diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-07-30 10:38:27 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-07-30 10:38:27 +0200 |
| commit | 7e669bcf6b6336ec429da949bcb4aa456971dba2 (patch) | |
| tree | d19912f950d1cac1c38b857b7d5bdaba2289544e /src/util/test_anastasis_crypto.c | |
| download | anastasis-7e669bcf6b6336ec429da949bcb4aa456971dba2.tar.gz anastasis-7e669bcf6b6336ec429da949bcb4aa456971dba2.tar.bz2 anastasis-7e669bcf6b6336ec429da949bcb4aa456971dba2.zip | |
folding history in preparation of GNU Anastasis v0.0.0 release
Diffstat (limited to 'src/util/test_anastasis_crypto.c')
| -rw-r--r-- | src/util/test_anastasis_crypto.c | 346 |
1 files changed, 346 insertions, 0 deletions
diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c new file mode 100644 index 0000000..9a6a98c --- /dev/null +++ b/src/util/test_anastasis_crypto.c @@ -0,0 +1,346 @@ +/* + This file is part of TALER + Copyright (C) 2014-2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3, or + (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public + License along with TALER; see the file COPYING. If not, see + <http://www.gnu.org/licenses/> +*/ + +/** + * @file lib/test_anastasis_api.c + * @brief testcase to test anastasis' HTTP API interface + * @author Christian Grothoff + * @author Dennis Neufeld + * @author Dominik Meister + */ +#include "platform.h" +#include <taler/taler_util.h> +#include <gnunet/gnunet_util_lib.h> +#include "anastasis_crypto_lib.h" + +/** + * Testing derivation of the user identifier + */ +static int +test_user_identifier_derive (void) +{ + json_t *id_data_1; + json_t *id_data_2; + json_t *id_data_3; + struct ANASTASIS_CRYPTO_UserIdentifierP id_1; + struct ANASTASIS_CRYPTO_UserIdentifierP id_2; + struct ANASTASIS_CRYPTO_UserIdentifierP id_3; + struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + + char *salt_str = "Server-Salt-Test"; + + GNUNET_memcpy (&server_salt, + salt_str, + strlen (salt_str)); + // sample data 1 + id_data_1 = json_object (); + json_object_set_new (id_data_1, "arg1", json_string ("Hallo")); + // sample data 2, equal to sample data 1 + id_data_2 = json_object (); + json_object_set_new (id_data_2, "arg1", json_string ("Hallo")); + // sample data 3, differs + id_data_3 = json_object (); + json_object_set_new (id_data_3, "arg1", json_string ("Hallo2")); + + ANASTASIS_CRYPTO_user_identifier_derive (id_data_1, + &server_salt, + &id_1); + ANASTASIS_CRYPTO_user_identifier_derive (id_data_2, + &server_salt, + &id_2); + ANASTASIS_CRYPTO_user_identifier_derive (id_data_3, + &server_salt, + &id_3); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "UserIdentifier_1: %s\n", + TALER_B2S (&id_1)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "UserIdentifier_2: %s\n", + TALER_B2S (&id_2)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "UserIdentifier_3: %s\n", + TALER_B2S (&id_3)); + GNUNET_assert (0 == GNUNET_memcmp (&id_1, &id_2)); + GNUNET_assert (0 != GNUNET_memcmp (&id_1, &id_3)); + json_decref (id_data_1); + json_decref (id_data_2); + json_decref (id_data_3); + return 0; +} + + +/** + * Testing the encryption of an recovery document and the + * decryption of the encrypted recovery document + */ +static int +test_recovery_document (void) +{ + void *ciphertext; + size_t size_ciphertext; + void *plaintext; + size_t size_plaintext; + struct ANASTASIS_CRYPTO_UserIdentifierP id; + struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + int ret; + + json_t *id_data = json_object (); + const char *test = "TEST_ERD"; + char *salt_str = "Server-Salt-Test"; + + GNUNET_memcpy (&server_salt, + salt_str, + strlen (salt_str)); + json_object_set_new (id_data, "arg1", json_string ("ID_DATA")); + ANASTASIS_CRYPTO_user_identifier_derive (id_data, + &server_salt, + &id); + ANASTASIS_CRYPTO_recovery_document_encrypt (&id, + test, + strlen (test), + &ciphertext, + &size_ciphertext); + + ANASTASIS_CRYPTO_recovery_document_decrypt (&id, + ciphertext, + size_ciphertext, + &plaintext, + &size_plaintext); + GNUNET_assert (strlen (test) == size_plaintext); + ret = strncmp (plaintext, test, strlen (test)); + json_decref (id_data); + GNUNET_free (ciphertext); + GNUNET_free (plaintext); + return ret; +} + + +static int +test_key_share (void) +{ + struct ANASTASIS_CRYPTO_EncryptedKeyShareP ciphertext; + struct ANASTASIS_CRYPTO_KeyShareP plaintext; + struct ANASTASIS_CRYPTO_UserIdentifierP id; + struct ANASTASIS_CRYPTO_KeyShareP key_share; + struct ANASTASIS_CRYPTO_KeyShareP key_share_1; + struct ANASTASIS_CRYPTO_KeyShareP key_share_2; + + // testing creation of keyshares + ANASTASIS_CRYPTO_keyshare_create (&key_share_1); + ANASTASIS_CRYPTO_keyshare_create (&key_share_2); + GNUNET_assert (0 != + GNUNET_memcmp (&key_share_1, + &key_share_2)); + + // testing of enc-/decryption of a keyshare + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &id, + sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP)); + ANASTASIS_CRYPTO_keyshare_create (&key_share); + ANASTASIS_CRYPTO_keyshare_encrypt (&key_share, + &id, + NULL, + &ciphertext); + ANASTASIS_CRYPTO_keyshare_decrypt (&ciphertext, + &id, + NULL, + &plaintext); + return GNUNET_memcmp (&key_share, + &plaintext); +} + + +static int +test_truth (void) +{ + const char *test = "TEST_TRUTH"; + void *ciphertext; + size_t size_ciphertext; + void *plaintext; + size_t size_plaintext; + struct ANASTASIS_CRYPTO_TruthKeyP truth_enc_key; + int ret; + struct ANASTASIS_CRYPTO_NonceP nonce; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "TRUTH_BEFORE: %s\n", + TALER_b2s (test, + strlen (test))); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &truth_enc_key, + sizeof (struct ANASTASIS_CRYPTO_TruthKeyP)); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &nonce, + sizeof (nonce)); + ANASTASIS_CRYPTO_truth_encrypt (&nonce, + &truth_enc_key, + test, + strlen (test), + &ciphertext, + &size_ciphertext); + + ANASTASIS_CRYPTO_truth_decrypt (&truth_enc_key, + ciphertext, + size_ciphertext, + &plaintext, + &size_plaintext); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "TRUTH_AFTER: %s\n", + TALER_b2s (plaintext, size_plaintext)); + GNUNET_assert (strlen (test) == size_plaintext); + ret = strncmp (plaintext, test, strlen (test)); + GNUNET_free (ciphertext); + GNUNET_free (plaintext); + return ret; +} + + +static int +test_core_secret (void) +{ + const char *test = "TEST_CORE_SECRET"; + const char *test_wrong = "TEST_CORE_WRONG"; + void *enc_core_secret; + unsigned int policy_keys_length = 5; + struct ANASTASIS_CRYPTO_MasterSaltP salt; + struct ANASTASIS_CRYPTO_EncryptedMasterKeyP + encrypted_master_keys[policy_keys_length]; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &salt, + sizeof (salt)); + + // construction of PolicyKey-array + struct ANASTASIS_CRYPTO_PolicyKeyP policy_keys[policy_keys_length]; + for (unsigned int i = 0; i < policy_keys_length; i++) + { + // construction of KeyShare-array + unsigned int keyshare_length = 5; + struct ANASTASIS_CRYPTO_KeyShareP keyshares[keyshare_length]; + for (unsigned int j = 0; j < keyshare_length; j++) + { + ANASTASIS_CRYPTO_keyshare_create (&keyshares[j]); + if (j > 0) + GNUNET_assert (0 != + GNUNET_memcmp (&keyshares[j - 1], &keyshares[j])); + } + + // derive policy-keys + ANASTASIS_CRYPTO_policy_key_derive ((struct + ANASTASIS_CRYPTO_KeyShareP *) + keyshares, + keyshare_length, + &salt, + &policy_keys[i]); + if (i > 0) + GNUNET_assert (0 != + GNUNET_memcmp (&policy_keys[i - 1], &policy_keys[i])); + } + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "CORE_SECRET_BEFORE: %s\n", + TALER_b2s (test, strlen (test))); + + // test encryption of core_secret + ANASTASIS_CRYPTO_core_secret_encrypt (policy_keys, + policy_keys_length, + test, + strlen (test), + &enc_core_secret, + (struct + ANASTASIS_CRYPTO_EncryptedMasterKeyP *) + &encrypted_master_keys); + + // test recover of core secret + for (unsigned int k = 0; k < policy_keys_length; k++) + { + void *dec_core_secret; + size_t core_secret_size; + + ANASTASIS_CRYPTO_core_secret_recover (&encrypted_master_keys[k], + &policy_keys[k], + enc_core_secret, + strlen (test), + &dec_core_secret, + &core_secret_size); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "CORE_SECRET_AFTER_%i: %s\n", + k, + TALER_b2s (dec_core_secret, strlen (test))); + GNUNET_assert (strlen (test) == core_secret_size); + GNUNET_assert (0 == + strncmp (dec_core_secret, test, strlen (test))); + GNUNET_assert (0 != + strncmp (dec_core_secret, test_wrong, strlen ( + test))); + GNUNET_free (dec_core_secret); + } + GNUNET_free (enc_core_secret); + return 0; +} + + +static int +test_public_key_derive (void) +{ + struct ANASTASIS_CRYPTO_UserIdentifierP id; + struct ANASTASIS_CRYPTO_AccountPublicKeyP pub_key; + struct ANASTASIS_CRYPTO_ProviderSaltP server_salt; + json_t *id_data = json_object (); + const char *salt_str = "Server-Salt-Test"; + + GNUNET_memcpy (&server_salt, + salt_str, + strlen (salt_str)); + + json_object_set_new (id_data, "arg1", json_string ("ID_DATA")); + ANASTASIS_CRYPTO_user_identifier_derive (id_data, + &server_salt, + &id); + + ANASTASIS_CRYPTO_account_public_key_derive (&id, + &pub_key); + // FIXME: write a real test, e.g. signing and verification + json_decref (id_data); + return 0; +} + + +int +main (int argc, + const char *const argv[]) +{ + GNUNET_log_setup (argv[0], "DEBUG", NULL); + if (0 != test_recovery_document ()) + return 1; + if (0 != test_user_identifier_derive ()) + return 1; + if (0 != test_key_share ()) + return 1; + if (0 != test_truth ()) + return 1; + if (0 != test_core_secret ()) + return 1; + if (0 != test_public_key_derive ()) + return 1; + return 0; +} + + +/* end of test_anastasis_crypto.c */ |