1/* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */ 2/* 3 * Regress test for sshbuf.h buffer API 4 * 5 * Placed in the public domain 6 */ 7 8#include <sys/types.h> 9#include <sys/stat.h> 10#include <fcntl.h> 11#include <stdio.h> 12#include <stdint.h> 13#include <stdlib.h> 14#include <string.h> 15#include <unistd.h> 16 17#include <openssl/evp.h> 18#include <openssl/crypto.h> 19 20#include "ssherr.h" 21#include "authfile.h" 22#include "sshkey.h" 23#include "sshbuf.h" 24#include "sshsig.h" 25#include "log.h" 26 27#include "test_helper.h" 28 29static struct sshbuf * 30load_file(const char *name) 31{ 32 struct sshbuf *ret = NULL; 33 34 ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0); 35 ASSERT_PTR_NE(ret, NULL); 36 return ret; 37} 38 39static struct sshkey * 40load_key(const char *name) 41{ 42 struct sshkey *ret = NULL; 43 ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0); 44 ASSERT_PTR_NE(ret, NULL); 45 return ret; 46} 47 48static void 49check_sig(const char *keyname, const char *signame, const struct sshbuf *msg, 50 const char *namespace) 51{ 52 struct sshkey *k, *sign_key; 53 struct sshbuf *sig, *rawsig; 54 struct sshkey_sig_details *sig_details; 55 56 k = load_key(keyname); 57 sig = load_file(signame); 58 sign_key = NULL; 59 sig_details = NULL; 60 rawsig = NULL; 61 ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0); 62 ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace, 63 &sign_key, &sig_details), 0); 64 ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1); 65 sshkey_free(k); 66 sshkey_free(sign_key); 67 sshkey_sig_details_free(sig_details); 68 sshbuf_free(sig); 69 sshbuf_free(rawsig); 70} 71 72void 73tests(void) 74{ 75 struct sshbuf *msg; 76 char *namespace; 77 78#if 0 79 log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1); 80#endif 81 82 OpenSSL_add_all_algorithms(); 83 ERR_load_CRYPTO_strings(); 84 85 TEST_START("load data"); 86 msg = load_file("namespace"); 87 namespace = sshbuf_dup_string(msg); 88 ASSERT_PTR_NE(namespace, NULL); 89 sshbuf_free(msg); 90 msg = load_file("signed-data"); 91 TEST_DONE(); 92 93 TEST_START("check RSA signature"); 94 check_sig("rsa.pub", "rsa.sig", msg, namespace); 95 TEST_DONE(); 96 97#ifdef WITH_DSA 98 TEST_START("check DSA signature"); 99 check_sig("dsa.pub", "dsa.sig", msg, namespace); 100 TEST_DONE(); 101#endif 102 103 TEST_START("check ECDSA signature"); 104 check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace); 105 TEST_DONE(); 106 107 TEST_START("check ED25519 signature"); 108 check_sig("ed25519.pub", "ed25519.sig", msg, namespace); 109 TEST_DONE(); 110 111 TEST_START("check ECDSA-SK signature"); 112 check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace); 113 TEST_DONE(); 114 115 TEST_START("check ED25519-SK signature"); 116 check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace); 117 TEST_DONE(); 118 119 TEST_START("check ECDSA-SK webauthn signature"); 120 check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig", 121 msg, namespace); 122 TEST_DONE(); 123 124 sshbuf_free(msg); 125 free(namespace); 126} 127