aboutsummaryrefslogtreecommitdiff
path: root/tests/unittests
diff options
context:
space:
mode:
Diffstat (limited to 'tests/unittests')
-rw-r--r--tests/unittests/torture_pki.c110
1 files changed, 110 insertions, 0 deletions
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c
index b5627dcd..41fa4521 100644
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -18,11 +18,14 @@ static int setup_rsa_key(void **state)
unlink(LIBSSH_RSA_TESTKEY);
unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
+ torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
return 0;
}
@@ -32,11 +35,14 @@ static int setup_dsa_key(void **state) {
unlink(LIBSSH_DSA_TESTKEY);
unlink(LIBSSH_DSA_TESTKEY ".pub");
+ unlink(LIBSSH_DSA_TESTKEY "-cert.pub");
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
+ torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0));
return 0;
}
@@ -105,9 +111,11 @@ static int teardown(void **state) {
unlink(LIBSSH_DSA_TESTKEY);
unlink(LIBSSH_DSA_TESTKEY ".pub");
+ unlink(LIBSSH_DSA_TESTKEY "-cert.pub");
unlink(LIBSSH_RSA_TESTKEY);
unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
unlink(LIBSSH_ECDSA_TESTKEY);
unlink(LIBSSH_ECDSA_TESTKEY ".pub");
@@ -536,6 +544,97 @@ static void torture_pki_publickey_from_privatekey_ECDSA(void **state) {
}
#endif
+static void torture_pki_copy_cert_to_privkey(void **state) {
+ /* Tests copying a cert loaded into a public key to a private key.
+ The function is encryption type agnostic, no need to run this
+ against all supported key types.
+ */
+ int rc;
+ const char *passphrase = torture_get_testkey_passphrase();
+ ssh_key pubkey;
+ ssh_key privkey;
+ ssh_key cert;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
+ assert_true(rc == SSH_OK);
+
+ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
+ passphrase,
+ NULL,
+ NULL,
+ &privkey);
+ assert_true(rc == SSH_OK);
+
+ /* Basic sanity. */
+ rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
+ assert_true(rc == SSH_ERROR);
+
+ /* A public key doesn't have a cert, copy should fail. */
+ assert_true(pubkey->cert == NULL);
+ rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ /* Copying the cert to non-cert keys should work fine. */
+ rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
+ assert_true(rc == SSH_OK);
+ rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+ assert_true(rc == SSH_OK);
+
+ /* The private key's cert is already set, another copy should fail. */
+ rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+ assert_true(rc == SSH_ERROR);
+
+ ssh_key_free(cert);
+ ssh_key_free(privkey);
+ ssh_key_free(pubkey);
+}
+
+static void torture_pki_import_cert_file_rsa(void **state) {
+ int rc;
+ ssh_key cert;
+ enum ssh_keytypes_e type;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == 0);
+
+ type = ssh_key_type(cert);
+ assert_true(type == SSH_KEYTYPE_RSA_CERT01);
+
+ rc = ssh_key_is_public(cert);
+ assert_true(rc == 1);
+
+ ssh_key_free(cert);
+}
+
+static void torture_pki_import_cert_file_dsa(void **state) {
+ int rc;
+ ssh_key cert;
+ enum ssh_keytypes_e type;
+
+ (void) state; /* unused */
+
+ rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
+ assert_true(rc == 0);
+
+ type = ssh_key_type(cert);
+ assert_true(type == SSH_KEYTYPE_DSS_CERT01);
+
+ rc = ssh_key_is_public(cert);
+ assert_true(rc == 1);
+
+ ssh_key_free(cert);
+}
+
static void torture_pki_publickey_dsa_base64(void **state)
{
enum ssh_keytypes_e type;
@@ -1539,6 +1638,17 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_ed25519,
setup_ed25519_key,
teardown),
+ /* cert */
+ cmocka_unit_test_setup_teardown(torture_pki_copy_cert_to_privkey,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa,
+ setup_rsa_key,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_dsa,
+ setup_dsa_key,
+ teardown),
+
/* public key */
cmocka_unit_test_setup_teardown(torture_pki_publickey_dsa_base64,
setup_dsa_key,