aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2018-01-08 23:10:07 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-01-10 22:31:02 +0100
commitddfc36aa568e0cb2b63aee2bca64430c34dc622f (patch)
tree4b02ba77b98123e4133a4c3e07e7cfbc9cb06a15
parenta5997d180dfbcd8fefd16b001f352436a9e67e7e (diff)
downloadlibssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.tar.gz
libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.tar.xz
libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.zip
tests: Move rsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--tests/unittests/CMakeLists.txt1
-rw-r--r--tests/unittests/torture_pki.c523
-rw-r--r--tests/unittests/torture_pki_rsa.c548
3 files changed, 549 insertions, 523 deletions
diff --git a/tests/unittests/CMakeLists.txt b/tests/unittests/CMakeLists.txt
index c9b261c4..9eac1ab8 100644
--- a/tests/unittests/CMakeLists.txt
+++ b/tests/unittests/CMakeLists.txt
@@ -16,6 +16,7 @@ if (UNIX AND NOT WIN32)
# requires ssh-keygen
add_cmocka_test(torture_keyfiles torture_keyfiles.c ${TORTURE_LIBRARY})
add_cmocka_test(torture_pki torture_pki.c ${TORTURE_LIBRARY})
+ add_cmocka_test(torture_pki_rsa torture_pki_rsa.c ${TORTURE_LIBRARY})
if (HAVE_DSA)
add_cmocka_test(torture_pki_dsa torture_pki_dsa.c ${TORTURE_LIBRARY})
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c
index 2355979d..1aff38ae 100644
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -9,38 +9,6 @@
#include "torture_pki.h"
#include "pki.c"
-#define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa"
-
-const unsigned char HASH[] = "12345678901234567890";
-
-static int setup_rsa_key(void **state)
-{
- (void) state; /* unused */
-
- unlink(LIBSSH_RSA_TESTKEY);
- unlink(LIBSSH_RSA_TESTKEY ".pub");
- unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
-
- torture_write_file(LIBSSH_RSA_TESTKEY,
- torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
- torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
- torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
- torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
- torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
-
- return 0;
-}
-
-static int teardown(void **state) {
- (void) state; /* unused */
-
- unlink(LIBSSH_RSA_TESTKEY);
- unlink(LIBSSH_RSA_TESTKEY ".pub");
- unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
-
- return 0;
-}
-
static void torture_pki_keytype(void **state) {
enum ssh_keytypes_e type;
const char *type_c;
@@ -75,502 +43,11 @@ static void torture_pki_signature(void **state)
ssh_signature_free(sig);
}
-static void torture_pki_import_privkey_base64_RSA(void **state) {
- int rc;
- char *key_str;
- ssh_key key;
- const char *passphrase = torture_get_testkey_passphrase();
- enum ssh_keytypes_e type;
-
- (void) state; /* unused */
-
- key_str = torture_pki_read_file(LIBSSH_RSA_TESTKEY);
- assert_true(key_str != NULL);
-
- rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
- assert_true(rc == 0);
-
- type = ssh_key_type(key);
- assert_true(type == SSH_KEYTYPE_RSA);
-
- rc = ssh_key_is_private(key);
- assert_true(rc == 1);
-
- rc = ssh_key_is_public(key);
- assert_true(rc == 1);
-
- free(key_str);
- ssh_key_free(key);
-}
-
-static void torture_pki_import_privkey_base64_NULL_key(void **state) {
- int rc;
- const char *passphrase = torture_get_testkey_passphrase();
-
- (void) state; /* unused */
-
- /* test if it returns -1 if key is NULL */
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
- passphrase,
- NULL,
- NULL,
- NULL);
- assert_true(rc == -1);
-
-}
-
-static void torture_pki_import_privkey_base64_NULL_str(void **state) {
- int rc;
- ssh_key key = NULL;
- const char *passphrase = torture_get_testkey_passphrase();
-
- (void) state; /* unused */
-
- /* test if it returns -1 if key_str is NULL */
- rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key);
- assert_true(rc == -1);
-
- ssh_key_free(key);
-}
-
-static void torture_pki_import_privkey_base64_passphrase(void **state) {
- int rc;
- ssh_key key = NULL;
- const char *passphrase = torture_get_testkey_passphrase();
-
- (void) state; /* unused */
-
-
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
- passphrase,
- NULL,
- NULL,
- &key);
- assert_return_code(rc, errno);
-
- rc = ssh_key_is_private(key);
- assert_true(rc == 1);
-
- ssh_key_free(key);
- key = NULL;
-
- /* test if it returns -1 if passphrase is wrong */
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
- "wrong passphrase !!",
- NULL,
- NULL,
- &key);
- assert_true(rc == -1);
- ssh_key_free(key);
- key = NULL;
-
-#ifndef HAVE_LIBCRYPTO
- /* test if it returns -1 if passphrase is NULL */
- /* libcrypto asks for a passphrase, so skip this test */
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
- NULL,
- NULL,
- NULL,
- &key);
- assert_true(rc == -1);
- ssh_key_free(key);
- key = NULL;
-#endif
-}
-
-static void torture_pki_pki_publickey_from_privatekey_RSA(void **state) {
- int rc;
- ssh_key key;
- ssh_key pubkey;
- const char *passphrase = NULL;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
- passphrase,
- NULL,
- NULL,
- &key);
- assert_true(rc == 0);
-
- rc = ssh_key_is_private(key);
- assert_true(rc == 1);
-
- rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
- assert_true(rc == SSH_OK);
-
- ssh_key_free(key);
- ssh_key_free(pubkey);
-}
-
-static void torture_pki_copy_cert_to_privkey(void **state) {
- /* Tests copying a cert loaded into a public key to a private key.
- The function is encryption type agnostic, no need to run this
- against all supported key types.
- */
- int rc;
- const char *passphrase = torture_get_testkey_passphrase();
- ssh_key pubkey;
- ssh_key privkey;
- ssh_key cert;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
- passphrase,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == SSH_OK);
-
- /* Basic sanity. */
- rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
- assert_true(rc == SSH_ERROR);
-
- rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
- assert_true(rc == SSH_ERROR);
-
- /* A public key doesn't have a cert, copy should fail. */
- assert_true(pubkey->cert == NULL);
- rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
- assert_true(rc == SSH_ERROR);
-
- /* Copying the cert to non-cert keys should work fine. */
- rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
- assert_true(rc == SSH_OK);
- rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
- assert_true(rc == SSH_OK);
-
- /* The private key's cert is already set, another copy should fail. */
- rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
- assert_true(rc == SSH_ERROR);
-
- ssh_key_free(cert);
- ssh_key_free(privkey);
- ssh_key_free(pubkey);
-}
-
-static void torture_pki_import_cert_file_rsa(void **state) {
- int rc;
- ssh_key cert;
- enum ssh_keytypes_e type;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
- assert_true(rc == 0);
-
- type = ssh_key_type(cert);
- assert_true(type == SSH_KEYTYPE_RSA_CERT01);
-
- rc = ssh_key_is_public(cert);
- assert_true(rc == 1);
-
- ssh_key_free(cert);
-}
-
-static void torture_pki_publickey_rsa_base64(void **state)
-{
- enum ssh_keytypes_e type;
- char *b64_key, *key_buf, *p;
- const char *q;
- ssh_key key;
- int rc;
-
- (void) state; /* unused */
-
- key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
- assert_true(key_buf != NULL);
-
- q = p = key_buf;
- while (*p != ' ') p++;
- *p = '\0';
-
- type = ssh_key_type_from_name(q);
- assert_true(((type == SSH_KEYTYPE_RSA) ||
- (type == SSH_KEYTYPE_RSA1)));
-
- q = ++p;
- while (*p != ' ') p++;
- *p = '\0';
-
- rc = ssh_pki_import_pubkey_base64(q, type, &key);
- assert_true(rc == 0);
-
- rc = ssh_pki_export_pubkey_base64(key, &b64_key);
- assert_true(rc == 0);
-
- assert_string_equal(q, b64_key);
-
- free(b64_key);
- free(key_buf);
- ssh_key_free(key);
-}
-
-static void torture_generate_pubkey_from_privkey_rsa(void **state) {
- char pubkey_generated[4096] = {0};
- ssh_key privkey;
- ssh_key pubkey;
- int rc;
- int len;
-
- (void) state; /* unused */
-
- /* remove the public key, generate it from the private key and write it. */
- unlink(LIBSSH_RSA_TESTKEY ".pub");
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == 0);
-
- rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_RSA_TESTKEY ".pub");
- assert_true(rc == 0);
-
- rc = torture_read_one_line(LIBSSH_RSA_TESTKEY ".pub",
- pubkey_generated,
- sizeof(pubkey_generated));
- assert_true(rc == 0);
-
- len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
- assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0),
- pubkey_generated,
- len);
-
- ssh_key_free(privkey);
- ssh_key_free(pubkey);
-}
-
-static void torture_pki_duplicate_key_rsa(void **state)
-{
- int rc;
- char *b64_key;
- char *b64_key_gen;
- ssh_key pubkey;
- ssh_key privkey;
- ssh_key privkey_dup;
-
- (void) state;
-
- rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
- assert_true(rc == 0);
-
- rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
- assert_true(rc == 0);
- ssh_key_free(pubkey);
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == 0);
-
- privkey_dup = ssh_key_dup(privkey);
- assert_true(privkey_dup != NULL);
-
- rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key_gen);
- assert_true(rc == 0);
-
- assert_string_equal(b64_key, b64_key_gen);
-
- rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
- assert_true(rc == 0);
-
- ssh_key_free(pubkey);
- ssh_key_free(privkey);
- ssh_key_free(privkey_dup);
- ssh_string_free_char(b64_key);
- ssh_string_free_char(b64_key_gen);
-}
-
-static void torture_pki_generate_key_rsa(void **state)
-{
- int rc;
- ssh_key key;
- ssh_signature sign;
- ssh_session session=ssh_new();
- (void) state;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- ssh_free(session);
-}
-
-static void torture_pki_generate_key_rsa1(void **state)
-{
- int rc;
- ssh_key key;
- ssh_signature sign;
- ssh_session session=ssh_new();
- (void) state;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 1024, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 2048, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 4096, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- ssh_free(session);
-}
-
-#ifdef HAVE_LIBCRYPTO
-static void torture_pki_write_privkey_rsa(void **state)
-{
- ssh_key origkey;
- ssh_key privkey;
- int rc;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &origkey);
- assert_true(rc == 0);
-
- unlink(LIBSSH_RSA_TESTKEY);
-
- rc = ssh_pki_export_privkey_file(origkey,
- "",
- NULL,
- NULL,
- LIBSSH_RSA_TESTKEY);
- assert_true(rc == 0);
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == 0);
-
- rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
- assert_true(rc == 0);
-
- ssh_key_free(origkey);
- ssh_key_free(privkey);
-}
-#endif /* HAVE_LIBCRYPTO */
-
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
cmocka_unit_test(torture_pki_keytype),
-
cmocka_unit_test(torture_pki_signature),
-
- /* ssh_pki_import_privkey_base64 */
- cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_NULL_key,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_NULL_str,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_RSA,
- setup_rsa_key,
- teardown),
- cmocka_unit_test(torture_pki_import_privkey_base64_passphrase),
- /* ssh_pki_export_privkey_to_pubkey */
- cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_RSA,
- setup_rsa_key,
- teardown),
- /* cert */
- cmocka_unit_test_setup_teardown(torture_pki_copy_cert_to_privkey,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_publickey_rsa_base64,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_generate_pubkey_from_privkey_rsa,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_rsa,
- setup_rsa_key,
- teardown),
- cmocka_unit_test(torture_pki_generate_key_rsa),
- cmocka_unit_test(torture_pki_generate_key_rsa1),
-#ifdef HAVE_LIBCRYPTO
- cmocka_unit_test_setup_teardown(torture_pki_write_privkey_rsa,
- setup_rsa_key,
- teardown),
-#endif /* HAVE_LIBCRYPTO */
};
ssh_init();
diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c
new file mode 100644
index 00000000..0c45e5af
--- /dev/null
+++ b/tests/unittests/torture_pki_rsa.c
@@ -0,0 +1,548 @@
+
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include "torture.h"
+#include "torture_pki.h"
+#include "pki.c"
+
+#define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa"
+
+const unsigned char RSA_HASH[] = "12345678901234567890";
+
+static int setup_rsa_key(void **state)
+{
+ (void) state; /* unused */
+
+ unlink(LIBSSH_RSA_TESTKEY);
+ unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
+
+ torture_write_file(LIBSSH_RSA_TESTKEY,
+ torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
+ torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
+ torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
+
+ return 0;
+}
+
+static int teardown(void **state) {
+ (void) state; /* unused */
+
+ unlink(LIBSSH_RSA_TESTKEY);
+ unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
+
+ return 0;
+}
+
+static void torture_pki_rsa_import_privkey_base64_NULL_key(void **state)
+{
+ int rc;
+ const char *passphrase = torture_get_testkey_passphrase();
+
+ (void) state; /* unused */
+
+ /* test if it returns -1 if key is NULL */
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+ passphrase,
+ NULL,
+ NULL,
+ NULL);
+ assert_true(rc == -1);
+
+}
+
+static void torture_pki_rsa_import_privkey_base64_NULL_str(void **state)
+{
+ int rc;
+ ssh_key key = NULL;
+ const char *passphrase = torture_get_testkey_passphrase();
+
+ (void) state; /* unused */
+
+ /* test if it returns -1 if key_str is NULL */
+ rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key);
+ assert_true(rc == -1);
+
+ ssh_key_free(key);
+}
+
+static void torture_pki_rsa_import_privkey_base64(void **state)
+{
+ int rc;
+ char *key_str;
+ ssh_key key;
+ const char *passphrase = torture_get_testkey_passphrase();
+ enum ssh_keytypes_e type;
+
+ (void) state; /* unused */
+
+ key_str = torture_pki_read_file(LIBSSH_RSA_TESTKEY);
+ assert_true(key_str != NULL);
+
+ rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
+ assert_true(rc == 0);
+
+ type = ssh_key_type(key);
+ assert_true(type == SSH_KEYTYPE_RSA);
+
+ rc = ssh_key_is_private(key);
+ assert_true(rc == 1);
+
+ rc = ssh_key_is_public(key);
+ assert_true(rc == 1);
+
+ free(key_str);
+ ssh_key_free(key);
+}
+
+static void torture_pki_rsa_publickey_from_privatekey(void **state)
+{
+ int rc;
+ ssh_key key;
+ ssh_key pubkey;
+ const char *passphrase = NULL;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+ passphrase,
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == 0);
+
+ rc = ssh_key_is_private(key);
+ assert_true(rc == 1);
+
+ rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
+ assert_true(rc == SSH_OK);
+
+ ssh_key_free(key);
+ ssh_key_free(pubkey);
+}
+
+static void torture_pki_rsa_copy_cert_to_privkey(void **state)
+{
+ /*
+ * Tests copying a cert loaded into a public key to a private key.
+ * The function is encryption type agnostic, no need to run this against
+ * all supported key types.
+ */
+ int rc;
+ const char *passphrase = torture_get_testkey_passphrase();
+ ssh_key pubkey;
+ ssh_key privkey;
+ ssh_key cert;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+ passphrase,
+ NULL,
+ NULL,
+ &privkey);
+ assert_true(rc == SSH_OK);
+
+ /* Basic sanity. */
+ rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
+ assert_true(rc == SSH_ERROR);
+
+ /* A public key doesn't have a cert, copy should fail. */
+ assert_true(pubkey->cert == NULL);
+ rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ /* Copying the cert to non-cert keys should work fine. */
+ rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
+ assert_true(rc == SSH_OK);
+ rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+ assert_true(rc == SSH_OK);
+
+ /* The private key's cert is already set, another copy should fail. */
+ rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ ssh_key_free(cert);
+ ssh_key_free(privkey);
+ ssh_key_free(pubkey);
+}
+
+static void torture_pki_rsa_import_cert_file(void **state) {
+ int rc;
+ ssh_key cert;
+ enum ssh_keytypes_e type;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == 0);
+
+ type = ssh_key_type(cert);
+ assert_true(type == SSH_KEYTYPE_RSA_CERT01);
+
+ rc = ssh_key_is_public(cert);
+ assert_true(rc == 1);
+
+ ssh_key_free(cert);
+}
+
+static void torture_pki_rsa_publickey_base64(void **state)
+{
+ enum ssh_keytypes_e type;
+ char *b64_key, *key_buf, *p;
+ const char *q;
+ ssh_key key;
+ int rc;
+
+ (void) state; /* unused */
+
+ key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
+ assert_true(key_buf != NULL);
+
+ q = p = key_buf;
+ while (*p != ' ') p++;
+ *p = '\0';
+
+ type = ssh_key_type_from_name(q);
+ assert_true(((type == SSH_KEYTYPE_RSA) ||
+ (type == SSH_KEYTYPE_RSA1)));
+
+ q = ++p;
+ while (*p != ' ') p++;
+ *p = '\0';
+
+ rc = ssh_pki_import_pubkey_base64(q, type, &key);
+ assert_true(rc == 0);
+
+ rc = ssh_pki_export_pubkey_base64(key, &b64_key);
+ assert_true(rc == 0);
+
+ assert_string_equal(q, b64_key);
+
+ free(b64_key);
+ free(key_buf);
+ ssh_key_free(key);
+}
+
+static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) {
+ char pubkey_generated[4096] = {0};
+ ssh_key privkey;
+ ssh_key pubkey;
+ int rc;
+ int len;
+
+ (void) state; /* unused */
+
+ /* remove the public key, generate it from the private key and write it. */
+ unlink(LIBSSH_RSA_TESTKEY ".pub");
+
+ rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
+ NULL,
+ NULL,
+ NULL,
+ &privkey);
+ assert_true(rc == 0);
+
+ rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_RSA_TESTKEY ".pub");
+ assert_true(rc == 0);
+
+ rc = torture_read_one_line(LIBSSH_RSA_TESTKEY ".pub",
+ pubkey_generated,
+ sizeof(pubkey_generated));
+ assert_true(rc == 0);
+
+ len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
+ assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0),
+ pubkey_generated,
+ len);
+
+ ssh_key_free(privkey);
+ ssh_key_free(pubkey);
+}
+
+static void torture_pki_rsa_duplicate_key(void **state)
+{
+ int rc;
+ char *b64_key;
+ char *b64_key_gen;
+ ssh_key pubkey;
+ ssh_key privkey;
+ ssh_key privkey_dup;
+
+ (void) state;
+
+ rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
+ assert_true(rc == 0);
+
+ rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
+ assert_true(rc == 0);
+ ssh_key_free(pubkey);
+
+ rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
+ NULL,
+ NULL,
+ NULL,
+ &privkey);
+ assert_true(rc == 0);
+
+ privkey_dup = ssh_key_dup(privkey);
+ assert_true(privkey_dup != NULL);
+
+ rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key_gen);
+ assert_true(rc == 0);
+
+ assert_string_equal(b64_key, b64_key_gen);
+
+ rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
+ assert_true(rc == 0);
+
+ ssh_key_free(pubkey);
+ ssh_key_free(privkey);
+ ssh_key_free(privkey_dup);
+ ssh_string_free_char(b64_key);
+ ssh_string_free_char(b64_key_gen);
+}
+
+static void torture_pki_rsa_generate_key(void **state)
+{
+ int rc;
+ ssh_key key;
+ ssh_signature sign;
+ ssh_session session=ssh_new();
+ (void) state;
+
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
+ assert_true(rc == SSH_OK);
+ assert_true(key != NULL);
+ sign = pki_do_sign(key, RSA_HASH, 20);
+ assert_true(sign != NULL);
+ rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
+ assert_true(rc == SSH_OK);
+ ssh_signature_free(sign);
+ ssh_key_free(key);
+ key=NULL;
+
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
+ assert_true(rc == SSH_OK);
+ assert_true(key != NULL);
+ sign = pki_do_sign(key, RSA_HASH, 20);
+ assert_true(sign != NULL);
+ rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
+ assert_true(rc == SSH_OK);
+ ssh_signature_free(sign);
+ ssh_key_free(key);
+ key=NULL;
+
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
+ assert_true(rc == SSH_OK);
+ assert_true(key != NULL);
+ sign = pki_do_sign(key, RSA_HASH, 20);
+ assert_true(sign != NULL);
+ rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
+ assert_true(rc == SSH_OK);
+ ssh_signature_free(sign);
+ ssh_key_free(key);
+ key=NULL;
+
+ ssh_free(session);
+}
+
+static void torture_pki_rsa_generate_key1(void **state)
+{
+ int rc;
+ ssh_key key;
+ ssh_signature sign;
+ ssh_session session=ssh_new();
+ (void) state;
+
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 1024, &key);
+ assert_true(rc == SSH_OK);
+ assert_true(key != NULL);
+ sign = pki_do_sign(key, RSA_HASH, 20);
+ assert_true(sign != NULL);
+ rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
+ assert_true(rc == SSH_OK);
+ ssh_signature_free(sign);
+ ssh_key_free(key);
+ key=NULL;
+
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 2048, &key);
+ assert_true(rc == SSH_OK);
+ assert_true(key != NULL);
+ sign = pki_do_sign(key, RSA_HASH, 20);
+ assert_true(sign != NULL);
+ rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
+ assert_true(rc == SSH_OK);
+ ssh_signature_free(sign);
+ ssh_key_free(key);
+ key=NULL;
+
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 4096, &key);
+ assert_true(rc == SSH_OK);
+ assert_true(key != NULL);
+ sign = pki_do_sign(key, RSA_HASH, 20);
+ assert_true(sign != NULL);
+ rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
+ assert_true(rc == SSH_OK);
+ ssh_signature_free(sign);
+ ssh_key_free(key);
+ key=NULL;
+
+ ssh_free(session);
+}
+
+#ifdef HAVE_LIBCRYPTO
+static void torture_pki_rsa_write_privkey(void **state)
+{
+ ssh_key origkey;
+ ssh_key privkey;
+ int rc;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
+ NULL,
+ NULL,
+ NULL,
+ &origkey);
+ assert_true(rc == 0);
+
+ unlink(LIBSSH_RSA_TESTKEY);
+
+ rc = ssh_pki_export_privkey_file(origkey,
+ "",
+ NULL,
+ NULL,
+ LIBSSH_RSA_TESTKEY);
+ assert_true(rc == 0);
+
+ rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
+ NULL,
+ NULL,
+ NULL,
+ &privkey);
+ assert_true(rc == 0);
+
+ rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
+ assert_true(rc == 0);
+
+ ssh_key_free(origkey);
+ ssh_key_free(privkey);
+}
+#endif /* HAVE_LIBCRYPTO */
+
+static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
+{
+ int rc;
+ ssh_key key = NULL;
+ const char *passphrase = torture_get_testkey_passphrase();
+
+ (void) state; /* unused */
+
+
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
+ passphrase,
+ NULL,
+ NULL,
+ &key);
+ assert_return_code(rc, errno);
+
+ rc = ssh_key_is_private(key);
+ assert_true(rc == 1);
+
+ ssh_key_free(key);
+ key = NULL;
+
+ /* test if it returns -1 if passphrase is wrong */
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
+ "wrong passphrase !!",
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+ ssh_key_free(key);
+ key = NULL;
+
+#ifndef HAVE_LIBCRYPTO
+ /* test if it returns -1 if passphrase is NULL */
+ /* libcrypto asks for a passphrase, so skip this test */
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
+ NULL,
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+ ssh_key_free(key);
+ key = NULL;
+#endif
+}
+
+int torture_run_tests(void) {
+ int rc;
+ struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_NULL_key,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_NULL_str,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_from_privatekey,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test(torture_pki_rsa_import_privkey_base64_passphrase),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_copy_cert_to_privkey,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_import_cert_file,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_base64,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_generate_pubkey_from_privkey,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_duplicate_key,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test(torture_pki_rsa_generate_key),
+ cmocka_unit_test(torture_pki_rsa_generate_key1),
+#ifdef HAVE_LIBCRYPTO
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_write_privkey,
+ setup_rsa_key,
+ teardown),
+#endif /* HAVE_LIBCRYPTO */
+ };
+
+ ssh_init();
+ torture_filter_tests(tests);
+ rc = cmocka_run_group_tests(tests, NULL, NULL);
+ ssh_finalize();
+ return rc;
+}