diff options
| author | Ben Toews <mastahyeti@gmail.com> | 2019-03-12 10:25:49 -0600 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-04-17 10:21:42 +0200 |
| commit | b1f3cfec34c6a4acf779dac926535217d7312fba (patch) | |
| tree | 30a095cf4be1dae2dc392599a2b6afaf9d0181e9 /tests/unittests/torture_pki_ecdsa.c | |
| parent | 78f764b7c983e030f07ad162fa18a3c69aa4a973 (diff) | |
| download | libssh-b1f3cfec34c6a4acf779dac926535217d7312fba.tar.gz libssh-b1f3cfec34c6a4acf779dac926535217d7312fba.tar.xz libssh-b1f3cfec34c6a4acf779dac926535217d7312fba.zip | |
libssh: deprecate SSH_KEYTYPE_ECDSA
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests/unittests/torture_pki_ecdsa.c')
| -rw-r--r-- | tests/unittests/torture_pki_ecdsa.c | 114 |
1 files changed, 95 insertions, 19 deletions
diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c index 989daf55..c4d4dbdd 100644 --- a/tests/unittests/torture_pki_ecdsa.c +++ b/tests/unittests/torture_pki_ecdsa.c @@ -19,6 +19,7 @@ const unsigned char ECDSA_HASH[] = "12345678901234567890"; struct pki_st { char *cwd; char *temp_dir; + enum ssh_keytypes_e type; }; static int setup_ecdsa_key(void **state, int ecdsa_bits) @@ -47,12 +48,24 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits) printf("Changed directory to: %s\n", tmp_dir); + switch (ecdsa_bits) { + case 521: + test_state->type = SSH_KEYTYPE_ECDSA_P521; + break; + case 384: + test_state->type = SSH_KEYTYPE_ECDSA_P384; + break; + default: + test_state->type = SSH_KEYTYPE_ECDSA_P256; + break; + } + torture_write_file(LIBSSH_ECDSA_TESTKEY, - torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0)); + torture_get_testkey(test_state->type, 0)); torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, - torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1)); + torture_get_testkey(test_state->type, 1)); torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", - torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); + torture_get_testkey_pub(test_state->type)); return 0; } @@ -84,15 +97,25 @@ static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits) printf("Changed directory to: %s\n", tmp_dir); - keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0); - torture_write_file(LIBSSH_ECDSA_TESTKEY, - keystring); + switch (ecdsa_bits) { + case 521: + test_state->type = SSH_KEYTYPE_ECDSA_P521; + break; + case 384: + test_state->type = SSH_KEYTYPE_ECDSA_P384; + break; + default: + test_state->type = SSH_KEYTYPE_ECDSA_P256; + break; + } - keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1); - torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, - keystring); + keystring = torture_get_openssh_testkey(test_state->type, 0); + torture_write_file(LIBSSH_ECDSA_TESTKEY, keystring); + + keystring = torture_get_openssh_testkey(test_state->type, 1); + torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, keystring); torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", - torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); + torture_get_testkey_pub(test_state->type)); return 0; } @@ -249,8 +272,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state) const char *q = NULL; ssh_key key = NULL; int rc; - - (void) state; /* unused */ + struct pki_st *test_state = *((struct pki_st **)state); key_buf = torture_pki_read_file(LIBSSH_ECDSA_TESTKEY ".pub"); assert_non_null(key_buf); @@ -262,7 +284,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state) } type = ssh_key_type_from_name(q); - assert_true(type == SSH_KEYTYPE_ECDSA); + assert_true(type == test_state->type); q = ++p; while (p != NULL && *p != '\0' && *p != ' ') p++; @@ -427,6 +449,24 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_session session=ssh_new(); (void) state; + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key); + assert_true(rc == SSH_OK); + assert_non_null(key); + sign = pki_do_sign(key, ECDSA_HASH, 20); + assert_non_null(sign); + rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + assert_true(rc == SSH_OK); + type = ssh_key_type(key); + assert_true(type == SSH_KEYTYPE_ECDSA_P256); + type_char = ssh_key_type_to_char(type); + assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0); + etype_char = ssh_pki_key_ecdsa_name(key); + assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0); + + ssh_signature_free(sign); + SSH_KEY_FREE(key); + + /* deprecated */ rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key); assert_true(rc == SSH_OK); assert_non_null(key); @@ -435,15 +475,33 @@ static void torture_pki_generate_key_ecdsa(void **state) rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); assert_true(rc == SSH_OK); type = ssh_key_type(key); - assert_true(type == SSH_KEYTYPE_ECDSA); + assert_true(type == SSH_KEYTYPE_ECDSA_P256); type_char = ssh_key_type_to_char(type); - assert_true(strcmp(type_char, "ssh-ecdsa") == 0); + assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0); etype_char = ssh_pki_key_ecdsa_name(key); assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0); ssh_signature_free(sign); SSH_KEY_FREE(key); + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key); + assert_true(rc == SSH_OK); + assert_non_null(key); + sign = pki_do_sign(key, ECDSA_HASH, 20); + assert_non_null(sign); + rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + assert_true(rc == SSH_OK); + type = ssh_key_type(key); + assert_true(type == SSH_KEYTYPE_ECDSA_P384); + type_char = ssh_key_type_to_char(type); + assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0); + etype_char =ssh_pki_key_ecdsa_name(key); + assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0); + + ssh_signature_free(sign); + SSH_KEY_FREE(key); + + /* deprecated */ rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key); assert_true(rc == SSH_OK); assert_non_null(key); @@ -452,15 +510,33 @@ static void torture_pki_generate_key_ecdsa(void **state) rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); assert_true(rc == SSH_OK); type = ssh_key_type(key); - assert_true(type == SSH_KEYTYPE_ECDSA); + assert_true(type == SSH_KEYTYPE_ECDSA_P384); type_char = ssh_key_type_to_char(type); - assert_true(strcmp(type_char, "ssh-ecdsa") == 0); + assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0); etype_char =ssh_pki_key_ecdsa_name(key); assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0); ssh_signature_free(sign); SSH_KEY_FREE(key); + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key); + assert_true(rc == SSH_OK); + assert_non_null(key); + sign = pki_do_sign(key, ECDSA_HASH, 20); + assert_non_null(sign); + rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + assert_true(rc == SSH_OK); + type = ssh_key_type(key); + assert_true(type == SSH_KEYTYPE_ECDSA_P521); + type_char = ssh_key_type_to_char(type); + assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0); + etype_char =ssh_pki_key_ecdsa_name(key); + assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0); + + ssh_signature_free(sign); + SSH_KEY_FREE(key); + + /* deprecated */ rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key); assert_true(rc == SSH_OK); assert_non_null(key); @@ -469,9 +545,9 @@ static void torture_pki_generate_key_ecdsa(void **state) rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); assert_true(rc == SSH_OK); type = ssh_key_type(key); - assert_true(type == SSH_KEYTYPE_ECDSA); + assert_true(type == SSH_KEYTYPE_ECDSA_P521); type_char = ssh_key_type_to_char(type); - assert_true(strcmp(type_char, "ssh-ecdsa") == 0); + assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0); etype_char =ssh_pki_key_ecdsa_name(key); assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0); |