Skip to content

Commit

Permalink
Add signature tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@qpernil
qpernil committed Oct 4, 2023
1 parent 4287b2f commit bbd2bc2
Show file tree
Hide file tree
Showing 2 changed files with 180 additions and 7 deletions.
1 change: 1 addition & 0 deletions examples/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ set (
set (
SOURCE_WRAP
wrap.c
../common/util.c
)

set (
Expand Down
186 changes: 179 additions & 7 deletions examples/wrap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,13 @@
#include <stdlib.h>
#include <string.h>

#include <openssl/rsa.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>

#include <yubihsm.h>
#include <util.h>

const char *key_label = "label";
const uint8_t password[] = "password";
Expand Down Expand Up @@ -80,6 +86,18 @@ int main(void) {
yrc = yh_string_to_domains("5", &domain_five);
assert(yrc == YHR_SUCCESS);

const char data[] = "This is the data to sign";

uint8_t hashed_data[32];
unsigned int hashed_data_len = sizeof(hashed_data);

EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
assert(mdctx != NULL);
EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
EVP_DigestUpdate(mdctx, data, sizeof(data) - 1);
EVP_DigestFinal_ex(mdctx, hashed_data, &hashed_data_len);
EVP_MD_CTX_destroy(mdctx);

uint16_t wrapping_key_id = 0; // ID 0 lets the device generate an ID
yrc =
yh_util_generate_wrap_key(session, &wrapping_key_id, key_label, domain_five,
Expand Down Expand Up @@ -107,12 +125,47 @@ int main(void) {
&public_key_before_len, NULL);
assert(yrc == YHR_SUCCESS);

printf("Public key before (%zu bytes) is:", public_key_before_len);
memmove(public_key_before + 1, public_key_before, public_key_before_len);
public_key_before[0] = 0x04; // hack to make it a valid ec pubkey..
public_key_before_len++;

printf("Public ec key before (%zu bytes) is:", public_key_before_len);
for (unsigned int i = 0; i < public_key_before_len; i++) {
printf(" %02x", public_key_before[i]);
}
printf("\n");

uint8_t signature_before[512];
size_t signature_before_len = sizeof(signature_before);
yrc = yh_util_sign_ecdsa(session, key_id_before, hashed_data, hashed_data_len, signature_before,
&signature_before_len);
assert(yrc == YHR_SUCCESS);

printf("ECDSA signature before (%zu bytes) is:", signature_before_len);
for (unsigned int i = 0; i < signature_before_len; i++) {
printf(" %02x", signature_before[i]);
}
printf("\n");

int nid = algo2nid(YH_ALGO_EC_P256);
EC_GROUP *group = EC_GROUP_new_by_curve_name(nid);
assert(group != NULL);
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);

EC_POINT *point = EC_POINT_new(group);
EC_POINT_oct2point(group, point, public_key_before, public_key_before_len, NULL);

EC_KEY *eckey = EC_KEY_new();
EC_KEY_set_group(eckey, group);
EC_KEY_set_public_key(eckey, point);

assert(ECDSA_verify(0, hashed_data, hashed_data_len, signature_before, signature_before_len, eckey) == 1);

printf("ECDSA Signature before successfully verified\n");

EC_POINT_free(point);
EC_KEY_free(eckey);

uint8_t wrapped_object[2048];
size_t wrapped_object_len = sizeof(wrapped_object);
yh_object_type object_type_after;
Expand Down Expand Up @@ -164,7 +217,11 @@ int main(void) {
&public_key_after_len, NULL);
assert(yrc == YHR_SUCCESS);

printf("Public key after (%zu bytes) is:", public_key_after_len);
memmove(public_key_after + 1, public_key_after, public_key_after_len);
public_key_after[0] = 0x04; // hack to make it a valid ec pubkey..
public_key_after_len++;

printf("Public ec key after (%zu bytes) is:", public_key_after_len);
for (unsigned int i = 0; i < public_key_after_len; i++) {
printf(" %02x", public_key_after[i]);
}
Expand All @@ -178,6 +235,33 @@ int main(void) {
printf("Public key before and after match\n");
}

uint8_t signature_after[512];
size_t signature_after_len = sizeof(signature_after);
yrc = yh_util_sign_ecdsa(session, key_id_after, hashed_data, hashed_data_len, signature_after,
&signature_after_len);
assert(yrc == YHR_SUCCESS);

printf("\nECDSA signature after (%zu bytes) is:", signature_after_len);
for (unsigned int i = 0; i < signature_after_len; i++) {
printf(" %02x", signature_after[i]);
}
printf("\n");

point = EC_POINT_new(group);
EC_POINT_oct2point(group, point, public_key_after, public_key_after_len, NULL);

eckey = EC_KEY_new();
EC_KEY_set_group(eckey, group);
EC_KEY_set_public_key(eckey, point);

assert(ECDSA_verify(0, hashed_data, hashed_data_len, signature_after, signature_after_len, eckey) == 1);

printf("ECDSA Signature after successfully verified\n");

EC_POINT_free(point);
EC_KEY_free(eckey);
EC_GROUP_free(group);

yh_object_descriptor object;

yrc =
Expand All @@ -201,12 +285,25 @@ int main(void) {
&public_key_before_len, NULL);
assert(yrc == YHR_SUCCESS);

printf("Public key before (%zu bytes) is:", public_key_before_len);
printf("Public ed25519 key before (%zu bytes) is:", public_key_before_len);
for (unsigned int i = 0; i < public_key_before_len; i++) {
printf(" %02x", public_key_before[i]);
}
printf("\n");

signature_before_len = sizeof(signature_before);
yrc = yh_util_sign_eddsa(session, key_id_before, hashed_data, hashed_data_len, signature_before,
&signature_before_len);
assert(yrc == YHR_SUCCESS);

printf("Signature (%zu bytes) is:", signature_before_len);
for (unsigned int i = 0; i < signature_before_len; i++) {
printf(" %02x", signature_before[i]);
}
printf("\n");

assert(signature_before_len == 64);

wrapped_object_len = sizeof(wrapped_object);
yrc =
yh_util_export_wrapped(session, wrapping_key_id, YH_ASYMMETRIC_KEY,
Expand Down Expand Up @@ -254,7 +351,7 @@ int main(void) {
&public_key_after_len, NULL);
assert(yrc == YHR_SUCCESS);

printf("Public key after (%zu bytes) is:", public_key_after_len);
printf("Public ed25519 key after (%zu bytes) is:", public_key_after_len);
for (unsigned int i = 0; i < public_key_after_len; i++) {
printf(" %02x", public_key_after[i]);
}
Expand All @@ -268,6 +365,27 @@ int main(void) {
printf("Public key before and after match\n");
}

signature_after_len = sizeof(signature_after);
yrc = yh_util_sign_eddsa(session, key_id_after, hashed_data, hashed_data_len, signature_after,
&signature_after_len);
assert(yrc == YHR_SUCCESS);

printf("Signature (%zu bytes) is:", signature_after_len);
for (unsigned int i = 0; i < signature_after_len; i++) {
printf(" %02x", signature_after[i]);
}
printf("\n");

assert(signature_after_len == 64);

if (signature_before_len != signature_after_len ||
memcmp(signature_before, signature_after, signature_before_len) != 0) {
printf("Signature before and after do not match\n");
exit(EXIT_FAILURE);
} else {
printf("Signature before and after match\n");
}

yrc =
yh_util_get_object_info(session, key_id_after, YH_ASYMMETRIC_KEY, &object);
assert(yrc == YHR_SUCCESS);
Expand All @@ -282,19 +400,46 @@ int main(void) {
&capabilities, YH_ALGO_RSA_2048);
assert(yrc == YHR_SUCCESS);

printf("Generated 2048 bir RSA key with ID %04x\n", key_id_before);
printf("Generated 2048 bit RSA key with ID %04x\n", key_id_before);

public_key_before_len = sizeof(public_key_before);
yrc = yh_util_get_public_key(session, key_id_before, public_key_before,
&public_key_before_len, NULL);
assert(yrc == YHR_SUCCESS);

printf("Public key before (%zu bytes) is:", public_key_before_len);
printf("Public RSA key before (%zu bytes) is:", public_key_before_len);
for (unsigned int i = 0; i < public_key_before_len; i++) {
printf(" %02x", public_key_before[i]);
}
printf("\n");

signature_before_len = sizeof(signature_before);
yrc = yh_util_sign_pkcs1v1_5(session, key_id_before, true, hashed_data, hashed_data_len, signature_before,
&signature_before_len);
assert(yrc == YHR_SUCCESS);

printf("Signature (%zu bytes) is:", signature_before_len);
for (unsigned int i = 0; i < signature_before_len; i++) {
printf(" %02x", signature_before[i]);
}
printf("\n");

BIGNUM *n = BN_bin2bn(public_key_before, public_key_before_len, NULL);
assert(n != NULL);

BIGNUM *e = BN_bin2bn((const unsigned char *) "\x01\x00\x01", 3, NULL);
assert(e != NULL);

RSA *rsa = RSA_new();
assert(RSA_set0_key(rsa, n, e, NULL) != 0);

assert(RSA_verify(EVP_MD_type(EVP_sha256()), hashed_data, hashed_data_len,
signature_before, signature_before_len, rsa) == 1);

printf("RSA signature before successfully verified\n");

RSA_free(rsa);

wrapped_object_len = sizeof(wrapped_object);
yrc =
yh_util_export_wrapped(session, wrapping_key_id, YH_ASYMMETRIC_KEY,
Expand Down Expand Up @@ -342,7 +487,7 @@ int main(void) {
&public_key_after_len, NULL);
assert(yrc == YHR_SUCCESS);

printf("Public key after (%zu bytes) is:", public_key_after_len);
printf("Public RSA key after (%zu bytes) is:", public_key_after_len);
for (unsigned int i = 0; i < public_key_after_len; i++) {
printf(" %02x", public_key_after[i]);
}
Expand All @@ -356,6 +501,33 @@ int main(void) {
printf("Public key before and after match\n");
}

signature_after_len = sizeof(signature_after);
yrc = yh_util_sign_pkcs1v1_5(session, key_id_before, true, hashed_data, hashed_data_len, signature_after,
&signature_after_len);
assert(yrc == YHR_SUCCESS);

printf("Signature (%zu bytes) is:", signature_after_len);
for (unsigned int i = 0; i < signature_after_len; i++) {
printf(" %02x", signature_after[i]);
}
printf("\n");

n = BN_bin2bn(public_key_after, public_key_after_len, NULL);
assert(n != NULL);

e = BN_bin2bn((const unsigned char *) "\x01\x00\x01", 3, NULL);
assert(e != NULL);

rsa = RSA_new();
assert(RSA_set0_key(rsa, n, e, NULL) != 0);

assert(RSA_verify(EVP_MD_type(EVP_sha256()), hashed_data, hashed_data_len,
signature_after, signature_after_len, rsa) == 1);

printf("RSA signature after successfully verified\n");

RSA_free(rsa);

yrc =
yh_util_get_object_info(session, key_id_after, YH_ASYMMETRIC_KEY, &object);
assert(yrc == YHR_SUCCESS);
Expand Down

0 comments on commit bbd2bc2

Please sign in to comment.