aboutsummaryrefslogtreecommitdiff
path: root/tests/unittests/torture_pki.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2018-01-08 23:10:07 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-01-10 22:31:02 +0100
commitddfc36aa568e0cb2b63aee2bca64430c34dc622f (patch)
tree4b02ba77b98123e4133a4c3e07e7cfbc9cb06a15 /tests/unittests/torture_pki.c
parenta5997d180dfbcd8fefd16b001f352436a9e67e7e (diff)
downloadlibssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.tar.gz
libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.tar.xz
libssh-ddfc36aa568e0cb2b63aee2bca64430c34dc622f.zip
tests: Move rsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/unittests/torture_pki.c')
-rw-r--r--tests/unittests/torture_pki.c523
1 files changed, 0 insertions, 523 deletions
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c
index 2355979d..1aff38ae 100644
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -9,38 +9,6 @@
#include "torture_pki.h"
#include "pki.c"
-#define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa"
-
-const unsigned char HASH[] = "12345678901234567890";
-
-static int setup_rsa_key(void **state)
-{
- (void) state; /* unused */
-
- unlink(LIBSSH_RSA_TESTKEY);
- unlink(LIBSSH_RSA_TESTKEY ".pub");
- unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
-
- torture_write_file(LIBSSH_RSA_TESTKEY,
- torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
- torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
- torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
- torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
- torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
-
- return 0;
-}
-
-static int teardown(void **state) {
- (void) state; /* unused */
-
- unlink(LIBSSH_RSA_TESTKEY);
- unlink(LIBSSH_RSA_TESTKEY ".pub");
- unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
-
- return 0;
-}
-
static void torture_pki_keytype(void **state) {
enum ssh_keytypes_e type;
const char *type_c;
@@ -75,502 +43,11 @@ static void torture_pki_signature(void **state)
ssh_signature_free(sig);
}
-static void torture_pki_import_privkey_base64_RSA(void **state) {
- int rc;
- char *key_str;
- ssh_key key;
- const char *passphrase = torture_get_testkey_passphrase();
- enum ssh_keytypes_e type;
-
- (void) state; /* unused */
-
- key_str = torture_pki_read_file(LIBSSH_RSA_TESTKEY);
- assert_true(key_str != NULL);
-
- rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
- assert_true(rc == 0);
-
- type = ssh_key_type(key);
- assert_true(type == SSH_KEYTYPE_RSA);
-
- rc = ssh_key_is_private(key);
- assert_true(rc == 1);
-
- rc = ssh_key_is_public(key);
- assert_true(rc == 1);
-
- free(key_str);
- ssh_key_free(key);
-}
-
-static void torture_pki_import_privkey_base64_NULL_key(void **state) {
- int rc;
- const char *passphrase = torture_get_testkey_passphrase();
-
- (void) state; /* unused */
-
- /* test if it returns -1 if key is NULL */
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
- passphrase,
- NULL,
- NULL,
- NULL);
- assert_true(rc == -1);
-
-}
-
-static void torture_pki_import_privkey_base64_NULL_str(void **state) {
- int rc;
- ssh_key key = NULL;
- const char *passphrase = torture_get_testkey_passphrase();
-
- (void) state; /* unused */
-
- /* test if it returns -1 if key_str is NULL */
- rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key);
- assert_true(rc == -1);
-
- ssh_key_free(key);
-}
-
-static void torture_pki_import_privkey_base64_passphrase(void **state) {
- int rc;
- ssh_key key = NULL;
- const char *passphrase = torture_get_testkey_passphrase();
-
- (void) state; /* unused */
-
-
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
- passphrase,
- NULL,
- NULL,
- &key);
- assert_return_code(rc, errno);
-
- rc = ssh_key_is_private(key);
- assert_true(rc == 1);
-
- ssh_key_free(key);
- key = NULL;
-
- /* test if it returns -1 if passphrase is wrong */
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
- "wrong passphrase !!",
- NULL,
- NULL,
- &key);
- assert_true(rc == -1);
- ssh_key_free(key);
- key = NULL;
-
-#ifndef HAVE_LIBCRYPTO
- /* test if it returns -1 if passphrase is NULL */
- /* libcrypto asks for a passphrase, so skip this test */
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
- NULL,
- NULL,
- NULL,
- &key);
- assert_true(rc == -1);
- ssh_key_free(key);
- key = NULL;
-#endif
-}
-
-static void torture_pki_pki_publickey_from_privatekey_RSA(void **state) {
- int rc;
- ssh_key key;
- ssh_key pubkey;
- const char *passphrase = NULL;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
- passphrase,
- NULL,
- NULL,
- &key);
- assert_true(rc == 0);
-
- rc = ssh_key_is_private(key);
- assert_true(rc == 1);
-
- rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
- assert_true(rc == SSH_OK);
-
- ssh_key_free(key);
- ssh_key_free(pubkey);
-}
-
-static void torture_pki_copy_cert_to_privkey(void **state) {
- /* Tests copying a cert loaded into a public key to a private key.
- The function is encryption type agnostic, no need to run this
- against all supported key types.
- */
- int rc;
- const char *passphrase = torture_get_testkey_passphrase();
- ssh_key pubkey;
- ssh_key privkey;
- ssh_key cert;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
- passphrase,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == SSH_OK);
-
- /* Basic sanity. */
- rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
- assert_true(rc == SSH_ERROR);
-
- rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
- assert_true(rc == SSH_ERROR);
-
- /* A public key doesn't have a cert, copy should fail. */
- assert_true(pubkey->cert == NULL);
- rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
- assert_true(rc == SSH_ERROR);
-
- /* Copying the cert to non-cert keys should work fine. */
- rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
- assert_true(rc == SSH_OK);
- rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
- assert_true(rc == SSH_OK);
-
- /* The private key's cert is already set, another copy should fail. */
- rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
- assert_true(rc == SSH_ERROR);
-
- ssh_key_free(cert);
- ssh_key_free(privkey);
- ssh_key_free(pubkey);
-}
-
-static void torture_pki_import_cert_file_rsa(void **state) {
- int rc;
- ssh_key cert;
- enum ssh_keytypes_e type;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
- assert_true(rc == 0);
-
- type = ssh_key_type(cert);
- assert_true(type == SSH_KEYTYPE_RSA_CERT01);
-
- rc = ssh_key_is_public(cert);
- assert_true(rc == 1);
-
- ssh_key_free(cert);
-}
-
-static void torture_pki_publickey_rsa_base64(void **state)
-{
- enum ssh_keytypes_e type;
- char *b64_key, *key_buf, *p;
- const char *q;
- ssh_key key;
- int rc;
-
- (void) state; /* unused */
-
- key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
- assert_true(key_buf != NULL);
-
- q = p = key_buf;
- while (*p != ' ') p++;
- *p = '\0';
-
- type = ssh_key_type_from_name(q);
- assert_true(((type == SSH_KEYTYPE_RSA) ||
- (type == SSH_KEYTYPE_RSA1)));
-
- q = ++p;
- while (*p != ' ') p++;
- *p = '\0';
-
- rc = ssh_pki_import_pubkey_base64(q, type, &key);
- assert_true(rc == 0);
-
- rc = ssh_pki_export_pubkey_base64(key, &b64_key);
- assert_true(rc == 0);
-
- assert_string_equal(q, b64_key);
-
- free(b64_key);
- free(key_buf);
- ssh_key_free(key);
-}
-
-static void torture_generate_pubkey_from_privkey_rsa(void **state) {
- char pubkey_generated[4096] = {0};
- ssh_key privkey;
- ssh_key pubkey;
- int rc;
- int len;
-
- (void) state; /* unused */
-
- /* remove the public key, generate it from the private key and write it. */
- unlink(LIBSSH_RSA_TESTKEY ".pub");
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == 0);
-
- rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_RSA_TESTKEY ".pub");
- assert_true(rc == 0);
-
- rc = torture_read_one_line(LIBSSH_RSA_TESTKEY ".pub",
- pubkey_generated,
- sizeof(pubkey_generated));
- assert_true(rc == 0);
-
- len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
- assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0),
- pubkey_generated,
- len);
-
- ssh_key_free(privkey);
- ssh_key_free(pubkey);
-}
-
-static void torture_pki_duplicate_key_rsa(void **state)
-{
- int rc;
- char *b64_key;
- char *b64_key_gen;
- ssh_key pubkey;
- ssh_key privkey;
- ssh_key privkey_dup;
-
- (void) state;
-
- rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
- assert_true(rc == 0);
-
- rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
- assert_true(rc == 0);
- ssh_key_free(pubkey);
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == 0);
-
- privkey_dup = ssh_key_dup(privkey);
- assert_true(privkey_dup != NULL);
-
- rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
- assert_true(rc == SSH_OK);
-
- rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key_gen);
- assert_true(rc == 0);
-
- assert_string_equal(b64_key, b64_key_gen);
-
- rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
- assert_true(rc == 0);
-
- ssh_key_free(pubkey);
- ssh_key_free(privkey);
- ssh_key_free(privkey_dup);
- ssh_string_free_char(b64_key);
- ssh_string_free_char(b64_key_gen);
-}
-
-static void torture_pki_generate_key_rsa(void **state)
-{
- int rc;
- ssh_key key;
- ssh_signature sign;
- ssh_session session=ssh_new();
- (void) state;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- ssh_free(session);
-}
-
-static void torture_pki_generate_key_rsa1(void **state)
-{
- int rc;
- ssh_key key;
- ssh_signature sign;
- ssh_session session=ssh_new();
- (void) state;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 1024, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 2048, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 4096, &key);
- assert_true(rc == SSH_OK);
- assert_true(key != NULL);
- sign = pki_do_sign(key, HASH, 20);
- assert_true(sign != NULL);
- rc = pki_signature_verify(session,sign,key,HASH,20);
- assert_true(rc == SSH_OK);
- ssh_signature_free(sign);
- ssh_key_free(key);
- key=NULL;
-
- ssh_free(session);
-}
-
-#ifdef HAVE_LIBCRYPTO
-static void torture_pki_write_privkey_rsa(void **state)
-{
- ssh_key origkey;
- ssh_key privkey;
- int rc;
-
- (void) state; /* unused */
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &origkey);
- assert_true(rc == 0);
-
- unlink(LIBSSH_RSA_TESTKEY);
-
- rc = ssh_pki_export_privkey_file(origkey,
- "",
- NULL,
- NULL,
- LIBSSH_RSA_TESTKEY);
- assert_true(rc == 0);
-
- rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
- NULL,
- NULL,
- NULL,
- &privkey);
- assert_true(rc == 0);
-
- rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
- assert_true(rc == 0);
-
- ssh_key_free(origkey);
- ssh_key_free(privkey);
-}
-#endif /* HAVE_LIBCRYPTO */
-
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
cmocka_unit_test(torture_pki_keytype),
-
cmocka_unit_test(torture_pki_signature),
-
- /* ssh_pki_import_privkey_base64 */
- cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_NULL_key,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_NULL_str,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_RSA,
- setup_rsa_key,
- teardown),
- cmocka_unit_test(torture_pki_import_privkey_base64_passphrase),
- /* ssh_pki_export_privkey_to_pubkey */
- cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_RSA,
- setup_rsa_key,
- teardown),
- /* cert */
- cmocka_unit_test_setup_teardown(torture_pki_copy_cert_to_privkey,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_publickey_rsa_base64,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_generate_pubkey_from_privkey_rsa,
- setup_rsa_key,
- teardown),
- cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_rsa,
- setup_rsa_key,
- teardown),
- cmocka_unit_test(torture_pki_generate_key_rsa),
- cmocka_unit_test(torture_pki_generate_key_rsa1),
-#ifdef HAVE_LIBCRYPTO
- cmocka_unit_test_setup_teardown(torture_pki_write_privkey_rsa,
- setup_rsa_key,
- teardown),
-#endif /* HAVE_LIBCRYPTO */
};
ssh_init();