test/lib: Add OpenSSL verify and decrypt tests
authorBrett Grandbois <brett.grandbois@opengear.com>
Tue, 15 May 2018 00:55:52 +0000 (10:55 +1000)
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>
Wed, 30 May 2018 04:23:47 +0000 (14:23 +1000)
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
16 files changed:
test/lib/Makefile.am
test/lib/data/security/cert.p12 [new file with mode: 0644]
test/lib/data/security/cert.pem [new file with mode: 0644]
test/lib/data/security/key.pem [new file with mode: 0644]
test/lib/data/security/pubkey.pem [new file with mode: 0644]
test/lib/data/security/rootdata.cmsenc [new file with mode: 0644]
test/lib/data/security/rootdata.cmsencver [new file with mode: 0644]
test/lib/data/security/rootdata.cmsver [new file with mode: 0644]
test/lib/data/security/rootdata.txt [new file with mode: 0644]
test/lib/data/security/rootdata_different.txt [new file with mode: 0644]
test/lib/data/security/rootdatasha256.sig [new file with mode: 0644]
test/lib/data/security/rootdatasha512.sig [new file with mode: 0644]
test/lib/data/security/wrong_cert.pem [new file with mode: 0644]
test/lib/data/security/wrong_key.pem [new file with mode: 0644]
test/lib/test-security-openssl-decrypt.c [new file with mode: 0644]
test/lib/test-security-openssl-verify.c [new file with mode: 0644]

index 9636b08d6a6b83c359f1cc51608ffd3f56b1bdd8..047fcb237ea3becbdb1042f541d6f846a6b6d496 100644 (file)
@@ -25,7 +25,14 @@ lib_TESTS = \
        test/lib/test-process-stdout-eintr \
        test/lib/test-fold
 
+if WITH_OPENSSL
+lib_TESTS += \
+       test/lib/test-security-openssl-verify \
+       test/lib/test-security-openssl-decrypt
+endif
+
 $(lib_TESTS): LIBS += $(core_lib)
+$(lib_TESTS): AM_CPPFLAGS += -DTEST_LIB_DATA_BASE='"$(abs_top_srcdir)/test/lib/data"'
 
 check_PROGRAMS += $(lib_TESTS)
 TESTS += $(lib_TESTS)
diff --git a/test/lib/data/security/cert.p12 b/test/lib/data/security/cert.p12
new file mode 100644 (file)
index 0000000..f5ab073
Binary files /dev/null and b/test/lib/data/security/cert.p12 differ
diff --git a/test/lib/data/security/cert.pem b/test/lib/data/security/cert.pem
new file mode 100644 (file)
index 0000000..25ca0fa
--- /dev/null
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIJANnp/7YAvOPVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MDU0OTQ4WhgPMjExODA0MDIwNTQ5NDha
+MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCtMrdZYW7AU+padBPNapi8q8+mJ9K1dgV0C3Nt+nNfObKbCLqvLxoa
+qCSTRVpgPkHNV/KZdvQrm00ZVSH4yFYEqYxAU3c4n8yWahn9wx/AKhuMaA/S5o9p
+tYgR1C5b5Kn5fmBb4aFV+ZoTioz4xj5s6cEfQB+kTEh1W7BIkTK1oWHYm9SdEj0h
+MylE+Dhu9nYtv9gVTzosRB+VGcnTAed0ELK8GHqeKfIaJRbbCoWOIMClxnztrQTZ
+i6rQ25sLUB1qYbLtyKAlv5RZ28t+AAmR2NkIC+qi92Lx5AqOym/Yi9MjyUMp0OUn
+CDLkjXUxgw8oZWMmeCp8yJWm5GmPu49pAgMBAAGjUDBOMB0GA1UdDgQWBBSXTekb
+Cvoyepyd97LaZQaTzCb64jAfBgNVHSMEGDAWgBSXTekbCvoyepyd97LaZQaTzCb6
+4jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCE10SC/toyRtTyggR/
+UO/LoL8SDBJcOcquiq9FYc/rhPRy4lGRxnl7He4h0FhlJZ7Qf1coijgJBuzG7zpU
+9oFK7QcSGeoXlmFiE1W+bnvB6jksOeAeVPYNaSkHd1dz10M6RnZLyU2/1wEtcmf0
+osS2Jbm2uHOpTLe3e3ngMdV1QUvdrcDtS4sR2Xn0KU/tq0ANfnCzy2vdsxneYU8R
+f6f5TTLaIssC3b4em7o6YV5w7hF4hi9mRRleGkIEgEvoMv9k9OENmglunGQh+A65
+rirWyhqIBik7RYx8Ds05XllHg6gTNIbnB++DfpZWGShJRKWqEJU81lySn+Cjny2b
+CWXt
+-----END CERTIFICATE-----
diff --git a/test/lib/data/security/key.pem b/test/lib/data/security/key.pem
new file mode 100644 (file)
index 0000000..4c21ae0
--- /dev/null
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtMrdZYW7AU+pa
+dBPNapi8q8+mJ9K1dgV0C3Nt+nNfObKbCLqvLxoaqCSTRVpgPkHNV/KZdvQrm00Z
+VSH4yFYEqYxAU3c4n8yWahn9wx/AKhuMaA/S5o9ptYgR1C5b5Kn5fmBb4aFV+ZoT
+ioz4xj5s6cEfQB+kTEh1W7BIkTK1oWHYm9SdEj0hMylE+Dhu9nYtv9gVTzosRB+V
+GcnTAed0ELK8GHqeKfIaJRbbCoWOIMClxnztrQTZi6rQ25sLUB1qYbLtyKAlv5RZ
+28t+AAmR2NkIC+qi92Lx5AqOym/Yi9MjyUMp0OUnCDLkjXUxgw8oZWMmeCp8yJWm
+5GmPu49pAgMBAAECggEAW1VjWr8GqGWYMBsGVkzgPp5b4kMd2pNiTM+9D0IDlTPX
+++meiMNOAMCqiP8Jqbcq/B5k0IjqOhSrk7BROeBrfAns6/8X38RlHuzUx/0dwThz
+TpeRwKXU+um/16cMy2jKOcdrCQjzC2OU3Lkznfzs7oJWVSR7iyivDTRMwffPxfd1
+pbnlx6OfKpAniuI3QGNiAYzdSVN8Wmkma8FS5OcjsaKdyTOo7J2+VvXhQm72POmx
+ZhAJNph3obb6nhq00xjzrFrR+/tdreuyPlfoT6ceCVq4FdRImFHiNpIBDMPXoFVj
+1Bp2qb8IJ7p6IarnrKu3jMlsEYBhpkzXbw9KwCUwAQKBgQDmaiPBy7XLMWvesjOq
+9zx902r40vabtjFYvN5kPx201vILw+vpvEp0g7O2JWAnzSmLrVIstIO48+9gLhkD
+kR/ewV8UJLz9Z3swCehEzZcNvdpB0I4U28fq5/qEvcYjYRJES3O35PsKA29ho9xZ
+HeWYKwtf/nqfs95oN+ST8Rt3lQKBgQDAbh3qCTtyTj4mV+kKXe3dDptH3XsvMBtN
+zQiuTUxuKd98c8c3hG5XvtORmKB3B1286b9XSQfE1DLWVNqhF/P8uX7XB/+YAf2E
+POnCISAcp3w1rAWrQUzm6NB1eFQlzHmG89fVqtZvPLQQGJhjfLdFRHSdB+XvAILY
+ms0nhSTzhQKBgBWwXgdK/qTO1SGUUqrANRB/Cy265f3IS6LXvHNhQZGZPhV/bsCE
+udl34D3ADOoSNNvyB68vmsqZI6pBDJe6XG6icym5P5T23bCq7hMz6wkfGuFhGU67
+VXk2Nu2x02nXJFoLZCwmQL8zjZN6Ui6NUuRdAOgbUz2fN8tFn52Rb411AoGBAI65
+HbbX4h+FqNMHoPDvedzbWJCU1SjKpXWu/SFKc8XBiODlfnzO3Ih4ILN8YIfoDr5v
+IFu87uYt/Qa7KO0StwRbEJisdgZoc4ABLd+ucgLOtnGYhRvf8wnQ48w80yy12+0c
+LplrfGBExciqdVxUxBm8DEHr+b6qwmGlb0RAnIeBAoGBANOi/4XCX9n6qtjZnO6+
+hSzLbm4N6Qq70Xbs3iFbYgNHw3jHhXfzpSs6EA5ckEuC9d5GvAcSX/xh36z/EFOg
+yFDPWYPczM5C8b416yM6CMF+lj1vJe8hJowzJwqR/P2FxEko2iZ3f/7RufmWJc2K
+2OC5zuxDBAPWicetPA7Om8bU
+-----END PRIVATE KEY-----
diff --git a/test/lib/data/security/pubkey.pem b/test/lib/data/security/pubkey.pem
new file mode 100644 (file)
index 0000000..03ff139
--- /dev/null
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTK3WWFuwFPqWnQTzWqY
+vKvPpifStXYFdAtzbfpzXzmymwi6ry8aGqgkk0VaYD5BzVfymXb0K5tNGVUh+MhW
+BKmMQFN3OJ/MlmoZ/cMfwCobjGgP0uaPabWIEdQuW+Sp+X5gW+GhVfmaE4qM+MY+
+bOnBH0AfpExIdVuwSJEytaFh2JvUnRI9ITMpRPg4bvZ2Lb/YFU86LEQflRnJ0wHn
+dBCyvBh6ninyGiUW2wqFjiDApcZ87a0E2Yuq0NubC1AdamGy7cigJb+UWdvLfgAJ
+kdjZCAvqovdi8eQKjspv2IvTI8lDKdDlJwgy5I11MYMPKGVjJngqfMiVpuRpj7uP
+aQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/test/lib/data/security/rootdata.cmsenc b/test/lib/data/security/rootdata.cmsenc
new file mode 100644 (file)
index 0000000..ca51ec9
--- /dev/null
@@ -0,0 +1,17 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIICBgYJKoZIhvcNAQcDoIIB9zCCAfMCAQAxggFuMIIBagIBADBSMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQCCQDZ6f+2ALzj1TANBgkqhkiG9w0BAQEFAASCAQCsmb7E
+zY1oXEtPezxcDMseUpu/HfBn/pjiQ0NzKcdDww08OOxYUdv7qkPrihwJwfYXtD5L
+6Q8QZNeHOafV+roTn4fEiiY4939djBo0Ytu2qqsywpYjeKzKZU6ZX4JKQe6J4vm0
+626a5sV+ISVdsNC+r/qIAVVAr3XQw/kfJ1iJKP9HT5xPaUFKbr0RtQxRZbm7IQYd
+KFyVyUY8qVhRHJ5g7oEskW0/CP75dq44Fdh66Qu09Fh5DH2M6H9wUgu1yynBDMB4
+Jxtr50yvHKJqfPZY+Lg8+8kY8Hlcs9oRuHMZyMhlOTKXJzRv80UygL/P86cwB4AD
+w1660F7sRbHm18omMHwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEKknxeNUs+Lh
+lIK7i0HZdlWAUDI4hezsKhFBQzYPOEBaar99QQkbmdTlnliJ6gChqq8ycYPykLaI
+263KVM2nESkEnhpVHNQ+mfD4T1dm2I0N2r8N27GROtrz1k9GxQctaKRn
+
diff --git a/test/lib/data/security/rootdata.cmsencver b/test/lib/data/security/rootdata.cmsencver
new file mode 100644 (file)
index 0000000..89bf86b
--- /dev/null
@@ -0,0 +1,41 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIIGigYJKoZIhvcNAQcDoIIGezCCBncCAQAxggFuMIIBagIBADBSMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQCCQDZ6f+2ALzj1TANBgkqhkiG9w0BAQEFAASCAQA5XJvZ
+JlxDydkxLZdaXz75oYBacTiJclkyP+54wftAR5gGM7DmRhJ4eCs9lFUYLqc08GRD
+h1Apo3sGIdVnZO1oee+ToS3CO46WgXUUa6dbMdALKe1x3zYhm+Zm6h20uMQ+g/IM
+NecdJSakvigZVOH01IQ0NwOawp7wDPP609DBDsFECqWrHpwz2VmbX3nvIl56+dxk
+F01Iia/gXcWozjaBu9mMNxPlJqa/98e/Q40maBAqT/v2VPYD67U3WMlhhZXIeQX3
+Z6YsBHUHTWoUNATJ63UeIxXunOi89c80dIARLHlPZmvypbGS7Luer98CC3Dml41v
+I8+YEi/ssi8/DEzHMIIE/gYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQl1RNAsML
+fuffTDLYXaQ7I4CCBNCouv7aa724NOlKjGARkXNJoxUuHjmrrbTbnySjdQ00cUl4
+guuYQ6STtI/z3ZdyBAV+vqg61XxajTjkm1A3x28O6b7YUSzyCkaxXK2WYDMMQhKx
+owJ769WuYrtkL3XWpgkMjfxNx0NXff8UWZEaJ/WeqCXKDloFt60zGjPAAUQ3o/A6
+cCTk0hDftNTGv8QekG4ZK94ezGTaoZlVpLGXu12Clhv7prgHo5DZpb71kqYK3Jwy
+dEStlwX9kYUIsoGXrb1eSfomkVPeDtLoMpyX6Y7w+dmalO8nyuBsJHH4SqacMiRT
+KkcdPe1kkYP1a1YaB2eP37gefXGRRg21JGP9cGQY2jPwSQqL6sQX+pHfBPoBwLYO
+xMKVoS4DYseY07bdumTZ+Ytgvc2/M2SXs1HyVTDW8k1ggRN7Y6IuMQxwlRMTqvJP
+/Bi0fClsSsu3p0yvRLHGUm6I/Hy8gVb6SFAqTDXE1gGV1f5RDcWVG5xr3KdA2u5b
+E+gymQ72ySJKefyYWB6AHlzoBo3thzJwRWHnNpuyferoUGCDzBEQyEOgCLAaGNSD
+UyvH4ArdphNo5tWw6zzzONWpRMCme2LoWKwR7btvizwY57AV2YB6K9Qn5MK+LHyH
+zI2+2wqsvv7NfzsUHtqTv6W8ZsNApXgSHtZeqXY/dG/OU38ythP6AQ0fmxfiYKI5
+241Q/QmHvD2TDyxvSeObvFfgLy1e8svSS+QgJ7g9G0O7yWuOR4Q3SbRDmMFWTtXv
+RqN2oggLchVlIcstASQ02zO0zrg2xl9mx58pgO4KJ5oW4CTt3mz+cpG0VXXpHwUV
+a6nN/XFMKlvmFTt7bc/iRrObKqLoVczjSOi1EBqGjoxVxSuAw4SYVljatCoxXjvG
+j1mbJE9toShbuzsgzkHmtvL6WC0iQ/GNoZJZ5CKpvFnhdmik8Hm49tKqhhOo8wMp
+fKUcs/NK0MGp+hEjWh7gSw5fapaRelLsizoJMGtYNVrelRaumhQUURFJaCVl7jf7
+UmkWaYD5+UaoL+EfYFVWVWC6H9+WoZNh8KBb0CYzSCSwGGjFOpnAk3NTwIZ73tse
+WOTLt2ucK+1qbIO0804aBUeHLGPA81QCbNKeJHvC5SabCuefH8JEsYPCKIQsor96
+btrY4Rc0vIdZPF7EztbwIyxcFWuhLDY8NIJBSJjxT57cHvCpNJtrdWqrYbG1FBQe
+Id96MY/XkxOo/U6zt062kStTfY3CSZSQ/EiQO/UTJwiPG90+1HC1B3eWHBQgD/TZ
+WXRcUIlvj53i9la+ATGewPHboBph7b/b+IFVDmmt0nvbyOi2E+zA5DY89404cjgz
+AgPVxCu6gud2C6lITO10wNOourPhtMQYIeaGo/XG2MDPdJ3GCHaJBZ+zQmGxR7Pw
+V+bazK0Kzfz8chzy3htakfIpR/LQXdtasTppQqqB5fxKxGGg7xFgaBSibij1Jon5
+2lRe0stxbC9tGSnob5cN2VmSTRiV4b1O6rcVl8YHkKl3AxBs5mzhc7aWLnsm8AaE
+rtFwyBy5AB3E0ZDuQySi0XWFIvJUOHSch3+BE/GEpy2Bs2DT+VOfvxmByYOVqXMH
+aPoS4MQDNd5bUBjF7V6z069+Kdq4rZnuzHpFB2nSSJIT2QDzoco5bruVtkYang==
+
diff --git a/test/lib/data/security/rootdata.cmsver b/test/lib/data/security/rootdata.cmsver
new file mode 100644 (file)
index 0000000..9e8fb43
--- /dev/null
@@ -0,0 +1,31 @@
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----644E58CF5F5E956041CC782E38806ED7"
+
+This is an S/MIME signed message
+
+------644E58CF5F5E956041CC782E38806ED7
+This is a test of the petitboot security library.
+This is only a test.
+
+------644E58CF5F5E956041CC782E38806ED7
+Content-Type: application/pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIICmAYJKoZIhvcNAQcCoIICiTCCAoUCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYICYjCCAl4CAQEwUjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkAgkA2en/
+tgC849UwCwYJYIZIAWUDBAIBoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
+HAYJKoZIhvcNAQkFMQ8XDTE4MDUwMTAwMTIxN1owLwYJKoZIhvcNAQkEMSIEID1e
+6QppGew2gaXGDOi4ykJa8UgfzET7MnWEfWH1eOaeMHkGCSqGSIb3DQEJDzFsMGow
+CwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcN
+AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG
+SIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAC+M3owKczQIO9xkiZ73gnW+RJRD
+I0maX9FAWHaV8YydY6Ip/uShiz0y0mfNupCHuXENk+/wS2SNJArxOzKsLVhdkqNy
+jkuUqAm+84WJV/ouRce5zre3WEe4L609H1b2TeUAoY3lXNrxX9/nhzHqcB0aNjNm
+UtUxzFNj6ZkEhaOsCPJBOrotrSMHl15uMwJlstq8gyLDIzr+PRAMy8DVYBEAj50U
+yhxsilX1RfLvxrd3iQsDryK8PI6+9WhWv0o8IZdPgVczTIiu9tzv0kvqnodwYD2B
+HTn9WuhCCASqjrdv07vGcAJFjDAPjbdoDxwINTOLT1deI8OW4jCN2dOgsTI=
+
+------644E58CF5F5E956041CC782E38806ED7--
+
diff --git a/test/lib/data/security/rootdata.txt b/test/lib/data/security/rootdata.txt
new file mode 100644 (file)
index 0000000..39d05b6
--- /dev/null
@@ -0,0 +1,2 @@
+This is a test of the petitboot security library.
+This is only a test.
diff --git a/test/lib/data/security/rootdata_different.txt b/test/lib/data/security/rootdata_different.txt
new file mode 100644 (file)
index 0000000..0e3bee9
--- /dev/null
@@ -0,0 +1,2 @@
+This is a test of the petitboot security library.
+This is not only a test, it's an adventure.
diff --git a/test/lib/data/security/rootdatasha256.sig b/test/lib/data/security/rootdatasha256.sig
new file mode 100644 (file)
index 0000000..54a60a7
Binary files /dev/null and b/test/lib/data/security/rootdatasha256.sig differ
diff --git a/test/lib/data/security/rootdatasha512.sig b/test/lib/data/security/rootdatasha512.sig
new file mode 100644 (file)
index 0000000..0d1c6ad
Binary files /dev/null and b/test/lib/data/security/rootdatasha512.sig differ
diff --git a/test/lib/data/security/wrong_cert.pem b/test/lib/data/security/wrong_cert.pem
new file mode 100644 (file)
index 0000000..f33a586
--- /dev/null
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIJAODEiSno23BvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MjM0ODIwWhgPMjExODA0MDIyMzQ4MjBa
+MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDRZOnMMFLyDGePJlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGy
+WPmJcZEBDv022qnluk3ciskyzgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+
+RWchOckKWh4/OsS3hFZzoWQTy9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+
+WjLuzxXnvOA6naReVnJnAtXkp8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ys
+U0gbv3UN2Q9wyxK3rIPVFhFWELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t
+0HZao63X6ik8Md7+z9iONNq1xLwtuXWPAgMBAAGjUDBOMB0GA1UdDgQWBBSMwUJt
+EbdE7xr2KlW9cXfVOTfIADAfBgNVHSMEGDAWgBSMwUJtEbdE7xr2KlW9cXfVOTfI
+ADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPHj82Tu8eeVmGUY+F
+2dYZ67+T/7tdMsmNx1li4tSp0Al074+Yo1qRfWl9BVb/k2q70BUmsdLm0ZT7Ua0t
+xluPc51DPW78KdLa1N+QOaYkyBA1Cc14W0nc1cE8FHe79O48lmw2Z1jWzEdZVL+Y
+4XUl6bKm2I/H7bADyMT7nlpkmkDZ2jHWZNf8FGbI2LZK/E7ndXSnmLWn/OQd6H/5
+yJ8SpwtayBi3vg+o3rGULQ5OvnMUxVEz8n+Psl5I3OHRy5048ThP6cjz79HbUtQA
+5Q13ja4bDiQ1CVAAS+tYddERBvK3ApmD+QYtPIHERQsJK42bCQicbayahyxei+4/
+hYU4
+-----END CERTIFICATE-----
diff --git a/test/lib/data/security/wrong_key.pem b/test/lib/data/security/wrong_key.pem
new file mode 100644 (file)
index 0000000..d8bc6c7
--- /dev/null
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRZOnMMFLyDGeP
+JlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGyWPmJcZEBDv022qnluk3cisky
+zgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+RWchOckKWh4/OsS3hFZzoWQT
+y9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+WjLuzxXnvOA6naReVnJnAtXk
+p8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ysU0gbv3UN2Q9wyxK3rIPVFhFW
+ELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t0HZao63X6ik8Md7+z9iONNq1
+xLwtuXWPAgMBAAECggEAWHfDU9LC6KMXCeMPHr/aYRDpVAB2OUA/tEPvHIW8Y2cI
+p9QqnOTzo092Nny13/WeRBPEnlvFU72LXhytL+xbD9YHONhdG7r0qF6yhmvZNAbp
+RGZdCoscI9jcxqvsZaRHjT1eKY8PG5F/f+Gn/s6+UUnFCSuw8zQsv4fWzMMqqpmO
+jB+2y8jva7uwavKKlblcWHapgO2pgVOsaqkIWBRRKOwH55bjze7SglKblnmt5LMN
+NH0wSTAVQS3cte4UPhAYkQy5xYiVo/0MjzBWlpgmWK/oHd1ZWkRFDEDArKgE3Io9
+3UwOUu94GlxZs6r9F6R0Rl9lsc+AOArGMaXIG7t/QQKBgQD6+mrgBgYHqbLKmRcO
+z4ParRS6DU50nWl8N6gSOk8um7NCV2wyTg7OZkEdq8lsjHQgklrDyuCBpPNz1feI
+EqbhFw1B2t1EEr+IfnU/HZ5j4iTB9uQx/gaMHxdwWBYKnkqDwnzZhgIbyf4NSn/P
+kSb+ihqKnsSiG0n5TQS4+cmR7wKBgQDVlX2WQ1SIfwjV9BO1/X6Oi7j+EZ1NjuW6
+6tjvIfzaHK6AdEIep5whSHSMMzbTIANcBMojRjpsdCNMsqF4zOQkjuQ0fXwTEfHw
+GoJPI+qPXd8amAEtMQ5XWK9TVQytCL4jAxZc5M3iIrEsDS80nWD9My42Mh6N2e50
+01ea0zt2YQKBgQCOQMW2+HMOgNcAEkmJcYFQvu2Sjtw7KMWTTJCM1FPxHPs7zQVc
+dfXacwbRZH8kcW+Yzpt3glRB51a9/zbv/3Jq/n/bJcxoOyAoo1SdU5JlFtaywdeR
+pmPbo/vLB4JmvlWJ3QCa4mPrkE/ZBLLw2Vr6xxhIHbliEImbLlZQ6fOgLQKBgQCl
+W4aOtnQU9V0u4Df+d1LrI4vG0HZb3J1JuJbZlRPA/eGwO9IRD60WK5VoEiKJFEjl
+jiO9aZrD6qqFr+rJrr+W+jX92YUc8pDAVpW6ldD8zC111mdayJcU0ulyd+9Ha/Rh
+APvoUZCAWmGW/GImtw2nGl/Vv7neEvLF6fXyPUXVIQKBgQDGxr/VNXQIarrwt1fk
+dzqs1JzaRkAwlJ3PYGKW1fqUwxl3BGtkFcK71XFXmN78snwoHNZxEPM/khtoKCZ0
+Oj0pEvUO6+BYlXkgWM7RZAgJxds87q4/9y8qNYEBeaB0p6zqMY652Tr6j9hNFk/o
++G6xXoQYGyrAzQB5EJgSNAWDQg==
+-----END PRIVATE KEY-----
diff --git a/test/lib/test-security-openssl-decrypt.c b/test/lib/test-security-openssl-decrypt.c
new file mode 100644 (file)
index 0000000..07faf26
--- /dev/null
@@ -0,0 +1,82 @@
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <talloc/talloc.h>
+#include <file/file.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
+
+int main(void)
+{
+       char *verify_data = NULL;
+       char *compare_data = NULL;
+       char *filename = NULL;
+       FILE *keyfile = NULL;
+       int ret = EXIT_FAILURE;
+       int verify_len;
+       int compare_len;
+
+       pb_log_init(stdout);
+
+       keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.p12", "r");
+       if (!keyfile)
+               return EXIT_FAILURE;
+
+       if (read_file(NULL, SECURITY_TEST_DATA_DIR "rootdata.txt", &verify_data, &verify_len))
+               goto out;
+
+       /* first basic CMS decrypt case */
+
+       /*
+        * these calls overwrite so need a temp file
+        * copy_file_secure_dest is having some permission issues
+        */
+       if (copy_file_secure_dest(NULL,
+                                 SECURITY_TEST_DATA_DIR "rootdata.cmsencver",
+                                 &filename))
+               goto out;
+
+       if (decrypt_file(filename, keyfile, NULL))
+               goto out;
+
+       if (read_file(verify_data, filename, &compare_data, &compare_len))
+               goto out;
+
+       if (verify_len != compare_len)
+               goto out;
+
+       if (memcmp(verify_data, compare_data, verify_len))
+               goto out;
+
+       /* check an encrypted but unverified message fails */
+       unlink(filename);
+       talloc_free(filename);
+
+       if (copy_file_secure_dest(NULL,
+                                 SECURITY_TEST_DATA_DIR "rootdata.cmsenc",
+                                 &filename))
+               goto out;
+
+
+       if (!decrypt_file(filename, keyfile, NULL))
+               goto out;
+
+       /* got here, all fine */
+       ret = EXIT_SUCCESS;
+
+out:
+       if (keyfile)
+               fclose(keyfile);
+       if (filename) {
+               unlink(filename);
+               talloc_free(filename);
+       }
+       talloc_free(verify_data);
+       return ret;
+}
diff --git a/test/lib/test-security-openssl-verify.c b/test/lib/test-security-openssl-verify.c
new file mode 100644 (file)
index 0000000..4cbf160
--- /dev/null
@@ -0,0 +1,103 @@
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
+#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
+
+int main(void)
+{
+       FILE *keyfile;
+
+       pb_log_init(stdout);
+
+       /* start with basic pubkey extraction */
+       keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
+       if (!keyfile)
+               return EXIT_FAILURE;
+
+       /* first basic verify case */
+       /* assuming the default sha256 mode */
+
+       if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+                                 SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+                                 keyfile,
+                                 NULL))
+       {
+               fclose(keyfile);
+               return EXIT_FAILURE;
+       }
+
+       /* now check different file */
+
+       if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
+                                  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+                                  keyfile,
+                                  NULL))
+       {
+               fclose(keyfile);
+               return EXIT_FAILURE;
+       }
+
+       /* now check different signature */
+
+       if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+                                  SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
+                                  keyfile,
+                                  NULL))
+       {
+               fclose(keyfile);
+               return EXIT_FAILURE;
+       }
+
+       /* check CMS verify */
+       if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+                                 SECURITY_TEST_DATA_DIR "rootdata.cmsver",
+                                 keyfile,
+                                 NULL))
+       {
+               fclose(keyfile);
+               return EXIT_FAILURE;
+       }
+
+       fclose(keyfile);
+
+       /* now check basic pubkey fallback */
+       keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
+       if (!keyfile)
+               return EXIT_FAILURE;
+
+       if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+                                 SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+                                 keyfile,
+                                 NULL))
+       {
+               fclose(keyfile);
+               return EXIT_FAILURE;
+       }
+
+       fclose(keyfile);
+
+       /* finally check different key */
+       keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
+       if (!keyfile)
+               return EXIT_FAILURE;
+
+       if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+                                  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+                                  keyfile,
+                                  NULL))
+       {
+               fclose(keyfile);
+               return EXIT_FAILURE;
+       }
+
+
+       fclose(keyfile);
+       return EXIT_SUCCESS;
+}