1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */
/*
* Regress test for sshbuf.h buffer API
*
* Placed in the public domain
*/
#include "includes.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef WITH_OPENSSL
#include <openssl/evp.h>
#include <openssl/crypto.h>
#endif
#include "ssherr.h"
#include "authfile.h"
#include "sshkey.h"
#include "sshbuf.h"
#include "sshsig.h"
#include "log.h"
#include "../test_helper/test_helper.h"
static struct sshbuf *
load_file(const char *name)
{
struct sshbuf *ret = NULL;
ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
ASSERT_PTR_NE(ret, NULL);
return ret;
}
static struct sshkey *
load_key(const char *name)
{
struct sshkey *ret = NULL;
ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0);
ASSERT_PTR_NE(ret, NULL);
return ret;
}
static void
check_sig(const char *keyname, const char *signame, const struct sshbuf *msg,
const char *namespace)
{
struct sshkey *k, *sign_key;
struct sshbuf *sig, *rawsig;
struct sshkey_sig_details *sig_details;
k = load_key(keyname);
sig = load_file(signame);
sign_key = NULL;
sig_details = NULL;
rawsig = NULL;
ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0);
ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace,
&sign_key, &sig_details), 0);
ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1);
sshkey_free(k);
sshkey_free(sign_key);
sshkey_sig_details_free(sig_details);
sshbuf_free(sig);
sshbuf_free(rawsig);
}
void
tests(void)
{
struct sshbuf *msg;
char *namespace;
#if 0
log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
#endif
#ifdef WITH_OPENSSL
OpenSSL_add_all_algorithms();
ERR_load_CRYPTO_strings();
#endif
TEST_START("load data");
msg = load_file("namespace");
namespace = sshbuf_dup_string(msg);
ASSERT_PTR_NE(namespace, NULL);
sshbuf_free(msg);
msg = load_file("signed-data");
TEST_DONE();
#ifdef WITH_OPENSSL
TEST_START("check RSA signature");
check_sig("rsa.pub", "rsa.sig", msg, namespace);
TEST_DONE();
TEST_START("check DSA signature");
check_sig("dsa.pub", "dsa.sig", msg, namespace);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("check ECDSA signature");
check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
TEST_DONE();
#endif
#endif
TEST_START("check ED25519 signature");
check_sig("ed25519.pub", "ed25519.sig", msg, namespace);
TEST_DONE();
#ifdef ENABLE_SK
#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
TEST_START("check ECDSA-SK signature");
check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace);
TEST_DONE();
#endif
TEST_START("check ED25519-SK signature");
check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace);
TEST_DONE();
#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
TEST_START("check ECDSA-SK webauthn signature");
check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig",
msg, namespace);
TEST_DONE();
#endif
#endif /* ENABLE_SK */
sshbuf_free(msg);
free(namespace);
}
|