| 1 | ;;; GNU Guix --- Functional package management for GNU |
| 2 | ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> |
| 3 | ;;; |
| 4 | ;;; This file is part of GNU Guix. |
| 5 | ;;; |
| 6 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
| 7 | ;;; under the terms of the GNU General Public License as published by |
| 8 | ;;; the Free Software Foundation; either version 3 of the License, or (at |
| 9 | ;;; your option) any later version. |
| 10 | ;;; |
| 11 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
| 12 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | ;;; GNU General Public License for more details. |
| 15 | ;;; |
| 16 | ;;; You should have received a copy of the GNU General Public License |
| 17 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
| 18 | |
| 19 | (define-module (test-pki) |
| 20 | #:use-module (guix pki) |
| 21 | #:use-module (gcrypt pk-crypto) |
| 22 | #:use-module (gcrypt hash) |
| 23 | #:use-module (rnrs io ports) |
| 24 | #:use-module (srfi srfi-64)) |
| 25 | |
| 26 | ;; Test the (guix pki) module. |
| 27 | |
| 28 | (define %public-key |
| 29 | (call-with-input-file %public-key-file |
| 30 | (compose string->canonical-sexp get-string-all))) |
| 31 | |
| 32 | (define %secret-key |
| 33 | (call-with-input-file %private-key-file |
| 34 | (compose string->canonical-sexp get-string-all))) |
| 35 | |
| 36 | (define %alternate-secret-key |
| 37 | (string->canonical-sexp |
| 38 | " |
| 39 | (key-data |
| 40 | (public-key |
| 41 | (rsa |
| 42 | (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#) |
| 43 | (e #010001#))) |
| 44 | (private-key |
| 45 | (rsa |
| 46 | (n #00FDBF170366AC43B7D95CF9085565C566FB1F21B17C0A36E68F35ABB500E7851E00B40D7B04C8CD25903371F38E4C298FACEFFC4C97E913B536A0672BAF99D04515AE98A1A56627CD7EB02502FCFBEEA21AF13CC1A853192AD6409B9EFBD9F549BDE32BD890AE01F9A221E81FEE1C407090550647790E0D60775B855E181C2FB5#) |
| 47 | (e #010001#) |
| 48 | (d #2790250C2E74C2FD361A99288BBA19B878048F5A0F333F829CC71B3DD64582DB9DF3F4DB1EB0994DD7493225EDA4A1E1492F44D903617FA5643E47BFC7BA157EF48B492AB51229916B02DDBDA0E7DBC7B35A6B8332AB463DC61951CA694551A9760F5A836A375D39E3EA8F2C502A3B5D89CB8777A809B75D603BE7511CEB74E9#) |
| 49 | (p #00FE15B1751E1C31125B724FF37462F9476239A2AFF4192FAB1550F76928C8D02407F4F5EFC83F7A0AF51BD93399DDC06A4B54DFA60A7079F160A9F618C0148AD9#) |
| 50 | (q #00FFA8BE7005AAB7401B0926CD9D6AC30BC9BE7D12C8737C9438498A999F56BE9F5EA98B4D7F5364BEB6D550A5AEDDE34C1EC152C9DAF61A97FDE71740C73BAA3D#) |
| 51 | (u #00FD4050EF4F31B41EC81C28E18D205DFFB3C188F15D8BBA300E30AD8B5C4D3E392EFE10269FC115A538B19F4025973AB09B6650A7FF97DA833FB726F3D8819319#))))")) |
| 52 | |
| 53 | (test-begin "pki") |
| 54 | |
| 55 | (test-assert "current-acl" |
| 56 | (not (not (member (canonical-sexp->sexp %public-key) |
| 57 | (map canonical-sexp->sexp |
| 58 | (acl->public-keys (current-acl))))))) |
| 59 | |
| 60 | (test-assert "authorized-key? public-key current-acl" |
| 61 | (authorized-key? %public-key)) |
| 62 | |
| 63 | (test-assert "authorized-key? public-key empty-acl" |
| 64 | (not (authorized-key? %public-key (public-keys->acl '())))) |
| 65 | |
| 66 | (test-assert "authorized-key? public-key singleton" |
| 67 | (authorized-key? %public-key (public-keys->acl (list %public-key)))) |
| 68 | |
| 69 | (test-assert "signature-case valid-signature" |
| 70 | (let* ((hash (sha256 #vu8(1 2 3))) |
| 71 | (data (bytevector->hash-data hash #:key-type (key-type %public-key))) |
| 72 | (sig (signature-sexp data %secret-key %public-key))) |
| 73 | (signature-case (sig hash (public-keys->acl (list %public-key))) |
| 74 | (valid-signature #t) |
| 75 | (else #f)))) |
| 76 | |
| 77 | (test-eq "signature-case invalid-signature" 'i |
| 78 | (let* ((hash (sha256 #vu8(1 2 3))) |
| 79 | (data (bytevector->hash-data hash #:key-type (key-type %public-key))) |
| 80 | (sig (signature-sexp data %alternate-secret-key %public-key))) |
| 81 | (signature-case (sig hash (public-keys->acl (list %public-key))) |
| 82 | (valid-signature 'v) |
| 83 | (invalid-signature 'i) |
| 84 | (hash-mismatch 'm) |
| 85 | (unauthorized-key 'u) |
| 86 | (corrupt-signature 'c)))) |
| 87 | |
| 88 | (test-eq "signature-case hash-mismatch" 'm |
| 89 | (let* ((hash (sha256 #vu8(1 2 3))) |
| 90 | (data (bytevector->hash-data hash #:key-type (key-type %public-key))) |
| 91 | (sig (signature-sexp data %secret-key %public-key))) |
| 92 | (signature-case (sig (sha256 #vu8()) |
| 93 | (public-keys->acl (list %public-key))) |
| 94 | (valid-signature 'v) |
| 95 | (invalid-signature 'i) |
| 96 | (hash-mismatch 'm) |
| 97 | (unauthorized-key 'u) |
| 98 | (corrupt-signature 'c)))) |
| 99 | |
| 100 | (test-eq "signature-case unauthorized-key" 'u |
| 101 | (let* ((hash (sha256 #vu8(1 2 3))) |
| 102 | (data (bytevector->hash-data hash #:key-type (key-type %public-key))) |
| 103 | (sig (signature-sexp data %secret-key %public-key))) |
| 104 | (signature-case (sig hash (public-keys->acl '())) |
| 105 | (valid-signature 'v) |
| 106 | (invalid-signature 'i) |
| 107 | (hash-mismatch 'm) |
| 108 | (unauthorized-key 'u) |
| 109 | (corrupt-signature 'c)))) |
| 110 | |
| 111 | (test-eq "signature-case corrupt-signature" 'c |
| 112 | (let* ((hash (sha256 #vu8(1 2 3))) |
| 113 | (sig (string->canonical-sexp "(w tf)"))) |
| 114 | (signature-case (sig hash (public-keys->acl (list %public-key))) |
| 115 | (valid-signature 'v) |
| 116 | (invalid-signature 'i) |
| 117 | (hash-mismatch 'm) |
| 118 | (unauthorized-key 'u) |
| 119 | (corrupt-signature 'c)))) |
| 120 | |
| 121 | (test-end) |