From d47114df83e88f1b5ae65747001fc13d5dae525b Mon Sep 17 00:00:00 2001
From: Brett Grandbois <brett.grandbois@opengear.com>
Date: Tue, 15 May 2018 10:55:52 +1000
Subject: test/lib: Add OpenSSL verify and decrypt tests

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 test/lib/test-security-openssl-verify.c | 103 ++++++++++++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 test/lib/test-security-openssl-verify.c

(limited to 'test/lib/test-security-openssl-verify.c')

diff --git a/test/lib/test-security-openssl-verify.c b/test/lib/test-security-openssl-verify.c
new file mode 100644
index 0000000..4cbf160
--- /dev/null
+++ b/test/lib/test-security-openssl-verify.c
@@ -0,0 +1,103 @@
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
+#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
+
+int main(void)
+{
+	FILE *keyfile;
+
+	pb_log_init(stdout);
+
+	/* start with basic pubkey extraction */
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	/* first basic verify case */
+	/* assuming the default sha256 mode */
+
+	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				  keyfile,
+				  NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	/* now check different file */
+
+	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
+				   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				   keyfile,
+				   NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	/* now check different signature */
+
+	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				   SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
+				   keyfile,
+				   NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	/* check CMS verify */
+	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				  SECURITY_TEST_DATA_DIR "rootdata.cmsver",
+				  keyfile,
+				  NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	fclose(keyfile);
+
+	/* now check basic pubkey fallback */
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				  keyfile,
+				  NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	fclose(keyfile);
+
+	/* finally check different key */
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				   keyfile,
+				   NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+
+	fclose(keyfile);
+	return EXIT_SUCCESS;
+}
-- 
cgit v1.2.1