void ECDSATests::testPKCS8()
{
// Get prime256v1 domain parameters
ECParameters* p = new ECParameters;
p->setEC(ByteString("06082a8648ce3d030107"));
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(ecdsa->generateKeyPair(&kp, p));
CPPUNIT_ASSERT(kp != NULL);
ECPrivateKey* priv = (ECPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(priv != NULL);
// Encode and decode the private key
ByteString pkcs8 = priv->PKCS8Encode();
CPPUNIT_ASSERT(pkcs8.size() != 0);
ECPrivateKey* dPriv = (ECPrivateKey*) ecdsa->newPrivateKey();
CPPUNIT_ASSERT(dPriv != NULL);
CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC());
CPPUNIT_ASSERT(priv->getD() == dPriv->getD());
ecdsa->recycleParameters(p);
ecdsa->recycleKeyPair(kp);
ecdsa->recyclePrivateKey(dPriv);
}
void EDDSATests::testPKCS8()
{
// Get ed25519 domain parameters
ECParameters* p = new ECParameters;
p->setEC(ByteString("06032b6570"));
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(eddsa->generateKeyPair(&kp, p));
CPPUNIT_ASSERT(kp != NULL);
EDPrivateKey* priv = (EDPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(priv != NULL);
// Encode and decode the private key
ByteString pkcs8 = priv->PKCS8Encode();
CPPUNIT_ASSERT(pkcs8.size() != 0);
EDPrivateKey* dPriv = (EDPrivateKey*) eddsa->newPrivateKey();
CPPUNIT_ASSERT(dPriv != NULL);
CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC());
CPPUNIT_ASSERT(priv->getK() == dPriv->getK());
eddsa->recycleParameters(p);
eddsa->recycleKeyPair(kp);
eddsa->recyclePrivateKey(dPriv);
}
void EDDSATests::testKeyGeneration()
{
AsymmetricKeyPair* kp;
// Curves to test
std::vector<ByteString> curves;
// Add x25519
curves.push_back(ByteString("06032b656e"));
// Add ed25519
curves.push_back(ByteString("06032b6570"));
for (std::vector<ByteString>::iterator c = curves.begin(); c != curves.end(); c++)
{
// Set domain parameters
ECParameters* p = new ECParameters;
p->setEC(*c);
// Generate key-pair
CPPUNIT_ASSERT(eddsa->generateKeyPair(&kp, p));
EDPublicKey* pub = (EDPublicKey*) kp->getPublicKey();
EDPrivateKey* priv = (EDPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(pub->getEC() == *c);
CPPUNIT_ASSERT(priv->getEC() == *c);
eddsa->recycleParameters(p);
eddsa->recycleKeyPair(kp);
}
}
void ECDSATests::testKeyGeneration()
{
AsymmetricKeyPair* kp;
// Curves to test
std::vector<ByteString> curves;
// Add X9.62 prime256v1
curves.push_back(ByteString("06082a8648ce3d030107"));
// Add secp384r1
curves.push_back(ByteString("06052b81040022"));
for (std::vector<ByteString>::iterator c = curves.begin(); c != curves.end(); c++)
{
// Set domain parameters
ECParameters* p = new ECParameters;
p->setEC(*c);
// Generate key-pair
CPPUNIT_ASSERT(ecdsa->generateKeyPair(&kp, p));
ECPublicKey* pub = (ECPublicKey*) kp->getPublicKey();
ECPrivateKey* priv = (ECPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(pub->getEC() == *c);
CPPUNIT_ASSERT(priv->getEC() == *c);
ecdsa->recycleParameters(p);
ecdsa->recycleKeyPair(kp);
}
}
void DSATests::testPKCS8()
{
// Generate 1024-bit parameters for testing
AsymmetricParameters* p;
CPPUNIT_ASSERT(dsa->generateParameters(&p, (void*) 1024));
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(dsa->generateKeyPair(&kp, p));
CPPUNIT_ASSERT(kp != NULL);
DSAPrivateKey* priv = (DSAPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(priv != NULL);
// Encode and decode the private key
ByteString pkcs8 = priv->PKCS8Encode();
CPPUNIT_ASSERT(pkcs8.size() != 0);
DSAPrivateKey* dPriv = (DSAPrivateKey*) dsa->newPrivateKey();
CPPUNIT_ASSERT(dPriv != NULL);
CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
CPPUNIT_ASSERT(priv->getP() == dPriv->getP());
CPPUNIT_ASSERT(priv->getQ() == dPriv->getQ());
CPPUNIT_ASSERT(priv->getG() == dPriv->getG());
CPPUNIT_ASSERT(priv->getX() == dPriv->getX());
dsa->recycleParameters(p);
dsa->recycleKeyPair(kp);
dsa->recyclePrivateKey(dPriv);
}
void GOSTTests::testKeyGeneration()
{
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT((gost = CryptoFactory::i()->getAsymmetricAlgorithm("gost")));
// Set domain parameters
ByteString curve = "06072a850302022301";
ECParameters* p = new ECParameters;
p->setEC(curve);
// Generate key-pair
CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p));
GOSTPublicKey* pub = (GOSTPublicKey*) kp->getPublicKey();
GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(pub->getQ().size() == 64);
CPPUNIT_ASSERT(priv->getD().size() == 32);
gost->recycleParameters(p);
gost->recycleKeyPair(kp);
CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
gost = NULL;
}
void ECDSATests::testSigningVerifying()
{
AsymmetricKeyPair* kp;
ECParameters *p;
// Curves/Hashes to test
std::vector<std::pair<ByteString, const char*> > totest;
// Add X9.62 prime256v1
totest.push_back(std::make_pair(ByteString("06082a8648ce3d030107"), "sha256"));
// Add secp384r1
totest.push_back(std::make_pair(ByteString("06052b81040022"), "sha384"));
for (std::vector<std::pair<ByteString, const char*> >::iterator k = totest.begin(); k != totest.end(); k++)
{
// Get parameters
p = new ECParameters;
CPPUNIT_ASSERT(p != NULL);
p->setEC(k->first);
HashAlgorithm *hash;
hash = CryptoFactory::i()->getHashAlgorithm(k->second);
CPPUNIT_ASSERT(hash != NULL);
// Generate key-pair
CPPUNIT_ASSERT(ecdsa->generateKeyPair(&kp, p));
// Generate some data to sign
ByteString dataToSign;
RNG* rng = CryptoFactory::i()->getRNG();
CPPUNIT_ASSERT(rng != NULL);
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));
// Sign the data
CPPUNIT_ASSERT(hash->hashInit());
CPPUNIT_ASSERT(hash->hashUpdate(dataToSign));
ByteString hResult;
CPPUNIT_ASSERT(hash->hashFinal(hResult));
ByteString sig;
CPPUNIT_ASSERT(ecdsa->sign(kp->getPrivateKey(), hResult, sig, "ECDSA"));
// And verify it
CPPUNIT_ASSERT(ecdsa->verify(kp->getPublicKey(), hResult, sig, "ECDSA"));
ecdsa->recycleKeyPair(kp);
ecdsa->recycleParameters(p);
CryptoFactory::i()->recycleHashAlgorithm(hash);
}
}
void DHTests::testKeyGeneration()
{
AsymmetricKeyPair* kp;
// Key sizes to test
std::vector<size_t> keySizes;
#ifdef WITH_FIPS
keySizes.push_back(1024);
#else
keySizes.push_back(512);
//keySizes.push_back(768);
//keySizes.push_back(1024);
#endif
for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
{
// Generate parameters
DHParameters* p;
AsymmetricParameters** ap = (AsymmetricParameters**) &p;
CPPUNIT_ASSERT(dh->generateParameters(ap, (void*) *k));
// Generate key-pair
CPPUNIT_ASSERT(dh->generateKeyPair(&kp, p));
DHPublicKey* pub = (DHPublicKey*) kp->getPublicKey();
DHPrivateKey* priv = (DHPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(pub->getBitLength() == *k);
CPPUNIT_ASSERT(priv->getBitLength() == *k);
dh->recycleKeyPair(kp);
// Generate key-pair with a fixed private value length
p->setXBitLength(128);
CPPUNIT_ASSERT(dh->generateKeyPair(&kp, p));
priv = (DHPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(priv->getX().bits() == 128);
dh->recycleParameters(p);
dh->recycleKeyPair(kp);
}
}
void DSATests::testSerialisation()
{
// Generate 1024-bit parameters for testing
DSAParameters* p;
AsymmetricParameters** ap = (AsymmetricParameters**) &p;
CPPUNIT_ASSERT(dsa->generateParameters(ap, (void*) 1024));
// Serialise the parameters
ByteString serialisedParams = p->serialise();
// Deserialise the parameters
AsymmetricParameters* dP;
CPPUNIT_ASSERT(dsa->reconstructParameters(&dP, serialisedParams));
CPPUNIT_ASSERT(dP->areOfType(DSAParameters::type));
DSAParameters* ddP = (DSAParameters*) dP;
CPPUNIT_ASSERT(p->getP() == ddP->getP());
CPPUNIT_ASSERT(p->getQ() == ddP->getQ());
CPPUNIT_ASSERT(p->getG() == ddP->getG());
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(dsa->generateKeyPair(&kp, dP));
// Serialise the key-pair
ByteString serialisedKP = kp->serialise();
// Deserialise the key-pair
AsymmetricKeyPair* dKP;
CPPUNIT_ASSERT(dsa->reconstructKeyPair(&dKP, serialisedKP));
// Check the deserialised key-pair
DSAPrivateKey* privKey = (DSAPrivateKey*) kp->getPrivateKey();
DSAPublicKey* pubKey = (DSAPublicKey*) kp->getPublicKey();
DSAPrivateKey* dPrivKey = (DSAPrivateKey*) dKP->getPrivateKey();
DSAPublicKey* dPubKey = (DSAPublicKey*) dKP->getPublicKey();
CPPUNIT_ASSERT(privKey->getP() == dPrivKey->getP());
CPPUNIT_ASSERT(privKey->getQ() == dPrivKey->getQ());
CPPUNIT_ASSERT(privKey->getG() == dPrivKey->getG());
CPPUNIT_ASSERT(privKey->getX() == dPrivKey->getX());
CPPUNIT_ASSERT(pubKey->getP() == dPubKey->getP());
CPPUNIT_ASSERT(pubKey->getQ() == dPubKey->getQ());
CPPUNIT_ASSERT(pubKey->getG() == dPubKey->getG());
CPPUNIT_ASSERT(pubKey->getY() == dPubKey->getY());
dsa->recycleParameters(p);
dsa->recycleParameters(dP);
dsa->recycleKeyPair(kp);
dsa->recycleKeyPair(dKP);
}
void RSATests::testKeyGeneration()
{
AsymmetricKeyPair* kp;
RSAParameters p;
// Public exponents to test
std::vector<ByteString> exponents;
exponents.push_back("010001");
exponents.push_back("03");
exponents.push_back("0B");
exponents.push_back("11");
// Key sizes to test
std::vector<size_t> keySizes;
keySizes.push_back(1024);
#ifndef WITH_FIPS
keySizes.push_back(1025);
#endif
keySizes.push_back(1280);
keySizes.push_back(2048);
//keySizes.push_back(4096);
for (std::vector<ByteString>::iterator e = exponents.begin(); e != exponents.end(); e++)
{
for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
{
p.setE(*e);
p.setBitLength(*k);
// Generate key-pair
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(pub->getBitLength() == *k);
CPPUNIT_ASSERT(priv->getBitLength() == *k);
CPPUNIT_ASSERT(pub->getE() == *e);
CPPUNIT_ASSERT(priv->getE() == *e);
rsa->recycleKeyPair(kp);
}
}
}
void DHTests::testPKCS8()
{
// Generate 1024-bit parameters for testing
AsymmetricParameters* p;
//CPPUNIT_ASSERT(dh->generateParameters(&p, (void*) 1024));
// changed for 512-bit for speed...
#ifndef WITH_BOTAN
CPPUNIT_ASSERT(dh->generateParameters(&p, (void*) 1024));
#else
CPPUNIT_ASSERT(dh->generateParameters(&p, (void*) 512));
#endif
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(dh->generateKeyPair(&kp, p));
CPPUNIT_ASSERT(kp != NULL);
DHPrivateKey* priv = (DHPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(priv != NULL);
// Encode and decode the private key
ByteString pkcs8 = priv->PKCS8Encode();
CPPUNIT_ASSERT(pkcs8.size() != 0);
DHPrivateKey* dPriv = (DHPrivateKey*) dh->newPrivateKey();
CPPUNIT_ASSERT(dPriv != NULL);
CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
CPPUNIT_ASSERT(priv->getP() == dPriv->getP());
CPPUNIT_ASSERT(priv->getG() == dPriv->getG());
CPPUNIT_ASSERT(priv->getX() == dPriv->getX());
dh->recycleParameters(p);
dh->recycleKeyPair(kp);
dh->recyclePrivateKey(dPriv);
}
void EDDSATests::testSigningVerifying()
{
AsymmetricKeyPair* kp;
ECParameters *p;
// Curves to test
std::vector<ByteString> curves;
// Add ed25519
curves.push_back(ByteString("06032b6570"));
for (std::vector<ByteString>::iterator c = curves.begin(); c != curves.end(); c++)
{
// Get parameters
p = new ECParameters;
CPPUNIT_ASSERT(p != NULL);
p->setEC(*c);
// Generate key-pair
CPPUNIT_ASSERT(eddsa->generateKeyPair(&kp, p));
// Generate some data to sign
ByteString dataToSign;
RNG* rng = CryptoFactory::i()->getRNG();
CPPUNIT_ASSERT(rng != NULL);
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));
// Sign the data
ByteString sig;
CPPUNIT_ASSERT(eddsa->sign(kp->getPrivateKey(), dataToSign, sig, AsymMech::EDDSA));
// And verify it
CPPUNIT_ASSERT(eddsa->verify(kp->getPublicKey(), dataToSign, sig, AsymMech::EDDSA));
eddsa->recycleKeyPair(kp);
eddsa->recycleParameters(p);
}
}
void DSATests::testKeyGeneration()
{
AsymmetricKeyPair* kp;
// Key sizes to test
std::vector<size_t> keySizes;
#ifndef WITH_FIPS
keySizes.push_back(512);
keySizes.push_back(768);
keySizes.push_back(1024);
keySizes.push_back(1536);
#else
keySizes.push_back(1024);
#endif
#ifndef WITH_BOTAN
keySizes.push_back(2048);
#endif
for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
{
// Generate parameters
DSAParameters* p;
AsymmetricParameters** ap = (AsymmetricParameters**) &p;
CPPUNIT_ASSERT(dsa->generateParameters(ap, (void*) *k));
// Generate key-pair
CPPUNIT_ASSERT(dsa->generateKeyPair(&kp, p));
DSAPublicKey* pub = (DSAPublicKey*) kp->getPublicKey();
DSAPrivateKey* priv = (DSAPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(pub->getBitLength() == *k);
CPPUNIT_ASSERT(priv->getBitLength() == *k);
dsa->recycleParameters(p);
dsa->recycleKeyPair(kp);
}
}
void GOSTTests::testSerialisation()
{
CPPUNIT_ASSERT((gost = CryptoFactory::i()->getAsymmetricAlgorithm("gost")));
// Get GOST R 34.10-2001 params-A domain parameters
ECParameters* p = new ECParameters;
p->setEC(ByteString("06072a850302022301"));
// Serialise the parameters
ByteString serialisedParams = p->serialise();
// Deserialise the parameters
AsymmetricParameters* dEC;
CPPUNIT_ASSERT(gost->reconstructParameters(&dEC, serialisedParams));
CPPUNIT_ASSERT(dEC->areOfType(ECParameters::type));
ECParameters* ddEC = (ECParameters*) dEC;
CPPUNIT_ASSERT(p->getEC() == ddEC->getEC());
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(gost->generateKeyPair(&kp, dEC));
// Serialise the key-pair
ByteString serialisedKP = kp->serialise();
// Deserialise the key-pair
AsymmetricKeyPair* dKP;
CPPUNIT_ASSERT(gost->reconstructKeyPair(&dKP, serialisedKP));
// Check the deserialised key-pair
GOSTPrivateKey* privKey = (GOSTPrivateKey*) kp->getPrivateKey();
GOSTPublicKey* pubKey = (GOSTPublicKey*) kp->getPublicKey();
GOSTPrivateKey* dPrivKey = (GOSTPrivateKey*) dKP->getPrivateKey();
GOSTPublicKey* dPubKey = (GOSTPublicKey*) dKP->getPublicKey();
CPPUNIT_ASSERT(privKey->getD() == dPrivKey->getD());
CPPUNIT_ASSERT(pubKey->getQ() == dPubKey->getQ());
gost->recycleParameters(p);
gost->recycleParameters(dEC);
gost->recycleKeyPair(kp);
gost->recycleKeyPair(dKP);
CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
gost = NULL;
}
void GOSTTests::testSigningVerifying()
{
AsymmetricKeyPair* kp;
ECParameters *p;
ByteString curve = "06072a850302022301";
CPPUNIT_ASSERT((gost = CryptoFactory::i()->getAsymmetricAlgorithm("gost")));
// Get parameters
p = new ECParameters;
CPPUNIT_ASSERT(p != NULL);
p->setEC(curve);
// Generate key-pair
CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p));
// Generate some data to sign
ByteString dataToSign;
RNG* rng = CryptoFactory::i()->getRNG();
CPPUNIT_ASSERT(rng != NULL);
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));
// Sign the data
ByteString sig;
CPPUNIT_ASSERT(gost->sign(kp->getPrivateKey(), dataToSign, sig, "gost-gost"));
// And verify it
CPPUNIT_ASSERT(gost->verify(kp->getPublicKey(), dataToSign, sig, "gost-gost"));
gost->recycleKeyPair(kp);
gost->recycleParameters(p);
CryptoFactory::i()->recycleAsymmetricAlgorithm(gost);
gost = NULL;
}
void ECDSATests::testSerialisation()
{
// Get prime256v1 domain parameters
ECParameters* p = new ECParameters;
p->setEC(ByteString("06082a8648ce3d030107"));
// Serialise the parameters
ByteString serialisedParams = p->serialise();
// Deserialise the parameters
AsymmetricParameters* dEC;
CPPUNIT_ASSERT(ecdsa->reconstructParameters(&dEC, serialisedParams));
CPPUNIT_ASSERT(dEC->areOfType(ECParameters::type));
ECParameters* ddEC = (ECParameters*) dEC;
CPPUNIT_ASSERT(p->getEC() == ddEC->getEC());
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(ecdsa->generateKeyPair(&kp, dEC));
// Serialise the key-pair
ByteString serialisedKP = kp->serialise();
// Deserialise the key-pair
AsymmetricKeyPair* dKP;
CPPUNIT_ASSERT(ecdsa->reconstructKeyPair(&dKP, serialisedKP));
// Check the deserialised key-pair
ECPrivateKey* privKey = (ECPrivateKey*) kp->getPrivateKey();
ECPublicKey* pubKey = (ECPublicKey*) kp->getPublicKey();
ECPrivateKey* dPrivKey = (ECPrivateKey*) dKP->getPrivateKey();
ECPublicKey* dPubKey = (ECPublicKey*) dKP->getPublicKey();
CPPUNIT_ASSERT(privKey->getEC() == dPrivKey->getEC());
CPPUNIT_ASSERT(privKey->getD() == dPrivKey->getD());
CPPUNIT_ASSERT(pubKey->getEC() == dPubKey->getEC());
CPPUNIT_ASSERT(pubKey->getQ() == dPubKey->getQ());
ecdsa->recycleParameters(p);
ecdsa->recycleParameters(dEC);
ecdsa->recycleKeyPair(kp);
ecdsa->recycleKeyPair(dKP);
}
void RSATests::testPKCS8()
{
// Generate a 1024-bit key-pair for testing
AsymmetricKeyPair* kp;
RSAParameters p;
p.setE("010001");
p.setBitLength(1024);
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
CPPUNIT_ASSERT(kp != NULL);
RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
CPPUNIT_ASSERT(priv != NULL);
// Encode and decode the private key
ByteString pkcs8 = priv->PKCS8Encode();
CPPUNIT_ASSERT(pkcs8.size() != 0);
RSAPrivateKey* dPriv = (RSAPrivateKey*) rsa->newPrivateKey();
CPPUNIT_ASSERT(dPriv != NULL);
CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
CPPUNIT_ASSERT(priv->getP() == dPriv->getP());
CPPUNIT_ASSERT(priv->getQ() == dPriv->getQ());
CPPUNIT_ASSERT(priv->getPQ() == dPriv->getPQ());
CPPUNIT_ASSERT(priv->getDP1() == dPriv->getDP1());
CPPUNIT_ASSERT(priv->getDQ1() == dPriv->getDQ1());
CPPUNIT_ASSERT(priv->getD() == dPriv->getD());
CPPUNIT_ASSERT(priv->getN() == dPriv->getN());
CPPUNIT_ASSERT(priv->getE() == dPriv->getE());
rsa->recycleKeyPair(kp);
rsa->recyclePrivateKey(dPriv);
}
void DHTests::testDerivation()
{
AsymmetricKeyPair* kpa;
AsymmetricKeyPair* kpb;
// Key sizes to test
std::vector<size_t> keySizes;
#ifdef WITH_FIPS
keySizes.push_back(1024);
#else
keySizes.push_back(512);
//keySizes.push_back(768);
//keySizes.push_back(1024);
#endif
for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
{
// Generate parameters
AsymmetricParameters* p;
CPPUNIT_ASSERT(dh->generateParameters(&p, (void*) *k));
// Generate key-pairs
CPPUNIT_ASSERT(dh->generateKeyPair(&kpa, p));
CPPUNIT_ASSERT(dh->generateKeyPair(&kpb, p));
// Derive secrets
SymmetricKey* sa;
CPPUNIT_ASSERT(dh->deriveKey(&sa, kpb->getPublicKey(), kpa->getPrivateKey()));
SymmetricKey* sb;
CPPUNIT_ASSERT(dh->deriveKey(&sb, kpa->getPublicKey(), kpb->getPrivateKey()));
// Must be the same
CPPUNIT_ASSERT(sa->getKeyBits() == sb->getKeyBits());
// Clean up
dh->recycleSymmetricKey(sa);
dh->recycleSymmetricKey(sb);
dh->recycleKeyPair(kpa);
dh->recycleKeyPair(kpb);
dh->recycleParameters(p);
}
}
void ECDHTests::testDerivation()
{
AsymmetricKeyPair* kpa;
AsymmetricKeyPair* kpb;
ECParameters* p;
// Curves to test
std::vector<ByteString> curves;
// Add X9.62 prime256v1
curves.push_back(ByteString("06082a8648ce3d030107"));
// Add secp384r1
curves.push_back(ByteString("06052b81040022"));
for (std::vector<ByteString>::iterator c = curves.begin(); c != curves.end(); c++)
{
// Get parameters
p = new ECParameters;
CPPUNIT_ASSERT(p != NULL);
p->setEC(*c);
// Generate key-pairs
CPPUNIT_ASSERT(ecdh->generateKeyPair(&kpa, p));
CPPUNIT_ASSERT(ecdh->generateKeyPair(&kpb, p));
// Derive secrets
SymmetricKey* sa;
CPPUNIT_ASSERT(ecdh->deriveKey(&sa, kpb->getPublicKey(), kpa->getPrivateKey()));
SymmetricKey* sb;
CPPUNIT_ASSERT(ecdh->deriveKey(&sb, kpa->getPublicKey(), kpb->getPrivateKey()));
// Must be the same
CPPUNIT_ASSERT(sa->getKeyBits() == sb->getKeyBits());
// Clean up
ecdh->recycleSymmetricKey(sa);
ecdh->recycleSymmetricKey(sb);
ecdh->recycleKeyPair(kpa);
ecdh->recycleKeyPair(kpb);
ecdh->recycleParameters(p);
}
}
void EDDSATests::testDerivation()
{
AsymmetricKeyPair* kpa;
AsymmetricKeyPair* kpb;
ECParameters* p;
// Curves to test
std::vector<ByteString> curves;
// Add x25519
curves.push_back(ByteString("06032b656e"));
for (std::vector<ByteString>::iterator c = curves.begin(); c != curves.end(); c++)
{
// Get parameters
p = new ECParameters;
CPPUNIT_ASSERT(p != NULL);
p->setEC(*c);
// Generate key-pairs
CPPUNIT_ASSERT(eddsa->generateKeyPair(&kpa, p));
CPPUNIT_ASSERT(eddsa->generateKeyPair(&kpb, p));
// Derive secrets
SymmetricKey* sa;
CPPUNIT_ASSERT(eddsa->deriveKey(&sa, kpb->getPublicKey(), kpa->getPrivateKey()));
SymmetricKey* sb;
CPPUNIT_ASSERT(eddsa->deriveKey(&sb, kpa->getPublicKey(), kpb->getPrivateKey()));
// Must be the same
CPPUNIT_ASSERT(sa->getKeyBits() == sb->getKeyBits());
// Clean up
eddsa->recycleSymmetricKey(sa);
eddsa->recycleSymmetricKey(sb);
eddsa->recycleKeyPair(kpa);
eddsa->recycleKeyPair(kpb);
eddsa->recycleParameters(p);
}
}
void DHTests::testSerialisation()
{
// Generate 1024-bit parameters for testing
DHParameters* p;
AsymmetricParameters** ap = (AsymmetricParameters**) &p;
//CPPUNIT_ASSERT(dh->generateParameters(ap, (void*) 1024));
// changed for 512-bit for speed...
#ifndef WITH_BOTAN
CPPUNIT_ASSERT(dh->generateParameters(ap, (void*) 1024));
#else
CPPUNIT_ASSERT(dh->generateParameters(ap, (void*) 512));
#endif
// Set a fixed private value length
p->setXBitLength(128);
// Serialise the parameters
ByteString serialisedParams = p->serialise();
// Deserialise the parameters
AsymmetricParameters* dP;
CPPUNIT_ASSERT(dh->reconstructParameters(&dP, serialisedParams));
CPPUNIT_ASSERT(dP->areOfType(DHParameters::type));
DHParameters* ddP = (DHParameters*) dP;
CPPUNIT_ASSERT(p->getP() == ddP->getP());
CPPUNIT_ASSERT(p->getG() == ddP->getG());
CPPUNIT_ASSERT(p->getXBitLength() == ddP->getXBitLength());
// Generate a key-pair
AsymmetricKeyPair* kp;
CPPUNIT_ASSERT(dh->generateKeyPair(&kp, dP));
// Serialise the key-pair
ByteString serialisedKP = kp->serialise();
// Deserialise the key-pair
AsymmetricKeyPair* dKP;
CPPUNIT_ASSERT(dh->reconstructKeyPair(&dKP, serialisedKP));
// Check the deserialised key-pair
DHPrivateKey* privKey = (DHPrivateKey*) kp->getPrivateKey();
DHPublicKey* pubKey = (DHPublicKey*) kp->getPublicKey();
DHPrivateKey* dPrivKey = (DHPrivateKey*) dKP->getPrivateKey();
DHPublicKey* dPubKey = (DHPublicKey*) dKP->getPublicKey();
CPPUNIT_ASSERT(privKey->getP() == dPrivKey->getP());
CPPUNIT_ASSERT(privKey->getG() == dPrivKey->getG());
CPPUNIT_ASSERT(privKey->getX() == dPrivKey->getX());
CPPUNIT_ASSERT(pubKey->getP() == dPubKey->getP());
CPPUNIT_ASSERT(pubKey->getG() == dPubKey->getG());
CPPUNIT_ASSERT(pubKey->getY() == dPubKey->getY());
dh->recycleParameters(p);
dh->recycleParameters(dP);
dh->recycleKeyPair(kp);
dh->recycleKeyPair(dKP);
}
void RSATests::testSerialisation()
{
// Generate a 1024-bit key-pair for testing
AsymmetricKeyPair* kp;
RSAParameters p;
p.setE("010001");
p.setBitLength(1024);
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
CPPUNIT_ASSERT(kp != NULL);
// Serialise the parameters
ByteString serialisedParams = p.serialise();
// Deserialise the parameters
AsymmetricParameters* dP;
CPPUNIT_ASSERT(rsa->reconstructParameters(&dP, serialisedParams));
CPPUNIT_ASSERT(dP->areOfType(RSAParameters::type));
RSAParameters* ddP = (RSAParameters*) dP;
CPPUNIT_ASSERT(p.getE() == ddP->getE());
CPPUNIT_ASSERT(p.getBitLength() == ddP->getBitLength());
rsa->recycleParameters(dP);
// Serialise the key-pair
ByteString serialisedKP = kp->serialise();
CPPUNIT_ASSERT(serialisedKP.size() != 0);
// Deserialise the key-pair
AsymmetricKeyPair* dKP;
CPPUNIT_ASSERT(rsa->reconstructKeyPair(&dKP, serialisedKP));
CPPUNIT_ASSERT(serialisedKP.size() == 0);
CPPUNIT_ASSERT(dKP != NULL);
RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
RSAPublicKey* dPub = (RSAPublicKey*) dKP->getPublicKey();
RSAPrivateKey* dPriv = (RSAPrivateKey*) dKP->getPrivateKey();
CPPUNIT_ASSERT(pub->getN() == dPub->getN());
CPPUNIT_ASSERT(pub->getE() == dPub->getE());
CPPUNIT_ASSERT(priv->getP() == dPriv->getP());
CPPUNIT_ASSERT(priv->getQ() == dPriv->getQ());
CPPUNIT_ASSERT(priv->getPQ() == dPriv->getPQ());
CPPUNIT_ASSERT(priv->getDP1() == dPriv->getDP1());
CPPUNIT_ASSERT(priv->getDQ1() == dPriv->getDQ1());
CPPUNIT_ASSERT(priv->getD() == dPriv->getD());
CPPUNIT_ASSERT(priv->getN() == dPriv->getN());
CPPUNIT_ASSERT(priv->getE() == dPriv->getE());
// Serialise and deserialise the public key
ByteString serialisedPub = pub->serialise();
RSAPublicKey* desPub;
CPPUNIT_ASSERT(rsa->reconstructPublicKey((PublicKey**) &desPub, serialisedPub));
CPPUNIT_ASSERT(serialisedPub.size() == 0);
CPPUNIT_ASSERT(desPub != NULL);
CPPUNIT_ASSERT(pub->getN() == desPub->getN());
CPPUNIT_ASSERT(pub->getE() == desPub->getE());
// Serialise and deserialise the private key
ByteString serialisedPriv = priv->serialise();
RSAPrivateKey* desPriv;
CPPUNIT_ASSERT(rsa->reconstructPrivateKey((PrivateKey**) &desPriv, serialisedPriv));
CPPUNIT_ASSERT(serialisedPriv.size() == 0);
CPPUNIT_ASSERT(desPriv != NULL);
CPPUNIT_ASSERT(priv->getP() == desPriv->getP());
CPPUNIT_ASSERT(priv->getQ() == desPriv->getQ());
CPPUNIT_ASSERT(priv->getPQ() == desPriv->getPQ());
CPPUNIT_ASSERT(priv->getDP1() == desPriv->getDP1());
CPPUNIT_ASSERT(priv->getDQ1() == desPriv->getDQ1());
CPPUNIT_ASSERT(priv->getD() == desPriv->getD());
CPPUNIT_ASSERT(priv->getN() == desPriv->getN());
CPPUNIT_ASSERT(priv->getE() == desPriv->getE());
rsa->recycleKeyPair(kp);
rsa->recycleKeyPair(dKP);
rsa->recyclePublicKey(desPub);
rsa->recyclePrivateKey(desPriv);
}
void DSATests::testSigningVerifying()
{
AsymmetricKeyPair* kp;
// Key sizes to test
std::vector<size_t> keySizes;
#ifndef WITH_FIPS
keySizes.push_back(512);
keySizes.push_back(768);
keySizes.push_back(1024);
keySizes.push_back(1536);
#else
keySizes.push_back(1024);
#endif
#ifndef WITH_BOTAN
keySizes.push_back(2048);
#endif
// Mechanisms to test
std::vector<AsymMech::Type> mechanisms;
mechanisms.push_back(AsymMech::DSA_SHA1);
mechanisms.push_back(AsymMech::DSA_SHA224);
mechanisms.push_back(AsymMech::DSA_SHA256);
for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
{
// Generate parameters
AsymmetricParameters* p;
CPPUNIT_ASSERT(dsa->generateParameters(&p, (void*) *k));
// Generate key-pair
CPPUNIT_ASSERT(dsa->generateKeyPair(&kp, p));
// Generate some data to sign
ByteString dataToSign;
RNG* rng = CryptoFactory::i()->getRNG();
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));
// Test mechanisms that perform internal hashing
for (std::vector<AsymMech::Type>::iterator m = mechanisms.begin(); m != mechanisms.end(); m++)
{
ByteString blockSignature, singlePartSignature;
// Sign the data in blocks
CPPUNIT_ASSERT(dsa->signInit(kp->getPrivateKey(), *m));
CPPUNIT_ASSERT(dsa->signUpdate(dataToSign.substr(0, 134)));
CPPUNIT_ASSERT(dsa->signUpdate(dataToSign.substr(134, 289)));
CPPUNIT_ASSERT(dsa->signUpdate(dataToSign.substr(134 + 289)));
CPPUNIT_ASSERT(dsa->signFinal(blockSignature));
// Sign the data in one pass
CPPUNIT_ASSERT(dsa->sign(kp->getPrivateKey(), dataToSign, singlePartSignature, *m));
// Now perform multi-pass verification
CPPUNIT_ASSERT(dsa->verifyInit(kp->getPublicKey(), *m));
CPPUNIT_ASSERT(dsa->verifyUpdate(dataToSign.substr(0, 125)));
CPPUNIT_ASSERT(dsa->verifyUpdate(dataToSign.substr(125, 247)));
CPPUNIT_ASSERT(dsa->verifyUpdate(dataToSign.substr(125 + 247)));
CPPUNIT_ASSERT(dsa->verifyFinal(blockSignature));
// And single-pass verification
CPPUNIT_ASSERT(dsa->verify(kp->getPublicKey(), dataToSign, singlePartSignature, *m));
}
// Test mechanisms that do not perform internal hashing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, *k >= 2048 ? 32 : 20));
// Sign the data
ByteString signature;
CPPUNIT_ASSERT(dsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::DSA));
// Verify the signature
CPPUNIT_ASSERT(dsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::DSA));
dsa->recycleKeyPair(kp);
dsa->recycleParameters(p);
}
}
void RSATests::testSigningVerifying()
{
AsymmetricKeyPair* kp;
RSAParameters p;
// Public exponents to test
std::vector<ByteString> exponents;
exponents.push_back("010001");
exponents.push_back("03");
exponents.push_back("0B");
exponents.push_back("11");
// Key sizes to test
std::vector<size_t> keySizes;
keySizes.push_back(1024);
keySizes.push_back(1280);
keySizes.push_back(2048);
//keySizes.push_back(4096);
// Mechanisms to test
std::vector<AsymMech::Type> mechanisms;
#ifndef WITH_FIPS
mechanisms.push_back(AsymMech::RSA_MD5_PKCS);
#endif
mechanisms.push_back(AsymMech::RSA_SHA1_PKCS);
mechanisms.push_back(AsymMech::RSA_SHA224_PKCS);
mechanisms.push_back(AsymMech::RSA_SHA256_PKCS);
mechanisms.push_back(AsymMech::RSA_SHA384_PKCS);
mechanisms.push_back(AsymMech::RSA_SHA512_PKCS);
mechanisms.push_back(AsymMech::RSA_SHA1_PKCS_PSS);
mechanisms.push_back(AsymMech::RSA_SHA224_PKCS_PSS);
mechanisms.push_back(AsymMech::RSA_SHA256_PKCS_PSS);
mechanisms.push_back(AsymMech::RSA_SHA384_PKCS_PSS);
mechanisms.push_back(AsymMech::RSA_SHA512_PKCS_PSS);
#ifndef WITH_FIPS
mechanisms.push_back(AsymMech::RSA_SSL);
#endif
/* Max salt length for SHA512 and 1024-bit RSA is 62 bytes */
RSA_PKCS_PSS_PARAMS pssParams[] = {
{ HashAlgo::SHA1, AsymRSAMGF::MGF1_SHA1, 20 },
{ HashAlgo::SHA224, AsymRSAMGF::MGF1_SHA224, 0 },
{ HashAlgo::SHA256, AsymRSAMGF::MGF1_SHA256, 0 },
{ HashAlgo::SHA384, AsymRSAMGF::MGF1_SHA384, 48 },
{ HashAlgo::SHA512, AsymRSAMGF::MGF1_SHA512, 62 }
};
for (std::vector<ByteString>::iterator e = exponents.begin(); e != exponents.end(); e++)
{
for (std::vector<size_t>::iterator k = keySizes.begin(); k != keySizes.end(); k++)
{
p.setE(*e);
p.setBitLength(*k);
// Generate key-pair
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
// Generate some data to sign
ByteString dataToSign;
RNG* rng = CryptoFactory::i()->getRNG();
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));
// Test mechanisms that perform internal hashing
for (std::vector<AsymMech::Type>::iterator m = mechanisms.begin(); m != mechanisms.end(); m++)
{
ByteString blockSignature, singlePartSignature;
void* param = NULL;
size_t paramLen = 0;
bool isPSS = false;
switch (*m)
{
case AsymMech::RSA_SHA1_PKCS_PSS:
param = &pssParams[0];
paramLen = sizeof(pssParams[0]);
isPSS = true;
break;
case AsymMech::RSA_SHA224_PKCS_PSS:
param = &pssParams[1];
paramLen = sizeof(pssParams[1]);
isPSS = true;
break;
case AsymMech::RSA_SHA256_PKCS_PSS:
param = &pssParams[2];
paramLen = sizeof(pssParams[2]);
isPSS = true;
break;
case AsymMech::RSA_SHA384_PKCS_PSS:
param = &pssParams[3];
paramLen = sizeof(pssParams[3]);
isPSS = true;
break;
case AsymMech::RSA_SHA512_PKCS_PSS:
param = &pssParams[4];
paramLen = sizeof(pssParams[4]);
isPSS = true;
break;
default:
break;
}
// Sign the data in blocks
CPPUNIT_ASSERT(rsa->signInit(kp->getPrivateKey(), *m, param, paramLen));
CPPUNIT_ASSERT(rsa->signUpdate(dataToSign.substr(0, 134)));
CPPUNIT_ASSERT(rsa->signUpdate(dataToSign.substr(134, 289)));
CPPUNIT_ASSERT(rsa->signUpdate(dataToSign.substr(134 + 289)));
CPPUNIT_ASSERT(rsa->signFinal(blockSignature));
// Sign the data in one pass
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, singlePartSignature, *m, param, paramLen));
// If it is not a PSS signature, check if the two signatures match
if (!isPSS)
{
// Check if the two signatures match
CPPUNIT_ASSERT(blockSignature == singlePartSignature);
}
// Now perform multi-pass verification
CPPUNIT_ASSERT(rsa->verifyInit(kp->getPublicKey(), *m, param, paramLen));
CPPUNIT_ASSERT(rsa->verifyUpdate(dataToSign.substr(0, 125)));
CPPUNIT_ASSERT(rsa->verifyUpdate(dataToSign.substr(125, 247)));
CPPUNIT_ASSERT(rsa->verifyUpdate(dataToSign.substr(125 + 247)));
CPPUNIT_ASSERT(rsa->verifyFinal(blockSignature));
// And single-pass verification
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, singlePartSignature, *m, param, paramLen));
}
// Test mechanisms that do not perform internal hashing
// Test PKCS #1 signing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 35));
// Sign the data
ByteString signature;
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS));
// Verify the signature
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS));
// Test raw RSA signing
size_t byteSize = *k >> 3;
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, byteSize));
// Strip the topmost bit
dataToSign[0] &= 0x7F;
// Sign the data
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA));
// Verify the signature
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA));
#ifdef WITH_RAW_PSS
// Test raw (SHA1) PKCS PSS signing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 20));
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[0], sizeof(pssParams[0])));
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[0], sizeof(pssParams[0])));
// Test raw (SHA224) PKCS PSS signing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 28));
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[1], sizeof(pssParams[1])));
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[1], sizeof(pssParams[1])));
// Test raw (SHA256) PKCS PSS signing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 32));
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[2], sizeof(pssParams[2])));
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[2], sizeof(pssParams[2])));
// Test raw (SHA384) PKCS PSS signing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 48));
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[3], sizeof(pssParams[3])));
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[3], sizeof(pssParams[3])));
// Test raw (SHA512) PKCS PSS signing
CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 64));
CPPUNIT_ASSERT(rsa->sign(kp->getPrivateKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[4], sizeof(pssParams[4])));
CPPUNIT_ASSERT(rsa->verify(kp->getPublicKey(), dataToSign, signature, AsymMech::RSA_PKCS_PSS, &pssParams[4], sizeof(pssParams[4])));
#endif
rsa->recycleKeyPair(kp);
}
}
}
