git.ozlabs.org Git - petitboot/blob - test/lib/test-security-openssl-verify.c

   1 #include <stdlib.h>
   2 #include <string.h>
   3 #include <assert.h>
   4 #include <fcntl.h>
   5 #include <sys/stat.h>
   6
   7 #include <log/log.h>
   8 #include <security/security.h>
   9
  10 #define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
  11 #define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
  12
  13 int main(void)
  14 {
  15         FILE *keyfile;
  16
  17         pb_log_init(stdout);
  18
  19         /* start with basic pubkey extraction */
  20         keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
  21         if (!keyfile)
  22                 return EXIT_FAILURE;
  23
  24         /* first basic verify case */
  25         /* assuming the default sha256 mode */
  26
  27         if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
  28                                   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
  29                                   keyfile,
  30                                   NULL))
  31         {
  32                 fclose(keyfile);
  33                 return EXIT_FAILURE;
  34         }
  35
  36         /* now check different file */
  37
  38         if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
  39                                    SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
  40                                    keyfile,
  41                                    NULL))
  42         {
  43                 fclose(keyfile);
  44                 return EXIT_FAILURE;
  45         }
  46
  47         /* now check different signature */
  48
  49         if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
  50                                    SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
  51                                    keyfile,
  52                                    NULL))
  53         {
  54                 fclose(keyfile);
  55                 return EXIT_FAILURE;
  56         }
  57
  58         /* check CMS verify */
  59         if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
  60                                   SECURITY_TEST_DATA_DIR "rootdata.cmsver",
  61                                   keyfile,
  62                                   NULL))
  63         {
  64                 fclose(keyfile);
  65                 return EXIT_FAILURE;
  66         }
  67
  68         fclose(keyfile);
  69
  70         /* now check basic pubkey fallback */
  71         keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
  72         if (!keyfile)
  73                 return EXIT_FAILURE;
  74
  75         if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
  76                                   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
  77                                   keyfile,
  78                                   NULL))
  79         {
  80                 fclose(keyfile);
  81                 return EXIT_FAILURE;
  82         }
  83
  84         fclose(keyfile);
  85
  86         /* finally check different key */
  87         keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
  88         if (!keyfile)
  89                 return EXIT_FAILURE;
  90
  91         if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
  92                                    SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
  93                                    keyfile,
  94                                    NULL))
  95         {
  96                 fclose(keyfile);
  97                 return EXIT_FAILURE;
  98         }
  99
 100
 101         fclose(keyfile);
 102         return EXIT_SUCCESS;
 103 }