aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAxel Eppe <aeppe@google.com>2015-08-23 17:53:55 +0100
committerAndreas Schneider <asn@cryptomilk.org>2015-09-07 13:30:34 +0200
commitd8be35de7f125daa043699fa4e4e9546de9648b1 (patch)
tree0424a7594dc009beef5c3cab065dd5b1acc3a63a
parentbdfe6870f63227a623ec3f91fad3b09c42119e77 (diff)
downloadlibssh-d8be35de7f125daa043699fa4e4e9546de9648b1.tar.gz
libssh-d8be35de7f125daa043699fa4e4e9546de9648b1.tar.xz
libssh-d8be35de7f125daa043699fa4e4e9546de9648b1.zip
tests: Add tests for the new ssh_pki cert functions
Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--tests/torture.c59
-rw-r--r--tests/unittests/torture_pki.c110
2 files changed, 169 insertions, 0 deletions
diff --git a/tests/torture.c b/tests/torture.c
index ea4bc839..89206bbf 100644
--- a/tests/torture.c
+++ b/tests/torture.c
@@ -80,6 +80,32 @@ static const char torture_rsa_testkey_pub[] =
"QMRjUBThzmDXWeHMfMGL2ow63kPOtlCkPiPSADYs4ekeGg52DVm4esZ "
"aris@aris-air\n";
+static const char torture_rsa_testkey_cert[] =
+ "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNz"
+ "aC5jb20AAAAgL77S/SgY969FbEtNBsbLvvtGFgnEHaPb+V7ajwuf+R0AAAADAQABA"
+ "AABAQCsA5ERRaUFckApnmEAFjLGdFrINk/Vsl4ts9Ur6enF6auEfJmCN1tjcAOi34"
+ "lHJaO+WXbDYYj7duW3SP7H9lbCMwq79BhzJxinkcvTWCjE7G66xluL4qIdEYHrPQQ"
+ "x1cztTzZTuUD+P/8fJmmnIONQOeJZptdAmB7ySwZcZOIV4An/rzu5X4klyMY/EAYV"
+ "DHPKOK1/8Wsv1LRYYplvKp4YPPJ4FnU0si5qI45HIsZJbh24csM3vwSawmfCqDaAl"
+ "CZFJoPgE1kyO1t+IVxIv1TDhdAVOxa6BQMRjUBThzmDXWeHMfMGL2ow63kPOtlCkP"
+ "iPSADYs4ekeGg52DVm4esZAAAAAAAAAAAAAAABAAAADmxpYnNzaF90b3J0dXJlAAA"
+ "AAAAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRp"
+ "bmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtc"
+ "G9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdX"
+ "Nlci1yYwAAAAAAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAoowcv2Gn8tO"
+ "eDyw/lgdMpoBsLtHTTdVVOOo5HwMFvj/lFkbZlb6J2n9GIE64HNPE45vSnIdJZwz4"
+ "UYfTvtnNKNHp1MgMrjK1Z6EjyZsGqDZ+BhmvcKA6IckkhBJnDV7U9dMrovAWha61Z"
+ "9GpDqB1naRfbwqJQwSRHF1p71Cnf0fZKxOhAVx0ophmYGz3x3qq4PeOZv3Yl0AHTV"
+ "dRmqmeELDUxeuXN2bgSyb881zEgdaKHH5oWySykP4uwjn6T7ETuL2MsDdG3HZHDhn"
+ "LzLmfzOZ/cNadMCrgauMluQKc5dYF2TSeDaUxwun/NPMQBVZdETHLAMBgkGmhRUku"
+ "flVDIQAAAQ8AAAAHc3NoLXJzYQAAAQADSp4b/Zta8zs6v47iwmxV2Gbucvt1kDrvT"
+ "vKAKSbGN0+zoMyXiNfMHM/OvZObDS/WWGs4GMRqbJavwO3ja/dQY17oJss23lZ+Rc"
+ "Lw4Rqsi3/ZEPCnX6ficiRS/yRN/LAkoXvx9vBx9QHfxlzF6JXq07wTt21zxW0tntd"
+ "8dL+JI9ZZ9YylnxF3gHqfRFe2ahJpiywmxm0yOZgDmimOhep59i6BH5zHiPALvpge"
+ "Mbk075oA5K9XKsHTflCcsQRQH+pXqaNQGL37z2CFz9oezxQYvIqqKF0w/eeRIARoA"
+ "neB6OdgTpKFsmgPZVtqrvhjw+b5T8a4W4iWSl+6wg6gowAm "
+ "rsa_privkey.pub\n";
+
static const char torture_dsa_testkey[] =
"-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBuwIBAAKBgQCUyvVPEkn3UnZDjzCzSzSHpTltzr0Ec+1mz/JACjHMBJ9C/W/P\n"
@@ -106,6 +132,35 @@ static const char torture_dsa_testkey_pub[] =
"7b2uADmhirI6dRZUVO+/iMGUvDxa66OI4hDV055pbwQhtxupUatThyDzIg== "
"aris@aris-air\n";
+static const char torture_dsa_testkey_cert[] =
+ "ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNza"
+ "C5jb20AAAAgKAd9MpIBrzctQyJvCYYJ2WUD5fyWlXMSv1G/3VihbCAAAACBAJTK9U8"
+ "SSfdSdkOPMLNLNIelOW3OvQRz7WbP8kAKMcwEn0L9b8/C8ffKOR+gWGFES+hjsg+fA"
+ "C7ltzHDxOQhKrthE5DjT0+rDA+/LQ3cZSn/6QpLbrwEgn5Uo3nXddF/t4vV7hodQn5"
+ "qX3HUnFOZzpPQYGrWXK74JNRTKHblo0MXAAAAFQCvOI9tBplPs3sI0MLCF7lW+gvzx"
+ "wAAAIBeG4hWwnFRAnmdZBEt/ujdcQZD4RxWYc7MwHXEKweNiekSGFyj6v8cNlIPfWT"
+ "MN4BlTJzPfVaoYvzJev45lEuoSwYLt3AQDM+JcO6XTMdyXTKIo+tGsuA0kd4pxPol+"
+ "UGeAruNBEhVSDcXfXTh9tVravBqeIuXgZIFk9cylR2eDwAAAIB4roDQBfgf8AoSAJA"
+ "b7y8OVvxt5cT7iqaRMQX2XgtW09Nu9RbUIVS7n2mw3iqZG0xnG3iv1oL9gwNXMLlf+"
+ "gLmsqU3788jaEZ9IhZ8VdgHAoHm6UWM7b2uADmhirI6dRZUVO+/iMGUvDxa66OI4hD"
+ "V055pbwQhtxupUatThyDzIgAAAAAAAAAAAAAAAQAAAA5saWJzc2hfdG9ydHVyZQAAA"
+ "AAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5"
+ "nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvc"
+ "nQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXI"
+ "tcmMAAAAAAAAAAAAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBAKKMHL9hp/LTng8sP"
+ "5YHTKaAbC7R003VVTjqOR8DBb4/5RZG2ZW+idp/RiBOuBzTxOOb0pyHSWcM+FGH077"
+ "ZzSjR6dTIDK4ytWehI8mbBqg2fgYZr3CgOiHJJIQSZw1e1PXTK6LwFoWutWfRqQ6gd"
+ "Z2kX28KiUMEkRxdae9Qp39H2SsToQFcdKKYZmBs98d6quD3jmb92JdAB01XUZqpnhC"
+ "w1MXrlzdm4Esm/PNcxIHWihx+aFskspD+LsI5+k+xE7i9jLA3Rtx2Rw4Zy8y5n8zmf"
+ "3DWnTAq4GrjJbkCnOXWBdk0ng2lMcLp/zTzEAVWXRExywDAYJBpoUVJLn5VQyEAAAE"
+ "PAAAAB3NzaC1yc2EAAAEAAt4V9aGqeahOfUvhG7M8/Mn26aLB/HXbICYFJF7dY6urm"
+ "SIoS2KBqISCFGXTituiwGlZeAJ+pVgCMYo07Nxtd6oqIjsgKfJqDNx7e4pGw/YJnkm"
+ "BqMO/k/ygu2mLmQF0lnpmG2KyjKEljMibHaKlFkcVNbwfOb4p8N3OHm66g5mbCUTRZ"
+ "DHqMSJb3YtnObLexD13RydwxkG5AfCnOWxy5O4agXGEYwr/48AQBHYg9obGtpD1qyF"
+ "4mMXgzaLViFtcwah6wHGlW0UPQMvrq/RqigAkyUszSccfibkIXJ+wGAgsRYhVAMwME"
+ "JqPZ6GHOEIjLBKUegsclHb7Pk0YO8Auaw== "
+ "aris@aris-air\n";
+
static const char torture_rsa_testkey_pp[] =
"-----BEGIN RSA PRIVATE KEY-----\n"
"Proc-Type: 4,ENCRYPTED\n"
@@ -622,6 +677,10 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
return torture_ed25519_testkey_pp;
}
return torture_ed25519_testkey;
+ case SSH_KEYTYPE_DSS_CERT01:
+ return torture_dsa_testkey_cert;
+ case SSH_KEYTYPE_RSA_CERT01:
+ return torture_rsa_testkey_cert;
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN:
return NULL;
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c
index b5627dcd..41fa4521 100644
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -18,11 +18,14 @@ static int setup_rsa_key(void **state)
unlink(LIBSSH_RSA_TESTKEY);
unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
+ torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
return 0;
}
@@ -32,11 +35,14 @@ static int setup_dsa_key(void **state) {
unlink(LIBSSH_DSA_TESTKEY);
unlink(LIBSSH_DSA_TESTKEY ".pub");
+ unlink(LIBSSH_DSA_TESTKEY "-cert.pub");
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
+ torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0));
return 0;
}
@@ -105,9 +111,11 @@ static int teardown(void **state) {
unlink(LIBSSH_DSA_TESTKEY);
unlink(LIBSSH_DSA_TESTKEY ".pub");
+ unlink(LIBSSH_DSA_TESTKEY "-cert.pub");
unlink(LIBSSH_RSA_TESTKEY);
unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
unlink(LIBSSH_ECDSA_TESTKEY);
unlink(LIBSSH_ECDSA_TESTKEY ".pub");
@@ -536,6 +544,97 @@ static void torture_pki_publickey_from_privatekey_ECDSA(void **state) {
}
#endif
+static void torture_pki_copy_cert_to_privkey(void **state) {
+ /* Tests copying a cert loaded into a public key to a private key.
+ The function is encryption type agnostic, no need to run this
+ against all supported key types.
+ */
+ int rc;
+ const char *passphrase = torture_get_testkey_passphrase();
+ ssh_key pubkey;
+ ssh_key privkey;
+ ssh_key cert;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+ passphrase,
+ NULL,
+ NULL,
+ &privkey);
+ assert_true(rc == SSH_OK);
+
+ /* Basic sanity. */
+ rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
+ assert_true(rc == SSH_ERROR);
+
+ /* A public key doesn't have a cert, copy should fail. */
+ assert_true(pubkey->cert == NULL);
+ rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ /* Copying the cert to non-cert keys should work fine. */
+ rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
+ assert_true(rc == SSH_OK);
+ rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+ assert_true(rc == SSH_OK);
+
+ /* The private key's cert is already set, another copy should fail. */
+ rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ ssh_key_free(cert);
+ ssh_key_free(privkey);
+ ssh_key_free(pubkey);
+}
+
+static void torture_pki_import_cert_file_rsa(void **state) {
+ int rc;
+ ssh_key cert;
+ enum ssh_keytypes_e type;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == 0);
+
+ type = ssh_key_type(cert);
+ assert_true(type == SSH_KEYTYPE_RSA_CERT01);
+
+ rc = ssh_key_is_public(cert);
+ assert_true(rc == 1);
+
+ ssh_key_free(cert);
+}
+
+static void torture_pki_import_cert_file_dsa(void **state) {
+ int rc;
+ ssh_key cert;
+ enum ssh_keytypes_e type;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == 0);
+
+ type = ssh_key_type(cert);
+ assert_true(type == SSH_KEYTYPE_DSS_CERT01);
+
+ rc = ssh_key_is_public(cert);
+ assert_true(rc == 1);
+
+ ssh_key_free(cert);
+}
+
static void torture_pki_publickey_dsa_base64(void **state)
{
enum ssh_keytypes_e type;
@@ -1539,6 +1638,17 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_ed25519,
setup_ed25519_key,
teardown),
+ /* cert */
+ cmocka_unit_test_setup_teardown(torture_pki_copy_cert_to_privkey,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_dsa,
+ setup_dsa_key,
+ teardown),
+
/* public key */
cmocka_unit_test_setup_teardown(torture_pki_publickey_dsa_base64,
setup_dsa_key,