From patchwork Fri May 4 01:41:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Grandbois, Brett" X-Patchwork-Id: 908423 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40cZWP0Dscz9s0q for ; Fri, 4 May 2018 11:42:09 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=opengear.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=opengear.com header.i=@opengear.com header.b="cQ/nXEWw"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 40cZWN5bPRzF1KS for ; Fri, 4 May 2018 11:42:08 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=opengear.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=opengear.com header.i=@opengear.com header.b="cQ/nXEWw"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=opengear.com (client-ip=104.47.36.78; helo=nam02-sn1-obe.outbound.protection.outlook.com; envelope-from=brett.grandbois@opengear.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=opengear.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=opengear.com header.i=@opengear.com header.b="cQ/nXEWw"; dkim-atps=neutral Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0078.outbound.protection.outlook.com [104.47.36.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 40cZVT2N43zF157 for ; Fri, 4 May 2018 11:41:21 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opengear.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8DFCrxRFC6OZf9YiXX857cUuCdjG32b1yFPLNogHYkY=; b=cQ/nXEWwYvGE8Eml4FHzjjzGt8Qpmive9Ii0uL/AOoQWdE6ijtRl00uTfU1g5/U3/seZjFHLG6wseA8R25yhWe3vpDF/TTP1nCfJTD0pDw9S0YTqMpkT1pd47H+4d0/nW96VpzD/B2cYGJpTYhKCN6f0UM+nRojoaCiUtQc2W+o= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brett.grandbois@opengear.com; Received: from opengear.com (59.167.150.161) by MW2PR1501MB2060.namprd15.prod.outlook.com (2603:10b6:302:c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.715.20; Fri, 4 May 2018 01:41:12 +0000 From: Brett Grandbois To: petitboot@lists.ozlabs.org Subject: [PATCH 5/5] test/lib: Add OpenSSL verify and decrypt tests Date: Fri, 4 May 2018 11:41:00 +1000 Message-Id: <1525398060-1517-6-git-send-email-brett.grandbois@opengear.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1525398060-1517-1-git-send-email-brett.grandbois@opengear.com> References: <1525398060-1517-1-git-send-email-brett.grandbois@opengear.com> MIME-Version: 1.0 X-Originating-IP: [59.167.150.161] X-ClientProxiedBy: SY2PR01CA0015.ausprd01.prod.outlook.com (2603:10c6:1:14::27) To MW2PR1501MB2060.namprd15.prod.outlook.com (2603:10b6:302:c::24) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:MW2PR1501MB2060; X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2060; 3:o/I35V8t2+ooFlZogErAV7Jwbz2somB95Fih6rP4MgPT5gOiBB6kTCyJvy9kcYFwe9sjrEdpBiE9BeeVneHPX+47LA5+p2350QeiIPLQzO06s5HX3uNyMTuIg4QoLjJxDIaxF3C1YdARO7C6ndYLHTDEqWxJkbc2alQxe2/ZDRNT2fFWk6isD/q7QUPzXFHAo3FzewrU72v4IpIhCoTICZeuC79JRdDilIt03ostCLWmBHs/lfgnx4PbVSf6ktG8; 25:x96FHeDvmAj5dlKTptD58k8n15VUYOg+tYiVzRRV3fn0TEv9HKsJmv7sD+q1eY7cYp85Xy35ybvcNubUSkX07ajaiqlUGikmX7q/w8sIqhVblrfvCBd41Lc2fv1vNotpC+Nelz9di/45kz0osh3Nh8HBRQieC3PqppfH0pbdkYD3Qm366MNe5JyBbnE67A/YbK0TDlyx4u4O7lC5Dnc9IQfWba1j3fyAMJNyxppjj5U2ZGSNJDC978WCyXds3p0N0Lnp4NyXAZ7rLBAESGeFc9h9AHkzd4LGWV4dJz8Hk/kB15knigRajqCxlA7YFOjjV02ycyjHBHNIUDc2yHo0AA==; 31:TfKo+7UEf4QHri+PFKTI9/5XXtz+w/iPbWIFoMYbTT69NIQr5BiTtsIrJ/t+JZ6SZxk/cb2MWyO7VL6INv5yR23ZZ0GDpzLYqZ/EYAmYEHhFy4ybSSx4PVI7/4y37Rptk4tJVp939n4sDhgdBtVM+vJ0/+Tefd5VgVT9d5EBLBTkMZkCv1F+IaZPhm4txoceomh24UJQDKmVQ2Hh6QmRjCL9XqLEUj1LsX3JeomZk80= X-MS-TrafficTypeDiagnostic: MW2PR1501MB2060: X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2060; 20:15k7qf3T3mPvfAr1+G6MBVt/n8VVdA7jdRMTYggCXmWQShh5fUHfiUoubo83rpDhl0W9NSFlXALBub1sqH9gKw9gufJpfBEmRvdl+kKURc/Vs+u2/IUMmtkxIXg27DGNs23FBb7JIZJRCDEu2cZZ03Pj4EM9v+a1lLaLfhgvuHs=; 4:4H8nHOcKZvByJca73VBaKdk60ouNejObHz87ksuqGT0fFCulIApNowz16rsGSjUkyKT5wUaxAzqJPG+I3LQFxURJkpNdp8cH2bmbPBqeJE+5QUFe4p8CsQBacmftFN0oFVhPdqpJIzbqm9NA0ES8vhYJqAKszdQp0gc3O6nsE48AfwuXCxnH1xSmChNoY//8zR/FE56Iz8WSMvgMbufk78g7IXJoT5KK1uqhULa2oArOEL4KOAhBcQpxVSrrpeZziFuBB81Aks5TZG4cnOCl+TKnySjPdTuMic7PQaqr1DfGT4sSwemRs0pAHk1vDX7+ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231254)(944501410)(52105095)(3002001)(10201501046)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:MW2PR1501MB2060; BCL:0; PCL:0; RULEID:; SRVR:MW2PR1501MB2060; X-Forefront-PRVS: 06628F7CA4 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(396003)(39840400004)(39380400002)(366004)(376002)(199004)(189003)(52294003)(86362001)(52116002)(5660300001)(8936002)(3846002)(7696005)(6116002)(8676002)(6916009)(16526019)(6666003)(69596002)(48376002)(76176011)(68736007)(316002)(186003)(476003)(55016002)(50466002)(51416003)(26005)(2361001)(53936002)(25786009)(97736004)(47776003)(16586007)(2351001)(2616005)(956004)(33026002)(105586002)(486006)(575784001)(50226002)(478600001)(44832011)(7736002)(386003)(2906002)(81156014)(21086003)(81166006)(5890100001)(106356001)(446003)(11346002)(66066001)(305945005)(59450400001)(15650500001)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:MW2PR1501MB2060; H:opengear.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: None (protection.outlook.com: opengear.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MW2PR1501MB2060; 23:czcaFXaB5Az5PyVRO1JgRssQ7AKZaLKqbKIrlEx?= IVf38ev5bKu4N2ynZaorq79l286bWjioGVuSpS5QGivnIunc6gk9RxVQ4Ji+PdS2tvOCjdmp/+l1KZhSqPSl7Gj8piIzMzBSfnnAng60B8EBjTI+VJbmhu9MhOhWzByE2g0jqCCuOWO2TY0Ir2FYruGE1PyoSCWl+1taBQedUDncmqoZoHVC+o+7XMzwPfvR9AA3MqmIQBSUVQRt6XacYmMYN6fMQDoAbvho4rQCHGN0oXkqS4Db/exZa8JrCOVsj5RjBqe6/zLGmYSBNh56VTkwdwhIvU8R0Iuc3tZBOuUlMYXmuAn8BZvVpGmMmjR1jk2Vlr/hzRfsYcHkEQQwck3/jocTs1Tx1LduPHtqR0BLpFAbwa6YDYxqiArTV+uKKd+tBfTCyM7yyg4P3Hn8upkhbI3iN1zyAKU1X6WOsydj9V3YXqQgnrq6Mfk9S1TwHv21ejegL/tAJ2U4UXGu0EHAncWBej8Vh7Cx62ax6eu17KLPGWZpn4TK94X4AdaOQ0CwoJnhrHNhcSrwlm0WYbrAzdA5XAVKUqhsAnBNgrxRR9zMpocVuRWvJk9CNdjHhE70vl4J9CvqrR08DY31TrAN0qZGmXZNqkvkdQNLpHGyVX+gfPL4qeX8B6FCzDc7ni6psXVCLuVpMaU/qHUAdwgkZoYHljWCK0UFbLylz8Ql4T7y2BjwJYtfEzn4VUbCQpFGWuzgdz/sEeibOPrm8odrNM2gPQMdiOrNW4QCuHB9JdUUDhLG4BwV+zLeOaS+wC1EyHPsMKvSJzQUMVbp/mtAHp30XM2V+1PfqMl1XjvNYkW9IWQJOVBhUClcMz1s+9nIX840FAsY6oN8X4jZRC6xEWn1aLTPMLZcQ/DjTR+inobwEYz6vNxmTOABGChNaYP7x+vVFe/mQob0DF13+PkkrUYcTgpO+Vyx/kAn5Ox1yTzbbTqoHwiCU7hQkg1fXF1MMnLFYlWHYaZ+QYcgI3ExLIOudLeiTFTmHf3bSbPjn9oUpEikLn3dSvZTJNtPTM7k6Mnmxr4PEvPhFb63Z1BP48xQ/mV0wEKhnTyqF4VvUhqQ4pCRC0fGQjiuOTDd4w9VxUp7vz/N87mVDXKgN2p7GXc0Z85QSd5SiuBXIce/aJ342EYw5yAhp5XCl8Sw4KUsuAfxeGZprICOfxPmkcr4rqCbUhn3/PlCZsakNbKJLmjervJ9umOdH40b30n/L4B9fvWZAj0sEDfqSRoyyq1m2DeIXEtFk5j7YnpBFIrJKzlovFGBvNLKGvC21LXHqvXin+b1gacU0Px4Q/dMJQT+MnogU6aMYkGnYieNtqWSbUfMmijZ5xFBb1E5Glt0RsZoIyuq4PBQxPn6MV1/XXbcX X-Microsoft-Antispam-Message-Info: KepQu8KnUI4/vwiuhC+7DYRjr86zXBJxKsBACDvdZ6NpdBpknPm4WJ+v1HwFdKUG1yxEOIOMCLb1aom7WDntgmYLKbkwpiTtsbobxMjthqtjujEOlaceCAhK7j1wiyWCuuukgI19Axz8fwZhwJlTKD/RbhkU1r29gSGWQy8eVvUIBLpRccQ2pket4igo0qnt X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2060; 6:PxGIxYBaOjbjnNphWLpGLnyxxDsWA9CFFNbPyMd3kLKLdsRBsPCroWU10SxtpZK5qS729TXX5rQ2zu7dEyTGkk6Rhm8Ff2ctvwP0h0Ij/USiUZoDmVzyxSpq2o0Kv2RcofpkcBVM46i0ftjWnTyVr8+3Vhrnq1jjuKRiBbVWEOjrZxNHftphpxHeJERmAbshm0BiC+4X5HzlyQbIwUX1t6X52W8pXiZFOs65EoC0NHrwAAgj6RNfVoiWx8Z4SAA4+PTZIkDwJhU2hOP1cNkL+4bXAyB1vEAi61ghSB9DMoaX2j1miibUgNvnqMzIE/AiYkyiI8I5qTNDE/A27THATOKbJJgiWiwgnVjLSnwi9QmS59/Fz+BkuYlK7IlOCBMgdGR0TNPboHTMxPu4xOzuP9jWtYoNiJfiJlueaaxW0izwqYoRVilAD0JDiwcuS+HLOc15woLiyuJ7nY62ihKmuQ==; 5:wf3pbED9dwqwhRKd5AaDontlK0kaup1KgcSvzIb02xmeemoFQEwy8C8oTmUTJUHcOkIRX5vw96Hco4Eh1koh/nDv9oBkNb6NRvItAzDGEDn/bs2TqkYwzSORuODq9QC9DvmKlazpwAn4p+hOwM30bK+L25LMhKTLoznAUBM73PA=; 24:eOM6N19G4WY5HMfCQ2Pgpc54r3c3m+HdOIOOtVB73OUExDMa80gd4fb5GL8HyO8CRbb0VlNx/fDxD7Eh4ILlGI1s0Z5mdYOXWSq1VR0PCcE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2060; 7:V8itYAbqiSzRtP5GrGfs9P6yOGWPz2EyfAS26Fcwvm5d75DV6mZRmmPXGRIMPVC7dCAgCYaEc4DeynZkth9G3lNNp4CD4tRBq5jU3xxMU6bdgAqSsOVJYTcKNbFwOc6LMMOF5Z8LX43fHGTguXJIybpeLu/Z6qqhblFGe7OyB+VlZZxwyJv9oNdK05Ur7UUayofFmlsKeu+EHaogo2yNOLcc9Q0HpJqb8B7RqnH4pY6zcoc/dNWzI+NVxQWBeUoe X-MS-Office365-Filtering-Correlation-Id: b9953934-502f-4483-ffa9-08d5b1601ed6 X-OriginatorOrg: opengear.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 May 2018 01:41:12.9551 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b9953934-502f-4483-ffa9-08d5b1601ed6 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: a6251c26-d21f-4164-a225-1f4eaebf5f9a X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR1501MB2060 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Signed-off-by: Brett Grandbois --- test/lib/Makefile.am | 7 ++ test/lib/data/security/cert.p12 | Bin 0 -> 2469 bytes test/lib/data/security/cert.pem | 21 ++++++ test/lib/data/security/key.pem | 28 +++++++ test/lib/data/security/pubkey.pem | 9 +++ test/lib/data/security/rootdata.cmsenc | 17 +++++ test/lib/data/security/rootdata.cmsencver | 41 ++++++++++ test/lib/data/security/rootdata.cmsver | 31 ++++++++ test/lib/data/security/rootdata.txt | 2 + test/lib/data/security/rootdata_different.txt | 2 + test/lib/data/security/rootdatasha256.sig | Bin 0 -> 256 bytes test/lib/data/security/rootdatasha512.sig | Bin 0 -> 256 bytes test/lib/data/security/wrong_cert.pem | 21 ++++++ test/lib/data/security/wrong_key.pem | 28 +++++++ test/lib/test-security-openssl-decrypt.c | 82 ++++++++++++++++++++ test/lib/test-security-openssl-verify.c | 103 ++++++++++++++++++++++++++ 16 files changed, 392 insertions(+) create mode 100644 test/lib/data/security/cert.p12 create mode 100644 test/lib/data/security/cert.pem create mode 100644 test/lib/data/security/key.pem create mode 100644 test/lib/data/security/pubkey.pem create mode 100644 test/lib/data/security/rootdata.cmsenc create mode 100644 test/lib/data/security/rootdata.cmsencver create mode 100644 test/lib/data/security/rootdata.cmsver create mode 100644 test/lib/data/security/rootdata.txt create mode 100644 test/lib/data/security/rootdata_different.txt create mode 100644 test/lib/data/security/rootdatasha256.sig create mode 100644 test/lib/data/security/rootdatasha512.sig create mode 100644 test/lib/data/security/wrong_cert.pem create mode 100644 test/lib/data/security/wrong_key.pem create mode 100644 test/lib/test-security-openssl-decrypt.c create mode 100644 test/lib/test-security-openssl-verify.c diff --git a/test/lib/Makefile.am b/test/lib/Makefile.am index 9636b08..047fcb2 100644 --- a/test/lib/Makefile.am +++ b/test/lib/Makefile.am @@ -25,7 +25,14 @@ lib_TESTS = \ test/lib/test-process-stdout-eintr \ test/lib/test-fold +if WITH_OPENSSL +lib_TESTS += \ + test/lib/test-security-openssl-verify \ + test/lib/test-security-openssl-decrypt +endif + $(lib_TESTS): LIBS += $(core_lib) +$(lib_TESTS): AM_CPPFLAGS += -DTEST_LIB_DATA_BASE='"$(abs_top_srcdir)/test/lib/data"' check_PROGRAMS += $(lib_TESTS) TESTS += $(lib_TESTS) diff --git a/test/lib/data/security/cert.p12 b/test/lib/data/security/cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f5ab0739240e9dc45b14b956514c3210dd390b0e GIT binary patch literal 2469 zcmV;W30n3rf(fAl0Ru3C31@y={IM282wLQS$dW66 zKI=2N$mWvjs|PQpVhgX)Cltcjbs5;8;vcRwA>G62F5=hVJb%mWFMp!;F_>e60AGn9 zQspL>k46~KFomMqSKhE*uy$L$`+q12O zk5a>?r_Zf?lcD8vFzPE?LrNMagqo|kSv2HiyrBtQqs>Wz>n}AeSL`EAWB-m4ijD$^ zFhEioyh8($?+>;rYlp;6yo-YsDZ!t!5sdp$@fDykR`hnahjDG+7Fe-GUI1LpGk_y- z{oI)xLrvW~@0a^!527XQ=&BRXpFw zN8bR?^1^Zc+A!doY;45x&0ZTbYhE#HYMZsPO=S?mpU<#+>7opnS-zmK0kuv9jI^M- z`f9$Oe)M=AF;nbANIjPsqOFL9YZ7qO=Xy{_$SuiqCTcwJxe18NeMd^$a+*%*=X6K4zUT0rLrgJevVhko}U|oSxMq z%vK&52dchC=<3W=tK7=Mx0jm5qWM2rfd7%tbvgz05$2dnenEKyL~L(%;`}#qaNaG` z`Bc(mw!eEbk1V2b*QSF<^22sEBCTrKPWoa>2JKpc4JbvqoE=5(e^}g_r}0pJoLtlb z%?AeR2diQ6QrxHjC92ZzT;^vV5g0+{zMl$n-+%?qAE<9Mby7Ot)by&pC*j7h*2P{y zDx9vDWUnk`m^gj=d-!4)P)+z$H==+=ze~$)?xtUz^fM;)B8u)0xWBMt76)Gr-0F6n)FvLluvGsJ z=@h3~kb2Z8yW7>H@+TfUPrtOeYt9Nx9iS)w@~PDTuJmNVFoFd^1_>&LNQU-W38DVG>j zad2j=44TIccmm}qTggWo0IcTmX;goS|N6c6x9k~eRA#MqWb4$UJIZt>5MJVRYw(V47SM6M;ryaP8&GvR_c(?1!;$R>JW@J17 zHG+w`?KdWRyxba}v;VL$X{cC8p1{~ng(FIL7&_Ehw`XjKN)Lhsf>2PY60G70$0e{g zo7rcUscQSGgpt@g_!TqLYik1%kstPfr%LKj(+!LL3VYRacZtsxD=lGd1#y1KfJh+iE`> zc>*prk_997>RYOo`b1ubH?L4!hvwZHt(TN4gpH1=&a5m>vWfv?2xh;j$l^K8!)bd2 zMHb2Jrl5v==Gvf(3_2jFffbt4sKMrW#36!gMuZu7*t9R2*LB-*G6cnWf(Pr^jkj z?#D+sO(MpKDoH!c@|E+VUZu}DRe~0AA?NfFfsAKB6h1NLQxVPb_ez0IA)0LA6#eDj z3#V#H#sPC@4koMfb0GKu=)_0h@USWmT$edh{mYfv_@3q^_9{?h!H z#f%?#$5)c!c`#~wkBHW_7QPoVyBCJw%4blOwDJw}4qCLo62yoZ6!Kf2yka@W_i=XQ zdktru;H~pEU76cHD*e$B)fl*(p@xbEFfBt6!vBRVkxdyreCIiR3^L8m1qfeR-hZC3SzD$sQAZllTPqn9nAMH-dzglwGjvCP$=Qzi`%08Kj# z``~lGME9?Djw8v3J-#h!`6?m1zTL!>wlY@6*qgE9olU4wEmZ2#Pf&$wz&}`>0QRao zazL_;`N`#hx4JwWQ%bI-442}!uSNDLCK?Ng4L3E}*kjnFac=IFT*Mkn&r$dd>o;Oy zxLU00B!9hcO9fln-)K8k^i*7!?$3p8B+MC@9#wa)8RoI3S<&_Yv~IU3y)n{lUU0TQ z;{|480^Z!tQC*7Q=ooSQUS!RfE!U29@l!d{h9Qvi5CdD|(|n=qFzleUnG8V;a`d>+ z2JRy|L)W`7z)#S(@duzwu7MA37-pIzqI?c1>Wyr$1qYc6wrj~Z-D|cu;iuyZ4{^g% zDFeda;Pzp(PS$EBsXDDl?!UJX+5e2C=lFA+vhk1WXG0c_n0I|$8Mp2A#KL!2Hk!{| zAoW#Ez8fuL;{|t@0$nWa#bFL*m=l~sTA^;FBme?2h{*-xi`GL_ATifXUexm&S#OYf zHk4~4xHNRCZRf0hGcd0ND{NlPd@C=s4+&*<;vPv|sr}G@QMz|C8CKm_k`SV!>5t|C zx3D$p6hv09qabd0R-~E)FzVbhl&DlB7Cfev&Q>irNxY%8fK~$RIDl6e`cZ-fB?H?b z^wi3gN^YL_QlRQ5(d_V8EX(X*ARh&Rkl|progJpO>m-f`0u_`nX(}0NK-!#CGb>}KPOCnsI;8l!jk^DlssX~@JCx!sb_ldPG=Tb$GyW}h=yfax5!3~rZgG7@Nzi7NkbS^y90?I0ltEMNCf#(D*`D$vrOW`&$(^h&9Y@u zLQiE6^cZbB#Wng~y$OXAPZ^|=^vS{y_<5;#{c!o`r3JfpxU~F!56?N6Hm|Y#PfS+i zeAEt_FG7$Rx=;k}AiEiZ;|Y6X$6KW14*P)TOtg$#{I4X5I^>VHT>VF|{GfU5Kiv`i zMNM|JWjEsE;d;WUDjr99&sQOmY_3xdECGDYoW_XQc@&}l0b4st Gg+}v?p@ZH4 literal 0 HcmV?d00001 diff --git a/test/lib/data/security/wrong_cert.pem b/test/lib/data/security/wrong_cert.pem new file mode 100644 index 0000000..f33a586 --- /dev/null +++ b/test/lib/data/security/wrong_cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgIJAODEiSno23BvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MjM0ODIwWhgPMjExODA0MDIyMzQ4MjBa +MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDRZOnMMFLyDGePJlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGy +WPmJcZEBDv022qnluk3ciskyzgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+ +RWchOckKWh4/OsS3hFZzoWQTy9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+ +WjLuzxXnvOA6naReVnJnAtXkp8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ys +U0gbv3UN2Q9wyxK3rIPVFhFWELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t +0HZao63X6ik8Md7+z9iONNq1xLwtuXWPAgMBAAGjUDBOMB0GA1UdDgQWBBSMwUJt +EbdE7xr2KlW9cXfVOTfIADAfBgNVHSMEGDAWgBSMwUJtEbdE7xr2KlW9cXfVOTfI +ADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPHj82Tu8eeVmGUY+F +2dYZ67+T/7tdMsmNx1li4tSp0Al074+Yo1qRfWl9BVb/k2q70BUmsdLm0ZT7Ua0t +xluPc51DPW78KdLa1N+QOaYkyBA1Cc14W0nc1cE8FHe79O48lmw2Z1jWzEdZVL+Y +4XUl6bKm2I/H7bADyMT7nlpkmkDZ2jHWZNf8FGbI2LZK/E7ndXSnmLWn/OQd6H/5 +yJ8SpwtayBi3vg+o3rGULQ5OvnMUxVEz8n+Psl5I3OHRy5048ThP6cjz79HbUtQA +5Q13ja4bDiQ1CVAAS+tYddERBvK3ApmD+QYtPIHERQsJK42bCQicbayahyxei+4/ +hYU4 +-----END CERTIFICATE----- diff --git a/test/lib/data/security/wrong_key.pem b/test/lib/data/security/wrong_key.pem new file mode 100644 index 0000000..d8bc6c7 --- /dev/null +++ b/test/lib/data/security/wrong_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRZOnMMFLyDGeP +JlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGyWPmJcZEBDv022qnluk3cisky +zgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+RWchOckKWh4/OsS3hFZzoWQT +y9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+WjLuzxXnvOA6naReVnJnAtXk +p8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ysU0gbv3UN2Q9wyxK3rIPVFhFW +ELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t0HZao63X6ik8Md7+z9iONNq1 +xLwtuXWPAgMBAAECggEAWHfDU9LC6KMXCeMPHr/aYRDpVAB2OUA/tEPvHIW8Y2cI +p9QqnOTzo092Nny13/WeRBPEnlvFU72LXhytL+xbD9YHONhdG7r0qF6yhmvZNAbp +RGZdCoscI9jcxqvsZaRHjT1eKY8PG5F/f+Gn/s6+UUnFCSuw8zQsv4fWzMMqqpmO +jB+2y8jva7uwavKKlblcWHapgO2pgVOsaqkIWBRRKOwH55bjze7SglKblnmt5LMN +NH0wSTAVQS3cte4UPhAYkQy5xYiVo/0MjzBWlpgmWK/oHd1ZWkRFDEDArKgE3Io9 +3UwOUu94GlxZs6r9F6R0Rl9lsc+AOArGMaXIG7t/QQKBgQD6+mrgBgYHqbLKmRcO +z4ParRS6DU50nWl8N6gSOk8um7NCV2wyTg7OZkEdq8lsjHQgklrDyuCBpPNz1feI +EqbhFw1B2t1EEr+IfnU/HZ5j4iTB9uQx/gaMHxdwWBYKnkqDwnzZhgIbyf4NSn/P +kSb+ihqKnsSiG0n5TQS4+cmR7wKBgQDVlX2WQ1SIfwjV9BO1/X6Oi7j+EZ1NjuW6 +6tjvIfzaHK6AdEIep5whSHSMMzbTIANcBMojRjpsdCNMsqF4zOQkjuQ0fXwTEfHw +GoJPI+qPXd8amAEtMQ5XWK9TVQytCL4jAxZc5M3iIrEsDS80nWD9My42Mh6N2e50 +01ea0zt2YQKBgQCOQMW2+HMOgNcAEkmJcYFQvu2Sjtw7KMWTTJCM1FPxHPs7zQVc +dfXacwbRZH8kcW+Yzpt3glRB51a9/zbv/3Jq/n/bJcxoOyAoo1SdU5JlFtaywdeR +pmPbo/vLB4JmvlWJ3QCa4mPrkE/ZBLLw2Vr6xxhIHbliEImbLlZQ6fOgLQKBgQCl +W4aOtnQU9V0u4Df+d1LrI4vG0HZb3J1JuJbZlRPA/eGwO9IRD60WK5VoEiKJFEjl +jiO9aZrD6qqFr+rJrr+W+jX92YUc8pDAVpW6ldD8zC111mdayJcU0ulyd+9Ha/Rh +APvoUZCAWmGW/GImtw2nGl/Vv7neEvLF6fXyPUXVIQKBgQDGxr/VNXQIarrwt1fk +dzqs1JzaRkAwlJ3PYGKW1fqUwxl3BGtkFcK71XFXmN78snwoHNZxEPM/khtoKCZ0 +Oj0pEvUO6+BYlXkgWM7RZAgJxds87q4/9y8qNYEBeaB0p6zqMY652Tr6j9hNFk/o ++G6xXoQYGyrAzQB5EJgSNAWDQg== +-----END PRIVATE KEY----- diff --git a/test/lib/test-security-openssl-decrypt.c b/test/lib/test-security-openssl-decrypt.c new file mode 100644 index 0000000..07faf26 --- /dev/null +++ b/test/lib/test-security-openssl-decrypt.c @@ -0,0 +1,82 @@ +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/" + +int main(void) +{ + char *verify_data = NULL; + char *compare_data = NULL; + char *filename = NULL; + FILE *keyfile = NULL; + int ret = EXIT_FAILURE; + int verify_len; + int compare_len; + + pb_log_init(stdout); + + keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.p12", "r"); + if (!keyfile) + return EXIT_FAILURE; + + if (read_file(NULL, SECURITY_TEST_DATA_DIR "rootdata.txt", &verify_data, &verify_len)) + goto out; + + /* first basic CMS decrypt case */ + + /* + * these calls overwrite so need a temp file + * copy_file_secure_dest is having some permission issues + */ + if (copy_file_secure_dest(NULL, + SECURITY_TEST_DATA_DIR "rootdata.cmsencver", + &filename)) + goto out; + + if (decrypt_file(filename, keyfile, NULL)) + goto out; + + if (read_file(verify_data, filename, &compare_data, &compare_len)) + goto out; + + if (verify_len != compare_len) + goto out; + + if (memcmp(verify_data, compare_data, verify_len)) + goto out; + + /* check an encrypted but unverified message fails */ + unlink(filename); + talloc_free(filename); + + if (copy_file_secure_dest(NULL, + SECURITY_TEST_DATA_DIR "rootdata.cmsenc", + &filename)) + goto out; + + + if (!decrypt_file(filename, keyfile, NULL)) + goto out; + + /* got here, all fine */ + ret = EXIT_SUCCESS; + +out: + if (keyfile) + fclose(keyfile); + if (filename) { + unlink(filename); + talloc_free(filename); + } + talloc_free(verify_data); + return ret; +} diff --git a/test/lib/test-security-openssl-verify.c b/test/lib/test-security-openssl-verify.c new file mode 100644 index 0000000..4cbf160 --- /dev/null +++ b/test/lib/test-security-openssl-verify.c @@ -0,0 +1,103 @@ +#include +#include +#include +#include +#include + +#include +#include + +#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/" +#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem" + +int main(void) +{ + FILE *keyfile; + + pb_log_init(stdout); + + /* start with basic pubkey extraction */ + keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r"); + if (!keyfile) + return EXIT_FAILURE; + + /* first basic verify case */ + /* assuming the default sha256 mode */ + + if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + /* now check different file */ + + if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + /* now check different signature */ + + if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha512.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + /* check CMS verify */ + if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdata.cmsver", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + fclose(keyfile); + + /* now check basic pubkey fallback */ + keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r"); + if (!keyfile) + return EXIT_FAILURE; + + if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + fclose(keyfile); + + /* finally check different key */ + keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r"); + if (!keyfile) + return EXIT_FAILURE; + + if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt", + SECURITY_TEST_DATA_DIR "rootdatasha256.sig", + keyfile, + NULL)) + { + fclose(keyfile); + return EXIT_FAILURE; + } + + + fclose(keyfile); + return EXIT_SUCCESS; +}