void unitTestEncrypt()

in xsec/tools/xtest/xtest.cpp [2040:2288]

• 174 lines of code
• 18 McCabe index (conditional complexity)

void unitTestEncrypt(DOMImplementation *impl) {

	try {
		// Key wraps
		cerr << "RSA key wrap... ";

#if defined (XSEC_HAVE_OPENSSL)
		if (!g_useWinCAPI && !g_useNSS) {
			// Load the key
			BIO * bioMem = BIO_new(BIO_s_mem());
			BIO_puts(bioMem, s_tstRSAPrivateKey);
			EVP_PKEY * pk = PEM_read_bio_PrivateKey(bioMem, NULL, NULL, NULL);

			OpenSSLCryptoKeyRSA * k = new OpenSSLCryptoKeyRSA(pk);

			unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_1_5);

			cerr << "RSA OAEP key wrap... ";
			k = new OpenSSLCryptoKeyRSA(pk);
			unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, DSIGConstants::s_unicodeStrURIMGF1_SHA1);

			cerr << "RSA OAEP key wrap + params... ";
			k = new OpenSSLCryptoKeyRSA(pk);
			unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, DSIGConstants::s_unicodeStrURIMGF1_SHA1,
			        s_tstOAEPparams, (unsigned int) strlen((char *) s_tstOAEPparams));

            cerr << "RSA OAEP 1.1 key wrap... ";
            k = new OpenSSLCryptoKeyRSA(pk);
            unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP, DSIGConstants::s_unicodeStrURIMGF1_SHA1);

            if (XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoHash::HASH_SHA224)) {
                cerr << "RSA OAEP 1.1 key wrap with MGF1+SHA224... ";
                k = new OpenSSLCryptoKeyRSA(pk);
                unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP, DSIGConstants::s_unicodeStrURIMGF1_SHA224);
            }

            if (XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoHash::HASH_SHA256)) {
                cerr << "RSA OAEP 1.1 key wrap with MGF1+SHA256... ";
                k = new OpenSSLCryptoKeyRSA(pk);
                unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP, DSIGConstants::s_unicodeStrURIMGF1_SHA256);
            }

            if (XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoHash::HASH_SHA384)) {
                cerr << "RSA OAEP 1.1 key wrap with MGF1+SHA384... ";
                k = new OpenSSLCryptoKeyRSA(pk);
                unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP, DSIGConstants::s_unicodeStrURIMGF1_SHA384);
            }

            if (XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoHash::HASH_SHA512)) {
                cerr << "RSA OAEP 1.1 key wrap with MGF1+SHA512... ";
                k = new OpenSSLCryptoKeyRSA(pk);
                unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP, DSIGConstants::s_unicodeStrURIMGF1_SHA512);
            }

            BIO_free(bioMem);
			EVP_PKEY_free(pk);
		}
#endif

#if defined (XSEC_HAVE_WINCAPI)
		if (g_useWinCAPI) {

			// Use the internal key
			WinCAPICryptoProvider *cp = (WinCAPICryptoProvider *) (XSECPlatformUtils::g_cryptoProvider);
			HCRYPTPROV p = cp->getApacheKeyStore();
			
			WinCAPICryptoKeyRSA * rsaKey = new WinCAPICryptoKeyRSA(p, AT_KEYEXCHANGE, true);
			unitTestKeyEncrypt(impl, rsaKey, DSIGConstants::s_unicodeStrURIRSA_1_5);

			cerr << "RSA OAEP key wrap... ";
			rsaKey = new WinCAPICryptoKeyRSA(p, AT_KEYEXCHANGE, true);
			unitTestKeyEncrypt(impl, rsaKey, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1);

            cerr << "RSA OAEP 1.1 key wrap... ";
            rsaKey = new WinCAPICryptoKeyRSA(p, AT_KEYEXCHANGE, true);
            unitTestKeyEncrypt(impl, rsaKey, DSIGConstants::s_unicodeStrURIRSA_OAEP);
        }

#endif

#if defined (XSEC_HAVE_NSS)
		if (g_useNSS) {
			// Heavily based on Mozilla example code
			SECKEYPrivateKey *prvKey = 0;
			SECKEYPublicKey *pubKey = 0;
			PK11SlotInfo *slot = 0;
			PK11RSAGenParams rsaParams;

			// Use a bog standard key size
			rsaParams.keySizeInBits = 1024;
			rsaParams.pe = 65537;
  
			// We need somewhere to temporarily store a generated key
		    slot = PK11_GetInternalKeySlot();
			if (!slot) { 
				cerr << "Error generating key - can't get NSS slot\n";
				exit (1);
			}

			// Do the generate
			prvKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
               &pubKey, PR_FALSE, PR_TRUE, 0);

			if (!prvKey) {
				if (slot)
					PK11_FreeSlot(slot);
				cerr << "Error generating key within NSS\n";
				exit (1);
			}

			// Now use the key!
			NSSCryptoKeyRSA * rsaKey = new NSSCryptoKeyRSA(pubKey, prvKey);
			unitTestKeyEncrypt(impl, rsaKey, DSIGConstants::s_unicodeStrURIRSA_1_5);

			if (slot) 
				// Actual keys will be deleted by the provider
				PK11_FreeSlot(slot);
			
			cerr << "RSA OAEP key wrap skipped - not yet supported in NSS crypto provider\n";
			
		}
#endif

		XSECCryptoSymmetricKey * ks;

		if (g_haveAES) {
			cerr << "AES 128 key wrap... ";

			ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
			ks->setKey((unsigned char *) s_keyStr, 16);
		
			unitTestKeyEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIKW_AES128);

			cerr << "AES 192 key wrap... ";

			ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
			ks->setKey((unsigned char *) s_keyStr, 24);
		
			unitTestKeyEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIKW_AES192);

			cerr << "AES 256 key wrap... ";

			ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
			ks->setKey((unsigned char *) s_keyStr, 32);
		
			unitTestKeyEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIKW_AES256);
		}

		else 
			cerr << "Skipped AES key wrap tests" << endl;

		cerr << "Triple DES key wrap... ";

		ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
		ks->setKey((unsigned char *) s_keyStr, 24);
		
		unitTestKeyEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIKW_3DES);

		// Now do Element encrypts

		if (g_haveAES) {
			// 128 AES
			ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
			ks->setKey((unsigned char *) s_keyStr, 16);

			cerr << "Unit testing AES 128 bit CBC encryption" << endl;
			unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURIAES128_CBC, false);
			unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIAES128_CBC, true);

			//192 AES
			ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
			ks->setKey((unsigned char *) s_keyStr, 24);

			cerr << "Unit testing AES 192 bit CBC encryption" << endl;
			unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURIAES192_CBC, false);
			unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIAES192_CBC, true);

		    // 256 AES
			ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
			ks->setKey((unsigned char *) s_keyStr, 32);

			cerr << "Unit testing AES 256 bit CBC encryption" << endl;
			unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURIAES256_CBC, false);
			unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIAES256_CBC, true);

            if (g_testGCM) {
                // 128 AES-GCM
                ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
                ks->setKey((unsigned char *)s_keyStr, 16);

                cerr << "Unit testing AES 128 bit GCM encryption" << endl;
                unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURIAES128_GCM, false);
                unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIAES128_GCM, true);

                //192 AES-GCM
                ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
                ks->setKey((unsigned char *)s_keyStr, 24);

                cerr << "Unit testing AES 192 bit GCM encryption" << endl;
                unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURIAES192_GCM, false);
                unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIAES192_GCM, true);

                // 256 AES-GCM
                ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
                ks->setKey((unsigned char *)s_keyStr, 32);

                cerr << "Unit testing AES 256 bit GCM encryption" << endl;
                unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURIAES256_GCM, false);
                unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURIAES256_GCM, true);
            }
            else {
                cerr << "Skipped AES-GCM Element tests" << endl;
            }
		}

        else {
            cerr << "Skipped AES Element tests" << endl;
        }

		// 192 3DES
		ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
		ks->setKey((unsigned char *) s_keyStr, 24);

		cerr << "Unit testing 3DES CBC encryption" << endl;
		unitTestElementContentEncrypt(impl, ks->clone(), DSIGConstants::s_unicodeStrURI3DES_CBC, false);
		unitTestElementContentEncrypt(impl, ks, DSIGConstants::s_unicodeStrURI3DES_CBC, true);
#ifdef XSEC_HAVE_XALAN
		if (g_haveAES) {
			cerr << "Unit testing CipherReference creation and decryption" << endl;
			unitTestCipherReference(impl);
		}
		else {
			cerr << "Skipped Cipher Reference Test (uses AES)" << endl;
		}
#else
		cerr << "Skipped Cipher Reference Test (requires XPath)" << endl;
#endif
		cerr << "Misc. encryption tests" << endl;
		unitTestSmallElement(impl);
	}
	catch (const XSECCryptoException &e)
	{
		cerr << "failed\n";
		cerr << "A cryptographic error occurred during encryption unit tests\n   Message: "
		<< e.getMsg() << endl;
		exit(1);
	}

}