src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c

   1 /*
   2  * Copyright (C) 2014-2015 Andreas Steffen
   3  * HSR Hochschule fuer Technik Rapperswil
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 #include "test_suite.h"
  17
  18 #include <bliss_private_key.h>
  19 #include <bliss_public_key.h>
  20
  21 static u_int key_type[] = { 1, 3, 4 };
  22 static u_int key_strength[] = { 128, 160, 192 };
  23
  24 START_TEST(test_bliss_sign_all)
  25 {
  26         signature_scheme_t signature_scheme;
  27         private_key_t *privkey, *privkey1;
  28         public_key_t *pubkey, *pubkey1;
  29         chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
  30         int k;
  31
  32         for (k = 0; k < 4; k++)
  33         {
  34                 int verify_count = 1000;
  35
  36                 switch (k)
  37                 {
  38                         case 1:
  39                                 signature_scheme = SIGN_BLISS_WITH_SHA2_256;
  40                                 break;
  41                         case 2:
  42                                 signature_scheme = SIGN_BLISS_WITH_SHA2_384;
  43                                 break;
  44                         default:
  45                                 signature_scheme = SIGN_BLISS_WITH_SHA2_512;
  46                 }
  47
  48                 /* enforce BLISS-B key for k = 2, 3 */
  49                 lib->settings->set_bool(lib->settings,
  50                                 "%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);
  51
  52                 msg = chunk_from_str("Hello Dolly!");
  53
  54                 /* generate private key */
  55                 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
  56                                                                          BUILD_KEY_SIZE, key_type[_i], BUILD_END);
  57                 ck_assert(privkey);
  58
  59                 /* generate ASN.1 DER and PEM encoding of private key */
  60                 ck_assert(privkey->get_encoding(privkey, (k % 2) ?
  61                                   PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));
  62
  63                 /* extract public key from private key */
  64                 pubkey = privkey->get_public_key(privkey);
  65                 ck_assert(pubkey);
  66
  67                 /* generate ASN.1 DER and PEM encodings of public key */
  68                 ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
  69                                   PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));
  70
  71                 /* compare fingerprints of public and private key */
  72                 ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
  73                                   KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
  74                 ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
  75                                   KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
  76                 ck_assert(chunk_equals(pubkey_fp, privkey_fp));
  77
  78                 /* retrieve fingerprints of public and private key from cache */
  79                 ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
  80                                   KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
  81                 ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
  82                                   KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
  83
  84                 /* get a reference of the private key and destroy both instances */
  85                 privkey1 = privkey->get_ref(privkey);
  86                 ck_assert(privkey1);
  87                 ck_assert(privkey1 == privkey);
  88                 privkey->destroy(privkey);
  89                 privkey1->destroy(privkey1);
  90
  91                 /* get a reference of the public key and destroy both instances */
  92                 pubkey1 = pubkey->get_ref(pubkey);
  93                 ck_assert(pubkey1);
  94                 ck_assert(pubkey1 == pubkey);
  95                 pubkey->destroy(pubkey);
  96                 pubkey1->destroy(pubkey1);
  97
  98                 /* enforce BLISS-B key for k = 1, 3 */
  99                 lib->settings->set_bool(lib->settings,
 100                                 "%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);
 101
 102                 /* load private key from ASN.1 blob */
 103                 privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
 104                                                                          BUILD_BLOB, privkey_blob, BUILD_END);
 105                 ck_assert(privkey);
 106                 ck_assert(privkey->get_type(privkey) == KEY_BLISS);
 107                 ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
 108                 chunk_free(&privkey_blob);
 109
 110                 /* load public key from ASN.1 blob */
 111                 pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
 112                                                                         BUILD_BLOB, pubkey_blob, BUILD_END);
 113                 ck_assert(pubkey);
 114                 ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
 115                 ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
 116                 chunk_free(&pubkey_blob);
 117
 118                 /* generate and verify 1000 BLISS signatures */
 119                 while (verify_count--)
 120                 {
 121                         ck_assert(privkey->sign(privkey, signature_scheme, msg,
 122                                                                         &signature));
 123                         ck_assert(pubkey->verify(pubkey, signature_scheme, msg,
 124                                                                          signature));
 125                         free(signature.ptr);
 126                 }
 127                 privkey->destroy(privkey);
 128                 pubkey->destroy(pubkey);
 129         }
 130 }
 131 END_TEST
 132
 133 START_TEST(test_bliss_sign_fail)
 134 {
 135         private_key_t *privkey;
 136         public_key_t *pubkey;
 137         chunk_t msg, signature, encoding, fp;
 138
 139         /* generate non-supported BLISS-II private key */
 140         privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
 141                                                                  BUILD_KEY_SIZE, BLISS_II, BUILD_END);
 142         ck_assert(!privkey);
 143
 144         /* generate non-supported BLISS-B-II private key */
 145         privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
 146                                                                  BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
 147         ck_assert(!privkey);
 148
 149         /* generate supported BLISS-B-I private key */
 150         privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
 151                                                                  BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
 152         ck_assert(privkey);
 153
 154         /* wrong private key encoding format */
 155         ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));
 156
 157         /* wrong fingerprint encoding format */
 158         ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));
 159
 160         /* extract public key */
 161         pubkey = privkey->get_public_key(privkey);
 162         ck_assert(pubkey);
 163
 164         /* wrong private key encoding format */
 165         ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));
 166
 167         /* wrong fingerprint encoding format */
 168         ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));
 169
 170         /* encryption / decryption operation is not defined for BLISS */
 171         ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
 172         ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
 173
 174         /* sign with invalid signature scheme */
 175         ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, msg, &signature));
 176
 177         /* generate valid signature */
 178         msg = chunk_from_str("Hello Dolly!");
 179         ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
 180
 181         /* verify with invalid signature scheme */
 182         ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
 183
 184         /* corrupt signature */
 185         signature.ptr[signature.len - 1] ^= 0x80;
 186         ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
 187
 188         free(signature.ptr);
 189         privkey->destroy(privkey);
 190         pubkey->destroy(pubkey);
 191 }
 192 END_TEST
 193
 194 Suite *bliss_sign_suite_create()
 195 {
 196         Suite *s;
 197         TCase *tc;
 198
 199         s = suite_create("bliss_sign");
 200
 201         tc = tcase_create("sign_all");
 202         test_case_set_timeout(tc, 30);
 203         tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
 204         suite_add_tcase(s, tc);
 205
 206         tc = tcase_create("sign_fail");
 207         tcase_add_test(tc, test_bliss_sign_fail);
 208         suite_add_tcase(s, tc);
 209
 210         return s;
 211 }