1 /* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */
2 /*
3 * Regress test for sshbuf.h buffer API
4 *
5 * Placed in the public domain
6 */
7
8 #include <sys/types.h>
9 #include <sys/stat.h>
10 #include <fcntl.h>
11 #include <stdio.h>
12 #include <stdint.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <unistd.h>
16
17 #include <openssl/evp.h>
18 #include <openssl/crypto.h>
19
20 #include "ssherr.h"
21 #include "authfile.h"
22 #include "sshkey.h"
23 #include "sshbuf.h"
24 #include "sshsig.h"
25 #include "log.h"
26
27 #include "test_helper.h"
28
29 static struct sshbuf *
load_file(const char * name)30 load_file(const char *name)
31 {
32 struct sshbuf *ret = NULL;
33
34 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
35 ASSERT_PTR_NE(ret, NULL);
36 return ret;
37 }
38
39 static struct sshkey *
load_key(const char * name)40 load_key(const char *name)
41 {
42 struct sshkey *ret = NULL;
43 ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0);
44 ASSERT_PTR_NE(ret, NULL);
45 return ret;
46 }
47
48 static void
check_sig(const char * keyname,const char * signame,const struct sshbuf * msg,const char * namespace)49 check_sig(const char *keyname, const char *signame, const struct sshbuf *msg,
50 const char *namespace)
51 {
52 struct sshkey *k, *sign_key;
53 struct sshbuf *sig, *rawsig;
54 struct sshkey_sig_details *sig_details;
55
56 k = load_key(keyname);
57 sig = load_file(signame);
58 sign_key = NULL;
59 sig_details = NULL;
60 rawsig = NULL;
61 ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0);
62 ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace,
63 &sign_key, &sig_details), 0);
64 ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1);
65 sshkey_free(k);
66 sshkey_free(sign_key);
67 sshkey_sig_details_free(sig_details);
68 sshbuf_free(sig);
69 sshbuf_free(rawsig);
70 }
71
72 void
tests(void)73 tests(void)
74 {
75 struct sshbuf *msg;
76 char *namespace;
77
78 #if 0
79 log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
80 #endif
81
82 OpenSSL_add_all_algorithms();
83 ERR_load_CRYPTO_strings();
84
85 TEST_START("load data");
86 msg = load_file("namespace");
87 namespace = sshbuf_dup_string(msg);
88 ASSERT_PTR_NE(namespace, NULL);
89 sshbuf_free(msg);
90 msg = load_file("signed-data");
91 TEST_DONE();
92
93 TEST_START("check RSA signature");
94 check_sig("rsa.pub", "rsa.sig", msg, namespace);
95 TEST_DONE();
96
97 #ifdef WITH_DSA
98 TEST_START("check DSA signature");
99 check_sig("dsa.pub", "dsa.sig", msg, namespace);
100 TEST_DONE();
101 #endif
102
103 TEST_START("check ECDSA signature");
104 check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
105 TEST_DONE();
106
107 TEST_START("check ED25519 signature");
108 check_sig("ed25519.pub", "ed25519.sig", msg, namespace);
109 TEST_DONE();
110
111 TEST_START("check ECDSA-SK signature");
112 check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace);
113 TEST_DONE();
114
115 TEST_START("check ED25519-SK signature");
116 check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace);
117 TEST_DONE();
118
119 TEST_START("check ECDSA-SK webauthn signature");
120 check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig",
121 msg, namespace);
122 TEST_DONE();
123
124 sshbuf_free(msg);
125 free(namespace);
126 }
127