You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2006/09/28 09:49:41 UTC

svn commit: r450742 - /xml/security/trunk/c/src/tools/xtest/xtest.cpp

Author: blautenb
Date: Thu Sep 28 00:49:40 2006
New Revision: 450742

URL: http://svn.apache.org/viewvc?view=rev&rev=450742
Log:
Add unit tests for different hash algorithms against an RSA signature

Modified:
    xml/security/trunk/c/src/tools/xtest/xtest.cpp

Modified: xml/security/trunk/c/src/tools/xtest/xtest.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/tools/xtest/xtest.cpp?view=diff&rev=450742&r1=450741&r2=450742
==============================================================================
--- xml/security/trunk/c/src/tools/xtest/xtest.cpp (original)
+++ xml/security/trunk/c/src/tools/xtest/xtest.cpp Thu Sep 28 00:49:40 2006
@@ -837,9 +837,11 @@
 		obj->appendChild(txt);
 
 		// Add a Reference
-		cerr << "224 ... ";
-		ref[0] = sig->createReference(MAKE_UNICODE_STRING("#ObjectId"), 
-			DSIGConstants::s_unicodeStrURISHA224);
+		if (XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoHash::HASH_SHA224)) {
+			cerr << "224 ... ";
+			ref[0] = sig->createReference(MAKE_UNICODE_STRING("#ObjectId"), 
+				DSIGConstants::s_unicodeStrURISHA224);
+		}
 		cerr << "256 ... ";
 		ref[1] = sig->createReference(MAKE_UNICODE_STRING("#ObjectId"), 
 			DSIGConstants::s_unicodeStrURISHA256);
@@ -964,7 +966,216 @@
 	}
 
 }
+
+void unitTestRSASig(DOMImplementation * impl, XSECCryptoKeyRSA * k, const XMLCh * AlgURI) {
+
+	// Given a specific RSA key and particular algorithm URI, sign and validate a document
+
+	try {
+		
+		// Create a document
+    
+		DOMDocument * doc = impl->createDocument();
+
+		// Create the signature
+
+		XSECProvider prov;
+		DSIGSignature *sig;
+		DOMElement *sigNode;
+		DSIGReference *ref[4];
+		
+		sig = prov.newSignature();
+		sig->setDSIGNSPrefix(MAKE_UNICODE_STRING("ds"));
+		sig->setPrettyPrint(true);
+
+		sigNode = sig->createBlankSignature(doc, 
+			DSIGConstants::s_unicodeStrURIC14N_COM,
+			AlgURI);
+
+		doc->appendChild(sigNode);
+
+		// Add an object
+		DSIGObject * obj = sig->appendObject();
+		obj->setId(MAKE_UNICODE_STRING("ObjectId"));
+
+		// Create a text node
+		DOMText * txt= doc->createTextNode(MAKE_UNICODE_STRING("A test string"));
+		obj->appendChild(txt);
+
+		// Add a Reference
+		ref[0] = sig->createReference(MAKE_UNICODE_STRING("#ObjectId"), 
+			DSIGConstants::s_unicodeStrURISHA1);
+
+		// Get a key
+		cerr << "signing ... ";
+
+		sig->setSigningKey(k->clone());
+		sig->sign();
+
+		cerr << "OK ... ";
+
+		cerr << "validating ... ";
+		if (!sig->verify()) {
+			cerr << "bad verify!" << endl;
+			exit(1);
+		}
+
+		cerr << "OK ... serialise and re-verify ... ";
+		if (!reValidateSig(impl, doc, k)) {
+
+			cerr << "bad verify!" << endl;
+			exit(1);
+
+		}
+
+		cerr << "OK";
+
+#if 0
+#if defined HAVE_OPENSSL
+
+		if (g_useWinCAPI || g_useNSS) {
+
+			cerr << " ... validate against OpenSSL" << endl;
+
+			BIO * bioMem = BIO_new(BIO_s_mem());
+			BIO_puts(bioMem, s_tstRSAPrivateKey);
+			EVP_PKEY * pk = PEM_read_bio_PrivateKey(bioMem, NULL, NULL, NULL);
+
+			OpenSSLCryptoKeyRSA * rsaKey = new OpenSSLCryptoKeyRSA(pk);
+
+			sig->setSigningKey(rsaKey);
+			if (!sig->verify()) {
+				cerr << "bad verify!" << endl;
+				exit (1);
+			}
+
+			cerr << "OK";
+
+			BIO_free(bioMem);
+			EVP_PKEY_free(pk);
+		}
+#endif
+#endif
+
+		cerr << "\n";	
+
+		outputDoc(impl, doc);
+		doc->release();
+		
+
+	}
+
+	catch (XSECException &e)
+	{
+		cerr << "An error occured during signature processing\n   Message: ";
+		char * ce = XMLString::transcode(e.getMsg());
+		cerr << ce << endl;
+		delete ce;
+		exit(1);
+		
+	}	
+	catch (XSECCryptoException &e)
+	{
+		cerr << "A cryptographic error occured during signature processing\n   Message: "
+		<< e.getMsg() << endl;
+		exit(1);
+	}
+
+}
+
+
+void unitTestRSA(DOMImplementation * impl) {
+
+	/* First we load some keys to use! */
+
+	XSECCryptoKeyRSA * rsaKey;
+
+#if defined (HAVE_OPENSSL)
+	if (!g_useWinCAPI && !g_useNSS) {
+		// Load the key
+		BIO * bioMem = BIO_new(BIO_s_mem());
+		BIO_puts(bioMem, s_tstRSAPrivateKey);
+		EVP_PKEY * pk = PEM_read_bio_PrivateKey(bioMem, NULL, NULL, NULL);
+
+		rsaKey = new OpenSSLCryptoKeyRSA(pk);
+
+		BIO_free(bioMem);
+		EVP_PKEY_free(pk);
+	}
+#endif
+
+#if defined (HAVE_WINCAPI)
+	if (g_useWinCAPI) {
+
+		// Use the internal key
+		WinCAPICryptoProvider *cp = (WinCAPICryptoProvider *) (XSECPlatformUtils::g_cryptoProvider);
+		HCRYPTPROV p = cp->getApacheKeyStore();
+			
+		rsaKey = new WinCAPICryptoKeyRSA(p, AT_KEYEXCHANGE, true);
+	}
+
+#endif
+
+#if defined (HAVE_NSS)
+	if (g_useNSS) {
+		// Use the internal key
+		NSSCryptoProvider *cp = (NSSCryptoProvider *) (XSECPlatformUtils::g_cryptoProvider);
+		
+		// Heavily based on Mozilla example code
+		SECKEYPrivateKey *prvKey = 0;
+		SECKEYPublicKey *pubKey = 0;
+		PK11SlotInfo *slot = 0;
+		PK11RSAGenParams rsaParams;
+
+		// Use a bog standard key size
+		rsaParams.keySizeInBits = 1024;
+		rsaParams.pe = 65537;
+		
+		// We need somewhere to temporarily store a generated key
+		slot = PK11_GetInternalKeySlot();
+		if (!slot) { 
+			cerr << "Error generating key - can't get NSS slot\n";
+			exit (1);
+		}
+		
+		// Do the generate
+		prvKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
+			&pubKey, PR_FALSE, PR_TRUE, 0);
+		
+		if (!prvKey) {
+			if (slot)
+				PK11_FreeSlot(slot);
+			cerr << "Error generating key within NSS\n";
+			exit (1);
+		}
+		
+		// Now use the key!
+		rsaKey = new NSSCryptoKeyRSA(pubKey, prvKey);
+
+	}
+#endif
+
+	cerr << "Unit testing RSA-SHA1 signature ... ";
+	unitTestRSASig(impl, (XSECCryptoKeyRSA *) rsaKey->clone(), DSIGConstants::s_unicodeStrURIRSA_SHA1);
+
+	if (XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoHash::HASH_SHA512)) {
+		cerr << "Unit testing RSA-SHA224 signature ... ";
+		unitTestRSASig(impl, (XSECCryptoKeyRSA *) rsaKey->clone(), DSIGConstants::s_unicodeStrURIRSA_SHA224);
+		cerr << "Unit testing RSA-SHA256 signature ... ";
+		unitTestRSASig(impl, (XSECCryptoKeyRSA *) rsaKey->clone(), DSIGConstants::s_unicodeStrURIRSA_SHA256);
+		cerr << "Unit testing RSA-SHA384 signature ... ";
+		unitTestRSASig(impl, (XSECCryptoKeyRSA *) rsaKey->clone(), DSIGConstants::s_unicodeStrURIRSA_SHA384);
+		cerr << "Unit testing RSA-SHA512 signature ... ";
+		unitTestRSASig(impl, (XSECCryptoKeyRSA *) rsaKey->clone(), DSIGConstants::s_unicodeStrURIRSA_SHA512);
+	}
+	else
+		cerr << "Skipping non SHA 224/256/384/512 RSA signatures" << endl;
+
+	cerr << "Unit testing RSA-MD5 signature ... ";
+	unitTestRSASig(impl, rsaKey, DSIGConstants::s_unicodeStrURIRSA_MD5);
 	
+		
+}
 void unitTestSignature(DOMImplementation * impl) {
 
 	// Test an enveloping signature
@@ -980,6 +1191,9 @@
 		unitTestLongSHA(impl);
 	else
 		cerr << "Skipping long SHA hash tests as SHA512 not supported by crypto provider" << endl;
+
+	// Test RSA Signatures
+	unitTestRSA(impl);
 }
 
 // --------------------------------------------------------------------------------