summaryrefslogtreecommitdiffstats
path: root/src/tests/cipher.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/tests/cipher.cpp1013
1 files changed, 1013 insertions, 0 deletions
diff --git a/src/tests/cipher.cpp b/src/tests/cipher.cpp
new file mode 100644
index 0000000..25b98bf
--- /dev/null
+++ b/src/tests/cipher.cpp
@@ -0,0 +1,1013 @@
+/*
+ * Copyright (c) 2017-2022 [Ribose Inc](https://www.ribose.com).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <crypto/common.h>
+#include <crypto.h>
+#include <pgp-key.h>
+#include "rnp.h"
+#include <librepgp/stream-packet.h>
+#include <librepgp/stream-key.h>
+
+#include "rnp_tests.h"
+#include "support.h"
+#include "fingerprint.h"
+
+TEST_F(rnp_tests, hash_test_success)
+{
+ uint8_t hash_output[PGP_MAX_HASH_SIZE];
+
+ const pgp_hash_alg_t hash_algs[] = {PGP_HASH_MD5,
+ PGP_HASH_SHA1,
+ PGP_HASH_SHA256,
+ PGP_HASH_SHA384,
+ PGP_HASH_SHA512,
+ PGP_HASH_SHA224,
+ PGP_HASH_SM3,
+ PGP_HASH_SHA3_256,
+ PGP_HASH_SHA3_512,
+ PGP_HASH_UNKNOWN};
+
+ const uint8_t test_input[3] = {'a', 'b', 'c'};
+ const char * hash_alg_expected_outputs[] = {
+ "900150983CD24FB0D6963F7D28E17F72",
+ "A9993E364706816ABA3E25717850C26C9CD0D89D",
+ "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD",
+ "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1"
+ "E7CC2358BAECA"
+ "134C825A7",
+ "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A27"
+ "4FC1A836BA3C2"
+ "3A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F",
+ "23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7",
+ "66C7F0F462EEEDD9D1F2D46BDC10E4E24167C4875CF2F7A2297DA02B8F4BA8E0",
+ "3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532",
+ ("B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E1"
+ "0E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0")};
+
+ for (int i = 0; hash_algs[i] != PGP_HASH_UNKNOWN; ++i) {
+#if !defined(ENABLE_SM2)
+ if (hash_algs[i] == PGP_HASH_SM3) {
+ assert_throw({ auto hash = rnp::Hash::create(hash_algs[i]); });
+ size_t hash_size = rnp::Hash::size(hash_algs[i]);
+ assert_int_equal(hash_size * 2, strlen(hash_alg_expected_outputs[i]));
+ continue;
+ }
+#endif
+ auto hash = rnp::Hash::create(hash_algs[i]);
+ size_t hash_size = rnp::Hash::size(hash_algs[i]);
+ assert_int_equal(hash_size * 2, strlen(hash_alg_expected_outputs[i]));
+
+ hash->add(test_input, 1);
+ hash->add(test_input + 1, sizeof(test_input) - 1);
+ hash->finish(hash_output);
+
+ assert_true(bin_eq_hex(hash_output, hash_size, hash_alg_expected_outputs[i]));
+ }
+}
+
+TEST_F(rnp_tests, cipher_test_success)
+{
+ const uint8_t key[16] = {0};
+ uint8_t iv[16];
+ pgp_symm_alg_t alg = PGP_SA_AES_128;
+ pgp_crypt_t crypt;
+
+ uint8_t cfb_data[20] = {0};
+ memset(iv, 0x42, sizeof(iv));
+
+ assert_int_equal(1, pgp_cipher_cfb_start(&crypt, alg, key, iv));
+
+ assert_int_equal(0, pgp_cipher_cfb_encrypt(&crypt, cfb_data, cfb_data, sizeof(cfb_data)));
+
+ assert_true(
+ bin_eq_hex(cfb_data, sizeof(cfb_data), "BFDAA57CB812189713A950AD9947887983021617"));
+ assert_int_equal(0, pgp_cipher_cfb_finish(&crypt));
+
+ assert_int_equal(1, pgp_cipher_cfb_start(&crypt, alg, key, iv));
+ assert_int_equal(0, pgp_cipher_cfb_decrypt(&crypt, cfb_data, cfb_data, sizeof(cfb_data)));
+ assert_true(
+ bin_eq_hex(cfb_data, sizeof(cfb_data), "0000000000000000000000000000000000000000"));
+ assert_int_equal(0, pgp_cipher_cfb_finish(&crypt));
+}
+
+TEST_F(rnp_tests, pkcs1_rsa_test_success)
+{
+ uint8_t ptext[1024 / 8] = {'a', 'b', 'c', 0};
+ uint8_t dec[1024 / 8];
+ pgp_rsa_encrypted_t enc;
+ size_t dec_size;
+
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_RSA;
+ key_desc.hash_alg = PGP_HASH_SHA256;
+ key_desc.rsa.modulus_bit_len = 1024;
+ key_desc.ctx = &global_ctx;
+ pgp_key_pkt_t seckey;
+ assert_true(pgp_generate_seckey(key_desc, seckey, true));
+ const pgp_rsa_key_t *key_rsa = &seckey.material.rsa;
+
+ assert_rnp_success(rsa_encrypt_pkcs1(&global_ctx.rng, &enc, ptext, 3, key_rsa));
+ assert_int_equal(enc.m.len, 1024 / 8);
+
+ memset(dec, 0, sizeof(dec));
+ dec_size = 0;
+ assert_rnp_success(rsa_decrypt_pkcs1(&global_ctx.rng, dec, &dec_size, &enc, key_rsa));
+ assert_true(bin_eq_hex(dec, 3, "616263"));
+ assert_int_equal(dec_size, 3);
+}
+
+TEST_F(rnp_tests, rnp_test_eddsa)
+{
+ rnp::SecurityContext ctx;
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_EDDSA;
+ key_desc.hash_alg = PGP_HASH_SHA256;
+ key_desc.ctx = &ctx;
+
+ pgp_key_pkt_t seckey;
+ assert_true(pgp_generate_seckey(key_desc, seckey, true));
+
+ const uint8_t hash[32] = {0};
+ pgp_ec_signature_t sig = {{{0}}};
+
+ assert_rnp_success(
+ eddsa_sign(&global_ctx.rng, &sig, hash, sizeof(hash), &seckey.material.ec));
+
+ assert_rnp_success(eddsa_verify(&sig, hash, sizeof(hash), &seckey.material.ec));
+
+ // cut one byte off hash -> invalid sig
+ assert_rnp_failure(eddsa_verify(&sig, hash, sizeof(hash) - 1, &seckey.material.ec));
+
+ // swap r/s -> invalid sig
+ pgp_mpi_t tmp = sig.r;
+ sig.r = sig.s;
+ sig.s = tmp;
+ assert_rnp_failure(eddsa_verify(&sig, hash, sizeof(hash), &seckey.material.ec));
+}
+
+TEST_F(rnp_tests, rnp_test_x25519)
+{
+ rnp_keygen_crypto_params_t key_desc = {};
+ pgp_key_pkt_t seckey;
+ pgp_ecdh_encrypted_t enc = {};
+ uint8_t in[16] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16};
+ uint8_t out[16] = {};
+ size_t outlen = 0;
+ pgp_fingerprint_t fp = {};
+
+ key_desc.key_alg = PGP_PKA_ECDH;
+ key_desc.hash_alg = PGP_HASH_SHA256;
+ key_desc.ctx = &global_ctx;
+ key_desc.ecc.curve = PGP_CURVE_25519;
+
+ assert_true(pgp_generate_seckey(key_desc, seckey, true));
+ /* check for length and correctly tweaked bits */
+ assert_int_equal(seckey.material.ec.x.len, 32);
+ assert_int_equal(seckey.material.ec.x.mpi[31] & 7, 0);
+ assert_int_equal(seckey.material.ec.x.mpi[0] & 128, 0);
+ assert_int_equal(seckey.material.ec.x.mpi[0] & 64, 64);
+ assert_rnp_success(pgp_fingerprint(fp, seckey));
+ assert_rnp_success(
+ ecdh_encrypt_pkcs5(&global_ctx.rng, &enc, in, sizeof(in), &seckey.material.ec, fp));
+ assert_true(enc.mlen > 16);
+ assert_true((enc.p.mpi[0] == 0x40) && (enc.p.len == 33));
+ outlen = sizeof(out);
+ assert_rnp_success(ecdh_decrypt_pkcs5(out, &outlen, &enc, &seckey.material.ec, fp));
+ assert_true(outlen == 16);
+ assert_true(memcmp(in, out, 16) == 0);
+
+ /* negative cases */
+ enc.p.mpi[16] ^= 0xff;
+ assert_rnp_failure(ecdh_decrypt_pkcs5(out, &outlen, &enc, &seckey.material.ec, fp));
+
+ enc.p.mpi[16] ^= 0xff;
+ enc.p.mpi[0] = 0x04;
+ assert_rnp_failure(ecdh_decrypt_pkcs5(out, &outlen, &enc, &seckey.material.ec, fp));
+
+ enc.p.mpi[0] = 0x40;
+ enc.mlen--;
+ assert_rnp_failure(ecdh_decrypt_pkcs5(out, &outlen, &enc, &seckey.material.ec, fp));
+
+ enc.mlen += 2;
+ assert_rnp_failure(ecdh_decrypt_pkcs5(out, &outlen, &enc, &seckey.material.ec, fp));
+}
+
+static void
+elgamal_roundtrip(pgp_eg_key_t *key)
+{
+ const uint8_t in_b[] = {0x01, 0x02, 0x03, 0x04, 0x17};
+ pgp_eg_encrypted_t enc = {{{0}}};
+ uint8_t res[1024];
+ size_t res_len = 0;
+
+ assert_int_equal(elgamal_encrypt_pkcs1(&global_ctx.rng, &enc, in_b, sizeof(in_b), key),
+ RNP_SUCCESS);
+ assert_int_equal(elgamal_decrypt_pkcs1(&global_ctx.rng, res, &res_len, &enc, key),
+ RNP_SUCCESS);
+ assert_int_equal(res_len, sizeof(in_b));
+ assert_true(bin_eq_hex(res, res_len, "0102030417"));
+}
+
+TEST_F(rnp_tests, raw_elgamal_random_key_test_success)
+{
+ pgp_eg_key_t key;
+
+ assert_int_equal(elgamal_generate(&global_ctx.rng, &key, 1024), RNP_SUCCESS);
+ elgamal_roundtrip(&key);
+}
+
+TEST_F(rnp_tests, ecdsa_signverify_success)
+{
+ uint8_t message[64];
+ const pgp_hash_alg_t hash_alg = PGP_HASH_SHA512;
+
+ struct curve {
+ pgp_curve_t id;
+ size_t size;
+ } curves[] = {
+ {PGP_CURVE_NIST_P_256, 32}, {PGP_CURVE_NIST_P_384, 48}, {PGP_CURVE_NIST_P_521, 64}};
+
+ for (size_t i = 0; i < ARRAY_SIZE(curves); i++) {
+ // Generate test data. Mainly to make valgrind not to complain about uninitialized data
+ global_ctx.rng.get(message, sizeof(message));
+
+ pgp_ec_signature_t sig = {{{0}}};
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_ECDSA;
+ key_desc.hash_alg = hash_alg;
+ key_desc.ecc.curve = curves[i].id;
+ key_desc.ctx = &global_ctx;
+
+ pgp_key_pkt_t seckey1;
+ pgp_key_pkt_t seckey2;
+
+ assert_true(pgp_generate_seckey(key_desc, seckey1, true));
+ assert_true(pgp_generate_seckey(key_desc, seckey2, true));
+
+ const pgp_ec_key_t *key1 = &seckey1.material.ec;
+ const pgp_ec_key_t *key2 = &seckey2.material.ec;
+
+ assert_rnp_success(
+ ecdsa_sign(&global_ctx.rng, &sig, hash_alg, message, sizeof(message), key1));
+
+ assert_rnp_success(ecdsa_verify(&sig, hash_alg, message, sizeof(message), key1));
+
+ // Fails because of different key used
+ assert_rnp_failure(ecdsa_verify(&sig, hash_alg, message, sizeof(message), key2));
+
+ // Fails because message won't verify
+ message[0] = ~message[0];
+ assert_rnp_failure(ecdsa_verify(&sig, hash_alg, message, sizeof(message), key1));
+ }
+}
+
+TEST_F(rnp_tests, ecdh_roundtrip)
+{
+ struct curve {
+ pgp_curve_t id;
+ size_t size;
+ } curves[] = {
+ {PGP_CURVE_NIST_P_256, 32}, {PGP_CURVE_NIST_P_384, 48}, {PGP_CURVE_NIST_P_521, 66}};
+
+ pgp_ecdh_encrypted_t enc;
+ uint8_t plaintext[32] = {0};
+ size_t plaintext_len = sizeof(plaintext);
+ uint8_t result[32] = {0};
+ size_t result_len = sizeof(result);
+
+ for (size_t i = 0; i < ARRAY_SIZE(curves); i++) {
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_ECDH;
+ key_desc.hash_alg = PGP_HASH_SHA512;
+ key_desc.ecc.curve = curves[i].id;
+ key_desc.ctx = &global_ctx;
+
+ pgp_key_pkt_t ecdh_key1;
+ assert_true(pgp_generate_seckey(key_desc, ecdh_key1, true));
+
+ pgp_fingerprint_t ecdh_key1_fpr = {};
+ assert_rnp_success(pgp_fingerprint(ecdh_key1_fpr, ecdh_key1));
+
+ assert_rnp_success(ecdh_encrypt_pkcs5(&global_ctx.rng,
+ &enc,
+ plaintext,
+ plaintext_len,
+ &ecdh_key1.material.ec,
+ ecdh_key1_fpr));
+
+ assert_rnp_success(ecdh_decrypt_pkcs5(
+ result, &result_len, &enc, &ecdh_key1.material.ec, ecdh_key1_fpr));
+
+ assert_int_equal(plaintext_len, result_len);
+ assert_int_equal(memcmp(plaintext, result, result_len), 0);
+ }
+}
+
+TEST_F(rnp_tests, ecdh_decryptionNegativeCases)
+{
+ uint8_t plaintext[32] = {0};
+ size_t plaintext_len = sizeof(plaintext);
+ uint8_t result[32] = {0};
+ size_t result_len = sizeof(result);
+ pgp_ecdh_encrypted_t enc;
+
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_ECDH;
+ key_desc.hash_alg = PGP_HASH_SHA512;
+ key_desc.ecc.curve = PGP_CURVE_NIST_P_256;
+ key_desc.ctx = &global_ctx;
+
+ pgp_key_pkt_t ecdh_key1;
+ assert_true(pgp_generate_seckey(key_desc, ecdh_key1, true));
+
+ pgp_fingerprint_t ecdh_key1_fpr = {};
+ assert_rnp_success(pgp_fingerprint(ecdh_key1_fpr, ecdh_key1));
+
+ assert_rnp_success(ecdh_encrypt_pkcs5(
+ &global_ctx.rng, &enc, plaintext, plaintext_len, &ecdh_key1.material.ec, ecdh_key1_fpr));
+
+ assert_int_equal(ecdh_decrypt_pkcs5(NULL, 0, &enc, &ecdh_key1.material.ec, ecdh_key1_fpr),
+ RNP_ERROR_BAD_PARAMETERS);
+
+ assert_int_equal(ecdh_decrypt_pkcs5(result, &result_len, &enc, NULL, ecdh_key1_fpr),
+ RNP_ERROR_BAD_PARAMETERS);
+
+ assert_int_equal(
+ ecdh_decrypt_pkcs5(result, &result_len, NULL, &ecdh_key1.material.ec, ecdh_key1_fpr),
+ RNP_ERROR_BAD_PARAMETERS);
+
+ size_t mlen = enc.mlen;
+ enc.mlen = 0;
+ assert_int_equal(
+ ecdh_decrypt_pkcs5(result, &result_len, &enc, &ecdh_key1.material.ec, ecdh_key1_fpr),
+ RNP_ERROR_GENERIC);
+
+ enc.mlen = mlen - 1;
+ assert_int_equal(
+ ecdh_decrypt_pkcs5(result, &result_len, &enc, &ecdh_key1.material.ec, ecdh_key1_fpr),
+ RNP_ERROR_GENERIC);
+
+ int key_wrapping_alg = ecdh_key1.material.ec.key_wrap_alg;
+ ecdh_key1.material.ec.key_wrap_alg = PGP_SA_IDEA;
+ assert_int_equal(
+ ecdh_decrypt_pkcs5(result, &result_len, &enc, &ecdh_key1.material.ec, ecdh_key1_fpr),
+ RNP_ERROR_NOT_SUPPORTED);
+ ecdh_key1.material.ec.key_wrap_alg = (pgp_symm_alg_t) key_wrapping_alg;
+}
+
+#if defined(ENABLE_SM2)
+TEST_F(rnp_tests, sm2_roundtrip)
+{
+ uint8_t key[27] = {0};
+ uint8_t decrypted[27];
+ size_t decrypted_size;
+
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_SM2;
+ key_desc.hash_alg = PGP_HASH_SM3;
+ key_desc.ecc.curve = PGP_CURVE_SM2_P_256;
+ key_desc.ctx = &global_ctx;
+
+ global_ctx.rng.get(key, sizeof(key));
+
+ pgp_key_pkt_t seckey;
+ assert_true(pgp_generate_seckey(key_desc, seckey, true));
+
+ const pgp_ec_key_t *eckey = &seckey.material.ec;
+
+ pgp_hash_alg_t hashes[] = {PGP_HASH_SM3, PGP_HASH_SHA256, PGP_HASH_SHA512};
+ pgp_sm2_encrypted_t enc;
+ rnp_result_t ret;
+
+ for (size_t i = 0; i < ARRAY_SIZE(hashes); ++i) {
+ ret = sm2_encrypt(&global_ctx.rng, &enc, key, sizeof(key), hashes[i], eckey);
+ assert_int_equal(ret, RNP_SUCCESS);
+
+ memset(decrypted, 0, sizeof(decrypted));
+ decrypted_size = sizeof(decrypted);
+ ret = sm2_decrypt(decrypted, &decrypted_size, &enc, eckey);
+ assert_int_equal(ret, RNP_SUCCESS);
+ assert_int_equal(decrypted_size, sizeof(key));
+ for (size_t i = 0; i < decrypted_size; ++i) {
+ assert_int_equal(key[i], decrypted[i]);
+ }
+ }
+}
+#endif
+
+#if defined(ENABLE_SM2)
+TEST_F(rnp_tests, sm2_sm3_signature_test)
+{
+ const char *msg = "no backdoors here";
+
+ pgp_ec_key_t sm2_key;
+ pgp_ec_signature_t sig;
+
+ pgp_hash_alg_t hash_alg = PGP_HASH_SM3;
+ const size_t hash_len = rnp::Hash::size(hash_alg);
+
+ uint8_t digest[PGP_MAX_HASH_SIZE];
+
+ sm2_key.curve = PGP_CURVE_NIST_P_256;
+
+ hex2mpi(&sm2_key.p,
+ "04d9a2025f1ab59bc44e35fc53aeb8e87a79787d30cd70a1f7c49e064b8b8a2fb24d8"
+ "c82f49ee0a5b11df22cb0c3c6d9d5526d9e24d02ff8c83c06a859c26565f1");
+ hex2mpi(&sm2_key.x, "110E7973206F68C19EE5F7328C036F26911C8C73B4E4F36AE3291097F8984FFC");
+
+ assert_int_equal(sm2_validate_key(&global_ctx.rng, &sm2_key, true), RNP_SUCCESS);
+
+ auto hash = rnp::Hash::create(hash_alg);
+
+ assert_int_equal(sm2_compute_za(sm2_key, *hash, "sm2_p256_test@example.com"), RNP_SUCCESS);
+ hash->add(msg, strlen(msg));
+ assert_int_equal(hash->finish(digest), hash_len);
+
+ // First generate a signature, then verify it
+ assert_int_equal(sm2_sign(&global_ctx.rng, &sig, hash_alg, digest, hash_len, &sm2_key),
+ RNP_SUCCESS);
+ assert_int_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+
+ // Check that invalid signatures are rejected
+ digest[0] ^= 1;
+ assert_int_not_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+
+ digest[0] ^= 1;
+ assert_int_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+
+ // Now verify a known good signature for this key/message (generated by GmSSL)
+ hex2mpi(&sig.r, "96AA39A0C4A5C454653F394E86386F2E38BE14C57D0E555F3A27A5CEF30E51BD");
+ hex2mpi(&sig.s, "62372BE4AC97DBE725AC0B279BB8FD15883858D814FD792DDB0A401DCC988E70");
+ assert_int_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+}
+#endif
+
+#if defined(ENABLE_SM2)
+TEST_F(rnp_tests, sm2_sha256_signature_test)
+{
+ const char * msg = "hi chappy";
+ pgp_ec_key_t sm2_key;
+ pgp_ec_signature_t sig;
+ pgp_hash_alg_t hash_alg = PGP_HASH_SHA256;
+ const size_t hash_len = rnp::Hash::size(hash_alg);
+ uint8_t digest[PGP_MAX_HASH_SIZE];
+
+ sm2_key.curve = PGP_CURVE_SM2_P_256;
+ hex2mpi(&sm2_key.p,
+ "04d03d30dd01ca3422aeaccf9b88043b554659d3092b0a9e8cce3e8c4530a98cb79d7"
+ "05e6213eee145b748e36e274e5f101dc10d7bbc9dab9a04022e73b76e02cd");
+ hex2mpi(&sm2_key.x, "110E7973206F68C19EE5F7328C036F26911C8C73B4E4F36AE3291097F8984FFC");
+
+ assert_int_equal(sm2_validate_key(&global_ctx.rng, &sm2_key, true), RNP_SUCCESS);
+
+ auto hash = rnp::Hash::create(hash_alg);
+ assert_int_equal(sm2_compute_za(sm2_key, *hash, "sm2test@example.com"), RNP_SUCCESS);
+ hash->add(msg, strlen(msg));
+ assert_int_equal(hash->finish(digest), hash_len);
+
+ // First generate a signature, then verify it
+ assert_int_equal(sm2_sign(&global_ctx.rng, &sig, hash_alg, digest, hash_len, &sm2_key),
+ RNP_SUCCESS);
+ assert_int_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+
+ // Check that invalid signatures are rejected
+ digest[0] ^= 1;
+ assert_int_not_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+
+ digest[0] ^= 1;
+ assert_int_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+
+ // Now verify a known good signature for this key/message (generated by GmSSL)
+ hex2mpi(&sig.r, "94DA20EA69E4FC70692158BF3D30F87682A4B2F84DF4A4829A1EFC5D9C979D3F");
+ hex2mpi(&sig.s, "EE15AF8D455B728AB80E592FCB654BF5B05620B2F4D25749D263D5C01FAD365F");
+ assert_int_equal(sm2_verify(&sig, hash_alg, digest, hash_len, &sm2_key), RNP_SUCCESS);
+}
+#endif
+
+TEST_F(rnp_tests, test_dsa_roundtrip)
+{
+ uint8_t message[PGP_MAX_HASH_SIZE];
+ pgp_key_pkt_t seckey;
+ pgp_dsa_signature_t sig;
+
+ struct key_params {
+ size_t p;
+ size_t q;
+ pgp_hash_alg_t h;
+ } keys[] = {
+ // all 1024 key-hash combinations
+ {1024, 160, PGP_HASH_SHA1},
+ {1024, 160, PGP_HASH_SHA224},
+ {1024, 160, PGP_HASH_SHA256},
+ {1024, 160, PGP_HASH_SHA384},
+ {1024, 160, PGP_HASH_SHA512},
+ // all 2048 key-hash combinations
+ {2048, 256, PGP_HASH_SHA256},
+ {2048, 256, PGP_HASH_SHA384},
+ {2048, 256, PGP_HASH_SHA512},
+ // misc
+ {1088, 224, PGP_HASH_SHA512},
+ {1024, 256, PGP_HASH_SHA256},
+ };
+
+ global_ctx.rng.get(message, sizeof(message));
+
+ for (size_t i = 0; i < ARRAY_SIZE(keys); i++) {
+ sig = {};
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_DSA;
+ key_desc.hash_alg = keys[i].h;
+ key_desc.dsa.p_bitlen = keys[i].p;
+ key_desc.dsa.q_bitlen = keys[i].q;
+ key_desc.ctx = &global_ctx;
+
+ assert_true(pgp_generate_seckey(key_desc, seckey, true));
+ // try to prevent timeouts in travis-ci
+ printf("p: %zu q: %zu h: %s\n",
+ key_desc.dsa.p_bitlen,
+ key_desc.dsa.q_bitlen,
+ rnp::Hash::name(key_desc.hash_alg));
+ fflush(stdout);
+
+ pgp_dsa_key_t *key1 = &seckey.material.dsa;
+
+ size_t h_size = rnp::Hash::size(keys[i].h);
+ assert_int_equal(dsa_sign(&global_ctx.rng, &sig, message, h_size, key1), RNP_SUCCESS);
+ assert_int_equal(dsa_verify(&sig, message, h_size, key1), RNP_SUCCESS);
+ }
+}
+
+TEST_F(rnp_tests, test_dsa_verify_negative)
+{
+ uint8_t message[PGP_MAX_HASH_SIZE];
+ pgp_key_pkt_t sec_key1;
+ pgp_key_pkt_t sec_key2;
+ pgp_dsa_signature_t sig = {};
+
+ struct key_params {
+ size_t p;
+ size_t q;
+ pgp_hash_alg_t h;
+ } key = {1024, 160, PGP_HASH_SHA1};
+
+ global_ctx.rng.get(message, sizeof(message));
+
+ rnp_keygen_crypto_params_t key_desc;
+ key_desc.key_alg = PGP_PKA_DSA;
+ key_desc.hash_alg = key.h;
+ key_desc.dsa.p_bitlen = key.p;
+ key_desc.dsa.q_bitlen = key.q;
+ key_desc.ctx = &global_ctx;
+
+ assert_true(pgp_generate_seckey(key_desc, sec_key1, true));
+ // try to prevent timeouts in travis-ci
+ printf("p: %zu q: %zu h: %s\n",
+ key_desc.dsa.p_bitlen,
+ key_desc.dsa.q_bitlen,
+ rnp::Hash::name(key_desc.hash_alg));
+ assert_true(pgp_generate_seckey(key_desc, sec_key2, true));
+
+ pgp_dsa_key_t *key1 = &sec_key1.material.dsa;
+ pgp_dsa_key_t *key2 = &sec_key2.material.dsa;
+
+ size_t h_size = rnp::Hash::size(key.h);
+ assert_int_equal(dsa_sign(&global_ctx.rng, &sig, message, h_size, key1), RNP_SUCCESS);
+ // wrong key used
+ assert_int_equal(dsa_verify(&sig, message, h_size, key2), RNP_ERROR_SIGNATURE_INVALID);
+ // different message
+ message[0] = ~message[0];
+ assert_int_equal(dsa_verify(&sig, message, h_size, key1), RNP_ERROR_SIGNATURE_INVALID);
+}
+
+// platforms known to not have a robust response can compile with
+// -DS2K_MINIMUM_TUNING_RATIO=2 (or whatever they need)
+#ifndef S2K_MINIMUM_TUNING_RATIO
+#define S2K_MINIMUM_TUNING_RATIO 6
+#endif
+
+TEST_F(rnp_tests, s2k_iteration_tuning)
+{
+ pgp_hash_alg_t hash_alg = PGP_HASH_SHA512;
+
+ /*
+ Run trials for a while (1/4 second) to ensure dynamically clocked
+ cores spin up to full speed.
+ */
+ const size_t TRIAL_MSEC = 250;
+
+ const size_t iters_100 = pgp_s2k_compute_iters(hash_alg, 100, TRIAL_MSEC);
+ const size_t iters_10 = pgp_s2k_compute_iters(hash_alg, 10, TRIAL_MSEC);
+
+ double ratio = static_cast<double>(iters_100) / iters_10;
+ printf("s2k iteration tuning ratio: %g, (%zu:%zu)\n", ratio, iters_10, iters_100);
+ // Test roughly linear cost, often skeyed by clock idle
+ assert_greater_than(ratio, S2K_MINIMUM_TUNING_RATIO);
+
+ // Should not crash for unknown hash algorithm
+ assert_int_equal(pgp_s2k_compute_iters(PGP_HASH_UNKNOWN, 1000, TRIAL_MSEC), 0);
+ /// TODO test that hashing iters_xx data takes roughly requested time
+
+ size_t iter_sha1 = global_ctx.s2k_iterations(PGP_HASH_SHA1);
+ assert_int_equal(iter_sha1, global_ctx.s2k_iterations(PGP_HASH_SHA1));
+ size_t iter_sha512 = global_ctx.s2k_iterations(PGP_HASH_SHA512);
+ assert_int_equal(iter_sha512, global_ctx.s2k_iterations(PGP_HASH_SHA512));
+ assert_int_equal(global_ctx.s2k_iterations(PGP_HASH_UNKNOWN), 0);
+}
+
+TEST_F(rnp_tests, s2k_iteration_encode_decode)
+{
+ const size_t MAX_ITER = 0x3e00000; // 0x1F << (0xF + 6);
+ // encoding tests
+ assert_int_equal(pgp_s2k_encode_iterations(0), 0);
+ assert_int_equal(pgp_s2k_encode_iterations(512), 0);
+ assert_int_equal(pgp_s2k_encode_iterations(1024), 0);
+ assert_int_equal(pgp_s2k_encode_iterations(1024), 0);
+ assert_int_equal(pgp_s2k_encode_iterations(1025), 1);
+ assert_int_equal(pgp_s2k_encode_iterations(1088), 1);
+ assert_int_equal(pgp_s2k_encode_iterations(1089), 2);
+ assert_int_equal(pgp_s2k_encode_iterations(2048), 16);
+ assert_int_equal(pgp_s2k_encode_iterations(MAX_ITER - 1), 0xFF);
+ assert_int_equal(pgp_s2k_encode_iterations(MAX_ITER), 0xFF);
+ assert_int_equal(pgp_s2k_encode_iterations(MAX_ITER + 1), 0xFF);
+ assert_int_equal(pgp_s2k_encode_iterations(SIZE_MAX), 0xFF);
+ // decoding tests
+ assert_int_equal(pgp_s2k_decode_iterations(0), 1024);
+ assert_int_equal(pgp_s2k_decode_iterations(1), 1088);
+ assert_int_equal(pgp_s2k_decode_iterations(16), 2048);
+ assert_int_equal(pgp_s2k_decode_iterations(0xFF), MAX_ITER);
+}
+
+static bool
+read_key_pkt(pgp_key_pkt_t *key, const char *path)
+{
+ pgp_source_t src = {};
+ if (init_file_src(&src, path)) {
+ return false;
+ }
+ bool res = !key->parse(src);
+ src_close(&src);
+ return res;
+}
+
+#define KEYS "data/test_validate_key_material/"
+
+TEST_F(rnp_tests, test_validate_key_material)
+{
+ pgp_key_pkt_t key;
+ rnp::RNG & rng = global_ctx.rng;
+
+ /* RSA key and subkey */
+ assert_true(read_key_pkt(&key, KEYS "rsa-pub.pgp"));
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.n.mpi[key.material.rsa.n.len - 1] &= ~1;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.n.mpi[key.material.rsa.n.len - 1] |= 1;
+ key.material.rsa.e.mpi[key.material.rsa.e.len - 1] &= ~1;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key = pgp_key_pkt_t();
+
+ assert_true(read_key_pkt(&key, KEYS "rsa-sub.pgp"));
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.n.mpi[key.material.rsa.n.len - 1] &= ~1;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.n.mpi[key.material.rsa.n.len - 1] |= 1;
+ key.material.rsa.e.mpi[key.material.rsa.e.len - 1] &= ~1;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key = pgp_key_pkt_t();
+
+ assert_true(read_key_pkt(&key, KEYS "rsa-sec.pgp"));
+ key.material.validate(global_ctx);
+ assert_true(key.material.validity.valid);
+ assert_true(key.material.validity.validated);
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ /* make sure validity is reset after decryption */
+ assert_false(key.material.validity.valid);
+ assert_false(key.material.validity.validated);
+ assert_true(key.material.secret);
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.e.mpi[key.material.rsa.e.len - 1] += 1;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.e.mpi[key.material.rsa.e.len - 1] -= 1;
+ key.material.rsa.p.mpi[key.material.rsa.p.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.p.mpi[key.material.rsa.p.len - 1] -= 2;
+ key.material.rsa.p.mpi[key.material.rsa.q.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.p.mpi[key.material.rsa.q.len - 1] -= 2;
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key = pgp_key_pkt_t();
+
+ assert_true(read_key_pkt(&key, KEYS "rsa-ssb.pgp"));
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ assert_true(key.material.secret);
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.e.mpi[key.material.rsa.e.len - 1] += 1;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.e.mpi[key.material.rsa.e.len - 1] -= 1;
+ key.material.rsa.p.mpi[key.material.rsa.p.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.p.mpi[key.material.rsa.p.len - 1] -= 2;
+ key.material.rsa.p.mpi[key.material.rsa.q.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.rsa.p.mpi[key.material.rsa.q.len - 1] -= 2;
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key = pgp_key_pkt_t();
+
+ /* DSA-ElGamal key */
+ assert_true(read_key_pkt(&key, KEYS "dsa-sec.pgp"));
+ key.material.dsa.q.mpi[key.material.dsa.q.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.dsa.q.mpi[key.material.dsa.q.len - 1] -= 2;
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ assert_true(key.material.secret);
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.dsa.y.mpi[key.material.dsa.y.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.dsa.y.mpi[key.material.dsa.y.len - 1] -= 2;
+ key.material.dsa.p.mpi[key.material.dsa.p.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.dsa.p.mpi[key.material.dsa.p.len - 1] -= 2;
+ /* since Botan calculates y from x on key load we do not check x vs y */
+ key.material.dsa.x = key.material.dsa.q;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key = pgp_key_pkt_t();
+
+ assert_true(read_key_pkt(&key, KEYS "eg-sec.pgp"));
+ key.material.eg.p.mpi[key.material.eg.p.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.eg.p.mpi[key.material.eg.p.len - 1] -= 2;
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ assert_true(key.material.secret);
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.eg.p.mpi[key.material.eg.p.len - 1] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.eg.p.mpi[key.material.eg.p.len - 1] -= 2;
+ /* since Botan calculates y from x on key load we do not check x vs y */
+ key.material.eg.x = key.material.eg.p;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key = pgp_key_pkt_t();
+
+ /* ElGamal key with small subgroup */
+ assert_true(read_key_pkt(&key, KEYS "eg-sec-small-group.pgp"));
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ key = pgp_key_pkt_t();
+
+ assert_true(read_key_pkt(&key, KEYS "eg-sec-small-group-enc.pgp"));
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ assert_rnp_success(decrypt_secret_key(&key, "password"));
+ key = pgp_key_pkt_t();
+
+ /* ECDSA key */
+ assert_true(read_key_pkt(&key, KEYS "ecdsa-p256-sec.pgp"));
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] -= 2;
+ key.material.ec.p.mpi[10] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[10] -= 2;
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ assert_true(key.material.secret);
+ key = pgp_key_pkt_t();
+
+ /* ECDH key */
+ assert_true(read_key_pkt(&key, KEYS "ecdh-p256-sec.pgp"));
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] -= 2;
+ key.material.ec.p.mpi[10] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[10] -= 2;
+ assert_rnp_success(decrypt_secret_key(&key, NULL));
+ assert_true(key.material.secret);
+ key = pgp_key_pkt_t();
+
+ /* EDDSA key, just test for header since any value can be secret key */
+ assert_true(read_key_pkt(&key, KEYS "ed25519-sec.pgp"));
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] -= 2;
+ key = pgp_key_pkt_t();
+
+ /* x25519 key, same as the previous - botan calculates pub key from the secret one */
+ assert_true(read_key_pkt(&key, KEYS "x25519-sec.pgp"));
+ assert_rnp_success(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] += 2;
+ assert_rnp_failure(validate_pgp_key_material(&key.material, &rng));
+ key.material.ec.p.mpi[0] -= 2;
+ key = pgp_key_pkt_t();
+}
+
+TEST_F(rnp_tests, test_sm2_enabled)
+{
+ char *features = NULL;
+ bool supported = false;
+ /* check whether FFI returns value which corresponds to defines */
+#if defined(ENABLE_SM2)
+ assert_true(sm2_enabled());
+ /* SM2 */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_PK_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM2") != std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_PK_ALG, "SM2", &supported));
+ assert_true(supported);
+ /* SM3 */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_HASH_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM3") != std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = false;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_HASH_ALG, "SM3", &supported));
+ assert_true(supported);
+ /* SM4 */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_SYMM_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM4") != std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = false;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_SYMM_ALG, "SM4", &supported));
+ assert_true(supported);
+ /* Curve */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_CURVE, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM2 P-256") != std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = false;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "SM2 P-256", &supported));
+ assert_true(supported);
+#else
+ assert_false(sm2_enabled());
+ /* SM2 */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_PK_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM2") == std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = true;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_PK_ALG, "SM2", &supported));
+ assert_false(supported);
+ /* SM3 */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_HASH_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM3") == std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = true;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_HASH_ALG, "SM3", &supported));
+ assert_false(supported);
+ /* SM4 */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_SYMM_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM4") == std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = true;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_SYMM_ALG, "SM4", &supported));
+ assert_false(supported);
+ /* Curve */
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_CURVE, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("SM2 P-256") == std::string::npos);
+ rnp_buffer_destroy(features);
+ supported = true;
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "SM2 P-256", &supported));
+ assert_false(supported);
+#endif
+}
+
+TEST_F(rnp_tests, test_aead_enabled)
+{
+ char *features = NULL;
+ bool supported = false;
+ /* check whether FFI returns value which corresponds to defines */
+#if defined(ENABLE_AEAD)
+ bool has_eax = aead_eax_enabled();
+ bool has_ocb = aead_ocb_enabled();
+ assert_true(has_eax || has_ocb);
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_AEAD_ALG, &features));
+ assert_non_null(features);
+ assert_true((std::string(features).find("EAX") != std::string::npos) == has_eax);
+ assert_true((std::string(features).find("OCB") != std::string::npos) == has_ocb);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_AEAD_ALG, "EAX", &supported));
+ assert_true(supported == has_eax);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_AEAD_ALG, "OCB", &supported));
+ assert_true(supported == has_ocb);
+#else
+ assert_false(aead_eax_enabled());
+ assert_false(aead_ocb_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_AEAD_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("EAX") == std::string::npos);
+ assert_true(std::string(features).find("OCB") == std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_AEAD_ALG, "EAX", &supported));
+ assert_false(supported);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_AEAD_ALG, "OCB", &supported));
+ assert_false(supported);
+#endif
+}
+
+TEST_F(rnp_tests, test_idea_enabled)
+{
+ char *features = NULL;
+ bool supported = false;
+ /* check whether FFI returns value which corresponds to defines */
+#if defined(ENABLE_IDEA)
+ assert_true(idea_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_SYMM_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("IDEA") != std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_SYMM_ALG, "IDEA", &supported));
+ assert_true(supported);
+#else
+ assert_false(idea_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_SYMM_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("IDEA") == std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_SYMM_ALG, "IDEA", &supported));
+ assert_false(supported);
+#endif
+}
+
+TEST_F(rnp_tests, test_twofish_enabled)
+{
+ char *features = NULL;
+ bool supported = false;
+ /* check whether FFI returns value which corresponds to defines */
+#if defined(ENABLE_TWOFISH)
+ assert_true(twofish_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_SYMM_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("TWOFISH") != std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_SYMM_ALG, "TWOFISH", &supported));
+ assert_true(supported);
+#else
+ assert_false(twofish_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_SYMM_ALG, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("TWOFISH") == std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_SYMM_ALG, "TWOFISH", &supported));
+ assert_false(supported);
+#endif
+}
+
+TEST_F(rnp_tests, test_brainpool_enabled)
+{
+ char *features = NULL;
+ bool supported = false;
+ /* check whether FFI returns value which corresponds to defines */
+#if defined(ENABLE_BRAINPOOL)
+ assert_true(brainpool_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_CURVE, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("brainpool") != std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "brainpoolP256r1", &supported));
+ assert_true(supported);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "brainpoolP384r1", &supported));
+ assert_true(supported);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "brainpoolP512r1", &supported));
+ assert_true(supported);
+#else
+ assert_false(brainpool_enabled());
+ assert_rnp_success(rnp_supported_features(RNP_FEATURE_CURVE, &features));
+ assert_non_null(features);
+ assert_true(std::string(features).find("brainpool") == std::string::npos);
+ rnp_buffer_destroy(features);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "brainpoolP256r1", &supported));
+ assert_false(supported);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "brainpoolP384r1", &supported));
+ assert_false(supported);
+ assert_rnp_success(rnp_supports_feature(RNP_FEATURE_CURVE, "brainpoolP512r1", &supported));
+ assert_false(supported);
+#endif
+}