1 /* $OpenBSD: tests.c,v 1.2 2020/06/22 06:00:06 djm Exp $ */ 2 /* 3 * Regress test for sshbuf.h buffer API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #ifdef HAVE_STDINT_H 16 #include <stdint.h> 17 #endif 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 22 #include <openssl/evp.h> 23 #include <openssl/crypto.h> 24 25 #include "ssherr.h" 26 #include "authfile.h" 27 #include "sshkey.h" 28 #include "sshbuf.h" 29 #include "sshsig.h" 30 #include "log.h" 31 32 #include "../test_helper/test_helper.h" 33 34 static struct sshbuf * 35 load_file(const char *name) 36 { 37 struct sshbuf *ret = NULL; 38 39 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0); 40 ASSERT_PTR_NE(ret, NULL); 41 return ret; 42 } 43 44 static struct sshkey * 45 load_key(const char *name) 46 { 47 struct sshkey *ret = NULL; 48 ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0); 49 ASSERT_PTR_NE(ret, NULL); 50 return ret; 51 } 52 53 static void 54 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg, 55 const char *namespace) 56 { 57 struct sshkey *k, *sign_key; 58 struct sshbuf *sig, *rawsig; 59 struct sshkey_sig_details *sig_details; 60 61 k = load_key(keyname); 62 sig = load_file(signame); 63 sign_key = NULL; 64 sig_details = NULL; 65 rawsig = NULL; 66 ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0); 67 ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace, 68 &sign_key, &sig_details), 0); 69 ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1); 70 sshkey_free(k); 71 sshkey_free(sign_key); 72 sshkey_sig_details_free(sig_details); 73 sshbuf_free(sig); 74 sshbuf_free(rawsig); 75 } 76 77 void 78 tests(void) 79 { 80 struct sshbuf *msg; 81 char *namespace; 82 83 #if 0 84 log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1); 85 #endif 86 87 #ifdef WITH_OPENSSL 88 OpenSSL_add_all_algorithms(); 89 ERR_load_CRYPTO_strings(); 90 #endif 91 92 TEST_START("load data"); 93 msg = load_file("namespace"); 94 namespace = sshbuf_dup_string(msg); 95 ASSERT_PTR_NE(namespace, NULL); 96 sshbuf_free(msg); 97 msg = load_file("signed-data"); 98 TEST_DONE(); 99 100 #ifdef WITH_OPENSSL 101 TEST_START("check RSA signature"); 102 check_sig("rsa.pub", "rsa.sig", msg, namespace); 103 TEST_DONE(); 104 105 TEST_START("check DSA signature"); 106 check_sig("dsa.pub", "dsa.sig", msg, namespace); 107 TEST_DONE(); 108 109 #ifdef OPENSSL_HAS_ECC 110 TEST_START("check ECDSA signature"); 111 check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace); 112 TEST_DONE(); 113 #endif 114 #endif 115 116 TEST_START("check ED25519 signature"); 117 check_sig("ed25519.pub", "ed25519.sig", msg, namespace); 118 TEST_DONE(); 119 120 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 121 TEST_START("check ECDSA-SK signature"); 122 check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace); 123 TEST_DONE(); 124 #endif 125 126 TEST_START("check ED25519-SK signature"); 127 check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace); 128 TEST_DONE(); 129 130 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 131 TEST_START("check ECDSA-SK webauthn signature"); 132 check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig", 133 msg, namespace); 134 TEST_DONE(); 135 #endif 136 137 sshbuf_free(msg); 138 free(namespace); 139 } 140