xref: /freebsd/crypto/openssh/regress/unittests/sshsig/tests.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c) 
1 /* 	$OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */
2 /*
3  * Regress test for sshbuf.h buffer API
4  *
5  * Placed in the public domain
6  */
7 
8 #include "includes.h"
9 
10 #include <sys/types.h>
11 #include <sys/stat.h>
12 #include <fcntl.h>
13 #include <stdio.h>
14 #ifdef HAVE_STDINT_H
15 #include <stdint.h>
16 #endif
17 #include <stdlib.h>
18 #include <string.h>
19 #include <unistd.h>
20 
21 #ifdef WITH_OPENSSL
22 #include <openssl/evp.h>
23 #include <openssl/crypto.h>
24 #endif
25 
26 #include "ssherr.h"
27 #include "authfile.h"
28 #include "sshkey.h"
29 #include "sshbuf.h"
30 #include "sshsig.h"
31 #include "log.h"
32 
33 #include "../test_helper/test_helper.h"
34 
35 static struct sshbuf *
36 load_file(const char *name)
37 {
38 	struct sshbuf *ret = NULL;
39 
40 	ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
41 	ASSERT_PTR_NE(ret, NULL);
42 	return ret;
43 }
44 
45 static struct sshkey *
46 load_key(const char *name)
47 {
48 	struct sshkey *ret = NULL;
49 	ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0);
50 	ASSERT_PTR_NE(ret, NULL);
51 	return ret;
52 }
53 
54 static void
55 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg,
56     const char *namespace)
57 {
58 	struct sshkey *k, *sign_key;
59 	struct sshbuf *sig, *rawsig;
60 	struct sshkey_sig_details *sig_details;
61 
62 	k = load_key(keyname);
63 	sig = load_file(signame);
64 	sign_key = NULL;
65 	sig_details = NULL;
66 	rawsig = NULL;
67 	ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0);
68 	ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace,
69 	    &sign_key, &sig_details), 0);
70 	ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1);
71 	sshkey_free(k);
72 	sshkey_free(sign_key);
73 	sshkey_sig_details_free(sig_details);
74 	sshbuf_free(sig);
75 	sshbuf_free(rawsig);
76 }
77 
78 void
79 tests(void)
80 {
81 	struct sshbuf *msg;
82 	char *namespace;
83 
84 #if 0
85         log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
86 #endif
87 
88 #ifdef WITH_OPENSSL
89 	OpenSSL_add_all_algorithms();
90 	ERR_load_crypto_strings();
91 #endif
92 
93 	TEST_START("load data");
94 	msg = load_file("namespace");
95 	namespace = sshbuf_dup_string(msg);
96 	ASSERT_PTR_NE(namespace, NULL);
97 	sshbuf_free(msg);
98 	msg = load_file("signed-data");
99 	TEST_DONE();
100 
101 #ifdef WITH_OPENSSL
102 	TEST_START("check RSA signature");
103 	check_sig("rsa.pub", "rsa.sig", msg, namespace);
104 	TEST_DONE();
105 
106 #ifdef WITH_DSA
107 	TEST_START("check DSA signature");
108 	check_sig("dsa.pub", "dsa.sig", msg, namespace);
109 	TEST_DONE();
110 #endif
111 
112 #ifdef OPENSSL_HAS_ECC
113 	TEST_START("check ECDSA signature");
114 	check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
115 	TEST_DONE();
116 #endif
117 #endif
118 
119 	TEST_START("check ED25519 signature");
120 	check_sig("ed25519.pub", "ed25519.sig", msg, namespace);
121 	TEST_DONE();
122 
123 #ifdef ENABLE_SK
124 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
125 	TEST_START("check ECDSA-SK signature");
126 	check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace);
127 	TEST_DONE();
128 #endif
129 
130 	TEST_START("check ED25519-SK signature");
131 	check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace);
132 	TEST_DONE();
133 
134 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
135 	TEST_START("check ECDSA-SK webauthn signature");
136 	check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig",
137 	    msg, namespace);
138  	TEST_DONE();
139 #endif
140 #endif /* ENABLE_SK */
141 
142 	sshbuf_free(msg);
143 	free(namespace);
144 }
145