@@ -25,7 +25,14 @@ lib_TESTS = \
test/lib/test-process-stdout-eintr \
test/lib/test-fold
+if WITH_OPENSSL
+lib_TESTS += \
+ test/lib/test-security-openssl-verify \
+ test/lib/test-security-openssl-decrypt
+endif
+
$(lib_TESTS): LIBS += $(core_lib)
+$(lib_TESTS): AM_CPPFLAGS += -DTEST_LIB_DATA_BASE='"$(abs_top_srcdir)/test/lib/data"'
check_PROGRAMS += $(lib_TESTS)
TESTS += $(lib_TESTS)
new file mode 100644
GIT binary patch
literal 2469
zcmV;W30n3rf(fAl0Ru3C31<cgDuzgg_YDCD0ic2jSOkIzR4{@GP%wf72L=f$hDe6@
z4FLxRpn?PVFoFa00s#Opf&=Xa2`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=wDL4$
zHj<(E0s;sCfPw?Se&ugA-t`KD(_DF(Q}h~yu(WV`HWwJSdC4aUZwJx-Hc_57;80JF
za^Ep!NKkeL+Qp;z85_5doy19Uxq#$Geu&*?)GbEjp@Zw&J>@y={IM282wLQS$dW66
zKI=2N$mWvjs|PQpVhgX)Cltcjbs5;8;vcRwA>G62F5=hVJb%mWFMp!;F_>e60AGn9
zQspL>k46~KFomMqSKhE*<trH3P)94XyF0)|a3L7&o6|d=aK=o-5+Y6cJ{|{=CbV?6
z)~E?Yt}tnX-xu=+O#6_F&Jm}QD4lBc11E*hq2SZl_ddVU_nq2jL1f8%M9q5jvXn=~
zH^~sP(~g)Wdpi4)c}orF5+7jIS&C}%WO%H0=uEeVJ{pXBkz?w!=Aq>uy$L$`+q12O
zk5a>?r_Zf?lcD8vFzPE?LrNMagqo|kSv2HiyrBtQqs>Wz>n}AeSL`EAWB-m4ijD$^
zFhEioyh8($?+>;rYlp;6yo-YsDZ!t!5sdp$@fDykR`hnahjDG+7Fe-GUI1LpGk_y-
z{oI)xLrvW~@0a^!527XQ=&B<LHg`jNs<lm^tO=d6MCwp_v-SC&O;(GjuSeJ>RXpFw
zN8bR?^1^Zc+A!doY;45x&0ZTbYhE#HYMZsPO=S?mpU<#+>7opnS-zmK0kuv9jI^M-
z`f9$Oe)M=AF;nbANIjPsqOFL9YZ7qO=Xy{_$SuiqCTcwJxe18N<?9*4*G6)Nvd`6S
zVHJ0GCOStUv*@iI!vy+xTP9%8T>eMd^$a+*%*=X6K4zUT0rLrgJevVhko}U|oSxMq
z%vK&52dchC=<3W=tK7=Mx0jm5qWM2rfd7%tbvgz05$2dnenEKyL~L(%;`}#qaNaG`
z`Bc(mw!eEbk1V2b*QSF<^22sEBCTrKPWoa>2JKpc4JbvqoE=5(e^}g_r}0pJoLtlb
z%?AeR2diQ6QrxHjC92ZzT;^vV5g0+{zMl$n-+%?qAE<9Mby7Ot)by&pC*j7h*2P{y
zDx9vDWUnk`m^gj=d-!4)P)+z$H==+=z<O<{P5&2qr8k|P`0d2{Ev|L)atE;qtdi@A
zuwf&Nm5+8sz?JD3Y9oBB)mBW0Az(eyY0!6hq+DHbnfqQ{&=0@=4c9;0zilPM&_Sdv
z1!F^<^k@o&Dib$Gpd%fT>e~$)?xtUz^fM;)B8u)0xWBMt76)Gr-0F6n)FvLluvGsJ
z=@h3~kb2Z8yW7>H@+TfUPrtOeYt9Nx9iS)w@~PDTuJmNVFoFd^1_>&LNQU<f0S5t~
zf(0@Jf(0%xf(0rtf(0f93o3?4hW8Bt3<?1Ppn?SMFoFc?FdPO7Duzgg_YDCI0Ru1&
z1PBB}VpGvFezF1r2ml0v1jrMtJ=E*p1TfW$9&P{b8qqmgg`0bA@#6n+>-W38DVG>j
zad2j=44TIccmm}qTggWo0IcTmX;goS|N6c6x9k~eR<!Ud3|mdDc&;KiAYG|J`Nb-<
zBxtGf!JZt>A#MqWb4$UJIZt>5MJVRYw(V47SM6M;ryaP8&GvR_c(?1!;$R>JW@J17
zHG+w`?KdWRyxba}v;VL$X{cC8p1{~ng(FIL7&_Ehw`XjKN)Lhsf>2PY60G70$0e{g
zo7rcUscQSGgpt@g_!TqLYik1%kstPf<K^m_uMKc=;qrOZ{)<ypHre4^U8TTaheYlB
zEgu3%w+U~fh@s4U98Jr;l9Zp(`>r%LKj(+!LL3VYRacZtsxD=lGd1#y1KfJh+iE`>
zc>*prk_997>RYOo`b1ubH?L4!hvwZHt(TN4gpH1=&a5m>vWfv?2xh;j$l^K8!)bd2
zMHb2Jrl5v==Gvf(3_2jFffbt4sKMrW#36!gMuZu7*<KH6Kti)`#;{eF&EW@}Hxyo^
zG6N_%TMl4jv*?s*YNyNT$qSv4oah_nHqyUeK8<90F=>t9R2*LB-*G6cnWf(Pr^jkj
z?#D+sO(MpKDoH!c@|E+VUZu}DRe~0AA?NfFfsAKB6h1NLQxVPb_ez0IA)0LA6#eDj
z3<Ue_lkKUm(+->#V#H#sPC@4koMfb0GKu=)_0h@USWmT$edh{mYfv_@3q^_9{?h!H
z#f%?#$5)c!c`#~wkBHW_7QPoVyBCJw%4blOwDJw}4qCLo62yoZ6!Kf2yka@W_i=XQ
zdktru;H~pEU76cHD*e$B)fl*(p@xbEFfBt6!vBRVkxdyreC<z3&y!B3C0PJE{Z_a=
z&Q!6>IiR3^L8m1qfeR-hZC3SzD$sQAZllTPqn9nAMH-dzglwGjvCP$=Qzi`%08Kj#
z``~lGME9?Djw8v3J-#h!`6?m1zTL!>wlY@6*qgE9olU4wEmZ2#Pf&$wz&}`>0QRao
zazL_;`N`#hx4JwWQ%bI-442}!uSNDLCK?Ng4L3E}*kjnFac=IFT*Mkn&r$dd>o;Oy
zxLU00B!9hcO9fln-)K8k^i*7!?$3p8B+MC@9#wa)8RoI3S<&_Yv~IU3y)n{lUU0TQ
z;{|480^Z!tQC*7Q=ooSQUS!RfE!U29@l!d{h9Qvi5CdD|(|n=qFzleUnG8V;a`d>+
z2JRy|L)W`7z)#S(@duzwu7MA37-pIzqI?c1>Wyr$1qYc6wrj~Z-D|cu;iuyZ4{^g%
zDFeda;Pzp(PS$EBsXDDl?!UJX+5e2C=lFA+vhk1WXG0c_n0I|$8Mp2A#KL!2Hk!{|
zAoW#Ez8fuL;{|t@0$nWa#bFL*m=l~sTA^;FBme?2h{*-xi`GL_ATifXUexm&S#OYf
zHk4~4xHNRCZRf0hGcd0ND{NlPd@C=s4+&*<;vPv|sr}G@QMz|C8CKm_k`SV!>5t|C
zx3D$p6hv09qabd0R-~E)FzVbhl&DlB7Cfev&Q>irNxY%8fK~$RIDl6e`cZ-fB?H?b
z^<JYjL4f0VL0Xs{EE_a;$X|>wi3gN^YL_QlRQ5(d_V8EX(X*AR<r3GaQHC)kFe3&D
zDuzgg_YDCF6)_eB6ioyHt2IqIZ)ia8kxE|ogcDV|@-Q(lAutIB1uG5%0vZJX1QbFZ
jv(816BdjU30t~*E{9?D=iR=Ujk|Gr;Q0meg0s;sCIf#{U
literal 0
HcmV?d00001
new file mode 100644
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIJANnp/7YAvOPVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MDU0OTQ4WhgPMjExODA0MDIwNTQ5NDha
+MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCtMrdZYW7AU+padBPNapi8q8+mJ9K1dgV0C3Nt+nNfObKbCLqvLxoa
+qCSTRVpgPkHNV/KZdvQrm00ZVSH4yFYEqYxAU3c4n8yWahn9wx/AKhuMaA/S5o9p
+tYgR1C5b5Kn5fmBb4aFV+ZoTioz4xj5s6cEfQB+kTEh1W7BIkTK1oWHYm9SdEj0h
+MylE+Dhu9nYtv9gVTzosRB+VGcnTAed0ELK8GHqeKfIaJRbbCoWOIMClxnztrQTZ
+i6rQ25sLUB1qYbLtyKAlv5RZ28t+AAmR2NkIC+qi92Lx5AqOym/Yi9MjyUMp0OUn
+CDLkjXUxgw8oZWMmeCp8yJWm5GmPu49pAgMBAAGjUDBOMB0GA1UdDgQWBBSXTekb
+Cvoyepyd97LaZQaTzCb64jAfBgNVHSMEGDAWgBSXTekbCvoyepyd97LaZQaTzCb6
+4jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCE10SC/toyRtTyggR/
+UO/LoL8SDBJcOcquiq9FYc/rhPRy4lGRxnl7He4h0FhlJZ7Qf1coijgJBuzG7zpU
+9oFK7QcSGeoXlmFiE1W+bnvB6jksOeAeVPYNaSkHd1dz10M6RnZLyU2/1wEtcmf0
+osS2Jbm2uHOpTLe3e3ngMdV1QUvdrcDtS4sR2Xn0KU/tq0ANfnCzy2vdsxneYU8R
+f6f5TTLaIssC3b4em7o6YV5w7hF4hi9mRRleGkIEgEvoMv9k9OENmglunGQh+A65
+rirWyhqIBik7RYx8Ds05XllHg6gTNIbnB++DfpZWGShJRKWqEJU81lySn+Cjny2b
+CWXt
+-----END CERTIFICATE-----
new file mode 100644
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtMrdZYW7AU+pa
+dBPNapi8q8+mJ9K1dgV0C3Nt+nNfObKbCLqvLxoaqCSTRVpgPkHNV/KZdvQrm00Z
+VSH4yFYEqYxAU3c4n8yWahn9wx/AKhuMaA/S5o9ptYgR1C5b5Kn5fmBb4aFV+ZoT
+ioz4xj5s6cEfQB+kTEh1W7BIkTK1oWHYm9SdEj0hMylE+Dhu9nYtv9gVTzosRB+V
+GcnTAed0ELK8GHqeKfIaJRbbCoWOIMClxnztrQTZi6rQ25sLUB1qYbLtyKAlv5RZ
+28t+AAmR2NkIC+qi92Lx5AqOym/Yi9MjyUMp0OUnCDLkjXUxgw8oZWMmeCp8yJWm
+5GmPu49pAgMBAAECggEAW1VjWr8GqGWYMBsGVkzgPp5b4kMd2pNiTM+9D0IDlTPX
+++meiMNOAMCqiP8Jqbcq/B5k0IjqOhSrk7BROeBrfAns6/8X38RlHuzUx/0dwThz
+TpeRwKXU+um/16cMy2jKOcdrCQjzC2OU3Lkznfzs7oJWVSR7iyivDTRMwffPxfd1
+pbnlx6OfKpAniuI3QGNiAYzdSVN8Wmkma8FS5OcjsaKdyTOo7J2+VvXhQm72POmx
+ZhAJNph3obb6nhq00xjzrFrR+/tdreuyPlfoT6ceCVq4FdRImFHiNpIBDMPXoFVj
+1Bp2qb8IJ7p6IarnrKu3jMlsEYBhpkzXbw9KwCUwAQKBgQDmaiPBy7XLMWvesjOq
+9zx902r40vabtjFYvN5kPx201vILw+vpvEp0g7O2JWAnzSmLrVIstIO48+9gLhkD
+kR/ewV8UJLz9Z3swCehEzZcNvdpB0I4U28fq5/qEvcYjYRJES3O35PsKA29ho9xZ
+HeWYKwtf/nqfs95oN+ST8Rt3lQKBgQDAbh3qCTtyTj4mV+kKXe3dDptH3XsvMBtN
+zQiuTUxuKd98c8c3hG5XvtORmKB3B1286b9XSQfE1DLWVNqhF/P8uX7XB/+YAf2E
+POnCISAcp3w1rAWrQUzm6NB1eFQlzHmG89fVqtZvPLQQGJhjfLdFRHSdB+XvAILY
+ms0nhSTzhQKBgBWwXgdK/qTO1SGUUqrANRB/Cy265f3IS6LXvHNhQZGZPhV/bsCE
+udl34D3ADOoSNNvyB68vmsqZI6pBDJe6XG6icym5P5T23bCq7hMz6wkfGuFhGU67
+VXk2Nu2x02nXJFoLZCwmQL8zjZN6Ui6NUuRdAOgbUz2fN8tFn52Rb411AoGBAI65
+HbbX4h+FqNMHoPDvedzbWJCU1SjKpXWu/SFKc8XBiODlfnzO3Ih4ILN8YIfoDr5v
+IFu87uYt/Qa7KO0StwRbEJisdgZoc4ABLd+ucgLOtnGYhRvf8wnQ48w80yy12+0c
+LplrfGBExciqdVxUxBm8DEHr+b6qwmGlb0RAnIeBAoGBANOi/4XCX9n6qtjZnO6+
+hSzLbm4N6Qq70Xbs3iFbYgNHw3jHhXfzpSs6EA5ckEuC9d5GvAcSX/xh36z/EFOg
+yFDPWYPczM5C8b416yM6CMF+lj1vJe8hJowzJwqR/P2FxEko2iZ3f/7RufmWJc2K
+2OC5zuxDBAPWicetPA7Om8bU
+-----END PRIVATE KEY-----
new file mode 100644
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTK3WWFuwFPqWnQTzWqY
+vKvPpifStXYFdAtzbfpzXzmymwi6ry8aGqgkk0VaYD5BzVfymXb0K5tNGVUh+MhW
+BKmMQFN3OJ/MlmoZ/cMfwCobjGgP0uaPabWIEdQuW+Sp+X5gW+GhVfmaE4qM+MY+
+bOnBH0AfpExIdVuwSJEytaFh2JvUnRI9ITMpRPg4bvZ2Lb/YFU86LEQflRnJ0wHn
+dBCyvBh6ninyGiUW2wqFjiDApcZ87a0E2Yuq0NubC1AdamGy7cigJb+UWdvLfgAJ
+kdjZCAvqovdi8eQKjspv2IvTI8lDKdDlJwgy5I11MYMPKGVjJngqfMiVpuRpj7uP
+aQIDAQAB
+-----END PUBLIC KEY-----
new file mode 100644
@@ -0,0 +1,17 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIICBgYJKoZIhvcNAQcDoIIB9zCCAfMCAQAxggFuMIIBagIBADBSMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQCCQDZ6f+2ALzj1TANBgkqhkiG9w0BAQEFAASCAQCsmb7E
+zY1oXEtPezxcDMseUpu/HfBn/pjiQ0NzKcdDww08OOxYUdv7qkPrihwJwfYXtD5L
+6Q8QZNeHOafV+roTn4fEiiY4939djBo0Ytu2qqsywpYjeKzKZU6ZX4JKQe6J4vm0
+626a5sV+ISVdsNC+r/qIAVVAr3XQw/kfJ1iJKP9HT5xPaUFKbr0RtQxRZbm7IQYd
+KFyVyUY8qVhRHJ5g7oEskW0/CP75dq44Fdh66Qu09Fh5DH2M6H9wUgu1yynBDMB4
+Jxtr50yvHKJqfPZY+Lg8+8kY8Hlcs9oRuHMZyMhlOTKXJzRv80UygL/P86cwB4AD
+w1660F7sRbHm18omMHwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEKknxeNUs+Lh
+lIK7i0HZdlWAUDI4hezsKhFBQzYPOEBaar99QQkbmdTlnliJ6gChqq8ycYPykLaI
+263KVM2nESkEnhpVHNQ+mfD4T1dm2I0N2r8N27GROtrz1k9GxQctaKRn
+
new file mode 100644
@@ -0,0 +1,41 @@
+MIME-Version: 1.0
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
+Content-Transfer-Encoding: base64
+
+MIIGigYJKoZIhvcNAQcDoIIGezCCBncCAQAxggFuMIIBagIBADBSMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQCCQDZ6f+2ALzj1TANBgkqhkiG9w0BAQEFAASCAQA5XJvZ
+JlxDydkxLZdaXz75oYBacTiJclkyP+54wftAR5gGM7DmRhJ4eCs9lFUYLqc08GRD
+h1Apo3sGIdVnZO1oee+ToS3CO46WgXUUa6dbMdALKe1x3zYhm+Zm6h20uMQ+g/IM
+NecdJSakvigZVOH01IQ0NwOawp7wDPP609DBDsFECqWrHpwz2VmbX3nvIl56+dxk
+F01Iia/gXcWozjaBu9mMNxPlJqa/98e/Q40maBAqT/v2VPYD67U3WMlhhZXIeQX3
+Z6YsBHUHTWoUNATJ63UeIxXunOi89c80dIARLHlPZmvypbGS7Luer98CC3Dml41v
+I8+YEi/ssi8/DEzHMIIE/gYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQl1RNAsML
+fuffTDLYXaQ7I4CCBNCouv7aa724NOlKjGARkXNJoxUuHjmrrbTbnySjdQ00cUl4
+guuYQ6STtI/z3ZdyBAV+vqg61XxajTjkm1A3x28O6b7YUSzyCkaxXK2WYDMMQhKx
+owJ769WuYrtkL3XWpgkMjfxNx0NXff8UWZEaJ/WeqCXKDloFt60zGjPAAUQ3o/A6
+cCTk0hDftNTGv8QekG4ZK94ezGTaoZlVpLGXu12Clhv7prgHo5DZpb71kqYK3Jwy
+dEStlwX9kYUIsoGXrb1eSfomkVPeDtLoMpyX6Y7w+dmalO8nyuBsJHH4SqacMiRT
+KkcdPe1kkYP1a1YaB2eP37gefXGRRg21JGP9cGQY2jPwSQqL6sQX+pHfBPoBwLYO
+xMKVoS4DYseY07bdumTZ+Ytgvc2/M2SXs1HyVTDW8k1ggRN7Y6IuMQxwlRMTqvJP
+/Bi0fClsSsu3p0yvRLHGUm6I/Hy8gVb6SFAqTDXE1gGV1f5RDcWVG5xr3KdA2u5b
+E+gymQ72ySJKefyYWB6AHlzoBo3thzJwRWHnNpuyferoUGCDzBEQyEOgCLAaGNSD
+UyvH4ArdphNo5tWw6zzzONWpRMCme2LoWKwR7btvizwY57AV2YB6K9Qn5MK+LHyH
+zI2+2wqsvv7NfzsUHtqTv6W8ZsNApXgSHtZeqXY/dG/OU38ythP6AQ0fmxfiYKI5
+241Q/QmHvD2TDyxvSeObvFfgLy1e8svSS+QgJ7g9G0O7yWuOR4Q3SbRDmMFWTtXv
+RqN2oggLchVlIcstASQ02zO0zrg2xl9mx58pgO4KJ5oW4CTt3mz+cpG0VXXpHwUV
+a6nN/XFMKlvmFTt7bc/iRrObKqLoVczjSOi1EBqGjoxVxSuAw4SYVljatCoxXjvG
+j1mbJE9toShbuzsgzkHmtvL6WC0iQ/GNoZJZ5CKpvFnhdmik8Hm49tKqhhOo8wMp
+fKUcs/NK0MGp+hEjWh7gSw5fapaRelLsizoJMGtYNVrelRaumhQUURFJaCVl7jf7
+UmkWaYD5+UaoL+EfYFVWVWC6H9+WoZNh8KBb0CYzSCSwGGjFOpnAk3NTwIZ73tse
+WOTLt2ucK+1qbIO0804aBUeHLGPA81QCbNKeJHvC5SabCuefH8JEsYPCKIQsor96
+btrY4Rc0vIdZPF7EztbwIyxcFWuhLDY8NIJBSJjxT57cHvCpNJtrdWqrYbG1FBQe
+Id96MY/XkxOo/U6zt062kStTfY3CSZSQ/EiQO/UTJwiPG90+1HC1B3eWHBQgD/TZ
+WXRcUIlvj53i9la+ATGewPHboBph7b/b+IFVDmmt0nvbyOi2E+zA5DY89404cjgz
+AgPVxCu6gud2C6lITO10wNOourPhtMQYIeaGo/XG2MDPdJ3GCHaJBZ+zQmGxR7Pw
+V+bazK0Kzfz8chzy3htakfIpR/LQXdtasTppQqqB5fxKxGGg7xFgaBSibij1Jon5
+2lRe0stxbC9tGSnob5cN2VmSTRiV4b1O6rcVl8YHkKl3AxBs5mzhc7aWLnsm8AaE
+rtFwyBy5AB3E0ZDuQySi0XWFIvJUOHSch3+BE/GEpy2Bs2DT+VOfvxmByYOVqXMH
+aPoS4MQDNd5bUBjF7V6z069+Kdq4rZnuzHpFB2nSSJIT2QDzoco5bruVtkYang==
+
new file mode 100644
@@ -0,0 +1,31 @@
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----644E58CF5F5E956041CC782E38806ED7"
+
+This is an S/MIME signed message
+
+------644E58CF5F5E956041CC782E38806ED7
+This is a test of the petitboot security library.
+This is only a test.
+
+------644E58CF5F5E956041CC782E38806ED7
+Content-Type: application/pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIICmAYJKoZIhvcNAQcCoIICiTCCAoUCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYICYjCCAl4CAQEwUjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t
+ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkAgkA2en/
+tgC849UwCwYJYIZIAWUDBAIBoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
+HAYJKoZIhvcNAQkFMQ8XDTE4MDUwMTAwMTIxN1owLwYJKoZIhvcNAQkEMSIEID1e
+6QppGew2gaXGDOi4ykJa8UgfzET7MnWEfWH1eOaeMHkGCSqGSIb3DQEJDzFsMGow
+CwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcN
+AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG
+SIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAC+M3owKczQIO9xkiZ73gnW+RJRD
+I0maX9FAWHaV8YydY6Ip/uShiz0y0mfNupCHuXENk+/wS2SNJArxOzKsLVhdkqNy
+jkuUqAm+84WJV/ouRce5zre3WEe4L609H1b2TeUAoY3lXNrxX9/nhzHqcB0aNjNm
+UtUxzFNj6ZkEhaOsCPJBOrotrSMHl15uMwJlstq8gyLDIzr+PRAMy8DVYBEAj50U
+yhxsilX1RfLvxrd3iQsDryK8PI6+9WhWv0o8IZdPgVczTIiu9tzv0kvqnodwYD2B
+HTn9WuhCCASqjrdv07vGcAJFjDAPjbdoDxwINTOLT1deI8OW4jCN2dOgsTI=
+
+------644E58CF5F5E956041CC782E38806ED7--
+
new file mode 100644
@@ -0,0 +1,2 @@
+This is a test of the petitboot security library.
+This is only a test.
new file mode 100644
@@ -0,0 +1,2 @@
+This is a test of the petitboot security library.
+This is not only a test, it's an adventure.
new file mode 100644
GIT binary patch
literal 256
zcmV+b0ssD}ivqfsacVjs^?#GY*~Zy}XqT_tOfk*@du6zWhFOMnRTPU^q19r9bM9Sw
zAd(z8rTp9;!2V#93wiAh0X&?y4!rG#p>h&Rkl|progJpO>m-f`0u_`nX(}<nXtFs0
zTq~zZVgR_~wV^*jvL)WU)Rp*6M&b=Hz6DJy=w**T&m}#+L;@5`22B&-Xjt6;=)ldP
zofiw1yE>0NK-!#CGb>}KPOCnsI;8l!jk^DlssX~@JCx!sb_ldPG=Tb$GyW}h=yf<v
zOjynHPv+&P$4Zzns~clmSzuEKR(xLx6@N4(BH2}s<GK1T)l*7iJ#$7M6*M)+uT5`O
Gw{Q=bOn1Zp
literal 0
HcmV?d00001
new file mode 100644
GIT binary patch
literal 256
zcmV+b0ssDKp3|R+R;Wh?i1UKQ`YEpGQVx6LhlHw@z=i2j-}=<&*L?=&iP{EyOaKCx
zqObSeHz1>ax5!3~rZgG7@Nzi7NkbS^y90?I0ltEMNCf#(D*`D$vrOW`&$(^h&9Y@u
zLQiE6^cZbB#Wng~y$OXAPZ^|=^vS{y_<5;#{c!o`r3JfpxU~F!56?N6Hm|Y#PfS+i
zeAEt_FG7$Rx=;k}AiEiZ;|Y6X$6KW14*P)TOtg$#{I4X5I^>VHT>VF|{GfU5Kiv`i
zMNM|JWjEsE;d;WUDjr99&s<m6*kwL42jOhx!>QOmY_3xdECGDYoW_XQc@&}l0b4st
Gg+}v?p@ZH4
literal 0
HcmV?d00001
new file mode 100644
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgIJAODEiSno23BvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwIBcNMTgwNDI2MjM0ODIwWhgPMjExODA0MDIyMzQ4MjBa
+MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDRZOnMMFLyDGePJlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGy
+WPmJcZEBDv022qnluk3ciskyzgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+
+RWchOckKWh4/OsS3hFZzoWQTy9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+
+WjLuzxXnvOA6naReVnJnAtXkp8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ys
+U0gbv3UN2Q9wyxK3rIPVFhFWELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t
+0HZao63X6ik8Md7+z9iONNq1xLwtuXWPAgMBAAGjUDBOMB0GA1UdDgQWBBSMwUJt
+EbdE7xr2KlW9cXfVOTfIADAfBgNVHSMEGDAWgBSMwUJtEbdE7xr2KlW9cXfVOTfI
+ADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPHj82Tu8eeVmGUY+F
+2dYZ67+T/7tdMsmNx1li4tSp0Al074+Yo1qRfWl9BVb/k2q70BUmsdLm0ZT7Ua0t
+xluPc51DPW78KdLa1N+QOaYkyBA1Cc14W0nc1cE8FHe79O48lmw2Z1jWzEdZVL+Y
+4XUl6bKm2I/H7bADyMT7nlpkmkDZ2jHWZNf8FGbI2LZK/E7ndXSnmLWn/OQd6H/5
+yJ8SpwtayBi3vg+o3rGULQ5OvnMUxVEz8n+Psl5I3OHRy5048ThP6cjz79HbUtQA
+5Q13ja4bDiQ1CVAAS+tYddERBvK3ApmD+QYtPIHERQsJK42bCQicbayahyxei+4/
+hYU4
+-----END CERTIFICATE-----
new file mode 100644
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRZOnMMFLyDGeP
+JlUFMhywLTbhen8Rc2JQC2v26QPGAa7n8QH/YsGyWPmJcZEBDv022qnluk3cisky
+zgC6COKEiSiDSHA96KY6jir3FN0dimPdMkNMKC/+RWchOckKWh4/OsS3hFZzoWQT
+y9El2U78KfWUaDLNpl+KcGRWl++iHIIJZ/6SDur+WjLuzxXnvOA6naReVnJnAtXk
+p8Wd6Nc9gqLw8qT9pKdDb0IEQPYz7Dq2LQSjN0ysU0gbv3UN2Q9wyxK3rIPVFhFW
+ELX0rJ51Js7TkSWZXWw7nSGIGrctR7W3sl3XFc4t0HZao63X6ik8Md7+z9iONNq1
+xLwtuXWPAgMBAAECggEAWHfDU9LC6KMXCeMPHr/aYRDpVAB2OUA/tEPvHIW8Y2cI
+p9QqnOTzo092Nny13/WeRBPEnlvFU72LXhytL+xbD9YHONhdG7r0qF6yhmvZNAbp
+RGZdCoscI9jcxqvsZaRHjT1eKY8PG5F/f+Gn/s6+UUnFCSuw8zQsv4fWzMMqqpmO
+jB+2y8jva7uwavKKlblcWHapgO2pgVOsaqkIWBRRKOwH55bjze7SglKblnmt5LMN
+NH0wSTAVQS3cte4UPhAYkQy5xYiVo/0MjzBWlpgmWK/oHd1ZWkRFDEDArKgE3Io9
+3UwOUu94GlxZs6r9F6R0Rl9lsc+AOArGMaXIG7t/QQKBgQD6+mrgBgYHqbLKmRcO
+z4ParRS6DU50nWl8N6gSOk8um7NCV2wyTg7OZkEdq8lsjHQgklrDyuCBpPNz1feI
+EqbhFw1B2t1EEr+IfnU/HZ5j4iTB9uQx/gaMHxdwWBYKnkqDwnzZhgIbyf4NSn/P
+kSb+ihqKnsSiG0n5TQS4+cmR7wKBgQDVlX2WQ1SIfwjV9BO1/X6Oi7j+EZ1NjuW6
+6tjvIfzaHK6AdEIep5whSHSMMzbTIANcBMojRjpsdCNMsqF4zOQkjuQ0fXwTEfHw
+GoJPI+qPXd8amAEtMQ5XWK9TVQytCL4jAxZc5M3iIrEsDS80nWD9My42Mh6N2e50
+01ea0zt2YQKBgQCOQMW2+HMOgNcAEkmJcYFQvu2Sjtw7KMWTTJCM1FPxHPs7zQVc
+dfXacwbRZH8kcW+Yzpt3glRB51a9/zbv/3Jq/n/bJcxoOyAoo1SdU5JlFtaywdeR
+pmPbo/vLB4JmvlWJ3QCa4mPrkE/ZBLLw2Vr6xxhIHbliEImbLlZQ6fOgLQKBgQCl
+W4aOtnQU9V0u4Df+d1LrI4vG0HZb3J1JuJbZlRPA/eGwO9IRD60WK5VoEiKJFEjl
+jiO9aZrD6qqFr+rJrr+W+jX92YUc8pDAVpW6ldD8zC111mdayJcU0ulyd+9Ha/Rh
+APvoUZCAWmGW/GImtw2nGl/Vv7neEvLF6fXyPUXVIQKBgQDGxr/VNXQIarrwt1fk
+dzqs1JzaRkAwlJ3PYGKW1fqUwxl3BGtkFcK71XFXmN78snwoHNZxEPM/khtoKCZ0
+Oj0pEvUO6+BYlXkgWM7RZAgJxds87q4/9y8qNYEBeaB0p6zqMY652Tr6j9hNFk/o
++G6xXoQYGyrAzQB5EJgSNAWDQg==
+-----END PRIVATE KEY-----
new file mode 100644
@@ -0,0 +1,82 @@
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <talloc/talloc.h>
+#include <file/file.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/"
+
+int main(void)
+{
+ char *verify_data = NULL;
+ char *compare_data = NULL;
+ char *filename = NULL;
+ FILE *keyfile = NULL;
+ int ret = EXIT_FAILURE;
+ int verify_len;
+ int compare_len;
+
+ pb_log_init(stdout);
+
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.p12", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ if (read_file(NULL, SECURITY_TEST_DATA_DIR "rootdata.txt", &verify_data, &verify_len))
+ goto out;
+
+ /* first basic CMS decrypt case */
+
+ /*
+ * these calls overwrite so need a temp file
+ * copy_file_secure_dest is having some permission issues
+ */
+ if (copy_file_secure_dest(NULL,
+ SECURITY_TEST_DATA_DIR "rootdata.cmsencver",
+ &filename))
+ goto out;
+
+ if (decrypt_file(filename, keyfile, NULL))
+ goto out;
+
+ if (read_file(verify_data, filename, &compare_data, &compare_len))
+ goto out;
+
+ if (verify_len != compare_len)
+ goto out;
+
+ if (memcmp(verify_data, compare_data, verify_len))
+ goto out;
+
+ /* check an encrypted but unverified message fails */
+ unlink(filename);
+ talloc_free(filename);
+
+ if (copy_file_secure_dest(NULL,
+ SECURITY_TEST_DATA_DIR "rootdata.cmsenc",
+ &filename))
+ goto out;
+
+
+ if (!decrypt_file(filename, keyfile, NULL))
+ goto out;
+
+ /* got here, all fine */
+ ret = EXIT_SUCCESS;
+
+out:
+ if (keyfile)
+ fclose(keyfile);
+ if (filename) {
+ unlink(filename);
+ talloc_free(filename);
+ }
+ talloc_free(verify_data);
+ return ret;
+}
new file mode 100644
@@ -0,0 +1,103 @@
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include <log/log.h>
+#include <security/security.h>
+
+#define SECURITY_TEST_DATA_DIR TEST_LIB_DATA_BASE "/security/"
+#define SECURITY_TEST_DATA_CERT SECURITY_TEST_DATA_DIR "/cert.pem"
+
+int main(void)
+{
+ FILE *keyfile;
+
+ pb_log_init(stdout);
+
+ /* start with basic pubkey extraction */
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "cert.pem", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ /* first basic verify case */
+ /* assuming the default sha256 mode */
+
+ if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ /* now check different file */
+
+ if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata_different.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ /* now check different signature */
+
+ if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha512.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ /* check CMS verify */
+ if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdata.cmsver",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ fclose(keyfile);
+
+ /* now check basic pubkey fallback */
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "pubkey.pem", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ if (verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+ fclose(keyfile);
+
+ /* finally check different key */
+ keyfile = fopen(SECURITY_TEST_DATA_DIR "wrong_cert.pem", "r");
+ if (!keyfile)
+ return EXIT_FAILURE;
+
+ if (!verify_file_signature(SECURITY_TEST_DATA_DIR "rootdata.txt",
+ SECURITY_TEST_DATA_DIR "rootdatasha256.sig",
+ keyfile,
+ NULL))
+ {
+ fclose(keyfile);
+ return EXIT_FAILURE;
+ }
+
+
+ fclose(keyfile);
+ return EXIT_SUCCESS;
+}
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> --- test/lib/Makefile.am | 7 ++ test/lib/data/security/cert.p12 | Bin 0 -> 2469 bytes test/lib/data/security/cert.pem | 21 ++++++ test/lib/data/security/key.pem | 28 +++++++ test/lib/data/security/pubkey.pem | 9 +++ test/lib/data/security/rootdata.cmsenc | 17 +++++ test/lib/data/security/rootdata.cmsencver | 41 ++++++++++ test/lib/data/security/rootdata.cmsver | 31 ++++++++ test/lib/data/security/rootdata.txt | 2 + test/lib/data/security/rootdata_different.txt | 2 + test/lib/data/security/rootdatasha256.sig | Bin 0 -> 256 bytes test/lib/data/security/rootdatasha512.sig | Bin 0 -> 256 bytes test/lib/data/security/wrong_cert.pem | 21 ++++++ test/lib/data/security/wrong_key.pem | 28 +++++++ test/lib/test-security-openssl-decrypt.c | 82 ++++++++++++++++++++ test/lib/test-security-openssl-verify.c | 103 ++++++++++++++++++++++++++ 16 files changed, 392 insertions(+) create mode 100644 test/lib/data/security/cert.p12 create mode 100644 test/lib/data/security/cert.pem create mode 100644 test/lib/data/security/key.pem create mode 100644 test/lib/data/security/pubkey.pem create mode 100644 test/lib/data/security/rootdata.cmsenc create mode 100644 test/lib/data/security/rootdata.cmsencver create mode 100644 test/lib/data/security/rootdata.cmsver create mode 100644 test/lib/data/security/rootdata.txt create mode 100644 test/lib/data/security/rootdata_different.txt create mode 100644 test/lib/data/security/rootdatasha256.sig create mode 100644 test/lib/data/security/rootdatasha512.sig create mode 100644 test/lib/data/security/wrong_cert.pem create mode 100644 test/lib/data/security/wrong_key.pem create mode 100644 test/lib/test-security-openssl-decrypt.c create mode 100644 test/lib/test-security-openssl-verify.c