END_TEST START_TEST(load_ec_key_file) { char filename[256], *b64key; EC_KEY *result, *key; size_t size; unsigned char *serial; int res; res = _crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); for (size_t i = 0; i < 5; ++i) { key = _generate_ec_keypair(0); snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1); serial = _serialize_ec_privkey(key, &size); b64key = _b64encode(serial, size); free(serial); _write_pem_data(b64key, "EC PRIVATE KEY", filename); free(b64key); snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1); serial = _serialize_ec_pubkey(key, &size); free_ec_key(key); b64key = _b64encode(serial, size); free(serial); _write_pem_data(b64key, "PUBLIC KEY", filename); free(b64key); } for (size_t i = 0; i < 5; i++) { snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1); result = _load_ec_privkey(filename); ck_assert_msg(result != NULL, "load_ec_privkey failed for %s", filename); free_ec_key(result); snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1); result = _load_ec_pubkey(filename); ck_assert_msg(result != NULL, "load_ec_pubkey failed for %s", filename); free_ec_key(result); } fprintf(stderr, "EC key load from file check completed.\n"); }
END_TEST START_TEST(check_ec_serialization) { EC_KEY *pair, *pair2; unsigned char *sbuf, *sbuf2; int res; size_t ssize, ssize2; res = crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) { pair = _generate_ec_keypair(0); ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n"); sbuf = _serialize_ec_pubkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_pubkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); _free_ec_key(pair2); sbuf = _serialize_ec_privkey(pair, &ssize); ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n"); pair2 = _deserialize_ec_privkey(sbuf, ssize, 0); ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n"); sbuf2 = _serialize_ec_privkey(pair, &ssize2); ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n"); ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2); res = memcmp(sbuf, sbuf2, ssize); ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n"); free(sbuf); free(sbuf2); free_ec_key(pair); } fprintf(stderr, "EC serialization check completed.\n"); }
END_TEST START_TEST(check_ec_sha_signatures) { EC_KEY *key; unsigned char *rdata, *sigdata; size_t dlens[] = { 16, 128, 1024, 65535 }; size_t rsize, siglen, last_min = 1; unsigned int shabits; int res; res = crypto_init(); ck_assert_msg(!res, "Crypto initialization routine failed.\n"); key = generate_ec_keypair(0); ck_assert_msg((key != NULL), "EC SHA signature/verification check failed: could not generate key pair.\n"); for (size_t i = 0; i < (sizeof(dlens) / sizeof(dlens[0])); i++) { for (size_t j = 0; j < N_SIGNATURE_TIER_TESTS; j++) { for (size_t k = 0; k < 3; k++) { if (!k) { shabits = 160; } else if (k == 1) { shabits = 256; } else { shabits = 512; } rdata = gen_random_data(last_min, dlens[i], &rsize); ck_assert_msg((rdata != NULL), "EC SHA signature/verification check failed: could not generate random data.\n"); sigdata = ec_sign_sha_data(rdata, rsize, shabits, key, &siglen); ck_assert_msg((sigdata != NULL), "EC SHA signature/verification check failed: could not sign data.\n"); ck_assert_msg((siglen > 0), "EC SHA signature/verification check failed: signature result had bad length.\n"); res = verify_ec_sha_signature(rdata, rsize, shabits, sigdata, siglen, key); ck_assert_msg((res == 1), "EC SHA signature/verification check failed: signature verification failed (%d).\n", res); free(sigdata); free(rdata); } last_min = dlens[i]; } } free_ec_key(key); fprintf(stderr, "EC SHA signature/verification check completed.\n"); }
END_TEST START_TEST(check_signet_multi_signkey) { EC_KEY *eckey; ED25519_KEY *keys[5], **fetched; int res; signet_t *signet; _crypto_init(); for(int i = 0; i < 5; ++i) { keys[i] = generate_ed25519_keypair(); } eckey = generate_ec_keypair(0); signet = dime_sgnt_signet_create(SIGNET_TYPE_ORG); ck_assert_msg(signet != NULL, "Failed to create organizational signet.\n"); res = dime_sgnt_signkey_set(signet, keys[0], SIGNKEY_DEFAULT_FORMAT); ck_assert_msg(res == 0, "Failed to set signet POK.\n"); res += dime_sgnt_sok_create(signet, keys[1], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_SIGNET); ck_assert_msg(res == 0, "Failed to create SOK 1.\n"); res += dime_sgnt_sok_create(signet, keys[2], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_MSG); ck_assert_msg(res == 0, "Failed to create SOK 2.\n"); res += dime_sgnt_sok_create(signet, keys[3], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_TLS); ck_assert_msg(res == 0, "Failed to create SOK 3.\n"); res += dime_sgnt_sok_create(signet, keys[4], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_SOFTWARE); ck_assert_msg(res == 0, "Failed to create SOK 4.\n"); res = dime_sgnt_enckey_set(signet, eckey, 0); ck_assert_msg(res == 0, "Failed to set signet encryption key.\n"); free_ec_key(eckey); res = dime_sgnt_sig_crypto_sign(signet, keys[0]); ck_assert_msg(res == 0, "Failed to sign organizational signet with its private POK.\n"); fetched = dime_sgnt_signkeys_signet_fetch(signet); ck_assert_msg( (fetched != NULL), "Failed to fetch signing keys.\n"); ck_assert_msg( (fetched[0] != NULL), "Failed to fetch signing keys.\n"); ck_assert_msg( (fetched[1] != NULL), "Failed to fetch signing keys.\n"); ck_assert_msg( (fetched[2] == NULL), "Failed to fetch signing keys.\n"); res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "POK was corrupted.\n"); res = memcmp(fetched[1]->public_key, keys[1]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "SOK 1 was corrupted.\n"); free_ed25519_key_chain(fetched); fetched = NULL; fetched = dime_sgnt_signkeys_msg_fetch(signet); ck_assert_msg( (fetched != NULL) && (fetched[0] != NULL) && (fetched[1] != NULL) && (fetched[2] == NULL), "Failed to fetch signing keys.\n"); res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "POK was corrupted.\n"); res = memcmp(fetched[1]->public_key, keys[2]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "SOK 2 was corrupted.\n"); free_ed25519_key_chain(fetched); fetched = NULL; fetched = dime_sgnt_signkeys_tls_fetch(signet); ck_assert_msg( (fetched != NULL) && (fetched[0] != NULL) && (fetched[1] != NULL) && (fetched[2] == NULL), "Failed to fetch signing keys.\n"); res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "POK was corrupted.\n"); res = memcmp(fetched[1]->public_key, keys[3]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "SOK 3 was corrupted.\n"); free_ed25519_key_chain(fetched); fetched = NULL; fetched = dime_sgnt_signkeys_software_fetch(signet); ck_assert_msg( (fetched != NULL) && (fetched[0] != NULL) && (fetched[1] != NULL) && (fetched[2] == NULL), "Failed to fetch signing keys.\n"); res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "POK was corrupted.\n"); res = memcmp(fetched[1]->public_key, keys[4]->public_key, ED25519_KEY_SIZE); ck_assert_msg(res == 0, "SOK 4 was corrupted.\n"); free_ed25519_key_chain(fetched); fetched = NULL; for(int i = 0; i < 5; ++i) { free_ed25519_key(keys[i]); } dime_sgnt_signet_destroy(signet); fprintf(stderr, "Signet selective signing key multi-fetching check complete.\n"); }