diff options
| author | Sahana Prasad <sahana@redhat.com> | 2020-05-14 16:32:30 +0200 |
|---|---|---|
| committer | Sahana Prasad <sahana@redhat.com> | 2020-05-20 12:49:29 +0200 |
| commit | 4e4711d2fbe7ff5f33361c991d584e1c89ad893d (patch) | |
| tree | 15734438ef0ba3f6c022cd69181563450e7b38a8 /tests/unittests | |
| parent | 7eb6c7ee6c1633d6fe73fd094ba3aa80d9f1cb3d (diff) | |
| download | libssh-4e4711d2fbe7ff5f33361c991d584e1c89ad893d.tar.gz libssh-4e4711d2fbe7ff5f33361c991d584e1c89ad893d.tar.xz libssh-4e4711d2fbe7ff5f33361c991d584e1c89ad893d.zip | |
unittests: updates torture_pki_ecdsa_uri test by adding negative test cases to ensure there is no crash when
ssh_pki_export_pubkey_blob() is incorrectly used to export ecdsa pubkeys from privkeys
when pubkeys are not imported into pkcs #11 tokens.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'tests/unittests')
| -rw-r--r-- | tests/unittests/torture_pki_ecdsa_uri.c | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/tests/unittests/torture_pki_ecdsa_uri.c b/tests/unittests/torture_pki_ecdsa_uri.c index e5b17df7..0fa6ecf3 100644 --- a/tests/unittests/torture_pki_ecdsa_uri.c +++ b/tests/unittests/torture_pki_ecdsa_uri.c @@ -20,6 +20,9 @@ #define PRIV_URI_FMT_384 "pkcs11:token=ecdsa384;object=ecdsa384;type=private?pin-value=1234" #define PUB_URI_FMT_521 "pkcs11:token=ecdsa521;object=ecdsa521;type=public" #define PRIV_URI_FMT_521 "pkcs11:token=ecdsa521;object=ecdsa521;type=private?pin-value=1234" +#define PRIV_URI_FMT_256_NO_PUB "pkcs11:token=ecdsa256_no_pub_uri;object=ecdsa256_no_pub_uri;type=private?pin-value=1234" +#define PRIV_URI_FMT_384_NO_PUB "pkcs11:token=ecdsa384_no_pub_uri;object=ecdsa384_no_pub_uri;type=private?pin-value=1234" +#define PRIV_URI_FMT_521_NO_PUB "pkcs11:token=ecdsa521_no_pub_uri;object=ecdsa521_no_pub_uri;type=private?pin-value=1234" /** PKCS#11 URIs with invalid fields**/ @@ -102,6 +105,9 @@ static int setup_directory_structure(void **state) setup_tokens_ecdsa(state, 256, "ecdsa256", "1"); setup_tokens_ecdsa(state, 384, "ecdsa384", "1"); setup_tokens_ecdsa(state, 521, "ecdsa521", "1"); + setup_tokens_ecdsa(state, 256, "ecdsa256_no_pub_uri", "0"); + setup_tokens_ecdsa(state, 384, "ecdsa384_no_pub_uri", "0"); + setup_tokens_ecdsa(state, 521, "ecdsa521_no_pub_uri", "0"); return 0; } @@ -161,6 +167,7 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const int rc; ssh_key privkey = NULL; ssh_key pubkey = NULL; + ssh_string pblob = NULL; char pubkey_original[4096] = {0}; char pubkey_generated[4096] = {0}; char convert_key_to_pem[4096]; @@ -177,6 +184,11 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const assert_true(rc == 0); assert_non_null(privkey); + rc = ssh_pki_export_pubkey_blob(privkey, &pblob); + assert_return_code(rc, errno); + assert_true(rc == SSH_OK); + assert_non_null(pblob); + rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey); assert_return_code(rc, errno); assert_true(rc == SSH_OK); @@ -196,7 +208,6 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const assert_return_code(rc, errno); assert_true(rc == 0); - /* remove the public key, generate it from the private key and write it. */ unlink(pub_filename); @@ -216,6 +227,34 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const SSH_KEY_FREE(pubkey); } +static void import_pubkey_without_loading_public_uri(void **state, const char *uri, const char *type) +{ + int rc; + ssh_key privkey = NULL; + ssh_key pubkey = NULL; + ssh_string pblob = NULL; + + rc = ssh_pki_import_privkey_file(uri, + NULL, + NULL, + NULL, + &privkey); + assert_return_code(rc, errno); + assert_true(rc == 0); + assert_non_null(privkey); + + rc = ssh_pki_export_pubkey_blob(privkey, &pblob); + assert_int_not_equal(rc, 0); + assert_null(pblob); + + rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey); + assert_int_not_equal(rc, 0); + assert_null(pubkey); + + SSH_KEY_FREE(privkey); + SSH_KEY_FREE(pubkey); +} + static void torture_pki_ecdsa_publickey_from_privatekey_uri_256(void **state) { torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_256, "ecdsa256"); @@ -231,6 +270,21 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri_521(void **state) torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_521, "ecdsa521"); } +static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_256(void **state) +{ + import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_256_NO_PUB, "ecdsa256_no_pub_uri"); +} + +static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_384(void **state) +{ + import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_384_NO_PUB, "ecdsa384_no_pub_uri"); +} + +static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_521(void **state) +{ + import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_521_NO_PUB, "ecdsa521_no_pub_uri"); +} + static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ssh_digest_e dig_type) { int rc; @@ -482,6 +536,9 @@ int torture_run_tests(void) { /** Expect fail on these negative test cases **/ cmocka_unit_test(torture_pki_ecdsa_import_pubkey_uri_invalid_configurations), + cmocka_unit_test(torture_pki_ecdsa_import_pubkey_without_loading_public_uri_256), + cmocka_unit_test(torture_pki_ecdsa_import_pubkey_without_loading_public_uri_384), + cmocka_unit_test(torture_pki_ecdsa_import_pubkey_without_loading_public_uri_521), }; ssh_session session = ssh_new(); |