1 /* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */ 2 /* 3 * Regress test for sshbuf.h buffer API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/stat.h> 12 #include <fcntl.h> 13 #include <stdio.h> 14 #ifdef HAVE_STDINT_H 15 #include <stdint.h> 16 #endif 17 #include <stdlib.h> 18 #include <string.h> 19 #include <unistd.h> 20 21 #ifdef WITH_OPENSSL 22 #include <openssl/evp.h> 23 #include <openssl/crypto.h> 24 #endif 25 26 #include "ssherr.h" 27 #include "authfile.h" 28 #include "sshkey.h" 29 #include "sshbuf.h" 30 #include "sshsig.h" 31 #include "log.h" 32 33 #include "../test_helper/test_helper.h" 34 35 static struct sshbuf * 36 load_file(const char *name) 37 { 38 struct sshbuf *ret = NULL; 39 40 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0); 41 ASSERT_PTR_NE(ret, NULL); 42 return ret; 43 } 44 45 static struct sshkey * 46 load_key(const char *name) 47 { 48 struct sshkey *ret = NULL; 49 ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0); 50 ASSERT_PTR_NE(ret, NULL); 51 return ret; 52 } 53 54 static void 55 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg, 56 const char *namespace) 57 { 58 struct sshkey *k, *sign_key; 59 struct sshbuf *sig, *rawsig; 60 struct sshkey_sig_details *sig_details; 61 62 k = load_key(keyname); 63 sig = load_file(signame); 64 sign_key = NULL; 65 sig_details = NULL; 66 rawsig = NULL; 67 ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0); 68 ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace, 69 &sign_key, &sig_details), 0); 70 ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1); 71 sshkey_free(k); 72 sshkey_free(sign_key); 73 sshkey_sig_details_free(sig_details); 74 sshbuf_free(sig); 75 sshbuf_free(rawsig); 76 } 77 78 void 79 tests(void) 80 { 81 struct sshbuf *msg; 82 char *namespace; 83 84 #if 0 85 log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1); 86 #endif 87 88 #ifdef WITH_OPENSSL 89 OpenSSL_add_all_algorithms(); 90 ERR_load_CRYPTO_strings(); 91 #endif 92 93 TEST_START("load data"); 94 msg = load_file("namespace"); 95 namespace = sshbuf_dup_string(msg); 96 ASSERT_PTR_NE(namespace, NULL); 97 sshbuf_free(msg); 98 msg = load_file("signed-data"); 99 TEST_DONE(); 100 101 #ifdef WITH_OPENSSL 102 TEST_START("check RSA signature"); 103 check_sig("rsa.pub", "rsa.sig", msg, namespace); 104 TEST_DONE(); 105 106 TEST_START("check DSA signature"); 107 check_sig("dsa.pub", "dsa.sig", msg, namespace); 108 TEST_DONE(); 109 110 #ifdef OPENSSL_HAS_ECC 111 TEST_START("check ECDSA signature"); 112 check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace); 113 TEST_DONE(); 114 #endif 115 #endif 116 117 TEST_START("check ED25519 signature"); 118 check_sig("ed25519.pub", "ed25519.sig", msg, namespace); 119 TEST_DONE(); 120 121 #ifdef ENABLE_SK 122 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 123 TEST_START("check ECDSA-SK signature"); 124 check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace); 125 TEST_DONE(); 126 #endif 127 128 TEST_START("check ED25519-SK signature"); 129 check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace); 130 TEST_DONE(); 131 132 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 133 TEST_START("check ECDSA-SK webauthn signature"); 134 check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig", 135 msg, namespace); 136 TEST_DONE(); 137 #endif 138 #endif /* ENABLE_SK */ 139 140 sshbuf_free(msg); 141 free(namespace); 142 } 143