From 7e25963130c65d19ca94a3e8b9cc66c4b18d8af8 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 6 Sep 2018 17:58:04 +0200 Subject: [PATCH] tests: Verify the keys loaded from new OpenSSH format This runs the same test that are ran on the legacy PEM files also with the new OpenSSH key files. Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider (cherry picked from commit eaaa4131de9d893018a934a1c3707f947598684f) --- tests/unittests/torture_pki_dsa.c | 100 +++++++++++++++++++++++++++- tests/unittests/torture_pki_ecdsa.c | 55 ++++++++++++++- tests/unittests/torture_pki_rsa.c | 71 ++++++++++++++++++++ 3 files changed, 224 insertions(+), 2 deletions(-) diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c index 1d98ccb4..6343f6da 100644 --- a/tests/unittests/torture_pki_dsa.c +++ b/tests/unittests/torture_pki_dsa.c @@ -28,7 +28,28 @@ static int setup_dsa_key(void **state) torture_write_file(LIBSSH_DSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, - torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); + torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1)); + torture_write_file(LIBSSH_DSA_TESTKEY ".pub", + torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); + torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", + torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0)); + + return 0; +} + +static int setup_openssh_dsa_key(void **state) +{ + (void) state; /* unused */ + + unlink(LIBSSH_DSA_TESTKEY); + unlink(LIBSSH_DSA_TESTKEY_PASSPHRASE); + unlink(LIBSSH_DSA_TESTKEY ".pub"); + unlink(LIBSSH_DSA_TESTKEY "-cert.pub"); + + torture_write_file(LIBSSH_DSA_TESTKEY, + torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0)); + torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, + torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1)); torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", @@ -217,6 +238,79 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) #endif /* HAVE_LIBCRYPTO */ } +static void +torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) +{ + int rc; + ssh_key key = NULL; + const char *passphrase = torture_get_testkey_passphrase(); + const char *keystring = NULL; + + (void) state; /* unused */ + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1); + assert_true(keystring != NULL); + + rc = ssh_pki_import_privkey_base64(keystring, + passphrase, + NULL, + NULL, + &key); + assert_return_code(rc, errno); + + rc = ssh_key_is_private(key); + assert_true(rc == 1); + + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, + "wrong passphrase !!", + NULL, + NULL, + &key); + assert_true(rc == -1); + + /* test if it returns -1 if passphrase is NULL */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, + NULL, + NULL, + &key); + assert_true(rc == -1); + + rc = ssh_pki_import_privkey_base64(keystring, + passphrase, + NULL, + NULL, + &key); + assert_return_code(rc, errno); + + rc = ssh_key_is_private(key); + assert_true(rc == 1); + + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, + "wrong passphrase !!", + NULL, + NULL, + &key); + assert_true(rc == -1); + + /* test if it returns -1 if passphrase is NULL */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, + NULL, + NULL, + &key); + assert_true(rc == -1); +} + + static void torture_pki_dsa_publickey_from_privatekey(void **state) { int rc; @@ -451,6 +545,9 @@ int torture_run_tests(void) cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64, setup_dsa_key, teardown_dsa_key), + cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64, + setup_openssh_dsa_key, + teardown_dsa_key), cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_from_privatekey, setup_dsa_key, teardown_dsa_key), @@ -463,6 +560,7 @@ int torture_run_tests(void) teardown_dsa_key), #endif cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase), + cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase), /* public key */ cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_base64, diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c index 2e89ba4d..5c66d81a 100644 --- a/tests/unittests/torture_pki_ecdsa.c +++ b/tests/unittests/torture_pki_ecdsa.c @@ -26,7 +26,30 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits) torture_write_file(LIBSSH_ECDSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0)); torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, - torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0)); + torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1)); + torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", + torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); + + return 0; +} + +static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits) +{ + const char *keystring = NULL; + + (void) state; /* unused */ + + unlink(LIBSSH_ECDSA_TESTKEY); + unlink(LIBSSH_ECDSA_TESTKEY_PASSPHRASE); + unlink(LIBSSH_ECDSA_TESTKEY ".pub"); + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0); + torture_write_file(LIBSSH_ECDSA_TESTKEY, + keystring); + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1); + torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, + keystring); torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); @@ -54,6 +77,27 @@ static int setup_ecdsa_key_256(void **state) return 0; } +static int setup_openssh_ecdsa_key_521(void **state) +{ + setup_openssh_ecdsa_key(state, 521); + + return 0; +} + +static int setup_openssh_ecdsa_key_384(void **state) +{ + setup_openssh_ecdsa_key(state, 384); + + return 0; +} + +static int setup_openssh_ecdsa_key_256(void **state) +{ + setup_openssh_ecdsa_key(state, 256); + + return 0; +} + static int teardown(void **state) { (void) state; /* unused */ @@ -461,6 +505,15 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, setup_ecdsa_key_521, teardown), + cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, + setup_openssh_ecdsa_key_256, + teardown), + cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, + setup_openssh_ecdsa_key_384, + teardown), + cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64, + setup_openssh_ecdsa_key_521, + teardown), cmocka_unit_test_setup_teardown(torture_pki_ecdsa_publickey_from_privatekey, setup_ecdsa_key_256, teardown), diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c index 1e61906a..9025495c 100644 --- a/tests/unittests/torture_pki_rsa.c +++ b/tests/unittests/torture_pki_rsa.c @@ -34,6 +34,25 @@ static int setup_rsa_key(void **state) torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); + torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", + torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); + + return 0; +} + +static int setup_rsa_openssh_key(void **state) +{ + (void) state; /* unused */ + + unlink(LIBSSH_RSA_TESTKEY); + unlink(LIBSSH_RSA_TESTKEY_PASSPHRASE); + unlink(LIBSSH_RSA_TESTKEY ".pub"); + unlink(LIBSSH_RSA_TESTKEY "-cert.pub"); + + torture_write_file(LIBSSH_RSA_TESTKEY, + torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0)); + torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, + torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", @@ -568,6 +587,54 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) #endif } +static void +torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) +{ + int rc; + ssh_key key = NULL; + const char *passphrase = torture_get_testkey_passphrase(); + const char *keystring = NULL; + + (void) state; /* unused */ + + keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1); + assert_true(keystring != NULL); + + rc = ssh_pki_import_privkey_base64(keystring, + passphrase, + NULL, + NULL, + &key); + assert_return_code(rc, errno); + + rc = ssh_key_is_private(key); + assert_true(rc == 1); + + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is wrong */ + rc = ssh_pki_import_privkey_base64(keystring, + "wrong passphrase !!", + NULL, + NULL, + &key); + assert_true(rc == -1); + ssh_key_free(key); + key = NULL; + + /* test if it returns -1 if passphrase is NULL */ + /* libcrypto asks for a passphrase, so skip this test */ + rc = ssh_pki_import_privkey_base64(keystring, + NULL, + NULL, + NULL, + &key); + assert_true(rc == -1); + ssh_key_free(key); + key = NULL; +} + int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { @@ -583,10 +650,14 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64, setup_rsa_key, teardown), + cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64, + setup_rsa_openssh_key, + teardown), cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_from_privatekey, setup_rsa_key, teardown), cmocka_unit_test(torture_pki_rsa_import_privkey_base64_passphrase), + cmocka_unit_test(torture_pki_rsa_import_openssh_privkey_base64_passphrase), cmocka_unit_test_setup_teardown(torture_pki_rsa_copy_cert_to_privkey, setup_rsa_key, teardown),