aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-09-06 17:58:04 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-09-18 09:53:49 +0200
commiteaaa4131de9d893018a934a1c3707f947598684f (patch)
treea90417a3e06c094f5ba83b440a3dcf0891841081
parent39102224b25c937bd07cb61eccf12f0aec62e159 (diff)
downloadlibssh-eaaa4131de9d893018a934a1c3707f947598684f.tar.gz
libssh-eaaa4131de9d893018a934a1c3707f947598684f.tar.xz
libssh-eaaa4131de9d893018a934a1c3707f947598684f.zip
tests: Verify the keys loaded from new OpenSSH format
This runs the same test that are ran on the legacy PEM files also with the new OpenSSH key files. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--tests/unittests/torture_pki_dsa.c100
-rw-r--r--tests/unittests/torture_pki_ecdsa.c55
-rw-r--r--tests/unittests/torture_pki_rsa.c71
3 files changed, 224 insertions, 2 deletions
diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c
index 1d98ccb4..6343f6da 100644
--- a/tests/unittests/torture_pki_dsa.c
+++ b/tests/unittests/torture_pki_dsa.c
@@ -28,7 +28,28 @@ static int setup_dsa_key(void **state)
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
- torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
+ torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1));
+ torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
+ torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0));
+
+ return 0;
+}
+
+static int setup_openssh_dsa_key(void **state)
+{
+ (void) state; /* unused */
+
+ unlink(LIBSSH_DSA_TESTKEY);
+ unlink(LIBSSH_DSA_TESTKEY_PASSPHRASE);
+ unlink(LIBSSH_DSA_TESTKEY ".pub");
+ unlink(LIBSSH_DSA_TESTKEY "-cert.pub");
+
+ torture_write_file(LIBSSH_DSA_TESTKEY,
+ torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0));
+ torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
+ torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
@@ -217,6 +238,79 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
#endif /* HAVE_LIBCRYPTO */
}
+static void
+torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
+{
+ int rc;
+ ssh_key key = NULL;
+ const char *passphrase = torture_get_testkey_passphrase();
+ const char *keystring = NULL;
+
+ (void) state; /* unused */
+
+ keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1);
+ assert_true(keystring != NULL);
+
+ rc = ssh_pki_import_privkey_base64(keystring,
+ passphrase,
+ NULL,
+ NULL,
+ &key);
+ assert_return_code(rc, errno);
+
+ rc = ssh_key_is_private(key);
+ assert_true(rc == 1);
+
+ ssh_key_free(key);
+ key = NULL;
+
+ /* test if it returns -1 if passphrase is wrong */
+ rc = ssh_pki_import_privkey_base64(keystring,
+ "wrong passphrase !!",
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+
+ /* test if it returns -1 if passphrase is NULL */
+ rc = ssh_pki_import_privkey_base64(keystring,
+ NULL,
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+
+ rc = ssh_pki_import_privkey_base64(keystring,
+ passphrase,
+ NULL,
+ NULL,
+ &key);
+ assert_return_code(rc, errno);
+
+ rc = ssh_key_is_private(key);
+ assert_true(rc == 1);
+
+ ssh_key_free(key);
+ key = NULL;
+
+ /* test if it returns -1 if passphrase is wrong */
+ rc = ssh_pki_import_privkey_base64(keystring,
+ "wrong passphrase !!",
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+
+ /* test if it returns -1 if passphrase is NULL */
+ rc = ssh_pki_import_privkey_base64(keystring,
+ NULL,
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+}
+
+
static void torture_pki_dsa_publickey_from_privatekey(void **state)
{
int rc;
@@ -451,6 +545,9 @@ int torture_run_tests(void)
cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64,
setup_dsa_key,
teardown_dsa_key),
+ cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64,
+ setup_openssh_dsa_key,
+ teardown_dsa_key),
cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_from_privatekey,
setup_dsa_key,
teardown_dsa_key),
@@ -463,6 +560,7 @@ int torture_run_tests(void)
teardown_dsa_key),
#endif
cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase),
+ cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase),
/* public key */
cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_base64,
diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c
index 2e89ba4d..5c66d81a 100644
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@@ -26,7 +26,30 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits)
torture_write_file(LIBSSH_ECDSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0));
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
- torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0));
+ torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1));
+ torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits));
+
+ return 0;
+}
+
+static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits)
+{
+ const char *keystring = NULL;
+
+ (void) state; /* unused */
+
+ unlink(LIBSSH_ECDSA_TESTKEY);
+ unlink(LIBSSH_ECDSA_TESTKEY_PASSPHRASE);
+ unlink(LIBSSH_ECDSA_TESTKEY ".pub");
+
+ keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0);
+ torture_write_file(LIBSSH_ECDSA_TESTKEY,
+ keystring);
+
+ keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1);
+ torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
+ keystring);
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits));
@@ -54,6 +77,27 @@ static int setup_ecdsa_key_256(void **state)
return 0;
}
+static int setup_openssh_ecdsa_key_521(void **state)
+{
+ setup_openssh_ecdsa_key(state, 521);
+
+ return 0;
+}
+
+static int setup_openssh_ecdsa_key_384(void **state)
+{
+ setup_openssh_ecdsa_key(state, 384);
+
+ return 0;
+}
+
+static int setup_openssh_ecdsa_key_256(void **state)
+{
+ setup_openssh_ecdsa_key(state, 256);
+
+ return 0;
+}
+
static int teardown(void **state)
{
(void) state; /* unused */
@@ -461,6 +505,15 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
setup_ecdsa_key_521,
teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
+ setup_openssh_ecdsa_key_256,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
+ setup_openssh_ecdsa_key_384,
+ teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
+ setup_openssh_ecdsa_key_521,
+ teardown),
cmocka_unit_test_setup_teardown(torture_pki_ecdsa_publickey_from_privatekey,
setup_ecdsa_key_256,
teardown),
diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c
index 1e61906a..9025495c 100644
--- a/tests/unittests/torture_pki_rsa.c
+++ b/tests/unittests/torture_pki_rsa.c
@@ -34,6 +34,25 @@ static int setup_rsa_key(void **state)
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
+ torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
+ torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
+
+ return 0;
+}
+
+static int setup_rsa_openssh_key(void **state)
+{
+ (void) state; /* unused */
+
+ unlink(LIBSSH_RSA_TESTKEY);
+ unlink(LIBSSH_RSA_TESTKEY_PASSPHRASE);
+ unlink(LIBSSH_RSA_TESTKEY ".pub");
+ unlink(LIBSSH_RSA_TESTKEY "-cert.pub");
+
+ torture_write_file(LIBSSH_RSA_TESTKEY,
+ torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0));
+ torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
+ torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
@@ -568,6 +587,54 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
#endif
}
+static void
+torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
+{
+ int rc;
+ ssh_key key = NULL;
+ const char *passphrase = torture_get_testkey_passphrase();
+ const char *keystring = NULL;
+
+ (void) state; /* unused */
+
+ keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1);
+ assert_true(keystring != NULL);
+
+ rc = ssh_pki_import_privkey_base64(keystring,
+ passphrase,
+ NULL,
+ NULL,
+ &key);
+ assert_return_code(rc, errno);
+
+ rc = ssh_key_is_private(key);
+ assert_true(rc == 1);
+
+ ssh_key_free(key);
+ key = NULL;
+
+ /* test if it returns -1 if passphrase is wrong */
+ rc = ssh_pki_import_privkey_base64(keystring,
+ "wrong passphrase !!",
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+ ssh_key_free(key);
+ key = NULL;
+
+ /* test if it returns -1 if passphrase is NULL */
+ /* libcrypto asks for a passphrase, so skip this test */
+ rc = ssh_pki_import_privkey_base64(keystring,
+ NULL,
+ NULL,
+ NULL,
+ &key);
+ assert_true(rc == -1);
+ ssh_key_free(key);
+ key = NULL;
+}
+
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
@@ -583,10 +650,14 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64,
setup_rsa_key,
teardown),
+ cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64,
+ setup_rsa_openssh_key,
+ teardown),
cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_from_privatekey,
setup_rsa_key,
teardown),
cmocka_unit_test(torture_pki_rsa_import_privkey_base64_passphrase),
+ cmocka_unit_test(torture_pki_rsa_import_openssh_privkey_base64_passphrase),
cmocka_unit_test_setup_teardown(torture_pki_rsa_copy_cert_to_privkey,
setup_rsa_key,
teardown),