sdcp-v2: Move SDCP support from using NSS to OpenSSL 3.0 and implement for egismoc

2025-11-15 07:38:12 +00:00 · 2025-08-28 21:01:54 +02:00
parent c74a0d4592
commit 7460e0dec4
31 changed files with 3593 additions and 2353 deletions
--- a/tests/test-fpi-sdcp.c
+++ b/tests/test-fpi-sdcp.c
@@ -0,0 +1,162 @@
+/*
+ * Secure Device Connection Protocol (SDCP) support unit tests
+ * Copyright (C) 2025 Joshua Grisham <josh@joshuagrisham.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#define FP_COMPONENT "test_fpi_sdcp"
+#include "fpi-log.h"
+
+#include "test-sdcp-utils.h"
+
+static void
+test_generate_enrollment_id (void)
+{
+  g_autoptr(GBytes) id = NULL;
+  g_autoptr(GError) error = NULL;
+  g_autoptr(GBytes) application_secret = g_bytes_from_hex (application_secret_hex);
+  g_autoptr(GBytes) nonce = g_bytes_from_hex (enrollment_nonce_hex);
+  g_autoptr(GBytes) expected_id = g_bytes_from_hex (enrollment_enrollment_id_hex);
+
+  id = fpi_sdcp_generate_enrollment_id (application_secret, nonce, &error);
+
+  fp_dbg ("id:");
+  fp_dbg_hex_dump_gbytes (id);
+
+  fp_dbg ("expected:");
+  fp_dbg_hex_dump_gbytes (expected_id);
+
+  g_assert (g_bytes_equal (expected_id, id));
+  g_assert_null (error);
+}
+
+static void
+test_verify_identify (void)
+{
+  g_autoptr(GError) error = NULL;
+  g_autoptr(GBytes) application_secret = g_bytes_from_hex (application_secret_hex);
+  g_autoptr(GBytes) nonce = g_bytes_from_hex (identify_nonce_hex);
+  g_autoptr(GBytes) id = g_bytes_from_hex (identify_enrollment_id_hex);
+  g_autoptr(GBytes) mac = g_bytes_from_hex (identify_mac_hex);
+
+  g_assert_true (fpi_sdcp_verify_identify (application_secret, nonce, id, mac, &error));
+  g_assert_null (error);
+}
+
+static void
+test_verify_reconnect (void)
+{
+  g_autoptr(GError) error = NULL;
+  g_autoptr(GBytes) application_secret = g_bytes_from_hex (application_secret_hex);
+  g_autoptr(GBytes) random = g_bytes_from_hex (reconnect_random_hex);
+  g_autoptr(GBytes) mac = g_bytes_from_hex (reconnect_mac_hex);
+
+  g_assert_true (fpi_sdcp_verify_reconnect (application_secret, random, mac, &error));
+  g_assert_null (error);
+}
+
+static void
+test_verify_connect (void)
+{
+  g_autoptr(GBytes) application_secret = NULL;
+  g_autoptr(GError) error = NULL;
+
+  g_autoptr(GBytes) host_private_key = g_bytes_from_hex (host_private_key_hex);
+  g_autoptr(GBytes) host_random = g_bytes_from_hex (host_random_hex);
+  g_autoptr(GBytes) device_random = g_bytes_from_hex (device_random_hex);
+  g_autoptr(GBytes) connect_mac = g_bytes_from_hex (connect_mac_hex);
+  FpiSdcpClaim *claim = sdcp_test_claim ();
+
+  g_autoptr(GBytes) expected_application_secret = g_bytes_from_hex (application_secret_hex);
+
+  g_assert_true (fpi_sdcp_verify_connect (host_private_key,
+                                          host_random,
+                                          device_random,
+                                          claim,
+                                          connect_mac,
+                                          TRUE,
+                                          TRUE,
+                                          &application_secret,
+                                          &error));
+
+  g_assert_null (error);
+  g_assert (g_bytes_get_size (application_secret) == SDCP_APPLICATION_SECRET_SIZE);
+
+  fp_dbg ("application_secret:");
+  fp_dbg_hex_dump_gbytes (application_secret);
+
+  fp_dbg ("expected:");
+  fp_dbg_hex_dump_gbytes (expected_application_secret);
+
+  g_assert_true (g_bytes_equal (expected_application_secret, application_secret));
+
+  fpi_sdcp_claim_free (claim);
+}
+
+static void
+test_generate_random (void)
+{
+  g_autoptr(GBytes) random = NULL;
+  g_autoptr(GError) error = NULL;
+
+  random = fpi_sdcp_generate_random (&error);
+
+  g_assert_null (error);
+  g_assert (g_bytes_get_size (random) == SDCP_RANDOM_SIZE);
+
+  fp_dbg ("random:");
+  fp_dbg_hex_dump_gbytes (random);
+}
+
+static void
+test_generate_host_key (void)
+{
+  g_autoptr(GBytes) private_key = NULL;
+  g_autoptr(GBytes) public_key = NULL;
+  g_autoptr(GError) error = NULL;
+  gsize len = 0;
+
+  fpi_sdcp_generate_host_key (&private_key, &public_key, &error);
+
+  g_assert_null (error);
+
+  g_bytes_get_data (private_key, &len);
+  g_assert (len == 32);
+
+  fp_dbg ("private_key:");
+  fp_dbg_hex_dump_gbytes (private_key);
+
+  g_bytes_get_data (public_key, &len);
+  g_assert (len == SDCP_PUBLIC_KEY_SIZE);
+
+  fp_dbg ("public_key:");
+  fp_dbg_hex_dump_gbytes (public_key);
+}
+
+int
+main (int argc, char *argv[])
+{
+  g_test_init (&argc, &argv, NULL);
+
+  g_test_add_func ("/sdcp/generate_host_key", test_generate_host_key);
+  g_test_add_func ("/sdcp/generate_random", test_generate_random);
+  g_test_add_func ("/sdcp/verify_connect", test_verify_connect);
+  g_test_add_func ("/sdcp/verify_reconnect", test_verify_reconnect);
+  g_test_add_func ("/sdcp/verify_identify", test_verify_identify);
+  g_test_add_func ("/sdcp/generate_enrollment_id", test_generate_enrollment_id);
+
+  return g_test_run ();
+}