1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <log/log.h>
#include <security/security.h>
#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/"
#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
int main(void)
{
FILE *keyfile;
pb_log_init(stdout);
/* start with basic pubkey extraction */
keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
if (!keyfile)
return EXIT_FAILURE;
/* first basic verify case */
/* assuming the default sha256 mode */
if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
keyfile,
NULL))
{
fclose(keyfile);
return EXIT_FAILURE;
}
/* now check different file */
if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
keyfile,
NULL))
{
fclose(keyfile);
return EXIT_FAILURE;
}
/* now check different signature */
if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
keyfile,
NULL))
{
fclose(keyfile);
return EXIT_FAILURE;
}
/* check CMS verify */
if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
SECURITY_TEST_DATA_DIR "rootdata.cmsver",
keyfile,
NULL))
{
fclose(keyfile);
return EXIT_FAILURE;
}
fclose(keyfile);
/* now check basic pubkey fallback */
keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
if (!keyfile)
return EXIT_FAILURE;
if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
keyfile,
NULL))
{
fclose(keyfile);
return EXIT_FAILURE;
}
fclose(keyfile);
/* finally check different key */
keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
if (!keyfile)
return EXIT_FAILURE;
if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
keyfile,
NULL))
{
fclose(keyfile);
return EXIT_FAILURE;
}
fclose(keyfile);
return EXIT_SUCCESS;
}
|