shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 02:38:09 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests: Improve test coverage of comparing certificates

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-12-12 17:43:13 +01:00
parent 38f3d158f6
commit 701a2155a7
3 changed files with 165 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
tests/unittests/torture_pki_ed25519.c
View File

@@ -337,6 +337,8 @@ static void torture_pki_ed25519_publickey_from_privatekey(void **state)
static void torture_pki_ed25519_import_cert_file(void **state)
{
int rc;
ssh_key pubkey = NULL;
ssh_key privkey = NULL;
ssh_key cert = NULL;
enum ssh_keytypes_e type;
@@ -348,16 +350,88 @@ static void torture_pki_ed25519_import_cert_file(void **state)
assert_null(cert);
rc = ssh_pki_import_cert_file(LIBSSH_ED25519_TESTKEY "-cert.pub", &cert);
assert_true(rc == 0);
assert_return_code(rc, errno);
assert_non_null(cert);
rc = ssh_pki_import_pubkey_file(LIBSSH_ED25519_TESTKEY ".pub", &pubkey);
assert_return_code(rc, errno);
assert_non_null(pubkey);
type = ssh_key_type(cert);
assert_true(type == SSH_KEYTYPE_ED25519_CERT01);
rc = ssh_key_is_public(cert);
assert_true(rc == 1);
assert_int_equal(rc, 1);
/* Skip test if in FIPS mode */
if (ssh_fips_mode()) {
SSH_KEY_FREE(cert);
SSH_KEY_FREE(pubkey);
skip();
}
/* Import matching private key file and verify the pubkey matches */
rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
NULL,
NULL,
NULL,
&privkey);
assert_return_code(rc, errno);
assert_non_null(privkey);
type = ssh_key_type(privkey);
assert_true(type == SSH_KEYTYPE_ED25519);
/* Basic sanity. */
rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
assert_int_equal(rc, SSH_ERROR);
rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
assert_int_equal(rc, SSH_ERROR);
/* A public key doesn't have a cert, copy should fail. */
assert_null(pubkey->cert);
rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
assert_int_equal(rc, SSH_ERROR);
/* Copying the cert to non-cert keys should work fine. */
rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
assert_return_code(rc, errno);
assert_non_null(pubkey->cert);
rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
assert_return_code(rc, errno);
assert_non_null(privkey->cert);
assert_true(privkey->cert_type == SSH_KEYTYPE_ED25519_CERT01);
assert_int_equal(ssh_key_cmp(privkey, cert, SSH_KEY_CMP_PUBLIC), 0);
assert_int_equal(ssh_key_cmp(cert, privkey, SSH_KEY_CMP_PUBLIC), 0);
/* The private key's cert is already set, another copy should fail. */
rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
assert_int_equal(rc, SSH_ERROR);
SSH_KEY_FREE(privkey);
SSH_KEY_FREE(pubkey);
/* Generate different key and try to assign it this certificate */
rc = ssh_pki_generate_key(SSH_KEYTYPE_ED25519, NULL, &privkey);
assert_return_code(rc, errno);
assert_non_null(privkey);
rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
assert_return_code(rc, errno);
assert_non_null(pubkey);
rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
assert_int_equal(rc, SSH_ERROR);
rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
assert_int_equal(rc, SSH_ERROR);
assert_int_equal(ssh_key_cmp(privkey, cert, SSH_KEY_CMP_PUBLIC), 1);
assert_int_equal(ssh_key_cmp(cert, privkey, SSH_KEY_CMP_PUBLIC), 1);
SSH_KEY_FREE(cert);
SSH_KEY_FREE(privkey);
SSH_KEY_FREE(pubkey);
}
static void torture_pki_ed25519_publickey_base64(void **state)