END_TEST
START_TEST(check_ecdh_kdf)
{
EC_KEY *ec1, *ec2, *pub1, *pub2;
int res;
size_t serial_size;
unsigned char *serial_temp, key1[48], key2[48];
memset(key1, 0, 48);
memset(key2, 0, 48);
res = crypto_init();
ec1 = _generate_ec_keypair(0);
ec2 = _generate_ec_keypair(0);
ck_assert_msg((ec1 != NULL), "EC key generation failed.\n");
ck_assert_msg((ec2 != NULL), "EC key generation failed.\n");
serial_temp = _serialize_ec_pubkey(ec1, &serial_size);
ck_assert_msg(serial_temp != NULL, "could not serialize public key.\n");
pub1 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);
res = _compute_aes256_kek(pub1, ec2, key1);
ck_assert_msg((res == 0), "could not perform ECDH key exchange.\n");
free(serial_temp);
serial_temp = _serialize_ec_pubkey(ec2, &serial_size);
ck_assert_msg((serial_temp != NULL), "could not serialize public key.\n");
pub2 = _deserialize_ec_pubkey(serial_temp, serial_size, 0);
res = _compute_aes256_kek(pub2, ec1, key2);
ck_assert_msg((res == 0), "could not perform the second ECDH key exchange.\n");
ck_assert_msg((memcmp(key1, key2, 48) == 0), "the key derivation functions did not yield the correct result");
fprintf(stderr, "ECDH key derivation function check completed.\n");
}
/**
* @brief
* Load an EC public key from a file.
* @param filename
* the name of the file from which the key should be loaded
* @return
* a pointer to the deserialized public key from the the file.
*/
EC_KEY * _load_ec_pubkey(char const *filename) {
char *filedata;
unsigned char *bin;
size_t binsize;
EC_KEY *result;
if (!filename) {
RET_ERROR_PTR(ERR_BAD_PARAM, NULL);
}
if (!(filedata = _read_pem_data(filename, "PUBLIC KEY", 1))) {
RET_ERROR_PTR(ERR_UNSPEC, "could not read ec pubkey pem file");
}
bin = _b64decode(filedata, strlen(filedata), &binsize);
_secure_wipe(filedata, strlen(filedata));
free(filedata);
if (!bin) {
RET_ERROR_PTR(ERR_UNSPEC, "could not decode b64 data");
}
result = _deserialize_ec_pubkey(bin, binsize);
_secure_wipe(bin, binsize);
free(bin);
if (!result) {
RET_ERROR_PTR(ERR_UNSPEC, "could not deserialize binary ec pubkey");
}
return result;
}
END_TEST
START_TEST(check_ec_serialization)
{
EC_KEY *pair, *pair2;
unsigned char *sbuf, *sbuf2;
int res;
size_t ssize, ssize2;
res = crypto_init();
ck_assert_msg(!res, "Crypto initialization routine failed.\n");
for (size_t i = 0; i < N_SERIALIZATION_TESTS; i++) {
pair = _generate_ec_keypair(0);
ck_assert_msg((pair != NULL), "EC serialization check failed: could not generate key pair.\n");
sbuf = _serialize_ec_pubkey(pair, &ssize);
ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");
pair2 = _deserialize_ec_pubkey(sbuf, ssize, 0);
ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");
sbuf2 = _serialize_ec_pubkey(pair, &ssize2);
ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");
ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);
res = memcmp(sbuf, sbuf2, ssize);
ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");
free(sbuf);
free(sbuf2);
_free_ec_key(pair2);
sbuf = _serialize_ec_privkey(pair, &ssize);
ck_assert_msg((sbuf != NULL), "EC serialization check failed: pubkey serialization error.\n");
pair2 = _deserialize_ec_privkey(sbuf, ssize, 0);
ck_assert_msg((pair2 != NULL), "EC serialization check failed: pubkey deserialization error.\n");
sbuf2 = _serialize_ec_privkey(pair, &ssize2);
ck_assert_msg((sbuf2 != NULL), "EC serialization check failed: pubkey serialization error [2].\n");
ck_assert_msg((ssize == ssize2), "EC serialization check failed: serialized pubkeys had different serialized lengths {%u vs %u}\n", ssize, ssize2);
res = memcmp(sbuf, sbuf2, ssize);
ck_assert_msg(!res, "EC serialization check failed: serialized pubkeys had different data.\n");
free(sbuf);
free(sbuf2);
free_ec_key(pair);
}
fprintf(stderr, "EC serialization check completed.\n");
}