diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-09-06 17:58:04 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-09-18 09:53:49 +0200 |
commit | eaaa4131de9d893018a934a1c3707f947598684f (patch) | |
tree | a90417a3e06c094f5ba83b440a3dcf0891841081 | |
parent | 39102224b25c937bd07cb61eccf12f0aec62e159 (diff) | |
download | libssh-eaaa4131de9d893018a934a1c3707f947598684f.tar.gz libssh-eaaa4131de9d893018a934a1c3707f947598684f.tar.xz libssh-eaaa4131de9d893018a934a1c3707f947598684f.zip |
tests: Verify the keys loaded from new OpenSSH format
This runs the same test that are ran on the legacy PEM files
also with the new OpenSSH key files.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | tests/unittests/torture_pki_dsa.c | 100 | ||||
-rw-r--r-- | tests/unittests/torture_pki_ecdsa.c | 55 | ||||
-rw-r--r-- | tests/unittests/torture_pki_rsa.c | 71 |
3 files changed, 224 insertions, 2 deletions
diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c index 1d98ccb4..6343f6da 100644 --- a/tests/unittests/torture_pki_dsa.c +++ b/tests/unittests/torture_pki_dsa.c @@ -28,7 +28,28 @@ static int setup_dsa_key(void **state) torture_write_file(LIBSSH_DSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, - torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); + torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1)); + torture_write_file(LIBSSH_DSA_TESTKEY ".pub", + torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); + torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", + torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0)); + + return 0; +} + +static int setup_openssh_dsa_key(void **state) +{ + (void) state; /* unused */ + + unlink(LIBSSH_DSA_TESTKEY); + unlink(LIBSSH_DSA_TESTKEY_PASSPHRASE); + unlink(LIBSSH_DSA_TESTKEY ".pub"); + unlink(LIBSSH_DSA_TESTKEY "-cert.pub"); + + torture_write_file(LIBSSH_DSA_TESTKEY, + torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0)); + torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, + torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1)); torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", @@ -217,6 +238,79 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) #endif /* HAVE_LIBCRYPTO */ } +static void +torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) +{ + int rc; + ssh_key key = NULL; + const char *passphrase = torture_get_testkey_passphrase(); + const char *keystring = NULL; + + (void) state; /* unused */ + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1); + assert_true(keystring != NULL); + + rc = ssh_pki_import_privkey_base64(keystring, + passphrase, + NULL, + NULL, + &key); + assert_return_code(rc, errno); + + rc = ssh_key_is_private(key); + assert_true(rc == 1); + + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, + "wrong passphrase !!", + NULL, + NULL, + &key); + assert_true(rc == -1); + + /* test if it returns -1 if passphrase is NULL */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, + NULL, + NULL, + &key); + assert_true(rc == -1); + + rc = ssh_pki_import_privkey_base64(keystring, + passphrase, + NULL, + NULL, + &key); + assert_return_code(rc, errno); + + rc = ssh_key_is_private(key); + assert_true(rc == 1); + + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, + "wrong passphrase !!", + NULL, + NULL, + &key); + assert_true(rc == -1); + + /* test if it returns -1 if passphrase is NULL */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, + NULL, + NULL, + &key); + assert_true(rc == -1); +} + + static void torture_pki_dsa_publickey_from_privatekey(void **state) { int rc; @@ -451,6 +545,9 @@ int torture_run_tests(void) cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64, setup_dsa_key, teardown_dsa_key), + cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64, + setup_openssh_dsa_key, + teardown_dsa_key), cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_from_privatekey, setup_dsa_key, teardown_dsa_key), @@ -463,6 +560,7 @@ int torture_run_tests(void) teardown_dsa_key), #endif cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase), + cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase), /* public key */ cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_base64, diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c index 2e89ba4d..5c66d81a 100644 --- a/tests/unittests/torture_pki_ecdsa.c +++ b/tests/unittests/torture_pki_ecdsa.c @@ -26,7 +26,30 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits) torture_write_file(LIBSSH_ECDSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0)); torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, - torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0)); + torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1)); + torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", + torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); + + return 0; +} + +static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits) +{ + const char *keystring = NULL; + + (void) state; /* unused */ + + unlink(LIBSSH_ECDSA_TESTKEY); + unlink(LIBSSH_ECDSA_TESTKEY_PASSPHRASE); + unlink(LIBSSH_ECDSA_TESTKEY ".pub"); + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0); + torture_write_file(LIBSSH_ECDSA_TESTKEY, + keystring); + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1); + torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, + keystring); torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); @@ -54,6 +77,27 @@ static int setup_ecdsa_key_256(void **state) return 0; } +static int setup_openssh_ecdsa_key_521(void **state) +{ + setup_openssh_ecdsa_key(state, 521); + + return 0; +} + +static int setup_openssh_ecdsa_key_384(void **state) +{ + setup_openssh_ecdsa_key(state, 384); + + return 0; +} + +static int setup_openssh_ecdsa_key_256(void **state) +{ + setup_openssh_ecdsa_key(state, 256); + + return 0; +} + static int teardown(void **state) { (void) state; /* unused */ @@ -461,6 +505,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, setup_ecdsa_key_521, teardown), + cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, + setup_openssh_ecdsa_key_256, + teardown), + cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, + setup_openssh_ecdsa_key_384, + teardown), + cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, + setup_openssh_ecdsa_key_521, + teardown), cmocka_unit_test_setup_teardown(torture_pki_ecdsa_publickey_from_privatekey, setup_ecdsa_key_256, teardown), diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c index 1e61906a..9025495c 100644 --- a/tests/unittests/torture_pki_rsa.c +++ b/tests/unittests/torture_pki_rsa.c @@ -34,6 +34,25 @@ static int setup_rsa_key(void **state) torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); + torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", + torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); + + return 0; +} + +static int setup_rsa_openssh_key(void **state) +{ + (void) state; /* unused */ + + unlink(LIBSSH_RSA_TESTKEY); + unlink(LIBSSH_RSA_TESTKEY_PASSPHRASE); + unlink(LIBSSH_RSA_TESTKEY ".pub"); + unlink(LIBSSH_RSA_TESTKEY "-cert.pub"); + + torture_write_file(LIBSSH_RSA_TESTKEY, + torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0)); + torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, + torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", @@ -568,6 +587,54 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) #endif } +static void +torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) +{ + int rc; + ssh_key key = NULL; + const char *passphrase = torture_get_testkey_passphrase(); + const char *keystring = NULL; + + (void) state; /* unused */ + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1); + assert_true(keystring != NULL); + + rc = ssh_pki_import_privkey_base64(keystring, + passphrase, + NULL, + NULL, + &key); + assert_return_code(rc, errno); + + rc = ssh_key_is_private(key); + assert_true(rc == 1); + + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, + "wrong passphrase !!", + NULL, + NULL, + &key); + assert_true(rc == -1); + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is NULL */ + /* libcrypto asks for a passphrase, so skip this test */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, + NULL, + NULL, + &key); + assert_true(rc == -1); + ssh_key_free(key); + key = NULL; +} + int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { @@ -583,10 +650,14 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64, setup_rsa_key, teardown), + cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64, + setup_rsa_openssh_key, + teardown), cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_from_privatekey, setup_rsa_key, teardown), cmocka_unit_test(torture_pki_rsa_import_privkey_base64_passphrase), + cmocka_unit_test(torture_pki_rsa_import_openssh_privkey_base64_passphrase), cmocka_unit_test_setup_teardown(torture_pki_rsa_copy_cert_to_privkey, setup_rsa_key, teardown), |