Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / b1db7c66642673d33c8f0c1ba4999cf55596a09d / . / tests / security / test-sec-tpm-osx.cpp
blob: 1ae9996ea7ce4829850dda0ec443cc05d409efb4 [file] [log] [blame]
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]1/**
2 * Copyright (C) 2013 Regents of the University of California.
3 * @author: Yingdi Yu <yingdi0@cs.ucla.edu>
4 * See COPYING for copyright and distribution information.
5 */
6
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]7#include "security/key-chain.hpp"
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]8#include "util/time.hpp"
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]9#include "security/cryptopp.hpp"
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]10
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]11#include "boost-test.hpp"
12
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]13using namespace std;
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -0800[diff] [blame]14namespace ndn {
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]15
16BOOST_AUTO_TEST_SUITE(TestSecTpmOsx)
17
18BOOST_AUTO_TEST_CASE (Delete)
19{
20 SecTpmOsx tpm;
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]21
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]22 Name keyName("/TestSecTpmOsx/Delete/ksk-" + boost::lexical_cast<string>(
23 time::toUnixTimestamp(time::system_clock::now()).count()));
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]24 BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]25
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]26 BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), true);
27 BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), true);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]28
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]29 tpm.deleteKeyPairInTpm(keyName);
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]30
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]31 BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false);
32 BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false);
33}
34
35BOOST_AUTO_TEST_CASE (SignVerify)
36{
37 SecTpmOsx tpm;
38
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]39 Name keyName("/TestSecTpmOsx/SignVerify/ksk-" + boost::lexical_cast<string>(
40 time::toUnixTimestamp(time::system_clock::now()).count()));
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]41 BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]42
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]43 Data data("/TestSecTpmOsx/SignVaerify/Data/1");
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]44 const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
45
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]46 Block sigBlock;
47 BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256));
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]48
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]49 shared_ptr<PublicKey> pubkeyPtr;
50 BOOST_CHECK_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
51 try
52 {
53 using namespace CryptoPP;
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]54
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]55 RSA::PublicKey publicKey;
56 ByteQueue queue;
57 queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
58 publicKey.Load(queue);
59
60 RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
61 bool result = verifier.VerifyMessage(content, sizeof(content),
62 sigBlock.value(), sigBlock.value_size());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]63
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]64 BOOST_CHECK_EQUAL(result, true);
65 }
66 catch(CryptoPP::Exception& e)
67 {
68 BOOST_CHECK(false);
69 }
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]70
71 tpm.deleteKeyPairInTpm(keyName);
72}
73
Yingdi Yu4b752752014-02-18 12:24:03 -0800[diff] [blame]74BOOST_AUTO_TEST_CASE (RandomGenerator)
75{
76 SecTpmOsx tpm;
77
78 size_t scale = 1000;
79 size_t size = 256 * scale;
80 uint8_t* block = new uint8_t[size];
81 tpm.generateRandomBlock(block, size);
82
83 map<uint8_t, int> counter;
84 for(size_t i = 0; i < size; i++)
85 counter[block[i]] += 1;
86
87 float dev = 0.0;
88 for(size_t i = 0; i != 255; i++)
89 dev += ((counter[i] - scale) * (counter[i] - scale)) * 1.0 / (scale * scale);
90
91 BOOST_CHECK_CLOSE(dev / 256, 0.001, 100);
92
93}
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]94
95BOOST_AUTO_TEST_CASE (ExportImportKey)
96{
97 using namespace CryptoPP;
98
99 SecTpmOsx tpm;
100
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]101 Name keyName("/TestSecTpmOsx/ExportImportKey/ksk-" + boost::lexical_cast<string>(
102 time::toUnixTimestamp(time::system_clock::now()).count()));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]103
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]104 BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
105
106 BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
107 BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
108
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]109 ConstBufferPtr exported;
110 BOOST_CHECK_NO_THROW(exported = tpm.exportPrivateKeyPkcs8FromTpm(keyName, "1234"));
111 shared_ptr<PublicKey> pubkeyPtr;
112 BOOST_REQUIRE_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]113
114 tpm.deleteKeyPairInTpm(keyName);
115
116 BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
117 BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
118
Yingdi Yube4150e2014-02-18 13:02:46 -0800[diff] [blame]119 BOOST_REQUIRE(tpm.importPrivateKeyPkcs8IntoTpm(keyName, exported->buf(), exported->size(), "1234"));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]120
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]121 BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
122 BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
123
124 const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]125 Block sigBlock;
126 BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256));
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]127
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]128 try
129 {
130 using namespace CryptoPP;
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]131
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]132 RSA::PublicKey publicKey;
133 ByteQueue queue;
134 queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
135 publicKey.Load(queue);
136
137 RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
138 bool result = verifier.VerifyMessage(content, sizeof(content),
139 sigBlock.value(), sigBlock.value_size());
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]140
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]141 BOOST_CHECK_EQUAL(result, true);
142 }
143 catch(CryptoPP::Exception& e)
144 {
145 BOOST_CHECK(false);
146 }
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame^]147
Yingdi Yu8dceb1d2014-02-18 12:45:10 -0800[diff] [blame]148 tpm.deleteKeyPairInTpm(keyName);
149 // This is some problem related to Mac OS Key chain, and we will fix it later.
150 // BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
151 // BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
152}
153
Yingdi Yu28fd32f2014-01-28 19:03:03 -0800[diff] [blame]154BOOST_AUTO_TEST_SUITE_END()
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -0800[diff] [blame]155
156} // namespace ndn