summaryrefslogtreecommitdiffstats
path: root/test/lib/test-security-openssl-verify.c
diff options
context:
space:
mode:
authorBrett Grandbois <brett.grandbois@opengear.com>2018-05-15 10:55:52 +1000
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-05-30 14:23:47 +1000
commitd47114df83e88f1b5ae65747001fc13d5dae525b (patch)
tree7456849415ba5ea3631c90f781ca77c1765a65ba /test/lib/test-security-openssl-verify.c
parente370583366d72e55551f20e3f9b0457e787309bf (diff)
downloadtalos-petitboot-d47114df83e88f1b5ae65747001fc13d5dae525b.zip
talos-petitboot-d47114df83e88f1b5ae65747001fc13d5dae525b.tar.gz
test/lib: Add OpenSSL verify and decrypt tests
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'test/lib/test-security-openssl-verify.c')
-rw-r--r--test/lib/test-security-openssl-verify.c103
1 files changed, 103 insertions, 0 deletions
diff --git a/test/lib/test-security-openssl-verify.c b/test/lib/test-security-openssl-verify.c
new file mode 100644
index 0000000..4cbf160
--- /dev/null
+++ b/test/lib/test-security-openssl-verify.c
@@ -0,0 +1,103 @@
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/"
+#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
+
+int main(void)
+{
+ FILE *keyfile;
+
+ pb_log_init(stdout);
+
+ /* start with basic pubkey extraction */
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ /* first basic verify case */
+ /* assuming the default sha256 mode */
+
+ if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ /* now check different file */
+
+ if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ /* now check different signature */
+
+ if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ /* check CMS verify */
+ if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdata.cmsver",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ fclose(keyfile);
+
+ /* now check basic pubkey fallback */
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ fclose(keyfile);
+
+ /* finally check different key */
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+
+ fclose(keyfile);
+ return EXIT_SUCCESS;
+}
OpenPOWER on IntegriCloud