diff options
author | Tilo Eckert <tilo.eckert@flam.de> | 2018-12-21 13:43:16 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-01-11 15:56:02 +0100 |
commit | f118ea010beaba565e7426b54b55f7334c10aade (patch) | |
tree | 598564ecfbbe3779744393e6ba0dce70857432e5 | |
parent | 481d7495590fc47300ddd016c2f301afeb6538ce (diff) | |
download | libssh-f118ea010beaba565e7426b54b55f7334c10aade.tar.gz libssh-f118ea010beaba565e7426b54b55f7334c10aade.tar.xz libssh-f118ea010beaba565e7426b54b55f7334c10aade.zip |
tests: Refactor test so that all RSA + hash combinations are tested
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | tests/unittests/torture_pki.c | 122 |
1 files changed, 58 insertions, 64 deletions
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c index a3e4a22b..a7e2f59e 100644 --- a/tests/unittests/torture_pki.c +++ b/tests/unittests/torture_pki.c @@ -185,81 +185,75 @@ static void torture_pki_verify_mismatch(void **state) hash_length); assert_true(rc == SSH_OK); - /* XXX Test all the hash versions only with RSA. - * This also skips the cleanup for the last hash so we can use the - * created signatures later on - */ - if (sig_type != SSH_KEYTYPE_RSA || hash == SSH_DIGEST_SHA512) { - break; - } - ssh_string_free(blob); - ssh_signature_free(sign); - ssh_signature_free(import_sig); - } - - for (key_type = first_key; - key_type <= SSH_KEYTYPE_ED25519; - key_type++) { - if (key_type == SSH_KEYTYPE_RSA1) { - continue; - } - SSH_LOG(SSH_LOG_TRACE, "Trying key %d with signature %d", - key_type, sig_type); - - rc = ssh_pki_generate(key_type, key_sizes[key_type], &verify_key); - assert_true(rc == SSH_OK); - assert_true(verify_key != NULL); + for (key_type = first_key; + key_type <= SSH_KEYTYPE_ED25519; + key_type++) { + if (key_type == SSH_KEYTYPE_RSA1) { + continue; + } + SSH_LOG(SSH_LOG_TRACE, "Trying key %d with signature %d", + key_type, sig_type); - /* Should gracefully fail, but not crash */ - rc = pki_signature_verify(session, - sign, - verify_key, - HASH, - hash_length); - assert_true(rc != SSH_OK); + rc = ssh_pki_generate(key_type, key_sizes[key_type], &verify_key); + assert_true(rc == SSH_OK); + assert_true(verify_key != NULL); - /* Try the same with the imported signature */ - rc = pki_signature_verify(session, - import_sig, - verify_key, - HASH, - hash_length); - assert_true(rc != SSH_OK); - - /* Try to import the signature blob with different key */ - new_sig = pki_signature_from_blob(verify_key, - blob, - sig_type, - import_sig->hash_type); - if (sig_type != key_type) { - assert_true(new_sig == NULL); - } else { - /* Importing with the same key type should work */ - assert_true(new_sig != NULL); - assert_int_equal(new_sig->type, key->type); - if (key_type == SSH_KEYTYPE_RSA) { - assert_string_equal(key->type_c, "ssh-rsa"); - assert_string_equal(new_sig->type_c, hash_signatures[new_sig->hash_type]); - } else { - assert_string_equal(new_sig->type_c, key->type_c); - assert_string_equal(new_sig->type_c, signature_types[sig_type]); - } + /* Should gracefully fail, but not crash */ + rc = pki_signature_verify(session, + sign, + verify_key, + HASH, + hash_length); + assert_true(rc != SSH_OK); - /* The verification should not work */ + /* Try the same with the imported signature */ rc = pki_signature_verify(session, - new_sig, + import_sig, verify_key, HASH, hash_length); assert_true(rc != SSH_OK); - ssh_signature_free(new_sig); + /* Try to import the signature blob with different key */ + new_sig = pki_signature_from_blob(verify_key, + blob, + sig_type, + import_sig->hash_type); + if (sig_type != key_type) { + assert_true(new_sig == NULL); + } else { + /* Importing with the same key type should work */ + assert_true(new_sig != NULL); + assert_int_equal(new_sig->type, key->type); + if (key_type == SSH_KEYTYPE_RSA && new_sig->hash_type != SSH_DIGEST_AUTO) { + assert_string_equal(new_sig->type_c, hash_signatures[new_sig->hash_type]); + } else { + assert_string_equal(new_sig->type_c, key->type_c); + assert_string_equal(new_sig->type_c, signature_types[sig_type]); + } + /* The verification should not work */ + rc = pki_signature_verify(session, + new_sig, + verify_key, + HASH, + hash_length); + assert_true(rc != SSH_OK); + + ssh_signature_free(new_sig); + } + SSH_KEY_FREE(verify_key); + } + + ssh_string_free(blob); + ssh_signature_free(sign); + ssh_signature_free(import_sig); + + /* XXX Test all the hash versions only with RSA. */ + if (sig_type != SSH_KEYTYPE_RSA || hash == SSH_DIGEST_SHA512) { + break; } - SSH_KEY_FREE(verify_key); } - ssh_string_free(blob); - ssh_signature_free(sign); - ssh_signature_free(import_sig); + SSH_KEY_FREE(key); key = NULL; } |