forked from janmojzis/tinyssh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsubprocess_signtest.c
88 lines (73 loc) · 2.94 KB
/
subprocess_signtest.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/*
20140321
Jan Mojzis
Public domain.
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include "fail.h"
#include "savesync.h"
#include "sshcrypto.h"
#include "open.h"
#include "purge.h"
#include "byte.h"
#include "randommod.h"
#include "crypto_uint32.h"
#include "subprocess.h"
unsigned char sh[sshcrypto_hash_MAX];
unsigned char sm[sshcrypto_sign_MAX + sshcrypto_hash_MAX];
unsigned char m[sshcrypto_sign_MAX + sshcrypto_hash_MAX];
unsigned long long mlen;
unsigned char sk[sshcrypto_sign_SECRETKEYMAX];
const char *keydir = "./keydir";
static void create(const char *fn, const unsigned char *x, long long xlen) {
if (savesync(fn, x, xlen) == -1) fail("unable to create test directory");
}
int main(void) {
long long i, j;
int fd;
fd = open_cwd();
if (fd == -1) fail("open_cwd() failure");
/* make keydir */
umask(022);
if (mkdir(keydir, 0755) == -1) fail("unable to create test directory");
if (chdir(keydir) == -1) fail("unable to chdir to directory");
for (i = 0; sshcrypto_keys[i].name; ++i) {
if (sshcrypto_keys[i].sign_keypair(sshcrypto_keys[i].sign_publickey, sk) != 0) fail("unable to generate key pair");
umask(022);
create(sshcrypto_keys[i].sign_publickeyfilename, sshcrypto_keys[i].sign_publickey, sshcrypto_keys[i].sign_publickeybytes);
umask(077);
create(sshcrypto_keys[i].sign_secretkeyfilename, sk, sshcrypto_keys[i].sign_secretkeybytes);
purge(sk, sizeof sk);
}
if (fchdir(fd) == -1) fail("fchdir() failure");
for (i = 0; sshcrypto_keys[i].name; ++i) {
/* set globals */
sshcrypto_key_name = sshcrypto_keys[i].name;
sshcrypto_sign = sshcrypto_keys[i].sign;
sshcrypto_sign_publickey = sshcrypto_keys[i].sign_publickey;
sshcrypto_sign_publickeybytes = sshcrypto_keys[i].sign_publickeybytes;
sshcrypto_sign_secretkeybytes = sshcrypto_keys[i].sign_secretkeybytes;
sshcrypto_sign_bytes = sshcrypto_keys[i].sign_bytes;
sshcrypto_sign_secretkeyfilename = sshcrypto_keys[i].sign_secretkeyfilename;
sshcrypto_hash_bytes = 64;
for (j = 0; j < 100; ++j) {
/* sign */
purge(sh, sizeof sh);
if (subprocess_sign(sm, sshcrypto_sign_bytes, keydir, sh, sshcrypto_hash_bytes) != 0)
fail("unable to sign");
byte_copy(sm + sshcrypto_sign_bytes, sshcrypto_hash_bytes, sh);
/* verify */
if (sshcrypto_keys[i].sign_open(m, &mlen, sm, sshcrypto_hash_bytes + sshcrypto_sign_bytes, sshcrypto_keys[i].sign_publickey) != 0)
fail("unable to open signed box");
#if 0
/* forgery */
sm[randommod(sshcrypto_sign_bytes + sshcrypto_hash_bytes)] += 1 + randommod(255);
if (sshcrypto_keys[i].sign_open(m, &mlen, sm, sshcrypto_hash_bytes + sshcrypto_sign_bytes, sshcrypto_keys[i].sign_publickey) == 0)
fail("forgery");
#endif
}
}
_exit(0);
}