Annotation of embedaddon/strongswan/src/libstrongswan/tests/suites/test_signature_params.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2017-2018 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "test_suite.h"
17:
18: #include <asn1/oid.h>
19: #include <asn1/asn1.h>
20: #include <credentials/keys/signature_params.h>
21:
22: static struct {
23: chunk_t aid;
24: rsa_pss_params_t params;
25: } rsa_pss_parse_tests[] = {
26: /* from RFC 7427, no parameters (empty sequence) */
27: { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00),
28: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
29: /* from RFC 7427, default parameters (SHA-1), would actually not be sent
30: * like this, as corrected in errata */
31: { chunk_from_chars(0x30,0x3e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x31,0xa0,
32: 0x0b,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0xa1,0x18,0x30,0x16,
33: 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,0x09,0x06,0x05,0x2b,
34: 0x0e,0x03,0x02,0x1a,0x05,0x00,0xa2,0x03,0x02,0x01,0x14,0xa3,0x03,0x02,0x01,0x01),
35: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
36: /* from RFC 7427, SHA-256 */
37: { chunk_from_chars(0x30,0x46,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x39,0xa0,
38: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
39: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
40: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
41: 0x02,0x01,0x20,0xa3,0x03,0x02,0x01,0x01),
42: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
43: /* from RFC 7427, SHA-256 (errata, without trailer, with len corrections) */
44: { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
45: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
46: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
47: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
48: 0x02,0x01,0x20),
49: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
50: /* SHA-512 */
51: { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
52: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,
53: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
54: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0xa2,0x03,
55: 0x02,0x01,0x40),
56: { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA512, }},
57: /* SHA-256, no salt */
58: { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
59: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
60: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
61: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
62: 0x02,0x01,0x00),
63: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 0, }},
64: /* only hash specified */
65: { chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11,
66: 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,
67: 0x05,0x00),
68: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
69: /* only mgf specified */
70: { chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
71: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,
72: 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00),
73: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA1, }},
74: /* only salt specified */
75: { chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,0xa2,
76: 0x03,0x02,0x01,0x20),
77: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA256, }},
78: };
79:
80: START_TEST(test_rsa_pss_params_parse)
81: {
82: rsa_pss_params_t parsed;
83: chunk_t params;
84: int oid;
85:
86: oid = asn1_parse_algorithmIdentifier(rsa_pss_parse_tests[_i].aid, 0, ¶ms);
87: ck_assert_int_eq(OID_RSASSA_PSS, oid);
88: ck_assert(rsa_pss_params_parse(params, 1, &parsed));
89: ck_assert_int_eq(rsa_pss_parse_tests[_i].params.hash, parsed.hash);
90: ck_assert_int_eq(rsa_pss_parse_tests[_i].params.mgf1_hash, parsed.mgf1_hash);
91: ck_assert_int_eq(rsa_pss_parse_tests[_i].params.salt_len, parsed.salt_len);
92: }
93: END_TEST
94:
95: chunk_t rsa_pss_parse_invalid_tests[] = {
96: /* unknown hash */
97: chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11,
98: 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x00,
99: 0x05,0x00),
100: /* unknown mgf */
101: chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
102: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x00,
103: 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00),
104: /* unknown mgf-1 hash */
105: chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
106: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,
107: 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x00,0x05,0x00),
108: /* incorrect trailer */
109: chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,
110: 0xa3,0x03,0x02,0x01,0x02),
111: /* too long trailer */
112: chunk_from_chars(0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x06,
113: 0xa3,0x04,0x02,0x02,0x01,0x01),
114: };
115:
116: START_TEST(test_rsa_pss_params_parse_invalid)
117: {
118: rsa_pss_params_t parsed;
119: chunk_t params;
120: int oid;
121:
122: oid = asn1_parse_algorithmIdentifier(rsa_pss_parse_invalid_tests[_i], 0, ¶ms);
123: ck_assert_int_eq(OID_RSASSA_PSS, oid);
124: ck_assert(!rsa_pss_params_parse(params, 1, &parsed));
125: }
126: END_TEST
127:
128: static struct {
129: chunk_t aid;
130: rsa_pss_params_t params;
131: } rsa_pss_build_tests[] = {
132: /* default parameters -> empty sequence */
133: { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00),
134: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
135: /* SHA-256 */
136: { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
137: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
138: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
139: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
140: 0x02,0x01,0x20),
141: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }},
142: /* default salt length: SHA-1 */
143: { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00),
144: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
145: /* default salt length: SHA-224 */
146: { chunk_from_chars(0x30,0x23,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x16,0xa0,
147: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,
148: 0xa2,0x03,0x02,0x01,0x1c),
149: { .hash = HASH_SHA224, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA224, }},
150: /* default salt length: SHA-384 */
151: { chunk_from_chars(0x30,0x23,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x16,0xa0,
152: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,
153: 0xa2,0x03,0x02,0x01,0x30),
154: { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA384, }},
155: /* SHA-512 */
156: { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
157: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,
158: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
159: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0xa2,0x03,
160: 0x02,0x01,0x40),
161: { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA512, }},
162: /* SHA-256, no salt */
163: { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0,
164: 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,
165: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,
166: 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03,
167: 0x02,0x01,0x00),
168: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 0, }},
169: /* SHA-256, rest default */
170: { chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11,
171: 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,
172: 0x05,0x00),
173: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }},
174: /* MGF1-SHA-256, rest default */
175: { chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e,
176: 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,
177: 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00),
178: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA1, }},
179: /* only salt specified */
180: { chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,0xa2,
181: 0x03,0x02,0x01,0x20),
182: { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA256, }},
183: };
184:
185: START_TEST(test_rsa_pss_params_build)
186: {
187: chunk_t params, aid;
188:
189: ck_assert(rsa_pss_params_build(&rsa_pss_build_tests[_i].params, ¶ms));
190: aid = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_RSASSA_PSS),
191: params);
192: ck_assert_chunk_eq(rsa_pss_build_tests[_i].aid, aid);
193: chunk_free(&aid);
194: }
195: END_TEST
196:
197: rsa_pss_params_t rsa_pss_build_invalid_tests[] = {
198: /* unknown hash */
199: { .hash = HASH_UNKNOWN, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, },
200: /* invalid mgf */
201: { .hash = HASH_SHA256, .mgf1_hash = HASH_UNKNOWN, .salt_len = HASH_SIZE_SHA256, },
202: /* undetermined salt */
203: { .hash = HASH_UNKNOWN, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, },
204: };
205:
206: START_TEST(test_rsa_pss_params_build_invalid)
207: {
208: chunk_t params;
209:
210: ck_assert(!rsa_pss_params_build(&rsa_pss_build_invalid_tests[_i], ¶ms));
211: }
212: END_TEST
213:
214:
215: static struct {
216: ssize_t expected;
217: size_t modbits;
218: rsa_pss_params_t params;
219: } rsa_pss_salt_len_tests[] = {
220: { HASH_SIZE_SHA256, 0,
221: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
222: { HASH_SIZE_SHA256, 3072,
223: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }},
224: { -1, 0,
225: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_MAX, }},
226: { 0, 256,
227: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_MAX, }},
228: { 350, 3071,
229: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_MAX, }},
230: { 350, 3072,
231: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_MAX, }},
232: { 350, 3073,
233: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_MAX, }},
234: { 478, 4096,
235: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_MAX, }},
236: { 10, 0,
237: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 10, }},
238: { 10, 3072,
239: { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 10, }},
240: };
241:
242: START_TEST(test_rsa_pss_params_set_salt_len)
243: {
244: if (rsa_pss_params_set_salt_len(&rsa_pss_salt_len_tests[_i].params,
245: rsa_pss_salt_len_tests[_i].modbits))
246: {
247: ck_assert_int_eq(rsa_pss_salt_len_tests[_i].expected,
248: rsa_pss_salt_len_tests[_i].params.salt_len);
249: }
250: else
251: {
252: ck_assert(rsa_pss_salt_len_tests[_i].expected < 0);
253: }
254: }
255: END_TEST
256:
257: static rsa_pss_params_t rsa_pss_params_sha1 = { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, };
258: static rsa_pss_params_t rsa_pss_params_sha256 = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, };
259: static rsa_pss_params_t rsa_pss_params_sha256_mgf1 = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA256, };
260: static rsa_pss_params_t rsa_pss_params_sha256_salt = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 10, };
261:
262: static struct {
263: bool equal;
264: bool complies;
265: signature_params_t a;
266: signature_params_t b;
267: } params_compare_tests[] = {
268: { TRUE, TRUE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, },
269: { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA1, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, },
270: { TRUE, TRUE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
271: { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, },
272: { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 },
273: { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 }, },
274: { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
275: { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_mgf1 }, },
276: { FALSE, TRUE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
277: { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, },
278: { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha1 },
279: { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, },
280: { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
281: { .scheme = SIGN_RSA_EMSA_PSS, }, },
282: };
283:
284: START_TEST(test_params_compare)
285: {
286: bool res;
287:
288: res = signature_params_equal(¶ms_compare_tests[_i].a,
289: ¶ms_compare_tests[_i].b);
290: ck_assert(res == params_compare_tests[_i].equal);
291: res = signature_params_comply(¶ms_compare_tests[_i].a,
292: ¶ms_compare_tests[_i].b);
293: ck_assert(res == params_compare_tests[_i].complies);
294: res = signature_params_comply(¶ms_compare_tests[_i].b,
295: ¶ms_compare_tests[_i].a);
296: ck_assert(res == params_compare_tests[_i].complies);
297: }
298: END_TEST
299:
300: START_TEST(test_params_compare_null)
301: {
302: ck_assert(signature_params_equal(NULL, NULL));
303: ck_assert(!signature_params_equal(¶ms_compare_tests[0].a, NULL));
304: ck_assert(!signature_params_equal(NULL, ¶ms_compare_tests[0].a));
305: }
306: END_TEST
307:
308: static struct {
309: signature_params_t src;
310: signature_params_t res;
311: } params_clone_tests[] = {
312: { { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, },
313: { { .scheme = SIGN_RSA_EMSA_PSS }, { .scheme = SIGN_RSA_EMSA_PSS }, },
314: { { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 },
315: { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, },
316: { { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt },
317: { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, },
318: { { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 },
319: { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }, },
320: };
321:
322: START_TEST(test_params_clone)
323: {
324: signature_params_t *clone = NULL;
325:
326: clone = signature_params_clone(¶ms_clone_tests[_i].src);
327: ck_assert(signature_params_equal(clone, ¶ms_clone_tests[_i].res));
328: signature_params_destroy(clone);
329: }
330: END_TEST
331:
332: START_TEST(test_params_clone_null)
333: {
334: signature_params_t *clone = NULL;
335:
336: clone = signature_params_clone(clone);
337: ck_assert(!clone);
338: signature_params_destroy(clone);
339: }
340: END_TEST
341:
342: START_TEST(test_params_clear)
343: {
344: signature_params_t *clone;
345:
346: clone = signature_params_clone(¶ms_clone_tests[_i].src);
347: signature_params_clear(clone);
348: ck_assert_int_eq(clone->scheme, SIGN_UNKNOWN);
349: ck_assert(!clone->params);
350: free(clone);
351: }
352: END_TEST
353:
354: START_TEST(test_params_clear_null)
355: {
356: signature_params_t *clone = NULL;
357:
358: signature_params_clear(clone);
359: }
360: END_TEST
361:
362: START_TEST(test_params_parse_rsa_pss)
363: {
364: signature_params_t parsed, res = { .scheme = SIGN_RSA_EMSA_PSS, };
365:
366: ck_assert(signature_params_parse(rsa_pss_parse_tests[_i].aid, 0, &parsed));
367: res.params = &rsa_pss_parse_tests[_i].params;
368: ck_assert(signature_params_equal(&parsed, &res));
369: signature_params_clear(&parsed);
370: }
371: END_TEST
372:
373: START_TEST(test_params_parse_rsa_pss_invalid)
374: {
375: signature_params_t parsed;
376:
377: ck_assert(!signature_params_parse(rsa_pss_parse_invalid_tests[_i], 0, &parsed));
378: }
379: END_TEST
380:
381: static struct {
382: bool valid;
383: chunk_t aid;
384: signature_params_t params;
385: } params_parse_tests[] = {
386: { TRUE, chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00),
387: { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }},
388: { TRUE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02),
389: { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }},
390: { FALSE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0xff), },
391: };
392:
393: START_TEST(test_params_parse_other)
394: {
395: signature_params_t parsed;
396:
397: if (params_parse_tests[_i].valid)
398: {
399: ck_assert(signature_params_parse(params_parse_tests[_i].aid, 0, &parsed));
400: ck_assert(signature_params_equal(&parsed, ¶ms_parse_tests[_i].params));
401: signature_params_clear(&parsed);
402: }
403: else
404: {
405: ck_assert(!signature_params_parse(params_parse_tests[_i].aid, 0, &parsed));
406: }
407: }
408: END_TEST
409:
410: START_TEST(test_params_build_rsa_pss)
411: {
412: signature_params_t scheme = { .scheme = SIGN_RSA_EMSA_PSS, };
413: chunk_t aid;
414:
415: scheme.params = &rsa_pss_build_tests[_i].params;
416: ck_assert(signature_params_build(&scheme, &aid));
417: ck_assert_chunk_eq(rsa_pss_build_tests[_i].aid, aid);
418: chunk_free(&aid);
419: }
420: END_TEST
421:
422: START_TEST(test_params_build_rsa_pss_invalid)
423: {
424: signature_params_t scheme = { .scheme = SIGN_RSA_EMSA_PSS, };
425: chunk_t aid;
426:
427: scheme.params = &rsa_pss_build_invalid_tests[_i];
428: ck_assert(!signature_params_build(&scheme, &aid));
429: }
430: END_TEST
431:
432: static struct {
433: bool valid;
434: signature_params_t params;
435: chunk_t aid;
436: } params_build_tests[] = {
437: { TRUE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, },
438: chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00), },
439: { TRUE, { .scheme = SIGN_ECDSA_WITH_SHA256_DER, },
440: chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02), },
441: { FALSE, { .scheme = SIGN_UNKNOWN, }, },
442: };
443:
444: START_TEST(test_params_build_other)
445: {
446: chunk_t aid;
447:
448: if (params_build_tests[_i].valid)
449: {
450: ck_assert(signature_params_build(¶ms_build_tests[_i].params, &aid));
451: ck_assert_chunk_eq(params_build_tests[_i].aid, aid);
452: chunk_free(&aid);
453: }
454: else
455: {
456: ck_assert(!signature_params_build(¶ms_build_tests[_i].params, &aid));
457: }
458: }
459: END_TEST
460:
461: Suite *signature_params_suite_create()
462: {
463: Suite *s;
464: TCase *tc;
465:
466: s = suite_create("signature params");
467:
468: tc = tcase_create("rsa/pss parse");
469: tcase_add_loop_test(tc, test_rsa_pss_params_parse, 0, countof(rsa_pss_parse_tests));
470: tcase_add_loop_test(tc, test_rsa_pss_params_parse_invalid, 0, countof(rsa_pss_parse_invalid_tests));
471: suite_add_tcase(s, tc);
472:
473: tc = tcase_create("rsa/pss build");
474: tcase_add_loop_test(tc, test_rsa_pss_params_build, 0, countof(rsa_pss_build_tests));
475: tcase_add_loop_test(tc, test_rsa_pss_params_build_invalid, 0, countof(rsa_pss_build_invalid_tests));
476: suite_add_tcase(s, tc);
477:
478: tc = tcase_create("rsa/pss salt len");
479: tcase_add_loop_test(tc, test_rsa_pss_params_set_salt_len, 0, countof(rsa_pss_salt_len_tests));
480: suite_add_tcase(s, tc);
481:
482: tc = tcase_create("params compare");
483: tcase_add_loop_test(tc, test_params_compare, 0, countof(params_compare_tests));
484: tcase_add_test(tc, test_params_compare_null);
485: suite_add_tcase(s, tc);
486:
487: tc = tcase_create("params clone");
488: tcase_add_loop_test(tc, test_params_clone, 0, countof(params_clone_tests));
489: tcase_add_test(tc, test_params_clone_null);
490: suite_add_tcase(s, tc);
491:
492: tc = tcase_create("params clear");
493: tcase_add_loop_test(tc, test_params_clear, 0, countof(params_clone_tests));
494: tcase_add_test(tc, test_params_clear_null);
495: suite_add_tcase(s, tc);
496:
497: tc = tcase_create("parse");
498: tcase_add_loop_test(tc, test_params_parse_rsa_pss, 0, countof(rsa_pss_parse_tests));
499: tcase_add_loop_test(tc, test_params_parse_rsa_pss_invalid, 0, countof(rsa_pss_parse_invalid_tests));
500: tcase_add_loop_test(tc, test_params_parse_other, 0, countof(params_parse_tests));
501: suite_add_tcase(s, tc);
502:
503: tc = tcase_create("build");
504: tcase_add_loop_test(tc, test_params_build_rsa_pss, 0, countof(rsa_pss_build_tests));
505: tcase_add_loop_test(tc, test_params_build_rsa_pss_invalid, 0, countof(rsa_pss_build_invalid_tests));
506: tcase_add_loop_test(tc, test_params_build_other, 0, countof(params_build_tests));
507: suite_add_tcase(s, tc);
508:
509: return s;
510: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to test_signature_params.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / tests / suites