END_TEST

START_TEST(check_signet_signature_verification)
{
	char *fp;
	const char *org_keys = "check_org.keys";
	unsigned char signature[ED25519_SIG_SIZE];
	ED25519_KEY *orgkey;
	int res;
	signet_t *org_signet;

	_crypto_init();

	org_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, org_keys);
	ck_assert_msg(org_signet != NULL, "Failure to create signet with keys file.\n");

	orgkey = dime_keys_signkey_fetch(org_keys);
	ck_assert_msg(orgkey != NULL, "Failure to fetch private signing key from keys file.\n");

	res = dime_sgnt_sig_crypto_sign(org_signet, orgkey);
	ck_assert_msg(res == 0, "Failure to create organizational cryptographic signet signature.\n");

	fp = dime_sgnt_fingerprint_crypto(org_signet);
	ck_assert_msg(fp != NULL, "Failed to fingerprint organiational signet.\n");

	res = ed25519_sign_data((const unsigned char *)fp, strlen(fp), orgkey, signature);
	ck_assert_msg(res == 0, "Failed to provided data with ed25519 key.\n");

	res = dime_sgnt_msg_sig_verify(org_signet, signature, (const unsigned char *)fp, strlen(fp));
	ck_assert_msg(res == 1, "Failed to verify signature using signet.\n");

	fprintf(stderr, "Signet signature verification check complete.\n");
}
示例#2
0
END_TEST


START_TEST(load_ec_key_file)
{
	char filename[256], *b64key;
	EC_KEY *result, *key;
	size_t size;
	unsigned char *serial;
	int res;

	res = _crypto_init();

	ck_assert_msg(!res, "Crypto initialization routine failed.\n");

	for (size_t i = 0; i < 5; ++i) {
		key = _generate_ec_keypair(0);
		snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
		serial = _serialize_ec_privkey(key, &size);
		b64key = _b64encode(serial, size);
		free(serial);
		_write_pem_data(b64key, "EC PRIVATE KEY", filename);
		free(b64key);

		snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
		serial = _serialize_ec_pubkey(key, &size);
		free_ec_key(key);
		b64key = _b64encode(serial, size);
		free(serial);
		_write_pem_data(b64key, "PUBLIC KEY", filename);
		free(b64key);
	}

	for (size_t i = 0; i < 5; i++) {
		snprintf(filename, sizeof(filename), "ec-key-%zu-priv.pem", i + 1);
		result = _load_ec_privkey(filename);
		ck_assert_msg(result != NULL, "load_ec_privkey failed for %s", filename);
		free_ec_key(result);

		snprintf(filename, sizeof(filename), "ec-key-%zu-pub.pem", i + 1);
		result = _load_ec_pubkey(filename);
		ck_assert_msg(result != NULL, "load_ec_pubkey failed for %s", filename);
		free_ec_key(result);
	}

	fprintf(stderr, "EC key load from file check completed.\n");
}
END_TEST

START_TEST(check_signet_sok)
{

	ED25519_KEY *sok, *sok_from_signet;
	int res;
	signet_t *signet;

	_crypto_init();

	signet = dime_sgnt_signet_create(SIGNET_TYPE_USER);
	ck_assert_msg(signet != NULL, "Failure to create user signet.\n");

	sok = generate_ed25519_keypair();
	ck_assert_msg(sok != NULL, "Failure to generate ed25519 key pair.\n");

	res = dime_sgnt_sok_create(signet, sok, (unsigned char) SIGNKEY_DEFAULT_FORMAT, (SIGNET_SOK_SIGNET | SIGNET_SOK_MSG | SIGNET_SOK_TLS | SIGNET_SOK_SOFTWARE) );
	ck_assert_msg(res == -1, "Error cause by inserting a SOK inside a user signet.\n");

	dime_sgnt_signet_destroy(signet);

	signet = dime_sgnt_signet_create(SIGNET_TYPE_ORG);
	ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n");

	res = dime_sgnt_sok_create(signet, sok, 214, (SIGNET_SOK_SIGNET | SIGNET_SOK_MSG) );
	ck_assert_msg(res == -1, "Error caused by inserting a SOK with an invalid format.\n");

	res = dime_sgnt_sok_create(signet, sok, (unsigned char) SIGNKEY_DEFAULT_FORMAT, (SIGNET_SOK_SIGNET | SIGNET_SOK_MSG | SIGNET_SOK_TLS | SIGNET_SOK_SOFTWARE) );
	ck_assert_msg(res == 0, "Failure to add a SOK field to signet.\n");

	sok_from_signet = dime_sgnt_sok_num_fetch(signet, 1);
	ck_assert_msg(sok_from_signet != NULL, "Failure to fetch SOK from signet.\n");

	res = memcmp(sok->public_key, sok_from_signet->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "SOK was corrupted during inserting and fetching into and from the signet.\n");

	free_ed25519_key(sok_from_signet);
	dime_sgnt_signet_destroy(signet);

	fprintf(stderr, "Signet SOK check complete.\n");
}
END_TEST

START_TEST(check_signet_fingerprint)
{
	char *fp1, *fp2;
	int res;
	signet_t *signet;

	_crypto_init();

	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, "fp_test.keys");
	ck_assert_msg(signet != NULL, "Failed to create signet with keys.\n");

	fp1 = dime_sgnt_fingerprint_ssr(signet);
	ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");

	fp2 = dime_sgnt_fingerprint_ssr(signet);
	ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");

	ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");

	res = memcmp(fp1, fp2, strlen(fp1));
	ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");

	free(fp2);

	fp2 = dime_sgnt_fingerprint_crypto(signet);
	ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");

	ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");

	res = memcmp(fp1, fp2, strlen(fp1));
	ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
	
	free(fp2);

	fp2 = dime_sgnt_fingerprint_full(signet);
	ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");

	ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");

	res = memcmp(fp1, fp2, strlen(fp1));
	ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
	
	free(fp2);

	fp2 = dime_sgnt_fingerprint_id(signet);
	ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");

	ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");

	res = memcmp(fp1, fp2, strlen(fp1));
	ck_assert_msg(res == 0, "Inconsistent fingerprinting.\n");
	
	free(fp2);

	res = dime_sgnt_id_set(signet, 7, (const unsigned char *)"some id");
	ck_assert_msg(res == 0, "Failed to set signet id.\n");

	fp2 = dime_sgnt_fingerprint_id(signet);
	ck_assert_msg(signet != NULL, "Failed to fingerprint signet.\n");

	ck_assert_msg(strlen(fp1) == strlen(fp2), "Inconsistent fingerprinting.\n");

	res = memcmp(fp1, fp2, strlen(fp1));
	ck_assert_msg(res != 0, "Either a sha512 hash collision occurred or fingerprinting is broken.\n");
	
	free(fp2);
	free(fp1);
	dime_sgnt_signet_destroy(signet);
	
	fprintf(stderr, "Signet fingerprinting check complete.\n");
}
END_TEST

START_TEST(check_signet_multi_signkey)
{

	EC_KEY *eckey;
	ED25519_KEY *keys[5], **fetched;
	int res;
	signet_t *signet;

	_crypto_init();

	for(int i = 0; i < 5; ++i) {
		keys[i] = generate_ed25519_keypair();
	}

	eckey = generate_ec_keypair(0);

	signet = dime_sgnt_signet_create(SIGNET_TYPE_ORG);
	ck_assert_msg(signet != NULL, "Failed to create organizational signet.\n");

	res = dime_sgnt_signkey_set(signet, keys[0], SIGNKEY_DEFAULT_FORMAT);
	ck_assert_msg(res == 0, "Failed to set signet POK.\n");

	res += dime_sgnt_sok_create(signet, keys[1], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_SIGNET);
	ck_assert_msg(res == 0, "Failed to create SOK 1.\n");

	res += dime_sgnt_sok_create(signet, keys[2], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_MSG);
	ck_assert_msg(res == 0, "Failed to create SOK 2.\n");

	res += dime_sgnt_sok_create(signet, keys[3], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_TLS);
	ck_assert_msg(res == 0, "Failed to create SOK 3.\n");

	res += dime_sgnt_sok_create(signet, keys[4], SIGNKEY_DEFAULT_FORMAT, SIGNET_SOK_SOFTWARE);
	ck_assert_msg(res == 0, "Failed to create SOK 4.\n");

	res = dime_sgnt_enckey_set(signet, eckey, 0);
	ck_assert_msg(res == 0, "Failed to set signet encryption key.\n");

	free_ec_key(eckey);

	res = dime_sgnt_sig_crypto_sign(signet, keys[0]);
	ck_assert_msg(res == 0, "Failed to sign organizational signet with its private POK.\n");

	fetched = dime_sgnt_signkeys_signet_fetch(signet);
	ck_assert_msg( (fetched != NULL), "Failed to fetch signing keys.\n");
	ck_assert_msg( (fetched[0] != NULL), "Failed to fetch signing keys.\n");
	ck_assert_msg( (fetched[1] != NULL), "Failed to fetch signing keys.\n");
	ck_assert_msg( (fetched[2] == NULL), "Failed to fetch signing keys.\n");

	res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "POK was corrupted.\n");
	
	res = memcmp(fetched[1]->public_key, keys[1]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "SOK 1 was corrupted.\n");

	free_ed25519_key_chain(fetched);
	fetched = NULL;
	fetched = dime_sgnt_signkeys_msg_fetch(signet);
	ck_assert_msg( (fetched != NULL) && 
                       (fetched[0] != NULL) && 
                       (fetched[1] != NULL) && 
                       (fetched[2] == NULL), "Failed to fetch signing keys.\n");
	res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "POK was corrupted.\n");

	res = memcmp(fetched[1]->public_key, keys[2]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "SOK 2 was corrupted.\n");

	free_ed25519_key_chain(fetched);
	fetched = NULL;

	fetched = dime_sgnt_signkeys_tls_fetch(signet);
	ck_assert_msg( (fetched != NULL) && 
                       (fetched[0] != NULL) && 
                       (fetched[1] != NULL) && 
                       (fetched[2] == NULL), "Failed to fetch signing keys.\n");

	res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "POK was corrupted.\n");
	
	res = memcmp(fetched[1]->public_key, keys[3]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "SOK 3 was corrupted.\n");
	
	free_ed25519_key_chain(fetched);
	fetched = NULL;

	fetched = dime_sgnt_signkeys_software_fetch(signet);
	ck_assert_msg( (fetched != NULL) && 
                       (fetched[0] != NULL) && 
                       (fetched[1] != NULL) && 
                       (fetched[2] == NULL), "Failed to fetch signing keys.\n");

	res = memcmp(fetched[0]->public_key, keys[0]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "POK was corrupted.\n");
	
	res = memcmp(fetched[1]->public_key, keys[4]->public_key, ED25519_KEY_SIZE);
	ck_assert_msg(res == 0, "SOK 4 was corrupted.\n");
	
	free_ed25519_key_chain(fetched);
	fetched = NULL;

	for(int i = 0; i < 5; ++i) {
		free_ed25519_key(keys[i]);
	}

	dime_sgnt_signet_destroy(signet);

	fprintf(stderr, "Signet selective signing key multi-fetching check complete.\n");
}
END_TEST

START_TEST(check_signet_keys_pairing)
{
	const char *filename_u = "keys_user.keys", *filename_o = "keys_org.keys",
	           *filename_s = "keys_ssr.keys", *filename_w = "keys_wrong.keys",
	           *to_sign = "AbcDEFghijKLMNOpqrstuVWXYZ";
	EC_KEY *priv_enckey, *pub_enckey;
	ED25519_KEY *priv_signkey, *pub_signkey;
	ed25519_signature sigbuf;
	int res = 0;
	signet_t *signet;
	signet_type_t type;
	size_t enc1_size, enc2_size;
	unsigned char *enc1_pub, *enc2_pub;

	_crypto_init();

/* creating user signet with keys */
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_USER, filename_u);
	ck_assert_msg(signet != NULL, "Failure to create user signet.\n");

	type = dime_sgnt_type_get(signet);
	ck_assert_msg(type == SIGNET_TYPE_USER, "Corrupted signet type.\n");

	priv_signkey = dime_keys_signkey_fetch(filename_u);
	ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");

	res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
	ck_assert_msg(res == 0, "Failure to sign data buffer.\n");

	pub_signkey = dime_sgnt_signkey_fetch(signet);
	ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");

	res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
	ck_assert_msg(res = 1, "Failure to verify signature");

	priv_enckey = dime_keys_enckey_fetch(filename_u);
	ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");

	enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
	ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");

	pub_enckey = dime_sgnt_enckey_fetch(signet);
	ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");

	enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
	ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
	ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");

	_free_ed25519_key(priv_signkey);
	_free_ed25519_key(pub_signkey);
	_free_ec_key(pub_enckey);
	_free_ec_key(priv_enckey);
	free(enc1_pub);
	free(enc2_pub);
	dime_sgnt_signet_destroy(signet);

/* creating organizational signet with keys */
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, filename_o);
	ck_assert_msg(signet != NULL, "Failure to create organizational signet.\n");

	type = dime_sgnt_type_get(signet);
	ck_assert_msg(type == SIGNET_TYPE_ORG, "Corrupted signet type.\n");

	priv_signkey = dime_keys_signkey_fetch(filename_o);
	ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");

	res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
	ck_assert_msg(res == 0, "Failure to sign data buffer.\n");

	pub_signkey = dime_sgnt_signkey_fetch(signet);
	ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");

	res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
	ck_assert_msg(res = 1, "Failure to verify signature");

	priv_enckey = dime_keys_enckey_fetch(filename_o);
	ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");

	enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
	ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");

	pub_enckey = dime_sgnt_enckey_fetch(signet);
	ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");

	enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
	ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
	ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");

	_free_ed25519_key(priv_signkey);
	_free_ed25519_key(pub_signkey);
	_free_ec_key(priv_enckey);
	_free_ec_key(pub_enckey);
	free(enc1_pub);
	free(enc2_pub);
	dime_sgnt_signet_destroy(signet);

/* creating ssr signet with keys */
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, filename_s);
	ck_assert_msg(signet != NULL, "Failure to create SSR.\n");

	type = dime_sgnt_type_get(signet);
	ck_assert_msg(type == SIGNET_TYPE_SSR, "Corrupted signet type.\n");

	priv_signkey = dime_keys_signkey_fetch(filename_s);
	ck_assert_msg(priv_signkey != NULL, "Failure to fetch private signing key from file.\n");

	res = _ed25519_sign_data((const unsigned char *)to_sign, strlen(to_sign), priv_signkey, sigbuf);
	ck_assert_msg(res == 0, "Failure to sign data buffer.\n");

	pub_signkey = dime_sgnt_signkey_fetch(signet);
	ck_assert_msg(pub_signkey != NULL, "Failure to fetch public signing key from signet.\n");

	res = _ed25519_verify_sig((const unsigned char *)to_sign, strlen(to_sign), pub_signkey, sigbuf);
	ck_assert_msg(res = 1, "Failure to verify signature");

	priv_enckey = dime_keys_enckey_fetch(filename_s);
	ck_assert_msg(priv_enckey != NULL, "Failure to fetch private encryption key from file.\n");

	enc1_pub = _serialize_ec_pubkey(priv_enckey, &enc1_size);
	ck_assert_msg(enc1_pub != NULL, "Failure to serialize public portion of the private encryption key.\n");

	pub_enckey = dime_sgnt_enckey_fetch(signet);
	ck_assert_msg(pub_enckey != NULL, "Failure to fetch public encryption key from signet.\n");

	enc2_pub = _serialize_ec_pubkey(pub_enckey, &enc2_size);
	ck_assert_msg(enc1_size == enc2_size, "Corrupted public encryption key size.\n");
	ck_assert_msg(memcmp(enc1_pub, enc2_pub, enc1_size) == 0, "Corrupted public encryption key data.\n");

	_free_ed25519_key(priv_signkey);
	_free_ed25519_key(pub_signkey);
	_free_ec_key(priv_enckey);
	_free_ec_key(pub_enckey);
	free(enc1_pub);
	free(enc2_pub);
	dime_sgnt_signet_destroy(signet);

/*creating invalid signet types*/
	signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ERROR, filename_w);
	ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type SIGNET_TYPE_ERROR.\n");
	ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type SIGNET_TYPE_ERROR.\n");

	signet = dime_sgnt_signet_create_w_keys(31, filename_w);
	ck_assert_msg(signet == NULL, "Unintended creation of signet with invalid type 31.\n");
	ck_assert_msg(access(filename_w, F_OK) == -1, "Unintended creation of keys file for signet with invalid type 31.\n");

	fprintf(stderr, "Signet file keypair check completed.\n");
}
END_TEST

START_TEST(check_signet_validation)
{
	const char *org_keys = "check_org.keys", *user_keys = "check_user.keys", *newuser_keys = "check_newuser.keys";
	ED25519_KEY *orgkey, *userkey, **keys_obj;
	int res;
	signet_state_t state;
	signet_t *org_signet, *user_signet, *newuser_signet, *split, *split2;
	unsigned char **org_signet_sign_keys;
	size_t keysnum = 1;

	_crypto_init();
//create org signet and keys file
	org_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_ORG, org_keys);
	ck_assert_msg(org_signet != NULL, "Failure to create signet with keys file.\n");
//retrieve org private signing key
	orgkey = dime_keys_signkey_fetch(org_keys);
	//ck_assert_msg(orgkey != NULL, "Failure to fetch private signing key from keys file.\n");
//sign org cryptographic signet signature
	res = dime_sgnt_sig_crypto_sign(org_signet, orgkey);
	//ck_assert_msg(res == 0, "Failure to create organizational cryptographic signet signature.\n");
//retrieve the list of all org signet-signing keys (note we're using this instead of retrieving the list of POKs from the dime record just to have a list of keys, 1 of which will be valid.)
	keys_obj = dime_sgnt_signkeys_signet_fetch(org_signet);
	res = dime_sgnt_sig_crypto_sign(org_signet, orgkey);
	ck_assert_msg(keys_obj != NULL, "Failure to retrieve organizational signet signing keys.\n");
//convert ed25519 pointer chain to serialized ed25519 public key pointer chain

	for(size_t i = 0; keys_obj[i]; ++i) {
		++keysnum;
	}

	org_signet_sign_keys = malloc(sizeof(unsigned char *) * keysnum);
	memset(org_signet_sign_keys, 0, sizeof(unsigned char *) * keysnum);

	for(size_t i = 0; keys_obj[i]; ++i) {

		org_signet_sign_keys[i] = malloc(ED25519_KEY_SIZE);
		memcpy(org_signet_sign_keys[i], keys_obj[i]->public_key, ED25519_KEY_SIZE);
	}
//verify that the org crypto signet is valid
	state = dime_sgnt_validate_all(org_signet, NULL, NULL, (const unsigned char **)org_signet_sign_keys);
	ck_assert_msg(state == SS_CRYPTO, "Failure to correctly validate organizational signet as a cryptographic signet.\n");
//sign org full signet signature
	res = dime_sgnt_sig_full_sign(org_signet, orgkey);
	ck_assert_msg(res == 0, "Failure to create organizational full signet signature.\n");
//verify that the org full signet is valid
	state = dime_sgnt_validate_all(org_signet, NULL, NULL, (const unsigned char **)org_signet_sign_keys);
	ck_assert_msg(state == SS_FULL, "Failure to correctly validate organizational signet as a full signet.\n");
//set organizational signet id
	res = dime_sgnt_id_set(org_signet, strlen("test_org_signet"), (const unsigned char *)"test_org_signet");
	ck_assert_msg(res == 0, "Failure to set organizational signet id.\n");
//sign identified signet signature
	res = dime_sgnt_sig_id_sign(org_signet, orgkey);
	ck_assert_msg(res == 0, "Failure to create organizational identifiable signet signature field.\n");
//verify that the org signet is a valid identifiable signet
	state = dime_sgnt_validate_all(org_signet, NULL, NULL, (const unsigned char **)org_signet_sign_keys);
	ck_assert_msg(state == SS_ID, "Failure to correctly validate organizational signet as an identifiable signet.\n");
//create ssr signet and user keys file
	user_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, user_keys);
	ck_assert_msg(user_signet != NULL, "Failure to create ssr with keys file.\n");
//retrieve user private signing key
	userkey = dime_keys_signkey_fetch(user_keys);
	ck_assert_msg(userkey != NULL, "Failure to fetch user's private signing key from keys file.\n");
//sign the ssr signature with user keys
	res = dime_sgnt_sig_ssr_sign(user_signet, userkey);
	ck_assert_msg(res == 0, "Failure to sign ssr with the user's private signing key.\n");
//verify that the signet is a valid ssr
	state = dime_sgnt_validate_all(user_signet, NULL, NULL, NULL);
	ck_assert_msg(state == SS_SSR, "Failure to correctly validate ssr.\n");
//sign ssr with org signing key
	res = dime_sgnt_sig_crypto_sign(user_signet, orgkey);
	ck_assert_msg(res == 0, "Failure to sign ssr into a user cryptographic signet using organizational private signing key.\n");
//verify that the signet is now a valid user core signet
	state = dime_sgnt_validate_all(user_signet, NULL, org_signet, NULL);
	ck_assert_msg(state == SS_CRYPTO, "Failure to correctly validate user cryptographic signet.\n");
//sign the full signature with org key
	res = dime_sgnt_sig_full_sign(user_signet, orgkey);
	ck_assert_msg(res == 0, "Failure to sign user signet with the full signet signature.\n");
//verify that the user signet is now a valid core signet
	state = dime_sgnt_validate_all(user_signet, NULL, org_signet, NULL);
	ck_assert_msg(state == SS_FULL, "Failure to correctly validate user full signet.\n");
//set user signet id (address)
	res = dime_sgnt_id_set(user_signet, strlen("*****@*****.**"), (const unsigned char *)"*****@*****.**");
	ck_assert_msg(res == 0, "Failure to set user signet id.\n");
//sign the user signature with the identifiable signet signature
	res = dime_sgnt_sig_id_sign(user_signet, orgkey);
	ck_assert_msg(res == 0, "Failure to sign user signet with the identifiable signet signature.\n");
//verify that the user signet is a valid full signet
	state = dime_sgnt_validate_all(user_signet, NULL, org_signet, NULL);
	ck_assert_msg(state == SS_ID, "Failure to correctly validate user identifiable signet.\n");
//create new ssr and keys file
	newuser_signet = dime_sgnt_signet_create_w_keys(SIGNET_TYPE_SSR, newuser_keys);
	ck_assert_msg(newuser_signet != NULL, "Failure to create ssr with keys file.\n");
//sign the new ssr with a chain of custody signature using the user's old signing key
	res = dime_sgnt_sig_coc_sign(newuser_signet, userkey);
	ck_assert_msg(res == 0, "Failure to create the chain of custody signature.\n");

	_free_ed25519_key(userkey);

//retrieve user's new private signing key
	userkey = dime_keys_signkey_fetch(newuser_keys);
	ck_assert_msg(userkey != NULL, "Failure to retrieve user's new private signing key.\n");
//perform all the signatures on the new ssr (adding an address as the id is required for the identifiable signet signature.
	dime_sgnt_sig_ssr_sign(newuser_signet, userkey);
	dime_sgnt_sig_crypto_sign(newuser_signet, orgkey);
	dime_sgnt_sig_full_sign(newuser_signet, orgkey);
	dime_sgnt_id_set(newuser_signet, strlen("*****@*****.**"), (const unsigned char *)"*****@*****.**");
	dime_sgnt_sig_id_sign(newuser_signet, orgkey);
//Confirm that without using the previous signet to verify the chain of custody, the signet validation returns broken chain of custody
	state = dime_sgnt_validate_all(newuser_signet, NULL, org_signet, NULL);
	ck_assert_msg(state == SS_BROKEN_COC, "Failure to invalidate signet due to no parent signet being provided to validate chain of custody signature.\n");
//Config that by using the previous signet to verify chain of custody, the new user signet is validate as identifiable signet.
//TODO it may be necessary to test intermediate states with presence of chain of custody also
	state = dime_sgnt_validate_all(newuser_signet, user_signet, org_signet, NULL);
	ck_assert_msg(state == SS_ID, "Failure to validate an identifiable signet with a chain of custody signature.\n");

//Now, lets test splitting.
	split = dime_sgnt_signet_full_split(newuser_signet);
	ck_assert_msg(split != NULL, "Failed to split identifiable user signet into a full user signet.\n");

	dime_sgnt_signet_destroy(newuser_signet);

	state = dime_sgnt_validate_all(split, user_signet, org_signet, NULL);
	ck_assert_msg(state == SS_FULL, "Failure to validate full user signet with chain of custody.\n");

	split2 = dime_sgnt_signet_crypto_split(split);
	ck_assert_msg(split2 != NULL, "Failed to split full user signet into a cryptographic user signet.\n");

	dime_sgnt_signet_destroy(split);

	state = dime_sgnt_validate_all(split2, user_signet, org_signet, NULL);
	ck_assert_msg(state = SS_CRYPTO, "Failure to validate cryptographic user signet with chain of custody.\n");

	dime_sgnt_signet_destroy(split2);

	_ptr_chain_free(org_signet_sign_keys);
	_free_ed25519_key_chain(keys_obj);
	_free_ed25519_key(orgkey);
	_free_ed25519_key(userkey);
	dime_sgnt_signet_destroy(user_signet);
	dime_sgnt_signet_destroy(org_signet);

	fprintf(stderr, "Signet signing and validation check complete.\n");
}