1 /* $OpenBSD: tests.c,v 1.2 2020/06/22 06:00:06 djm Exp $ */ 2 /* 3 * Regress test for sshbuf.h buffer API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #include <stdint.h> 16 #include <stdlib.h> 17 #include <string.h> 18 #include <unistd.h> 19 20 #include <openssl/evp.h> 21 #include <openssl/crypto.h> 22 23 #include "ssherr.h" 24 #include "authfile.h" 25 #include "sshkey.h" 26 #include "sshbuf.h" 27 #include "sshsig.h" 28 #include "log.h" 29 30 #include "../test_helper/test_helper.h" 31 32 static struct sshbuf * 33 load_file(const char *name) 34 { 35 struct sshbuf *ret = NULL; 36 37 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0); 38 ASSERT_PTR_NE(ret, NULL); 39 return ret; 40 } 41 42 static struct sshkey * 43 load_key(const char *name) 44 { 45 struct sshkey *ret = NULL; 46 ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0); 47 ASSERT_PTR_NE(ret, NULL); 48 return ret; 49 } 50 51 static void 52 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg, 53 const char *namespace) 54 { 55 struct sshkey *k, *sign_key; 56 struct sshbuf *sig, *rawsig; 57 struct sshkey_sig_details *sig_details; 58 59 k = load_key(keyname); 60 sig = load_file(signame); 61 sign_key = NULL; 62 sig_details = NULL; 63 rawsig = NULL; 64 ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0); 65 ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace, 66 &sign_key, &sig_details), 0); 67 ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1); 68 sshkey_free(k); 69 sshkey_free(sign_key); 70 sshkey_sig_details_free(sig_details); 71 sshbuf_free(sig); 72 sshbuf_free(rawsig); 73 } 74 75 void 76 tests(void) 77 { 78 struct sshbuf *msg; 79 char *namespace; 80 81 #if 0 82 log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1); 83 #endif 84 85 #ifdef WITH_OPENSSL 86 OpenSSL_add_all_algorithms(); 87 ERR_load_CRYPTO_strings(); 88 #endif 89 90 TEST_START("load data"); 91 msg = load_file("namespace"); 92 namespace = sshbuf_dup_string(msg); 93 ASSERT_PTR_NE(namespace, NULL); 94 sshbuf_free(msg); 95 msg = load_file("signed-data"); 96 TEST_DONE(); 97 98 #ifdef WITH_OPENSSL 99 TEST_START("check RSA signature"); 100 check_sig("rsa.pub", "rsa.sig", msg, namespace); 101 TEST_DONE(); 102 103 TEST_START("check DSA signature"); 104 check_sig("dsa.pub", "dsa.sig", msg, namespace); 105 TEST_DONE(); 106 107 #ifdef OPENSSL_HAS_ECC 108 TEST_START("check ECDSA signature"); 109 check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace); 110 TEST_DONE(); 111 #endif 112 #endif 113 114 TEST_START("check ED25519 signature"); 115 check_sig("ed25519.pub", "ed25519.sig", msg, namespace); 116 TEST_DONE(); 117 118 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 119 TEST_START("check ECDSA-SK signature"); 120 check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace); 121 TEST_DONE(); 122 #endif 123 124 TEST_START("check ED25519-SK signature"); 125 check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace); 126 TEST_DONE(); 127 128 TEST_START("check ECDSA-SK webauthn signature"); 129 check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig", 130 msg, namespace); 131 TEST_DONE(); 132 133 sshbuf_free(msg); 134 free(namespace); 135 } 136