diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2018-01-08 23:10:07 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-01-10 22:31:02 +0100 |
commit | ddfc36aa568e0cb2b63aee2bca64430c34dc622f (patch) | |
tree | 4b02ba77b98123e4133a4c3e07e7cfbc9cb06a15 /tests/unittests/torture_pki.c | |
parent | a5997d180dfbcd8fefd16b001f352436a9e67e7e (diff) | |
download | libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.tar.gz libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.tar.xz libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.zip |
tests: Move rsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/unittests/torture_pki.c')
-rw-r--r-- | tests/unittests/torture_pki.c | 523 |
1 files changed, 0 insertions, 523 deletions
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c index 2355979d..1aff38ae 100644 --- a/tests/unittests/torture_pki.c +++ b/tests/unittests/torture_pki.c @@ -9,38 +9,6 @@ #include "torture_pki.h" #include "pki.c" -#define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa" - -const unsigned char HASH[] = "12345678901234567890"; - -static int setup_rsa_key(void **state) -{ - (void) state; /* unused */ - - unlink(LIBSSH_RSA_TESTKEY); - unlink(LIBSSH_RSA_TESTKEY ".pub"); - unlink(LIBSSH_RSA_TESTKEY "-cert.pub"); - - torture_write_file(LIBSSH_RSA_TESTKEY, - torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); - torture_write_file(LIBSSH_RSA_TESTKEY ".pub", - torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); - torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", - torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); - - return 0; -} - -static int teardown(void **state) { - (void) state; /* unused */ - - unlink(LIBSSH_RSA_TESTKEY); - unlink(LIBSSH_RSA_TESTKEY ".pub"); - unlink(LIBSSH_RSA_TESTKEY "-cert.pub"); - - return 0; -} - static void torture_pki_keytype(void **state) { enum ssh_keytypes_e type; const char *type_c; @@ -75,502 +43,11 @@ static void torture_pki_signature(void **state) ssh_signature_free(sig); } -static void torture_pki_import_privkey_base64_RSA(void **state) { - int rc; - char *key_str; - ssh_key key; - const char *passphrase = torture_get_testkey_passphrase(); - enum ssh_keytypes_e type; - - (void) state; /* unused */ - - key_str = torture_pki_read_file(LIBSSH_RSA_TESTKEY); - assert_true(key_str != NULL); - - rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key); - assert_true(rc == 0); - - type = ssh_key_type(key); - assert_true(type == SSH_KEYTYPE_RSA); - - rc = ssh_key_is_private(key); - assert_true(rc == 1); - - rc = ssh_key_is_public(key); - assert_true(rc == 1); - - free(key_str); - ssh_key_free(key); -} - -static void torture_pki_import_privkey_base64_NULL_key(void **state) { - int rc; - const char *passphrase = torture_get_testkey_passphrase(); - - (void) state; /* unused */ - - /* test if it returns -1 if key is NULL */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), - passphrase, - NULL, - NULL, - NULL); - assert_true(rc == -1); - -} - -static void torture_pki_import_privkey_base64_NULL_str(void **state) { - int rc; - ssh_key key = NULL; - const char *passphrase = torture_get_testkey_passphrase(); - - (void) state; /* unused */ - - /* test if it returns -1 if key_str is NULL */ - rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key); - assert_true(rc == -1); - - ssh_key_free(key); -} - -static void torture_pki_import_privkey_base64_passphrase(void **state) { - int rc; - ssh_key key = NULL; - const char *passphrase = torture_get_testkey_passphrase(); - - (void) state; /* unused */ - - - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), - passphrase, - NULL, - NULL, - &key); - assert_return_code(rc, errno); - - rc = ssh_key_is_private(key); - assert_true(rc == 1); - - ssh_key_free(key); - key = NULL; - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), - "wrong passphrase !!", - NULL, - NULL, - &key); - assert_true(rc == -1); - ssh_key_free(key); - key = NULL; - -#ifndef HAVE_LIBCRYPTO - /* test if it returns -1 if passphrase is NULL */ - /* libcrypto asks for a passphrase, so skip this test */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), - NULL, - NULL, - NULL, - &key); - assert_true(rc == -1); - ssh_key_free(key); - key = NULL; -#endif -} - -static void torture_pki_pki_publickey_from_privatekey_RSA(void **state) { - int rc; - ssh_key key; - ssh_key pubkey; - const char *passphrase = NULL; - - (void) state; /* unused */ - - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), - passphrase, - NULL, - NULL, - &key); - assert_true(rc == 0); - - rc = ssh_key_is_private(key); - assert_true(rc == 1); - - rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); - assert_true(rc == SSH_OK); - - ssh_key_free(key); - ssh_key_free(pubkey); -} - -static void torture_pki_copy_cert_to_privkey(void **state) { - /* Tests copying a cert loaded into a public key to a private key. - The function is encryption type agnostic, no need to run this - against all supported key types. - */ - int rc; - const char *passphrase = torture_get_testkey_passphrase(); - ssh_key pubkey; - ssh_key privkey; - ssh_key cert; - - (void) state; /* unused */ - - rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert); - assert_true(rc == SSH_OK); - - rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey); - assert_true(rc == SSH_OK); - - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), - passphrase, - NULL, - NULL, - &privkey); - assert_true(rc == SSH_OK); - - /* Basic sanity. */ - rc = ssh_pki_copy_cert_to_privkey(NULL, privkey); - assert_true(rc == SSH_ERROR); - - rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL); - assert_true(rc == SSH_ERROR); - - /* A public key doesn't have a cert, copy should fail. */ - assert_true(pubkey->cert == NULL); - rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey); - assert_true(rc == SSH_ERROR); - - /* Copying the cert to non-cert keys should work fine. */ - rc = ssh_pki_copy_cert_to_privkey(cert, pubkey); - assert_true(rc == SSH_OK); - rc = ssh_pki_copy_cert_to_privkey(cert, privkey); - assert_true(rc == SSH_OK); - - /* The private key's cert is already set, another copy should fail. */ - rc = ssh_pki_copy_cert_to_privkey(cert, privkey); - assert_true(rc == SSH_ERROR); - - ssh_key_free(cert); - ssh_key_free(privkey); - ssh_key_free(pubkey); -} - -static void torture_pki_import_cert_file_rsa(void **state) { - int rc; - ssh_key cert; - enum ssh_keytypes_e type; - - (void) state; /* unused */ - - rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert); - assert_true(rc == 0); - - type = ssh_key_type(cert); - assert_true(type == SSH_KEYTYPE_RSA_CERT01); - - rc = ssh_key_is_public(cert); - assert_true(rc == 1); - - ssh_key_free(cert); -} - -static void torture_pki_publickey_rsa_base64(void **state) -{ - enum ssh_keytypes_e type; - char *b64_key, *key_buf, *p; - const char *q; - ssh_key key; - int rc; - - (void) state; /* unused */ - - key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); - assert_true(key_buf != NULL); - - q = p = key_buf; - while (*p != ' ') p++; - *p = '\0'; - - type = ssh_key_type_from_name(q); - assert_true(((type == SSH_KEYTYPE_RSA) || - (type == SSH_KEYTYPE_RSA1))); - - q = ++p; - while (*p != ' ') p++; - *p = '\0'; - - rc = ssh_pki_import_pubkey_base64(q, type, &key); - assert_true(rc == 0); - - rc = ssh_pki_export_pubkey_base64(key, &b64_key); - assert_true(rc == 0); - - assert_string_equal(q, b64_key); - - free(b64_key); - free(key_buf); - ssh_key_free(key); -} - -static void torture_generate_pubkey_from_privkey_rsa(void **state) { - char pubkey_generated[4096] = {0}; - ssh_key privkey; - ssh_key pubkey; - int rc; - int len; - - (void) state; /* unused */ - - /* remove the public key, generate it from the private key and write it. */ - unlink(LIBSSH_RSA_TESTKEY ".pub"); - - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, - NULL, - NULL, - NULL, - &privkey); - assert_true(rc == 0); - - rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey); - assert_true(rc == SSH_OK); - - rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_RSA_TESTKEY ".pub"); - assert_true(rc == 0); - - rc = torture_read_one_line(LIBSSH_RSA_TESTKEY ".pub", - pubkey_generated, - sizeof(pubkey_generated)); - assert_true(rc == 0); - - len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); - assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0), - pubkey_generated, - len); - - ssh_key_free(privkey); - ssh_key_free(pubkey); -} - -static void torture_pki_duplicate_key_rsa(void **state) -{ - int rc; - char *b64_key; - char *b64_key_gen; - ssh_key pubkey; - ssh_key privkey; - ssh_key privkey_dup; - - (void) state; - - rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey); - assert_true(rc == 0); - - rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); - assert_true(rc == 0); - ssh_key_free(pubkey); - - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, - NULL, - NULL, - NULL, - &privkey); - assert_true(rc == 0); - - privkey_dup = ssh_key_dup(privkey); - assert_true(privkey_dup != NULL); - - rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey); - assert_true(rc == SSH_OK); - - rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key_gen); - assert_true(rc == 0); - - assert_string_equal(b64_key, b64_key_gen); - - rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - - ssh_key_free(pubkey); - ssh_key_free(privkey); - ssh_key_free(privkey_dup); - ssh_string_free_char(b64_key); - ssh_string_free_char(b64_key_gen); -} - -static void torture_pki_generate_key_rsa(void **state) -{ - int rc; - ssh_key key; - ssh_signature sign; - ssh_session session=ssh_new(); - (void) state; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key); - assert_true(rc == SSH_OK); - assert_true(key != NULL); - sign = pki_do_sign(key, HASH, 20); - assert_true(sign != NULL); - rc = pki_signature_verify(session,sign,key,HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); - ssh_key_free(key); - key=NULL; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); - assert_true(rc == SSH_OK); - assert_true(key != NULL); - sign = pki_do_sign(key, HASH, 20); - assert_true(sign != NULL); - rc = pki_signature_verify(session,sign,key,HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); - ssh_key_free(key); - key=NULL; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); - assert_true(rc == SSH_OK); - assert_true(key != NULL); - sign = pki_do_sign(key, HASH, 20); - assert_true(sign != NULL); - rc = pki_signature_verify(session,sign,key,HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); - ssh_key_free(key); - key=NULL; - - ssh_free(session); -} - -static void torture_pki_generate_key_rsa1(void **state) -{ - int rc; - ssh_key key; - ssh_signature sign; - ssh_session session=ssh_new(); - (void) state; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 1024, &key); - assert_true(rc == SSH_OK); - assert_true(key != NULL); - sign = pki_do_sign(key, HASH, 20); - assert_true(sign != NULL); - rc = pki_signature_verify(session,sign,key,HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); - ssh_key_free(key); - key=NULL; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 2048, &key); - assert_true(rc == SSH_OK); - assert_true(key != NULL); - sign = pki_do_sign(key, HASH, 20); - assert_true(sign != NULL); - rc = pki_signature_verify(session,sign,key,HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); - ssh_key_free(key); - key=NULL; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 4096, &key); - assert_true(rc == SSH_OK); - assert_true(key != NULL); - sign = pki_do_sign(key, HASH, 20); - assert_true(sign != NULL); - rc = pki_signature_verify(session,sign,key,HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); - ssh_key_free(key); - key=NULL; - - ssh_free(session); -} - -#ifdef HAVE_LIBCRYPTO -static void torture_pki_write_privkey_rsa(void **state) -{ - ssh_key origkey; - ssh_key privkey; - int rc; - - (void) state; /* unused */ - - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, - NULL, - NULL, - NULL, - &origkey); - assert_true(rc == 0); - - unlink(LIBSSH_RSA_TESTKEY); - - rc = ssh_pki_export_privkey_file(origkey, - "", - NULL, - NULL, - LIBSSH_RSA_TESTKEY); - assert_true(rc == 0); - - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, - NULL, - NULL, - NULL, - &privkey); - assert_true(rc == 0); - - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - - ssh_key_free(origkey); - ssh_key_free(privkey); -} -#endif /* HAVE_LIBCRYPTO */ - int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { cmocka_unit_test(torture_pki_keytype), - cmocka_unit_test(torture_pki_signature), - - /* ssh_pki_import_privkey_base64 */ - cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_NULL_key, - setup_rsa_key, - teardown), - cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_NULL_str, - setup_rsa_key, - teardown), - cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_RSA, - setup_rsa_key, - teardown), - cmocka_unit_test(torture_pki_import_privkey_base64_passphrase), - /* ssh_pki_export_privkey_to_pubkey */ - cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_RSA, - setup_rsa_key, - teardown), - /* cert */ - cmocka_unit_test_setup_teardown(torture_pki_copy_cert_to_privkey, - setup_rsa_key, - teardown), - cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa, - setup_rsa_key, - teardown), - cmocka_unit_test_setup_teardown(torture_pki_publickey_rsa_base64, - setup_rsa_key, - teardown), - cmocka_unit_test_setup_teardown(torture_generate_pubkey_from_privkey_rsa, - setup_rsa_key, - teardown), - cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_rsa, - setup_rsa_key, - teardown), - cmocka_unit_test(torture_pki_generate_key_rsa), - cmocka_unit_test(torture_pki_generate_key_rsa1), -#ifdef HAVE_LIBCRYPTO - cmocka_unit_test_setup_teardown(torture_pki_write_privkey_rsa, - setup_rsa_key, - teardown), -#endif /* HAVE_LIBCRYPTO */ }; ssh_init(); |