diff options
author | Axel Eppe <aeppe@google.com> | 2015-08-23 17:53:55 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-09-07 13:30:34 +0200 |
commit | d8be35de7f125daa043699fa4e4e9546de9648b1 (patch) | |
tree | 0424a7594dc009beef5c3cab065dd5b1acc3a63a | |
parent | bdfe6870f63227a623ec3f91fad3b09c42119e77 (diff) | |
download | libssh-d8be35de7f125daa043699fa4e4e9546de9648b1.tar.gz libssh-d8be35de7f125daa043699fa4e4e9546de9648b1.tar.xz libssh-d8be35de7f125daa043699fa4e4e9546de9648b1.zip |
tests: Add tests for the new ssh_pki cert functions
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | tests/torture.c | 59 | ||||
-rw-r--r-- | tests/unittests/torture_pki.c | 110 |
2 files changed, 169 insertions, 0 deletions
diff --git a/tests/torture.c b/tests/torture.c index ea4bc839..89206bbf 100644 --- a/tests/torture.c +++ b/tests/torture.c @@ -80,6 +80,32 @@ static const char torture_rsa_testkey_pub[] = "QMRjUBThzmDXWeHMfMGL2ow63kPOtlCkPiPSADYs4ekeGg52DVm4esZ " "aris@aris-air\n"; +static const char torture_rsa_testkey_cert[] = + "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNz" + "aC5jb20AAAAgL77S/SgY969FbEtNBsbLvvtGFgnEHaPb+V7ajwuf+R0AAAADAQABA" + "AABAQCsA5ERRaUFckApnmEAFjLGdFrINk/Vsl4ts9Ur6enF6auEfJmCN1tjcAOi34" + "lHJaO+WXbDYYj7duW3SP7H9lbCMwq79BhzJxinkcvTWCjE7G66xluL4qIdEYHrPQQ" + "x1cztTzZTuUD+P/8fJmmnIONQOeJZptdAmB7ySwZcZOIV4An/rzu5X4klyMY/EAYV" + "DHPKOK1/8Wsv1LRYYplvKp4YPPJ4FnU0si5qI45HIsZJbh24csM3vwSawmfCqDaAl" + "CZFJoPgE1kyO1t+IVxIv1TDhdAVOxa6BQMRjUBThzmDXWeHMfMGL2ow63kPOtlCkP" + "iPSADYs4ekeGg52DVm4esZAAAAAAAAAAAAAAABAAAADmxpYnNzaF90b3J0dXJlAAA" + "AAAAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRp" + "bmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtc" + "G9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdX" + "Nlci1yYwAAAAAAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAoowcv2Gn8tO" + "eDyw/lgdMpoBsLtHTTdVVOOo5HwMFvj/lFkbZlb6J2n9GIE64HNPE45vSnIdJZwz4" + "UYfTvtnNKNHp1MgMrjK1Z6EjyZsGqDZ+BhmvcKA6IckkhBJnDV7U9dMrovAWha61Z" + "9GpDqB1naRfbwqJQwSRHF1p71Cnf0fZKxOhAVx0ophmYGz3x3qq4PeOZv3Yl0AHTV" + "dRmqmeELDUxeuXN2bgSyb881zEgdaKHH5oWySykP4uwjn6T7ETuL2MsDdG3HZHDhn" + "LzLmfzOZ/cNadMCrgauMluQKc5dYF2TSeDaUxwun/NPMQBVZdETHLAMBgkGmhRUku" + "flVDIQAAAQ8AAAAHc3NoLXJzYQAAAQADSp4b/Zta8zs6v47iwmxV2Gbucvt1kDrvT" + "vKAKSbGN0+zoMyXiNfMHM/OvZObDS/WWGs4GMRqbJavwO3ja/dQY17oJss23lZ+Rc" + "Lw4Rqsi3/ZEPCnX6ficiRS/yRN/LAkoXvx9vBx9QHfxlzF6JXq07wTt21zxW0tntd" + "8dL+JI9ZZ9YylnxF3gHqfRFe2ahJpiywmxm0yOZgDmimOhep59i6BH5zHiPALvpge" + "Mbk075oA5K9XKsHTflCcsQRQH+pXqaNQGL37z2CFz9oezxQYvIqqKF0w/eeRIARoA" + "neB6OdgTpKFsmgPZVtqrvhjw+b5T8a4W4iWSl+6wg6gowAm " + "rsa_privkey.pub\n"; + static const char torture_dsa_testkey[] = "-----BEGIN DSA PRIVATE KEY-----\n" "MIIBuwIBAAKBgQCUyvVPEkn3UnZDjzCzSzSHpTltzr0Ec+1mz/JACjHMBJ9C/W/P\n" @@ -106,6 +132,35 @@ static const char torture_dsa_testkey_pub[] = "7b2uADmhirI6dRZUVO+/iMGUvDxa66OI4hDV055pbwQhtxupUatThyDzIg== " "aris@aris-air\n"; +static const char torture_dsa_testkey_cert[] = + "ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNza" + "C5jb20AAAAgKAd9MpIBrzctQyJvCYYJ2WUD5fyWlXMSv1G/3VihbCAAAACBAJTK9U8" + "SSfdSdkOPMLNLNIelOW3OvQRz7WbP8kAKMcwEn0L9b8/C8ffKOR+gWGFES+hjsg+fA" + "C7ltzHDxOQhKrthE5DjT0+rDA+/LQ3cZSn/6QpLbrwEgn5Uo3nXddF/t4vV7hodQn5" + "qX3HUnFOZzpPQYGrWXK74JNRTKHblo0MXAAAAFQCvOI9tBplPs3sI0MLCF7lW+gvzx" + "wAAAIBeG4hWwnFRAnmdZBEt/ujdcQZD4RxWYc7MwHXEKweNiekSGFyj6v8cNlIPfWT" + "MN4BlTJzPfVaoYvzJev45lEuoSwYLt3AQDM+JcO6XTMdyXTKIo+tGsuA0kd4pxPol+" + "UGeAruNBEhVSDcXfXTh9tVravBqeIuXgZIFk9cylR2eDwAAAIB4roDQBfgf8AoSAJA" + "b7y8OVvxt5cT7iqaRMQX2XgtW09Nu9RbUIVS7n2mw3iqZG0xnG3iv1oL9gwNXMLlf+" + "gLmsqU3788jaEZ9IhZ8VdgHAoHm6UWM7b2uADmhirI6dRZUVO+/iMGUvDxa66OI4hD" + "V055pbwQhtxupUatThyDzIgAAAAAAAAAAAAAAAQAAAA5saWJzc2hfdG9ydHVyZQAAA" + "AAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5" + "nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvc" + "nQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXI" + "tcmMAAAAAAAAAAAAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBAKKMHL9hp/LTng8sP" + "5YHTKaAbC7R003VVTjqOR8DBb4/5RZG2ZW+idp/RiBOuBzTxOOb0pyHSWcM+FGH077" + "ZzSjR6dTIDK4ytWehI8mbBqg2fgYZr3CgOiHJJIQSZw1e1PXTK6LwFoWutWfRqQ6gd" + "Z2kX28KiUMEkRxdae9Qp39H2SsToQFcdKKYZmBs98d6quD3jmb92JdAB01XUZqpnhC" + "w1MXrlzdm4Esm/PNcxIHWihx+aFskspD+LsI5+k+xE7i9jLA3Rtx2Rw4Zy8y5n8zmf" + "3DWnTAq4GrjJbkCnOXWBdk0ng2lMcLp/zTzEAVWXRExywDAYJBpoUVJLn5VQyEAAAE" + "PAAAAB3NzaC1yc2EAAAEAAt4V9aGqeahOfUvhG7M8/Mn26aLB/HXbICYFJF7dY6urm" + "SIoS2KBqISCFGXTituiwGlZeAJ+pVgCMYo07Nxtd6oqIjsgKfJqDNx7e4pGw/YJnkm" + "BqMO/k/ygu2mLmQF0lnpmG2KyjKEljMibHaKlFkcVNbwfOb4p8N3OHm66g5mbCUTRZ" + "DHqMSJb3YtnObLexD13RydwxkG5AfCnOWxy5O4agXGEYwr/48AQBHYg9obGtpD1qyF" + "4mMXgzaLViFtcwah6wHGlW0UPQMvrq/RqigAkyUszSccfibkIXJ+wGAgsRYhVAMwME" + "JqPZ6GHOEIjLBKUegsclHb7Pk0YO8Auaw== " + "aris@aris-air\n"; + static const char torture_rsa_testkey_pp[] = "-----BEGIN RSA PRIVATE KEY-----\n" "Proc-Type: 4,ENCRYPTED\n" @@ -622,6 +677,10 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, return torture_ed25519_testkey_pp; } return torture_ed25519_testkey; + case SSH_KEYTYPE_DSS_CERT01: + return torture_dsa_testkey_cert; + case SSH_KEYTYPE_RSA_CERT01: + return torture_rsa_testkey_cert; case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: return NULL; diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c index b5627dcd..41fa4521 100644 --- a/tests/unittests/torture_pki.c +++ b/tests/unittests/torture_pki.c @@ -18,11 +18,14 @@ static int setup_rsa_key(void **state) unlink(LIBSSH_RSA_TESTKEY); unlink(LIBSSH_RSA_TESTKEY ".pub"); + unlink(LIBSSH_RSA_TESTKEY "-cert.pub"); torture_write_file(LIBSSH_RSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); + torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", + torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); return 0; } @@ -32,11 +35,14 @@ static int setup_dsa_key(void **state) { unlink(LIBSSH_DSA_TESTKEY); unlink(LIBSSH_DSA_TESTKEY ".pub"); + unlink(LIBSSH_DSA_TESTKEY "-cert.pub"); torture_write_file(LIBSSH_DSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); + torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", + torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0)); return 0; } @@ -105,9 +111,11 @@ static int teardown(void **state) { unlink(LIBSSH_DSA_TESTKEY); unlink(LIBSSH_DSA_TESTKEY ".pub"); + unlink(LIBSSH_DSA_TESTKEY "-cert.pub"); unlink(LIBSSH_RSA_TESTKEY); unlink(LIBSSH_RSA_TESTKEY ".pub"); + unlink(LIBSSH_RSA_TESTKEY "-cert.pub"); unlink(LIBSSH_ECDSA_TESTKEY); unlink(LIBSSH_ECDSA_TESTKEY ".pub"); @@ -536,6 +544,97 @@ static void torture_pki_publickey_from_privatekey_ECDSA(void **state) { } #endif +static void torture_pki_copy_cert_to_privkey(void **state) { + /* Tests copying a cert loaded into a public key to a private key. + The function is encryption type agnostic, no need to run this + against all supported key types. + */ + int rc; + const char *passphrase = torture_get_testkey_passphrase(); + ssh_key pubkey; + ssh_key privkey; + ssh_key cert; + + (void) state; /* unused */ + + rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert); + assert_true(rc == SSH_OK); + + rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey); + assert_true(rc == SSH_OK); + + rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), + passphrase, + NULL, + NULL, + &privkey); + assert_true(rc == SSH_OK); + + /* Basic sanity. */ + rc = ssh_pki_copy_cert_to_privkey(NULL, privkey); + assert_true(rc == SSH_ERROR); + + rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL); + assert_true(rc == SSH_ERROR); + + /* A public key doesn't have a cert, copy should fail. */ + assert_true(pubkey->cert == NULL); + rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey); + assert_true(rc == SSH_ERROR); + + /* Copying the cert to non-cert keys should work fine. */ + rc = ssh_pki_copy_cert_to_privkey(cert, pubkey); + assert_true(rc == SSH_OK); + rc = ssh_pki_copy_cert_to_privkey(cert, privkey); + assert_true(rc == SSH_OK); + + /* The private key's cert is already set, another copy should fail. */ + rc = ssh_pki_copy_cert_to_privkey(cert, privkey); + assert_true(rc == SSH_ERROR); + + ssh_key_free(cert); + ssh_key_free(privkey); + ssh_key_free(pubkey); +} + +static void torture_pki_import_cert_file_rsa(void **state) { + int rc; + ssh_key cert; + enum ssh_keytypes_e type; + + (void) state; /* unused */ + + rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert); + assert_true(rc == 0); + + type = ssh_key_type(cert); + assert_true(type == SSH_KEYTYPE_RSA_CERT01); + + rc = ssh_key_is_public(cert); + assert_true(rc == 1); + + ssh_key_free(cert); +} + +static void torture_pki_import_cert_file_dsa(void **state) { + int rc; + ssh_key cert; + enum ssh_keytypes_e type; + + (void) state; /* unused */ + + rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert); + assert_true(rc == 0); + + type = ssh_key_type(cert); + assert_true(type == SSH_KEYTYPE_DSS_CERT01); + + rc = ssh_key_is_public(cert); + assert_true(rc == 1); + + ssh_key_free(cert); +} + static void torture_pki_publickey_dsa_base64(void **state) { enum ssh_keytypes_e type; @@ -1539,6 +1638,17 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_ed25519, setup_ed25519_key, teardown), + /* cert */ + cmocka_unit_test_setup_teardown(torture_pki_copy_cert_to_privkey, + setup_rsa_key, + teardown), + cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa, + setup_rsa_key, + teardown), + cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_dsa, + setup_dsa_key, + teardown), + /* public key */ cmocka_unit_test_setup_teardown(torture_pki_publickey_dsa_base64, setup_dsa_key, |