From d47114df83e88f1b5ae65747001fc13d5dae525b Mon Sep 17 00:00:00 2001
From: Brett Grandbois <brett.grandbois@opengear.com>
Date: Tue, 15 May 2018 10:55:52 +1000
Subject: [PATCH] test/lib: Add OpenSSL verify and decrypt tests

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
---
 test/lib/Makefile.am                          |   7 ++
 test/lib/data/security/cert.p12               | Bin 0 -> 2469 bytes
 test/lib/data/security/cert.pem               |  21 ++++
 test/lib/data/security/key.pem                |  28 +++++
 test/lib/data/security/pubkey.pem             |   9 ++
 test/lib/data/security/rootdata.cmsenc        |  17 +++
 test/lib/data/security/rootdata.cmsencver     |  41 +++++++
 test/lib/data/security/rootdata.cmsver        |  31 ++++++
 test/lib/data/security/rootdata.txt           |   2 +
 test/lib/data/security/rootdata_different.txt |   2 +
 test/lib/data/security/rootdatasha256.sig     | Bin 0 -> 256 bytes
 test/lib/data/security/rootdatasha512.sig     | Bin 0 -> 256 bytes
 test/lib/data/security/wrong_cert.pem         |  21 ++++
 test/lib/data/security/wrong_key.pem          |  28 +++++
 test/lib/test-security-openssl-decrypt.c      |  82 ++++++++++++++
 test/lib/test-security-openssl-verify.c       | 103 ++++++++++++++++++
 16 files changed, 392 insertions(+)
 create mode 100644 test/lib/data/security/cert.p12
 create mode 100644 test/lib/data/security/cert.pem
 create mode 100644 test/lib/data/security/key.pem
 create mode 100644 test/lib/data/security/pubkey.pem
 create mode 100644 test/lib/data/security/rootdata.cmsenc
 create mode 100644 test/lib/data/security/rootdata.cmsencver
 create mode 100644 test/lib/data/security/rootdata.cmsver
 create mode 100644 test/lib/data/security/rootdata.txt
 create mode 100644 test/lib/data/security/rootdata_different.txt
 create mode 100644 test/lib/data/security/rootdatasha256.sig
 create mode 100644 test/lib/data/security/rootdatasha512.sig
 create mode 100644 test/lib/data/security/wrong_cert.pem
 create mode 100644 test/lib/data/security/wrong_key.pem
 create mode 100644 test/lib/test-security-openssl-decrypt.c
 create mode 100644 test/lib/test-security-openssl-verify.c

diff --git a/test/lib/Makefile.am b/test/lib/Makefile.am
index 9636b08..047fcb2 100644
--- a/test/lib/Makefile.am
+++ b/test/lib/Makefile.am
@@ -25,7 +25,14 @@ lib_TESTS = \
 	test/lib/test-process-stdout-eintr \
 	test/lib/test-fold
 
+if WITH_OPENSSL
+lib_TESTS += \
+	test/lib/test-security-openssl-verify \
+	test/lib/test-security-openssl-decrypt
+endif
+
 $(lib_TESTS): LIBS += $(core_lib)
+$(lib_TESTS): AM_CPPFLAGS += -DTEST_LIB_DATA_BASE='"$(abs_top_srcdir)/test/lib/data"'
 
 check_PROGRAMS += $(lib_TESTS)
 TESTS += $(lib_TESTS)
diff --git a/test/lib/data/security/cert.p12 b/test/lib/data/security/cert.p12
new file mode 100644
index 0000000000000000000000000000000000000000..f5ab0739240e9dc45b14b956514c3210dd390b0e
GIT binary patch
literal 2469
zcmV;W30n3rf(fAl0Ru3C31<cgDuzgg_YDCD0ic2jSOkIzR4{@GP%wf72L=f$hDe6@
z4FLxRpn?PVFoFa00s#Opf&=Xa2`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=wDL4$
zHj<(E0s;sCfPw?Se&ugA-t`KD(_DF(Q}h~yu(WV`HWwJSdC4aUZwJx-Hc_57;80JF
za^Ep!NKkeL+Qp;z85_5doy19Uxq#$Geu&*?)GbEjp@Zw&J>@y={IM282wLQS$dW66
zKI=2N$mWvjs|PQpVhgX)Cltcjbs5;8;vcRwA>G62F5=hVJb%mWFMp!;F_>e60AGn9
zQspL>k46~KFomMqSKhE*<trH3P)94XyF0)|a3L7&o6|d=aK=o-5+Y6cJ{|{=CbV?6
z)~E?Yt}tnX-xu=+O#6_F&Jm}QD4lBc11E*hq2SZl_ddVU_nq2jL1f8%M9q5jvXn=~
zH^~sP(~g)Wdpi4)c}orF5+7jIS&C}%WO%H0=uEeVJ{pXBkz?w!=Aq>uy$L$`+q12O
zk5a>?r_Zf?lcD8vFzPE?LrNMagqo|kSv2HiyrBtQqs>Wz>n}AeSL`EAWB-m4ijD$^
zFhEioyh8($?+>;rYlp;6yo-YsDZ!t!5sdp$@fDykR`hnahjDG+7Fe-GUI1LpGk_y-
z{oI)xLrvW~@0a^!527XQ=&B<LHg`jNs<lm^tO=d6MCwp_v-SC&O;(GjuSeJ>RXpFw
zN8bR?^1^Zc+A!doY;45x&0ZTbYhE#HYMZsPO=S?mpU<#+>7opnS-zmK0kuv9jI^M-
z`f9$Oe)M=AF;nbANIjPsqOFL9YZ7qO=Xy{_$SuiqCTcwJxe18N<?9*4*G6)Nvd`6S
zVHJ0GCOStUv*@iI!vy+xTP9%8T>eMd^$a+*%*=X6K4zUT0rLrgJevVhko}U|oSxMq
z%vK&52dchC=<3W=tK7=Mx0jm5qWM2rfd7%tbvgz05$2dnenEKyL~L(%;`}#qaNaG`
z`Bc(mw!eEbk1V2b*QSF<^22sEBCTrKPWoa>2JKpc4JbvqoE=5(e^}g_r}0pJoLtlb
z%?AeR2diQ6QrxHjC92ZzT;^vV5g0+{zMl$n-+%?qAE<9Mby7Ot)by&pC*j7h*2P{y
zDx9vDWUnk`m^gj=d-!4)P)+z$H==+=z<O<{P5&2qr8k|P`0d2{Ev|L)atE;qtdi@A
zuwf&Nm5+8sz?JD3Y9oBB)mBW0Az(eyY0!6hq+DHbnfqQ{&=0@=4c9;0zilPM&_Sdv
z1!F^<^k@o&Dib$Gpd%fT>e~$)?xtUz^fM;)B8u)0xWBMt76)Gr-0F6n)FvLluvGsJ
z=@h3~kb2Z8yW7>H@+TfUPrtOeYt9Nx9iS)w@~PDTuJmNVFoFd^1_>&LNQU<f0S5t~
zf(0@Jf(0%xf(0rtf(0f93o3?4hW8Bt3<?1Ppn?SMFoFc?FdPO7Duzgg_YDCI0Ru1&
z1PBB}VpGvFezF1r2ml0v1jrMtJ=E*p1TfW$9&P{b8qqmgg`0bA@#6n+>-W38DVG>j
zad2j=44TIccmm}qTggWo0IcTmX;goS|N6c6x9k~eR<!Ud3|mdDc&;KiAYG|J`Nb-<
zBxtGf!JZt>A#MqWb4$UJIZt>5MJVRYw(V47SM6M;ryaP8&GvR_c(?1!;$R>JW@J17
zHG+w`?KdWRyxba}v;VL$X{cC8p1{~ng(FIL7&_Ehw`XjKN)Lhsf>2PY60G70$0e{g
zo7rcUscQSGgpt@g_!TqLYik1%kstPf<K^m_uMKc=;qrOZ{)<ypHre4^U8TTaheYlB
zEgu3%w+U~fh@s4U98Jr;l9Zp(`>r%LKj(+!LL3VYRacZtsxD=lGd1#y1KfJh+iE`>
zc>*prk_997>RYOo`b1ubH?L4!hvwZHt(TN4gpH1=&a5m>vWfv?2xh;j$l^K8!)bd2
zMHb2Jrl5v==Gvf(3_2jFffbt4sKMrW#36!gMuZu7*<KH6Kti)`#;{eF&EW@}Hxyo^
zG6N_%TMl4jv*?s*YNyNT$qSv4oah_nHqyUeK8<90F=>t9R2*LB-*G6cnWf(Pr^jkj
z?#D+sO(MpKDoH!c@|E+VUZu}DRe~0AA?NfFfsAKB6h1NLQxVPb_ez0IA)0LA6#eDj
z3<Ue_lkKUm(+->#V#H#sPC@4koMfb0GKu=)_0h@USWmT$edh{mYfv_@3q^_9{?h!H
z#f%?#$5)c!c`#~wkBHW_7QPoVyBCJw%4blOwDJw}4qCLo62yoZ6!Kf2yka@W_i=XQ
zdktru;H~pEU76cHD*e$B)fl*(p@xbEFfBt6!vBRVkxdyreC<z3&y!B3C0PJE{Z_a=
z&Q!6>IiR3^L8m1qfeR-hZC3SzD$sQAZllTPqn9nAMH-dzglwGjvCP$=Qzi`%08Kj#
z``~lGME9?Djw8v3J-#h!`6?m1zTL!>wlY@6*qgE9olU4wEmZ2#Pf&$wz&}`>0QRao
zazL_;`N`#hx4JwWQ%bI-442}!uSNDLCK?Ng4L3E}*kjnFac=IFT*Mkn&r$dd>o;Oy
zxLU00B!9hcO9fln-)K8k^i*7!?$3p8B+MC@9#wa)8RoI3S<&_Yv~IU3y)n{lUU0TQ
z;{|480^Z!tQC*7Q=ooSQUS!RfE!U29@l!d{h9Qvi5CdD|(|n=qFzleUnG8V;a`d>+
z2JRy|L)W`7z)#S(@duzwu7MA37-pIzqI?c1>Wyr$1qYc6wrj~Z-D|cu;iuyZ4{^g%
zDFeda;Pzp(PS$EBsXDDl?!UJX+5e2C=lFA+vhk1WXG0c_n0I|$8Mp2A#KL!2Hk!{|
zAoW#Ez8fuL;{|t@0$nWa#bFL*m=l~sTA^;FBme?2h{*-xi`GL_ATifXUexm&S#OYf
zHk4~4xHNRCZRf0hGcd0ND{NlPd@C=s4+&*<;vPv|sr}G@QMz|C8CKm_k`SV!>5t|C
zx3D$p6hv09qabd0R-~E)FzVbhl&DlB7Cfev&Q>irNxY%8fK~$RIDl6e`cZ-fB?H?b
z^<JYjL4f0VL0Xs{EE_a;$X|>wi3gN^YL_QlRQ5(d_V8EX(X*AR<r3GaQHC)kFe3&D
zDuzgg_YDCF6)_eB6ioyHt2IqIZ)ia8kxE|ogcDV|@-Q(lAutIB1uG5%0vZJX1QbFZ
jv(816BdjU30t~*E{9?D=iR=Ujk|Gr;Q0meg0s;sCIf#{U

literal 0
HcmV?d00001

diff --git a/test/lib/data/security/cert.pem b/test/lib/data/security/cert.pem
new file mode 100644
index 0000000..25ca0fa
--- /dev/null
+++ b/test/lib/data/security/cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIJANnp/7YAvOPVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MDU0OTQ4WhgPMjExODA0MDIwNTQ5NDha
+MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCtMrdZYW7AU+padBPNapi8q8+mJ9K1dgV0C3Nt+nNfObKbCLqvLxoa
+qCSTRVpgPkHNV/KZdvQrm00ZVSH4yFYEqYxAU3c4n8yWahn9wx/AKhuMaA/S5o9p
+tYgR1C5b5Kn5fmBb4aFV+ZoTioz4xj5s6cEfQB+kTEh1W7BIkTK1oWHYm9SdEj0h
+MylE+Dhu9nYtv9gVTzosRB+VGcnTAed0ELK8GHqeKfIaJRbbCoWOIMClxnztrQTZ
+i6rQ25sLUB1qYbLtyKAlv5RZ28t+AAmR2NkIC+qi92Lx5AqOym/Yi9MjyUMp0OUn
+CDLkjXUxgw8oZWMmeCp8yJWm5GmPu49pAgMBAAGjUDBOMB0GA1UdDgQWBBSXTekb
+Cvoyepyd97LaZQaTzCb64jAfBgNVHSMEGDAWgBSXTekbCvoyepyd97LaZQaTzCb6
+4jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCE10SC/toyRtTyggR/
+UO/LoL8SDBJcOcquiq9FYc/rhPRy4lGRxnl7He4h0FhlJZ7Qf1coijgJBuzG7zpU
+9oFK7QcSGeoXlmFiE1W+bnvB6jksOeAeVPYNaSkHd1dz10M6RnZLyU2/1wEtcmf0
+osS2Jbm2uHOpTLe3e3ngMdV1QUvdrcDtS4sR2Xn0KU/tq0ANfnCzy2vdsxneYU8R
+f6f5TTLaIssC3b4em7o6YV5w7hF4hi9mRRleGkIEgEvoMv9k9OENmglunGQh+A65
+rirWyhqIBik7RYx8Ds05XllHg6gTNIbnB++DfpZWGShJRKWqEJU81lySn+Cjny2b
+CWXt
+-----END CERTIFICATE-----
diff --git a/test/lib/data/security/key.pem b/test/lib/data/security/key.pem
new file mode 100644
index 0000000..4c21ae0
--- /dev/null
+++ b/test/lib/data/security/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtMrdZYW7AU+pa
+dBPNapi8q8+mJ9K1dgV0C3Nt+nNfObKbCLqvLxoaqCSTRVpgPkHNV/KZdvQrm00Z
+VSH4yFYEqYxAU3c4n8yWahn9wx/AKhuMaA/S5o9ptYgR1C5b5Kn5fmBb4aFV+ZoT
+ioz4xj5s6cEfQB+kTEh1W7BIkTK1oWHYm9SdEj0hMylE+Dhu9nYtv9gVTzosRB+V
+GcnTAed0ELK8GHqeKfIaJRbbCoWOIMClxnztrQTZi6rQ25sLUB1qYbLtyKAlv5RZ
+28t+AAmR2NkIC+qi92Lx5AqOym/Yi9MjyUMp0OUnCDLkjXUxgw8oZWMmeCp8yJWm
+5GmPu49pAgMBAAECggEAW1VjWr8GqGWYMBsGVkzgPp5b4kMd2pNiTM+9D0IDlTPX
+++meiMNOAMCqiP8Jqbcq/B5k0IjqOhSrk7BROeBrfAns6/8X38RlHuzUx/0dwThz
+TpeRwKXU+um/16cMy2jKOcdrCQjzC2OU3Lkznfzs7oJWVSR7iyivDTRMwffPxfd1
+pbnlx6OfKpAniuI3QGNiAYzdSVN8Wmkma8FS5OcjsaKdyTOo7J2+VvXhQm72POmx
+ZhAJNph3obb6nhq00xjzrFrR+/tdreuyPlfoT6ceCVq4FdRImFHiNpIBDMPXoFVj
+1Bp2qb8IJ7p6IarnrKu3jMlsEYBhpkzXbw9KwCUwAQKBgQDmaiPBy7XLMWvesjOq
+9zx902r40vabtjFYvN5kPx201vILw+vpvEp0g7O2JWAnzSmLrVIstIO48+9gLhkD
+kR/ewV8UJLz9Z3swCehEzZcNvdpB0I4U28fq5/qEvcYjYRJES3O35PsKA29ho9xZ
+HeWYKwtf/nqfs95oN+ST8Rt3lQKBgQDAbh3qCTtyTj4mV+kKXe3dDptH3XsvMBtN
+zQiuTUxuKd98c8c3hG5XvtORmKB3B1286b9XSQfE1DLWVNqhF/P8uX7XB/+YAf2E
+POnCISAcp3w1rAWrQUzm6NB1eFQlzHmG89fVqtZvPLQQGJhjfLdFRHSdB+XvAILY
+ms0nhSTzhQKBgBWwXgdK/qTO1SGUUqrANRB/Cy265f3IS6LXvHNhQZGZPhV/bsCE
+udl34D3ADOoSNNvyB68vmsqZI6pBDJe6XG6icym5P5T23bCq7hMz6wkfGuFhGU67
+VXk2Nu2x02nXJFoLZCwmQL8zjZN6Ui6NUuRdAOgbUz2fN8tFn52Rb411AoGBAI65
+HbbX4h+FqNMHoPDvedzbWJCU1SjKpXWu/SFKc8XBiODlfnzO3Ih4ILN8YIfoDr5v
+IFu87uYt/Qa7KO0StwRbEJisdgZoc4ABLd+ucgLOtnGYhRvf8wnQ48w80yy12+0c
+LplrfGBExciqdVxUxBm8DEHr+b6qwmGlb0RAnIeBAoGBANOi/4XCX9n6qtjZnO6+
+hSzLbm4N6Qq70Xbs3iFbYgNHw3jHhXfzpSs6EA5ckEuC9d5GvAcSX/xh36z/EFOg
+yFDPWYPczM5C8b416yM6CMF+lj1vJe8hJowzJwqR/P2FxEko2iZ3f/7RufmWJc2K
+2OC5zuxDBAPWicetPA7Om8bU
+-----END PRIVATE KEY-----
diff --git a/test/lib/data/security/pubkey.pem b/test/lib/data/security/pubkey.pem
new file mode 100644
index 0000000..03ff139
--- /dev/null
+++ b/test/lib/data/security/pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTK3WWFuwFPqWnQTzWqY
+vKvPpifStXYFdAtzbfpzXzmymwi6ry8aGqgkk0VaYD5BzVfymXb0K5tNGVUh+MhW
+BKmMQFN3OJ/MlmoZ/cMfwCobjGgP0uaPabWIEdQuW+Sp+X5gW+GhVfmaE4qM+MY+
+bOnBH0AfpExIdVuwSJEytaFh2JvUnRI9ITMpRPg4bvZ2Lb/YFU86LEQflRnJ0wHn
+dBCyvBh6ninyGiUW2wqFjiDApcZ87a0E2Yuq0NubC1AdamGy7cigJb+UWdvLfgAJ
+kdjZCAvqovdi8eQKjspv2IvTI8lDKdDlJwgy5I11MYMPKGVjJngqfMiVpuRpj7uP
+aQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/test/lib/data/security/rootdata.cmsenc b/test/lib/data/security/rootdata.cmsenc
new file mode 100644
index 0000000..ca51ec9
--- /dev/null
+++ b/test/lib/data/security/rootdata.cmsenc
@@ -0,0 +1,17 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIICBgYJKoZIhvcNAQcDoIIB9zCCAfMCAQAxggFuMIIBagIBADBSMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQCCQDZ6f+2ALzj1TANBgkqhkiG9w0BAQEFAASCAQCsmb7E
+zY1oXEtPezxcDMseUpu/HfBn/pjiQ0NzKcdDww08OOxYUdv7qkPrihwJwfYXtD5L
+6Q8QZNeHOafV+roTn4fEiiY4939djBo0Ytu2qqsywpYjeKzKZU6ZX4JKQe6J4vm0
+626a5sV+ISVdsNC+r/qIAVVAr3XQw/kfJ1iJKP9HT5xPaUFKbr0RtQxRZbm7IQYd
+KFyVyUY8qVhRHJ5g7oEskW0/CP75dq44Fdh66Qu09Fh5DH2M6H9wUgu1yynBDMB4
+Jxtr50yvHKJqfPZY+Lg8+8kY8Hlcs9oRuHMZyMhlOTKXJzRv80UygL/P86cwB4AD
+w1660F7sRbHm18omMHwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEKknxeNUs+Lh
+lIK7i0HZdlWAUDI4hezsKhFBQzYPOEBaar99QQkbmdTlnliJ6gChqq8ycYPykLaI
+263KVM2nESkEnhpVHNQ+mfD4T1dm2I0N2r8N27GROtrz1k9GxQctaKRn
+
diff --git a/test/lib/data/security/rootdata.cmsencver b/test/lib/data/security/rootdata.cmsencver
new file mode 100644
index 0000000..89bf86b
--- /dev/null
+++ b/test/lib/data/security/rootdata.cmsencver
@@ -0,0 +1,41 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIIGigYJKoZIhvcNAQcDoIIGezCCBncCAQAxggFuMIIBagIBADBSMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQCCQDZ6f+2ALzj1TANBgkqhkiG9w0BAQEFAASCAQA5XJvZ
+JlxDydkxLZdaXz75oYBacTiJclkyP+54wftAR5gGM7DmRhJ4eCs9lFUYLqc08GRD
+h1Apo3sGIdVnZO1oee+ToS3CO46WgXUUa6dbMdALKe1x3zYhm+Zm6h20uMQ+g/IM
+NecdJSakvigZVOH01IQ0NwOawp7wDPP609DBDsFECqWrHpwz2VmbX3nvIl56+dxk
+F01Iia/gXcWozjaBu9mMNxPlJqa/98e/Q40maBAqT/v2VPYD67U3WMlhhZXIeQX3
+Z6YsBHUHTWoUNATJ63UeIxXunOi89c80dIARLHlPZmvypbGS7Luer98CC3Dml41v
+I8+YEi/ssi8/DEzHMIIE/gYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQl1RNAsML
+fuffTDLYXaQ7I4CCBNCouv7aa724NOlKjGARkXNJoxUuHjmrrbTbnySjdQ00cUl4
+guuYQ6STtI/z3ZdyBAV+vqg61XxajTjkm1A3x28O6b7YUSzyCkaxXK2WYDMMQhKx
+owJ769WuYrtkL3XWpgkMjfxNx0NXff8UWZEaJ/WeqCXKDloFt60zGjPAAUQ3o/A6
+cCTk0hDftNTGv8QekG4ZK94ezGTaoZlVpLGXu12Clhv7prgHo5DZpb71kqYK3Jwy
+dEStlwX9kYUIsoGXrb1eSfomkVPeDtLoMpyX6Y7w+dmalO8nyuBsJHH4SqacMiRT
+KkcdPe1kkYP1a1YaB2eP37gefXGRRg21JGP9cGQY2jPwSQqL6sQX+pHfBPoBwLYO
+xMKVoS4DYseY07bdumTZ+Ytgvc2/M2SXs1HyVTDW8k1ggRN7Y6IuMQxwlRMTqvJP
+/Bi0fClsSsu3p0yvRLHGUm6I/Hy8gVb6SFAqTDXE1gGV1f5RDcWVG5xr3KdA2u5b
+E+gymQ72ySJKefyYWB6AHlzoBo3thzJwRWHnNpuyferoUGCDzBEQyEOgCLAaGNSD
+UyvH4ArdphNo5tWw6zzzONWpRMCme2LoWKwR7btvizwY57AV2YB6K9Qn5MK+LHyH
+zI2+2wqsvv7NfzsUHtqTv6W8ZsNApXgSHtZeqXY/dG/OU38ythP6AQ0fmxfiYKI5
+241Q/QmHvD2TDyxvSeObvFfgLy1e8svSS+QgJ7g9G0O7yWuOR4Q3SbRDmMFWTtXv
+RqN2oggLchVlIcstASQ02zO0zrg2xl9mx58pgO4KJ5oW4CTt3mz+cpG0VXXpHwUV
+a6nN/XFMKlvmFTt7bc/iRrObKqLoVczjSOi1EBqGjoxVxSuAw4SYVljatCoxXjvG
+j1mbJE9toShbuzsgzkHmtvL6WC0iQ/GNoZJZ5CKpvFnhdmik8Hm49tKqhhOo8wMp
+fKUcs/NK0MGp+hEjWh7gSw5fapaRelLsizoJMGtYNVrelRaumhQUURFJaCVl7jf7
+UmkWaYD5+UaoL+EfYFVWVWC6H9+WoZNh8KBb0CYzSCSwGGjFOpnAk3NTwIZ73tse
+WOTLt2ucK+1qbIO0804aBUeHLGPA81QCbNKeJHvC5SabCuefH8JEsYPCKIQsor96
+btrY4Rc0vIdZPF7EztbwIyxcFWuhLDY8NIJBSJjxT57cHvCpNJtrdWqrYbG1FBQe
+Id96MY/XkxOo/U6zt062kStTfY3CSZSQ/EiQO/UTJwiPG90+1HC1B3eWHBQgD/TZ
+WXRcUIlvj53i9la+ATGewPHboBph7b/b+IFVDmmt0nvbyOi2E+zA5DY89404cjgz
+AgPVxCu6gud2C6lITO10wNOourPhtMQYIeaGo/XG2MDPdJ3GCHaJBZ+zQmGxR7Pw
+V+bazK0Kzfz8chzy3htakfIpR/LQXdtasTppQqqB5fxKxGGg7xFgaBSibij1Jon5
+2lRe0stxbC9tGSnob5cN2VmSTRiV4b1O6rcVl8YHkKl3AxBs5mzhc7aWLnsm8AaE
+rtFwyBy5AB3E0ZDuQySi0XWFIvJUOHSch3+BE/GEpy2Bs2DT+VOfvxmByYOVqXMH
+aPoS4MQDNd5bUBjF7V6z069+Kdq4rZnuzHpFB2nSSJIT2QDzoco5bruVtkYang==
+
diff --git a/test/lib/data/security/rootdata.cmsver b/test/lib/data/security/rootdata.cmsver
new file mode 100644
index 0000000..9e8fb43
--- /dev/null
+++ b/test/lib/data/security/rootdata.cmsver
@@ -0,0 +1,31 @@
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----644E58CF5F5E956041CC782E38806ED7"
+
+This is an S/MIME signed message
+
+------644E58CF5F5E956041CC782E38806ED7
+This is a test of the petitboot security library.
+This is only a test.
+
+------644E58CF5F5E956041CC782E38806ED7
+Content-Type: application/pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIICmAYJKoZIhvcNAQcCoIICiTCCAoUCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYICYjCCAl4CAQEwUjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkAgkA2en/
+tgC849UwCwYJYIZIAWUDBAIBoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
+HAYJKoZIhvcNAQkFMQ8XDTE4MDUwMTAwMTIxN1owLwYJKoZIhvcNAQkEMSIEID1e
+6QppGew2gaXGDOi4ykJa8UgfzET7MnWEfWH1eOaeMHkGCSqGSIb3DQEJDzFsMGow
+CwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcN
+AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG
+SIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAC+M3owKczQIO9xkiZ73gnW+RJRD
+I0maX9FAWHaV8YydY6Ip/uShiz0y0mfNupCHuXENk+/wS2SNJArxOzKsLVhdkqNy
+jkuUqAm+84WJV/ouRce5zre3WEe4L609H1b2TeUAoY3lXNrxX9/nhzHqcB0aNjNm
+UtUxzFNj6ZkEhaOsCPJBOrotrSMHl15uMwJlstq8gyLDIzr+PRAMy8DVYBEAj50U
+yhxsilX1RfLvxrd3iQsDryK8PI6+9WhWv0o8IZdPgVczTIiu9tzv0kvqnodwYD2B
+HTn9WuhCCASqjrdv07vGcAJFjDAPjbdoDxwINTOLT1deI8OW4jCN2dOgsTI=
+
+------644E58CF5F5E956041CC782E38806ED7--
+
diff --git a/test/lib/data/security/rootdata.txt b/test/lib/data/security/rootdata.txt
new file mode 100644
index 0000000..39d05b6
--- /dev/null
+++ b/test/lib/data/security/rootdata.txt
@@ -0,0 +1,2 @@
+This is a test of the petitboot security library.
+This is only a test.
diff --git a/test/lib/data/security/rootdata_different.txt b/test/lib/data/security/rootdata_different.txt
new file mode 100644
index 0000000..0e3bee9
--- /dev/null
+++ b/test/lib/data/security/rootdata_different.txt
@@ -0,0 +1,2 @@
+This is a test of the petitboot security library.
+This is not only a test, it's an adventure.
diff --git a/test/lib/data/security/rootdatasha256.sig b/test/lib/data/security/rootdatasha256.sig
new file mode 100644
index 0000000000000000000000000000000000000000..54a60a71e65f645c834ff6649587fac7be38e95f
GIT binary patch
literal 256
zcmV+b0ssD}ivqfsacVjs^?#GY*~Zy}XqT_tOfk*@du6zWhFOMnRTPU^q19r9bM9Sw
zAd(z8rTp9;!2V#93wiAh0X&?y4!rG#p>h&Rkl|progJpO>m-f`0u_`nX(}<nXtFs0
zTq~zZVgR_~wV^*jvL)WU)Rp*6M&b=Hz6DJy=w**T&m}#+L;@5`22B&-Xjt6;=)ldP
zofiw1yE>0NK-!#CGb>}KPOCnsI;8l!jk^DlssX~@JCx!sb_ldPG=Tb$GyW}h=yf<v
zOjynHPv+&P$4Zzns~clmSzuEKR(xLx6@N4(BH2}s<GK1T)l*7iJ#$7M6*M)+uT5`O
Gw{Q=bOn1Zp

literal 0
HcmV?d00001

diff --git a/test/lib/data/security/rootdatasha512.sig b/test/lib/data/security/rootdatasha512.sig
new file mode 100644
index 0000000000000000000000000000000000000000..0d1c6adc678ce43eacb498210ecc39b6b3e83162
GIT binary patch
literal 256
zcmV+b0ssDKp3|R+R;Wh?i1UKQ`YEpGQVx6LhlHw@z=i2j-}=<&*L?=&iP{EyOaKCx
zqObSeHz1>ax5!3~rZgG7@Nzi7NkbS^y90?I0ltEMNCf#(D*`D$vrOW`&$(^h&9Y@u
zLQiE6^cZbB#Wng~y$OXAPZ^|=^vS{y_<5;#{c!o`r3JfpxU~F!56?N6Hm|Y#PfS+i
zeAEt_FG7$Rx=;k}AiEiZ;|Y6X$6KW14*P)TOtg$#{I4X5I^>VHT>VF|{GfU5Kiv`i
zMNM|JWjEsE;d;WUDjr99&s<m6*kwL42jOhx!>QOmY_3xdECGDYoW_XQc@&}l0b4st
Gg+}v?p@ZH4

literal 0
HcmV?d00001

diff --git a/test/lib/data/security/wrong_cert.pem b/test/lib/data/security/wrong_cert.pem
new file mode 100644
index 0000000..f33a586
--- /dev/null
+++ b/test/lib/data/security/wrong_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIJAODEiSno23BvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MjM0ODIwWhgPMjExODA0MDIyMzQ4MjBa
+MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDRZOnMMFLyDGePJlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGy
+WPmJcZEBDv022qnluk3ciskyzgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+
+RWchOckKWh4/OsS3hFZzoWQTy9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+
+WjLuzxXnvOA6naReVnJnAtXkp8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ys
+U0gbv3UN2Q9wyxK3rIPVFhFWELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t
+0HZao63X6ik8Md7+z9iONNq1xLwtuXWPAgMBAAGjUDBOMB0GA1UdDgQWBBSMwUJt
+EbdE7xr2KlW9cXfVOTfIADAfBgNVHSMEGDAWgBSMwUJtEbdE7xr2KlW9cXfVOTfI
+ADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPHj82Tu8eeVmGUY+F
+2dYZ67+T/7tdMsmNx1li4tSp0Al074+Yo1qRfWl9BVb/k2q70BUmsdLm0ZT7Ua0t
+xluPc51DPW78KdLa1N+QOaYkyBA1Cc14W0nc1cE8FHe79O48lmw2Z1jWzEdZVL+Y
+4XUl6bKm2I/H7bADyMT7nlpkmkDZ2jHWZNf8FGbI2LZK/E7ndXSnmLWn/OQd6H/5
+yJ8SpwtayBi3vg+o3rGULQ5OvnMUxVEz8n+Psl5I3OHRy5048ThP6cjz79HbUtQA
+5Q13ja4bDiQ1CVAAS+tYddERBvK3ApmD+QYtPIHERQsJK42bCQicbayahyxei+4/
+hYU4
+-----END CERTIFICATE-----
diff --git a/test/lib/data/security/wrong_key.pem b/test/lib/data/security/wrong_key.pem
new file mode 100644
index 0000000..d8bc6c7
--- /dev/null
+++ b/test/lib/data/security/wrong_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRZOnMMFLyDGeP
+JlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGyWPmJcZEBDv022qnluk3cisky
+zgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+RWchOckKWh4/OsS3hFZzoWQT
+y9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+WjLuzxXnvOA6naReVnJnAtXk
+p8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ysU0gbv3UN2Q9wyxK3rIPVFhFW
+ELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t0HZao63X6ik8Md7+z9iONNq1
+xLwtuXWPAgMBAAECggEAWHfDU9LC6KMXCeMPHr/aYRDpVAB2OUA/tEPvHIW8Y2cI
+p9QqnOTzo092Nny13/WeRBPEnlvFU72LXhytL+xbD9YHONhdG7r0qF6yhmvZNAbp
+RGZdCoscI9jcxqvsZaRHjT1eKY8PG5F/f+Gn/s6+UUnFCSuw8zQsv4fWzMMqqpmO
+jB+2y8jva7uwavKKlblcWHapgO2pgVOsaqkIWBRRKOwH55bjze7SglKblnmt5LMN
+NH0wSTAVQS3cte4UPhAYkQy5xYiVo/0MjzBWlpgmWK/oHd1ZWkRFDEDArKgE3Io9
+3UwOUu94GlxZs6r9F6R0Rl9lsc+AOArGMaXIG7t/QQKBgQD6+mrgBgYHqbLKmRcO
+z4ParRS6DU50nWl8N6gSOk8um7NCV2wyTg7OZkEdq8lsjHQgklrDyuCBpPNz1feI
+EqbhFw1B2t1EEr+IfnU/HZ5j4iTB9uQx/gaMHxdwWBYKnkqDwnzZhgIbyf4NSn/P
+kSb+ihqKnsSiG0n5TQS4+cmR7wKBgQDVlX2WQ1SIfwjV9BO1/X6Oi7j+EZ1NjuW6
+6tjvIfzaHK6AdEIep5whSHSMMzbTIANcBMojRjpsdCNMsqF4zOQkjuQ0fXwTEfHw
+GoJPI+qPXd8amAEtMQ5XWK9TVQytCL4jAxZc5M3iIrEsDS80nWD9My42Mh6N2e50
+01ea0zt2YQKBgQCOQMW2+HMOgNcAEkmJcYFQvu2Sjtw7KMWTTJCM1FPxHPs7zQVc
+dfXacwbRZH8kcW+Yzpt3glRB51a9/zbv/3Jq/n/bJcxoOyAoo1SdU5JlFtaywdeR
+pmPbo/vLB4JmvlWJ3QCa4mPrkE/ZBLLw2Vr6xxhIHbliEImbLlZQ6fOgLQKBgQCl
+W4aOtnQU9V0u4Df+d1LrI4vG0HZb3J1JuJbZlRPA/eGwO9IRD60WK5VoEiKJFEjl
+jiO9aZrD6qqFr+rJrr+W+jX92YUc8pDAVpW6ldD8zC111mdayJcU0ulyd+9Ha/Rh
+APvoUZCAWmGW/GImtw2nGl/Vv7neEvLF6fXyPUXVIQKBgQDGxr/VNXQIarrwt1fk
+dzqs1JzaRkAwlJ3PYGKW1fqUwxl3BGtkFcK71XFXmN78snwoHNZxEPM/khtoKCZ0
+Oj0pEvUO6+BYlXkgWM7RZAgJxds87q4/9y8qNYEBeaB0p6zqMY652Tr6j9hNFk/o
++G6xXoQYGyrAzQB5EJgSNAWDQg==
+-----END PRIVATE KEY-----
diff --git a/test/lib/test-security-openssl-decrypt.c b/test/lib/test-security-openssl-decrypt.c
new file mode 100644
index 0000000..07faf26
--- /dev/null
+++ b/test/lib/test-security-openssl-decrypt.c
@@ -0,0 +1,82 @@
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <talloc/talloc.h>
+#include <file/file.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
+
+int main(void)
+{
+	char *verify_data = NULL;
+	char *compare_data = NULL;
+	char *filename = NULL;
+	FILE *keyfile = NULL;
+	int ret = EXIT_FAILURE;
+	int verify_len;
+	int compare_len;
+
+	pb_log_init(stdout);
+
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.p12", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	if (read_file(NULL, SECURITY_TEST_DATA_DIR "rootdata.txt", &verify_data, &verify_len))
+		goto out;
+
+	/* first basic CMS decrypt case */
+
+	/*
+	 * these calls overwrite so need a temp file
+	 * copy_file_secure_dest is having some permission issues
+	 */
+	if (copy_file_secure_dest(NULL,
+				  SECURITY_TEST_DATA_DIR "rootdata.cmsencver",
+				  &filename))
+		goto out;
+
+	if (decrypt_file(filename, keyfile, NULL))
+		goto out;
+
+	if (read_file(verify_data, filename, &compare_data, &compare_len))
+		goto out;
+
+	if (verify_len != compare_len)
+		goto out;
+
+	if (memcmp(verify_data, compare_data, verify_len))
+		goto out;
+
+	/* check an encrypted but unverified message fails */
+	unlink(filename);
+	talloc_free(filename);
+
+	if (copy_file_secure_dest(NULL,
+				  SECURITY_TEST_DATA_DIR "rootdata.cmsenc",
+				  &filename))
+		goto out;
+
+
+	if (!decrypt_file(filename, keyfile, NULL))
+		goto out;
+
+	/* got here, all fine */
+	ret = EXIT_SUCCESS;
+
+out:
+	if (keyfile)
+		fclose(keyfile);
+	if (filename) {
+		unlink(filename);
+		talloc_free(filename);
+	}
+	talloc_free(verify_data);
+	return ret;
+}
diff --git a/test/lib/test-security-openssl-verify.c b/test/lib/test-security-openssl-verify.c
new file mode 100644
index 0000000..4cbf160
--- /dev/null
+++ b/test/lib/test-security-openssl-verify.c
@@ -0,0 +1,103 @@
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR  TEST_LIB_DATA_BASE "/security/"
+#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
+
+int main(void)
+{
+	FILE *keyfile;
+
+	pb_log_init(stdout);
+
+	/* start with basic pubkey extraction */
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	/* first basic verify case */
+	/* assuming the default sha256 mode */
+
+	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				  keyfile,
+				  NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	/* now check different file */
+
+	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
+				   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				   keyfile,
+				   NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	/* now check different signature */
+
+	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				   SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
+				   keyfile,
+				   NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	/* check CMS verify */
+	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				  SECURITY_TEST_DATA_DIR "rootdata.cmsver",
+				  keyfile,
+				  NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	fclose(keyfile);
+
+	/* now check basic pubkey fallback */
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				  SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				  keyfile,
+				  NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+	fclose(keyfile);
+
+	/* finally check different key */
+	keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
+	if (!keyfile)
+		return EXIT_FAILURE;
+
+	if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+				   SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+				   keyfile,
+				   NULL))
+	{
+		fclose(keyfile);
+		return EXIT_FAILURE;
+	}
+
+
+	fclose(keyfile);
+	return EXIT_SUCCESS;
+}
-- 
2.39.2