1/* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */ 2/* 3 * Regress test for sshbuf.h buffer API 4 * 5 * Placed in the public domain 6 */ 7 8#include "includes.h" 9 10#include <sys/types.h> 11#include <sys/stat.h> 12#include <fcntl.h> 13#include <stdio.h> 14#ifdef HAVE_STDINT_H 15#include <stdint.h> 16#endif 17#include <stdlib.h> 18#include <string.h> 19#include <unistd.h> 20 21#ifdef WITH_OPENSSL 22#include <openssl/evp.h> 23#include <openssl/crypto.h> 24#endif 25 26#include "ssherr.h" 27#include "authfile.h" 28#include "sshkey.h" 29#include "sshbuf.h" 30#include "sshsig.h" 31#include "log.h" 32 33#include "../test_helper/test_helper.h" 34 35static struct sshbuf * 36load_file(const char *name) 37{ 38 struct sshbuf *ret = NULL; 39 40 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0); 41 ASSERT_PTR_NE(ret, NULL); 42 return ret; 43} 44 45static struct sshkey * 46load_key(const char *name) 47{ 48 struct sshkey *ret = NULL; 49 ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0); 50 ASSERT_PTR_NE(ret, NULL); 51 return ret; 52} 53 54static void 55check_sig(const char *keyname, const char *signame, const struct sshbuf *msg, 56 const char *namespace) 57{ 58 struct sshkey *k, *sign_key; 59 struct sshbuf *sig, *rawsig; 60 struct sshkey_sig_details *sig_details; 61 62 k = load_key(keyname); 63 sig = load_file(signame); 64 sign_key = NULL; 65 sig_details = NULL; 66 rawsig = NULL; 67 ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0); 68 ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace, 69 &sign_key, &sig_details), 0); 70 ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1); 71 sshkey_free(k); 72 sshkey_free(sign_key); 73 sshkey_sig_details_free(sig_details); 74 sshbuf_free(sig); 75 sshbuf_free(rawsig); 76} 77 78void 79tests(void) 80{ 81 struct sshbuf *msg; 82 char *namespace; 83 84#if 0 85 log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1); 86#endif 87 88#ifdef WITH_OPENSSL 89 OpenSSL_add_all_algorithms(); 90 ERR_load_crypto_strings(); 91#endif 92 93 TEST_START("load data"); 94 msg = load_file("namespace"); 95 namespace = sshbuf_dup_string(msg); 96 ASSERT_PTR_NE(namespace, NULL); 97 sshbuf_free(msg); 98 msg = load_file("signed-data"); 99 TEST_DONE(); 100 101#ifdef WITH_OPENSSL 102 TEST_START("check RSA signature"); 103 check_sig("rsa.pub", "rsa.sig", msg, namespace); 104 TEST_DONE(); 105 106#ifdef WITH_DSA 107 TEST_START("check DSA signature"); 108 check_sig("dsa.pub", "dsa.sig", msg, namespace); 109 TEST_DONE(); 110#endif 111 112#ifdef OPENSSL_HAS_ECC 113 TEST_START("check ECDSA signature"); 114 check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace); 115 TEST_DONE(); 116#endif 117#endif 118 119 TEST_START("check ED25519 signature"); 120 check_sig("ed25519.pub", "ed25519.sig", msg, namespace); 121 TEST_DONE(); 122 123#ifdef ENABLE_SK 124#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 125 TEST_START("check ECDSA-SK signature"); 126 check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace); 127 TEST_DONE(); 128#endif 129 130 TEST_START("check ED25519-SK signature"); 131 check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace); 132 TEST_DONE(); 133 134#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 135 TEST_START("check ECDSA-SK webauthn signature"); 136 check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig", 137 msg, namespace); 138 TEST_DONE(); 139#endif 140#endif /* ENABLE_SK */ 141 142 sshbuf_free(msg); 143 free(namespace); 144} 145