1 /* 	$OpenBSD: tests.c,v 1.2 2020/06/22 06:00:06 djm Exp $ */
2 /*
3  * Regress test for sshbuf.h buffer API
4  *
5  * Placed in the public domain
6  */
7 
8 #include "includes.h"
9 
10 #include <sys/types.h>
11 #include <sys/param.h>
12 #include <sys/stat.h>
13 #include <fcntl.h>
14 #include <stdio.h>
15 #include <stdint.h>
16 #include <stdlib.h>
17 #include <string.h>
18 #include <unistd.h>
19 
20 #include <openssl/evp.h>
21 #include <openssl/crypto.h>
22 
23 #include "ssherr.h"
24 #include "authfile.h"
25 #include "sshkey.h"
26 #include "sshbuf.h"
27 #include "sshsig.h"
28 #include "log.h"
29 
30 #include "../test_helper/test_helper.h"
31 
32 static struct sshbuf *
33 load_file(const char *name)
34 {
35 	struct sshbuf *ret = NULL;
36 
37 	ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
38 	ASSERT_PTR_NE(ret, NULL);
39 	return ret;
40 }
41 
42 static struct sshkey *
43 load_key(const char *name)
44 {
45 	struct sshkey *ret = NULL;
46 	ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0);
47 	ASSERT_PTR_NE(ret, NULL);
48 	return ret;
49 }
50 
51 static void
52 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg,
53     const char *namespace)
54 {
55 	struct sshkey *k, *sign_key;
56 	struct sshbuf *sig, *rawsig;
57 	struct sshkey_sig_details *sig_details;
58 
59 	k = load_key(keyname);
60 	sig = load_file(signame);
61 	sign_key = NULL;
62 	sig_details = NULL;
63 	rawsig = NULL;
64 	ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0);
65 	ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace,
66 	    &sign_key, &sig_details), 0);
67 	ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1);
68 	sshkey_free(k);
69 	sshkey_free(sign_key);
70 	sshkey_sig_details_free(sig_details);
71 	sshbuf_free(sig);
72 	sshbuf_free(rawsig);
73 }
74 
75 void
76 tests(void)
77 {
78 	struct sshbuf *msg;
79 	char *namespace;
80 
81 #if 0
82         log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
83 #endif
84 
85 #ifdef WITH_OPENSSL
86 	OpenSSL_add_all_algorithms();
87 	ERR_load_CRYPTO_strings();
88 #endif
89 
90 	TEST_START("load data");
91 	msg = load_file("namespace");
92 	namespace = sshbuf_dup_string(msg);
93 	ASSERT_PTR_NE(namespace, NULL);
94 	sshbuf_free(msg);
95 	msg = load_file("signed-data");
96 	TEST_DONE();
97 
98 #ifdef WITH_OPENSSL
99 	TEST_START("check RSA signature");
100 	check_sig("rsa.pub", "rsa.sig", msg, namespace);
101 	TEST_DONE();
102 
103 	TEST_START("check DSA signature");
104 	check_sig("dsa.pub", "dsa.sig", msg, namespace);
105 	TEST_DONE();
106 
107 #ifdef OPENSSL_HAS_ECC
108 	TEST_START("check ECDSA signature");
109 	check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
110 	TEST_DONE();
111 #endif
112 #endif
113 
114 	TEST_START("check ED25519 signature");
115 	check_sig("ed25519.pub", "ed25519.sig", msg, namespace);
116 	TEST_DONE();
117 
118 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
119 	TEST_START("check ECDSA-SK signature");
120 	check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace);
121 	TEST_DONE();
122 #endif
123 
124 	TEST_START("check ED25519-SK signature");
125 	check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace);
126 	TEST_DONE();
127 
128 	TEST_START("check ECDSA-SK webauthn signature");
129 	check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig",
130 	    msg, namespace);
131  	TEST_DONE();
132 
133 	sshbuf_free(msg);
134 	free(namespace);
135 }
136