test/lib: Add OpenSSL verify and decrypt tests
[petitboot] / test / lib / test-security-openssl-verify.c
1 #include <stdlib.h>
2 #include <string.h>
3 #include <assert.h>
4 #include <fcntl.h>
5 #include <sys/stat.h>
6
7 #include <log/log.h>
8 #include <security/security.h>
9
10 #define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
11 #define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
12
13 int main(void)
14 {
15         FILE *keyfile;
16
17         pb_log_init(stdout);
18
19         /* start with basic pubkey extraction */
20         keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
21         if (!keyfile)
22                 return EXIT_FAILURE;
23
24         /* first basic verify case */
25         /* assuming the default sha256 mode */
26
27         if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
28                                   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
29                                   keyfile,
30                                   NULL))
31         {
32                 fclose(keyfile);
33                 return EXIT_FAILURE;
34         }
35
36         /* now check different file */
37
38         if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
39                                    SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
40                                    keyfile,
41                                    NULL))
42         {
43                 fclose(keyfile);
44                 return EXIT_FAILURE;
45         }
46
47         /* now check different signature */
48
49         if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
50                                    SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
51                                    keyfile,
52                                    NULL))
53         {
54                 fclose(keyfile);
55                 return EXIT_FAILURE;
56         }
57
58         /* check CMS verify */
59         if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
60                                   SECURITY_TEST_DATA_DIR "rootdata.cmsver",
61                                   keyfile,
62                                   NULL))
63         {
64                 fclose(keyfile);
65                 return EXIT_FAILURE;
66         }
67
68         fclose(keyfile);
69
70         /* now check basic pubkey fallback */
71         keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
72         if (!keyfile)
73                 return EXIT_FAILURE;
74
75         if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
76                                   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
77                                   keyfile,
78                                   NULL))
79         {
80                 fclose(keyfile);
81                 return EXIT_FAILURE;
82         }
83
84         fclose(keyfile);
85
86         /* finally check different key */
87         keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
88         if (!keyfile)
89                 return EXIT_FAILURE;
90
91         if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
92                                    SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
93                                    keyfile,
94                                    NULL))
95         {
96                 fclose(keyfile);
97                 return EXIT_FAILURE;
98         }
99
100
101         fclose(keyfile);
102         return EXIT_SUCCESS;
103 }