xref: /freebsd/crypto/openssh/regress/unittests/sshsig/tests.c (revision 6ba2210ee039f2f12878c217bcf058e9c8b26b29)
1 /* 	$OpenBSD: tests.c,v 1.2 2020/06/22 06:00:06 djm Exp $ */
2 /*
3  * Regress test for sshbuf.h buffer API
4  *
5  * Placed in the public domain
6  */
7 
8 #include "includes.h"
9 
10 #include <sys/types.h>
11 #include <sys/param.h>
12 #include <sys/stat.h>
13 #include <fcntl.h>
14 #include <stdio.h>
15 #ifdef HAVE_STDINT_H
16 #include <stdint.h>
17 #endif
18 #include <stdlib.h>
19 #include <string.h>
20 #include <unistd.h>
21 
22 #include <openssl/evp.h>
23 #include <openssl/crypto.h>
24 
25 #include "ssherr.h"
26 #include "authfile.h"
27 #include "sshkey.h"
28 #include "sshbuf.h"
29 #include "sshsig.h"
30 #include "log.h"
31 
32 #include "../test_helper/test_helper.h"
33 
34 static struct sshbuf *
35 load_file(const char *name)
36 {
37 	struct sshbuf *ret = NULL;
38 
39 	ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
40 	ASSERT_PTR_NE(ret, NULL);
41 	return ret;
42 }
43 
44 static struct sshkey *
45 load_key(const char *name)
46 {
47 	struct sshkey *ret = NULL;
48 	ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0);
49 	ASSERT_PTR_NE(ret, NULL);
50 	return ret;
51 }
52 
53 static void
54 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg,
55     const char *namespace)
56 {
57 	struct sshkey *k, *sign_key;
58 	struct sshbuf *sig, *rawsig;
59 	struct sshkey_sig_details *sig_details;
60 
61 	k = load_key(keyname);
62 	sig = load_file(signame);
63 	sign_key = NULL;
64 	sig_details = NULL;
65 	rawsig = NULL;
66 	ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0);
67 	ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace,
68 	    &sign_key, &sig_details), 0);
69 	ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1);
70 	sshkey_free(k);
71 	sshkey_free(sign_key);
72 	sshkey_sig_details_free(sig_details);
73 	sshbuf_free(sig);
74 	sshbuf_free(rawsig);
75 }
76 
77 void
78 tests(void)
79 {
80 	struct sshbuf *msg;
81 	char *namespace;
82 
83 #if 0
84         log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
85 #endif
86 
87 #ifdef WITH_OPENSSL
88 	OpenSSL_add_all_algorithms();
89 	ERR_load_CRYPTO_strings();
90 #endif
91 
92 	TEST_START("load data");
93 	msg = load_file("namespace");
94 	namespace = sshbuf_dup_string(msg);
95 	ASSERT_PTR_NE(namespace, NULL);
96 	sshbuf_free(msg);
97 	msg = load_file("signed-data");
98 	TEST_DONE();
99 
100 #ifdef WITH_OPENSSL
101 	TEST_START("check RSA signature");
102 	check_sig("rsa.pub", "rsa.sig", msg, namespace);
103 	TEST_DONE();
104 
105 	TEST_START("check DSA signature");
106 	check_sig("dsa.pub", "dsa.sig", msg, namespace);
107 	TEST_DONE();
108 
109 #ifdef OPENSSL_HAS_ECC
110 	TEST_START("check ECDSA signature");
111 	check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
112 	TEST_DONE();
113 #endif
114 #endif
115 
116 	TEST_START("check ED25519 signature");
117 	check_sig("ed25519.pub", "ed25519.sig", msg, namespace);
118 	TEST_DONE();
119 
120 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
121 	TEST_START("check ECDSA-SK signature");
122 	check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace);
123 	TEST_DONE();
124 #endif
125 
126 	TEST_START("check ED25519-SK signature");
127 	check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace);
128 	TEST_DONE();
129 
130 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
131 	TEST_START("check ECDSA-SK webauthn signature");
132 	check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig",
133 	    msg, namespace);
134  	TEST_DONE();
135 #endif
136 
137 	sshbuf_free(msg);
138 	free(namespace);
139 }
140