summaryrefslogtreecommitdiffstats
path: root/test/lib/test-security-openssl-verify.c
blob: 4cbf160b41f26528713ad490cd565ff3b6b48563 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <fcntl.h>
#include <sys/stat.h>

#include <log/log.h>
#include <security/security.h>

#define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"

int main(void)
{
	FILE *keyfile;

	pb_log_init(stdout);

	/* start with basic pubkey extraction */
	keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
	if (!keyfile)
		return EXIT_FAILURE;

	/* first basic verify case */
	/* assuming the default sha256 mode */

	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
				  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
				  keyfile,
				  NULL))
	{
		fclose(keyfile);
		return EXIT_FAILURE;
	}

	/* now check different file */

	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
				   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
				   keyfile,
				   NULL))
	{
		fclose(keyfile);
		return EXIT_FAILURE;
	}

	/* now check different signature */

	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
				   SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
				   keyfile,
				   NULL))
	{
		fclose(keyfile);
		return EXIT_FAILURE;
	}

	/* check CMS verify */
	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
				  SECURITY_TEST_DATA_DIR "rootdata.cmsver",
				  keyfile,
				  NULL))
	{
		fclose(keyfile);
		return EXIT_FAILURE;
	}

	fclose(keyfile);

	/* now check basic pubkey fallback */
	keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
	if (!keyfile)
		return EXIT_FAILURE;

	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
				  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
				  keyfile,
				  NULL))
	{
		fclose(keyfile);
		return EXIT_FAILURE;
	}

	fclose(keyfile);

	/* finally check different key */
	keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
	if (!keyfile)
		return EXIT_FAILURE;

	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
				   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
				   keyfile,
				   NULL))
	{
		fclose(keyfile);
		return EXIT_FAILURE;
	}


	fclose(keyfile);
	return EXIT_SUCCESS;
}
OpenPOWER on IntegriCloud