a3e4420a9da5fc04c89924c2f678fc683b37e02a
[strongswan.git] / src / libstrongswan / plugins / bliss / tests / suites / test_bliss_sign.c
1 /*
2 * Copyright (C) 2014-2015 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <bliss_private_key.h>
19 #include <bliss_public_key.h>
20
21 static u_int key_type[] = { 1, 3, 4 };
22 static u_int key_strength[] = { 128, 160, 192 };
23
24 START_TEST(test_bliss_sign_all)
25 {
26 signature_scheme_t signature_scheme;
27 private_key_t *privkey, *privkey1;
28 public_key_t *pubkey, *pubkey1;
29 chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
30 int k;
31
32 for (k = 0; k < 4; k++)
33 {
34 int verify_count = 1000;
35
36 switch (k)
37 {
38 case 1:
39 signature_scheme = SIGN_BLISS_WITH_SHA2_256;
40 break;
41 case 2:
42 signature_scheme = SIGN_BLISS_WITH_SHA2_384;
43 break;
44 default:
45 signature_scheme = SIGN_BLISS_WITH_SHA2_512;
46 }
47
48 /* enforce BLISS-B key for k = 2, 3 */
49 lib->settings->set_bool(lib->settings,
50 "%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);
51
52 msg = chunk_from_str("Hello Dolly!");
53
54 /* generate private key */
55 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
56 BUILD_KEY_SIZE, key_type[_i], BUILD_END);
57 ck_assert(privkey);
58
59 /* generate ASN.1 DER and PEM encoding of private key */
60 ck_assert(privkey->get_encoding(privkey, (k % 2) ?
61 PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));
62
63 /* extract public key from private key */
64 pubkey = privkey->get_public_key(privkey);
65 ck_assert(pubkey);
66
67 /* generate ASN.1 DER and PEM encodings of public key */
68 ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
69 PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));
70
71 /* compare fingerprints of public and private key */
72 ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
73 KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
74 ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
75 KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
76 ck_assert(chunk_equals(pubkey_fp, privkey_fp));
77
78 /* retrieve fingerprints of public and private key from cache */
79 ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
80 KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
81 ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
82 KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
83
84 /* get a reference of the private key and destroy both instances */
85 privkey1 = privkey->get_ref(privkey);
86 ck_assert(privkey1);
87 ck_assert(privkey1 == privkey);
88 privkey->destroy(privkey);
89 privkey1->destroy(privkey1);
90
91 /* get a reference of the public key and destroy both instances */
92 pubkey1 = pubkey->get_ref(pubkey);
93 ck_assert(pubkey1);
94 ck_assert(pubkey1 == pubkey);
95 pubkey->destroy(pubkey);
96 pubkey1->destroy(pubkey1);
97
98 /* enforce BLISS-B key for k = 1, 3 */
99 lib->settings->set_bool(lib->settings,
100 "%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);
101
102 /* load private key from ASN.1 blob */
103 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
104 BUILD_BLOB, privkey_blob, BUILD_END);
105 ck_assert(privkey);
106 ck_assert(privkey->get_type(privkey) == KEY_BLISS);
107 ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
108 chunk_free(&privkey_blob);
109
110 /* load public key from ASN.1 blob */
111 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
112 BUILD_BLOB, pubkey_blob, BUILD_END);
113 ck_assert(pubkey);
114 ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
115 ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
116 chunk_free(&pubkey_blob);
117
118 /* generate and verify 1000 BLISS signatures */
119 while (verify_count--)
120 {
121 ck_assert(privkey->sign(privkey, signature_scheme, msg,
122 &signature));
123 ck_assert(pubkey->verify(pubkey, signature_scheme, msg,
124 signature));
125 free(signature.ptr);
126 }
127 privkey->destroy(privkey);
128 pubkey->destroy(pubkey);
129 }
130 }
131 END_TEST
132
133 START_TEST(test_bliss_sign_fail)
134 {
135 private_key_t *privkey;
136 public_key_t *pubkey;
137 chunk_t msg, signature, encoding, fp;
138
139 /* generate non-supported BLISS-II private key */
140 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
141 BUILD_KEY_SIZE, BLISS_II, BUILD_END);
142 ck_assert(!privkey);
143
144 /* generate non-supported BLISS-B-II private key */
145 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
146 BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
147 ck_assert(!privkey);
148
149 /* generate supported BLISS-B-I private key */
150 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
151 BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
152 ck_assert(privkey);
153
154 /* wrong private key encoding format */
155 ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));
156
157 /* wrong fingerprint encoding format */
158 ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));
159
160 /* extract public key */
161 pubkey = privkey->get_public_key(privkey);
162 ck_assert(pubkey);
163
164 /* wrong private key encoding format */
165 ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));
166
167 /* wrong fingerprint encoding format */
168 ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));
169
170 /* encryption / decryption operation is not defined for BLISS */
171 ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
172 ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
173
174 /* sign with invalid signature scheme */
175 ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, msg, &signature));
176
177 /* generate valid signature */
178 msg = chunk_from_str("Hello Dolly!");
179 ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
180
181 /* verify with invalid signature scheme */
182 ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
183
184 /* corrupt signature */
185 signature.ptr[signature.len - 1] ^= 0x80;
186 ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
187
188 free(signature.ptr);
189 privkey->destroy(privkey);
190 pubkey->destroy(pubkey);
191 }
192 END_TEST
193
194 Suite *bliss_sign_suite_create()
195 {
196 Suite *s;
197 TCase *tc;
198
199 s = suite_create("bliss_sign");
200
201 tc = tcase_create("sign_all");
202 test_case_set_timeout(tc, 30);
203 tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
204 suite_add_tcase(s, tc);
205
206 tc = tcase_create("sign_fail");
207 tcase_add_test(tc, test_bliss_sign_fail);
208 suite_add_tcase(s, tc);
209
210 return s;
211 }