diff options
author | Brett Grandbois <brett.grandbois@opengear.com> | 2018-05-15 10:55:52 +1000 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-05-30 14:23:47 +1000 |
commit | d47114df83e88f1b5ae65747001fc13d5dae525b (patch) | |
tree | 7456849415ba5ea3631c90f781ca77c1765a65ba /test/lib/test-security-openssl-verify.c | |
parent | e370583366d72e55551f20e3f9b0457e787309bf (diff) | |
download | talos-petitboot-d47114df83e88f1b5ae65747001fc13d5dae525b.tar.gz talos-petitboot-d47114df83e88f1b5ae65747001fc13d5dae525b.zip |
test/lib: Add OpenSSL verify and decrypt tests
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'test/lib/test-security-openssl-verify.c')
-rw-r--r-- | test/lib/test-security-openssl-verify.c | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/test/lib/test-security-openssl-verify.c b/test/lib/test-security-openssl-verify.c new file mode 100644 index 0000000..4cbf160 --- /dev/null +++ b/test/lib/test-security-openssl-verify.c @@ -0,0 +1,103 @@ +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <fcntl.h> +#include <sys/stat.h> + +#include <log/log.h> +#include <security/security.h> + +#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/" +#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem" + +int main(void) +{ + FILE *keyfile; + + pb_log_init(stdout); + + /* start with basic pubkey extraction */ + keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r"); + if (!keyfile) + return EXIT_FAILURE; + + /* first basic verify case */ + /* assuming the default sha256 mode */ + + if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + /* now check different file */ + + if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + /* now check different signature */ + + if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha512.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + /* check CMS verify */ + if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdata.cmsver", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + fclose(keyfile); + + /* now check basic pubkey fallback */ + keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r"); + if (!keyfile) + return EXIT_FAILURE; + + if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + fclose(keyfile); + + /* finally check different key */ + keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r"); + if (!keyfile) + return EXIT_FAILURE; + + if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + + fclose(keyfile); + return EXIT_SUCCESS; +} |