg(type == SIGNET_TYPE_USER, "Corrupted signet type.\n");
priv_signkey = dime_keys_signkey_fetch(filename_u);
ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");
res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
ck_assert_msg(res == 0, "Failure to sign data buffer.\n");
pub_signkey = dime_sgnt_signkey_fetch(signet);
ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");
res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
ck_assert_msg(res = 1, "Failure to verify signature");
priv_enckey = dime_keys_enckey_fetch(filename_u);
ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");
enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");
pub_enckey = dime_sgnt_enckey_fetch(signet);
ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");
enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");
_free_ed25519_key(priv_signkey);
_free_ed25519_key(pub_signkey);
_free_ec_key(pub_enckey);
_free_ec_key(priv_enckey);
free(enc1_pub);
free(enc2_pub);
dime_sgnt_signet_destroy(signet);
/* creating organizational signet with keys */
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, filename_o);
ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n");
type = dime_sgnt_type_get(signet);
ck_assert_msg(type == SIGNET_TYPE_ORG, "Corrupted signet type.\n");
priv_signkey = dime_keys_signkey_fetch(filename_o);
ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");
res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
ck_assert_msg(res == 0, "Failure to sign data buffer.\n");
pub_signkey = dime_sgnt_signkey_fetch(signet);
ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");
res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
ck_assert_msg(res = 1, "Failure to verify signature");
priv_enckey = dime_keys_enckey_fetch(filename_o);
ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");
enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");
pub_enckey = dime_sgnt_enckey_fetch(signet);
ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");
enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");
_free_ed25519_key(priv_signkey);
_free_ed25519_key(pub_signkey);
_free_ec_key(priv_enckey);
_free_ec_key(pub_enckey);
free(enc1_pub);
free(enc2_pub);
dime_sgnt_signet_destroy(signet);
/* creating ssr signet with keys */
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, filename_s);
ck_assert_msg(signet != NULL, "Failure to create SSR.\n");
type = dime_sgnt_type_get(signet);
ck_assert_msg(type == SIGNET_TYPE_SSR, "Corrupted signet type.\n");
priv_signkey = dime_keys_signkey_fetch(filename_s);
ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");
res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
ck_assert_msg(res == 0, "Failure to sign data buffer.\n");
pub_signkey = dime_sgnt_signkey_fetch(signet);
ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");
res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
ck_assert_msg(res = 1, "Failure to verify signature");
priv_enckey = dime_keys_enckey_fetch(filename_s);
ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");
enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");
pub_enckey = dime_sgnt_enckey_fetch(signet);
ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");
enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");
_free_ed25519_key(priv_signkey);
_free_ed25519_key(pub_signkey);
_free_ec_key(priv_enckey);
_free_ec_key(pub_enckey);
free(enc1_pub);
free(enc2_pub);
dime_sgnt_signet_destroy(signet);
/*creating invalid signet types*/
signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ERROR, filename_w);
ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type SIGNET_TYPE_ERROR.\n");
ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type SIGNET_TYPE_ERROR.\n");
signet = dime_sgnt_signet_create_w_keys(31, filename_w);
ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type 31.\n");
ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type 31.\n");
fprintf(stderr, "Signet file keypair check completed.\n");
}
