blob: 01b9e6ce67667c0930dc01e013c5eb7a5366f21b [file] [log] [blame]
Yingdi Yu0b60e7a2015-07-16 21:05:11 -07001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
3 * Copyright (c) 2013-2016 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "security/tpm/back-end.hpp"
23#include "security/tpm/back-end-mem.hpp"
24#include "security/tpm/key-handle.hpp"
25#include "security/tpm/tpm.hpp"
26#include "security/transform.hpp"
27#include "security/transform/public-key.hpp"
28#include "security/transform/private-key.hpp"
29#include "encoding/buffer-stream.hpp"
30#include "security/pib/key.hpp"
31
32#include "back-end-wrapper-file.hpp"
33#include "back-end-wrapper-mem.hpp"
34#ifdef NDN_CXX_HAVE_OSX_SECURITY
35#include "back-end-wrapper-osx.hpp"
36#endif // NDN_CXX_HAVE_OSX_SECURITY
37#include "boost-test.hpp"
38
39#include <boost/mpl/list.hpp>
40#include <set>
41
42namespace ndn {
43namespace security {
44namespace tpm {
45namespace tests {
46
47BOOST_AUTO_TEST_SUITE(Security)
48BOOST_AUTO_TEST_SUITE(Tpm)
49BOOST_AUTO_TEST_SUITE(TestBackEnd)
50
51using tpm::Tpm;
52
53typedef boost::mpl::list<
54#ifdef NDN_CXX_HAVE_OSX_SECURITY
55 BackEndWrapperOsx,
56#endif // NDN_CXX_HAVE_OSX_SECURITY
57 BackEndWrapperMem,
58 BackEndWrapperFile
59 > TestBackEnds;
60
61BOOST_AUTO_TEST_CASE_TEMPLATE(KeyManagement, T, TestBackEnds)
62{
63 T wrapper;
64 BackEnd& tpm = wrapper.getTpm();
65
66 Name identity("/Test/KeyName");
67 name::Component keyId("1");
68 Name keyName = v2::constructKeyName(identity, keyId);
69
70 // key should not exist
71 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), false);
72 BOOST_CHECK(tpm.getKeyHandle(keyName) == nullptr);
73
74 // create key, should exist
75 BOOST_CHECK(tpm.createKey(identity, RsaKeyParams(keyId)) != nullptr);
76 BOOST_CHECK(tpm.hasKey(keyName));
77 BOOST_CHECK(tpm.getKeyHandle(keyName) != nullptr);
78
79 // create a key with the same name, should throw error
80 BOOST_CHECK_THROW(tpm.createKey(identity, RsaKeyParams(keyId)), Tpm::Error);
81
82 // delete key, should not exist
83 tpm.deleteKey(keyName);
84 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), false);
85 BOOST_CHECK(tpm.getKeyHandle(keyName) == nullptr);
86}
87
88BOOST_AUTO_TEST_CASE_TEMPLATE(RsaSigning, T, TestBackEnds)
89{
90 T wrapper;
91 BackEnd& tpm = wrapper.getTpm();
92
93 // create an rsa key
94 Name identity("/Test/KeyName");
95
96 unique_ptr<KeyHandle> key = tpm.createKey(identity, RsaKeyParams());
97 Name keyName = key->getKeyName();
98
99 const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
100 Block sigBlock(tlv::SignatureValue, key->sign(DigestAlgorithm::SHA256, content, sizeof(content)));
101
102 transform::PublicKey pubKey;
103 ConstBufferPtr pubKeyBits = key->derivePublicKey();
104 pubKey.loadPkcs8(pubKeyBits->buf(), pubKeyBits->size());
105
106 bool result;
107 {
108 using namespace transform;
109 bufferSource(content, sizeof(content)) >> verifierFilter(DigestAlgorithm::SHA256, pubKey,
110 sigBlock.value(), sigBlock.value_size())
111 >> boolSink(result);
112 }
113 BOOST_CHECK_EQUAL(result, true);
114
115 tpm.deleteKey(keyName);
116 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), false);
117}
118
119BOOST_AUTO_TEST_CASE_TEMPLATE(RsaDecryption, T, TestBackEnds)
120{
121 T wrapper;
122 BackEnd& tpm = wrapper.getTpm();
123
124 // create an rsa key
125 Name identity("/Test/KeyName");
126
127 unique_ptr<KeyHandle> key = tpm.createKey(identity, RsaKeyParams());
128 Name keyName = key->getKeyName();
129
130 const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
131
132 transform::PublicKey pubKey;
133 ConstBufferPtr pubKeyBits = key->derivePublicKey();
134 pubKey.loadPkcs8(pubKeyBits->buf(), pubKeyBits->size());
135
136 ConstBufferPtr cipherText = pubKey.encrypt(content, sizeof(content));
137
138 ConstBufferPtr plainText = key->decrypt(cipherText->buf(), cipherText->size());
139
140 BOOST_CHECK_EQUAL_COLLECTIONS(content, content + sizeof(content),
141 plainText->begin(), plainText->end());
142
143 tpm.deleteKey(keyName);
144 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), false);
145}
146
147BOOST_AUTO_TEST_CASE_TEMPLATE(EcdsaSigning, T, TestBackEnds)
148{
149 T wrapper;
150 BackEnd& tpm = wrapper.getTpm();
151
152 // create an ecdsa key
153 Name identity("/Test/Ecdsa/KeyName");
154
155 unique_ptr<KeyHandle> key = tpm.createKey(identity, EcdsaKeyParams());
156 Name ecdsaKeyName = key->getKeyName();
157
158 const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
159 Block sigBlock(tlv::SignatureValue, key->sign(DigestAlgorithm::SHA256, content, sizeof(content)));
160
161 transform::PublicKey pubKey;
162 ConstBufferPtr pubKeyBits = key->derivePublicKey();
163 pubKey.loadPkcs8(pubKeyBits->buf(), pubKeyBits->size());
164
165 bool result;
166 {
167 using namespace transform;
168 bufferSource(content, sizeof(content)) >> verifierFilter(DigestAlgorithm::SHA256, pubKey,
169 sigBlock.value(), sigBlock.value_size())
170 >> boolSink(result);
171 }
172 BOOST_CHECK_EQUAL(result, true);
173
174 tpm.deleteKey(ecdsaKeyName);
175 BOOST_CHECK_EQUAL(tpm.hasKey(ecdsaKeyName), false);
176}
177
178BOOST_AUTO_TEST_CASE_TEMPLATE(ImportExport, T, TestBackEnds)
179{
180 std::string privateKeyPkcs1 =
181 "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n"
182 "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n"
183 "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n"
184 "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n"
185 "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n"
186 "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n"
187 "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n"
188 "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n"
189 "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n"
190 "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n"
191 "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n"
192 "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n"
193 "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n"
194 "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n"
195 "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n"
196 "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n"
197 "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n"
198 "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n"
199 "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n"
200 "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n"
201 "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n"
202 "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n"
203 "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n"
204 "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n"
205 "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n";
206
207 T wrapper;
208 BackEnd& tpm = wrapper.getTpm();
209
210 Name keyName("/Test/KeyName/KEY/1");
211
212 tpm.deleteKey(keyName);
213 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), false);
214
215 transform::PrivateKey sKey;
216 BOOST_REQUIRE_NO_THROW(sKey.loadPkcs1Base64(reinterpret_cast<const uint8_t*>(privateKeyPkcs1.c_str()),
217 privateKeyPkcs1.size()));
218
219 std::string password("password");
220
221 OBufferStream os;
222 sKey.savePkcs8(os, password.c_str(), password.size());
223 ConstBufferPtr privateKeyBuffer = os.buf();
224
225 BOOST_REQUIRE_NO_THROW(tpm.importKey(keyName,
226 privateKeyBuffer->buf(), privateKeyBuffer->size(),
227 password.c_str(), password.size()));
228 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), true);
229
230 ConstBufferPtr exportedKey = tpm.exportKey(keyName, password.c_str(), password.size());
231 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), true);
232
233 transform::PrivateKey sKey2;
234 sKey2.loadPkcs8(exportedKey->buf(), exportedKey->size(), password.c_str(), password.size());
235 OBufferStream os2;
236 sKey.savePkcs1Base64(os2);
237 ConstBufferPtr pkcs1Buffer = os2.buf();
238
239 BOOST_CHECK_EQUAL_COLLECTIONS(privateKeyPkcs1.begin(), privateKeyPkcs1.end(),
240 pkcs1Buffer->begin(), pkcs1Buffer->end());
241
242 tpm.deleteKey(keyName);
243 BOOST_CHECK_EQUAL(tpm.hasKey(keyName), false);
244}
245
246BOOST_AUTO_TEST_CASE(RandomKeyId)
247{
248 BackEndWrapperMem wrapper;
249 BackEnd& tpm = wrapper.getTpm();
250 Name identity("/Test/KeyName");
251
252 std::set<Name> keyNames;
253 for (int i = 0; i < 100; i++) {
254 auto key = tpm.createKey(identity, RsaKeyParams());
255 Name keyName = key->getKeyName();
256 tpm.deleteKey(keyName);
257 BOOST_CHECK(keyNames.insert(keyName).second);
258 }
259}
260
261BOOST_AUTO_TEST_SUITE_END() // TestBackEnd
262BOOST_AUTO_TEST_SUITE_END() // Tpm
263BOOST_AUTO_TEST_SUITE_END() // Security
264
265} // namespace tests
266} // namespace tpm
267} // namespace security
268} // namespace ndn