| 1 | ### -*-python-*- |
| 2 | ### |
| 3 | ### Testing public-key crypto functionality |
| 4 | ### |
| 5 | ### (c) 2019 Straylight/Edgeware |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This file is part of the Python interface to Catacomb. |
| 11 | ### |
| 12 | ### Catacomb/Python is free software: you can redistribute it and/or |
| 13 | ### modify it under the terms of the GNU General Public License as |
| 14 | ### published by the Free Software Foundation; either version 2 of the |
| 15 | ### License, or (at your option) any later version. |
| 16 | ### |
| 17 | ### Catacomb/Python is distributed in the hope that it will be useful, but |
| 18 | ### WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 20 | ### General Public License for more details. |
| 21 | ### |
| 22 | ### You should have received a copy of the GNU General Public License |
| 23 | ### along with Catacomb/Python. If not, write to the Free Software |
| 24 | ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
| 25 | ### USA. |
| 26 | |
| 27 | ###-------------------------------------------------------------------------- |
| 28 | ### Imported modules. |
| 29 | |
| 30 | import catacomb as C |
| 31 | import unittest as U |
| 32 | import testutils as T |
| 33 | |
| 34 | ###-------------------------------------------------------------------------- |
| 35 | class TestDSA (U.TestCase): |
| 36 | |
| 37 | def check(me, privcls, pubcls, rng, H, G): |
| 38 | msg = T.bin("A simple test message") |
| 39 | wrong = T.bin("This is not the message you're looking for") |
| 40 | a = privcls(G, rng.range(G.r), hash = H, rng = rng) |
| 41 | me.assertEqual(a.hash, H) |
| 42 | me.assertEqual(a.rng, rng) |
| 43 | A = pubcls(G, a.p, hash = H, rng = rng) |
| 44 | h = a.endhash(a.beginhash().hash(msg)) |
| 45 | me.assertEqual(h, A.endhash(a.beginhash().hash(msg))) |
| 46 | sig = a.sign(h) |
| 47 | me.assertTrue(A.verify(h, sig)) |
| 48 | me.assertFalse(A.verify(A.endhash(A.beginhash().hash(wrong)), sig)) |
| 49 | |
| 50 | me.assertRaises(ValueError, a.sign, h + C.bytes("00")) |
| 51 | me.assertRaises(ValueError, a.verify, h + C.bytes("00"), sig) |
| 52 | |
| 53 | def test_dsa(me): |
| 54 | me.check(C.DSAPriv, C.DSAPub, T.detrand("dsa"), C.sha256, |
| 55 | C.primegroups["catacomb-ll-256-3072"].group()) |
| 56 | def test_ecdsa(me): |
| 57 | me.check(C.DSAPriv, C.DSAPub, T.detrand("ecdsa"), C.sha256, |
| 58 | C.eccurves["nist-p256"].group()) |
| 59 | def test_kcdsa(me): |
| 60 | me.check(C.KCDSAPriv, C.KCDSAPub, T.detrand("kcdsa"), C.has160, |
| 61 | C.primegroups["catacomb-ll-160-1024"].group()) |
| 62 | def test_eckcdsa(me): |
| 63 | me.check(C.KCDSAPriv, C.KCDSAPub, T.detrand("eckcdsa"), C.sha256, |
| 64 | C.eccurves["nist-p256"].group()) |
| 65 | |
| 66 | ###-------------------------------------------------------------------------- |
| 67 | class TestRSA (U.TestCase): |
| 68 | |
| 69 | def test(me): |
| 70 | rng = T.detrand("rsa") |
| 71 | ev = T.EventRecorder() |
| 72 | msg = T.bin("A simple test message") |
| 73 | h = C.sha256().hash(msg).done() |
| 74 | wrong = T.bin("This is not the message you're looking for") |
| 75 | hh = C.sha256().hash(wrong).done() |
| 76 | |
| 77 | a = C.RSAPriv.generate(1536, event = ev, rng = rng) |
| 78 | A = C.RSAPub(n = a.n, e = a.e) |
| 79 | me.assertEqual(a.n.nbits, 1536) |
| 80 | me.assertEqual(a.rng, None) |
| 81 | a.rng = rng |
| 82 | me.assertEqual(a.rng, rng) |
| 83 | me.assertEqual(ev.events, |
| 84 | "[p [s]:F6/P7/D]" |
| 85 | "[p [t]:F68/P7/D]" |
| 86 | "[p [r]:F20/P7/D]" |
| 87 | "[p:F35/P3/D]" |
| 88 | "[q [s]:F47/P7/D]" |
| 89 | "[q [t]:F4/P7/D]" |
| 90 | "[q [r]:F8/P7/D]" |
| 91 | "[q:F22/P3/D]") |
| 92 | |
| 93 | C.RSAPriv(n = a.n, e = a.e, d = a.d) |
| 94 | C.RSAPriv(n = a.n, p = a.p, d = a.d) |
| 95 | C.RSAPriv(n = a.n, q = a.q, e = a.e) |
| 96 | C.RSAPriv(p = a.p, q = a.q, e = a.e) |
| 97 | me.assertRaises(ValueError, C.RSAPriv, p = a.p, q = a.q, dp = a.dp) |
| 98 | |
| 99 | me.assertTrue(a.p.primep()) |
| 100 | me.assertTrue(a.q.primep()) |
| 101 | me.assertEqual(a.n, a.p*a.q) |
| 102 | me.assertEqual(a.dp, a.d%(a.p - 1)) |
| 103 | me.assertEqual(a.dq, a.d%(a.q - 1)) |
| 104 | me.assertEqual((a.e*a.dp)%(a.p - 1), 1) |
| 105 | me.assertEqual((a.e*a.dq)%(a.q - 1), 1) |
| 106 | me.assertEqual((a.q*a.q_inv)%a.p, 1) |
| 107 | |
| 108 | x = rng.range(a.n) |
| 109 | y = a.privop(x) |
| 110 | me.assertEqual(x, a.pubop(y)) |
| 111 | me.assertEqual(x, A.pubop(y)) |
| 112 | z = a.pubop(x) |
| 113 | me.assertEqual(z, A.pubop(x)) |
| 114 | me.assertEqual(x, a.privop(z)) |
| 115 | |
| 116 | pad = C.PKCS1Crypt(rng = rng) |
| 117 | ct = A.encrypt(msg, pad) |
| 118 | me.assertEqual(a.decrypt(ct, pad), msg) |
| 119 | me.assertRaises(ValueError, a.decrypt, ct ^ 1, pad) |
| 120 | |
| 121 | pad = C.PKCS1Sig(ep = C.bytes("3031300d060960864801650304020105000420")) |
| 122 | sig = a.sign(h, pad) |
| 123 | me.assertTrue(A.verify(h, sig, pad)) |
| 124 | me.assertFalse(A.verify(hh, sig, pad)) |
| 125 | |
| 126 | pad = C.OAEP(mgf = C.sha256_mgf, hash = C.sha256, rng = rng) |
| 127 | ct = A.encrypt(msg, pad) |
| 128 | me.assertEqual(a.decrypt(ct, pad), msg) |
| 129 | me.assertRaises(ValueError, a.decrypt, ct ^ 1, pad) |
| 130 | |
| 131 | pad = C.PSS(mgf = C.sha256_mgf, hash = C.sha256, rng = rng) |
| 132 | sig = a.sign(h, pad) |
| 133 | me.assertTrue(A.verify(h, sig, pad)) |
| 134 | me.assertFalse(A.verify(hh, sig, pad)) |
| 135 | |
| 136 | ###-------------------------------------------------------------------------- |
| 137 | class TestXDH (U.TestCase): |
| 138 | |
| 139 | def check(me, privcls, pubcls, rng): |
| 140 | msg = T.bin("A simple test message") |
| 141 | n = rng.block(24) |
| 142 | n1 = rng.block(24) |
| 143 | |
| 144 | a = privcls.generate(rng) |
| 145 | A = pubcls(a.pub) |
| 146 | b = privcls.generate(rng) |
| 147 | B = pubcls(b.pub) |
| 148 | Z = a.agree(B) |
| 149 | me.assertEqual(b.agree(A), Z) |
| 150 | me.assertEqual(b.agree(a), Z) |
| 151 | |
| 152 | ct = a.box(B, n, msg) |
| 153 | me.assertEqual(b.unbox(A, n, ct), msg) |
| 154 | me.assertRaises(ValueError, b.unbox, A, n1, ct) |
| 155 | |
| 156 | def test_x25519(me): |
| 157 | me.check(C.X25519Priv, C.X25519Pub, T.detrand("x25519")) |
| 158 | def test_x448(me): |
| 159 | me.check(C.X448Priv, C.X448Pub, T.detrand("x448")) |
| 160 | |
| 161 | ###-------------------------------------------------------------------------- |
| 162 | class TestEdDSA (U.TestCase): |
| 163 | |
| 164 | def check(me, privcls, pubcls, rng): |
| 165 | msg = T.bin("A simple test message") |
| 166 | wrong = T.bin("This is not the message you're looking for") |
| 167 | perso = T.bin("Catacomb/Python test") |
| 168 | a = privcls.generate(rng) |
| 169 | A = pubcls(a.pub) |
| 170 | |
| 171 | sig = a.sign(msg) |
| 172 | me.assertTrue(a.verify(msg, sig)) |
| 173 | me.assertTrue(A.verify(msg, sig)) |
| 174 | me.assertFalse(A.verify(wrong, sig)) |
| 175 | |
| 176 | sig = a.sign(msg, perso = perso) |
| 177 | me.assertTrue(a.verify(msg, sig, perso = perso)) |
| 178 | me.assertFalse(A.verify(msg, sig)) |
| 179 | |
| 180 | h = a.endhash(a.beginhash().hash(msg)) |
| 181 | sig = a.sign(h, phflag = True) |
| 182 | me.assertTrue(a.verify(h, sig, phflag = True)) |
| 183 | me.assertFalse(A.verify(h, sig)) |
| 184 | |
| 185 | def test_ed25519(me): |
| 186 | me.check(C.Ed25519Priv, C.Ed25519Pub, T.detrand("ed25519")) |
| 187 | def test_ed448(me): |
| 188 | me.check(C.Ed448Priv, C.Ed448Pub, T.detrand("ed448")) |
| 189 | |
| 190 | ###----- That's all, folks -------------------------------------------------- |
| 191 | |
| 192 | if __name__ == "__main__": U.main() |